2 # Copyright (c) 1999-2004 Damien Miller
4 # Permission to use, copy, modify, and distribute this software for any
5 # purpose with or without fee is hereby granted, provided that the above
6 # copyright notice and this permission notice appear in all copies.
8 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17 AC_CONFIG_MACRO_DIR([m4])
18 AC_CONFIG_SRCDIR([ssh.c])
20 # Check for stale configure as early as possible.
21 for i in $srcdir/configure.ac $srcdir/m4/*.m4; do
22 if test "$i" -nt "$srcdir/configure"; then
23 AC_MSG_ERROR([$i newer than configure, run autoreconf])
29 AC_CONFIG_HEADERS([config.h])
30 AC_PROG_CC([cc gcc clang])
32 # XXX relax this after reimplementing logit() etc.
33 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
34 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
35 int f(int a, int b, int c) { return a + b + c; }
36 #define F(a, ...) f(a, __VA_ARGS__)
37 ]], [[return F(1, 2, -3);]])],
38 [ AC_MSG_RESULT([yes]) ],
39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
45 # Checks for programs.
52 AC_CHECK_TOOLS([AR], [ar])
53 AC_PATH_PROG([CAT], [cat])
54 AC_PATH_PROG([KILL], [kill])
55 AC_PATH_PROG([SED], [sed])
56 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
57 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
58 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
59 AC_PATH_PROG([SH], [bash])
60 AC_PATH_PROG([SH], [ksh])
61 AC_PATH_PROG([SH], [sh])
62 AC_PATH_PROG([GROFF], [groff])
63 AC_PATH_PROG([NROFF], [nroff awf])
64 AC_PATH_PROG([MANDOC], [mandoc])
65 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
66 AC_SUBST([TEST_SHELL], [sh])
68 dnl select manpage formatter to be used to build "cat" format pages.
69 if test "x$MANDOC" != "x" ; then
71 elif test "x$NROFF" != "x" ; then
72 MANFMT="$NROFF -mandoc"
73 elif test "x$GROFF" != "x" ; then
74 MANFMT="$GROFF -mandoc -Tascii"
76 AC_MSG_WARN([no manpage formatter found])
82 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
83 [/usr/sbin${PATH_SEPARATOR}/etc])
84 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
85 [/usr/sbin${PATH_SEPARATOR}/etc])
86 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
87 if test -x /sbin/sh; then
88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
96 if test -z "$AR" ; then
97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
100 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
101 if test ! -z "$PATH_PASSWD_PROG" ; then
102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
103 [Full path of your "passwd" program])
106 dnl Since autoconf doesn't support it very well, we no longer allow users to
107 dnl override LD, however keeping the hook here for now in case there's a use
108 dnl use case we overlooked and someone needs to re-enable it. Unless a good
109 dnl reason is found we'll be removing this in future.
115 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
116 AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
117 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
118 #include <sys/types.h>
119 #include <sys/param.h>
120 #include <dev/systrace.h>
122 AC_CHECK_DECL([RLIMIT_NPROC],
123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
124 #include <sys/types.h>
125 #include <sys/resource.h>
127 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
128 #include <sys/types.h>
129 #include <linux/prctl.h>
134 AC_ARG_WITH([openssl],
135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
136 [ if test "x$withval" = "xno" ; then
142 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
143 if test "x$openssl" = "xyes" ; then
145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
150 use_stack_protector=1
151 use_toolchain_hardening=1
152 AC_ARG_WITH([stackprotect],
153 [ --without-stackprotect Don't use compiler's stack protection], [
154 if test "x$withval" = "xno"; then
155 use_stack_protector=0
157 AC_ARG_WITH([hardening],
158 [ --without-hardening Don't use toolchain hardening flags], [
159 if test "x$withval" = "xno"; then
160 use_toolchain_hardening=0
163 # We use -Werror for the tests only so that we catch warnings like "this is
164 # on by default" for things like -fPIE.
165 AC_MSG_CHECKING([if $CC supports -Werror])
166 saved_CFLAGS="$CFLAGS"
167 CFLAGS="$CFLAGS -Werror"
168 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
169 [ AC_MSG_RESULT([yes])
171 [ AC_MSG_RESULT([no])
174 CFLAGS="$saved_CFLAGS"
176 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
177 AC_MSG_CHECKING([gcc version])
178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
180 1.*) no_attrib_nonnull=1 ;;
184 2.*) no_attrib_nonnull=1 ;;
187 AC_MSG_RESULT([$GCC_VER])
189 AC_MSG_CHECKING([clang version])
190 CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'`
191 AC_MSG_RESULT([$CLANG_VER])
193 OSSH_CHECK_CFLAG_COMPILE([-pipe])
194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
195 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
196 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
197 OSSH_CHECK_CFLAG_COMPILE([-Wall])
198 OSSH_CHECK_CFLAG_COMPILE([-Wextra])
199 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
200 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
201 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
202 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
203 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
204 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
205 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
206 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
207 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
208 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
209 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
210 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
211 if test "x$use_toolchain_hardening" = "x1"; then
212 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
213 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
214 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
215 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
216 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
217 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
218 # NB. -ftrapv expects certain support functions to be present in
219 # the compiler library (libgcc or similar) to detect integer operations
220 # that can overflow. We must check that the result of enabling it
221 # actually links. The test program compiled/linked includes a number
222 # of integer operations that should exercise this.
223 OSSH_CHECK_CFLAG_LINK([-ftrapv])
224 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See
225 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and
226 # https://github.com/llvm/llvm-project/issues/59242
228 15.*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;;
229 *) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;;
231 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
234 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
235 saved_CFLAGS="$CFLAGS"
236 CFLAGS="$CFLAGS -fno-builtin-memset"
237 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
238 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
239 [ AC_MSG_RESULT([yes]) ],
240 [ AC_MSG_RESULT([no])
241 CFLAGS="$saved_CFLAGS" ]
244 # -fstack-protector-all doesn't always work for some GCC versions
245 # and/or platforms, so we test if we can. If it's not supported
246 # on a given platform gcc will emit a warning so we use -Werror.
247 if test "x$use_stack_protector" = "x1"; then
248 for t in -fstack-protector-strong -fstack-protector-all \
249 -fstack-protector; do
250 AC_MSG_CHECKING([if $CC supports $t])
251 saved_CFLAGS="$CFLAGS"
252 saved_LDFLAGS="$LDFLAGS"
253 CFLAGS="$CFLAGS $t -Werror"
254 LDFLAGS="$LDFLAGS $t -Werror"
258 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
262 snprintf(x, sizeof(x), "XXX%d", func(1));
264 [ AC_MSG_RESULT([yes])
265 CFLAGS="$saved_CFLAGS $t"
266 LDFLAGS="$saved_LDFLAGS $t"
267 AC_MSG_CHECKING([if $t works])
271 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
275 snprintf(x, sizeof(x), "XXX%d", func(1));
277 [ AC_MSG_RESULT([yes])
279 [ AC_MSG_RESULT([no]) ],
280 [ AC_MSG_WARN([cross compiling: cannot test])
284 [ AC_MSG_RESULT([no]) ]
286 CFLAGS="$saved_CFLAGS"
287 LDFLAGS="$saved_LDFLAGS"
291 if test -z "$have_llong_max"; then
292 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
293 unset ac_cv_have_decl_LLONG_MAX
294 saved_CFLAGS="$CFLAGS"
295 CFLAGS="$CFLAGS -std=gnu99"
296 AC_CHECK_DECL([LLONG_MAX],
298 [CFLAGS="$saved_CFLAGS"],
299 [#include <limits.h>]
304 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
308 __attribute__((__unused__)) static void foo(void){return;}]],
310 [ AC_MSG_RESULT([yes]) ],
311 [ AC_MSG_RESULT([no])
312 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
313 [compiler does not accept __attribute__ on return types]) ]
316 AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
320 typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
322 [ AC_MSG_RESULT([yes]) ],
323 [ AC_MSG_RESULT([no])
324 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
325 [compiler does not accept __attribute__ on prototype args]) ]
328 AC_MSG_CHECKING([if compiler supports variable length arrays])
330 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
331 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
332 [ AC_MSG_RESULT([yes])
333 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
334 [compiler supports variable length arrays]) ],
335 [ AC_MSG_RESULT([no]) ]
338 AC_MSG_CHECKING([if compiler accepts variable declarations after code])
340 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
341 [[ int a; a = 1; int b = 1; exit(a-b); ]])],
342 [ AC_MSG_RESULT([yes])
343 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
344 [compiler variable declarations after code]) ],
345 [ AC_MSG_RESULT([no]) ]
348 if test "x$no_attrib_nonnull" != "x1" ; then
349 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
353 [ --without-rpath Disable auto-added -R linker paths],
355 if test "x$withval" = "xno" ; then
357 elif test "x$withval" = "xyes" ; then
365 # Allow user to specify flags
366 AC_ARG_WITH([cflags],
367 [ --with-cflags Specify additional flags to pass to compiler],
369 if test -n "$withval" && test "x$withval" != "xno" && \
370 test "x${withval}" != "xyes"; then
371 CFLAGS="$CFLAGS $withval"
376 AC_ARG_WITH([cflags-after],
377 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
379 if test -n "$withval" && test "x$withval" != "xno" && \
380 test "x${withval}" != "xyes"; then
381 CFLAGS_AFTER="$withval"
385 AC_ARG_WITH([cppflags],
386 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
388 if test -n "$withval" && test "x$withval" != "xno" && \
389 test "x${withval}" != "xyes"; then
390 CPPFLAGS="$CPPFLAGS $withval"
394 AC_ARG_WITH([ldflags],
395 [ --with-ldflags Specify additional flags to pass to linker],
397 if test -n "$withval" && test "x$withval" != "xno" && \
398 test "x${withval}" != "xyes"; then
399 LDFLAGS="$LDFLAGS $withval"
403 AC_ARG_WITH([ldflags-after],
404 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
406 if test -n "$withval" && test "x$withval" != "xno" && \
407 test "x${withval}" != "xyes"; then
408 LDFLAGS_AFTER="$withval"
413 [ --with-libs Specify additional libraries to link with],
415 if test -n "$withval" && test "x$withval" != "xno" && \
416 test "x${withval}" != "xyes"; then
417 LIBS="$LIBS $withval"
421 AC_ARG_WITH([Werror],
422 [ --with-Werror Build main code with -Werror],
424 if test -n "$withval" && test "x$withval" != "xno"; then
425 werror_flags="-Werror"
426 if test "x${withval}" != "xyes"; then
427 werror_flags="$withval"
433 dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
434 dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we
435 dnl haven't detected it, recheck.
436 if test "x$ac_cv_header_sys_stat_h" != "xyes"; then
437 unset ac_cv_header_sys_stat_h
438 AC_CHECK_HEADERS([sys/stat.h])
475 security/pam_appl.h \
521 # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
522 # to be included first.
523 AC_CHECK_HEADERS([sys/audit.h], [], [], [
524 #ifdef HAVE_SYS_TIME_H
525 # include <sys/time.h>
527 #ifdef HAVE_SYS_TYPES_H
528 # include <sys/types.h>
530 #ifdef HAVE_SYS_LABEL_H
531 # include <sys/label.h>
535 # sys/capsicum.h requires sys/types.h
536 AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [
537 #ifdef HAVE_SYS_TYPES_H
538 # include <sys/types.h>
542 AC_MSG_CHECKING([for caph_cache_tzdata])
544 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]],
545 [[caph_cache_tzdata();]])],
548 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1],
549 [Define if you have caph_cache_tzdata])
551 [ AC_MSG_RESULT([no]) ]
554 # net/route.h requires sys/socket.h and sys/types.h.
555 # sys/sysctl.h also requires sys/param.h
556 AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
557 #ifdef HAVE_SYS_TYPES_H
558 # include <sys/types.h>
560 #include <sys/param.h>
561 #include <sys/socket.h>
564 # lastlog.h requires sys/time.h to be included first on Solaris
565 AC_CHECK_HEADERS([lastlog.h], [], [], [
566 #ifdef HAVE_SYS_TIME_H
567 # include <sys/time.h>
571 # sys/ptms.h requires sys/stream.h to be included first on Solaris
572 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
573 #ifdef HAVE_SYS_STREAM_H
574 # include <sys/stream.h>
578 # login_cap.h requires sys/types.h on NetBSD
579 AC_CHECK_HEADERS([login_cap.h], [], [], [
580 #include <sys/types.h>
583 # older BSDs need sys/param.h before sys/mount.h
584 AC_CHECK_HEADERS([sys/mount.h], [], [], [
585 #include <sys/param.h>
588 # Android requires sys/socket.h to be included before sys/un.h
589 AC_CHECK_HEADERS([sys/un.h], [], [], [
590 #include <sys/types.h>
591 #include <sys/socket.h>
594 # Messages for features tested for in target-specific section
600 # Support for Solaris/Illumos privileges (this test is used by both
601 # the --with-solaris-privs option and --with-sandbox=solaris).
604 # Check for some target-specific stuff
607 # Some versions of VAC won't allow macro redefinitions at
608 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
609 # particularly with older versions of vac or xlc.
610 # It also throws errors about null macro arguments, but these are
612 AC_MSG_CHECKING([if compiler allows macro redefinitions])
615 #define testmacro foo
616 #define testmacro bar]],
618 [ AC_MSG_RESULT([yes]) ],
619 [ AC_MSG_RESULT([no])
620 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
621 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
622 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
626 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
627 if (test -z "$blibpath"); then
628 blibpath="/usr/lib:/lib"
630 saved_LDFLAGS="$LDFLAGS"
631 if test "$GCC" = "yes"; then
632 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
634 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
636 for tryflags in $flags ;do
637 if (test -z "$blibflags"); then
638 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
639 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
640 [blibflags=$tryflags], [])
643 if (test -z "$blibflags"); then
644 AC_MSG_RESULT([not found])
645 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
647 AC_MSG_RESULT([$blibflags])
649 LDFLAGS="$saved_LDFLAGS"
650 dnl Check for authenticate. Might be in libs.a on older AIXes
651 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
652 [Define if you want to enable AIX4's authenticate function])],
653 [AC_CHECK_LIB([s], [authenticate],
654 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
658 dnl Check for various auth function declarations in headers.
659 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
660 passwdexpired, setauthdb], , , [#include <usersec.h>])
661 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
662 AC_CHECK_DECLS([loginfailed],
663 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
664 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
665 [[ (void)loginfailed("user","host","tty",0); ]])],
666 [AC_MSG_RESULT([yes])
667 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
668 [Define if your AIX loginfailed() function
669 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
672 [#include <usersec.h>]
674 AC_CHECK_FUNCS([getgrset setauthdb])
675 AC_CHECK_DECL([F_CLOSEM],
676 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
678 [ #include <limits.h>
681 check_for_aix_broken_getaddrinfo=1
682 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
683 [Define if your platform breaks doing a seteuid before a setuid])
684 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
685 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
686 dnl AIX handles lastlog as part of its login message
687 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
688 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
689 [Some systems need a utmpx entry for /bin/login to work])
690 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
691 [Define to a Set Process Title type if your system is
692 supported by bsd-setproctitle.c])
693 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
694 [AIX 5.2 and 5.3 (and presumably newer) require this])
695 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
696 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
697 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
698 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
701 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
702 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
705 LIBS="$LIBS /usr/lib/textreadmode.o"
706 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
707 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
708 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
709 [Define to disable UID restoration test])
710 AC_DEFINE([DISABLE_SHADOW], [1],
711 [Define if you want to disable shadow passwords])
712 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
713 [Define if X11 doesn't support AF_UNIX sockets on that system])
714 AC_DEFINE([DISABLE_FD_PASSING], [1],
715 [Define if your platform needs to skip post auth
716 file descriptor passing])
717 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
718 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
719 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
720 # reasons which cause compile warnings, so we disable those warnings.
