2 # Copyright (c) 1999-2004 Damien Miller
4 # Permission to use, copy, modify, and distribute this software for any
5 # purpose with or without fee is hereby granted, provided that the above
6 # copyright notice and this permission notice appear in all copies.
8 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17 AC_CONFIG_MACRO_DIR([m4])
18 AC_CONFIG_SRCDIR([ssh.c])
20 # Check for stale configure as early as possible.
21 for i in $srcdir/configure.ac $srcdir/m4/*.m4; do
22 if test "$i" -nt "$srcdir/configure"; then
23 AC_MSG_ERROR([$i newer than configure, run autoreconf])
29 AC_CONFIG_HEADERS([config.h])
30 AC_PROG_CC([cc gcc clang])
32 # XXX relax this after reimplementing logit() etc.
33 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
34 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
35 int f(int a, int b, int c) { return a + b + c; }
36 #define F(a, ...) f(a, __VA_ARGS__)
37 ]], [[return F(1, 2, -3);]])],
38 [ AC_MSG_RESULT([yes]) ],
39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
45 # Checks for programs.
52 AC_CHECK_TOOLS([AR], [ar])
53 AC_PATH_PROG([CAT], [cat])
54 AC_PATH_PROG([KILL], [kill])
55 AC_PATH_PROG([SED], [sed])
56 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
57 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
58 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
59 AC_PATH_PROG([SH], [bash])
60 AC_PATH_PROG([SH], [ksh])
61 AC_PATH_PROG([SH], [sh])
62 AC_PATH_PROG([GROFF], [groff])
63 AC_PATH_PROG([NROFF], [nroff awf])
64 AC_PATH_PROG([MANDOC], [mandoc])
65 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
66 AC_SUBST([TEST_SHELL], [sh])
68 dnl select manpage formatter to be used to build "cat" format pages.
69 if test "x$MANDOC" != "x" ; then
71 elif test "x$NROFF" != "x" ; then
72 MANFMT="$NROFF -mandoc"
73 elif test "x$GROFF" != "x" ; then
74 MANFMT="$GROFF -mandoc -Tascii"
76 AC_MSG_WARN([no manpage formatter found])
82 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
83 [/usr/sbin${PATH_SEPARATOR}/etc])
84 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
85 [/usr/sbin${PATH_SEPARATOR}/etc])
86 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
87 if test -x /sbin/sh; then
88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
96 if test -z "$AR" ; then
97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
100 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
101 if test ! -z "$PATH_PASSWD_PROG" ; then
102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
103 [Full path of your "passwd" program])
106 dnl Since autoconf doesn't support it very well, we no longer allow users to
107 dnl override LD, however keeping the hook here for now in case there's a use
108 dnl use case we overlooked and someone needs to re-enable it. Unless a good
109 dnl reason is found we'll be removing this in future.
115 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
116 AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
117 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
118 #include <sys/types.h>
119 #include <sys/param.h>
120 #include <dev/systrace.h>
122 AC_CHECK_DECL([RLIMIT_NPROC],
123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
124 #include <sys/types.h>
125 #include <sys/resource.h>
127 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
128 #include <sys/types.h>
129 #include <linux/prctl.h>
134 AC_ARG_WITH([openssl],
135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
136 [ if test "x$withval" = "xno" ; then
142 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
143 if test "x$openssl" = "xyes" ; then
145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
150 use_stack_protector=1
151 use_toolchain_hardening=1
152 AC_ARG_WITH([stackprotect],
153 [ --without-stackprotect Don't use compiler's stack protection], [
154 if test "x$withval" = "xno"; then
155 use_stack_protector=0
157 AC_ARG_WITH([hardening],
158 [ --without-hardening Don't use toolchain hardening flags], [
159 if test "x$withval" = "xno"; then
160 use_toolchain_hardening=0
163 # We use -Werror for the tests only so that we catch warnings like "this is
164 # on by default" for things like -fPIE.
165 AC_MSG_CHECKING([if $CC supports -Werror])
166 saved_CFLAGS="$CFLAGS"
167 CFLAGS="$CFLAGS -Werror"
168 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
169 [ AC_MSG_RESULT([yes])
171 [ AC_MSG_RESULT([no])
174 CFLAGS="$saved_CFLAGS"
176 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
177 AC_MSG_CHECKING([gcc version])
178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
180 1.*) no_attrib_nonnull=1 ;;
184 2.*) no_attrib_nonnull=1 ;;
187 AC_MSG_RESULT([$GCC_VER])
189 AC_MSG_CHECKING([clang version])
190 CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'`
191 AC_MSG_RESULT([$CLANG_VER])
193 OSSH_CHECK_CFLAG_COMPILE([-pipe])
194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
195 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
196 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
197 OSSH_CHECK_CFLAG_COMPILE([-Wall])
198 OSSH_CHECK_CFLAG_COMPILE([-Wextra])
199 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
200 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
201 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
202 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
203 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
204 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
205 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
206 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
207 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
208 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
209 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
210 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
211 if test "x$use_toolchain_hardening" = "x1"; then
212 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
213 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
214 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
215 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
216 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
217 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
218 # NB. -ftrapv expects certain support functions to be present in
219 # the compiler library (libgcc or similar) to detect integer operations
220 # that can overflow. We must check that the result of enabling it
221 # actually links. The test program compiled/linked includes a number
222 # of integer operations that should exercise this.
223 OSSH_CHECK_CFLAG_LINK([-ftrapv])
224 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See
225 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and
226 # https://github.com/llvm/llvm-project/issues/59242
228 15.*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;;
229 *) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;;
231 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
234 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
235 saved_CFLAGS="$CFLAGS"
236 CFLAGS="$CFLAGS -fno-builtin-memset"
237 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
238 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
239 [ AC_MSG_RESULT([yes]) ],
240 [ AC_MSG_RESULT([no])
241 CFLAGS="$saved_CFLAGS" ]
244 # -fstack-protector-all doesn't always work for some GCC versions
245 # and/or platforms, so we test if we can. If it's not supported
246 # on a given platform gcc will emit a warning so we use -Werror.
247 if test "x$use_stack_protector" = "x1"; then
248 for t in -fstack-protector-strong -fstack-protector-all \
249 -fstack-protector; do
250 AC_MSG_CHECKING([if $CC supports $t])
251 saved_CFLAGS="$CFLAGS"
252 saved_LDFLAGS="$LDFLAGS"
253 CFLAGS="$CFLAGS $t -Werror"
254 LDFLAGS="$LDFLAGS $t -Werror"
258 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
262 snprintf(x, sizeof(x), "XXX%d", func(1));
264 [ AC_MSG_RESULT([yes])
265 CFLAGS="$saved_CFLAGS $t"
266 LDFLAGS="$saved_LDFLAGS $t"
267 AC_MSG_CHECKING([if $t works])
271 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
275 snprintf(x, sizeof(x), "XXX%d", func(1));
277 [ AC_MSG_RESULT([yes])
279 [ AC_MSG_RESULT([no]) ],
280 [ AC_MSG_WARN([cross compiling: cannot test])
284 [ AC_MSG_RESULT([no]) ]
286 CFLAGS="$saved_CFLAGS"
287 LDFLAGS="$saved_LDFLAGS"
291 if test -z "$have_llong_max"; then
292 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
293 unset ac_cv_have_decl_LLONG_MAX
294 saved_CFLAGS="$CFLAGS"
295 CFLAGS="$CFLAGS -std=gnu99"
296 AC_CHECK_DECL([LLONG_MAX],
298 [CFLAGS="$saved_CFLAGS"],
299 [#include <limits.h>]
304 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
308 __attribute__((__unused__)) static void foo(void){return;}]],
310 [ AC_MSG_RESULT([yes]) ],
311 [ AC_MSG_RESULT([no])
312 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
313 [compiler does not accept __attribute__ on return types]) ]
316 AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
320 typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
322 [ AC_MSG_RESULT([yes]) ],
323 [ AC_MSG_RESULT([no])
324 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
325 [compiler does not accept __attribute__ on prototype args]) ]
328 AC_MSG_CHECKING([if compiler supports variable length arrays])
330 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
331 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
332 [ AC_MSG_RESULT([yes])
333 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
334 [compiler supports variable length arrays]) ],
335 [ AC_MSG_RESULT([no]) ]
338 AC_MSG_CHECKING([if compiler accepts variable declarations after code])
340 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
341 [[ int a; a = 1; int b = 1; exit(a-b); ]])],
342 [ AC_MSG_RESULT([yes])
343 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
344 [compiler variable declarations after code]) ],
345 [ AC_MSG_RESULT([no]) ]
348 if test "x$no_attrib_nonnull" != "x1" ; then
349 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
353 [ --without-rpath Disable auto-added -R linker paths],
355 if test "x$withval" = "xno" ; then
357 elif test "x$withval" = "xyes" ; then
365 # Allow user to specify flags
366 AC_ARG_WITH([cflags],
367 [ --with-cflags Specify additional flags to pass to compiler],
369 if test -n "$withval" && test "x$withval" != "xno" && \
370 test "x${withval}" != "xyes"; then
371 CFLAGS="$CFLAGS $withval"
376 AC_ARG_WITH([cflags-after],
377 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
379 if test -n "$withval" && test "x$withval" != "xno" && \
380 test "x${withval}" != "xyes"; then
381 CFLAGS_AFTER="$withval"
385 AC_ARG_WITH([cppflags],
386 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
388 if test -n "$withval" && test "x$withval" != "xno" && \
389 test "x${withval}" != "xyes"; then
390 CPPFLAGS="$CPPFLAGS $withval"
394 AC_ARG_WITH([ldflags],
395 [ --with-ldflags Specify additional flags to pass to linker],
397 if test -n "$withval" && test "x$withval" != "xno" && \
398 test "x${withval}" != "xyes"; then
399 LDFLAGS="$LDFLAGS $withval"
403 AC_ARG_WITH([ldflags-after],
404 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
406 if test -n "$withval" && test "x$withval" != "xno" && \
407 test "x${withval}" != "xyes"; then
408 LDFLAGS_AFTER="$withval"
413 [ --with-libs Specify additional libraries to link with],
415 if test -n "$withval" && test "x$withval" != "xno" && \
416 test "x${withval}" != "xyes"; then
417 LIBS="$LIBS $withval"
421 AC_ARG_WITH([Werror],
422 [ --with-Werror Build main code with -Werror],
424 if test -n "$withval" && test "x$withval" != "xno"; then
425 werror_flags="-Werror"
426 if test "x${withval}" != "xyes"; then
427 werror_flags="$withval"
433 dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
434 dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we
435 dnl haven't detected it, recheck.
436 if test "x$ac_cv_header_sys_stat_h" != "xyes"; then
437 unset ac_cv_header_sys_stat_h
438 AC_CHECK_HEADERS([sys/stat.h])
475 security/pam_appl.h \
521 # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
522 # to be included first.
523 AC_CHECK_HEADERS([sys/audit.h], [], [], [
524 #ifdef HAVE_SYS_TIME_H
525 # include <sys/time.h>
527 #ifdef HAVE_SYS_TYPES_H
528 # include <sys/types.h>
530 #ifdef HAVE_SYS_LABEL_H
531 # include <sys/label.h>
535 # sys/capsicum.h requires sys/types.h
536 AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [
537 #ifdef HAVE_SYS_TYPES_H
538 # include <sys/types.h>
542 AC_MSG_CHECKING([for caph_cache_tzdata])
544 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]],
545 [[caph_cache_tzdata();]])],
548 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1],
549 [Define if you have caph_cache_tzdata])
551 [ AC_MSG_RESULT([no]) ]
554 # net/route.h requires sys/socket.h and sys/types.h.
555 # sys/sysctl.h also requires sys/param.h
556 AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
557 #ifdef HAVE_SYS_TYPES_H
558 # include <sys/types.h>
560 #include <sys/param.h>
561 #include <sys/socket.h>
564 # lastlog.h requires sys/time.h to be included first on Solaris
565 AC_CHECK_HEADERS([lastlog.h], [], [], [
566 #ifdef HAVE_SYS_TIME_H
567 # include <sys/time.h>
571 # sys/ptms.h requires sys/stream.h to be included first on Solaris
572 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
573 #ifdef HAVE_SYS_STREAM_H
574 # include <sys/stream.h>
578 # login_cap.h requires sys/types.h on NetBSD
579 AC_CHECK_HEADERS([login_cap.h], [], [], [
580 #include <sys/types.h>
583 # older BSDs need sys/param.h before sys/mount.h
584 AC_CHECK_HEADERS([sys/mount.h], [], [], [
585 #include <sys/param.h>
588 # Android requires sys/socket.h to be included before sys/un.h
589 AC_CHECK_HEADERS([sys/un.h], [], [], [
590 #include <sys/types.h>
591 #include <sys/socket.h>
594 # Messages for features tested for in target-specific section
600 # Support for Solaris/Illumos privileges (this test is used by both
601 # the --with-solaris-privs option and --with-sandbox=solaris).
604 # Check for some target-specific stuff
607 # Some versions of VAC won't allow macro redefinitions at
608 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
609 # particularly with older versions of vac or xlc.
610 # It also throws errors about null macro arguments, but these are
612 AC_MSG_CHECKING([if compiler allows macro redefinitions])
615 #define testmacro foo
616 #define testmacro bar]],
618 [ AC_MSG_RESULT([yes]) ],
619 [ AC_MSG_RESULT([no])
620 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
621 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
622 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
626 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
627 if (test -z "$blibpath"); then
628 blibpath="/usr/lib:/lib"
630 saved_LDFLAGS="$LDFLAGS"
631 if test "$GCC" = "yes"; then
632 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
634 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
636 for tryflags in $flags ;do
637 if (test -z "$blibflags"); then
638 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
639 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
640 [blibflags=$tryflags], [])
643 if (test -z "$blibflags"); then
644 AC_MSG_RESULT([not found])
645 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
647 AC_MSG_RESULT([$blibflags])
649 LDFLAGS="$saved_LDFLAGS"
650 dnl Check for authenticate. Might be in libs.a on older AIXes
651 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
652 [Define if you want to enable AIX4's authenticate function])],
653 [AC_CHECK_LIB([s], [authenticate],
654 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
658 dnl Check for various auth function declarations in headers.
659 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
660 passwdexpired, setauthdb], , , [#include <usersec.h>])
661 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
662 AC_CHECK_DECLS([loginfailed],
663 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
664 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
665 [[ (void)loginfailed("user","host","tty",0); ]])],
666 [AC_MSG_RESULT([yes])
667 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
668 [Define if your AIX loginfailed() function
669 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
672 [#include <usersec.h>]
674 AC_CHECK_FUNCS([getgrset setauthdb])
675 AC_CHECK_DECL([F_CLOSEM],
676 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
678 [ #include <limits.h>
681 check_for_aix_broken_getaddrinfo=1
682 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
683 [Define if your platform breaks doing a seteuid before a setuid])
684 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
685 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
686 dnl AIX handles lastlog as part of its login message
687 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
688 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
689 [Some systems need a utmpx entry for /bin/login to work])
690 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
691 [Define to a Set Process Title type if your system is
692 supported by bsd-setproctitle.c])
693 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
694 [AIX 5.2 and 5.3 (and presumably newer) require this])
695 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
696 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
697 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
698 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
701 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
702 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
705 LIBS="$LIBS /usr/lib/textreadmode.o"
706 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
707 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
708 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
709 [Define to disable UID restoration test])
710 AC_DEFINE([DISABLE_SHADOW], [1],
711 [Define if you want to disable shadow passwords])
712 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
713 [Define if X11 doesn't support AF_UNIX sockets on that system])
714 AC_DEFINE([DISABLE_FD_PASSING], [1],
715 [Define if your platform needs to skip post auth
716 file descriptor passing])
717 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
718 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
719 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
720 # reasons which cause compile warnings, so we disable those warnings.
