1 # $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
19 AC_REVISION($Revision: 1.583 $)
20 AC_CONFIG_SRCDIR([ssh.c])
23 AC_CONFIG_HEADER([config.h])
28 # Checks for programs.
34 AC_CHECK_TOOLS([AR], [ar])
35 AC_PATH_PROG([CAT], [cat])
36 AC_PATH_PROG([KILL], [kill])
37 AC_PATH_PROGS([PERL], [perl5 perl])
38 AC_PATH_PROG([SED], [sed])
40 AC_PATH_PROG([ENT], [ent])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
44 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
45 AC_PATH_PROG([SH], [sh])
46 AC_PATH_PROG([GROFF], [groff])
47 AC_PATH_PROG([NROFF], [nroff])
48 AC_PATH_PROG([MANDOC], [mandoc])
49 AC_SUBST([TEST_SHELL], [sh])
51 dnl select manpage formatter
52 if test "x$MANDOC" != "x" ; then
54 elif test "x$NROFF" != "x" ; then
55 MANFMT="$NROFF -mandoc"
56 elif test "x$GROFF" != "x" ; then
57 MANFMT="$GROFF -mandoc -Tascii"
59 AC_MSG_WARN([no manpage formatted found])
65 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
66 [/usr/sbin${PATH_SEPARATOR}/etc])
67 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
68 [/usr/sbin${PATH_SEPARATOR}/etc])
69 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
70 if test -x /sbin/sh; then
71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
79 if test -z "$AR" ; then
80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
83 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
84 if test ! -z "$PATH_PASSWD_PROG" ; then
85 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
86 [Full path of your "passwd" program])
89 if test -z "$LD" ; then
96 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
97 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
98 #include <sys/types.h>
99 #include <sys/param.h>
100 #include <dev/systrace.h>
102 AC_CHECK_DECL([RLIMIT_NPROC],
103 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
104 #include <sys/types.h>
105 #include <sys/resource.h>
107 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
108 #include <sys/types.h>
109 #include <linux/prctl.h>
114 COMMENT_OUT_RSA1="#no ssh1#"
115 AC_ARG_WITH([openssl],
116 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
117 [ if test "x$withval" = "xno" ; then
123 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
124 if test "x$openssl" = "xyes" ; then
126 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
132 [ --with-ssh1 Enable support for SSH protocol 1],
134 if test "x$withval" = "xyes" ; then
135 if test "x$openssl" = "xno" ; then
136 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
140 elif test "x$withval" = "xno" ; then
143 AC_MSG_ERROR([unknown --with-ssh1 argument])
147 AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
148 if test "x$ssh1" = "xyes" ; then
150 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
151 AC_SUBST([COMMENT_OUT_RSA1])
156 use_stack_protector=1
157 use_toolchain_hardening=1
158 AC_ARG_WITH([stackprotect],
159 [ --without-stackprotect Don't use compiler's stack protection], [
160 if test "x$withval" = "xno"; then
161 use_stack_protector=0
163 AC_ARG_WITH([hardening],
164 [ --without-hardening Don't use toolchain hardening flags], [
165 if test "x$withval" = "xno"; then
166 use_toolchain_hardening=0
169 # We use -Werror for the tests only so that we catch warnings like "this is
170 # on by default" for things like -fPIE.
171 AC_MSG_CHECKING([if $CC supports -Werror])
172 saved_CFLAGS="$CFLAGS"
173 CFLAGS="$CFLAGS -Werror"
174 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
175 [ AC_MSG_RESULT([yes])
177 [ AC_MSG_RESULT([no])
180 CFLAGS="$saved_CFLAGS"
182 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
183 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
184 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
185 OSSH_CHECK_CFLAG_COMPILE([-Wall])
186 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
187 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
188 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
189 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
190 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
191 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
192 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
193 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
194 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
195 if test "x$use_toolchain_hardening" = "x1"; then
196 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
197 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
198 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
199 # NB. -ftrapv expects certain support functions to be present in
200 # the compiler library (libgcc or similar) to detect integer operations
201 # that can overflow. We must check that the result of enabling it
202 # actually links. The test program compiled/linked includes a number
203 # of integer operations that should exercise this.
204 OSSH_CHECK_CFLAG_LINK([-ftrapv])
206 AC_MSG_CHECKING([gcc version])
207 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
209 1.*) no_attrib_nonnull=1 ;;
213 2.*) no_attrib_nonnull=1 ;;
216 AC_MSG_RESULT([$GCC_VER])
218 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
219 saved_CFLAGS="$CFLAGS"
220 CFLAGS="$CFLAGS -fno-builtin-memset"
221 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
222 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
223 [ AC_MSG_RESULT([yes]) ],
224 [ AC_MSG_RESULT([no])
225 CFLAGS="$saved_CFLAGS" ]
228 # -fstack-protector-all doesn't always work for some GCC versions
229 # and/or platforms, so we test if we can. If it's not supported
230 # on a given platform gcc will emit a warning so we use -Werror.
231 if test "x$use_stack_protector" = "x1"; then
232 for t in -fstack-protector-strong -fstack-protector-all \
233 -fstack-protector; do
234 AC_MSG_CHECKING([if $CC supports $t])
235 saved_CFLAGS="$CFLAGS"
236 saved_LDFLAGS="$LDFLAGS"
237 CFLAGS="$CFLAGS $t -Werror"
238 LDFLAGS="$LDFLAGS $t -Werror"
240 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
243 snprintf(x, sizeof(x), "XXX");
245 [ AC_MSG_RESULT([yes])
246 CFLAGS="$saved_CFLAGS $t"
247 LDFLAGS="$saved_LDFLAGS $t"
248 AC_MSG_CHECKING([if $t works])
250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
253 snprintf(x, sizeof(x), "XXX");
255 [ AC_MSG_RESULT([yes])
257 [ AC_MSG_RESULT([no]) ],
258 [ AC_MSG_WARN([cross compiling: cannot test])
262 [ AC_MSG_RESULT([no]) ]
264 CFLAGS="$saved_CFLAGS"
265 LDFLAGS="$saved_LDFLAGS"
269 if test -z "$have_llong_max"; then
270 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
271 unset ac_cv_have_decl_LLONG_MAX
272 saved_CFLAGS="$CFLAGS"
273 CFLAGS="$CFLAGS -std=gnu99"
274 AC_CHECK_DECL([LLONG_MAX],
276 [CFLAGS="$saved_CFLAGS"],
277 [#include <limits.h>]
282 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
286 __attribute__((__unused__)) static void foo(void){return;}]],
288 [ AC_MSG_RESULT([yes]) ],
289 [ AC_MSG_RESULT([no])
290 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
291 [compiler does not accept __attribute__ on return types]) ]
294 if test "x$no_attrib_nonnull" != "x1" ; then
295 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
299 [ --without-rpath Disable auto-added -R linker paths],
301 if test "x$withval" = "xno" ; then
304 if test "x$withval" = "xyes" ; then
310 # Allow user to specify flags
311 AC_ARG_WITH([cflags],
312 [ --with-cflags Specify additional flags to pass to compiler],
314 if test -n "$withval" && test "x$withval" != "xno" && \
315 test "x${withval}" != "xyes"; then
316 CFLAGS="$CFLAGS $withval"
320 AC_ARG_WITH([cppflags],
321 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
323 if test -n "$withval" && test "x$withval" != "xno" && \
324 test "x${withval}" != "xyes"; then
325 CPPFLAGS="$CPPFLAGS $withval"
329 AC_ARG_WITH([ldflags],
330 [ --with-ldflags Specify additional flags to pass to linker],
332 if test -n "$withval" && test "x$withval" != "xno" && \
333 test "x${withval}" != "xyes"; then
334 LDFLAGS="$LDFLAGS $withval"
339 [ --with-libs Specify additional libraries to link with],
341 if test -n "$withval" && test "x$withval" != "xno" && \
342 test "x${withval}" != "xyes"; then
343 LIBS="$LIBS $withval"
347 AC_ARG_WITH([Werror],
348 [ --with-Werror Build main code with -Werror],
350 if test -n "$withval" && test "x$withval" != "xno"; then
351 werror_flags="-Werror"
352 if test "x${withval}" != "xyes"; then
353 werror_flags="$withval"
391 security/pam_appl.h \
432 # sys/capsicum.h requires sys/types.h
433 AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
434 #ifdef HAVE_SYS_TYPES_H
435 # include <sys/types.h>
439 # lastlog.h requires sys/time.h to be included first on Solaris
440 AC_CHECK_HEADERS([lastlog.h], [], [], [
441 #ifdef HAVE_SYS_TIME_H
442 # include <sys/time.h>
446 # sys/ptms.h requires sys/stream.h to be included first on Solaris
447 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
448 #ifdef HAVE_SYS_STREAM_H
449 # include <sys/stream.h>
453 # login_cap.h requires sys/types.h on NetBSD
454 AC_CHECK_HEADERS([login_cap.h], [], [], [
455 #include <sys/types.h>
458 # older BSDs need sys/param.h before sys/mount.h
459 AC_CHECK_HEADERS([sys/mount.h], [], [], [
460 #include <sys/param.h>
463 # Android requires sys/socket.h to be included before sys/un.h
464 AC_CHECK_HEADERS([sys/un.h], [], [], [
465 #include <sys/types.h>
466 #include <sys/socket.h>
469 # Messages for features tested for in target-specific section
475 # Support for Solaris/Illumos privileges (this test is used by both
476 # the --with-solaris-privs option and --with-sandbox=solaris).