721 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
724 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
725 [Define if your system choked on IP TOS setting])
726 AC_DEFINE([SETEUID_BREAKS_SETUID])
727 AC_DEFINE([BROKEN_SETREUID])
728 AC_DEFINE([BROKEN_SETREGID])
732 AC_MSG_CHECKING([if we have working getaddrinfo])
733 AC_RUN_IFELSE([AC_LANG_SOURCE([[
734 #include <mach-o/dyld.h>
736 int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
742 [AC_MSG_RESULT([working])],
743 [AC_MSG_RESULT([buggy])
744 AC_DEFINE([BROKEN_GETADDRINFO], [1],
745 [getaddrinfo is broken (if present)])
747 [AC_MSG_RESULT([assume it is working])])
748 AC_DEFINE([SETEUID_BREAKS_SETUID])
749 AC_DEFINE([BROKEN_SETREUID])
750 AC_DEFINE([BROKEN_SETREGID])
751 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
752 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
753 [Define if your resolver libs need this for getrrsetbyname])
754 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
755 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
756 [Use tunnel device compatibility to OpenBSD])
757 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
758 [Prepend the address family to IP tunnel traffic])
759 m4_pattern_allow([AU_IPv])
760 AC_CHECK_DECL([AU_IPv4], [],
761 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
762 [#include <bsm/audit.h>]
763 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
764 [Define if pututxline updates lastlog too])
766 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
767 [Define to a Set Process Title type if your system is
768 supported by bsd-setproctitle.c])
769 AC_CHECK_FUNCS([sandbox_init])
770 AC_CHECK_HEADERS([sandbox.h])
771 AC_CHECK_LIB([sandbox], [sandbox_apply], [
772 SSHDLIBS="$SSHDLIBS -lsandbox"
774 # proc_pidinfo()-based closefrom() replacement.
775 AC_CHECK_HEADERS([libproc.h])
776 AC_CHECK_FUNCS([proc_pidinfo])
777 # poll(2) is broken for character-special devices (at least).
778 # cf. Apple bug 3710161 (not public, but searchable)
779 AC_DEFINE([BROKEN_POLL], [1],
780 [System poll(2) implementation is broken])
784 TEST_MALLOC_OPTIONS="AFGJPRX"
788 CFLAGS="$CFLAGS -D_BSD_SOURCE"
789 AC_CHECK_LIB([network], [socket])
790 AC_DEFINE([HAVE_U_INT64_T])
791 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
795 # first we define all of the options common to all HP-UX releases
796 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
797 IPADDR_IN_DISPLAY=yes
798 AC_DEFINE([USE_PIPES])
799 AC_DEFINE([LOGIN_NEEDS_UTMPX])
800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
801 [String used in /etc/passwd to denote locked account])
802 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
803 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
806 AC_CHECK_LIB([xnet], [t_error], ,
807 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
809 # next, we define all of the options specific to major releases
812 if test -z "$GCC"; then
815 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect])
818 AC_DEFINE([PAM_SUN_CODEBASE], [1],
819 [Define if you are using Solaris-derived PAM which
820 passes pam_messages to the conversation function
821 with an extra level of indirection])
822 AC_DEFINE([DISABLE_UTMP], [1],
823 [Define if you don't want to use utmp])
824 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
825 check_for_hpux_broken_getaddrinfo=1
826 check_for_conflicting_getspnam=1
830 # lastly, we define options specific to minor releases
833 AC_DEFINE([HAVE_SECUREWARE], [1],
834 [Define if you have SecureWare-based
835 protected password database])
836 disable_ptmx_check=yes
842 PATH="$PATH:/usr/etc"
843 AC_DEFINE([BROKEN_INET_NTOA], [1],
844 [Define if you system's inet_ntoa is busted
845 (e.g. Irix gcc issue)])
846 AC_DEFINE([SETEUID_BREAKS_SETUID])
847 AC_DEFINE([BROKEN_SETREUID])
848 AC_DEFINE([BROKEN_SETREGID])
849 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
850 [Define if you shouldn't strip 'tty' from your
852 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
855 PATH="$PATH:/usr/etc"
856 AC_DEFINE([WITH_IRIX_ARRAY], [1],
857 [Define if you have/want arrays
858 (cluster-wide session management, not C arrays)])
859 AC_DEFINE([WITH_IRIX_PROJECT], [1],
860 [Define if you want IRIX project management])
861 AC_DEFINE([WITH_IRIX_AUDIT], [1],
862 [Define if you want IRIX audit trails])
863 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
864 [Define if you want IRIX kernel jobs])])
865 AC_DEFINE([BROKEN_INET_NTOA])
866 AC_DEFINE([SETEUID_BREAKS_SETUID])
867 AC_DEFINE([BROKEN_SETREUID])
868 AC_DEFINE([BROKEN_SETREGID])
869 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
870 AC_DEFINE([WITH_ABBREV_NO_TTY])
871 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
873 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
874 AC_DEFINE([PAM_TTY_KLUDGE])
875 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
876 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
877 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
878 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
883 check_for_openpty_ctty_bug=1
884 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
885 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
886 dnl _GNU_SOURCE is needed for setres*id prototypes.
887 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
888 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
889 AC_DEFINE([PAM_TTY_KLUDGE], [1],
890 [Work around problematic Linux PAM modules handling of PAM_TTY])
891 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
892 [String used in /etc/passwd to denote locked account])
893 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
894 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
895 [Define to whatever link() returns for "not supported"
896 if it doesn't return EOPNOTSUPP.])
897 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
898 AC_DEFINE([USE_BTMP])
899 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
900 inet6_default_4in6=yes
903 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
904 [Define if cmsg_type is not passed correctly])
907 # tun(4) forwarding compat code
908 AC_CHECK_HEADERS([linux/if_tun.h])
909 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
910 AC_DEFINE([SSH_TUN_LINUX], [1],
911 [Open tunnel devices the Linux tun/tap way])
912 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
913 [Use tunnel device compatibility to OpenBSD])
914 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
915 [Prepend the address family to IP tunnel traffic])
917 AC_CHECK_HEADER([linux/if.h],
918 AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
919 [Support routing domains using Linux VRF]), [], [
920 #ifdef HAVE_SYS_TYPES_H
921 # include <sys/types.h>
924 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
925 [], [#include <linux/types.h>])
929 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
930 #if _MIPS_SIM != _ABIO32
933 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
934 #if _MIPS_SIM != _ABIN32
937 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
938 #if _MIPS_SIM != _ABI64
941 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
947 AC_MSG_CHECKING([for seccomp architecture])
951 seccomp_audit_arch=AUDIT_ARCH_X86_64
954 seccomp_audit_arch=AUDIT_ARCH_I386
957 seccomp_audit_arch=AUDIT_ARCH_ARM
960 seccomp_audit_arch=AUDIT_ARCH_AARCH64
963 seccomp_audit_arch=AUDIT_ARCH_S390X
966 seccomp_audit_arch=AUDIT_ARCH_S390
969 seccomp_audit_arch=AUDIT_ARCH_PPC
972 seccomp_audit_arch=AUDIT_ARCH_PPC64
975 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
978 seccomp_audit_arch=AUDIT_ARCH_MIPS
981 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
986 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
989 seccomp_audit_arch=AUDIT_ARCH_MIPS64
996 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
999 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
1004 seccomp_audit_arch=AUDIT_ARCH_RISCV64
1007 if test "x$seccomp_audit_arch" != "x" ; then
1008 AC_MSG_RESULT(["$seccomp_audit_arch"])
1009 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
1010 [Specify the system call convention in use])
1012 AC_MSG_RESULT([architecture not supported])
1016 AC_DEFINE([SETEUID_BREAKS_SETUID])
1017 # poll(2) seems to choke on /dev/null; "Bad file descriptor"
1018 AC_DEFINE([BROKEN_POLL], [1],
1019 [System poll(2) implementation is broken])
1021 mips-sony-bsd|mips-sony-newsos4)
1022 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
1026 if test "x$withval" != "xno" ; then
1029 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1030 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1031 AC_CHECK_HEADER([net/if_tap.h], ,
1032 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1033 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
1034 [Prepend the address family to IP tunnel traffic])
1035 TEST_MALLOC_OPTIONS="AJRX"
1036 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
1037 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
1040 SKIP_DISABLE_LASTLOG_DEFINE=yes
1041 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
1042 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1043 AC_CHECK_HEADER([net/if_tap.h], ,
1044 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1045 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
1046 TEST_MALLOC_OPTIONS="AJRX"
1047 # Preauth crypto occasionally uses file descriptors for crypto offload
1048 # and will crash if they cannot be opened.
1049 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
1050 [define if setrlimit RLIMIT_NOFILE breaks things])
1052 *-*-freebsd9.*|*-*-freebsd10.*)
1053 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1054 disable_capsicum=yes
1058 AC_DEFINE([SETEUID_BREAKS_SETUID])
1059 AC_DEFINE([BROKEN_SETREUID])
1060 AC_DEFINE([BROKEN_SETREGID])
1063 conf_lastlog_location="/usr/adm/lastlog"
1064 conf_utmp_location=/etc/utmp
1065 conf_wtmp_location=/usr/adm/wtmp
1066 maildir=/usr/spool/mail
1067 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
1068 AC_DEFINE([USE_PIPES])
1069 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
1073 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
1074 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
1075 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
1076 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
1077 [syslog_r function is safe to use in in a signal handler])
1078 TEST_MALLOC_OPTIONS="AFGJPRX"
1081 if test "x$withval" != "xno" ; then
1084 AC_DEFINE([PAM_SUN_CODEBASE])
1085 AC_DEFINE([LOGIN_NEEDS_UTMPX])
1086 AC_DEFINE([PAM_TTY_KLUDGE])
1087 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
1088 [Define if pam_chauthtok wants real uid set
1089 to the unpriv'ed user])
1090 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1091 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
1092 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
1093 [Define if sshd somehow reacquires a controlling TTY
1095 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
1096 in case the name is longer than 8 chars])
1097 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
1098 external_path_file=/etc/default/login
1099 # hardwire lastlog location (can't detect it on some versions)
1100 conf_lastlog_location="/var/adm/lastlog"
1101 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
1102 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1103 if test "$sol2ver" -ge 8; then
1104 AC_MSG_RESULT([yes])
1105 AC_DEFINE([DISABLE_UTMP])
1106 AC_DEFINE([DISABLE_WTMP], [1],
1107 [Define if you don't want to use wtmp])
1111 AC_CHECK_FUNCS([setpflags])
1112 AC_CHECK_FUNCS([setppriv])
1113 AC_CHECK_FUNCS([priv_basicset])
1114 AC_CHECK_HEADERS([priv.h])
1115 AC_ARG_WITH([solaris-contracts],
1116 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1118 AC_CHECK_LIB([contract], [ct_tmpl_activate],
1119 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1120 [Define if you have Solaris process contracts])
1121 LIBS="$LIBS -lcontract"
1125 AC_ARG_WITH([solaris-projects],
1126 [ --with-solaris-projects Enable Solaris projects (experimental)],
1128 AC_CHECK_LIB([project], [setproject],
1129 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1130 [Define if you have Solaris projects])
1131 LIBS="$LIBS -lproject"
1135 AC_ARG_WITH([solaris-privs],
1136 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1138 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1139 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1140 "x$ac_cv_header_priv_h" = "xyes" ; then
1142 AC_MSG_RESULT([found])
1143 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1144 [Define to disable UID restoration test])
1145 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1146 [Define if you have Solaris privileges])
1149 AC_MSG_RESULT([not found])
1150 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1154 TEST_SHELL=$SHELL # let configure find us a capable shell
1157 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1158 AC_CHECK_FUNCS([getpwanam])
1159 AC_DEFINE([PAM_SUN_CODEBASE])
1160 conf_utmp_location=/etc/utmp
1161 conf_wtmp_location=/var/adm/wtmp
1162 conf_lastlog_location=/var/adm/lastlog
1163 AC_DEFINE([USE_PIPES])
1164 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1168 AC_DEFINE([USE_PIPES])
1169 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1170 AC_DEFINE([SETEUID_BREAKS_SETUID])
1171 AC_DEFINE([BROKEN_SETREUID])
1172 AC_DEFINE([BROKEN_SETREGID])
1175 # /usr/ucblib MUST NOT be searched on ReliantUNIX
1176 AC_CHECK_LIB([dl], [dlsym], ,)
1177 # -lresolv needs to be at the end of LIBS or DNS lookups break
1178 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1179 IPADDR_IN_DISPLAY=yes
1180 AC_DEFINE([USE_PIPES])
1181 AC_DEFINE([IP_TOS_IS_BROKEN])
1182 AC_DEFINE([SETEUID_BREAKS_SETUID])
1183 AC_DEFINE([BROKEN_SETREUID])
1184 AC_DEFINE([BROKEN_SETREGID])
1185 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1186 external_path_file=/etc/default/login
1187 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1188 # Attention: always take care to bind libsocket and libnsl before libc,
1189 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1191 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1193 AC_DEFINE([USE_PIPES])
1194 AC_DEFINE([SETEUID_BREAKS_SETUID])
1195 AC_DEFINE([BROKEN_SETREUID])
1196 AC_DEFINE([BROKEN_SETREGID])
1197 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1198 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1199 TEST_SHELL=$SHELL # let configure find us a capable shell
1201 # UnixWare 7.x, OpenUNIX 8
1203 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1204 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1205 AC_DEFINE([USE_PIPES])
1206 AC_DEFINE([SETEUID_BREAKS_SETUID])
1207 AC_DEFINE([BROKEN_GETADDRINFO])
1208 AC_DEFINE([BROKEN_SETREUID])
1209 AC_DEFINE([BROKEN_SETREGID])
1210 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1211 AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1212 TEST_SHELL=$SHELL # let configure find us a capable shell
1214 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1215 maildir=/var/spool/mail
1216 AC_DEFINE([BROKEN_UPDWTMPX])
1217 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1218 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1221 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1227 # SCO UNIX and OEM versions of SCO UNIX
1229 AC_MSG_ERROR("This Platform is no longer supported.")
1231 # SCO OpenServer 5.x
1233 if test -z "$GCC"; then
1234 CFLAGS="$CFLAGS -belf"
1236 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1238 AC_DEFINE([USE_PIPES])
1239 AC_DEFINE([HAVE_SECUREWARE])
1240 AC_DEFINE([DISABLE_SHADOW])
1241 AC_DEFINE([DISABLE_FD_PASSING])
1242 AC_DEFINE([SETEUID_BREAKS_SETUID])
1243 AC_DEFINE([BROKEN_GETADDRINFO])
1244 AC_DEFINE([BROKEN_SETREUID])
1245 AC_DEFINE([BROKEN_SETREGID])
1246 AC_DEFINE([WITH_ABBREV_NO_TTY])
1247 AC_DEFINE([BROKEN_UPDWTMPX])
1248 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1249 AC_CHECK_FUNCS([getluid setluid])
1251 TEST_SHELL=$SHELL # let configure find us a capable shell
1252 SKIP_DISABLE_LASTLOG_DEFINE=yes
1255 AC_MSG_CHECKING([for Digital Unix SIA])
1257 AC_ARG_WITH([osfsia],
1258 [ --with-osfsia Enable Digital Unix SIA],
1260 if test "x$withval" = "xno" ; then
1261 AC_MSG_RESULT([disabled])
1266 if test -z "$no_osfsia" ; then
1267 if test -f /etc/sia/matrix.conf; then
1268 AC_MSG_RESULT([yes])
1269 AC_DEFINE([HAVE_OSF_SIA], [1],
1270 [Define if you have Digital Unix Security
1271 Integration Architecture])
1272 AC_DEFINE([DISABLE_LOGIN], [1],
1273 [Define if you don't want to use your
1274 system's login() call])
1275 AC_DEFINE([DISABLE_FD_PASSING])
1276 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1280 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1281 [String used in /etc/passwd to denote locked account])
1284 AC_DEFINE([BROKEN_GETADDRINFO])
1285 AC_DEFINE([SETEUID_BREAKS_SETUID])
1286 AC_DEFINE([BROKEN_SETREUID])
1287 AC_DEFINE([BROKEN_SETREGID])
1288 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1292 AC_DEFINE([USE_PIPES])
1293 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1294 AC_DEFINE([DISABLE_LASTLOG])
1295 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1296 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1297 enable_etc_default_login=no # has incompatible /etc/default/login
1300 AC_DEFINE([DISABLE_FD_PASSING])
1306 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1307 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1308 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1309 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1310 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1311 # don't get a controlling tty.