721 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
724 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
725 [Define if your system choked on IP TOS setting])
726 AC_DEFINE([SETEUID_BREAKS_SETUID])
727 AC_DEFINE([BROKEN_SETREUID])
728 AC_DEFINE([BROKEN_SETREGID])
732 AC_MSG_CHECKING([if we have working getaddrinfo])
733 AC_RUN_IFELSE([AC_LANG_SOURCE([[
734 #include <mach-o/dyld.h>
736 int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
742 [AC_MSG_RESULT([working])],
743 [AC_MSG_RESULT([buggy])
744 AC_DEFINE([BROKEN_GETADDRINFO], [1],
745 [getaddrinfo is broken (if present)])
747 [AC_MSG_RESULT([assume it is working])])
748 AC_DEFINE([SETEUID_BREAKS_SETUID])
749 AC_DEFINE([BROKEN_SETREUID])
750 AC_DEFINE([BROKEN_SETREGID])
751 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
752 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
753 [Define if your resolver libs need this for getrrsetbyname])
754 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
755 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
756 [Use tunnel device compatibility to OpenBSD])
757 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
758 [Prepend the address family to IP tunnel traffic])
759 m4_pattern_allow([AU_IPv])
760 AC_CHECK_DECL([AU_IPv4], [],
761 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
762 [#include <bsm/audit.h>]
763 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
764 [Define if pututxline updates lastlog too])
766 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
767 [Define to a Set Process Title type if your system is
768 supported by bsd-setproctitle.c])
769 AC_CHECK_FUNCS([sandbox_init])
770 AC_CHECK_HEADERS([sandbox.h])
771 AC_CHECK_LIB([sandbox], [sandbox_apply], [
772 SSHDLIBS="$SSHDLIBS -lsandbox"
774 # proc_pidinfo()-based closefrom() replacement.
775 AC_CHECK_HEADERS([libproc.h])
776 AC_CHECK_FUNCS([proc_pidinfo])
777 # poll(2) is broken for character-special devices (at least).
778 # cf. Apple bug 3710161 (not public, but searchable)
779 AC_DEFINE([BROKEN_POLL], [1],
780 [System poll(2) implementation is broken])
784 TEST_MALLOC_OPTIONS="AFGJPRX"
788 CFLAGS="$CFLAGS -D_BSD_SOURCE"
789 AC_CHECK_LIB([network], [socket])
790 AC_DEFINE([HAVE_U_INT64_T])
791 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
795 # first we define all of the options common to all HP-UX releases
796 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
797 IPADDR_IN_DISPLAY=yes
798 AC_DEFINE([USE_PIPES])
799 AC_DEFINE([LOGIN_NEEDS_UTMPX])
800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
801 [String used in /etc/passwd to denote locked account])
802 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
803 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
806 AC_CHECK_LIB([xnet], [t_error], ,
807 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
809 # next, we define all of the options specific to major releases
812 if test -z "$GCC"; then
815 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect])
818 AC_DEFINE([PAM_SUN_CODEBASE], [1],
819 [Define if you are using Solaris-derived PAM which
820 passes pam_messages to the conversation function
821 with an extra level of indirection])
822 AC_DEFINE([DISABLE_UTMP], [1],
823 [Define if you don't want to use utmp])
824 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
825 check_for_hpux_broken_getaddrinfo=1
826 check_for_conflicting_getspnam=1
830 # lastly, we define options specific to minor releases
833 AC_DEFINE([HAVE_SECUREWARE], [1],
834 [Define if you have SecureWare-based
835 protected password database])
836 disable_ptmx_check=yes
842 PATH="$PATH:/usr/etc"
843 AC_DEFINE([BROKEN_INET_NTOA], [1],
844 [Define if you system's inet_ntoa is busted
845 (e.g. Irix gcc issue)])
846 AC_DEFINE([SETEUID_BREAKS_SETUID])
847 AC_DEFINE([BROKEN_SETREUID])
848 AC_DEFINE([BROKEN_SETREGID])
849 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
850 [Define if you shouldn't strip 'tty' from your
852 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
855 PATH="$PATH:/usr/etc"
856 AC_DEFINE([WITH_IRIX_ARRAY], [1],
857 [Define if you have/want arrays
858 (cluster-wide session management, not C arrays)])
859 AC_DEFINE([WITH_IRIX_PROJECT], [1],
860 [Define if you want IRIX project management])
861 AC_DEFINE([WITH_IRIX_AUDIT], [1],
862 [Define if you want IRIX audit trails])
863 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
864 [Define if you want IRIX kernel jobs])])
865 AC_DEFINE([BROKEN_INET_NTOA])
866 AC_DEFINE([SETEUID_BREAKS_SETUID])
867 AC_DEFINE([BROKEN_SETREUID])
868 AC_DEFINE([BROKEN_SETREGID])
869 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
870 AC_DEFINE([WITH_ABBREV_NO_TTY])
871 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
873 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
874 AC_DEFINE([PAM_TTY_KLUDGE])
875 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
876 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
877 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
878 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
883 check_for_openpty_ctty_bug=1
884 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
885 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
886 dnl _GNU_SOURCE is needed for setres*id prototypes.
887 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
888 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
889 AC_DEFINE([PAM_TTY_KLUDGE], [1],
890 [Work around problematic Linux PAM modules handling of PAM_TTY])
891 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
892 [String used in /etc/passwd to denote locked account])
893 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
894 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
895 [Define to whatever link() returns for "not supported"
896 if it doesn't return EOPNOTSUPP.])
897 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
898 AC_DEFINE([USE_BTMP])
899 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
900 inet6_default_4in6=yes
903 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
904 [Define if cmsg_type is not passed correctly])
907 # tun(4) forwarding compat code
908 AC_CHECK_HEADERS([linux/if_tun.h])
909 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
910 AC_DEFINE([SSH_TUN_LINUX], [1],
911 [Open tunnel devices the Linux tun/tap way])
912 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
913 [Use tunnel device compatibility to OpenBSD])
914 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
915 [Prepend the address family to IP tunnel traffic])
917 AC_CHECK_HEADER([linux/if.h],
918 AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
919 [Support routing domains using Linux VRF]), [], [
920 #ifdef HAVE_SYS_TYPES_H
921 # include <sys/types.h>
924 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
925 [], [#include <linux/types.h>])
929 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
930 #if _MIPS_SIM != _ABIO32
933 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
934 #if _MIPS_SIM != _ABIN32
937 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
938 #if _MIPS_SIM != _ABI64
941 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
947 AC_MSG_CHECKING([for seccomp architecture])
951 seccomp_audit_arch=AUDIT_ARCH_X86_64
954 seccomp_audit_arch=AUDIT_ARCH_I386
957 seccomp_audit_arch=AUDIT_ARCH_ARM
960 seccomp_audit_arch=AUDIT_ARCH_AARCH64
963 seccomp_audit_arch=AUDIT_ARCH_S390X
966 seccomp_audit_arch=AUDIT_ARCH_S390
969 seccomp_audit_arch=AUDIT_ARCH_PPC
972 seccomp_audit_arch=AUDIT_ARCH_PPC64
975 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
978 seccomp_audit_arch=AUDIT_ARCH_MIPS
981 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
986 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
989 seccomp_audit_arch=AUDIT_ARCH_MIPS64
996 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
999 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
1004 seccomp_audit_arch=AUDIT_ARCH_RISCV64
1007 if test "x$seccomp_audit_arch" != "x" ; then
1008 AC_MSG_RESULT(["$seccomp_audit_arch"])
1009 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
1010 [Specify the system call convention in use])
1012 AC_MSG_RESULT([architecture not supported])
1016 AC_DEFINE([SETEUID_BREAKS_SETUID])
1017 # poll(2) seems to choke on /dev/null; "Bad file descriptor"
1018 AC_DEFINE([BROKEN_POLL], [1],
1019 [System poll(2) implementation is broken])
1021 mips-sony-bsd|mips-sony-newsos4)
1022 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
1026 if test "x$withval" != "xno" ; then
1029 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1030 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1031 AC_CHECK_HEADER([net/if_tap.h], ,
1032 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1033 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
1034 [Prepend the address family to IP tunnel traffic])
1035 TEST_MALLOC_OPTIONS="AJRX"
1036 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
1037 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
1040 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
1041 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1042 AC_CHECK_HEADER([net/if_tap.h], ,
1043 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1044 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
1045 TEST_MALLOC_OPTIONS="AJRX"
1046 # Preauth crypto occasionally uses file descriptors for crypto offload
1047 # and will crash if they cannot be opened.
1048 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
1049 [define if setrlimit RLIMIT_NOFILE breaks things])
1051 *-*-freebsd9.*|*-*-freebsd10.*)
1052 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1053 disable_capsicum=yes
1057 AC_DEFINE([SETEUID_BREAKS_SETUID])
1058 AC_DEFINE([BROKEN_SETREUID])
1059 AC_DEFINE([BROKEN_SETREGID])
1062 conf_lastlog_location="/usr/adm/lastlog"
1063 conf_utmp_location=/etc/utmp
1064 conf_wtmp_location=/usr/adm/wtmp
1065 maildir=/usr/spool/mail
1066 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
1067 AC_DEFINE([USE_PIPES])
1068 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
1072 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
1073 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
1074 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
1075 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
1076 [syslog_r function is safe to use in in a signal handler])
1077 TEST_MALLOC_OPTIONS="AFGJPRX"
1080 if test "x$withval" != "xno" ; then
1083 AC_DEFINE([PAM_SUN_CODEBASE])
1084 AC_DEFINE([LOGIN_NEEDS_UTMPX])
1085 AC_DEFINE([PAM_TTY_KLUDGE])
1086 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
1087 [Define if pam_chauthtok wants real uid set
1088 to the unpriv'ed user])
1089 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1090 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
1091 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
1092 [Define if sshd somehow reacquires a controlling TTY
1094 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
1095 in case the name is longer than 8 chars])
1096 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
1097 external_path_file=/etc/default/login
1098 # hardwire lastlog location (can't detect it on some versions)
1099 conf_lastlog_location="/var/adm/lastlog"
1100 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
1101 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1102 if test "$sol2ver" -ge 8; then
1103 AC_MSG_RESULT([yes])
1104 AC_DEFINE([DISABLE_UTMP])
1105 AC_DEFINE([DISABLE_WTMP], [1],
1106 [Define if you don't want to use wtmp])
1110 AC_CHECK_FUNCS([setpflags])
1111 AC_CHECK_FUNCS([setppriv])
1112 AC_CHECK_FUNCS([priv_basicset])
1113 AC_CHECK_HEADERS([priv.h])
1114 AC_ARG_WITH([solaris-contracts],
1115 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1117 AC_CHECK_LIB([contract], [ct_tmpl_activate],
1118 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1119 [Define if you have Solaris process contracts])
1120 LIBS="$LIBS -lcontract"
1124 AC_ARG_WITH([solaris-projects],
1125 [ --with-solaris-projects Enable Solaris projects (experimental)],
1127 AC_CHECK_LIB([project], [setproject],
1128 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1129 [Define if you have Solaris projects])
1130 LIBS="$LIBS -lproject"
1134 AC_ARG_WITH([solaris-privs],
1135 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1137 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1138 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1139 "x$ac_cv_header_priv_h" = "xyes" ; then
1141 AC_MSG_RESULT([found])
1142 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1143 [Define to disable UID restoration test])
1144 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1145 [Define if you have Solaris privileges])
1148 AC_MSG_RESULT([not found])
1149 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1153 TEST_SHELL=$SHELL # let configure find us a capable shell
1156 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1157 AC_CHECK_FUNCS([getpwanam])
1158 AC_DEFINE([PAM_SUN_CODEBASE])
1159 conf_utmp_location=/etc/utmp
1160 conf_wtmp_location=/var/adm/wtmp
1161 conf_lastlog_location=/var/adm/lastlog
1162 AC_DEFINE([USE_PIPES])
1163 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1167 AC_DEFINE([USE_PIPES])
1168 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1169 AC_DEFINE([SETEUID_BREAKS_SETUID])
1170 AC_DEFINE([BROKEN_SETREUID])
1171 AC_DEFINE([BROKEN_SETREGID])
1174 # /usr/ucblib MUST NOT be searched on ReliantUNIX
1175 AC_CHECK_LIB([dl], [dlsym], ,)
1176 # -lresolv needs to be at the end of LIBS or DNS lookups break
1177 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1178 IPADDR_IN_DISPLAY=yes
1179 AC_DEFINE([USE_PIPES])
1180 AC_DEFINE([IP_TOS_IS_BROKEN])
1181 AC_DEFINE([SETEUID_BREAKS_SETUID])
1182 AC_DEFINE([BROKEN_SETREUID])
1183 AC_DEFINE([BROKEN_SETREGID])
1184 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1185 external_path_file=/etc/default/login
1186 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1187 # Attention: always take care to bind libsocket and libnsl before libc,
1188 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1190 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1192 AC_DEFINE([USE_PIPES])
1193 AC_DEFINE([SETEUID_BREAKS_SETUID])
1194 AC_DEFINE([BROKEN_SETREUID])
1195 AC_DEFINE([BROKEN_SETREGID])
1196 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1197 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1198 TEST_SHELL=$SHELL # let configure find us a capable shell
1200 # UnixWare 7.x, OpenUNIX 8
1202 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1203 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1204 AC_DEFINE([USE_PIPES])
1205 AC_DEFINE([SETEUID_BREAKS_SETUID])
1206 AC_DEFINE([BROKEN_GETADDRINFO])
1207 AC_DEFINE([BROKEN_SETREUID])
1208 AC_DEFINE([BROKEN_SETREGID])
1209 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1210 AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1211 TEST_SHELL=$SHELL # let configure find us a capable shell
1213 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1214 maildir=/var/spool/mail
1215 AC_DEFINE([BROKEN_UPDWTMPX])
1216 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1217 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1220 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1226 # SCO UNIX and OEM versions of SCO UNIX
1228 AC_MSG_ERROR("This Platform is no longer supported.")
1230 # SCO OpenServer 5.x
1232 if test -z "$GCC"; then
1233 CFLAGS="$CFLAGS -belf"
1235 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1237 AC_DEFINE([USE_PIPES])
1238 AC_DEFINE([HAVE_SECUREWARE])
1239 AC_DEFINE([DISABLE_SHADOW])
1240 AC_DEFINE([DISABLE_FD_PASSING])
1241 AC_DEFINE([SETEUID_BREAKS_SETUID])
1242 AC_DEFINE([BROKEN_GETADDRINFO])
1243 AC_DEFINE([BROKEN_SETREUID])
1244 AC_DEFINE([BROKEN_SETREGID])
1245 AC_DEFINE([WITH_ABBREV_NO_TTY])
1246 AC_DEFINE([BROKEN_UPDWTMPX])
1247 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1248 AC_CHECK_FUNCS([getluid setluid])
1250 TEST_SHELL=$SHELL # let configure find us a capable shell
1251 SKIP_DISABLE_LASTLOG_DEFINE=yes
1254 AC_MSG_CHECKING([for Digital Unix SIA])
1256 AC_ARG_WITH([osfsia],
1257 [ --with-osfsia Enable Digital Unix SIA],
1259 if test "x$withval" = "xno" ; then
1260 AC_MSG_RESULT([disabled])
1265 if test -z "$no_osfsia" ; then
1266 if test -f /etc/sia/matrix.conf; then
1267 AC_MSG_RESULT([yes])
1268 AC_DEFINE([HAVE_OSF_SIA], [1],
1269 [Define if you have Digital Unix Security
1270 Integration Architecture])
1271 AC_DEFINE([DISABLE_LOGIN], [1],
1272 [Define if you don't want to use your
1273 system's login() call])
1274 AC_DEFINE([DISABLE_FD_PASSING])
1275 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1279 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1280 [String used in /etc/passwd to denote locked account])
1283 AC_DEFINE([BROKEN_GETADDRINFO])
1284 AC_DEFINE([SETEUID_BREAKS_SETUID])
1285 AC_DEFINE([BROKEN_SETREUID])
1286 AC_DEFINE([BROKEN_SETREGID])
1287 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1291 AC_DEFINE([USE_PIPES])
1292 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1293 AC_DEFINE([DISABLE_LASTLOG])
1294 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1295 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1296 enable_etc_default_login=no # has incompatible /etc/default/login
1299 AC_DEFINE([DISABLE_FD_PASSING])
1305 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1306 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1307 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1308 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1309 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1310 # don't get a controlling tty.