479 # Check for some target-specific stuff
482 # Some versions of VAC won't allow macro redefinitions at
483 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
484 # particularly with older versions of vac or xlc.
485 # It also throws errors about null macro argments, but these are
487 AC_MSG_CHECKING([if compiler allows macro redefinitions])
490 #define testmacro foo
491 #define testmacro bar]],
493 [ AC_MSG_RESULT([yes]) ],
494 [ AC_MSG_RESULT([no])
495 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
496 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
497 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
498 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
502 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
503 if (test -z "$blibpath"); then
504 blibpath="/usr/lib:/lib"
506 saved_LDFLAGS="$LDFLAGS"
507 if test "$GCC" = "yes"; then
508 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
510 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
512 for tryflags in $flags ;do
513 if (test -z "$blibflags"); then
514 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
515 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
516 [blibflags=$tryflags], [])
519 if (test -z "$blibflags"); then
520 AC_MSG_RESULT([not found])
521 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
523 AC_MSG_RESULT([$blibflags])
525 LDFLAGS="$saved_LDFLAGS"
526 dnl Check for authenticate. Might be in libs.a on older AIXes
527 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
528 [Define if you want to enable AIX4's authenticate function])],
529 [AC_CHECK_LIB([s], [authenticate],
530 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
534 dnl Check for various auth function declarations in headers.
535 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
536 passwdexpired, setauthdb], , , [#include <usersec.h>])
537 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
538 AC_CHECK_DECLS([loginfailed],
539 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
540 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
541 [[ (void)loginfailed("user","host","tty",0); ]])],
542 [AC_MSG_RESULT([yes])
543 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
544 [Define if your AIX loginfailed() function
545 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
548 [#include <usersec.h>]
550 AC_CHECK_FUNCS([getgrset setauthdb])
551 AC_CHECK_DECL([F_CLOSEM],
552 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
554 [ #include <limits.h>
557 check_for_aix_broken_getaddrinfo=1
558 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
559 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
560 [Define if your platform breaks doing a seteuid before a setuid])
561 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
562 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
563 dnl AIX handles lastlog as part of its login message
564 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
565 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
566 [Some systems need a utmpx entry for /bin/login to work])
567 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
568 [Define to a Set Process Title type if your system is
569 supported by bsd-setproctitle.c])
570 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
571 [AIX 5.2 and 5.3 (and presumably newer) require this])
572 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
573 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
576 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
577 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
580 check_for_libcrypt_later=1
581 LIBS="$LIBS /usr/lib/textreadmode.o"
582 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
583 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
584 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
585 [Define to disable UID restoration test])
586 AC_DEFINE([DISABLE_SHADOW], [1],
587 [Define if you want to disable shadow passwords])
588 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
589 [Define if X11 doesn't support AF_UNIX sockets on that system])
590 AC_DEFINE([DISABLE_FD_PASSING], [1],
591 [Define if your platform needs to skip post auth
592 file descriptor passing])
593 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
594 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
595 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
596 # reasons which cause compile warnings, so we disable those warnings.
597 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
600 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
601 [Define if your system choked on IP TOS setting])
602 AC_DEFINE([SETEUID_BREAKS_SETUID])
603 AC_DEFINE([BROKEN_SETREUID])
604 AC_DEFINE([BROKEN_SETREGID])
608 AC_MSG_CHECKING([if we have working getaddrinfo])
609 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
610 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
616 [AC_MSG_RESULT([working])],
617 [AC_MSG_RESULT([buggy])
618 AC_DEFINE([BROKEN_GETADDRINFO], [1],
619 [getaddrinfo is broken (if present)])
621 [AC_MSG_RESULT([assume it is working])])
622 AC_DEFINE([SETEUID_BREAKS_SETUID])
623 AC_DEFINE([BROKEN_SETREUID])
624 AC_DEFINE([BROKEN_SETREGID])
625 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
626 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
627 [Define if your resolver libs need this for getrrsetbyname])
628 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
629 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
630 [Use tunnel device compatibility to OpenBSD])
631 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
632 [Prepend the address family to IP tunnel traffic])
633 m4_pattern_allow([AU_IPv])
634 AC_CHECK_DECL([AU_IPv4], [],
635 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
636 [#include <bsm/audit.h>]
637 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
638 [Define if pututxline updates lastlog too])
640 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
641 [Define to a Set Process Title type if your system is
642 supported by bsd-setproctitle.c])
643 AC_CHECK_FUNCS([sandbox_init])
644 AC_CHECK_HEADERS([sandbox.h])
645 AC_CHECK_LIB([sandbox], [sandbox_apply], [
646 SSHDLIBS="$SSHDLIBS -lsandbox"
650 SSHDLIBS="$SSHDLIBS -lcrypt"
651 TEST_MALLOC_OPTIONS="AFGJPRX"
655 AC_CHECK_LIB([network], [socket])
656 AC_DEFINE([HAVE_U_INT64_T])
660 # first we define all of the options common to all HP-UX releases
661 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
662 IPADDR_IN_DISPLAY=yes
663 AC_DEFINE([USE_PIPES])
664 AC_DEFINE([LOGIN_NEEDS_UTMPX])
665 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
666 [String used in /etc/passwd to denote locked account])
667 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
668 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
671 AC_CHECK_LIB([xnet], [t_error], ,
672 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
674 # next, we define all of the options specific to major releases
677 if test -z "$GCC"; then
682 AC_DEFINE([PAM_SUN_CODEBASE], [1],
683 [Define if you are using Solaris-derived PAM which
684 passes pam_messages to the conversation function
685 with an extra level of indirection])