1312 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1313 # On Ultrix some headers are not protected against multiple includes,
1314 # so we create wrappers and put it where the compiler will find it.
1315 AC_MSG_WARN([creating compat wrappers for headers])
1317 for header in netinet/ip.h netdb.h resolv.h; do
1318 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1320 #ifndef _SSH_COMPAT_${name}
1321 #define _SSH_COMPAT_${name}
1322 #include "/usr/include/${header}"
1329 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1330 AC_DEFINE([BROKEN_SETVBUF], [1],
1331 [LynxOS has broken setvbuf() implementation])
1335 AC_MSG_CHECKING([compiler and flags for sanity])
1336 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
1337 [ AC_MSG_RESULT([yes]) ],
1340 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1342 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1345 dnl Checks for header files.
1346 # Checks for libraries.
1347 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1349 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1350 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1351 AC_CHECK_LIB([gen], [dirname], [
1352 AC_CACHE_CHECK([for broken dirname],
1353 ac_cv_have_broken_dirname, [
1362 int main(int argc, char **argv) {
1365 strncpy(buf,"/etc", 32);
1367 if (!s || strncmp(s, "/", 32) != 0) {
1374 [ ac_cv_have_broken_dirname="no" ],
1375 [ ac_cv_have_broken_dirname="yes" ],
1376 [ ac_cv_have_broken_dirname="no" ],
1380 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1382 AC_DEFINE([HAVE_DIRNAME])
1383 AC_CHECK_HEADERS([libgen.h])
1388 AC_CHECK_FUNC([getspnam], ,
1389 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1390 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1391 [Define if you have the basename function.])])
1393 dnl zlib defaults to enabled
1396 [ --with-zlib=PATH Use zlib in PATH],
1397 [ if test "x$withval" = "xno" ; then
1399 elif test "x$withval" != "xyes"; then
1400 if test -d "$withval/lib"; then
1401 if test -n "${rpath_opt}"; then
1402 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1404 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1407 if test -n "${rpath_opt}"; then
1408 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1410 LDFLAGS="-L${withval} ${LDFLAGS}"
1413 if test -d "$withval/include"; then
1414 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1416 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1421 # These libraries are needed for anything that links in the channel code.
1423 AC_MSG_CHECKING([for zlib])
1424 if test "x${zlib}" = "xno"; then
1428 CHANNELLIBS="$CHANNELLIBS -lz"
1429 AC_MSG_RESULT([yes])
1430 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1431 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1432 AC_CHECK_LIB([z], [deflate], [],
1434 saved_CPPFLAGS="$CPPFLAGS"
1435 saved_LDFLAGS="$LDFLAGS"
1436 dnl Check default zlib install dir
1437 if test -n "${rpath_opt}"; then
1438 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1440 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1442 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1443 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1445 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1451 AC_ARG_WITH([zlib-version-check],
1452 [ --without-zlib-version-check Disable zlib version check],
1453 [ if test "x$withval" = "xno" ; then
1454 zlib_check_nonfatal=1
1459 AC_MSG_CHECKING([for possibly buggy zlib])
1460 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1466 int a=0, b=0, c=0, d=0, n, v;
1467 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1468 if (n != 3 && n != 4)
1470 v = a*1000000 + b*10000 + c*100 + d;
1471 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1474 if (a == 1 && b == 1 && c >= 4)
1477 /* 1.2.3 and up are OK */
1483 AC_MSG_RESULT([no]),
1484 [ AC_MSG_RESULT([yes])
1485 if test -z "$zlib_check_nonfatal" ; then
1486 AC_MSG_ERROR([*** zlib too old - check config.log ***
1487 Your reported zlib version has known security problems. It's possible your
1488 vendor has fixed these problems without changing the version number. If you
1489 are sure this is the case, you can disable the check by running
1490 "./configure --without-zlib-version-check".
1491 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1492 See http://www.gzip.org/zlib/ for details.])
1494 AC_MSG_WARN([zlib version may have security problems])
1497 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1503 AC_CHECK_FUNC([strcasecmp],
1504 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1506 AC_CHECK_FUNCS([utimes],
1507 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1508 LIBS="$LIBS -lc89"]) ]
1511 dnl Checks for libutil functions
1512 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1513 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1514 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1515 AC_SEARCH_LIBS([login], [util bsd])
1516 AC_SEARCH_LIBS([logout], [util bsd])
1517 AC_SEARCH_LIBS([logwtmp], [util bsd])
1518 AC_SEARCH_LIBS([openpty], [util bsd])
1519 AC_SEARCH_LIBS([updwtmp], [util bsd])
1520 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1522 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1524 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1525 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1527 # Some Linux distribtions ship the BSD libc hashing functions in
1528 # separate libraries.
1529 AC_SEARCH_LIBS([SHA256Update], [md bsd])
1531 # "Particular Function Checks"
1532 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1536 # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1537 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1540 [[ #include <stdlib.h> ]],
1541 [[ void *p = calloc(0, 1); exit(p == NULL); ]]
1543 [ func_calloc_0_nonnull=yes ],
1544 [ func_calloc_0_nonnull=no ],
1545 [ AC_MSG_WARN([cross compiling: assuming same as malloc])
1546 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1548 AC_MSG_RESULT([$func_calloc_0_nonnull])
1550 if test "x$func_calloc_0_nonnull" = "xyes"; then
1551 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1553 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1554 AC_DEFINE(calloc, rpl_calloc,
1555 [Define to rpl_calloc if the replacement function should be used.])
1558 # Check for ALTDIRFUNC glob() extension
1559 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1560 AC_EGREP_CPP([FOUNDIT],
1563 #ifdef GLOB_ALTDIRFUNC
1568 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1569 [Define if your system glob() function has
1570 the GLOB_ALTDIRFUNC extension])
1571 AC_MSG_RESULT([yes])
1578 # Check for g.gl_matchc glob() extension
1579 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1580 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1581 [[ glob_t g; g.gl_matchc = 1; ]])],
1583 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1584 [Define if your system glob() function has
1585 gl_matchc options in glob_t])
1586 AC_MSG_RESULT([yes])
1591 # Check for g.gl_statv glob() extension
1592 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1593 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1594 #ifndef GLOB_KEEPSTAT
1595 #error "glob does not support GLOB_KEEPSTAT extension"
1601 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1602 [Define if your system glob() function has
1603 gl_statv options in glob_t])
1604 AC_MSG_RESULT([yes])
1610 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1612 AC_CHECK_DECL([VIS_ALL], ,
1613 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1615 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1618 #include <sys/types.h>
1624 exit(sizeof(d.d_name)<=sizeof(char));
1626 [AC_MSG_RESULT([yes])],
1629 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1630 [Define if your struct dirent expects you to
1631 allocate extra space for d_name])
1634 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1635 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1639 AC_MSG_CHECKING([for /proc/pid/fd directory])
1640 if test -d "/proc/$$/fd" ; then
1641 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1642 AC_MSG_RESULT([yes])
1647 # Check whether user wants TCP wrappers support
1649 AC_ARG_WITH([tcp-wrappers],
1650 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1652 if test "x$withval" != "xno" ; then
1654 saved_LDFLAGS="$LDFLAGS"
1655 saved_CPPFLAGS="$CPPFLAGS"
1656 if test -n "${withval}" && \
1657 test "x${withval}" != "xyes"; then
1658 if test -d "${withval}/lib"; then
1659 if test -n "${need_dash_r}"; then
1660 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1662 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1665 if test -n "${need_dash_r}"; then
1666 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1668 LDFLAGS="-L${withval} ${LDFLAGS}"
1671 if test -d "${withval}/include"; then
1672 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1674 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1678 AC_MSG_CHECKING([for libwrap])
1679 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1680 #include <sys/types.h>
1681 #include <sys/socket.h>
1682 #include <netinet/in.h>
1684 int deny_severity = 0, allow_severity = 0;
1688 AC_MSG_RESULT([yes])
1689 AC_DEFINE([LIBWRAP], [1],
1691 TCP Wrappers support])
1692 SSHDLIBS="$SSHDLIBS -lwrap"
1695 AC_MSG_ERROR([*** libwrap missing])
1702 # Check whether user wants to use ldns
1705 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1708 if test "x$withval" = "xyes" ; then
1709 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1710 if test "x$LDNSCONFIG" = "xno"; then
1714 LIBS="$LIBS `$LDNSCONFIG --libs`"
1715 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1718 elif test "x$withval" != "xno" ; then
1719 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1720 LDFLAGS="$LDFLAGS -L${withval}/lib"
1725 # Verify that it works.
1726 if test "x$ldns" = "xyes" ; then
1727 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1729 AC_MSG_CHECKING([for ldns support])
1734 #ifdef HAVE_STDINT_H
1735 # include <stdint.h>
1737 #include <ldns/ldns.h>
1738 int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1741 [AC_MSG_RESULT(yes)],
1744 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1749 # Check whether user wants libedit support
1751 AC_ARG_WITH([libedit],
1752 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1753 [ if test "x$withval" != "xno" ; then
1754 if test "x$withval" = "xyes" ; then
1755 if test "x$PKGCONFIG" != "xno"; then
1756 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1757 if "$PKGCONFIG" libedit; then
1758 AC_MSG_RESULT([yes])
1759 use_pkgconfig_for_libedit=yes
1765 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1766 if test -n "${rpath_opt}"; then
1767 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1769 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1772 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1773 LIBEDIT=`$PKGCONFIG --libs libedit`
1774 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1776 LIBEDIT="-ledit -lcurses"
1778 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1779 AC_CHECK_LIB([edit], [el_init],
1780 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1784 [ AC_MSG_ERROR([libedit not found]) ],
1787 AC_MSG_CHECKING([if libedit version is compatible])
1790 #include <histedit.h>
1795 el_init("", NULL, NULL, NULL);
1798 [ AC_MSG_RESULT([yes]) ],
1799 [ AC_MSG_RESULT([no])
1800 AC_MSG_ERROR([libedit version is not compatible]) ]
1806 AC_ARG_WITH([audit],
1807 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1809 AC_MSG_CHECKING([for supported audit module])
1812 AC_MSG_RESULT([bsm])
1814 dnl Checks for headers, libs and functions
1815 AC_CHECK_HEADERS([bsm/audit.h], [],
1816 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1823 AC_CHECK_LIB([bsm], [getaudit], [],
1824 [AC_MSG_ERROR([BSM enabled and required library not found])])
1825 AC_CHECK_FUNCS([getaudit], [],
1826 [AC_MSG_ERROR([BSM enabled and required function not found])])
1827 # These are optional
1828 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1829 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1830 if test "$sol2ver" -ge 11; then
1831 SSHDLIBS="$SSHDLIBS -lscf"
1832 AC_DEFINE([BROKEN_BSM_API], [1],
1833 [The system has incomplete BSM API])
1837 AC_MSG_RESULT([linux])
1839 dnl Checks for headers, libs and functions
1840 AC_CHECK_HEADERS([libaudit.h])
1841 SSHDLIBS="$SSHDLIBS -laudit"
1842 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1846 AC_MSG_RESULT([debug])
1847 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1853 AC_MSG_ERROR([Unknown audit module $withval])
1859 [ --with-pie Build Position Independent Executables if possible], [
1860 if test "x$withval" = "xno"; then
1863 if test "x$withval" = "xyes"; then
1868 if test "x$use_pie" = "x"; then
1871 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1872 # Turn off automatic PIE when toolchain hardening is off.
1875 if test "x$use_pie" = "xauto"; then
1876 # Automatic PIE requires gcc >= 4.x
1877 AC_MSG_CHECKING([for gcc >= 4.x])
1878 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1879 #if !defined(__GNUC__) || __GNUC__ < 4
1880 #error gcc is too old
1883 [ AC_MSG_RESULT([yes]) ],
1884 [ AC_MSG_RESULT([no])
1888 if test "x$use_pie" != "xno"; then
1889 SAVED_CFLAGS="$CFLAGS"
1890 SAVED_LDFLAGS="$LDFLAGS"
1891 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1892 OSSH_CHECK_LDFLAG_LINK([-pie])
1893 # We use both -fPIE and -pie or neither.
1894 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1895 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1896 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1897 AC_MSG_RESULT([yes])
1900 CFLAGS="$SAVED_CFLAGS"
1901 LDFLAGS="$SAVED_LDFLAGS"
1905 AC_MSG_CHECKING([whether -fPIC is accepted])
1906 SAVED_CFLAGS="$CFLAGS"
1907 CFLAGS="$CFLAGS -fPIC"
1909 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1910 [AC_MSG_RESULT([yes])
1912 [AC_MSG_RESULT([no])
1914 CFLAGS="$SAVED_CFLAGS"
1917 dnl Checks for library functions. Please keep in alphabetical order
1921 Blowfish_initstate \
1922 Blowfish_expandstate \
1923 Blowfish_expand0state \
1924 Blowfish_stream2word \
2063 AC_CHECK_DECLS([bzero, memmem])
2065 dnl Wide character support.
2066 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
2068 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
2069 AC_MSG_CHECKING([for utf8 locale support])
2075 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2083 AC_MSG_WARN([cross compiling: assuming yes])
2088 [[ #include <ctype.h> ]],
2089 [[ return (isblank('a')); ]])],
2090 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
2094 AC_ARG_ENABLE([pkcs11],
2095 [ --disable-pkcs11 disable PKCS#11 support code [no]],
2097 if test "x$enableval" = "xno" ; then
2104 AC_ARG_ENABLE([security-key],
2105 [ --disable-security-key disable U2F/FIDO support code [no]],
2107 if test "x$enableval" = "xno" ; then
2113 AC_ARG_WITH([security-key-builtin],
2114 [ --with-security-key-builtin include builtin U2F/FIDO support],
2115 [ enable_sk_internal=$withval ]
2118 AC_SEARCH_LIBS([dlopen], [dl])
2119 AC_CHECK_FUNCS([dlopen])
2120 AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
2122 # IRIX has a const char return value for gai_strerror()
2123 AC_CHECK_FUNCS([gai_strerror], [
2124 AC_DEFINE([HAVE_GAI_STRERROR])
2125 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2126 #include <sys/types.h>
2127 #include <sys/socket.h>
2130 const char *gai_strerror(int);
2133 str = gai_strerror(0);
2135 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
2136 [Define if gai_strerror() returns const char *])], [])])
2138 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
2139 [Some systems put nanosleep outside of libc])])
2141 AC_SEARCH_LIBS([clock_gettime], [rt],
2142 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
2144 dnl check if we need -D_REENTRANT for localtime_r declaration.
2145 AC_CHECK_DECL([localtime_r], [],
2146 [ saved_CPPFLAGS="$CPPFLAGS"
2147 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2148 unset ac_cv_have_decl_localtime_r
2149 AC_CHECK_DECL([localtime_r], [],
2150 [ CPPFLAGS="$saved_CPPFLAGS" ],
2151 [ #include <time.h> ]
2154 [ #include <time.h> ]
2157 dnl Make sure prototypes are defined for these before using them.