1311 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1312 # On Ultrix some headers are not protected against multiple includes,
1313 # so we create wrappers and put it where the compiler will find it.
1314 AC_MSG_WARN([creating compat wrappers for headers])
1316 for header in netinet/ip.h netdb.h resolv.h; do
1317 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1319 #ifndef _SSH_COMPAT_${name}
1320 #define _SSH_COMPAT_${name}
1321 #include "/usr/include/${header}"
1328 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1329 AC_DEFINE([BROKEN_SETVBUF], [1],
1330 [LynxOS has broken setvbuf() implementation])
1334 AC_MSG_CHECKING([compiler and flags for sanity])
1335 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
1336 [ AC_MSG_RESULT([yes]) ],
1339 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1341 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1344 dnl Checks for header files.
1345 # Checks for libraries.
1346 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1348 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1349 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1350 AC_CHECK_LIB([gen], [dirname], [
1351 AC_CACHE_CHECK([for broken dirname],
1352 ac_cv_have_broken_dirname, [
1361 int main(int argc, char **argv) {
1364 strncpy(buf,"/etc", 32);
1366 if (!s || strncmp(s, "/", 32) != 0) {
1373 [ ac_cv_have_broken_dirname="no" ],
1374 [ ac_cv_have_broken_dirname="yes" ],
1375 [ ac_cv_have_broken_dirname="no" ],
1379 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1381 AC_DEFINE([HAVE_DIRNAME])
1382 AC_CHECK_HEADERS([libgen.h])
1387 AC_CHECK_FUNC([getspnam], ,
1388 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1389 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1390 [Define if you have the basename function.])])
1392 dnl zlib defaults to enabled
1395 [ --with-zlib=PATH Use zlib in PATH],
1396 [ if test "x$withval" = "xno" ; then
1398 elif test "x$withval" != "xyes"; then
1399 if test -d "$withval/lib"; then
1400 if test -n "${rpath_opt}"; then
1401 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1403 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1406 if test -n "${rpath_opt}"; then
1407 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1409 LDFLAGS="-L${withval} ${LDFLAGS}"
1412 if test -d "$withval/include"; then
1413 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1415 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1420 # These libraries are needed for anything that links in the channel code.
1422 AC_MSG_CHECKING([for zlib])
1423 if test "x${zlib}" = "xno"; then
1427 CHANNELLIBS="$CHANNELLIBS -lz"
1428 AC_MSG_RESULT([yes])
1429 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1430 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1431 AC_CHECK_LIB([z], [deflate], [],
1433 saved_CPPFLAGS="$CPPFLAGS"
1434 saved_LDFLAGS="$LDFLAGS"
1435 dnl Check default zlib install dir
1436 if test -n "${rpath_opt}"; then
1437 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1439 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1441 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1442 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1444 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1450 AC_ARG_WITH([zlib-version-check],
1451 [ --without-zlib-version-check Disable zlib version check],
1452 [ if test "x$withval" = "xno" ; then
1453 zlib_check_nonfatal=1
1458 AC_MSG_CHECKING([for possibly buggy zlib])
1459 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1465 int a=0, b=0, c=0, d=0, n, v;
1466 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1467 if (n != 3 && n != 4)
1469 v = a*1000000 + b*10000 + c*100 + d;
1470 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1473 if (a == 1 && b == 1 && c >= 4)
1476 /* 1.2.3 and up are OK */
1482 AC_MSG_RESULT([no]),
1483 [ AC_MSG_RESULT([yes])
1484 if test -z "$zlib_check_nonfatal" ; then
1485 AC_MSG_ERROR([*** zlib too old - check config.log ***
1486 Your reported zlib version has known security problems. It's possible your
1487 vendor has fixed these problems without changing the version number. If you
1488 are sure this is the case, you can disable the check by running
1489 "./configure --without-zlib-version-check".
1490 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1491 See http://www.gzip.org/zlib/ for details.])
1493 AC_MSG_WARN([zlib version may have security problems])
1496 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1502 AC_CHECK_FUNC([strcasecmp],
1503 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1505 AC_CHECK_FUNCS([utimes],
1506 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1507 LIBS="$LIBS -lc89"]) ]
1510 dnl Checks for libutil functions
1511 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1512 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1513 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1514 AC_SEARCH_LIBS([login], [util bsd])
1515 AC_SEARCH_LIBS([logout], [util bsd])
1516 AC_SEARCH_LIBS([logwtmp], [util bsd])
1517 AC_SEARCH_LIBS([openpty], [util bsd])
1518 AC_SEARCH_LIBS([updwtmp], [util bsd])
1519 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1521 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1523 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1524 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1526 # Some Linux distribtions ship the BSD libc hashing functions in
1527 # separate libraries.
1528 AC_SEARCH_LIBS([SHA256Update], [md bsd])
1530 # "Particular Function Checks"
1531 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1535 # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1536 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1539 [[ #include <stdlib.h> ]],
1540 [[ void *p = calloc(0, 1); exit(p == NULL); ]]
1542 [ func_calloc_0_nonnull=yes ],
1543 [ func_calloc_0_nonnull=no ],
1544 [ AC_MSG_WARN([cross compiling: assuming same as malloc])
1545 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1547 AC_MSG_RESULT([$func_calloc_0_nonnull])
1549 if test "x$func_calloc_0_nonnull" = "xyes"; then
1550 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1552 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1553 AC_DEFINE(calloc, rpl_calloc,
1554 [Define to rpl_calloc if the replacement function should be used.])
1557 # Check for ALTDIRFUNC glob() extension
1558 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1559 AC_EGREP_CPP([FOUNDIT],
1562 #ifdef GLOB_ALTDIRFUNC
1567 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1568 [Define if your system glob() function has
1569 the GLOB_ALTDIRFUNC extension])
1570 AC_MSG_RESULT([yes])
1577 # Check for g.gl_matchc glob() extension
1578 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1579 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1580 [[ glob_t g; g.gl_matchc = 1; ]])],
1582 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1583 [Define if your system glob() function has
1584 gl_matchc options in glob_t])
1585 AC_MSG_RESULT([yes])
1590 # Check for g.gl_statv glob() extension
1591 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1592 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1593 #ifndef GLOB_KEEPSTAT
1594 #error "glob does not support GLOB_KEEPSTAT extension"
1600 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1601 [Define if your system glob() function has
1602 gl_statv options in glob_t])
1603 AC_MSG_RESULT([yes])
1609 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1611 AC_CHECK_DECL([VIS_ALL], ,
1612 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1614 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1617 #include <sys/types.h>
1623 exit(sizeof(d.d_name)<=sizeof(char));
1625 [AC_MSG_RESULT([yes])],
1628 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1629 [Define if your struct dirent expects you to
1630 allocate extra space for d_name])
1633 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1634 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1638 AC_MSG_CHECKING([for /proc/pid/fd directory])
1639 if test -d "/proc/$$/fd" ; then
1640 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1641 AC_MSG_RESULT([yes])
1646 # Check whether user wants TCP wrappers support
1648 AC_ARG_WITH([tcp-wrappers],
1649 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1651 if test "x$withval" != "xno" ; then
1653 saved_LDFLAGS="$LDFLAGS"
1654 saved_CPPFLAGS="$CPPFLAGS"
1655 if test -n "${withval}" && \
1656 test "x${withval}" != "xyes"; then
1657 if test -d "${withval}/lib"; then
1658 if test -n "${need_dash_r}"; then
1659 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1661 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1664 if test -n "${need_dash_r}"; then
1665 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1667 LDFLAGS="-L${withval} ${LDFLAGS}"
1670 if test -d "${withval}/include"; then
1671 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1673 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1677 AC_MSG_CHECKING([for libwrap])
1678 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1679 #include <sys/types.h>
1680 #include <sys/socket.h>
1681 #include <netinet/in.h>
1683 int deny_severity = 0, allow_severity = 0;
1687 AC_MSG_RESULT([yes])
1688 AC_DEFINE([LIBWRAP], [1],
1690 TCP Wrappers support])
1691 SSHDLIBS="$SSHDLIBS -lwrap"
1694 AC_MSG_ERROR([*** libwrap missing])
1701 # Check whether user wants to use ldns
1704 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1707 if test "x$withval" = "xyes" ; then
1708 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1709 if test "x$LDNSCONFIG" = "xno"; then
1713 LIBS="$LIBS `$LDNSCONFIG --libs`"
1714 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1717 elif test "x$withval" != "xno" ; then
1718 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1719 LDFLAGS="$LDFLAGS -L${withval}/lib"
1724 # Verify that it works.
1725 if test "x$ldns" = "xyes" ; then
1726 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1728 AC_MSG_CHECKING([for ldns support])
1733 #ifdef HAVE_STDINT_H
1734 # include <stdint.h>
1736 #include <ldns/ldns.h>
1737 int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1740 [AC_MSG_RESULT(yes)],
1743 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1748 # Check whether user wants libedit support
1750 AC_ARG_WITH([libedit],
1751 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1752 [ if test "x$withval" != "xno" ; then
1753 if test "x$withval" = "xyes" ; then
1754 if test "x$PKGCONFIG" != "xno"; then
1755 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1756 if "$PKGCONFIG" libedit; then
1757 AC_MSG_RESULT([yes])
1758 use_pkgconfig_for_libedit=yes
1764 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1765 if test -n "${rpath_opt}"; then
1766 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1768 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1771 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1772 LIBEDIT=`$PKGCONFIG --libs libedit`
1773 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1775 LIBEDIT="-ledit -lcurses"
1777 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1778 AC_CHECK_LIB([edit], [el_init],
1779 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1783 [ AC_MSG_ERROR([libedit not found]) ],
1786 AC_MSG_CHECKING([if libedit version is compatible])
1789 #include <histedit.h>
1794 el_init("", NULL, NULL, NULL);
1797 [ AC_MSG_RESULT([yes]) ],
1798 [ AC_MSG_RESULT([no])
1799 AC_MSG_ERROR([libedit version is not compatible]) ]
1805 AC_ARG_WITH([audit],
1806 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1808 AC_MSG_CHECKING([for supported audit module])
1811 AC_MSG_RESULT([bsm])
1813 dnl Checks for headers, libs and functions
1814 AC_CHECK_HEADERS([bsm/audit.h], [],
1815 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1822 AC_CHECK_LIB([bsm], [getaudit], [],
1823 [AC_MSG_ERROR([BSM enabled and required library not found])])
1824 AC_CHECK_FUNCS([getaudit], [],
1825 [AC_MSG_ERROR([BSM enabled and required function not found])])
1826 # These are optional
1827 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1828 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1829 if test "$sol2ver" -ge 11; then
1830 SSHDLIBS="$SSHDLIBS -lscf"
1831 AC_DEFINE([BROKEN_BSM_API], [1],
1832 [The system has incomplete BSM API])
1836 AC_MSG_RESULT([linux])
1838 dnl Checks for headers, libs and functions
1839 AC_CHECK_HEADERS([libaudit.h])
1840 SSHDLIBS="$SSHDLIBS -laudit"
1841 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1845 AC_MSG_RESULT([debug])
1846 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1852 AC_MSG_ERROR([Unknown audit module $withval])
1858 [ --with-pie Build Position Independent Executables if possible], [
1859 if test "x$withval" = "xno"; then
1862 if test "x$withval" = "xyes"; then
1867 if test "x$use_pie" = "x"; then
1870 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1871 # Turn off automatic PIE when toolchain hardening is off.
1874 if test "x$use_pie" = "xauto"; then
1875 # Automatic PIE requires gcc >= 4.x
1876 AC_MSG_CHECKING([for gcc >= 4.x])
1877 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1878 #if !defined(__GNUC__) || __GNUC__ < 4
1879 #error gcc is too old
1882 [ AC_MSG_RESULT([yes]) ],
1883 [ AC_MSG_RESULT([no])
1887 if test "x$use_pie" != "xno"; then
1888 SAVED_CFLAGS="$CFLAGS"
1889 SAVED_LDFLAGS="$LDFLAGS"
1890 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1891 OSSH_CHECK_LDFLAG_LINK([-pie])
1892 # We use both -fPIE and -pie or neither.
1893 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1894 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1895 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1896 AC_MSG_RESULT([yes])
1899 CFLAGS="$SAVED_CFLAGS"
1900 LDFLAGS="$SAVED_LDFLAGS"
1904 AC_MSG_CHECKING([whether -fPIC is accepted])
1905 SAVED_CFLAGS="$CFLAGS"
1906 CFLAGS="$CFLAGS -fPIC"
1908 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1909 [AC_MSG_RESULT([yes])
1911 [AC_MSG_RESULT([no])
1913 CFLAGS="$SAVED_CFLAGS"
1916 dnl Checks for library functions. Please keep in alphabetical order
1920 Blowfish_initstate \
1921 Blowfish_expandstate \
1922 Blowfish_expand0state \
1923 Blowfish_stream2word \
2062 AC_CHECK_DECLS([bzero, memmem])
2064 dnl Wide character support.
2065 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
2067 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
2068 AC_MSG_CHECKING([for utf8 locale support])
2074 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2082 AC_MSG_WARN([cross compiling: assuming yes])
2087 [[ #include <ctype.h> ]],
2088 [[ return (isblank('a')); ]])],
2089 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
2093 AC_ARG_ENABLE([pkcs11],
2094 [ --disable-pkcs11 disable PKCS#11 support code [no]],
2096 if test "x$enableval" = "xno" ; then
2103 AC_ARG_ENABLE([security-key],
2104 [ --disable-security-key disable U2F/FIDO support code [no]],
2106 if test "x$enableval" = "xno" ; then
2112 AC_ARG_WITH([security-key-builtin],
2113 [ --with-security-key-builtin include builtin U2F/FIDO support],
2114 [ enable_sk_internal=$withval ]
2117 AC_SEARCH_LIBS([dlopen], [dl])
2118 AC_CHECK_FUNCS([dlopen])
2119 AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
2121 # IRIX has a const char return value for gai_strerror()
2122 AC_CHECK_FUNCS([gai_strerror], [
2123 AC_DEFINE([HAVE_GAI_STRERROR])
2124 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2125 #include <sys/types.h>
2126 #include <sys/socket.h>
2129 const char *gai_strerror(int);
2132 str = gai_strerror(0);
2134 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
2135 [Define if gai_strerror() returns const char *])], [])])
2137 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
2138 [Some systems put nanosleep outside of libc])])
2140 AC_SEARCH_LIBS([clock_gettime], [rt],
2141 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
2143 dnl check if we need -D_REENTRANT for localtime_r declaration.
2144 AC_CHECK_DECL([localtime_r], [],
2145 [ saved_CPPFLAGS="$CPPFLAGS"
2146 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2147 unset ac_cv_have_decl_localtime_r
2148 AC_CHECK_DECL([localtime_r], [],
2149 [ CPPFLAGS="$saved_CPPFLAGS" ],
2150 [ #include <time.h> ]
2153 [ #include <time.h> ]
2156 dnl Make sure prototypes are defined for these before using them.