686 AC_DEFINE([DISABLE_UTMP], [1],
687 [Define if you don't want to use utmp])
688 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
689 check_for_hpux_broken_getaddrinfo=1
690 check_for_conflicting_getspnam=1
694 # lastly, we define options specific to minor releases
697 AC_DEFINE([HAVE_SECUREWARE], [1],
698 [Define if you have SecureWare-based
699 protected password database])
700 disable_ptmx_check=yes
706 PATH="$PATH:/usr/etc"
707 AC_DEFINE([BROKEN_INET_NTOA], [1],
708 [Define if you system's inet_ntoa is busted
709 (e.g. Irix gcc issue)])
710 AC_DEFINE([SETEUID_BREAKS_SETUID])
711 AC_DEFINE([BROKEN_SETREUID])
712 AC_DEFINE([BROKEN_SETREGID])
713 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
714 [Define if you shouldn't strip 'tty' from your
716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
719 PATH="$PATH:/usr/etc"
720 AC_DEFINE([WITH_IRIX_ARRAY], [1],
721 [Define if you have/want arrays
722 (cluster-wide session managment, not C arrays)])
723 AC_DEFINE([WITH_IRIX_PROJECT], [1],
724 [Define if you want IRIX project management])
725 AC_DEFINE([WITH_IRIX_AUDIT], [1],
726 [Define if you want IRIX audit trails])
727 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
728 [Define if you want IRIX kernel jobs])])
729 AC_DEFINE([BROKEN_INET_NTOA])
730 AC_DEFINE([SETEUID_BREAKS_SETUID])
731 AC_DEFINE([BROKEN_SETREUID])
732 AC_DEFINE([BROKEN_SETREGID])
733 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
734 AC_DEFINE([WITH_ABBREV_NO_TTY])
735 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
737 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
738 check_for_libcrypt_later=1
739 AC_DEFINE([PAM_TTY_KLUDGE])
740 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
741 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
742 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
743 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
748 check_for_libcrypt_later=1
749 check_for_openpty_ctty_bug=1
750 AC_DEFINE([PAM_TTY_KLUDGE], [1],
751 [Work around problematic Linux PAM modules handling of PAM_TTY])
752 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
753 [String used in /etc/passwd to denote locked account])
754 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
755 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
756 [Define to whatever link() returns for "not supported"
757 if it doesn't return EOPNOTSUPP.])
758 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
759 AC_DEFINE([USE_BTMP])
760 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
761 inet6_default_4in6=yes
764 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
765 [Define if cmsg_type is not passed correctly])
768 # tun(4) forwarding compat code
769 AC_CHECK_HEADERS([linux/if_tun.h])
770 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
771 AC_DEFINE([SSH_TUN_LINUX], [1],
772 [Open tunnel devices the Linux tun/tap way])
773 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
774 [Use tunnel device compatibility to OpenBSD])
775 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
776 [Prepend the address family to IP tunnel traffic])
778 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
779 [], [#include <linux/types.h>])
780 AC_MSG_CHECKING([for seccomp architecture])
784 seccomp_audit_arch=AUDIT_ARCH_X86_64
787 seccomp_audit_arch=AUDIT_ARCH_I386
790 seccomp_audit_arch=AUDIT_ARCH_ARM
793 seccomp_audit_arch=AUDIT_ARCH_AARCH64
796 seccomp_audit_arch=AUDIT_ARCH_S390X
799 seccomp_audit_arch=AUDIT_ARCH_S390
802 seccomp_audit_arch=AUDIT_ARCH_PPC64
805 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
808 seccomp_audit_arch=AUDIT_ARCH_MIPS
811 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
814 seccomp_audit_arch=AUDIT_ARCH_MIPS64
817 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
820 if test "x$seccomp_audit_arch" != "x" ; then
821 AC_MSG_RESULT(["$seccomp_audit_arch"])
822 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
823 [Specify the system call convention in use])
825 AC_MSG_RESULT([architecture not supported])
828 mips-sony-bsd|mips-sony-newsos4)
829 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
833 check_for_libcrypt_before=1
834 if test "x$withval" != "xno" ; then
837 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
838 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
839 AC_CHECK_HEADER([net/if_tap.h], ,
840 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
841 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
842 [Prepend the address family to IP tunnel traffic])
843 TEST_MALLOC_OPTIONS="AJRX"
844 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
845 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
848 check_for_libcrypt_later=1
849 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
850 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
851 AC_CHECK_HEADER([net/if_tap.h], ,
852 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
853 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
854 TEST_MALLOC_OPTIONS="AJRX"
855 # Preauth crypto occasionally uses file descriptors for crypto offload
856 # and will crash if they cannot be opened.
857 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
858 [define if setrlimit RLIMIT_NOFILE breaks things])
861 AC_DEFINE([SETEUID_BREAKS_SETUID])
862 AC_DEFINE([BROKEN_SETREUID])
863 AC_DEFINE([BROKEN_SETREGID])
866 conf_lastlog_location="/usr/adm/lastlog"
867 conf_utmp_location=/etc/utmp
868 conf_wtmp_location=/usr/adm/wtmp
869 maildir=/usr/spool/mail
870 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
871 AC_DEFINE([BROKEN_REALPATH])
872 AC_DEFINE([USE_PIPES])
873 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
877 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
878 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
879 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
880 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
881 [syslog_r function is safe to use in in a signal handler])
882 TEST_MALLOC_OPTIONS="AFGJPRX"
885 if test "x$withval" != "xno" ; then
888 AC_DEFINE([PAM_SUN_CODEBASE])
889 AC_DEFINE([LOGIN_NEEDS_UTMPX])
890 AC_DEFINE([PAM_TTY_KLUDGE])
891 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
892 [Define if pam_chauthtok wants real uid set
893 to the unpriv'ed user])
894 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
895 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
896 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
897 [Define if sshd somehow reacquires a controlling TTY
899 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
900 in case the name is longer than 8 chars])
901 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
902 external_path_file=/etc/default/login
903 # hardwire lastlog location (can't detect it on some versions)
904 conf_lastlog_location="/var/adm/lastlog"
905 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
906 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
907 if test "$sol2ver" -ge 8; then
909 AC_DEFINE([DISABLE_UTMP])
910 AC_DEFINE([DISABLE_WTMP], [1],
911 [Define if you don't want to use wtmp])
915 AC_CHECK_FUNCS([setpflags])
916 AC_CHECK_FUNCS([setppriv])
917 AC_CHECK_FUNCS([priv_basicset])