2158 AC_CHECK_DECL([strsep],
2159 [AC_CHECK_FUNCS([strsep])],
2162 #ifdef HAVE_STRING_H
2163 # include <string.h>
2167 dnl tcsendbreak might be a macro
2168 AC_CHECK_DECL([tcsendbreak],
2169 [AC_DEFINE([HAVE_TCSENDBREAK])],
2170 [AC_CHECK_FUNCS([tcsendbreak])],
2171 [#include <termios.h>]
2174 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2176 AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
2178 #include <sys/types.h>
2179 #include <sys/socket.h>
2183 AC_CHECK_DECLS([O_NONBLOCK], , ,
2185 #include <sys/types.h>
2186 #ifdef HAVE_SYS_STAT_H
2187 # include <sys/stat.h>
2194 AC_CHECK_DECLS([ftruncate, getentropy], , ,
2196 #include <sys/types.h>
2200 AC_CHECK_DECLS([readv, writev], , , [
2201 #include <sys/types.h>
2202 #include <sys/uio.h>
2206 AC_CHECK_DECLS([MAXSYMLINKS], , , [
2207 #include <sys/param.h>
2210 AC_CHECK_DECLS([offsetof], , , [
2214 # extra bits for select(2)
2215 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2216 #include <sys/param.h>
2217 #include <sys/types.h>
2218 #ifdef HAVE_SYS_SYSMACROS_H
2219 #include <sys/sysmacros.h>
2221 #ifdef HAVE_SYS_SELECT_H
2222 #include <sys/select.h>
2224 #ifdef HAVE_SYS_TIME_H
2225 #include <sys/time.h>
2227 #ifdef HAVE_UNISTD_H
2231 AC_CHECK_TYPES([fd_mask], [], [], [[
2232 #include <sys/param.h>
2233 #include <sys/types.h>
2234 #ifdef HAVE_SYS_SELECT_H
2235 #include <sys/select.h>
2237 #ifdef HAVE_SYS_TIME_H
2238 #include <sys/time.h>
2240 #ifdef HAVE_UNISTD_H
2245 AC_CHECK_FUNCS([setresuid], [
2246 dnl Some platorms have setresuid that isn't implemented, test for this
2247 AC_MSG_CHECKING([if setresuid seems to work])
2261 [AC_MSG_RESULT([yes])],
2262 [AC_DEFINE([BROKEN_SETRESUID], [1],
2263 [Define if your setresuid() is broken])
2264 AC_MSG_RESULT([not implemented])],
2265 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2269 AC_CHECK_FUNCS([setresgid], [
2270 dnl Some platorms have setresgid that isn't implemented, test for this
2271 AC_MSG_CHECKING([if setresgid seems to work])
2285 [AC_MSG_RESULT([yes])],
2286 [AC_DEFINE([BROKEN_SETRESGID], [1],
2287 [Define if your setresgid() is broken])
2288 AC_MSG_RESULT([not implemented])],
2289 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2293 AC_MSG_CHECKING([for working fflush(NULL)])
2299 [[fflush(NULL); exit(0);]])],
2300 AC_MSG_RESULT([yes]),
2301 [AC_MSG_RESULT([no])
2302 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2303 [define if fflush(NULL) does not work])],
2304 AC_MSG_WARN([cross compiling: assuming working])
2307 dnl Checks for time functions
2308 AC_CHECK_FUNCS([gettimeofday time])
2309 dnl Checks for utmp functions
2310 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2311 AC_CHECK_FUNCS([utmpname])
2312 dnl Checks for utmpx functions
2313 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2314 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2315 dnl Checks for lastlog functions
2316 AC_CHECK_FUNCS([getlastlogxbyname])
2318 AC_CHECK_FUNC([daemon],
2319 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2320 [AC_CHECK_LIB([bsd], [daemon],
2321 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2324 AC_CHECK_FUNC([getpagesize],
2325 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2326 [Define if your libraries define getpagesize()])],
2327 [AC_CHECK_LIB([ucb], [getpagesize],
2328 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2331 # Check for broken snprintf
2332 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2333 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2341 snprintf(b,5,"123456789");
2344 [AC_MSG_RESULT([yes])],
2347 AC_DEFINE([BROKEN_SNPRINTF], [1],
2348 [Define if your snprintf is busted])
2349 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2351 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2355 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2356 AC_MSG_CHECKING([whether snprintf understands %zu])
2359 #include <sys/types.h>
2365 size_t a = 1, b = 2;
2367 snprintf(z, sizeof z, "%zu%zu", a, b);
2368 exit(strcmp(z, "12"));
2370 [AC_MSG_RESULT([yes])],
2373 AC_DEFINE([BROKEN_SNPRINTF], [1],
2374 [snprintf does not understand %zu])
2376 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2380 # We depend on vsnprintf returning the right thing on overflow: the
2381 # number of characters it tried to create (as per SUSv3)
2382 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2383 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2386 #include <sys/types.h>
2390 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2396 ret = vsnprintf(str, count, fmt, ap);
2402 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2404 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2408 [AC_MSG_RESULT([yes])],
2411 AC_DEFINE([BROKEN_SNPRINTF], [1],
2412 [Define if your snprintf is busted])
2413 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2415 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2419 # On systems where [v]snprintf is broken, but is declared in stdio,
2420 # check that the fmt argument is const char * or just char *.
2421 # This is only useful for when BROKEN_SNPRINTF
2422 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2423 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2425 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2429 [AC_MSG_RESULT([yes])
2430 AC_DEFINE([SNPRINTF_CONST], [const],
2431 [Define as const if snprintf() can declare const char *fmt])],
2432 [AC_MSG_RESULT([no])
2433 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2435 # Check for missing getpeereid (or equiv) support
2437 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2438 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2439 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2440 #include <sys/types.h>
2441 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2442 [ AC_MSG_RESULT([yes])
2443 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2444 ], [AC_MSG_RESULT([no])
2449 dnl make sure that openpty does not reacquire controlling terminal
2450 if test ! -z "$check_for_openpty_ctty_bug"; then
2451 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2460 #include <sys/fcntl.h>
2461 #include <sys/types.h>
2462 #include <sys/wait.h>
2465 int fd, ptyfd, ttyfd, status;
2468 if (pid < 0) { /* failed */
2470 } else if (pid > 0) { /* parent */
2471 waitpid(pid, &status, 0);
2472 if (WIFEXITED(status))
2473 exit(WEXITSTATUS(status));
2476 } else { /* child */
2477 close(0); close(1); close(2);
2479 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2480 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2482 exit(3); /* Acquired ctty: broken */
2484 exit(0); /* Did not acquire ctty: OK */
2488 AC_MSG_RESULT([yes])
2492 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2495 AC_MSG_RESULT([cross-compiling, assuming yes])
2500 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2501 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2502 AC_MSG_CHECKING([if getaddrinfo seems to work])
2507 #include <sys/socket.h>
2510 #include <netinet/in.h>
2512 #define TEST_PORT "2222"
2515 struct addrinfo *gai_ai, *ai, hints;
2516 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2518 memset(&hints, 0, sizeof(hints));
2519 hints.ai_family = PF_UNSPEC;
2520 hints.ai_socktype = SOCK_STREAM;
2521 hints.ai_flags = AI_PASSIVE;
2523 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2525 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2529 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2530 if (ai->ai_family != AF_INET6)
2533 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2534 sizeof(ntop), strport, sizeof(strport),
2535 NI_NUMERICHOST|NI_NUMERICSERV);
2538 if (err == EAI_SYSTEM)
2539 perror("getnameinfo EAI_SYSTEM");
2541 fprintf(stderr, "getnameinfo failed: %s\n",
2546 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2549 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2557 AC_MSG_RESULT([yes])
2561 AC_DEFINE([BROKEN_GETADDRINFO])
2564 AC_MSG_RESULT([cross-compiling, assuming yes])
2569 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2570 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2571 AC_MSG_CHECKING([if getaddrinfo seems to work])
2576 #include <sys/socket.h>
2579 #include <netinet/in.h>
2581 #define TEST_PORT "2222"
2584 struct addrinfo *gai_ai, *ai, hints;
2585 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2587 memset(&hints, 0, sizeof(hints));
2588 hints.ai_family = PF_UNSPEC;
2589 hints.ai_socktype = SOCK_STREAM;
2590 hints.ai_flags = AI_PASSIVE;
2592 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2594 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2598 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2599 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2602 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2603 sizeof(ntop), strport, sizeof(strport),
2604 NI_NUMERICHOST|NI_NUMERICSERV);
2606 if (ai->ai_family == AF_INET && err != 0) {
2607 perror("getnameinfo");
2614 AC_MSG_RESULT([yes])
2615 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2616 [Define if you have a getaddrinfo that fails
2617 for the all-zeros IPv6 address])
2621 AC_DEFINE([BROKEN_GETADDRINFO])
2624 AC_MSG_RESULT([cross-compiling, assuming no])
2629 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2630 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2631 [#include <sys/types.h>
2632 #include <sys/socket.h>
2633 #include <netdb.h>])
2636 if test "x$check_for_conflicting_getspnam" = "x1"; then
2637 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2638 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2647 AC_MSG_RESULT([yes])
2648 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2649 [Conflicting defs for getspnam])
2654 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2655 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2656 dnl for over ten years). Despite this incompatibility being reported during
2657 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2658 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2659 dnl implementation. Try to detect this mess, and assume the only safe option
2660 dnl if we're cross compiling.
2662 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2663 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2664 if test "x$ac_cv_func_strnvis" = "xyes"; then
2665 AC_MSG_CHECKING([for working strnvis])
2673 static void sighandler(int sig) { _exit(1); }
2677 signal(SIGSEGV, sighandler);
2678 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2682 [AC_MSG_RESULT([yes])],
2683 [AC_MSG_RESULT([no])
2684 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2685 [AC_MSG_WARN([cross compiling: assuming broken])
2686 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2690 AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
2693 #ifdef HAVE_SYS_SELECT
2694 # include <sys/select.h>
2696 #include <sys/types.h>
2697 #include <sys/time.h>
2701 static void sighandler(int sig) { }
2705 struct sigaction sa;
2707 sa.sa_handler = sighandler;
2708 sa.sa_flags = SA_RESTART;
2709 (void)sigaction(SIGTERM, &sa, NULL);
2710 if ((pid = fork()) == 0) { /* child */
2715 if (getppid() == pid) /* if parent did not exit, shoot it */
2718 } else { /* parent */
2719 r = select(0, NULL, NULL, NULL, NULL);
2721 exit(r == -1 ? 0 : 1);
2723 [AC_MSG_RESULT([yes])],
2724 [AC_MSG_RESULT([no])
2725 AC_DEFINE([NO_SA_RESTART], [1],
2726 [SA_RESTARTed signals do no interrupt select])],
2727 [AC_MSG_WARN([cross compiling: assuming yes])]
2730 AC_CHECK_FUNCS([getpgrp],[
2731 AC_MSG_CHECKING([if getpgrp accepts zero args])
2733 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2734 [ AC_MSG_RESULT([yes])
2735 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2736 [ AC_MSG_RESULT([no])
2737 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2741 # Search for OpenSSL
2742 saved_CPPFLAGS="$CPPFLAGS"
2743 saved_LDFLAGS="$LDFLAGS"
2744 openssl_bin_PATH="$PATH"
2745 AC_ARG_WITH([ssl-dir],
2746 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2748 if test "x$openssl" = "xno" ; then
2749 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2751 if test "x$withval" != "xno" ; then
2754 ./*|../*) withval="`pwd`/$withval"
2756 if test -d "$withval/lib"; then
2757 libcrypto_path="${withval}/lib"
2758 elif test -d "$withval/lib64"; then
2759 libcrypto_path="$withval/lib64"
2761 # Built but not installed
2762 libcrypto_path="${withval}"
2764 if test -n "${rpath_opt}"; then
2765 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2767 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2769 if test -d "$withval/include"; then
2770 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2772 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2774 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
2778 AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH])
2779 AC_SUBST(OPENSSL_BIN, [${openssl_bin}])
2781 AC_ARG_WITH([openssl-header-check],
2782 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2784 if test "x$withval" = "xno" ; then
2785 openssl_check_nonfatal=1
2791 AC_ARG_WITH([ssl-engine],
2792 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2794 if test "x$withval" != "xno" ; then
2795 if test "x$openssl" = "xno" ; then
2796 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2803 nocrypto_saved_LIBS="$LIBS"
2804 if test "x$openssl" = "xyes" ; then
2805 LIBS="-lcrypto $LIBS"
2806 CHANNELLIBS="-lcrypto $CHANNELLIBS"
2807 AC_TRY_LINK_FUNC([RAND_add], ,
2808 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
2809 AC_CHECK_HEADER([openssl/opensslv.h], ,
2810 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2812 # Determine OpenSSL header version
2813 AC_MSG_CHECKING([OpenSSL header version])
2819 #include <openssl/opensslv.h>
2820 #define DATA "conftest.sslincver"
2825 fd = fopen(DATA,"w");
2829 if ((rc = fprintf(fd, "%08lx (%s)\n",
2830 (unsigned long)OPENSSL_VERSION_NUMBER,
2831 OPENSSL_VERSION_TEXT)) < 0)
2837 ssl_header_ver=`cat conftest.sslincver`
2838 AC_MSG_RESULT([$ssl_header_ver])
2841 AC_MSG_RESULT([not found])
2842 AC_MSG_ERROR([OpenSSL version header not found.])
2845 AC_MSG_WARN([cross compiling: not checking])
2849 # Determining OpenSSL library version is version dependent.
2850 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
2852 # Determine OpenSSL library version
2853 AC_MSG_CHECKING([OpenSSL library version])
2859 #include <openssl/opensslv.h>
2860 #include <openssl/crypto.h>
2861 #define DATA "conftest.ssllibver"
2866 fd = fopen(DATA,"w");
2869 #ifndef OPENSSL_VERSION
2870 # define OPENSSL_VERSION SSLEAY_VERSION
2872 #ifndef HAVE_OPENSSL_VERSION
2873 # define OpenSSL_version SSLeay_version
2875 #ifndef HAVE_OPENSSL_VERSION_NUM
2876 # define OpenSSL_version_num SSLeay
2878 if ((rc = fprintf(fd, "%08lx (%s)\n",
2879 (unsigned long)OpenSSL_version_num(),
2880 OpenSSL_version(OPENSSL_VERSION))) < 0)
2886 ssl_library_ver=`cat conftest.ssllibver`
2887 # Check version is supported.
2888 case "$ssl_library_ver" in
2890 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2894 # https://github.com/openssl/openssl/pull/4613
2895 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
2900 # OpenSSL 3; we use the 1.1x API
2901 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2904 # OpenSSL development branch; request 1.1x API
2905 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2908 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
2911 AC_MSG_RESULT([$ssl_library_ver])
2914 AC_MSG_RESULT([not found])
2915 AC_MSG_ERROR([OpenSSL library not found.])
2918 AC_MSG_WARN([cross compiling: not checking])
2924 case "$ssl_library_ver" in
2926 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2931 # Sanity check OpenSSL headers
2932 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2937 #include <openssl/opensslv.h>
2938 #include <openssl/crypto.h>
2940 #ifndef HAVE_OPENSSL_VERSION_NUM
2941 # define OpenSSL_version_num SSLeay
2943 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2946 AC_MSG_RESULT([yes])
2950 if test "x$openssl_check_nonfatal" = "x"; then
2951 AC_MSG_ERROR([Your OpenSSL headers do not match your
2952 library. Check config.log for details.
2953 If you are sure your installation is consistent, you can disable the check
2954 by running "./configure --without-openssl-header-check".
2955 Also see contrib/findssl.sh for help identifying header/library mismatches.
2958 AC_MSG_WARN([Your OpenSSL headers do not match your
2959 library. Check config.log for details.