2157 AC_CHECK_DECL([strsep],
2158 [AC_CHECK_FUNCS([strsep])],
2161 #ifdef HAVE_STRING_H
2162 # include <string.h>
2166 dnl tcsendbreak might be a macro
2167 AC_CHECK_DECL([tcsendbreak],
2168 [AC_DEFINE([HAVE_TCSENDBREAK])],
2169 [AC_CHECK_FUNCS([tcsendbreak])],
2170 [#include <termios.h>]
2173 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2175 AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
2177 #include <sys/types.h>
2178 #include <sys/socket.h>
2182 AC_CHECK_DECLS([O_NONBLOCK], , ,
2184 #include <sys/types.h>
2185 #ifdef HAVE_SYS_STAT_H
2186 # include <sys/stat.h>
2193 AC_CHECK_DECLS([ftruncate, getentropy], , ,
2195 #include <sys/types.h>
2199 AC_CHECK_DECLS([readv, writev], , , [
2200 #include <sys/types.h>
2201 #include <sys/uio.h>
2205 AC_CHECK_DECLS([MAXSYMLINKS], , , [
2206 #include <sys/param.h>
2209 AC_CHECK_DECLS([offsetof], , , [
2213 # extra bits for select(2)
2214 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2215 #include <sys/param.h>
2216 #include <sys/types.h>
2217 #ifdef HAVE_SYS_SYSMACROS_H
2218 #include <sys/sysmacros.h>
2220 #ifdef HAVE_SYS_SELECT_H
2221 #include <sys/select.h>
2223 #ifdef HAVE_SYS_TIME_H
2224 #include <sys/time.h>
2226 #ifdef HAVE_UNISTD_H
2230 AC_CHECK_TYPES([fd_mask], [], [], [[
2231 #include <sys/param.h>
2232 #include <sys/types.h>
2233 #ifdef HAVE_SYS_SELECT_H
2234 #include <sys/select.h>
2236 #ifdef HAVE_SYS_TIME_H
2237 #include <sys/time.h>
2239 #ifdef HAVE_UNISTD_H
2244 AC_CHECK_FUNCS([setresuid], [
2245 dnl Some platorms have setresuid that isn't implemented, test for this
2246 AC_MSG_CHECKING([if setresuid seems to work])
2260 [AC_MSG_RESULT([yes])],
2261 [AC_DEFINE([BROKEN_SETRESUID], [1],
2262 [Define if your setresuid() is broken])
2263 AC_MSG_RESULT([not implemented])],
2264 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2268 AC_CHECK_FUNCS([setresgid], [
2269 dnl Some platorms have setresgid that isn't implemented, test for this
2270 AC_MSG_CHECKING([if setresgid seems to work])
2284 [AC_MSG_RESULT([yes])],
2285 [AC_DEFINE([BROKEN_SETRESGID], [1],
2286 [Define if your setresgid() is broken])
2287 AC_MSG_RESULT([not implemented])],
2288 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2292 AC_MSG_CHECKING([for working fflush(NULL)])
2298 [[fflush(NULL); exit(0);]])],
2299 AC_MSG_RESULT([yes]),
2300 [AC_MSG_RESULT([no])
2301 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2302 [define if fflush(NULL) does not work])],
2303 AC_MSG_WARN([cross compiling: assuming working])
2306 dnl Checks for time functions
2307 AC_CHECK_FUNCS([gettimeofday time])
2308 dnl Checks for utmp functions
2309 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2310 AC_CHECK_FUNCS([utmpname])
2311 dnl Checks for utmpx functions
2312 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2313 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2314 dnl Checks for lastlog functions
2315 AC_CHECK_FUNCS([getlastlogxbyname])
2317 AC_CHECK_FUNC([daemon],
2318 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2319 [AC_CHECK_LIB([bsd], [daemon],
2320 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2323 AC_CHECK_FUNC([getpagesize],
2324 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2325 [Define if your libraries define getpagesize()])],
2326 [AC_CHECK_LIB([ucb], [getpagesize],
2327 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2330 # Check for broken snprintf
2331 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2332 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2340 snprintf(b,5,"123456789");
2343 [AC_MSG_RESULT([yes])],
2346 AC_DEFINE([BROKEN_SNPRINTF], [1],
2347 [Define if your snprintf is busted])
2348 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2350 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2354 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2355 AC_MSG_CHECKING([whether snprintf understands %zu])
2358 #include <sys/types.h>
2364 size_t a = 1, b = 2;
2366 snprintf(z, sizeof z, "%zu%zu", a, b);
2367 exit(strcmp(z, "12"));
2369 [AC_MSG_RESULT([yes])],
2372 AC_DEFINE([BROKEN_SNPRINTF], [1],
2373 [snprintf does not understand %zu])
2375 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2379 # We depend on vsnprintf returning the right thing on overflow: the
2380 # number of characters it tried to create (as per SUSv3)
2381 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2382 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2385 #include <sys/types.h>
2389 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2395 ret = vsnprintf(str, count, fmt, ap);
2401 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2403 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2407 [AC_MSG_RESULT([yes])],
2410 AC_DEFINE([BROKEN_SNPRINTF], [1],
2411 [Define if your snprintf is busted])
2412 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2414 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2418 # On systems where [v]snprintf is broken, but is declared in stdio,
2419 # check that the fmt argument is const char * or just char *.
2420 # This is only useful for when BROKEN_SNPRINTF
2421 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2422 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2424 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2428 [AC_MSG_RESULT([yes])
2429 AC_DEFINE([SNPRINTF_CONST], [const],
2430 [Define as const if snprintf() can declare const char *fmt])],
2431 [AC_MSG_RESULT([no])
2432 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2434 # Check for missing getpeereid (or equiv) support
2436 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2437 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2438 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2439 #include <sys/types.h>
2440 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2441 [ AC_MSG_RESULT([yes])
2442 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2443 ], [AC_MSG_RESULT([no])
2448 dnl make sure that openpty does not reacquire controlling terminal
2449 if test ! -z "$check_for_openpty_ctty_bug"; then
2450 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2459 #include <sys/fcntl.h>
2460 #include <sys/types.h>
2461 #include <sys/wait.h>
2464 int fd, ptyfd, ttyfd, status;
2467 if (pid < 0) { /* failed */
2469 } else if (pid > 0) { /* parent */
2470 waitpid(pid, &status, 0);
2471 if (WIFEXITED(status))
2472 exit(WEXITSTATUS(status));
2475 } else { /* child */
2476 close(0); close(1); close(2);
2478 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2479 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2481 exit(3); /* Acquired ctty: broken */
2483 exit(0); /* Did not acquire ctty: OK */
2487 AC_MSG_RESULT([yes])
2491 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2494 AC_MSG_RESULT([cross-compiling, assuming yes])
2499 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2500 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2501 AC_MSG_CHECKING([if getaddrinfo seems to work])
2506 #include <sys/socket.h>
2509 #include <netinet/in.h>
2511 #define TEST_PORT "2222"
2514 struct addrinfo *gai_ai, *ai, hints;
2515 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2517 memset(&hints, 0, sizeof(hints));
2518 hints.ai_family = PF_UNSPEC;
2519 hints.ai_socktype = SOCK_STREAM;
2520 hints.ai_flags = AI_PASSIVE;
2522 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2524 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2528 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2529 if (ai->ai_family != AF_INET6)
2532 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2533 sizeof(ntop), strport, sizeof(strport),
2534 NI_NUMERICHOST|NI_NUMERICSERV);
2537 if (err == EAI_SYSTEM)
2538 perror("getnameinfo EAI_SYSTEM");
2540 fprintf(stderr, "getnameinfo failed: %s\n",
2545 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2548 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2556 AC_MSG_RESULT([yes])
2560 AC_DEFINE([BROKEN_GETADDRINFO])
2563 AC_MSG_RESULT([cross-compiling, assuming yes])
2568 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2569 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2570 AC_MSG_CHECKING([if getaddrinfo seems to work])
2575 #include <sys/socket.h>
2578 #include <netinet/in.h>
2580 #define TEST_PORT "2222"
2583 struct addrinfo *gai_ai, *ai, hints;
2584 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2586 memset(&hints, 0, sizeof(hints));
2587 hints.ai_family = PF_UNSPEC;
2588 hints.ai_socktype = SOCK_STREAM;
2589 hints.ai_flags = AI_PASSIVE;
2591 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2593 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2597 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2598 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2601 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2602 sizeof(ntop), strport, sizeof(strport),
2603 NI_NUMERICHOST|NI_NUMERICSERV);
2605 if (ai->ai_family == AF_INET && err != 0) {
2606 perror("getnameinfo");
2613 AC_MSG_RESULT([yes])
2614 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2615 [Define if you have a getaddrinfo that fails
2616 for the all-zeros IPv6 address])
2620 AC_DEFINE([BROKEN_GETADDRINFO])
2623 AC_MSG_RESULT([cross-compiling, assuming no])
2628 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2629 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2630 [#include <sys/types.h>
2631 #include <sys/socket.h>
2632 #include <netdb.h>])
2635 if test "x$check_for_conflicting_getspnam" = "x1"; then
2636 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2637 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2646 AC_MSG_RESULT([yes])
2647 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2648 [Conflicting defs for getspnam])
2653 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2654 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2655 dnl for over ten years). Despite this incompatibility being reported during
2656 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2657 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2658 dnl implementation. Try to detect this mess, and assume the only safe option
2659 dnl if we're cross compiling.
2661 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2662 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2663 if test "x$ac_cv_func_strnvis" = "xyes"; then
2664 AC_MSG_CHECKING([for working strnvis])
2672 static void sighandler(int sig) { _exit(1); }
2676 signal(SIGSEGV, sighandler);
2677 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2681 [AC_MSG_RESULT([yes])],
2682 [AC_MSG_RESULT([no])
2683 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2684 [AC_MSG_WARN([cross compiling: assuming broken])
2685 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2689 AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
2692 #ifdef HAVE_SYS_SELECT
2693 # include <sys/select.h>
2695 #include <sys/types.h>
2696 #include <sys/time.h>
2700 static void sighandler(int sig) { }
2704 struct sigaction sa;
2706 sa.sa_handler = sighandler;
2707 sa.sa_flags = SA_RESTART;
2708 (void)sigaction(SIGTERM, &sa, NULL);
2709 if ((pid = fork()) == 0) { /* child */
2714 if (getppid() == pid) /* if parent did not exit, shoot it */
2717 } else { /* parent */
2718 r = select(0, NULL, NULL, NULL, NULL);
2720 exit(r == -1 ? 0 : 1);
2722 [AC_MSG_RESULT([yes])],
2723 [AC_MSG_RESULT([no])
2724 AC_DEFINE([NO_SA_RESTART], [1],
2725 [SA_RESTARTed signals do no interrupt select])],
2726 [AC_MSG_WARN([cross compiling: assuming yes])]
2729 AC_CHECK_FUNCS([getpgrp],[
2730 AC_MSG_CHECKING([if getpgrp accepts zero args])
2732 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2733 [ AC_MSG_RESULT([yes])
2734 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2735 [ AC_MSG_RESULT([no])
2736 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2740 # Search for OpenSSL
2741 saved_CPPFLAGS="$CPPFLAGS"
2742 saved_LDFLAGS="$LDFLAGS"
2743 openssl_bin_PATH="$PATH"
2744 AC_ARG_WITH([ssl-dir],
2745 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2747 if test "x$openssl" = "xno" ; then
2748 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2750 if test "x$withval" != "xno" ; then
2753 ./*|../*) withval="`pwd`/$withval"
2755 if test -d "$withval/lib"; then
2756 libcrypto_path="${withval}/lib"
2757 elif test -d "$withval/lib64"; then
2758 libcrypto_path="$withval/lib64"
2760 # Built but not installed
2761 libcrypto_path="${withval}"
2763 if test -n "${rpath_opt}"; then
2764 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2766 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2768 if test -d "$withval/include"; then
2769 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2771 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2773 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
2777 AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH])
2778 AC_SUBST(OPENSSL_BIN, [${openssl_bin}])
2780 AC_ARG_WITH([openssl-header-check],
2781 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2783 if test "x$withval" = "xno" ; then
2784 openssl_check_nonfatal=1
2790 AC_ARG_WITH([ssl-engine],
2791 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2793 if test "x$withval" != "xno" ; then
2794 if test "x$openssl" = "xno" ; then
2795 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2802 nocrypto_saved_LIBS="$LIBS"
2803 if test "x$openssl" = "xyes" ; then
2804 LIBS="-lcrypto $LIBS"
2805 CHANNELLIBS="-lcrypto $CHANNELLIBS"
2806 AC_TRY_LINK_FUNC([RAND_add], ,
2807 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
2808 AC_CHECK_HEADER([openssl/opensslv.h], ,
2809 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2811 # Determine OpenSSL header version
2812 AC_MSG_CHECKING([OpenSSL header version])
2818 #include <openssl/opensslv.h>
2819 #define DATA "conftest.sslincver"
2824 fd = fopen(DATA,"w");
2828 if ((rc = fprintf(fd, "%08lx (%s)\n",
2829 (unsigned long)OPENSSL_VERSION_NUMBER,
2830 OPENSSL_VERSION_TEXT)) < 0)
2836 ssl_header_ver=`cat conftest.sslincver`
2837 AC_MSG_RESULT([$ssl_header_ver])
2840 AC_MSG_RESULT([not found])
2841 AC_MSG_ERROR([OpenSSL version header not found.])
2844 AC_MSG_WARN([cross compiling: not checking])
2848 # Determining OpenSSL library version is version dependent.
2849 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
2851 # Determine OpenSSL library version
2852 AC_MSG_CHECKING([OpenSSL library version])
2858 #include <openssl/opensslv.h>
2859 #include <openssl/crypto.h>
2860 #define DATA "conftest.ssllibver"
2865 fd = fopen(DATA,"w");
2868 #ifndef OPENSSL_VERSION
2869 # define OPENSSL_VERSION SSLEAY_VERSION
2871 #ifndef HAVE_OPENSSL_VERSION
2872 # define OpenSSL_version SSLeay_version
2874 #ifndef HAVE_OPENSSL_VERSION_NUM
2875 # define OpenSSL_version_num SSLeay
2877 if ((rc = fprintf(fd, "%08lx (%s)\n",
2878 (unsigned long)OpenSSL_version_num(),
2879 OpenSSL_version(OPENSSL_VERSION))) < 0)
2885 ssl_library_ver=`cat conftest.ssllibver`
2886 # Check version is supported.
2887 case "$ssl_library_ver" in
2889 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2893 # https://github.com/openssl/openssl/pull/4613
2894 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
2899 # OpenSSL 3; we use the 1.1x API
2900 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2903 # OpenSSL development branch; request 1.1x API
2904 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2907 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
2910 AC_MSG_RESULT([$ssl_library_ver])
2913 AC_MSG_RESULT([not found])
2914 AC_MSG_ERROR([OpenSSL library not found.])
2917 AC_MSG_WARN([cross compiling: not checking])
2923 case "$ssl_library_ver" in
2925 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2930 # Sanity check OpenSSL headers
2931 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2936 #include <openssl/opensslv.h>
2937 #include <openssl/crypto.h>
2939 #ifndef HAVE_OPENSSL_VERSION_NUM
2940 # define OpenSSL_version_num SSLeay
2942 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2945 AC_MSG_RESULT([yes])
2949 if test "x$openssl_check_nonfatal" = "x"; then
2950 AC_MSG_ERROR([Your OpenSSL headers do not match your
2951 library. Check config.log for details.
2952 If you are sure your installation is consistent, you can disable the check
2953 by running "./configure --without-openssl-header-check".
2954 Also see contrib/findssl.sh for help identifying header/library mismatches.
2957 AC_MSG_WARN([Your OpenSSL headers do not match your
2958 library. Check config.log for details.