918 AC_CHECK_HEADERS([priv.h])
919 AC_ARG_WITH([solaris-contracts],
920 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
922 AC_CHECK_LIB([contract], [ct_tmpl_activate],
923 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
924 [Define if you have Solaris process contracts])
925 LIBS="$LIBS -lcontract"
929 AC_ARG_WITH([solaris-projects],
930 [ --with-solaris-projects Enable Solaris projects (experimental)],
932 AC_CHECK_LIB([project], [setproject],
933 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
934 [Define if you have Solaris projects])
935 LIBS="$LIBS -lproject"
939 AC_ARG_WITH([solaris-privs],
940 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
942 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
943 if test "x$ac_cv_func_setppriv" = "xyes" -a \
944 "x$ac_cv_header_priv_h" = "xyes" ; then
946 AC_MSG_RESULT([found])
947 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
948 [Define to disable UID restoration test])
949 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
950 [Define if you have Solaris privileges])
953 AC_MSG_RESULT([not found])
954 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
958 TEST_SHELL=$SHELL # let configure find us a capable shell
961 CPPFLAGS="$CPPFLAGS -DSUNOS4"
962 AC_CHECK_FUNCS([getpwanam])
963 AC_DEFINE([PAM_SUN_CODEBASE])
964 conf_utmp_location=/etc/utmp
965 conf_wtmp_location=/var/adm/wtmp
966 conf_lastlog_location=/var/adm/lastlog
967 AC_DEFINE([USE_PIPES])
971 AC_DEFINE([USE_PIPES])
972 AC_DEFINE([SSHD_ACQUIRES_CTTY])
973 AC_DEFINE([SETEUID_BREAKS_SETUID])
974 AC_DEFINE([BROKEN_SETREUID])
975 AC_DEFINE([BROKEN_SETREGID])
978 # /usr/ucblib MUST NOT be searched on ReliantUNIX
979 AC_CHECK_LIB([dl], [dlsym], ,)
980 # -lresolv needs to be at the end of LIBS or DNS lookups break
981 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
982 IPADDR_IN_DISPLAY=yes
983 AC_DEFINE([USE_PIPES])
984 AC_DEFINE([IP_TOS_IS_BROKEN])
985 AC_DEFINE([SETEUID_BREAKS_SETUID])
986 AC_DEFINE([BROKEN_SETREUID])
987 AC_DEFINE([BROKEN_SETREGID])
988 AC_DEFINE([SSHD_ACQUIRES_CTTY])
989 external_path_file=/etc/default/login
990 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
991 # Attention: always take care to bind libsocket and libnsl before libc,
992 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
994 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
996 AC_DEFINE([USE_PIPES])
997 AC_DEFINE([SETEUID_BREAKS_SETUID])
998 AC_DEFINE([BROKEN_SETREUID])
999 AC_DEFINE([BROKEN_SETREGID])
1000 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1001 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1002 TEST_SHELL=$SHELL # let configure find us a capable shell
1004 # UnixWare 7.x, OpenUNIX 8
1006 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1007 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1008 AC_DEFINE([USE_PIPES])
1009 AC_DEFINE([SETEUID_BREAKS_SETUID])
1010 AC_DEFINE([BROKEN_GETADDRINFO])
1011 AC_DEFINE([BROKEN_SETREUID])
1012 AC_DEFINE([BROKEN_SETREGID])
1013 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1014 TEST_SHELL=$SHELL # let configure find us a capable shell
1016 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1017 maildir=/var/spool/mail
1018 AC_DEFINE([BROKEN_LIBIAF], [1],
1019 [ia_uinfo routines not supported by OS yet])
1020 AC_DEFINE([BROKEN_UPDWTMPX])
1021 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1022 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1023 AC_DEFINE([HAVE_SECUREWARE])
1024 AC_DEFINE([DISABLE_SHADOW])
1027 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1028 check_for_libcrypt_later=1
1034 # SCO UNIX and OEM versions of SCO UNIX
1036 AC_MSG_ERROR("This Platform is no longer supported.")
1038 # SCO OpenServer 5.x
1040 if test -z "$GCC"; then
1041 CFLAGS="$CFLAGS -belf"
1043 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1045 AC_DEFINE([USE_PIPES])
1046 AC_DEFINE([HAVE_SECUREWARE])
1047 AC_DEFINE([DISABLE_SHADOW])
1048 AC_DEFINE([DISABLE_FD_PASSING])
1049 AC_DEFINE([SETEUID_BREAKS_SETUID])
1050 AC_DEFINE([BROKEN_GETADDRINFO])
1051 AC_DEFINE([BROKEN_SETREUID])
1052 AC_DEFINE([BROKEN_SETREGID])
1053 AC_DEFINE([WITH_ABBREV_NO_TTY])
1054 AC_DEFINE([BROKEN_UPDWTMPX])
1055 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1056 AC_CHECK_FUNCS([getluid setluid])
1058 TEST_SHELL=$SHELL # let configure find us a capable shell
1059 SKIP_DISABLE_LASTLOG_DEFINE=yes
1062 AC_DEFINE([NO_SSH_LASTLOG], [1],
1063 [Define if you don't want to use lastlog in session.c])
1064 AC_DEFINE([SETEUID_BREAKS_SETUID])
1065 AC_DEFINE([BROKEN_SETREUID])
1066 AC_DEFINE([BROKEN_SETREGID])
1067 AC_DEFINE([USE_PIPES])
1068 AC_DEFINE([DISABLE_FD_PASSING])
1070 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1074 AC_DEFINE([SETEUID_BREAKS_SETUID])
1075 AC_DEFINE([BROKEN_SETREUID])
1076 AC_DEFINE([BROKEN_SETREGID])
1077 AC_DEFINE([WITH_ABBREV_NO_TTY])
1078 AC_DEFINE([USE_PIPES])
1079 AC_DEFINE([DISABLE_FD_PASSING])
1081 LIBS="$LIBS -lgen -lacid -ldb"
1085 AC_DEFINE([SETEUID_BREAKS_SETUID])
1086 AC_DEFINE([BROKEN_SETREUID])
1087 AC_DEFINE([BROKEN_SETREGID])
1088 AC_DEFINE([USE_PIPES])
1089 AC_DEFINE([DISABLE_FD_PASSING])
1090 AC_DEFINE([NO_SSH_LASTLOG])
1091 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1092 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1096 AC_MSG_CHECKING([for Digital Unix SIA])
1098 AC_ARG_WITH([osfsia],
1099 [ --with-osfsia Enable Digital Unix SIA],
1101 if test "x$withval" = "xno" ; then
1102 AC_MSG_RESULT([disabled])
1107 if test -z "$no_osfsia" ; then
1108 if test -f /etc/sia/matrix.conf; then
1109 AC_MSG_RESULT([yes])
1110 AC_DEFINE([HAVE_OSF_SIA], [1],
1111 [Define if you have Digital Unix Security
1112 Integration Architecture])
1113 AC_DEFINE([DISABLE_LOGIN], [1],
1114 [Define if you don't want to use your
1115 system's login() call])
1116 AC_DEFINE([DISABLE_FD_PASSING])
1117 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1121 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1122 [String used in /etc/passwd to denote locked account])
1125 AC_DEFINE([BROKEN_GETADDRINFO])
1126 AC_DEFINE([SETEUID_BREAKS_SETUID])
1127 AC_DEFINE([BROKEN_SETREUID])
1128 AC_DEFINE([BROKEN_SETREGID])
1129 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1133 AC_DEFINE([USE_PIPES])
1134 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1135 AC_DEFINE([DISABLE_LASTLOG])
1136 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1137 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1138 enable_etc_default_login=no # has incompatible /etc/default/login
1141 AC_DEFINE([DISABLE_FD_PASSING])
1147 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1148 AC_DEFINE([NEED_SETPGRP])
1149 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1153 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1154 AC_DEFINE([BROKEN_SETVBUF], [1],
1155 [LynxOS has broken setvbuf() implementation])
1159 AC_MSG_CHECKING([compiler and flags for sanity])
1160 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1161 [ AC_MSG_RESULT([yes]) ],
1164 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1166 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1169 dnl Checks for header files.
1170 # Checks for libraries.