2960 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2964 AC_MSG_WARN([cross compiling: not checking])
2968 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2970 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2971 [[ ERR_load_crypto_strings(); ]])],
2973 AC_MSG_RESULT([yes])
2978 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2980 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2981 [[ ERR_load_crypto_strings(); ]])],
2983 AC_MSG_RESULT([yes])
2984 CHANNELLIBS="$CHANNELLIBS -ldl"
2996 DSA_generate_parameters_ex \
2997 EVP_DigestFinal_ex \
2999 EVP_MD_CTX_cleanup \
3000 EVP_MD_CTX_copy_ex \
3003 RSA_generate_key_ex \
3004 RSA_get_default_method \
3007 # OpenSSL_add_all_algorithms may be a macro.
3008 AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
3009 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
3010 AC_CHECK_DECL(OpenSSL_add_all_algorithms,
3011 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
3012 [[#include <openssl/evp.h>]]
3016 # LibreSSL/OpenSSL 1.1x API
3018 OPENSSL_init_crypto \
3033 EVP_CIPHER_CTX_iv_noconst \
3034 EVP_CIPHER_CTX_get_iv \
3035 EVP_CIPHER_CTX_get_updated_iv \
3036 EVP_CIPHER_CTX_set_iv \
3037 RSA_get0_crt_params \
3040 RSA_set0_crt_params \
3045 RSA_meth_set1_name \
3046 RSA_meth_get_finish \
3047 RSA_meth_set_priv_enc \
3048 RSA_meth_set_priv_dec \
3049 RSA_meth_set_finish \
3056 if test "x$openssl_engine" = "xyes" ; then
3057 AC_MSG_CHECKING([for OpenSSL ENGINE support])
3058 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3059 #include <openssl/engine.h>
3061 ENGINE_load_builtin_engines();
3062 ENGINE_register_all_complete();
3064 [ AC_MSG_RESULT([yes])
3065 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
3066 [Enable OpenSSL engine support])
3067 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
3071 # Check for OpenSSL without EVP_aes_{192,256}_cbc
3072 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3077 #include <openssl/evp.h>
3079 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
3085 AC_MSG_RESULT([yes])
3086 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
3087 [libcrypto is missing AES 192 and 256 bit functions])
3091 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
3096 #include <openssl/evp.h>
3098 if(EVP_DigestUpdate(NULL, NULL,0))
3102 AC_MSG_RESULT([yes])
3106 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
3107 [Define if EVP_DigestUpdate returns void])
3111 # Check for SHA256, SHA384 and SHA512 support in OpenSSL
3112 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
3114 # Check complete ECC support in OpenSSL
3115 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3118 #include <openssl/ec.h>
3119 #include <openssl/ecdh.h>
3120 #include <openssl/ecdsa.h>
3121 #include <openssl/evp.h>
3122 #include <openssl/objects.h>
3123 #include <openssl/opensslv.h>
3125 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3126 const EVP_MD *m = EVP_sha256(); /* We need this too */
3128 [ AC_MSG_RESULT([yes])
3129 enable_nistp256=1 ],
3130 [ AC_MSG_RESULT([no]) ]
3133 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3136 #include <openssl/ec.h>
3137 #include <openssl/ecdh.h>
3138 #include <openssl/ecdsa.h>
3139 #include <openssl/evp.h>
3140 #include <openssl/objects.h>
3141 #include <openssl/opensslv.h>
3143 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3144 const EVP_MD *m = EVP_sha384(); /* We need this too */
3146 [ AC_MSG_RESULT([yes])
3147 enable_nistp384=1 ],
3148 [ AC_MSG_RESULT([no]) ]
3151 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3154 #include <openssl/ec.h>
3155 #include <openssl/ecdh.h>
3156 #include <openssl/ecdsa.h>
3157 #include <openssl/evp.h>
3158 #include <openssl/objects.h>
3159 #include <openssl/opensslv.h>
3161 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3162 const EVP_MD *m = EVP_sha512(); /* We need this too */
3164 [ AC_MSG_RESULT([yes])
3165 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3169 #include <openssl/ec.h>
3170 #include <openssl/ecdh.h>
3171 #include <openssl/ecdsa.h>
3172 #include <openssl/evp.h>
3173 #include <openssl/objects.h>
3174 #include <openssl/opensslv.h>
3176 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3177 const EVP_MD *m = EVP_sha512(); /* We need this too */
3178 exit(e == NULL || m == NULL);
3180 [ AC_MSG_RESULT([yes])
3181 enable_nistp521=1 ],
3182 [ AC_MSG_RESULT([no]) ],
3183 [ AC_MSG_WARN([cross-compiling: assuming yes])
3189 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3190 test x$enable_nistp521 = x1; then
3191 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3192 AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3197 if test x$enable_nistp256 = x1; then
3198 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3199 [libcrypto has NID_X9_62_prime256v1])
3201 unsupported_algorithms="$unsupported_algorithms \
3202 ecdsa-sha2-nistp256 \
3203 ecdh-sha2-nistp256 \
3204 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3206 if test x$enable_nistp384 = x1; then
3207 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3209 unsupported_algorithms="$unsupported_algorithms \
3210 ecdsa-sha2-nistp384 \
3211 ecdh-sha2-nistp384 \
3212 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3214 if test x$enable_nistp521 = x1; then
3215 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3217 unsupported_algorithms="$unsupported_algorithms \
3218 ecdh-sha2-nistp521 \
3219 ecdsa-sha2-nistp521 \
3220 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3224 # PKCS11/U2F depend on OpenSSL and dlopen().
3227 if test "x$openssl" != "xyes" ; then
3228 enable_pkcs11="disabled; missing libcrypto"
3230 if test "x$ac_cv_func_dlopen" != "xyes" ; then
3231 enable_pkcs11="disabled; missing dlopen(3)"
3232 enable_sk="disabled; missing dlopen(3)"
3234 if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3235 enable_pkcs11="disabled; missing RTLD_NOW"
3236 enable_sk="disabled; missing RTLD_NOW"
3238 if test ! -z "$disable_pkcs11" ; then
3239 enable_pkcs11="disabled by user"
3241 if test ! -z "$disable_sk" ; then
3242 enable_sk="disabled by user"
3245 AC_MSG_CHECKING([whether to enable PKCS11])
3246 if test "x$enable_pkcs11" = "xyes" ; then
3247 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3249 AC_MSG_RESULT([$enable_pkcs11])
3251 AC_MSG_CHECKING([whether to enable U2F])
3252 if test "x$enable_sk" = "xyes" ; then
3253 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3254 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3256 # Do not try to build sk-dummy library.
3257 AC_SUBST(SK_DUMMY_LIBRARY, [""])
3259 AC_MSG_RESULT([$enable_sk])
3261 # Now check for built-in security key support.
3262 if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3263 use_pkgconfig_for_libfido2=
3264 if test "x$PKGCONFIG" != "xno"; then
3265 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3266 if "$PKGCONFIG" libfido2; then
3267 AC_MSG_RESULT([yes])
3268 use_pkgconfig_for_libfido2=yes
3273 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3274 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3275 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3277 LIBFIDO2="-lprivatefido2 -lprivatecbor"
3279 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3281 AC_CHECK_LIB([privatefido2], [fido_init],
3283 [ fido2_error="missing/unusable libfido2" ],
3286 AC_CHECK_HEADER([fido.h], [],
3287 [ fido2_error="missing fido.h from libfido2" ])
3288 AC_CHECK_HEADER([fido/credman.h], [],
3289 [ fido2_error="missing fido/credman.h from libfido2" ],
3290 [ #include <fido.h> ]
3292 AC_MSG_CHECKING([for usable libfido2 installation])
3293 if test ! -z "$fido2_error" ; then
3294 AC_MSG_RESULT([$fido2_error])
3295 if test "x$enable_sk_internal" = "xyes" ; then
3296 AC_MSG_ERROR([No usable libfido2 library/headers found])
3300 AC_MSG_RESULT([yes])
3301 AC_SUBST([LIBFIDO2])
3302 AC_DEFINE([ENABLE_SK_INTERNAL], [],
3303 [Enable for built-in U2F/FIDO support])
3304 enable_sk="built-in"
3306 LIBS="$LIBFIDO2 $LIBS"
3308 fido_assert_set_clientdata \
3310 fido_cred_set_prot \
3311 fido_cred_set_clientdata \
3312 fido_dev_get_touch_begin \
3313 fido_dev_get_touch_status \
3314 fido_dev_supports_cred_prot \
3315 fido_dev_is_winhello \
3325 arc4random_uniform \
3327 ### Configure cryptographic random number support
3329 # Check whether OpenSSL seeds itself
3330 if test "x$openssl" = "xyes" ; then
3331 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3336 #include <openssl/rand.h>
3338 exit(RAND_status() == 1 ? 0 : 1);
3341 OPENSSL_SEEDS_ITSELF=yes
3342 AC_MSG_RESULT([yes])
3348 AC_MSG_WARN([cross compiling: assuming yes])
3349 # This is safe, since we will fatal() at runtime if
3350 # OpenSSL is not seeded correctly.
3351 OPENSSL_SEEDS_ITSELF=yes
3357 AC_ARG_WITH([prngd-port],
3358 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3367 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3370 if test ! -z "$withval" ; then
3371 PRNGD_PORT="$withval"
3372 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3373 [Port number of PRNGD/EGD random number socket])
3378 # PRNGD Unix domain socket
3379 AC_ARG_WITH([prngd-socket],
3380 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3384 withval="/var/run/egd-pool"
3392 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3396 if test ! -z "$withval" ; then
3397 if test ! -z "$PRNGD_PORT" ; then
3398 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3400 if test ! -r "$withval" ; then
3401 AC_MSG_WARN([Entropy socket is not readable])
3403 PRNGD_SOCKET="$withval"
3404 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3405 [Location of PRNGD/EGD random number socket])
3409 # Check for existing socket only if we don't have a random device already
3410 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3411 AC_MSG_CHECKING([for PRNGD/EGD socket])
3412 # Insert other locations here
3413 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3414 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3415 PRNGD_SOCKET="$sock"
3416 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3420 if test ! -z "$PRNGD_SOCKET" ; then
3421 AC_MSG_RESULT([$PRNGD_SOCKET])
3423 AC_MSG_RESULT([not found])
3429 # Which randomness source do we use?
3430 if test ! -z "$PRNGD_PORT" ; then
3431 RAND_MSG="PRNGd port $PRNGD_PORT"
3432 elif test ! -z "$PRNGD_SOCKET" ; then
3433 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3434 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3435 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3436 [Define if you want the OpenSSL internally seeded PRNG only])
3437 RAND_MSG="OpenSSL internal ONLY"
3438 elif test "x$openssl" = "xno" ; then
3439 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3441 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3443 LIBS="$nocrypto_saved_LIBS"
3446 AC_CHECK_LIB([iaf], [ia_openinfo], [
3448 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3449 AC_DEFINE([HAVE_LIBIAF], [1],
3450 [Define if system has libiaf that supports set_id])
3455 # Check for crypt() in libcrypt. If we have it, we only need it for sshd.
3457 AC_CHECK_LIB([crypt], [crypt], [
3458 LIBS="-lcrypt $LIBS"
3459 SSHDLIBS="-lcrypt $SSHDLIBS"
3461 AC_CHECK_FUNCS([crypt])
3464 # Check for PAM libs
3467 [ --with-pam Enable PAM support ],
3469 if test "x$withval" != "xno" ; then
3470 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3471 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3472 AC_MSG_ERROR([PAM headers not found])
3476 AC_CHECK_LIB([dl], [dlopen], , )
3477 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3478 AC_CHECK_FUNCS([pam_getenvlist])
3479 AC_CHECK_FUNCS([pam_putenv])
3484 SSHDLIBS="$SSHDLIBS -lpam"
3485 AC_DEFINE([USE_PAM], [1],
3486 [Define if you want to enable PAM support])
3488 if test $ac_cv_lib_dl_dlopen = yes; then
3491 # libdl already in LIBS
3494 SSHDLIBS="$SSHDLIBS -ldl"
3502 AC_ARG_WITH([pam-service],
3503 [ --with-pam-service=name Specify PAM service name ],
3505 if test "x$withval" != "xno" && \
3506 test "x$withval" != "xyes" ; then
3507 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3508 ["$withval"], [sshd PAM service name])
3513 # Check for older PAM
3514 if test "x$PAM_MSG" = "xyes" ; then
3515 # Check PAM strerror arguments (old PAM)
3516 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3517 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3519 #if defined(HAVE_SECURITY_PAM_APPL_H)
3520 #include <security/pam_appl.h>
3521 #elif defined (HAVE_PAM_PAM_APPL_H)
3522 #include <pam/pam_appl.h>
3525 (void)pam_strerror((pam_handle_t *)NULL, -1);
3526 ]])], [AC_MSG_RESULT([no])], [
3527 AC_DEFINE([HAVE_OLD_PAM], [1],
3528 [Define if you have an old version of PAM
3529 which takes only one argument to pam_strerror])
3530 AC_MSG_RESULT([yes])
3531 PAM_MSG="yes (old library)"
3538 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3541 SSH_PRIVSEP_USER=sshd
3544 AC_ARG_WITH([privsep-user],
3545 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3547 if test -n "$withval" && test "x$withval" != "xno" && \
3548 test "x${withval}" != "xyes"; then
3549 SSH_PRIVSEP_USER=$withval
3553 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3554 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3555 [Cygwin function to fetch non-privileged user for privilege separation])
3557 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3558 [non-privileged user for privilege separation])
3560 AC_SUBST([SSH_PRIVSEP_USER])
3562 if test "x$have_linux_no_new_privs" = "x1" ; then
3563 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3564 #include <sys/types.h>
3565 #include <linux/seccomp.h>
3568 if test "x$have_seccomp_filter" = "x1" ; then
3569 AC_MSG_CHECKING([kernel for seccomp_filter support])
3570 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3573 #include <linux/audit.h>
3574 #include <linux/seccomp.h>
3576 #include <sys/prctl.h>
3578 [[ int i = $seccomp_audit_arch;
3580 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3581 exit(errno == EFAULT ? 0 : 1); ]])],
3582 [ AC_MSG_RESULT([yes]) ], [
3584 # Disable seccomp filter as a target
3585 have_seccomp_filter=0
3590 AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
3591 #include <sys/types.h>
3595 #ifdef HAVE_SYS_POLL_H
3596 #include <sys/poll.h>
3600 AC_CHECK_TYPES([nfds_t], , , [
3601 #include <sys/types.h>
3605 #ifdef HAVE_SYS_POLL_H
3606 #include <sys/poll.h>
3610 # Decide which sandbox style to use
3612 AC_ARG_WITH([sandbox],
3613 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3615 if test "x$withval" = "xyes" ; then
3618 sandbox_arg="$withval"
3623 if test "x$sandbox_arg" != "xno"; then
3624 # POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
3625 # is greater than OPEN_MAX". On some platforms that includes implementions
3626 # of select in userspace on top of poll() so check both work with rlimit
3627 # NOFILES so check that both work before enabling the rlimit sandbox.