2959 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2963 AC_MSG_WARN([cross compiling: not checking])
2967 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2969 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2970 [[ ERR_load_crypto_strings(); ]])],
2972 AC_MSG_RESULT([yes])
2977 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2979 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2980 [[ ERR_load_crypto_strings(); ]])],
2982 AC_MSG_RESULT([yes])
2983 CHANNELLIBS="$CHANNELLIBS -ldl"
2995 DSA_generate_parameters_ex \
2996 EVP_DigestFinal_ex \
2998 EVP_MD_CTX_cleanup \
2999 EVP_MD_CTX_copy_ex \
3002 RSA_generate_key_ex \
3003 RSA_get_default_method \
3006 # OpenSSL_add_all_algorithms may be a macro.
3007 AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
3008 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
3009 AC_CHECK_DECL(OpenSSL_add_all_algorithms,
3010 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
3011 [[#include <openssl/evp.h>]]
3015 # LibreSSL/OpenSSL 1.1x API
3017 OPENSSL_init_crypto \
3032 EVP_CIPHER_CTX_iv_noconst \
3033 EVP_CIPHER_CTX_get_iv \
3034 EVP_CIPHER_CTX_get_updated_iv \
3035 EVP_CIPHER_CTX_set_iv \
3036 RSA_get0_crt_params \
3039 RSA_set0_crt_params \
3044 RSA_meth_set1_name \
3045 RSA_meth_get_finish \
3046 RSA_meth_set_priv_enc \
3047 RSA_meth_set_priv_dec \
3048 RSA_meth_set_finish \
3055 if test "x$openssl_engine" = "xyes" ; then
3056 AC_MSG_CHECKING([for OpenSSL ENGINE support])
3057 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3058 #include <openssl/engine.h>
3060 ENGINE_load_builtin_engines();
3061 ENGINE_register_all_complete();
3063 [ AC_MSG_RESULT([yes])
3064 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
3065 [Enable OpenSSL engine support])
3066 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
3070 # Check for OpenSSL without EVP_aes_{192,256}_cbc
3071 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3076 #include <openssl/evp.h>
3078 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
3084 AC_MSG_RESULT([yes])
3085 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
3086 [libcrypto is missing AES 192 and 256 bit functions])
3090 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
3095 #include <openssl/evp.h>
3097 if(EVP_DigestUpdate(NULL, NULL,0))
3101 AC_MSG_RESULT([yes])
3105 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
3106 [Define if EVP_DigestUpdate returns void])
3110 # Check for SHA256, SHA384 and SHA512 support in OpenSSL
3111 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
3113 # Check complete ECC support in OpenSSL
3114 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3117 #include <openssl/ec.h>
3118 #include <openssl/ecdh.h>
3119 #include <openssl/ecdsa.h>
3120 #include <openssl/evp.h>
3121 #include <openssl/objects.h>
3122 #include <openssl/opensslv.h>
3124 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3125 const EVP_MD *m = EVP_sha256(); /* We need this too */
3127 [ AC_MSG_RESULT([yes])
3128 enable_nistp256=1 ],
3129 [ AC_MSG_RESULT([no]) ]
3132 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3135 #include <openssl/ec.h>
3136 #include <openssl/ecdh.h>
3137 #include <openssl/ecdsa.h>
3138 #include <openssl/evp.h>
3139 #include <openssl/objects.h>
3140 #include <openssl/opensslv.h>
3142 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3143 const EVP_MD *m = EVP_sha384(); /* We need this too */
3145 [ AC_MSG_RESULT([yes])
3146 enable_nistp384=1 ],
3147 [ AC_MSG_RESULT([no]) ]
3150 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3153 #include <openssl/ec.h>
3154 #include <openssl/ecdh.h>
3155 #include <openssl/ecdsa.h>
3156 #include <openssl/evp.h>
3157 #include <openssl/objects.h>
3158 #include <openssl/opensslv.h>
3160 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3161 const EVP_MD *m = EVP_sha512(); /* We need this too */
3163 [ AC_MSG_RESULT([yes])
3164 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3168 #include <openssl/ec.h>
3169 #include <openssl/ecdh.h>
3170 #include <openssl/ecdsa.h>
3171 #include <openssl/evp.h>
3172 #include <openssl/objects.h>
3173 #include <openssl/opensslv.h>
3175 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3176 const EVP_MD *m = EVP_sha512(); /* We need this too */
3177 exit(e == NULL || m == NULL);
3179 [ AC_MSG_RESULT([yes])
3180 enable_nistp521=1 ],
3181 [ AC_MSG_RESULT([no]) ],
3182 [ AC_MSG_WARN([cross-compiling: assuming yes])
3188 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3189 test x$enable_nistp521 = x1; then
3190 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3191 AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3196 if test x$enable_nistp256 = x1; then
3197 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3198 [libcrypto has NID_X9_62_prime256v1])
3200 unsupported_algorithms="$unsupported_algorithms \
3201 ecdsa-sha2-nistp256 \
3202 ecdh-sha2-nistp256 \
3203 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3205 if test x$enable_nistp384 = x1; then
3206 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3208 unsupported_algorithms="$unsupported_algorithms \
3209 ecdsa-sha2-nistp384 \
3210 ecdh-sha2-nistp384 \
3211 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3213 if test x$enable_nistp521 = x1; then
3214 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3216 unsupported_algorithms="$unsupported_algorithms \
3217 ecdh-sha2-nistp521 \
3218 ecdsa-sha2-nistp521 \
3219 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3223 # PKCS11/U2F depend on OpenSSL and dlopen().
3226 if test "x$openssl" != "xyes" ; then
3227 enable_pkcs11="disabled; missing libcrypto"
3229 if test "x$ac_cv_func_dlopen" != "xyes" ; then
3230 enable_pkcs11="disabled; missing dlopen(3)"
3231 enable_sk="disabled; missing dlopen(3)"
3233 if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3234 enable_pkcs11="disabled; missing RTLD_NOW"
3235 enable_sk="disabled; missing RTLD_NOW"
3237 if test ! -z "$disable_pkcs11" ; then
3238 enable_pkcs11="disabled by user"
3240 if test ! -z "$disable_sk" ; then
3241 enable_sk="disabled by user"
3244 AC_MSG_CHECKING([whether to enable PKCS11])
3245 if test "x$enable_pkcs11" = "xyes" ; then
3246 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3248 AC_MSG_RESULT([$enable_pkcs11])
3250 AC_MSG_CHECKING([whether to enable U2F])
3251 if test "x$enable_sk" = "xyes" ; then
3252 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3253 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3255 # Do not try to build sk-dummy library.
3256 AC_SUBST(SK_DUMMY_LIBRARY, [""])
3258 AC_MSG_RESULT([$enable_sk])
3260 # Now check for built-in security key support.
3261 if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3262 use_pkgconfig_for_libfido2=
3263 if test "x$PKGCONFIG" != "xno"; then
3264 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3265 if "$PKGCONFIG" libfido2; then
3266 AC_MSG_RESULT([yes])
3267 use_pkgconfig_for_libfido2=yes
3272 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3273 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3274 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3276 LIBFIDO2="-lprivatefido2 -lprivatecbor"
3278 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3280 AC_CHECK_LIB([privatefido2], [fido_init],
3282 [ fido2_error="missing/unusable libfido2" ],
3285 AC_CHECK_HEADER([fido.h], [],
3286 [ fido2_error="missing fido.h from libfido2" ])
3287 AC_CHECK_HEADER([fido/credman.h], [],
3288 [ fido2_error="missing fido/credman.h from libfido2" ],
3289 [ #include <fido.h> ]
3291 AC_MSG_CHECKING([for usable libfido2 installation])
3292 if test ! -z "$fido2_error" ; then
3293 AC_MSG_RESULT([$fido2_error])
3294 if test "x$enable_sk_internal" = "xyes" ; then
3295 AC_MSG_ERROR([No usable libfido2 library/headers found])
3299 AC_MSG_RESULT([yes])
3300 AC_SUBST([LIBFIDO2])
3301 AC_DEFINE([ENABLE_SK_INTERNAL], [],
3302 [Enable for built-in U2F/FIDO support])
3303 enable_sk="built-in"
3305 LIBS="$LIBFIDO2 $LIBS"
3307 fido_assert_set_clientdata \
3309 fido_cred_set_prot \
3310 fido_cred_set_clientdata \
3311 fido_dev_get_touch_begin \
3312 fido_dev_get_touch_status \
3313 fido_dev_supports_cred_prot \
3314 fido_dev_is_winhello \
3324 arc4random_uniform \
3326 ### Configure cryptographic random number support
3328 # Check whether OpenSSL seeds itself
3329 if test "x$openssl" = "xyes" ; then
3330 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3335 #include <openssl/rand.h>
3337 exit(RAND_status() == 1 ? 0 : 1);
3340 OPENSSL_SEEDS_ITSELF=yes
3341 AC_MSG_RESULT([yes])
3347 AC_MSG_WARN([cross compiling: assuming yes])
3348 # This is safe, since we will fatal() at runtime if
3349 # OpenSSL is not seeded correctly.
3350 OPENSSL_SEEDS_ITSELF=yes
3356 AC_ARG_WITH([prngd-port],
3357 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3366 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3369 if test ! -z "$withval" ; then
3370 PRNGD_PORT="$withval"
3371 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3372 [Port number of PRNGD/EGD random number socket])
3377 # PRNGD Unix domain socket
3378 AC_ARG_WITH([prngd-socket],
3379 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3383 withval="/var/run/egd-pool"
3391 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3395 if test ! -z "$withval" ; then
3396 if test ! -z "$PRNGD_PORT" ; then
3397 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3399 if test ! -r "$withval" ; then
3400 AC_MSG_WARN([Entropy socket is not readable])
3402 PRNGD_SOCKET="$withval"
3403 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3404 [Location of PRNGD/EGD random number socket])
3408 # Check for existing socket only if we don't have a random device already
3409 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3410 AC_MSG_CHECKING([for PRNGD/EGD socket])
3411 # Insert other locations here
3412 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3413 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3414 PRNGD_SOCKET="$sock"
3415 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3419 if test ! -z "$PRNGD_SOCKET" ; then
3420 AC_MSG_RESULT([$PRNGD_SOCKET])
3422 AC_MSG_RESULT([not found])
3428 # Which randomness source do we use?
3429 if test ! -z "$PRNGD_PORT" ; then
3430 RAND_MSG="PRNGd port $PRNGD_PORT"
3431 elif test ! -z "$PRNGD_SOCKET" ; then
3432 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3433 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3434 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3435 [Define if you want the OpenSSL internally seeded PRNG only])
3436 RAND_MSG="OpenSSL internal ONLY"
3437 elif test "x$openssl" = "xno" ; then
3438 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3440 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3442 LIBS="$nocrypto_saved_LIBS"
3445 AC_CHECK_LIB([iaf], [ia_openinfo], [
3447 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3448 AC_DEFINE([HAVE_LIBIAF], [1],
3449 [Define if system has libiaf that supports set_id])
3454 # Check for crypt() in libcrypt. If we have it, we only need it for sshd.
3456 AC_CHECK_LIB([crypt], [crypt], [
3457 LIBS="-lcrypt $LIBS"
3458 SSHDLIBS="-lcrypt $SSHDLIBS"
3460 AC_CHECK_FUNCS([crypt])
3463 # Check for PAM libs
3466 [ --with-pam Enable PAM support ],
3468 if test "x$withval" != "xno" ; then
3469 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3470 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3471 AC_MSG_ERROR([PAM headers not found])
3475 AC_CHECK_LIB([dl], [dlopen], , )
3476 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3477 AC_CHECK_FUNCS([pam_getenvlist])
3478 AC_CHECK_FUNCS([pam_putenv])
3483 SSHDLIBS="$SSHDLIBS -lpam"
3484 AC_DEFINE([USE_PAM], [1],
3485 [Define if you want to enable PAM support])
3487 if test $ac_cv_lib_dl_dlopen = yes; then
3490 # libdl already in LIBS
3493 SSHDLIBS="$SSHDLIBS -ldl"
3501 AC_ARG_WITH([pam-service],
3502 [ --with-pam-service=name Specify PAM service name ],
3504 if test "x$withval" != "xno" && \
3505 test "x$withval" != "xyes" ; then
3506 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3507 ["$withval"], [sshd PAM service name])
3512 # Check for older PAM
3513 if test "x$PAM_MSG" = "xyes" ; then
3514 # Check PAM strerror arguments (old PAM)
3515 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3516 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3518 #if defined(HAVE_SECURITY_PAM_APPL_H)
3519 #include <security/pam_appl.h>
3520 #elif defined (HAVE_PAM_PAM_APPL_H)
3521 #include <pam/pam_appl.h>
3524 (void)pam_strerror((pam_handle_t *)NULL, -1);
3525 ]])], [AC_MSG_RESULT([no])], [
3526 AC_DEFINE([HAVE_OLD_PAM], [1],
3527 [Define if you have an old version of PAM
3528 which takes only one argument to pam_strerror])
3529 AC_MSG_RESULT([yes])
3530 PAM_MSG="yes (old library)"
3537 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3540 SSH_PRIVSEP_USER=sshd
3543 AC_ARG_WITH([privsep-user],
3544 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3546 if test -n "$withval" && test "x$withval" != "xno" && \
3547 test "x${withval}" != "xyes"; then
3548 SSH_PRIVSEP_USER=$withval
3552 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3553 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3554 [Cygwin function to fetch non-privileged user for privilege separation])
3556 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3557 [non-privileged user for privilege separation])
3559 AC_SUBST([SSH_PRIVSEP_USER])
3561 if test "x$have_linux_no_new_privs" = "x1" ; then
3562 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3563 #include <sys/types.h>
3564 #include <linux/seccomp.h>
3567 if test "x$have_seccomp_filter" = "x1" ; then
3568 AC_MSG_CHECKING([kernel for seccomp_filter support])
3569 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3572 #include <linux/audit.h>
3573 #include <linux/seccomp.h>
3575 #include <sys/prctl.h>
3577 [[ int i = $seccomp_audit_arch;
3579 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3580 exit(errno == EFAULT ? 0 : 1); ]])],
3581 [ AC_MSG_RESULT([yes]) ], [
3583 # Disable seccomp filter as a target
3584 have_seccomp_filter=0
3589 AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
3590 #include <sys/types.h>
3594 #ifdef HAVE_SYS_POLL_H
3595 #include <sys/poll.h>
3599 AC_CHECK_TYPES([nfds_t], , , [
3600 #include <sys/types.h>
3604 #ifdef HAVE_SYS_POLL_H
3605 #include <sys/poll.h>
3609 # Decide which sandbox style to use
3611 AC_ARG_WITH([sandbox],
3612 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3614 if test "x$withval" = "xyes" ; then
3617 sandbox_arg="$withval"
3622 if test "x$sandbox_arg" != "xno"; then
3623 # POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
3624 # is greater than OPEN_MAX". On some platforms that includes implementions
3625 # of select in userspace on top of poll() so check both work with rlimit
3626 # NOFILES so check that both work before enabling the rlimit sandbox.