1171 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1173 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1174 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1175 AC_CHECK_LIB([gen], [dirname], [
1176 AC_CACHE_CHECK([for broken dirname],
1177 ac_cv_have_broken_dirname, [
1185 int main(int argc, char **argv) {
1188 strncpy(buf,"/etc", 32);
1190 if (!s || strncmp(s, "/", 32) != 0) {
1197 [ ac_cv_have_broken_dirname="no" ],
1198 [ ac_cv_have_broken_dirname="yes" ],
1199 [ ac_cv_have_broken_dirname="no" ],
1203 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1205 AC_DEFINE([HAVE_DIRNAME])
1206 AC_CHECK_HEADERS([libgen.h])
1211 AC_CHECK_FUNC([getspnam], ,
1212 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1213 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1214 [Define if you have the basename function.])])
1216 dnl zlib is required
1218 [ --with-zlib=PATH Use zlib in PATH],
1219 [ if test "x$withval" = "xno" ; then
1220 AC_MSG_ERROR([*** zlib is required ***])
1221 elif test "x$withval" != "xyes"; then
1222 if test -d "$withval/lib"; then
1223 if test -n "${need_dash_r}"; then
1224 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1226 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1229 if test -n "${need_dash_r}"; then
1230 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1232 LDFLAGS="-L${withval} ${LDFLAGS}"
1235 if test -d "$withval/include"; then
1236 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1238 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1243 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1244 AC_CHECK_LIB([z], [deflate], ,
1246 saved_CPPFLAGS="$CPPFLAGS"
1247 saved_LDFLAGS="$LDFLAGS"
1249 dnl Check default zlib install dir
1250 if test -n "${need_dash_r}"; then
1251 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1253 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1255 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1257 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1259 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1265 AC_ARG_WITH([zlib-version-check],
1266 [ --without-zlib-version-check Disable zlib version check],
1267 [ if test "x$withval" = "xno" ; then
1268 zlib_check_nonfatal=1
1273 AC_MSG_CHECKING([for possibly buggy zlib])
1274 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1280 int a=0, b=0, c=0, d=0, n, v;
1281 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1282 if (n != 3 && n != 4)
1284 v = a*1000000 + b*10000 + c*100 + d;
1285 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1288 if (a == 1 && b == 1 && c >= 4)
1291 /* 1.2.3 and up are OK */
1297 AC_MSG_RESULT([no]),
1298 [ AC_MSG_RESULT([yes])
1299 if test -z "$zlib_check_nonfatal" ; then
1300 AC_MSG_ERROR([*** zlib too old - check config.log ***
1301 Your reported zlib version has known security problems. It's possible your
1302 vendor has fixed these problems without changing the version number. If you
1303 are sure this is the case, you can disable the check by running
1304 "./configure --without-zlib-version-check".
1305 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1306 See http://www.gzip.org/zlib/ for details.])
1308 AC_MSG_WARN([zlib version may have security problems])
1311 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1315 AC_CHECK_FUNC([strcasecmp],
1316 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1318 AC_CHECK_FUNCS([utimes],
1319 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1320 LIBS="$LIBS -lc89"]) ]
1323 dnl Checks for libutil functions
1324 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1325 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1326 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1327 AC_SEARCH_LIBS([login], [util bsd])
1328 AC_SEARCH_LIBS([logout], [util bsd])
1329 AC_SEARCH_LIBS([logwtmp], [util bsd])
1330 AC_SEARCH_LIBS([openpty], [util bsd])
1331 AC_SEARCH_LIBS([updwtmp], [util bsd])
1332 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1334 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1336 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1337 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1341 # Check for ALTDIRFUNC glob() extension
1342 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1343 AC_EGREP_CPP([FOUNDIT],
1346 #ifdef GLOB_ALTDIRFUNC
1351 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1352 [Define if your system glob() function has
1353 the GLOB_ALTDIRFUNC extension])
1354 AC_MSG_RESULT([yes])
1361 # Check for g.gl_matchc glob() extension
1362 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1363 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1364 [[ glob_t g; g.gl_matchc = 1; ]])],
1366 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1367 [Define if your system glob() function has
1368 gl_matchc options in glob_t])
1369 AC_MSG_RESULT([yes])
1374 # Check for g.gl_statv glob() extension
1375 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1376 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1377 #ifndef GLOB_KEEPSTAT
1378 #error "glob does not support GLOB_KEEPSTAT extension"
1384 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1385 [Define if your system glob() function has
1386 gl_statv options in glob_t])
1387 AC_MSG_RESULT([yes])
1393 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1395 AC_CHECK_DECL([VIS_ALL], ,
1396 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1398 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1401 #include <sys/types.h>
1402 #include <dirent.h>]],
1405 exit(sizeof(d.d_name)<=sizeof(char));
1407 [AC_MSG_RESULT([yes])],
1410 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1411 [Define if your struct dirent expects you to
1412 allocate extra space for d_name])
1415 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1416 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1420 AC_MSG_CHECKING([for /proc/pid/fd directory])
1421 if test -d "/proc/$$/fd" ; then
1422 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1423 AC_MSG_RESULT([yes])
1428 # Check whether user wants S/Key support
1431 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1433 if test "x$withval" != "xno" ; then
1435 if test "x$withval" != "xyes" ; then
1436 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1437 LDFLAGS="$LDFLAGS -L${withval}/lib"
1440 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1444 AC_MSG_CHECKING([for s/key support])
1450 char *ff = skey_keyinfo(""); ff="";
1453 [AC_MSG_RESULT([yes])],
1456 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1458 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1459 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1463 (void)skeychallenge(NULL,"name","",0);
1466 AC_MSG_RESULT([yes])
1467 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1468 [Define if your skeychallenge()
1469 function takes 4 arguments (NetBSD)])],
1477 # Check whether user wants TCP wrappers support
1479 AC_ARG_WITH([tcp-wrappers],
1480 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1482 if test "x$withval" != "xno" ; then
1484 saved_LDFLAGS="$LDFLAGS"
1485 saved_CPPFLAGS="$CPPFLAGS"
1486 if test -n "${withval}" && \
1487 test "x${withval}" != "xyes"; then
1488 if test -d "${withval}/lib"; then
1489 if test -n "${need_dash_r}"; then
1490 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1492 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1495 if test -n "${need_dash_r}"; then
1496 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1498 LDFLAGS="-L${withval} ${LDFLAGS}"
1501 if test -d "${withval}/include"; then
1502 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1504 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1508 AC_MSG_CHECKING([for libwrap])
1509 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1510 #include <sys/types.h>
1511 #include <sys/socket.h>
1512 #include <netinet/in.h>
1514 int deny_severity = 0, allow_severity = 0;
1518 AC_MSG_RESULT([yes])
1519 AC_DEFINE([LIBWRAP], [1],
1521 TCP Wrappers support])
1522 SSHDLIBS="$SSHDLIBS -lwrap"
1525 AC_MSG_ERROR([*** libwrap missing])
1533 # Check whether user wants to use ldns
1536 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1538 if test "x$withval" != "xno" ; then
1540 if test "x$withval" != "xyes" ; then