3628 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
3631 #include <sys/types.h>
3632 #ifdef HAVE_SYS_TIME_H
3633 # include <sys/time.h>
3635 #include <sys/resource.h>
3636 #ifdef HAVE_SYS_SELECT_H
3637 # include <sys/select.h>
3641 #elif HAVE_SYS_POLL_H
3642 # include <sys/poll.h>
3648 struct rlimit rl_zero;
3656 fd = open("/dev/null", O_RDONLY);
3659 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3660 setrlimit(RLIMIT_FSIZE, &rl_zero);
3661 setrlimit(RLIMIT_NOFILE, &rl_zero);
3664 r = select(fd+1, &fds, NULL, NULL, &tv);
3669 pfd.events = POLLIN;
3670 r = poll(&pfd, 1, 1);
3676 [AC_MSG_RESULT([yes])
3677 select_works_with_rlimit=yes],
3678 [AC_MSG_RESULT([no])
3679 select_works_with_rlimit=no],
3680 [AC_MSG_WARN([cross compiling: assuming no])
3681 select_works_with_rlimit=no]
3684 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3687 #include <sys/types.h>
3688 #ifdef HAVE_SYS_TIME_H
3689 # include <sys/time.h>
3691 #include <sys/resource.h>
3695 struct rlimit rl_zero;
3698 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3699 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3700 exit (r == -1 ? 1 : 0);
3702 [AC_MSG_RESULT([yes])
3703 rlimit_nofile_zero_works=yes],
3704 [AC_MSG_RESULT([no])
3705 rlimit_nofile_zero_works=no],
3706 [AC_MSG_WARN([cross compiling: assuming yes])
3707 rlimit_nofile_zero_works=yes]
3710 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3713 #include <sys/types.h>
3714 #include <sys/resource.h>
3717 struct rlimit rl_zero;
3719 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3720 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3722 [AC_MSG_RESULT([yes])],
3723 [AC_MSG_RESULT([no])
3724 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3725 [setrlimit RLIMIT_FSIZE works])],
3726 [AC_MSG_WARN([cross compiling: assuming yes])]
3730 if test "x$sandbox_arg" = "xpledge" || \
3731 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3732 test "x$ac_cv_func_pledge" != "xyes" && \
3733 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3734 SANDBOX_STYLE="pledge"
3735 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3736 elif test "x$sandbox_arg" = "xsystrace" || \
3737 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3738 test "x$have_systr_policy_kill" != "x1" && \
3739 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3740 SANDBOX_STYLE="systrace"
3741 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3742 elif test "x$sandbox_arg" = "xdarwin" || \
3743 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3744 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3745 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3746 "x$ac_cv_header_sandbox_h" != "xyes" && \
3747 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3748 SANDBOX_STYLE="darwin"
3749 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3750 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3751 ( test -z "$sandbox_arg" && \
3752 test "x$have_seccomp_filter" = "x1" && \
3753 test "x$ac_cv_header_elf_h" = "xyes" && \
3754 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3755 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3756 test "x$seccomp_audit_arch" != "x" && \
3757 test "x$have_linux_no_new_privs" = "x1" && \
3758 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3759 test "x$seccomp_audit_arch" = "x" && \
3760 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3761 test "x$have_linux_no_new_privs" != "x1" && \
3762 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3763 test "x$have_seccomp_filter" != "x1" && \
3764 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3765 test "x$ac_cv_func_prctl" != "xyes" && \
3766 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3767 SANDBOX_STYLE="seccomp_filter"
3768 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3769 elif test "x$sandbox_arg" = "xcapsicum" || \
3770 ( test -z "$sandbox_arg" && \
3771 test "x$disable_capsicum" != "xyes" && \
3772 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3773 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3774 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3775 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3776 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3777 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3778 SANDBOX_STYLE="capsicum"
3779 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3780 elif test "x$sandbox_arg" = "xrlimit" || \
3781 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3782 test "x$select_works_with_rlimit" = "xyes" && \
3783 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3784 test "x$ac_cv_func_setrlimit" != "xyes" && \
3785 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3786 test "x$select_works_with_rlimit" != "xyes" && \
3787 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3788 SANDBOX_STYLE="rlimit"
3789 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3790 elif test "x$sandbox_arg" = "xsolaris" || \
3791 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3792 SANDBOX_STYLE="solaris"
3793 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3794 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3795 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3796 SANDBOX_STYLE="none"
3797 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3799 AC_MSG_ERROR([unsupported --with-sandbox])
3802 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3803 if test ! -z "$SONY" ; then
3804 LIBS="$LIBS -liberty";
3807 # Check for long long datatypes
3808 AC_CHECK_TYPES([long long, unsigned long long, long double])
3810 # Check datatype sizes
3811 AC_CHECK_SIZEOF([short int])
3812 AC_CHECK_SIZEOF([int])
3813 AC_CHECK_SIZEOF([long int])
3814 AC_CHECK_SIZEOF([long long int])
3815 AC_CHECK_SIZEOF([time_t], [], [[
3816 #include <sys/types.h>
3817 #ifdef HAVE_SYS_TIME_H
3818 # include <sys/time.h>
3826 # Sanity check long long for some platforms (AIX)
3827 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3828 ac_cv_sizeof_long_long_int=0
3831 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3832 if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3833 AC_MSG_CHECKING([for max value of long long])
3838 /* Why is this so damn hard? */
3842 #define __USE_ISOC99
3844 #define DATA "conftest.llminmax"
3845 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3848 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3849 * we do this the hard way.
3852 fprint_ll(FILE *f, long long n)
3855 int l[sizeof(long long) * 8];
3858 if (fprintf(f, "-") < 0)
3860 for (i = 0; n != 0; i++) {
3861 l[i] = my_abs(n % 10);
3865 if (fprintf(f, "%d", l[--i]) < 0)
3868 if (fprintf(f, " ") < 0)
3874 long long i, llmin, llmax = 0;
3876 if((f = fopen(DATA,"w")) == NULL)
3879 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3880 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3884 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3885 /* This will work on one's complement and two's complement */
3886 for (i = 1; i > llmax; i <<= 1, i++)
3888 llmin = llmax + 1LL; /* wrap */
3892 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3893 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3894 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3895 fprintf(f, "unknown unknown\n");
3899 if (fprint_ll(f, llmin) < 0)
3901 if (fprint_ll(f, llmax) < 0)
3908 llong_min=`$AWK '{print $1}' conftest.llminmax`
3909 llong_max=`$AWK '{print $2}' conftest.llminmax`
3911 AC_MSG_RESULT([$llong_max])
3912 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3913 [max value of long long calculated by configure])
3914 AC_MSG_CHECKING([for min value of long long])
3915 AC_MSG_RESULT([$llong_min])
3916 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3917 [min value of long long calculated by configure])
3920 AC_MSG_RESULT([not found])
3923 AC_MSG_WARN([cross compiling: not checking])
3928 AC_CHECK_DECLS([UINT32_MAX], , , [[
3929 #ifdef HAVE_SYS_LIMITS_H
3930 # include <sys/limits.h>
3932 #ifdef HAVE_LIMITS_H
3933 # include <limits.h>
3935 #ifdef HAVE_STDINT_H
3936 # include <stdint.h>
3940 # More checks for data types
3941 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3942 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3943 [[ u_int a; a = 1;]])],
3944 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3947 if test "x$ac_cv_have_u_int" = "xyes" ; then
3948 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3952 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3953 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3954 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3955 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3958 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3959 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3963 if (test -z "$have_intxx_t" && \
3964 test "x$ac_cv_header_stdint_h" = "xyes")
3966 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3967 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3968 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3970 AC_DEFINE([HAVE_INTXX_T])
3971 AC_MSG_RESULT([yes])
3972 ], [ AC_MSG_RESULT([no])
3976 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3977 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3978 #include <sys/types.h>
3979 #ifdef HAVE_STDINT_H
3980 # include <stdint.h>
3982 #include <sys/socket.h>
3983 #ifdef HAVE_SYS_BITYPES_H
3984 # include <sys/bitypes.h>
3989 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3992 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3993 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3996 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3997 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3998 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3999 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
4002 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
4003 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
4007 if test -z "$have_u_intxx_t" ; then
4008 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
4009 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
4010 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
4012 AC_DEFINE([HAVE_U_INTXX_T])
4013 AC_MSG_RESULT([yes])
4014 ], [ AC_MSG_RESULT([no])
4018 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
4019 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4020 [[ u_int64_t a; a = 1;]])],
4021 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
4024 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
4025 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
4029 if (test -z "$have_u_int64_t" && \
4030 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4032 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
4033 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
4034 [[ u_int64_t a; a = 1]])],
4036 AC_DEFINE([HAVE_U_INT64_T])
4037 AC_MSG_RESULT([yes])
4038 ], [ AC_MSG_RESULT([no])
4042 if test -z "$have_u_intxx_t" ; then
4043 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4045 #include <sys/types.h>
4052 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
4055 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
4056 AC_DEFINE([HAVE_UINTXX_T], [1],
4057 [define if you have uintxx_t data type])
4061 if (test -z "$have_uintxx_t" && \
4062 test "x$ac_cv_header_stdint_h" = "xyes")
4064 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
4065 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
4066 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4068 AC_DEFINE([HAVE_UINTXX_T])
4069 AC_MSG_RESULT([yes])
4070 ], [ AC_MSG_RESULT([no])
4074 if (test -z "$have_uintxx_t" && \
4075 test "x$ac_cv_header_inttypes_h" = "xyes")
4077 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
4078 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
4079 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4081 AC_DEFINE([HAVE_UINTXX_T])
4082 AC_MSG_RESULT([yes])
4083 ], [ AC_MSG_RESULT([no])
4087 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4088 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4090 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
4091 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4092 #include <sys/bitypes.h>
4094 int8_t a; int16_t b; int32_t c;
4095 u_int8_t e; u_int16_t f; u_int32_t g;
4096 a = b = c = e = f = g = 1;
4099 AC_DEFINE([HAVE_U_INTXX_T])
4100 AC_DEFINE([HAVE_INTXX_T])
4101 AC_MSG_RESULT([yes])
4102 ], [AC_MSG_RESULT([no])
4107 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
4108 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4109 [[ u_char foo; foo = 125; ]])],
4110 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
4113 if test "x$ac_cv_have_u_char" = "xyes" ; then
4114 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
4117 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
4118 #include <sys/types.h>
4119 #ifdef HAVE_STDINT_H
4120 # include <stdint.h>
4126 AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
4127 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
4128 #include <sys/types.h>
4129 #ifdef HAVE_SYS_BITYPES_H
4130 #include <sys/bitypes.h>
4132 #ifdef HAVE_SYS_STATFS_H
4133 #include <sys/statfs.h>
4135 #ifdef HAVE_SYS_STATVFS_H
4136 #include <sys/statvfs.h>
4140 AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
4141 #include <sys/param.h>
4142 #include <sys/types.h>
4143 #ifdef HAVE_SYS_BITYPES_H
4144 #include <sys/bitypes.h>
4146 #ifdef HAVE_SYS_STATFS_H
4147 #include <sys/statfs.h>
4149 #ifdef HAVE_SYS_STATVFS_H
4150 #include <sys/statvfs.h>
4152 #ifdef HAVE_SYS_VFS_H
4153 #include <sys/vfs.h>
4155 #ifdef HAVE_SYS_MOUNT_H
4156 #include <sys/mount.h>
4161 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
4162 [#include <sys/types.h>
4163 #include <netinet/in.h>])
4165 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
4166 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4167 [[ size_t foo; foo = 1235; ]])],
4168 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
4171 if test "x$ac_cv_have_size_t" = "xyes" ; then
4172 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
4175 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
4176 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4177 [[ ssize_t foo; foo = 1235; ]])],
4178 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
4181 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
4182 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
4185 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
4186 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
4187 [[ clock_t foo; foo = 1235; ]])],
4188 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
4191 if test "x$ac_cv_have_clock_t" = "xyes" ; then
4192 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
4195 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
4196 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4197 #include <sys/types.h>
4198 #include <sys/socket.h>
4199 ]], [[ sa_family_t foo; foo = 1235; ]])],
4200 [ ac_cv_have_sa_family_t="yes" ],
4201 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4202 #include <sys/types.h>
4203 #include <sys/socket.h>
4204 #include <netinet/in.h>
4205 ]], [[ sa_family_t foo; foo = 1235; ]])],
4206 [ ac_cv_have_sa_family_t="yes" ],
4207 [ ac_cv_have_sa_family_t="no" ]
4211 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
4212 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
4213 [define if you have sa_family_t data type])
4216 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
4217 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4218 [[ pid_t foo; foo = 1235; ]])],
4219 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
4222 if test "x$ac_cv_have_pid_t" = "xyes" ; then
4223 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
4226 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
4227 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4228 [[ mode_t foo; foo = 1235; ]])],
4229 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
4232 if test "x$ac_cv_have_mode_t" = "xyes" ; then
4233 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
4237 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
4238 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4239 #include <sys/types.h>
4240 #include <sys/socket.h>
4241 ]], [[ struct sockaddr_storage s; ]])],
4242 [ ac_cv_have_struct_sockaddr_storage="yes" ],
4243 [ ac_cv_have_struct_sockaddr_storage="no"
4246 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
4247 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
4248 [define if you have struct sockaddr_storage data type])
4251 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
4252 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4253 #include <sys/types.h>
4254 #include <netinet/in.h>
4255 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
4256 [ ac_cv_have_struct_sockaddr_in6="yes" ],
4257 [ ac_cv_have_struct_sockaddr_in6="no"
4260 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
4261 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
4262 [define if you have struct sockaddr_in6 data type])
4265 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4266 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4267 #include <sys/types.h>
4268 #include <netinet/in.h>
4269 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4270 [ ac_cv_have_struct_in6_addr="yes" ],
4271 [ ac_cv_have_struct_in6_addr="no"
4274 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4275 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4276 [define if you have struct in6_addr data type])
4278 dnl Now check for sin6_scope_id
4279 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4281 #ifdef HAVE_SYS_TYPES_H
4282 #include <sys/types.h>
4284 #include <netinet/in.h>
4288 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4289 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4290 #include <sys/types.h>
4291 #include <sys/socket.h>
4293 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4294 [ ac_cv_have_struct_addrinfo="yes" ],
4295 [ ac_cv_have_struct_addrinfo="no"
4298 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4299 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4300 [define if you have struct addrinfo data type])
4303 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4304 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4305 [[ struct timeval tv; tv.tv_sec = 1;]])],
4306 [ ac_cv_have_struct_timeval="yes" ],
4307 [ ac_cv_have_struct_timeval="no"
4310 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4311 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4312 have_struct_timeval=1
4315 AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4316 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4317 #ifdef HAVE_SYS_TIME_H
4318 # include <sys/time.h>
4324 [[ struct timespec ts; ts.tv_sec = 1;]])],
4325 [ ac_cv_have_struct_timespec="yes" ],
4326 [ ac_cv_have_struct_timespec="no"
4329 if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4330 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4331 have_struct_timespec=1
4334 # We need int64_t or else certain parts of the compile will fail.
4335 if test "x$ac_cv_have_int64_t" = "xno" && \
4336 test "x$ac_cv_sizeof_long_int" != "x8" && \
4337 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4338 echo "OpenSSH requires int64_t support. Contact your vendor or install"
4339 echo "an alternative compiler (I.E., GCC) before continuing."