3627 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
3630 #include <sys/types.h>
3631 #ifdef HAVE_SYS_TIME_H
3632 # include <sys/time.h>
3634 #include <sys/resource.h>
3635 #ifdef HAVE_SYS_SELECT_H
3636 # include <sys/select.h>
3640 #elif HAVE_SYS_POLL_H
3641 # include <sys/poll.h>
3647 struct rlimit rl_zero;
3655 fd = open("/dev/null", O_RDONLY);
3658 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3659 setrlimit(RLIMIT_FSIZE, &rl_zero);
3660 setrlimit(RLIMIT_NOFILE, &rl_zero);
3663 r = select(fd+1, &fds, NULL, NULL, &tv);
3668 pfd.events = POLLIN;
3669 r = poll(&pfd, 1, 1);
3675 [AC_MSG_RESULT([yes])
3676 select_works_with_rlimit=yes],
3677 [AC_MSG_RESULT([no])
3678 select_works_with_rlimit=no],
3679 [AC_MSG_WARN([cross compiling: assuming no])
3680 select_works_with_rlimit=no]
3683 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3686 #include <sys/types.h>
3687 #ifdef HAVE_SYS_TIME_H
3688 # include <sys/time.h>
3690 #include <sys/resource.h>
3694 struct rlimit rl_zero;
3697 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3698 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3699 exit (r == -1 ? 1 : 0);
3701 [AC_MSG_RESULT([yes])
3702 rlimit_nofile_zero_works=yes],
3703 [AC_MSG_RESULT([no])
3704 rlimit_nofile_zero_works=no],
3705 [AC_MSG_WARN([cross compiling: assuming yes])
3706 rlimit_nofile_zero_works=yes]
3709 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3712 #include <sys/types.h>
3713 #include <sys/resource.h>
3716 struct rlimit rl_zero;
3718 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3719 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3721 [AC_MSG_RESULT([yes])],
3722 [AC_MSG_RESULT([no])
3723 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3724 [setrlimit RLIMIT_FSIZE works])],
3725 [AC_MSG_WARN([cross compiling: assuming yes])]
3729 if test "x$sandbox_arg" = "xpledge" || \
3730 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3731 test "x$ac_cv_func_pledge" != "xyes" && \
3732 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3733 SANDBOX_STYLE="pledge"
3734 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3735 elif test "x$sandbox_arg" = "xsystrace" || \
3736 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3737 test "x$have_systr_policy_kill" != "x1" && \
3738 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3739 SANDBOX_STYLE="systrace"
3740 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3741 elif test "x$sandbox_arg" = "xdarwin" || \
3742 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3743 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3744 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3745 "x$ac_cv_header_sandbox_h" != "xyes" && \
3746 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3747 SANDBOX_STYLE="darwin"
3748 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3749 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3750 ( test -z "$sandbox_arg" && \
3751 test "x$have_seccomp_filter" = "x1" && \
3752 test "x$ac_cv_header_elf_h" = "xyes" && \
3753 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3754 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3755 test "x$seccomp_audit_arch" != "x" && \
3756 test "x$have_linux_no_new_privs" = "x1" && \
3757 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3758 test "x$seccomp_audit_arch" = "x" && \
3759 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3760 test "x$have_linux_no_new_privs" != "x1" && \
3761 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3762 test "x$have_seccomp_filter" != "x1" && \
3763 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3764 test "x$ac_cv_func_prctl" != "xyes" && \
3765 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3766 SANDBOX_STYLE="seccomp_filter"
3767 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3768 elif test "x$sandbox_arg" = "xcapsicum" || \
3769 ( test -z "$sandbox_arg" && \
3770 test "x$disable_capsicum" != "xyes" && \
3771 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3772 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3773 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3774 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3775 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3776 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3777 SANDBOX_STYLE="capsicum"
3778 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3779 elif test "x$sandbox_arg" = "xrlimit" || \
3780 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3781 test "x$select_works_with_rlimit" = "xyes" && \
3782 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3783 test "x$ac_cv_func_setrlimit" != "xyes" && \
3784 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3785 test "x$select_works_with_rlimit" != "xyes" && \
3786 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3787 SANDBOX_STYLE="rlimit"
3788 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3789 elif test "x$sandbox_arg" = "xsolaris" || \
3790 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3791 SANDBOX_STYLE="solaris"
3792 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3793 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3794 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3795 SANDBOX_STYLE="none"
3796 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3798 AC_MSG_ERROR([unsupported --with-sandbox])
3801 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3802 if test ! -z "$SONY" ; then
3803 LIBS="$LIBS -liberty";
3806 # Check for long long datatypes
3807 AC_CHECK_TYPES([long long, unsigned long long, long double])
3809 # Check datatype sizes
3810 AC_CHECK_SIZEOF([short int])
3811 AC_CHECK_SIZEOF([int])
3812 AC_CHECK_SIZEOF([long int])
3813 AC_CHECK_SIZEOF([long long int])
3814 AC_CHECK_SIZEOF([time_t], [], [[
3815 #include <sys/types.h>
3816 #ifdef HAVE_SYS_TIME_H
3817 # include <sys/time.h>
3825 # Sanity check long long for some platforms (AIX)
3826 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3827 ac_cv_sizeof_long_long_int=0
3830 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3831 if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3832 AC_MSG_CHECKING([for max value of long long])
3837 /* Why is this so damn hard? */
3841 #define __USE_ISOC99
3843 #define DATA "conftest.llminmax"
3844 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3847 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3848 * we do this the hard way.
3851 fprint_ll(FILE *f, long long n)
3854 int l[sizeof(long long) * 8];
3857 if (fprintf(f, "-") < 0)
3859 for (i = 0; n != 0; i++) {
3860 l[i] = my_abs(n % 10);
3864 if (fprintf(f, "%d", l[--i]) < 0)
3867 if (fprintf(f, " ") < 0)
3873 long long i, llmin, llmax = 0;
3875 if((f = fopen(DATA,"w")) == NULL)
3878 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3879 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3883 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3884 /* This will work on one's complement and two's complement */
3885 for (i = 1; i > llmax; i <<= 1, i++)
3887 llmin = llmax + 1LL; /* wrap */
3891 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3892 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3893 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3894 fprintf(f, "unknown unknown\n");
3898 if (fprint_ll(f, llmin) < 0)
3900 if (fprint_ll(f, llmax) < 0)
3907 llong_min=`$AWK '{print $1}' conftest.llminmax`
3908 llong_max=`$AWK '{print $2}' conftest.llminmax`
3910 AC_MSG_RESULT([$llong_max])
3911 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3912 [max value of long long calculated by configure])
3913 AC_MSG_CHECKING([for min value of long long])
3914 AC_MSG_RESULT([$llong_min])
3915 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3916 [min value of long long calculated by configure])
3919 AC_MSG_RESULT([not found])
3922 AC_MSG_WARN([cross compiling: not checking])
3927 AC_CHECK_DECLS([UINT32_MAX], , , [[
3928 #ifdef HAVE_SYS_LIMITS_H
3929 # include <sys/limits.h>
3931 #ifdef HAVE_LIMITS_H
3932 # include <limits.h>
3934 #ifdef HAVE_STDINT_H
3935 # include <stdint.h>
3939 # More checks for data types
3940 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3941 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3942 [[ u_int a; a = 1;]])],
3943 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3946 if test "x$ac_cv_have_u_int" = "xyes" ; then
3947 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3951 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3952 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3953 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3954 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3957 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3958 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3962 if (test -z "$have_intxx_t" && \
3963 test "x$ac_cv_header_stdint_h" = "xyes")
3965 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3966 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3967 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3969 AC_DEFINE([HAVE_INTXX_T])
3970 AC_MSG_RESULT([yes])
3971 ], [ AC_MSG_RESULT([no])
3975 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3976 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3977 #include <sys/types.h>
3978 #ifdef HAVE_STDINT_H
3979 # include <stdint.h>
3981 #include <sys/socket.h>
3982 #ifdef HAVE_SYS_BITYPES_H
3983 # include <sys/bitypes.h>
3988 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3991 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3992 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3995 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3996 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3997 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3998 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
4001 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
4002 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
4006 if test -z "$have_u_intxx_t" ; then
4007 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
4008 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
4009 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
4011 AC_DEFINE([HAVE_U_INTXX_T])
4012 AC_MSG_RESULT([yes])
4013 ], [ AC_MSG_RESULT([no])
4017 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
4018 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4019 [[ u_int64_t a; a = 1;]])],
4020 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
4023 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
4024 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
4028 if (test -z "$have_u_int64_t" && \
4029 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4031 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
4032 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
4033 [[ u_int64_t a; a = 1]])],
4035 AC_DEFINE([HAVE_U_INT64_T])
4036 AC_MSG_RESULT([yes])
4037 ], [ AC_MSG_RESULT([no])
4041 if test -z "$have_u_intxx_t" ; then
4042 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
4043 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4044 #include <sys/types.h>
4051 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
4054 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
4055 AC_DEFINE([HAVE_UINTXX_T], [1],
4056 [define if you have uintxx_t data type])
4060 if (test -z "$have_uintxx_t" && \
4061 test "x$ac_cv_header_stdint_h" = "xyes")
4063 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
4064 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
4065 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4067 AC_DEFINE([HAVE_UINTXX_T])
4068 AC_MSG_RESULT([yes])
4069 ], [ AC_MSG_RESULT([no])
4073 if (test -z "$have_uintxx_t" && \
4074 test "x$ac_cv_header_inttypes_h" = "xyes")
4076 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
4077 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
4078 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4080 AC_DEFINE([HAVE_UINTXX_T])
4081 AC_MSG_RESULT([yes])
4082 ], [ AC_MSG_RESULT([no])
4086 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4087 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4089 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
4090 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4091 #include <sys/bitypes.h>
4093 int8_t a; int16_t b; int32_t c;
4094 u_int8_t e; u_int16_t f; u_int32_t g;
4095 a = b = c = e = f = g = 1;
4098 AC_DEFINE([HAVE_U_INTXX_T])
4099 AC_DEFINE([HAVE_INTXX_T])
4100 AC_MSG_RESULT([yes])
4101 ], [AC_MSG_RESULT([no])
4106 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
4107 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4108 [[ u_char foo; foo = 125; ]])],
4109 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
4112 if test "x$ac_cv_have_u_char" = "xyes" ; then
4113 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
4116 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
4117 #include <sys/types.h>
4118 #ifdef HAVE_STDINT_H
4119 # include <stdint.h>
4125 AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
4126 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
4127 #include <sys/types.h>
4128 #ifdef HAVE_SYS_BITYPES_H
4129 #include <sys/bitypes.h>
4131 #ifdef HAVE_SYS_STATFS_H
4132 #include <sys/statfs.h>
4134 #ifdef HAVE_SYS_STATVFS_H
4135 #include <sys/statvfs.h>
4139 AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
4140 #include <sys/param.h>
4141 #include <sys/types.h>
4142 #ifdef HAVE_SYS_BITYPES_H
4143 #include <sys/bitypes.h>
4145 #ifdef HAVE_SYS_STATFS_H
4146 #include <sys/statfs.h>
4148 #ifdef HAVE_SYS_STATVFS_H
4149 #include <sys/statvfs.h>
4151 #ifdef HAVE_SYS_VFS_H
4152 #include <sys/vfs.h>
4154 #ifdef HAVE_SYS_MOUNT_H
4155 #include <sys/mount.h>
4160 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
4161 [#include <sys/types.h>
4162 #include <netinet/in.h>])
4164 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
4165 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4166 [[ size_t foo; foo = 1235; ]])],
4167 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
4170 if test "x$ac_cv_have_size_t" = "xyes" ; then
4171 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
4174 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
4175 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4176 [[ ssize_t foo; foo = 1235; ]])],
4177 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
4180 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
4181 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
4184 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
4185 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
4186 [[ clock_t foo; foo = 1235; ]])],
4187 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
4190 if test "x$ac_cv_have_clock_t" = "xyes" ; then
4191 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
4194 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
4195 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4196 #include <sys/types.h>
4197 #include <sys/socket.h>
4198 ]], [[ sa_family_t foo; foo = 1235; ]])],
4199 [ ac_cv_have_sa_family_t="yes" ],
4200 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4201 #include <sys/types.h>
4202 #include <sys/socket.h>
4203 #include <netinet/in.h>
4204 ]], [[ sa_family_t foo; foo = 1235; ]])],
4205 [ ac_cv_have_sa_family_t="yes" ],
4206 [ ac_cv_have_sa_family_t="no" ]
4210 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
4211 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
4212 [define if you have sa_family_t data type])
4215 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
4216 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4217 [[ pid_t foo; foo = 1235; ]])],
4218 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
4221 if test "x$ac_cv_have_pid_t" = "xyes" ; then
4222 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
4225 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
4226 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4227 [[ mode_t foo; foo = 1235; ]])],
4228 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
4231 if test "x$ac_cv_have_mode_t" = "xyes" ; then
4232 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
4236 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
4237 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4238 #include <sys/types.h>
4239 #include <sys/socket.h>
4240 ]], [[ struct sockaddr_storage s; ]])],
4241 [ ac_cv_have_struct_sockaddr_storage="yes" ],
4242 [ ac_cv_have_struct_sockaddr_storage="no"
4245 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
4246 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
4247 [define if you have struct sockaddr_storage data type])
4250 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
4251 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4252 #include <sys/types.h>
4253 #include <netinet/in.h>
4254 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
4255 [ ac_cv_have_struct_sockaddr_in6="yes" ],
4256 [ ac_cv_have_struct_sockaddr_in6="no"
4259 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
4260 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
4261 [define if you have struct sockaddr_in6 data type])
4264 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4265 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4266 #include <sys/types.h>
4267 #include <netinet/in.h>
4268 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4269 [ ac_cv_have_struct_in6_addr="yes" ],
4270 [ ac_cv_have_struct_in6_addr="no"
4273 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4274 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4275 [define if you have struct in6_addr data type])
4277 dnl Now check for sin6_scope_id
4278 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4280 #ifdef HAVE_SYS_TYPES_H
4281 #include <sys/types.h>
4283 #include <netinet/in.h>
4287 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4288 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4289 #include <sys/types.h>
4290 #include <sys/socket.h>
4292 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4293 [ ac_cv_have_struct_addrinfo="yes" ],
4294 [ ac_cv_have_struct_addrinfo="no"
4297 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4298 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4299 [define if you have struct addrinfo data type])
4302 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4303 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4304 [[ struct timeval tv; tv.tv_sec = 1;]])],
4305 [ ac_cv_have_struct_timeval="yes" ],
4306 [ ac_cv_have_struct_timeval="no"
4309 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4310 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4311 have_struct_timeval=1
4314 AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4315 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4316 #ifdef HAVE_SYS_TIME_H
4317 # include <sys/time.h>
4323 [[ struct timespec ts; ts.tv_sec = 1;]])],
4324 [ ac_cv_have_struct_timespec="yes" ],
4325 [ ac_cv_have_struct_timespec="no"
4328 if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4329 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4330 have_struct_timespec=1
4333 # We need int64_t or else certain parts of the compile will fail.
4334 if test "x$ac_cv_have_int64_t" = "xno" && \
4335 test "x$ac_cv_sizeof_long_int" != "x8" && \
4336 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4337 echo "OpenSSH requires int64_t support. Contact your vendor or install"
4338 echo "an alternative compiler (I.E., GCC) before continuing."