1541 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1542 LDFLAGS="$LDFLAGS -L${withval}/lib"
1545 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1549 AC_MSG_CHECKING([for ldns support])
1555 #include <ldns/ldns.h>
1556 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1559 [AC_MSG_RESULT(yes)],
1562 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1568 # Check whether user wants libedit support
1570 AC_ARG_WITH([libedit],
1571 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1572 [ if test "x$withval" != "xno" ; then
1573 if test "x$withval" = "xyes" ; then
1574 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1575 if test "x$PKGCONFIG" != "xno"; then
1576 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1577 if "$PKGCONFIG" libedit; then
1578 AC_MSG_RESULT([yes])
1579 use_pkgconfig_for_libedit=yes
1585 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1586 if test -n "${need_dash_r}"; then
1587 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1589 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1592 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1593 LIBEDIT=`$PKGCONFIG --libs libedit`
1594 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1596 LIBEDIT="-ledit -lcurses"
1598 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1599 AC_CHECK_LIB([edit], [el_init],
1600 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1604 [ AC_MSG_ERROR([libedit not found]) ],
1607 AC_MSG_CHECKING([if libedit version is compatible])
1609 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1612 el_init("", NULL, NULL, NULL);
1615 [ AC_MSG_RESULT([yes]) ],
1616 [ AC_MSG_RESULT([no])
1617 AC_MSG_ERROR([libedit version is not compatible]) ]
1623 AC_ARG_WITH([audit],
1624 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1626 AC_MSG_CHECKING([for supported audit module])
1629 AC_MSG_RESULT([bsm])
1631 dnl Checks for headers, libs and functions
1632 AC_CHECK_HEADERS([bsm/audit.h], [],
1633 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1640 AC_CHECK_LIB([bsm], [getaudit], [],
1641 [AC_MSG_ERROR([BSM enabled and required library not found])])
1642 AC_CHECK_FUNCS([getaudit], [],
1643 [AC_MSG_ERROR([BSM enabled and required function not found])])
1644 # These are optional
1645 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1646 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1647 if test "$sol2ver" -ge 11; then
1648 SSHDLIBS="$SSHDLIBS -lscf"
1649 AC_DEFINE([BROKEN_BSM_API], [1],
1650 [The system has incomplete BSM API])
1654 AC_MSG_RESULT([linux])
1656 dnl Checks for headers, libs and functions
1657 AC_CHECK_HEADERS([libaudit.h])
1658 SSHDLIBS="$SSHDLIBS -laudit"
1659 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1663 AC_MSG_RESULT([debug])
1664 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1670 AC_MSG_ERROR([Unknown audit module $withval])
1676 [ --with-pie Build Position Independent Executables if possible], [
1677 if test "x$withval" = "xno"; then
1680 if test "x$withval" = "xyes"; then
1685 if test "x$use_pie" = "x"; then
1688 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1689 # Turn off automatic PIE when toolchain hardening is off.
1692 if test "x$use_pie" = "xauto"; then
1693 # Automatic PIE requires gcc >= 4.x
1694 AC_MSG_CHECKING([for gcc >= 4.x])
1695 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1696 #if !defined(__GNUC__) || __GNUC__ < 4
1697 #error gcc is too old
1700 [ AC_MSG_RESULT([yes]) ],
1701 [ AC_MSG_RESULT([no])
1705 if test "x$use_pie" != "xno"; then
1706 SAVED_CFLAGS="$CFLAGS"
1707 SAVED_LDFLAGS="$LDFLAGS"
1708 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1709 OSSH_CHECK_LDFLAG_LINK([-pie])
1710 # We use both -fPIE and -pie or neither.
1711 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1712 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1713 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1714 AC_MSG_RESULT([yes])
1717 CFLAGS="$SAVED_CFLAGS"
1718 LDFLAGS="$SAVED_LDFLAGS"
1722 dnl Checks for library functions. Please keep in alphabetical order
1724 Blowfish_initstate \
1725 Blowfish_expandstate \
1726 Blowfish_expand0state \
1727 Blowfish_stream2word \
1837 dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE.
1838 saved_CFLAGS="$CFLAGS"
1839 CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
1840 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1841 CFLAGS="$saved_CFLAGS"
1843 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
1844 AC_MSG_CHECKING([for utf8 locale support])
1850 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
1858 AC_MSG_WARN([cross compiling: assuming yes])
1863 [[ #include <ctype.h> ]],
1864 [[ return (isblank('a')); ]])],
1865 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1869 AC_ARG_ENABLE([pkcs11],
1870 [ --disable-pkcs11 disable PKCS#11 support code [no]],
1872 if test "x$enableval" = "xno" ; then
1878 # PKCS11 depends on OpenSSL.
1879 if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
1880 # PKCS#11 support requires dlopen() and co
1881 AC_SEARCH_LIBS([dlopen], [dl],
1882 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1886 # IRIX has a const char return value for gai_strerror()
1887 AC_CHECK_FUNCS([gai_strerror], [
1888 AC_DEFINE([HAVE_GAI_STRERROR])
1889 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1890 #include <sys/types.h>
1891 #include <sys/socket.h>
1894 const char *gai_strerror(int);
1897 str = gai_strerror(0);
1899 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1900 [Define if gai_strerror() returns const char *])], [])])
1902 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1903 [Some systems put nanosleep outside of libc])])
1905 AC_SEARCH_LIBS([clock_gettime], [rt],
1906 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1908 dnl Make sure prototypes are defined for these before using them.
1909 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1910 AC_CHECK_DECL([strsep],
1911 [AC_CHECK_FUNCS([strsep])],
1914 #ifdef HAVE_STRING_H
1915 # include <string.h>
1919 dnl tcsendbreak might be a macro
1920 AC_CHECK_DECL([tcsendbreak],
1921 [AC_DEFINE([HAVE_TCSENDBREAK])],
1922 [AC_CHECK_FUNCS([tcsendbreak])],
1923 [#include <termios.h>]
1926 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1928 AC_CHECK_DECLS([SHUT_RD], , ,
1930 #include <sys/types.h>
1931 #include <sys/socket.h>
1934 AC_CHECK_DECLS([O_NONBLOCK], , ,
1936 #include <sys/types.h>
1937 #ifdef HAVE_SYS_STAT_H
1938 # include <sys/stat.h>
1945 AC_CHECK_DECLS([writev], , , [
1946 #include <sys/types.h>
1947 #include <sys/uio.h>
1951 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1952 #include <sys/param.h>
1955 AC_CHECK_DECLS([offsetof], , , [
1959 # extra bits for select(2)
1960 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1961 #include <sys/param.h>
1962 #include <sys/types.h>
1963 #ifdef HAVE_SYS_SYSMACROS_H
1964 #include <sys/sysmacros.h>
1966 #ifdef HAVE_SYS_SELECT_H
1967 #include <sys/select.h>
1969 #ifdef HAVE_SYS_TIME_H
1970 #include <sys/time.h>
1972 #ifdef HAVE_UNISTD_H
1976 AC_CHECK_TYPES([fd_mask], [], [], [[
1977 #include <sys/param.h>
1978 #include <sys/types.h>
1979 #ifdef HAVE_SYS_SELECT_H
1980 #include <sys/select.h>
1982 #ifdef HAVE_SYS_TIME_H
1983 #include <sys/time.h>
1985 #ifdef HAVE_UNISTD_H
1990 AC_CHECK_FUNCS([setresuid], [
1991 dnl Some platorms have setresuid that isn't implemented, test for this
1992 AC_MSG_CHECKING([if setresuid seems to work])
2005 [AC_MSG_RESULT([yes])],
2006 [AC_DEFINE([BROKEN_SETRESUID], [1],
2007 [Define if your setresuid() is broken])
2008 AC_MSG_RESULT([not implemented])],
2009 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2013 AC_CHECK_FUNCS([setresgid], [
2014 dnl Some platorms have setresgid that isn't implemented, test for this
2015 AC_MSG_CHECKING([if setresgid seems to work])
2028 [AC_MSG_RESULT([yes])],
2029 [AC_DEFINE([BROKEN_SETRESGID], [1],
2030 [Define if your setresgid() is broken])
2031 AC_MSG_RESULT([not implemented])],
2032 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2036 AC_CHECK_FUNCS([realpath], [
2037 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
2038 dnl path name", however some implementations of realpath (and some
2039 dnl versions of the POSIX spec) do not work on non-existent files,
2040 dnl so we use the OpenBSD implementation on those platforms.