4343 dnl test snprintf (broken on SCO w/gcc)
4349 #ifdef HAVE_SNPRINTF
4353 char expected_out[50];
4355 #if (SIZEOF_LONG_INT == 8)
4356 long int num = 0x7fffffffffffffff;
4358 long long num = 0x7fffffffffffffffll;
4360 strcpy(expected_out, "9223372036854775807");
4361 snprintf(buf, mazsize, "%lld", num);
4362 if(strcmp(buf, expected_out) != 0)
4367 int main(void) { exit(0); }
4369 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4370 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4374 dnl Checks for structure members
4375 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4376 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4377 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4378 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4379 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4380 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4381 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4382 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4383 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4384 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4385 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4386 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4387 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4388 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4389 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4390 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4391 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4392 OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
4394 AC_CHECK_MEMBERS([struct stat.st_blksize])
4395 AC_CHECK_MEMBERS([struct stat.st_mtim])
4396 AC_CHECK_MEMBERS([struct stat.st_mtime])
4397 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4398 struct passwd.pw_change, struct passwd.pw_expire],
4400 #include <sys/types.h>
4404 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4405 [Define if we don't have struct __res_state in resolv.h])],
4408 #if HAVE_SYS_TYPES_H
4409 # include <sys/types.h>
4411 #include <netinet/in.h>
4412 #include <arpa/nameser.h>
4416 AC_CHECK_MEMBER([struct sockaddr_in.sin_len],
4417 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])],
4420 #include <sys/types.h>
4421 #include <sys/socket.h>
4422 #include <netinet/in.h>
4426 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4427 ac_cv_have_ss_family_in_struct_ss, [
4428 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4429 #include <sys/types.h>
4430 #include <sys/socket.h>
4431 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4432 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
4433 [ ac_cv_have_ss_family_in_struct_ss="no" ])
4435 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4436 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4439 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4440 ac_cv_have___ss_family_in_struct_ss, [
4441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4442 #include <sys/types.h>
4443 #include <sys/socket.h>
4444 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4445 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
4446 [ ac_cv_have___ss_family_in_struct_ss="no"
4449 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4450 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4451 [Fields in struct sockaddr_storage])
4454 dnl make sure we're using the real structure members and not defines
4455 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4456 ac_cv_have_accrights_in_msghdr, [
4457 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4458 #include <sys/types.h>
4459 #include <sys/socket.h>
4460 #include <sys/uio.h>
4463 #ifdef msg_accrights
4464 #error "msg_accrights is a macro"
4468 m.msg_accrights = 0;
4471 [ ac_cv_have_accrights_in_msghdr="yes" ],
4472 [ ac_cv_have_accrights_in_msghdr="no" ]
4475 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4476 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4477 [Define if your system uses access rights style
4478 file descriptor passing])
4481 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4482 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4483 #include <sys/param.h>
4484 #include <sys/stat.h>
4485 #ifdef HAVE_SYS_TIME_H
4486 # include <sys/time.h>
4488 #ifdef HAVE_SYS_MOUNT_H
4489 #include <sys/mount.h>
4491 #ifdef HAVE_SYS_STATVFS_H
4492 #include <sys/statvfs.h>
4494 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4495 [ AC_MSG_RESULT([yes]) ],
4496 [ AC_MSG_RESULT([no])
4498 AC_MSG_CHECKING([if fsid_t has member val])
4499 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4500 #include <sys/types.h>
4501 #include <sys/statvfs.h>
4502 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4503 [ AC_MSG_RESULT([yes])
4504 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4505 [ AC_MSG_RESULT([no]) ])
4507 AC_MSG_CHECKING([if f_fsid has member __val])
4508 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4509 #include <sys/types.h>
4510 #include <sys/statvfs.h>
4511 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4512 [ AC_MSG_RESULT([yes])
4513 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4514 [ AC_MSG_RESULT([no]) ])
4517 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4518 ac_cv_have_control_in_msghdr, [
4519 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4520 #include <sys/types.h>
4521 #include <sys/socket.h>
4522 #include <sys/uio.h>
4526 #error "msg_control is a macro"
4533 [ ac_cv_have_control_in_msghdr="yes" ],
4534 [ ac_cv_have_control_in_msghdr="no" ]
4537 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4538 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4539 [Define if your system uses ancillary data style
4540 file descriptor passing])
4543 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4544 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4545 [[ extern char *__progname; printf("%s", __progname); ]])],
4546 [ ac_cv_libc_defines___progname="yes" ],
4547 [ ac_cv_libc_defines___progname="no"
4550 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4551 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4554 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4555 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4556 [[ printf("%s", __FUNCTION__); ]])],
4557 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4558 [ ac_cv_cc_implements___FUNCTION__="no"
4561 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4562 AC_DEFINE([HAVE___FUNCTION__], [1],
4563 [Define if compiler implements __FUNCTION__])
4566 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4567 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4568 [[ printf("%s", __func__); ]])],
4569 [ ac_cv_cc_implements___func__="yes" ],
4570 [ ac_cv_cc_implements___func__="no"
4573 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4574 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4577 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4578 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4581 ]], [[ va_copy(x,y); ]])],
4582 [ ac_cv_have_va_copy="yes" ],
4583 [ ac_cv_have_va_copy="no"
4586 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4587 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4590 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4591 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4594 ]], [[ __va_copy(x,y); ]])],
4595 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4598 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4599 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4602 AC_CACHE_CHECK([whether getopt has optreset support],
4603 ac_cv_have_getopt_optreset, [
4604 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4605 [[ extern int optreset; optreset = 0; ]])],
4606 [ ac_cv_have_getopt_optreset="yes" ],
4607 [ ac_cv_have_getopt_optreset="no"
4610 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4611 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4612 [Define if your getopt(3) defines and uses optreset])
4615 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4616 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4617 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4618 [ ac_cv_libc_defines_sys_errlist="yes" ],
4619 [ ac_cv_libc_defines_sys_errlist="no"
4622 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4623 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4624 [Define if your system defines sys_errlist[]])
4628 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4629 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4630 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4631 [ ac_cv_libc_defines_sys_nerr="yes" ],
4632 [ ac_cv_libc_defines_sys_nerr="no"
4635 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4636 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4639 # Check libraries needed by DNS fingerprint support
4640 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4641 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4642 [Define if getrrsetbyname() exists])],
4644 # Needed by our getrrsetbyname()
4645 AC_SEARCH_LIBS([res_query], [resolv])
4646 AC_SEARCH_LIBS([dn_expand], [resolv])
4647 AC_MSG_CHECKING([if res_query will link])
4648 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4649 #include <sys/types.h>
4650 #include <netinet/in.h>
4651 #include <arpa/nameser.h>
4655 res_query (0, 0, 0, 0, 0);
4657 AC_MSG_RESULT([yes]),
4658 [AC_MSG_RESULT([no])
4660 LIBS="$LIBS -lresolv"
4661 AC_MSG_CHECKING([for res_query in -lresolv])
4662 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4663 #include <sys/types.h>
4664 #include <netinet/in.h>
4665 #include <arpa/nameser.h>
4669 res_query (0, 0, 0, 0, 0);
4671 [AC_MSG_RESULT([yes])],
4673 AC_MSG_RESULT([no])])
4675 AC_CHECK_FUNCS([_getshort _getlong])
4676 AC_CHECK_DECLS([_getshort, _getlong], , ,
4677 [#include <sys/types.h>
4678 #include <arpa/nameser.h>])
4679 AC_CHECK_MEMBER([HEADER.ad],
4680 [AC_DEFINE([HAVE_HEADER_AD], [1],
4681 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4682 [#include <arpa/nameser.h>])
4685 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4686 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4688 #if HAVE_SYS_TYPES_H
4689 # include <sys/types.h>
4691 #include <netinet/in.h>
4692 #include <arpa/nameser.h>
4694 extern struct __res_state _res;
4696 struct __res_state *volatile p = &_res; /* force resolution of _res */
4699 [AC_MSG_RESULT([yes])
4700 AC_DEFINE([HAVE__RES_EXTERN], [1],
4701 [Define if you have struct __res_state _res as an extern])
4703 [ AC_MSG_RESULT([no]) ]
4706 # Check whether user wants SELinux support
4709 AC_ARG_WITH([selinux],
4710 [ --with-selinux Enable SELinux support],
4711 [ if test "x$withval" != "xno" ; then
4713 AC_DEFINE([WITH_SELINUX], [1],
4714 [Define if you want SELinux support.])
4716 AC_CHECK_HEADER([selinux/selinux.h], ,
4717 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4718 AC_CHECK_LIB([selinux], [setexeccon],
4719 [ LIBSELINUX="-lselinux"
4720 LIBS="$LIBS -lselinux"
4722 AC_MSG_ERROR([SELinux support requires libselinux library]))
4723 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4724 LIBS="$save_LIBS $LIBSELINUX"
4727 AC_SUBST([SSHDLIBS])
4729 # Check whether user wants Kerberos 5 support
4731 AC_ARG_WITH([kerberos5],
4732 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4733 [ if test "x$withval" != "xno" ; then
4734 if test "x$withval" = "xyes" ; then
4735 KRB5ROOT="/usr/local"
4740 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4743 use_pkgconfig_for_krb5=
4744 if test "x$PKGCONFIG" != "xno"; then
4745 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
4746 if "$PKGCONFIG" krb5; then
4747 AC_MSG_RESULT([yes])
4748 use_pkgconfig_for_krb5=yes
4753 if test "x$use_pkgconfig_for_krb5" = "xyes"; then
4754 K5CFLAGS=`$PKGCONFIG --cflags krb5`
4755 K5LIBS=`$PKGCONFIG --libs krb5`
4756 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4758 AC_MSG_CHECKING([for gssapi support])
4759 if "$PKGCONFIG" krb5-gssapi; then
4760 AC_MSG_RESULT([yes])
4761 AC_DEFINE([GSSAPI], [1],
4762 [Define this if you want GSSAPI
4763 support in the version 2 protocol])
4764 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4765 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4766 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4770 AC_MSG_CHECKING([whether we are using Heimdal])
4771 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4772 ]], [[ char *tmp = heimdal_version; ]])],
4773 [ AC_MSG_RESULT([yes])
4774 AC_DEFINE([HEIMDAL], [1],
4775 [Define this if you are using the Heimdal
4776 version of Kerberos V5]) ],
4777 [AC_MSG_RESULT([no])
4780 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4781 [$KRB5ROOT/bin/krb5-config],
4782 [$KRB5ROOT/bin:$PATH])
4783 if test -x $KRB5CONF ; then
4784 K5CFLAGS="`$KRB5CONF --cflags`"
4785 K5LIBS="`$KRB5CONF --libs`"
4786 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4788 AC_MSG_CHECKING([for gssapi support])
4789 if $KRB5CONF | grep gssapi >/dev/null ; then
4790 AC_MSG_RESULT([yes])
4791 AC_DEFINE([GSSAPI], [1],
4792 [Define this if you want GSSAPI
4793 support in the version 2 protocol])
4794 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4795 GSSLIBS="`$KRB5CONF --libs gssapi`"
4796 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4800 AC_MSG_CHECKING([whether we are using Heimdal])
4801 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4802 ]], [[ char *tmp = heimdal_version; ]])],
4803 [ AC_MSG_RESULT([yes])
4804 AC_DEFINE([HEIMDAL], [1],
4805 [Define this if you are using the Heimdal
4806 version of Kerberos V5]) ],
4807 [AC_MSG_RESULT([no])
4810 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4811 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4812 AC_MSG_CHECKING([whether we are using Heimdal])
4813 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4814 ]], [[ char *tmp = heimdal_version; ]])],
4815 [ AC_MSG_RESULT([yes])
4816 AC_DEFINE([HEIMDAL])
4818 K5LIBS="$K5LIBS -lcom_err -lasn1"
4819 AC_CHECK_LIB([roken], [net_write],
4820 [K5LIBS="$K5LIBS -lroken"])
4821 AC_CHECK_LIB([des], [des_cbc_encrypt],
4822 [K5LIBS="$K5LIBS -ldes"])
4823 ], [ AC_MSG_RESULT([no])
4824 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4826 AC_SEARCH_LIBS([dn_expand], [resolv])
4828 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4829 [ AC_DEFINE([GSSAPI])
4830 GSSLIBS="-lgssapi_krb5" ],
4831 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4832 [ AC_DEFINE([GSSAPI])
4833 GSSLIBS="-lgssapi" ],
4834 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4835 [ AC_DEFINE([GSSAPI])
4837 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4841 AC_CHECK_HEADER([gssapi.h], ,
4842 [ unset ac_cv_header_gssapi_h
4843 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4844 AC_CHECK_HEADERS([gssapi.h], ,
4845 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4851 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4852 AC_CHECK_HEADER([gssapi_krb5.h], ,
4853 [ CPPFLAGS="$oldCPP" ])
4857 if test -n "${rpath_opt}" ; then
4858 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
4860 if test ! -z "$blibpath" ; then
4861 blibpath="$blibpath:${KRB5ROOT}/lib"
4864 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4865 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4866 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4868 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4869 [Define this if you want to use libkafs' AFS support])])
4871 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4872 #ifdef HAVE_GSSAPI_H
4873 # include <gssapi.h>
4874 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4875 # include <gssapi/gssapi.h>
4878 #ifdef HAVE_GSSAPI_GENERIC_H
4879 # include <gssapi_generic.h>
4880 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4881 # include <gssapi/gssapi_generic.h>
4885 LIBS="$LIBS $K5LIBS"
4886 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4894 AC_SUBST([CHANNELLIBS])
4896 # Looking for programs, paths and files
4898 PRIVSEP_PATH=/var/empty
4899 AC_ARG_WITH([privsep-path],
4900 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4902 if test -n "$withval" && test "x$withval" != "xno" && \
4903 test "x${withval}" != "xyes"; then
4904 PRIVSEP_PATH=$withval
4908 AC_SUBST([PRIVSEP_PATH])
4910 AC_ARG_WITH([xauth],
4911 [ --with-xauth=PATH Specify path to xauth program ],
4913 if test -n "$withval" && test "x$withval" != "xno" && \
4914 test "x${withval}" != "xyes"; then
4920 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4921 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4922 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4923 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4924 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4925 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4926 xauth_path="/usr/openwin/bin/xauth"
4932 AC_ARG_ENABLE([strip],
4933 [ --disable-strip Disable calling strip(1) on install],
4935 if test "x$enableval" = "xno" ; then
4940 AC_SUBST([STRIP_OPT])
4942 if test -z "$xauth_path" ; then
4943 XAUTH_PATH="undefined"
4944 AC_SUBST([XAUTH_PATH])
4946 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4947 [Define if xauth is found in your path])
4948 XAUTH_PATH=$xauth_path
4949 AC_SUBST([XAUTH_PATH])
4952 dnl # --with-maildir=/path/to/mail gets top priority.
4953 dnl # if maildir is set in the platform case statement above we use that.
4954 dnl # Otherwise we run a program to get the dir from system headers.
4955 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4956 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4957 dnl # session.c expects anyway. Otherwise we set to the value found
4958 dnl # stripping any trailing slash. If for some strage reason our program
4959 dnl # does not find what it needs, we default to /var/spool/mail.
4960 # Check for mail directory
4961 AC_ARG_WITH([maildir],
4962 [ --with-maildir=/path/to/mail Specify your system mail directory],
4964 if test "X$withval" != X && test "x$withval" != xno && \
4965 test "x${withval}" != xyes; then
4966 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4967 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4970 if test "X$maildir" != "X"; then
4971 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4973 AC_MSG_CHECKING([Discovering system mail directory])
4982 #ifdef HAVE_MAILLOCK_H
4983 #include <maillock.h>
4985 #define DATA "conftest.maildir"
4990 fd = fopen(DATA,"w");
4994 #if defined (_PATH_MAILDIR)
4995 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4997 #elif defined (MAILDIR)
4998 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
5000 #elif defined (_PATH_MAIL)
5001 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
5010 maildir_what=`awk -F: '{print $1}' conftest.maildir`
5011 maildir=`awk -F: '{print $2}' conftest.maildir \
5013 AC_MSG_RESULT([Using: $maildir from $maildir_what])
5014 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
5015 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
5019 if test "X$ac_status" = "X2";then
5020 # our test program didn't find it. Default to /var/spool/mail
5021 AC_MSG_RESULT([Using: default value of /var/spool/mail])
5022 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
5024 AC_MSG_RESULT([*** not found ***])
5028 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5035 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5036 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5037 disable_ptmx_check=yes
5039 if test -z "$no_dev_ptmx" ; then
5040 if test "x$disable_ptmx_check" != "xyes" ; then
5041 AC_CHECK_FILE(["/dev/ptmx"],
5043 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
5044 [Define if you have /dev/ptmx])
5051 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5052 AC_CHECK_FILE(["/dev/ptc"],
5054 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
5055 [Define if you have /dev/ptc])
5060 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5063 # Options from here on. Some of these are preset by platform above
5064 AC_ARG_WITH([mantype],
5065 [ --with-mantype=man|cat|doc Set man page type],
5072 AC_MSG_ERROR([invalid man type: $withval])
5077 if test -z "$MANTYPE"; then
5078 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5080 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5082 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5089 if test "$MANTYPE" = "doc"; then
5094 AC_SUBST([mansubdir])
5096 # Whether to disable shadow password support
5097 AC_ARG_WITH([shadow],
5098 [ --without-shadow Disable shadow password support],
5100 if test "x$withval" = "xno" ; then
5101 AC_DEFINE([DISABLE_SHADOW])
5107 if test -z "$disable_shadow" ; then
5108 AC_MSG_CHECKING([if the systems has expire shadow information])
5109 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5110 #include <sys/types.h>
5113 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
5114 [ sp_expire_available=yes ], [
5117 if test "x$sp_expire_available" = "xyes" ; then
5118 AC_MSG_RESULT([yes])
5119 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
5120 [Define if you want to use shadow password expire field])
5126 # Use ip address instead of hostname in $DISPLAY
5127 if test ! -z "$IPADDR_IN_DISPLAY" ; then
5128 DISPLAY_HACK_MSG="yes"
5129 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
5130 [Define if you need to use IP address
5131 instead of hostname in $DISPLAY])
5133 DISPLAY_HACK_MSG="no"
5134 AC_ARG_WITH([ipaddr-display],
5135 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
5137 if test "x$withval" != "xno" ; then
5138 AC_DEFINE([IPADDR_IN_DISPLAY])
5139 DISPLAY_HACK_MSG="yes"
5145 # check for /etc/default/login and use it if present.