4342 dnl test snprintf (broken on SCO w/gcc)
4348 #ifdef HAVE_SNPRINTF
4352 char expected_out[50];
4354 #if (SIZEOF_LONG_INT == 8)
4355 long int num = 0x7fffffffffffffff;
4357 long long num = 0x7fffffffffffffffll;
4359 strcpy(expected_out, "9223372036854775807");
4360 snprintf(buf, mazsize, "%lld", num);
4361 if(strcmp(buf, expected_out) != 0)
4366 int main(void) { exit(0); }
4368 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4369 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4373 dnl Checks for structure members
4374 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4375 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4376 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4377 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4378 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4379 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4380 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4381 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4382 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4383 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4384 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4385 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4386 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4387 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4388 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4389 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4390 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4391 OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
4393 AC_CHECK_MEMBERS([struct stat.st_blksize])
4394 AC_CHECK_MEMBERS([struct stat.st_mtim])
4395 AC_CHECK_MEMBERS([struct stat.st_mtime])
4396 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4397 struct passwd.pw_change, struct passwd.pw_expire],
4399 #include <sys/types.h>
4403 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4404 [Define if we don't have struct __res_state in resolv.h])],
4407 #if HAVE_SYS_TYPES_H
4408 # include <sys/types.h>
4410 #include <netinet/in.h>
4411 #include <arpa/nameser.h>
4415 AC_CHECK_MEMBER([struct sockaddr_in.sin_len],
4416 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])],
4419 #include <sys/types.h>
4420 #include <sys/socket.h>
4421 #include <netinet/in.h>
4425 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4426 ac_cv_have_ss_family_in_struct_ss, [
4427 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4428 #include <sys/types.h>
4429 #include <sys/socket.h>
4430 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4431 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
4432 [ ac_cv_have_ss_family_in_struct_ss="no" ])
4434 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4435 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4438 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4439 ac_cv_have___ss_family_in_struct_ss, [
4440 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4441 #include <sys/types.h>
4442 #include <sys/socket.h>
4443 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4444 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
4445 [ ac_cv_have___ss_family_in_struct_ss="no"
4448 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4449 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4450 [Fields in struct sockaddr_storage])
4453 dnl make sure we're using the real structure members and not defines
4454 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4455 ac_cv_have_accrights_in_msghdr, [
4456 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4457 #include <sys/types.h>
4458 #include <sys/socket.h>
4459 #include <sys/uio.h>
4462 #ifdef msg_accrights
4463 #error "msg_accrights is a macro"
4467 m.msg_accrights = 0;
4470 [ ac_cv_have_accrights_in_msghdr="yes" ],
4471 [ ac_cv_have_accrights_in_msghdr="no" ]
4474 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4475 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4476 [Define if your system uses access rights style
4477 file descriptor passing])
4480 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4481 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4482 #include <sys/param.h>
4483 #include <sys/stat.h>
4484 #ifdef HAVE_SYS_TIME_H
4485 # include <sys/time.h>
4487 #ifdef HAVE_SYS_MOUNT_H
4488 #include <sys/mount.h>
4490 #ifdef HAVE_SYS_STATVFS_H
4491 #include <sys/statvfs.h>
4493 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4494 [ AC_MSG_RESULT([yes]) ],
4495 [ AC_MSG_RESULT([no])
4497 AC_MSG_CHECKING([if fsid_t has member val])
4498 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4499 #include <sys/types.h>
4500 #include <sys/statvfs.h>
4501 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4502 [ AC_MSG_RESULT([yes])
4503 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4504 [ AC_MSG_RESULT([no]) ])
4506 AC_MSG_CHECKING([if f_fsid has member __val])
4507 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4508 #include <sys/types.h>
4509 #include <sys/statvfs.h>
4510 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4511 [ AC_MSG_RESULT([yes])
4512 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4513 [ AC_MSG_RESULT([no]) ])
4516 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4517 ac_cv_have_control_in_msghdr, [
4518 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4519 #include <sys/types.h>
4520 #include <sys/socket.h>
4521 #include <sys/uio.h>
4525 #error "msg_control is a macro"
4532 [ ac_cv_have_control_in_msghdr="yes" ],
4533 [ ac_cv_have_control_in_msghdr="no" ]
4536 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4537 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4538 [Define if your system uses ancillary data style
4539 file descriptor passing])
4542 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4543 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4544 [[ extern char *__progname; printf("%s", __progname); ]])],
4545 [ ac_cv_libc_defines___progname="yes" ],
4546 [ ac_cv_libc_defines___progname="no"
4549 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4550 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4553 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4554 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4555 [[ printf("%s", __FUNCTION__); ]])],
4556 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4557 [ ac_cv_cc_implements___FUNCTION__="no"
4560 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4561 AC_DEFINE([HAVE___FUNCTION__], [1],
4562 [Define if compiler implements __FUNCTION__])
4565 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4566 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4567 [[ printf("%s", __func__); ]])],
4568 [ ac_cv_cc_implements___func__="yes" ],
4569 [ ac_cv_cc_implements___func__="no"
4572 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4573 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4576 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4577 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4580 ]], [[ va_copy(x,y); ]])],
4581 [ ac_cv_have_va_copy="yes" ],
4582 [ ac_cv_have_va_copy="no"
4585 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4586 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4589 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4590 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4593 ]], [[ __va_copy(x,y); ]])],
4594 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4597 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4598 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4601 AC_CACHE_CHECK([whether getopt has optreset support],
4602 ac_cv_have_getopt_optreset, [
4603 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4604 [[ extern int optreset; optreset = 0; ]])],
4605 [ ac_cv_have_getopt_optreset="yes" ],
4606 [ ac_cv_have_getopt_optreset="no"
4609 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4610 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4611 [Define if your getopt(3) defines and uses optreset])
4614 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4615 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4616 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4617 [ ac_cv_libc_defines_sys_errlist="yes" ],
4618 [ ac_cv_libc_defines_sys_errlist="no"
4621 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4622 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4623 [Define if your system defines sys_errlist[]])
4627 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4628 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4629 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4630 [ ac_cv_libc_defines_sys_nerr="yes" ],
4631 [ ac_cv_libc_defines_sys_nerr="no"
4634 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4635 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4638 # Check libraries needed by DNS fingerprint support
4639 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4640 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4641 [Define if getrrsetbyname() exists])],
4643 # Needed by our getrrsetbyname()
4644 AC_SEARCH_LIBS([res_query], [resolv])
4645 AC_SEARCH_LIBS([dn_expand], [resolv])
4646 AC_MSG_CHECKING([if res_query will link])
4647 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4648 #include <sys/types.h>
4649 #include <netinet/in.h>
4650 #include <arpa/nameser.h>
4654 res_query (0, 0, 0, 0, 0);
4656 AC_MSG_RESULT([yes]),
4657 [AC_MSG_RESULT([no])
4659 LIBS="$LIBS -lresolv"
4660 AC_MSG_CHECKING([for res_query in -lresolv])
4661 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4662 #include <sys/types.h>
4663 #include <netinet/in.h>
4664 #include <arpa/nameser.h>
4668 res_query (0, 0, 0, 0, 0);
4670 [AC_MSG_RESULT([yes])],
4672 AC_MSG_RESULT([no])])
4674 AC_CHECK_FUNCS([_getshort _getlong])
4675 AC_CHECK_DECLS([_getshort, _getlong], , ,
4676 [#include <sys/types.h>
4677 #include <arpa/nameser.h>])
4678 AC_CHECK_MEMBER([HEADER.ad],
4679 [AC_DEFINE([HAVE_HEADER_AD], [1],
4680 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4681 [#include <arpa/nameser.h>])
4684 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4685 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4687 #if HAVE_SYS_TYPES_H
4688 # include <sys/types.h>
4690 #include <netinet/in.h>
4691 #include <arpa/nameser.h>
4693 extern struct __res_state _res;
4695 struct __res_state *volatile p = &_res; /* force resolution of _res */
4698 [AC_MSG_RESULT([yes])
4699 AC_DEFINE([HAVE__RES_EXTERN], [1],
4700 [Define if you have struct __res_state _res as an extern])
4702 [ AC_MSG_RESULT([no]) ]
4705 # Check whether user wants SELinux support
4708 AC_ARG_WITH([selinux],
4709 [ --with-selinux Enable SELinux support],
4710 [ if test "x$withval" != "xno" ; then
4712 AC_DEFINE([WITH_SELINUX], [1],
4713 [Define if you want SELinux support.])
4715 AC_CHECK_HEADER([selinux/selinux.h], ,
4716 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4717 AC_CHECK_LIB([selinux], [setexeccon],
4718 [ LIBSELINUX="-lselinux"
4719 LIBS="$LIBS -lselinux"
4721 AC_MSG_ERROR([SELinux support requires libselinux library]))
4722 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4723 LIBS="$save_LIBS $LIBSELINUX"
4726 AC_SUBST([SSHDLIBS])
4728 # Check whether user wants Kerberos 5 support
4730 AC_ARG_WITH([kerberos5],
4731 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4732 [ if test "x$withval" != "xno" ; then
4733 if test "x$withval" = "xyes" ; then
4734 KRB5ROOT="/usr/local"
4739 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4742 use_pkgconfig_for_krb5=
4743 if test "x$PKGCONFIG" != "xno"; then
4744 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
4745 if "$PKGCONFIG" krb5; then
4746 AC_MSG_RESULT([yes])
4747 use_pkgconfig_for_krb5=yes
4752 if test "x$use_pkgconfig_for_krb5" = "xyes"; then
4753 K5CFLAGS=`$PKGCONFIG --cflags krb5`
4754 K5LIBS=`$PKGCONFIG --libs krb5`
4755 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4757 AC_MSG_CHECKING([for gssapi support])
4758 if "$PKGCONFIG" krb5-gssapi; then
4759 AC_MSG_RESULT([yes])
4760 AC_DEFINE([GSSAPI], [1],
4761 [Define this if you want GSSAPI
4762 support in the version 2 protocol])
4763 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4764 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4765 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4769 AC_MSG_CHECKING([whether we are using Heimdal])
4770 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4771 ]], [[ char *tmp = heimdal_version; ]])],
4772 [ AC_MSG_RESULT([yes])
4773 AC_DEFINE([HEIMDAL], [1],
4774 [Define this if you are using the Heimdal
4775 version of Kerberos V5]) ],
4776 [AC_MSG_RESULT([no])
4779 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4780 [$KRB5ROOT/bin/krb5-config],
4781 [$KRB5ROOT/bin:$PATH])
4782 if test -x $KRB5CONF ; then
4783 K5CFLAGS="`$KRB5CONF --cflags`"
4784 K5LIBS="`$KRB5CONF --libs`"
4785 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4787 AC_MSG_CHECKING([for gssapi support])
4788 if $KRB5CONF | grep gssapi >/dev/null ; then
4789 AC_MSG_RESULT([yes])
4790 AC_DEFINE([GSSAPI], [1],
4791 [Define this if you want GSSAPI
4792 support in the version 2 protocol])
4793 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4794 GSSLIBS="`$KRB5CONF --libs gssapi`"
4795 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4799 AC_MSG_CHECKING([whether we are using Heimdal])
4800 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4801 ]], [[ char *tmp = heimdal_version; ]])],
4802 [ AC_MSG_RESULT([yes])
4803 AC_DEFINE([HEIMDAL], [1],
4804 [Define this if you are using the Heimdal
4805 version of Kerberos V5]) ],
4806 [AC_MSG_RESULT([no])
4809 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4810 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4811 AC_MSG_CHECKING([whether we are using Heimdal])
4812 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4813 ]], [[ char *tmp = heimdal_version; ]])],
4814 [ AC_MSG_RESULT([yes])
4815 AC_DEFINE([HEIMDAL])
4817 K5LIBS="$K5LIBS -lcom_err -lasn1"
4818 AC_CHECK_LIB([roken], [net_write],
4819 [K5LIBS="$K5LIBS -lroken"])
4820 AC_CHECK_LIB([des], [des_cbc_encrypt],
4821 [K5LIBS="$K5LIBS -ldes"])
4822 ], [ AC_MSG_RESULT([no])
4823 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4825 AC_SEARCH_LIBS([dn_expand], [resolv])
4827 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4828 [ AC_DEFINE([GSSAPI])
4829 GSSLIBS="-lgssapi_krb5" ],
4830 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4831 [ AC_DEFINE([GSSAPI])
4832 GSSLIBS="-lgssapi" ],
4833 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4834 [ AC_DEFINE([GSSAPI])
4836 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4840 AC_CHECK_HEADER([gssapi.h], ,
4841 [ unset ac_cv_header_gssapi_h
4842 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4843 AC_CHECK_HEADERS([gssapi.h], ,
4844 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4850 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4851 AC_CHECK_HEADER([gssapi_krb5.h], ,
4852 [ CPPFLAGS="$oldCPP" ])
4856 if test -n "${rpath_opt}" ; then
4857 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
4859 if test ! -z "$blibpath" ; then
4860 blibpath="$blibpath:${KRB5ROOT}/lib"
4863 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4864 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4865 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4867 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4868 [Define this if you want to use libkafs' AFS support])])
4870 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4871 #ifdef HAVE_GSSAPI_H
4872 # include <gssapi.h>
4873 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4874 # include <gssapi/gssapi.h>
4877 #ifdef HAVE_GSSAPI_GENERIC_H
4878 # include <gssapi_generic.h>
4879 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4880 # include <gssapi/gssapi_generic.h>
4884 LIBS="$LIBS $K5LIBS"
4885 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4893 AC_SUBST([CHANNELLIBS])
4895 # Looking for programs, paths and files
4897 PRIVSEP_PATH=/var/empty
4898 AC_ARG_WITH([privsep-path],
4899 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4901 if test -n "$withval" && test "x$withval" != "xno" && \
4902 test "x${withval}" != "xyes"; then
4903 PRIVSEP_PATH=$withval
4907 AC_SUBST([PRIVSEP_PATH])
4909 AC_ARG_WITH([xauth],
4910 [ --with-xauth=PATH Specify path to xauth program ],
4912 if test -n "$withval" && test "x$withval" != "xno" && \
4913 test "x${withval}" != "xyes"; then
4919 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4920 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4921 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4922 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4923 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4924 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4925 xauth_path="/usr/openwin/bin/xauth"
4931 AC_ARG_ENABLE([strip],
4932 [ --disable-strip Disable calling strip(1) on install],
4934 if test "x$enableval" = "xno" ; then
4939 AC_SUBST([STRIP_OPT])
4941 if test -z "$xauth_path" ; then
4942 XAUTH_PATH="undefined"
4943 AC_SUBST([XAUTH_PATH])
4945 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4946 [Define if xauth is found in your path])
4947 XAUTH_PATH=$xauth_path
4948 AC_SUBST([XAUTH_PATH])
4951 dnl # --with-maildir=/path/to/mail gets top priority.
4952 dnl # if maildir is set in the platform case statement above we use that.
4953 dnl # Otherwise we run a program to get the dir from system headers.
4954 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4955 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4956 dnl # session.c expects anyway. Otherwise we set to the value found
4957 dnl # stripping any trailing slash. If for some strage reason our program
4958 dnl # does not find what it needs, we default to /var/spool/mail.
4959 # Check for mail directory
4960 AC_ARG_WITH([maildir],
4961 [ --with-maildir=/path/to/mail Specify your system mail directory],
4963 if test "X$withval" != X && test "x$withval" != xno && \
4964 test "x${withval}" != xyes; then
4965 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4966 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4969 if test "X$maildir" != "X"; then
4970 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4972 AC_MSG_CHECKING([Discovering system mail directory])
4981 #ifdef HAVE_MAILLOCK_H
4982 #include <maillock.h>
4984 #define DATA "conftest.maildir"
4989 fd = fopen(DATA,"w");
4993 #if defined (_PATH_MAILDIR)
4994 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4996 #elif defined (MAILDIR)
4997 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4999 #elif defined (_PATH_MAIL)
5000 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
5009 maildir_what=`awk -F: '{print $1}' conftest.maildir`
5010 maildir=`awk -F: '{print $2}' conftest.maildir \
5012 AC_MSG_RESULT([Using: $maildir from $maildir_what])
5013 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
5014 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
5018 if test "X$ac_status" = "X2";then
5019 # our test program didn't find it. Default to /var/spool/mail
5020 AC_MSG_RESULT([Using: default value of /var/spool/mail])
5021 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
5023 AC_MSG_RESULT([*** not found ***])
5027 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5034 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5035 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5036 disable_ptmx_check=yes
5038 if test -z "$no_dev_ptmx" ; then
5039 if test "x$disable_ptmx_check" != "xyes" ; then
5040 AC_CHECK_FILE(["/dev/ptmx"],
5042 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
5043 [Define if you have /dev/ptmx])
5050 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5051 AC_CHECK_FILE(["/dev/ptc"],
5053 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
5054 [Define if you have /dev/ptc])
5059 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5062 # Options from here on. Some of these are preset by platform above
5063 AC_ARG_WITH([mantype],
5064 [ --with-mantype=man|cat|doc Set man page type],
5071 AC_MSG_ERROR([invalid man type: $withval])
5076 if test -z "$MANTYPE"; then
5077 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5079 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5081 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5088 if test "$MANTYPE" = "doc"; then
5093 AC_SUBST([mansubdir])
5095 # Whether to disable shadow password support
5096 AC_ARG_WITH([shadow],
5097 [ --without-shadow Disable shadow password support],
5099 if test "x$withval" = "xno" ; then
5100 AC_DEFINE([DISABLE_SHADOW])
5106 if test -z "$disable_shadow" ; then
5107 AC_MSG_CHECKING([if the systems has expire shadow information])
5108 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5109 #include <sys/types.h>
5112 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
5113 [ sp_expire_available=yes ], [
5116 if test "x$sp_expire_available" = "xyes" ; then
5117 AC_MSG_RESULT([yes])
5118 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
5119 [Define if you want to use shadow password expire field])
5125 # Use ip address instead of hostname in $DISPLAY
5126 if test ! -z "$IPADDR_IN_DISPLAY" ; then
5127 DISPLAY_HACK_MSG="yes"
5128 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
5129 [Define if you need to use IP address
5130 instead of hostname in $DISPLAY])
5132 DISPLAY_HACK_MSG="no"
5133 AC_ARG_WITH([ipaddr-display],
5134 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
5136 if test "x$withval" != "xno" ; then
5137 AC_DEFINE([IPADDR_IN_DISPLAY])
5138 DISPLAY_HACK_MSG="yes"
5144 # check for /etc/default/login and use it if present.