2041 AC_MSG_CHECKING([if realpath works with non-existent files])
2049 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
2050 if (errno == ENOENT)
2054 [AC_MSG_RESULT([yes])],
2055 [AC_DEFINE([BROKEN_REALPATH], [1],
2056 [realpath does not work with nonexistent files])
2057 AC_MSG_RESULT([no])],
2058 [AC_MSG_WARN([cross compiling: assuming working])]
2062 dnl Checks for time functions
2063 AC_CHECK_FUNCS([gettimeofday time])
2064 dnl Checks for utmp functions
2065 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2066 AC_CHECK_FUNCS([utmpname])
2067 dnl Checks for utmpx functions
2068 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2069 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2070 dnl Checks for lastlog functions
2071 AC_CHECK_FUNCS([getlastlogxbyname])
2073 AC_CHECK_FUNC([daemon],
2074 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2075 [AC_CHECK_LIB([bsd], [daemon],
2076 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2079 AC_CHECK_FUNC([getpagesize],
2080 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2081 [Define if your libraries define getpagesize()])],
2082 [AC_CHECK_LIB([ucb], [getpagesize],
2083 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2086 # Check for broken snprintf
2087 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2088 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2090 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2093 snprintf(b,5,"123456789");
2096 [AC_MSG_RESULT([yes])],
2099 AC_DEFINE([BROKEN_SNPRINTF], [1],
2100 [Define if your snprintf is busted])
2101 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2103 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2107 # We depend on vsnprintf returning the right thing on overflow: the
2108 # number of characters it tried to create (as per SUSv3)
2109 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2110 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2113 #include <sys/types.h>
2117 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2123 ret = vsnprintf(str, count, fmt, ap);
2129 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2131 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2135 [AC_MSG_RESULT([yes])],
2138 AC_DEFINE([BROKEN_SNPRINTF], [1],
2139 [Define if your snprintf is busted])
2140 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2142 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2146 # On systems where [v]snprintf is broken, but is declared in stdio,
2147 # check that the fmt argument is const char * or just char *.
2148 # This is only useful for when BROKEN_SNPRINTF
2149 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2150 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2152 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2156 [AC_MSG_RESULT([yes])
2157 AC_DEFINE([SNPRINTF_CONST], [const],
2158 [Define as const if snprintf() can declare const char *fmt])],
2159 [AC_MSG_RESULT([no])
2160 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2162 # Check for missing getpeereid (or equiv) support
2164 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2165 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2166 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2167 #include <sys/types.h>
2168 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2169 [ AC_MSG_RESULT([yes])
2170 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2171 ], [AC_MSG_RESULT([no])
2176 dnl see whether mkstemp() requires XXXXXX
2177 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2178 AC_MSG_CHECKING([for (overly) strict mkstemp])
2183 char template[]="conftest.mkstemp-test";
2184 if (mkstemp(template) == -1)
2193 AC_MSG_RESULT([yes])
2194 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2197 AC_MSG_RESULT([yes])
2198 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2203 dnl make sure that openpty does not reacquire controlling terminal
2204 if test ! -z "$check_for_openpty_ctty_bug"; then
2205 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2209 #include <sys/fcntl.h>
2210 #include <sys/types.h>
2211 #include <sys/wait.h>
2214 int fd, ptyfd, ttyfd, status;
2217 if (pid < 0) { /* failed */
2219 } else if (pid > 0) { /* parent */
2220 waitpid(pid, &status, 0);
2221 if (WIFEXITED(status))
2222 exit(WEXITSTATUS(status));
2225 } else { /* child */
2226 close(0); close(1); close(2);
2228 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2229 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2231 exit(3); /* Acquired ctty: broken */
2233 exit(0); /* Did not acquire ctty: OK */
2237 AC_MSG_RESULT([yes])
2241 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2244 AC_MSG_RESULT([cross-compiling, assuming yes])
2249 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2250 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2251 AC_MSG_CHECKING([if getaddrinfo seems to work])
2255 #include <sys/socket.h>
2258 #include <netinet/in.h>
2260 #define TEST_PORT "2222"
2263 struct addrinfo *gai_ai, *ai, hints;
2264 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2266 memset(&hints, 0, sizeof(hints));
2267 hints.ai_family = PF_UNSPEC;
2268 hints.ai_socktype = SOCK_STREAM;
2269 hints.ai_flags = AI_PASSIVE;
2271 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2273 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2277 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2278 if (ai->ai_family != AF_INET6)
2281 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2282 sizeof(ntop), strport, sizeof(strport),
2283 NI_NUMERICHOST|NI_NUMERICSERV);
2286 if (err == EAI_SYSTEM)
2287 perror("getnameinfo EAI_SYSTEM");
2289 fprintf(stderr, "getnameinfo failed: %s\n",
2294 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2297 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2305 AC_MSG_RESULT([yes])
2309 AC_DEFINE([BROKEN_GETADDRINFO])
2312 AC_MSG_RESULT([cross-compiling, assuming yes])
2317 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2318 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2319 AC_MSG_CHECKING([if getaddrinfo seems to work])
2323 #include <sys/socket.h>
2326 #include <netinet/in.h>
2328 #define TEST_PORT "2222"
2331 struct addrinfo *gai_ai, *ai, hints;
2332 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2334 memset(&hints, 0, sizeof(hints));
2335 hints.ai_family = PF_UNSPEC;
2336 hints.ai_socktype = SOCK_STREAM;
2337 hints.ai_flags = AI_PASSIVE;
2339 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2341 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2345 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2346 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2349 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2350 sizeof(ntop), strport, sizeof(strport),
2351 NI_NUMERICHOST|NI_NUMERICSERV);
2353 if (ai->ai_family == AF_INET && err != 0) {
2354 perror("getnameinfo");
2361 AC_MSG_RESULT([yes])
2362 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2363 [Define if you have a getaddrinfo that fails
2364 for the all-zeros IPv6 address])
2368 AC_DEFINE([BROKEN_GETADDRINFO])
2371 AC_MSG_RESULT([cross-compiling, assuming no])
2376 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2377 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2378 [#include <sys/types.h>
2379 #include <sys/socket.h>
2380 #include <netdb.h>])
2383 if test "x$check_for_conflicting_getspnam" = "x1"; then
2384 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2385 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2391 AC_MSG_RESULT([yes])
2392 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2393 [Conflicting defs for getspnam])
2398 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2399 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2400 dnl for over ten years). Despite this incompatibility being reported during
2401 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2402 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2403 dnl implementation. Try to detect this mess, and assume the only safe option
2404 dnl if we're cross compiling.