5146 AC_ARG_ENABLE([etc-default-login],
5147 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5148 [ if test "x$enableval" = "xno"; then
5149 AC_MSG_NOTICE([/etc/default/login handling disabled])
5150 etc_default_login=no
5152 etc_default_login=yes
5154 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5156 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
5157 etc_default_login=no
5159 etc_default_login=yes
5163 if test "x$etc_default_login" != "xno"; then
5164 AC_CHECK_FILE(["/etc/default/login"],
5165 [ external_path_file=/etc/default/login ])
5166 if test "x$external_path_file" = "x/etc/default/login"; then
5167 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
5168 [Define if your system has /etc/default/login])
5172 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5173 if test $ac_cv_func_login_getcapbool = "yes" && \
5174 test $ac_cv_header_login_cap_h = "yes" ; then
5175 external_path_file=/etc/login.conf
5178 # Whether to mess with the default path
5179 SERVER_PATH_MSG="(default)"
5180 AC_ARG_WITH([default-path],
5181 [ --with-default-path= Specify default $PATH environment for server],
5183 if test "x$external_path_file" = "x/etc/login.conf" ; then
5185 --with-default-path=PATH has no effect on this system.
5186 Edit /etc/login.conf instead.])
5187 elif test "x$withval" != "xno" ; then
5188 if test ! -z "$external_path_file" ; then
5190 --with-default-path=PATH will only be used if PATH is not defined in
5191 $external_path_file .])
5193 user_path="$withval"
5194 SERVER_PATH_MSG="$withval"
5197 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
5198 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
5200 if test ! -z "$external_path_file" ; then
5202 If PATH is defined in $external_path_file, ensure the path to scp is included,
5203 otherwise scp will not work.])
5207 /* find out what STDPATH is */
5213 #ifndef _PATH_STDPATH
5214 # ifdef _PATH_USERPATH /* Irix */
5215 # define _PATH_STDPATH _PATH_USERPATH
5217 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
5220 #include <sys/types.h>
5221 #include <sys/stat.h>
5223 #define DATA "conftest.stdpath"
5228 fd = fopen(DATA,"w");
5232 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
5237 [ user_path=`cat conftest.stdpath` ],
5238 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
5239 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
5241 # make sure $bindir is in USER_PATH so scp will work
5242 t_bindir="${bindir}"
5243 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5244 t_bindir=`eval echo ${t_bindir}`
5246 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
5249 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
5252 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
5253 if test $? -ne 0 ; then
5254 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
5255 if test $? -ne 0 ; then
5256 user_path=$user_path:$t_bindir
5257 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
5262 if test "x$external_path_file" != "x/etc/login.conf" ; then
5263 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
5264 AC_SUBST([user_path])
5267 # Set superuser path separately to user path
5268 AC_ARG_WITH([superuser-path],
5269 [ --with-superuser-path= Specify different path for super-user],
5271 if test -n "$withval" && test "x$withval" != "xno" && \
5272 test "x${withval}" != "xyes"; then
5273 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
5274 [Define if you want a different $PATH
5276 superuser_path=$withval
5282 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5283 IPV4_IN6_HACK_MSG="no"
5285 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
5287 if test "x$withval" != "xno" ; then
5288 AC_MSG_RESULT([yes])
5289 AC_DEFINE([IPV4_IN_IPV6], [1],
5290 [Detect IPv4 in IPv6 mapped addresses
5292 IPV4_IN6_HACK_MSG="yes"
5297 if test "x$inet6_default_4in6" = "xyes"; then
5298 AC_MSG_RESULT([yes (default)])
5299 AC_DEFINE([IPV4_IN_IPV6])
5300 IPV4_IN6_HACK_MSG="yes"
5302 AC_MSG_RESULT([no (default)])
5307 # Whether to enable BSD auth support
5309 AC_ARG_WITH([bsd-auth],
5310 [ --with-bsd-auth Enable BSD auth support],
5312 if test "x$withval" != "xno" ; then
5313 AC_DEFINE([BSD_AUTH], [1],
5314 [Define if you have BSD auth support])
5320 # Where to place sshd.pid
5322 # make sure the directory exists
5323 if test ! -d $piddir ; then
5324 piddir=`eval echo ${sysconfdir}`
5326 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5330 AC_ARG_WITH([pid-dir],
5331 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5333 if test -n "$withval" && test "x$withval" != "xno" && \
5334 test "x${withval}" != "xyes"; then
5336 if test ! -d $piddir ; then
5337 AC_MSG_WARN([** no $piddir directory on this system **])
5343 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5344 [Specify location of ssh.pid])
5347 dnl allow user to disable some login recording features
5348 AC_ARG_ENABLE([lastlog],
5349 [ --disable-lastlog disable use of lastlog even if detected [no]],
5351 if test "x$enableval" = "xno" ; then
5352 AC_DEFINE([DISABLE_LASTLOG])
5356 AC_ARG_ENABLE([utmp],
5357 [ --disable-utmp disable use of utmp even if detected [no]],
5359 if test "x$enableval" = "xno" ; then
5360 AC_DEFINE([DISABLE_UTMP])
5364 AC_ARG_ENABLE([utmpx],
5365 [ --disable-utmpx disable use of utmpx even if detected [no]],
5367 if test "x$enableval" = "xno" ; then
5368 AC_DEFINE([DISABLE_UTMPX], [1],
5369 [Define if you don't want to use utmpx])
5373 AC_ARG_ENABLE([wtmp],
5374 [ --disable-wtmp disable use of wtmp even if detected [no]],
5376 if test "x$enableval" = "xno" ; then
5377 AC_DEFINE([DISABLE_WTMP])
5381 AC_ARG_ENABLE([wtmpx],
5382 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5384 if test "x$enableval" = "xno" ; then
5385 AC_DEFINE([DISABLE_WTMPX], [1],
5386 [Define if you don't want to use wtmpx])
5390 AC_ARG_ENABLE([libutil],
5391 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5393 if test "x$enableval" = "xno" ; then
5394 AC_DEFINE([DISABLE_LOGIN])
5398 AC_ARG_ENABLE([pututline],
5399 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5401 if test "x$enableval" = "xno" ; then
5402 AC_DEFINE([DISABLE_PUTUTLINE], [1],
5403 [Define if you don't want to use pututline()
5404 etc. to write [uw]tmp])
5408 AC_ARG_ENABLE([pututxline],
5409 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5411 if test "x$enableval" = "xno" ; then
5412 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5413 [Define if you don't want to use pututxline()
5414 etc. to write [uw]tmpx])
5418 AC_ARG_WITH([lastlog],
5419 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5421 if test "x$withval" = "xno" ; then
5422 AC_DEFINE([DISABLE_LASTLOG])
5423 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5424 conf_lastlog_location=$withval
5429 dnl lastlog, [uw]tmpx? detection
5430 dnl NOTE: set the paths in the platform section to avoid the
5431 dnl need for command-line parameters
5432 dnl lastlog and [uw]tmp are subject to a file search if all else fails
5434 dnl lastlog detection
5435 dnl NOTE: the code itself will detect if lastlog is a directory
5436 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5437 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5438 #include <sys/types.h>
5440 #ifdef HAVE_LASTLOG_H
5441 # include <lastlog.h>
5449 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
5450 [ AC_MSG_RESULT([yes]) ],
5453 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5454 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5455 #include <sys/types.h>
5457 #ifdef HAVE_LASTLOG_H
5458 # include <lastlog.h>
5463 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5464 [ AC_MSG_RESULT([yes]) ],
5467 system_lastlog_path=no
5471 if test -z "$conf_lastlog_location"; then
5472 if test x"$system_lastlog_path" = x"no" ; then
5473 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5474 if (test -d "$f" || test -f "$f") ; then
5475 conf_lastlog_location=$f
5478 if test -z "$conf_lastlog_location"; then
5479 AC_MSG_WARN([** Cannot find lastlog **])
5480 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5485 if test -n "$conf_lastlog_location"; then
5486 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5487 [Define if you want to specify the path to your lastlog file])
5491 AC_MSG_CHECKING([if your system defines UTMP_FILE])
5492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5493 #include <sys/types.h>
5498 ]], [[ char *utmp = UTMP_FILE; ]])],
5499 [ AC_MSG_RESULT([yes]) ],
5500 [ AC_MSG_RESULT([no])
5503 if test -z "$conf_utmp_location"; then
5504 if test x"$system_utmp_path" = x"no" ; then
5505 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5506 if test -f $f ; then
5507 conf_utmp_location=$f
5510 if test -z "$conf_utmp_location"; then
5511 AC_DEFINE([DISABLE_UTMP])
5515 if test -n "$conf_utmp_location"; then
5516 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5517 [Define if you want to specify the path to your utmp file])
5521 AC_MSG_CHECKING([if your system defines WTMP_FILE])
5522 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5523 #include <sys/types.h>
5528 ]], [[ char *wtmp = WTMP_FILE; ]])],
5529 [ AC_MSG_RESULT([yes]) ],
5530 [ AC_MSG_RESULT([no])
5533 if test -z "$conf_wtmp_location"; then
5534 if test x"$system_wtmp_path" = x"no" ; then
5535 for f in /usr/adm/wtmp /var/log/wtmp; do
5536 if test -f $f ; then
5537 conf_wtmp_location=$f
5540 if test -z "$conf_wtmp_location"; then
5541 AC_DEFINE([DISABLE_WTMP])
5545 if test -n "$conf_wtmp_location"; then
5546 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5547 [Define if you want to specify the path to your wtmp file])
5551 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5552 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5553 #include <sys/types.h>
5561 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5562 [ AC_MSG_RESULT([yes]) ],
5563 [ AC_MSG_RESULT([no])
5564 system_wtmpx_path=no
5566 if test -z "$conf_wtmpx_location"; then
5567 if test x"$system_wtmpx_path" = x"no" ; then
5568 AC_DEFINE([DISABLE_WTMPX])
5571 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5572 [Define if you want to specify the path to your wtmpx file])
5576 if test ! -z "$blibpath" ; then
5577 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5578 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5581 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5582 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5583 AC_DEFINE([DISABLE_LASTLOG])
5586 #ifdef HAVE_SYS_TYPES_H
5587 #include <sys/types.h>
5595 #ifdef HAVE_LASTLOG_H
5596 #include <lastlog.h>
5600 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5601 AC_DEFINE([DISABLE_UTMP])
5602 AC_DEFINE([DISABLE_WTMP])
5604 #ifdef HAVE_SYS_TYPES_H
5605 #include <sys/types.h>
5613 #ifdef HAVE_LASTLOG_H
5614 #include <lastlog.h>
5618 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5620 CFLAGS="$CFLAGS $werror_flags"
5622 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5627 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5628 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5629 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5630 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5631 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5632 AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5634 CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5635 LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5637 # Make a copy of CFLAGS/LDFLAGS without PIE options.
5638 LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5639 CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5640 AC_SUBST([LDFLAGS_NOPIE])
5641 AC_SUBST([CFLAGS_NOPIE])
5644 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5645 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5649 # Print summary of options
5651 # Someone please show me a better way :)
5652 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5653 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5654 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5655 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5656 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5657 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5658 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5659 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5660 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5661 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5664 echo "OpenSSH has been configured with the following options:"
5665 echo " User binaries: $B"
5666 echo " System binaries: $C"
5667 echo " Configuration files: $D"
5668 echo " Askpass program: $E"
5669 echo " Manual pages: $F"
5670 echo " PID file: $G"
5671 echo " Privilege separation chroot path: $H"
5672 if test "x$external_path_file" = "x/etc/login.conf" ; then
5673 echo " At runtime, sshd will use the path defined in $external_path_file"
5674 echo " Make sure the path to scp is present, otherwise scp will not work"
5676 echo " sshd default user PATH: $I"
5677 if test ! -z "$external_path_file"; then
5678 echo " (If PATH is set in $external_path_file it will be used instead. If"
5679 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5682 if test ! -z "$superuser_path" ; then
5683 echo " sshd superuser user PATH: $J"
5685 echo " Manpage format: $MANTYPE"
5686 echo " PAM support: $PAM_MSG"
5687 echo " OSF SIA support: $SIA_MSG"
5688 echo " KerberosV support: $KRB5_MSG"
5689 echo " SELinux support: $SELINUX_MSG"
5690 echo " TCP Wrappers support: $TCPW_MSG"
5691 echo " libedit support: $LIBEDIT_MSG"
5692 echo " libldns support: $LDNS_MSG"
5693 echo " Solaris process contract support: $SPC_MSG"
5694 echo " Solaris project support: $SP_MSG"
5695 echo " Solaris privilege support: $SPP_MSG"
5696 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5697 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5698 echo " BSD Auth support: $BSD_AUTH_MSG"
5699 echo " Random number source: $RAND_MSG"
5700 echo " Privsep sandbox style: $SANDBOX_STYLE"
5701 echo " PKCS#11 support: $enable_pkcs11"
5702 echo " U2F/FIDO support: $enable_sk"
5706 echo " Host: ${host}"
5707 echo " Compiler: ${CC}"
5708 echo " Compiler flags: ${CFLAGS}"
5709 echo "Preprocessor flags: ${CPPFLAGS}"
5710 echo " Linker flags: ${LDFLAGS}"
5711 echo " Libraries: ${LIBS}"
5712 if test ! -z "${CHANNELLIBS}"; then
5713 echo " +for channels: ${CHANNELLIBS}"
5715 if test ! -z "${LIBFIDO2}"; then
5716 echo " +for FIDO2: ${LIBFIDO2}"
5718 if test ! -z "${SSHDLIBS}"; then
5719 echo " +for sshd: ${SSHDLIBS}"
5724 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5725 echo "SVR4 style packages are supported with \"make package\""
5729 if test "x$PAM_MSG" = "xyes" ; then
5730 echo "PAM is enabled. You may need to install a PAM control file "
5731 echo "for sshd, otherwise password authentication may fail. "
5732 echo "Example PAM control files can be found in the contrib/ "
5737 if test ! -z "$NO_PEERCHECK" ; then
5738 echo "WARNING: the operating system that you are using does not"
5739 echo "appear to support getpeereid(), getpeerucred() or the"
5740 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5741 echo "enforce security checks to prevent unauthorised connections to"
5742 echo "ssh-agent. Their absence increases the risk that a malicious"
5743 echo "user can connect to your agent."
5747 if test "$AUDIT_MODULE" = "bsm" ; then
5748 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5749 echo "See the Solaris section in README.platform for details."