5145 AC_ARG_ENABLE([etc-default-login],
5146 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5147 [ if test "x$enableval" = "xno"; then
5148 AC_MSG_NOTICE([/etc/default/login handling disabled])
5149 etc_default_login=no
5151 etc_default_login=yes
5153 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5155 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
5156 etc_default_login=no
5158 etc_default_login=yes
5162 if test "x$etc_default_login" != "xno"; then
5163 AC_CHECK_FILE(["/etc/default/login"],
5164 [ external_path_file=/etc/default/login ])
5165 if test "x$external_path_file" = "x/etc/default/login"; then
5166 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
5167 [Define if your system has /etc/default/login])
5171 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5172 if test $ac_cv_func_login_getcapbool = "yes" && \
5173 test $ac_cv_header_login_cap_h = "yes" ; then
5174 external_path_file=/etc/login.conf
5177 # Whether to mess with the default path
5178 SERVER_PATH_MSG="(default)"
5179 AC_ARG_WITH([default-path],
5180 [ --with-default-path= Specify default $PATH environment for server],
5182 if test "x$external_path_file" = "x/etc/login.conf" ; then
5184 --with-default-path=PATH has no effect on this system.
5185 Edit /etc/login.conf instead.])
5186 elif test "x$withval" != "xno" ; then
5187 if test ! -z "$external_path_file" ; then
5189 --with-default-path=PATH will only be used if PATH is not defined in
5190 $external_path_file .])
5192 user_path="$withval"
5193 SERVER_PATH_MSG="$withval"
5196 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
5197 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
5199 if test ! -z "$external_path_file" ; then
5201 If PATH is defined in $external_path_file, ensure the path to scp is included,
5202 otherwise scp will not work.])
5206 /* find out what STDPATH is */
5212 #ifndef _PATH_STDPATH
5213 # ifdef _PATH_USERPATH /* Irix */
5214 # define _PATH_STDPATH _PATH_USERPATH
5216 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
5219 #include <sys/types.h>
5220 #include <sys/stat.h>
5222 #define DATA "conftest.stdpath"
5227 fd = fopen(DATA,"w");
5231 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
5236 [ user_path=`cat conftest.stdpath` ],
5237 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
5238 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
5240 # make sure $bindir is in USER_PATH so scp will work
5241 t_bindir="${bindir}"
5242 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5243 t_bindir=`eval echo ${t_bindir}`
5245 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
5248 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
5251 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
5252 if test $? -ne 0 ; then
5253 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
5254 if test $? -ne 0 ; then
5255 user_path=$user_path:$t_bindir
5256 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
5261 if test "x$external_path_file" != "x/etc/login.conf" ; then
5262 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
5263 AC_SUBST([user_path])
5266 # Set superuser path separately to user path
5267 AC_ARG_WITH([superuser-path],
5268 [ --with-superuser-path= Specify different path for super-user],
5270 if test -n "$withval" && test "x$withval" != "xno" && \
5271 test "x${withval}" != "xyes"; then
5272 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
5273 [Define if you want a different $PATH
5275 superuser_path=$withval
5281 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5282 IPV4_IN6_HACK_MSG="no"
5284 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
5286 if test "x$withval" != "xno" ; then
5287 AC_MSG_RESULT([yes])
5288 AC_DEFINE([IPV4_IN_IPV6], [1],
5289 [Detect IPv4 in IPv6 mapped addresses
5291 IPV4_IN6_HACK_MSG="yes"
5296 if test "x$inet6_default_4in6" = "xyes"; then
5297 AC_MSG_RESULT([yes (default)])
5298 AC_DEFINE([IPV4_IN_IPV6])
5299 IPV4_IN6_HACK_MSG="yes"
5301 AC_MSG_RESULT([no (default)])
5306 # Whether to enable BSD auth support
5308 AC_ARG_WITH([bsd-auth],
5309 [ --with-bsd-auth Enable BSD auth support],
5311 if test "x$withval" != "xno" ; then
5312 AC_DEFINE([BSD_AUTH], [1],
5313 [Define if you have BSD auth support])
5319 # Where to place sshd.pid
5321 # make sure the directory exists
5322 if test ! -d $piddir ; then
5323 piddir=`eval echo ${sysconfdir}`
5325 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5329 AC_ARG_WITH([pid-dir],
5330 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5332 if test -n "$withval" && test "x$withval" != "xno" && \
5333 test "x${withval}" != "xyes"; then
5335 if test ! -d $piddir ; then
5336 AC_MSG_WARN([** no $piddir directory on this system **])
5342 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5343 [Specify location of ssh.pid])
5346 dnl allow user to disable some login recording features
5347 AC_ARG_ENABLE([lastlog],
5348 [ --disable-lastlog disable use of lastlog even if detected [no]],
5350 if test "x$enableval" = "xno" ; then
5351 AC_DEFINE([DISABLE_LASTLOG])
5355 AC_ARG_ENABLE([utmp],
5356 [ --disable-utmp disable use of utmp even if detected [no]],
5358 if test "x$enableval" = "xno" ; then
5359 AC_DEFINE([DISABLE_UTMP])
5363 AC_ARG_ENABLE([utmpx],
5364 [ --disable-utmpx disable use of utmpx even if detected [no]],
5366 if test "x$enableval" = "xno" ; then
5367 AC_DEFINE([DISABLE_UTMPX], [1],
5368 [Define if you don't want to use utmpx])
5372 AC_ARG_ENABLE([wtmp],
5373 [ --disable-wtmp disable use of wtmp even if detected [no]],
5375 if test "x$enableval" = "xno" ; then
5376 AC_DEFINE([DISABLE_WTMP])
5380 AC_ARG_ENABLE([wtmpx],
5381 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5383 if test "x$enableval" = "xno" ; then
5384 AC_DEFINE([DISABLE_WTMPX], [1],
5385 [Define if you don't want to use wtmpx])
5389 AC_ARG_ENABLE([libutil],
5390 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5392 if test "x$enableval" = "xno" ; then
5393 AC_DEFINE([DISABLE_LOGIN])
5397 AC_ARG_ENABLE([pututline],
5398 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5400 if test "x$enableval" = "xno" ; then
5401 AC_DEFINE([DISABLE_PUTUTLINE], [1],
5402 [Define if you don't want to use pututline()
5403 etc. to write [uw]tmp])
5407 AC_ARG_ENABLE([pututxline],
5408 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5410 if test "x$enableval" = "xno" ; then
5411 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5412 [Define if you don't want to use pututxline()
5413 etc. to write [uw]tmpx])
5417 AC_ARG_WITH([lastlog],
5418 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5420 if test "x$withval" = "xno" ; then
5421 AC_DEFINE([DISABLE_LASTLOG])
5422 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5423 conf_lastlog_location=$withval
5428 dnl lastlog, [uw]tmpx? detection
5429 dnl NOTE: set the paths in the platform section to avoid the
5430 dnl need for command-line parameters
5431 dnl lastlog and [uw]tmp are subject to a file search if all else fails
5433 dnl lastlog detection
5434 dnl NOTE: the code itself will detect if lastlog is a directory
5435 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5436 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5437 #include <sys/types.h>
5439 #ifdef HAVE_LASTLOG_H
5440 # include <lastlog.h>
5448 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
5449 [ AC_MSG_RESULT([yes]) ],
5452 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5453 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5454 #include <sys/types.h>
5456 #ifdef HAVE_LASTLOG_H
5457 # include <lastlog.h>
5462 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5463 [ AC_MSG_RESULT([yes]) ],
5466 system_lastlog_path=no
5470 if test -z "$conf_lastlog_location"; then
5471 if test x"$system_lastlog_path" = x"no" ; then
5472 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5473 if (test -d "$f" || test -f "$f") ; then
5474 conf_lastlog_location=$f
5477 if test -z "$conf_lastlog_location"; then
5478 AC_MSG_WARN([** Cannot find lastlog **])
5479 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5484 if test -n "$conf_lastlog_location"; then
5485 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5486 [Define if you want to specify the path to your lastlog file])
5490 AC_MSG_CHECKING([if your system defines UTMP_FILE])
5491 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5492 #include <sys/types.h>
5497 ]], [[ char *utmp = UTMP_FILE; ]])],
5498 [ AC_MSG_RESULT([yes]) ],
5499 [ AC_MSG_RESULT([no])
5502 if test -z "$conf_utmp_location"; then
5503 if test x"$system_utmp_path" = x"no" ; then
5504 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5505 if test -f $f ; then
5506 conf_utmp_location=$f
5509 if test -z "$conf_utmp_location"; then
5510 AC_DEFINE([DISABLE_UTMP])
5514 if test -n "$conf_utmp_location"; then
5515 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5516 [Define if you want to specify the path to your utmp file])
5520 AC_MSG_CHECKING([if your system defines WTMP_FILE])
5521 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5522 #include <sys/types.h>
5527 ]], [[ char *wtmp = WTMP_FILE; ]])],
5528 [ AC_MSG_RESULT([yes]) ],
5529 [ AC_MSG_RESULT([no])
5532 if test -z "$conf_wtmp_location"; then
5533 if test x"$system_wtmp_path" = x"no" ; then
5534 for f in /usr/adm/wtmp /var/log/wtmp; do
5535 if test -f $f ; then
5536 conf_wtmp_location=$f
5539 if test -z "$conf_wtmp_location"; then
5540 AC_DEFINE([DISABLE_WTMP])
5544 if test -n "$conf_wtmp_location"; then
5545 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5546 [Define if you want to specify the path to your wtmp file])
5550 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5551 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5552 #include <sys/types.h>
5560 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5561 [ AC_MSG_RESULT([yes]) ],
5562 [ AC_MSG_RESULT([no])
5563 system_wtmpx_path=no
5565 if test -z "$conf_wtmpx_location"; then
5566 if test x"$system_wtmpx_path" = x"no" ; then
5567 AC_DEFINE([DISABLE_WTMPX])
5570 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5571 [Define if you want to specify the path to your wtmpx file])
5575 if test ! -z "$blibpath" ; then
5576 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5577 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5580 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5581 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5582 AC_DEFINE([DISABLE_LASTLOG])
5585 #ifdef HAVE_SYS_TYPES_H
5586 #include <sys/types.h>
5594 #ifdef HAVE_LASTLOG_H
5595 #include <lastlog.h>
5599 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5600 AC_DEFINE([DISABLE_UTMP])
5601 AC_DEFINE([DISABLE_WTMP])
5603 #ifdef HAVE_SYS_TYPES_H
5604 #include <sys/types.h>
5612 #ifdef HAVE_LASTLOG_H
5613 #include <lastlog.h>
5617 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5619 CFLAGS="$CFLAGS $werror_flags"
5621 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5626 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5627 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5628 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5629 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5630 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5631 AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5633 CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5634 LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5636 # Make a copy of CFLAGS/LDFLAGS without PIE options.
5637 LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5638 CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5639 AC_SUBST([LDFLAGS_NOPIE])
5640 AC_SUBST([CFLAGS_NOPIE])
5643 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5644 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5648 # Print summary of options
5650 # Someone please show me a better way :)
5651 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5652 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5653 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5654 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5655 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5656 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5657 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5658 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5659 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5660 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5663 echo "OpenSSH has been configured with the following options:"
5664 echo " User binaries: $B"
5665 echo " System binaries: $C"
5666 echo " Configuration files: $D"
5667 echo " Askpass program: $E"
5668 echo " Manual pages: $F"
5669 echo " PID file: $G"
5670 echo " Privilege separation chroot path: $H"
5671 if test "x$external_path_file" = "x/etc/login.conf" ; then
5672 echo " At runtime, sshd will use the path defined in $external_path_file"
5673 echo " Make sure the path to scp is present, otherwise scp will not work"
5675 echo " sshd default user PATH: $I"
5676 if test ! -z "$external_path_file"; then
5677 echo " (If PATH is set in $external_path_file it will be used instead. If"
5678 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5681 if test ! -z "$superuser_path" ; then
5682 echo " sshd superuser user PATH: $J"
5684 echo " Manpage format: $MANTYPE"
5685 echo " PAM support: $PAM_MSG"
5686 echo " OSF SIA support: $SIA_MSG"
5687 echo " KerberosV support: $KRB5_MSG"
5688 echo " SELinux support: $SELINUX_MSG"
5689 echo " TCP Wrappers support: $TCPW_MSG"
5690 echo " libedit support: $LIBEDIT_MSG"
5691 echo " libldns support: $LDNS_MSG"
5692 echo " Solaris process contract support: $SPC_MSG"
5693 echo " Solaris project support: $SP_MSG"
5694 echo " Solaris privilege support: $SPP_MSG"
5695 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5696 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5697 echo " BSD Auth support: $BSD_AUTH_MSG"
5698 echo " Random number source: $RAND_MSG"
5699 echo " Privsep sandbox style: $SANDBOX_STYLE"
5700 echo " PKCS#11 support: $enable_pkcs11"
5701 echo " U2F/FIDO support: $enable_sk"
5705 echo " Host: ${host}"
5706 echo " Compiler: ${CC}"
5707 echo " Compiler flags: ${CFLAGS}"
5708 echo "Preprocessor flags: ${CPPFLAGS}"
5709 echo " Linker flags: ${LDFLAGS}"
5710 echo " Libraries: ${LIBS}"
5711 if test ! -z "${CHANNELLIBS}"; then
5712 echo " +for channels: ${CHANNELLIBS}"
5714 if test ! -z "${LIBFIDO2}"; then
5715 echo " +for FIDO2: ${LIBFIDO2}"
5717 if test ! -z "${SSHDLIBS}"; then
5718 echo " +for sshd: ${SSHDLIBS}"
5723 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5724 echo "SVR4 style packages are supported with \"make package\""
5728 if test "x$PAM_MSG" = "xyes" ; then
5729 echo "PAM is enabled. You may need to install a PAM control file "
5730 echo "for sshd, otherwise password authentication may fail. "
5731 echo "Example PAM control files can be found in the contrib/ "
5736 if test ! -z "$NO_PEERCHECK" ; then
5737 echo "WARNING: the operating system that you are using does not"
5738 echo "appear to support getpeereid(), getpeerucred() or the"
5739 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5740 echo "enforce security checks to prevent unauthorised connections to"
5741 echo "ssh-agent. Their absence increases the risk that a malicious"
5742 echo "user can connect to your agent."
5746 if test "$AUDIT_MODULE" = "bsm" ; then
5747 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5748 echo "See the Solaris section in README.platform for details."