2406 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2407 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2408 if test "x$ac_cv_func_strnvis" = "xyes"; then
2409 AC_MSG_CHECKING([for working strnvis])
2416 static void sighandler(int sig) { _exit(1); }
2420 signal(SIGSEGV, sighandler);
2421 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2425 [AC_MSG_RESULT([yes])],
2426 [AC_MSG_RESULT([no])
2427 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2428 [AC_MSG_WARN([cross compiling: assuming broken])
2429 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2435 # Search for OpenSSL
2436 saved_CPPFLAGS="$CPPFLAGS"
2437 saved_LDFLAGS="$LDFLAGS"
2438 AC_ARG_WITH([ssl-dir],
2439 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2441 if test "x$openssl" = "xno" ; then
2442 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2444 if test "x$withval" != "xno" ; then
2447 ./*|../*) withval="`pwd`/$withval"
2449 if test -d "$withval/lib"; then
2450 if test -n "${need_dash_r}"; then
2451 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2453 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2455 elif test -d "$withval/lib64"; then
2456 if test -n "${need_dash_r}"; then
2457 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2459 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2462 if test -n "${need_dash_r}"; then
2463 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2465 LDFLAGS="-L${withval} ${LDFLAGS}"
2468 if test -d "$withval/include"; then
2469 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2471 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2477 AC_ARG_WITH([openssl-header-check],
2478 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2480 if test "x$withval" = "xno" ; then
2481 openssl_check_nonfatal=1
2487 AC_ARG_WITH([ssl-engine],
2488 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2490 if test "x$withval" != "xno" ; then
2491 if test "x$openssl" = "xno" ; then
2492 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2499 if test "x$openssl" = "xyes" ; then
2500 LIBS="-lcrypto $LIBS"
2501 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2502 [Define if your ssl headers are included
2503 with #include <openssl/header.h>])],
2505 dnl Check default openssl install dir
2506 if test -n "${need_dash_r}"; then
2507 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2509 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2511 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2512 AC_CHECK_HEADER([openssl/opensslv.h], ,
2513 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2514 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2516 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2522 # Determine OpenSSL header version
2523 AC_MSG_CHECKING([OpenSSL header version])
2529 #include <openssl/opensslv.h>
2530 #define DATA "conftest.sslincver"
2535 fd = fopen(DATA,"w");
2539 if ((rc = fprintf(fd, "%08lx (%s)\n",
2540 (unsigned long)OPENSSL_VERSION_NUMBER,
2541 OPENSSL_VERSION_TEXT)) < 0)
2547 ssl_header_ver=`cat conftest.sslincver`
2548 AC_MSG_RESULT([$ssl_header_ver])
2551 AC_MSG_RESULT([not found])
2552 AC_MSG_ERROR([OpenSSL version header not found.])
2555 AC_MSG_WARN([cross compiling: not checking])
2559 # Determine OpenSSL library version
2560 AC_MSG_CHECKING([OpenSSL library version])
2565 #include <openssl/opensslv.h>
2566 #include <openssl/crypto.h>
2567 #define DATA "conftest.ssllibver"
2572 fd = fopen(DATA,"w");
2576 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
2577 SSLeay_version(SSLEAY_VERSION))) < 0)
2583 ssl_library_ver=`cat conftest.ssllibver`
2584 # Check version is supported.
2585 case "$ssl_library_ver" in
2586 0090[[0-7]]*|009080[[0-5]]*)
2587 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")])
2591 AC_MSG_RESULT([$ssl_library_ver])
2594 AC_MSG_RESULT([not found])
2595 AC_MSG_ERROR([OpenSSL library not found.])
2598 AC_MSG_WARN([cross compiling: not checking])
2602 # Sanity check OpenSSL headers
2603 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2607 #include <openssl/opensslv.h>
2608 #include <openssl/crypto.h>
2610 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2613 AC_MSG_RESULT([yes])
2617 if test "x$openssl_check_nonfatal" = "x"; then
2618 AC_MSG_ERROR([Your OpenSSL headers do not match your
2619 library. Check config.log for details.
2620 If you are sure your installation is consistent, you can disable the check
2621 by running "./configure --without-openssl-header-check".
2622 Also see contrib/findssl.sh for help identifying header/library mismatches.
2625 AC_MSG_WARN([Your OpenSSL headers do not match your
2626 library. Check config.log for details.
2627 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2631 AC_MSG_WARN([cross compiling: not checking])
2635 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2637 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2638 [[ SSLeay_add_all_algorithms(); ]])],
2640 AC_MSG_RESULT([yes])
2646 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2648 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2649 [[ SSLeay_add_all_algorithms(); ]])],
2651 AC_MSG_RESULT([yes])
2663 DSA_generate_parameters_ex \
2665 EVP_DigestFinal_ex \
2667 EVP_MD_CTX_cleanup \
2668 EVP_MD_CTX_copy_ex \
2670 RSA_generate_key_ex \
2671 RSA_get_default_method \
2674 if test "x$openssl_engine" = "xyes" ; then
2675 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2676 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2677 #include <openssl/engine.h>
2679 ENGINE_load_builtin_engines();
2680 ENGINE_register_all_complete();
2682 [ AC_MSG_RESULT([yes])
2683 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2684 [Enable OpenSSL engine support])
2685 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2689 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2690 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2694 #include <openssl/evp.h>
2696 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2702 AC_MSG_RESULT([yes])
2703 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2704 [libcrypto is missing AES 192 and 256 bit functions])
2708 # Check for OpenSSL with EVP_aes_*ctr
2709 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2713 #include <openssl/evp.h>
2715 exit(EVP_aes_128_ctr() == NULL ||
2716 EVP_aes_192_cbc() == NULL ||
2717 EVP_aes_256_cbc() == NULL);
2720 AC_MSG_RESULT([yes])
2721 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2722 [libcrypto has EVP AES CTR])
2729 # Check for OpenSSL with EVP_aes_*gcm
2730 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2734 #include <openssl/evp.h>
2736 exit(EVP_aes_128_gcm() == NULL ||
2737 EVP_aes_256_gcm() == NULL ||
2738 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2739 EVP_CTRL_GCM_IV_GEN == 0 ||
2740 EVP_CTRL_GCM_SET_TAG == 0 ||
2741 EVP_CTRL_GCM_GET_TAG == 0 ||
2742 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2745 AC_MSG_RESULT([yes])
2746 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2747 [libcrypto has EVP AES GCM])
2751 unsupported_algorithms="$unsupported_cipers \
2752 aes128-gcm@openssh.com \
2753 aes256-gcm@openssh.com"
2757 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2758 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2759 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2761 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2765 #include <openssl/evp.h>
2767 if(EVP_DigestUpdate(NULL, NULL,0))
2771 AC_MSG_RESULT([yes])
2775 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2776 [Define if EVP_DigestUpdate returns void])
2780 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2781 # because the system crypt() is more featureful.
2782 if test "x$check_for_libcrypt_before" = "x1"; then
2783 AC_CHECK_LIB([crypt], [crypt])
2786 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2787 # version in OpenSSL.
2788 if test "x$check_for_libcrypt_later" = "x1"; then
2789 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2791 AC_CHECK_FUNCS([crypt DES_crypt])
2793 # Search for SHA256 support in libc and/or OpenSSL
2794 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2795 [unsupported_algorithms="$unsupported_algorithms \
2798 diffie-hellman-group-exchange-sha256 \
2799 hmac-sha2-256-etm@openssh.com \
2800 hmac-sha2-512-etm@openssh.com"
2803 # Search for RIPE-MD support in OpenSSL
2804 AC_CHECK_FUNCS([EVP_ripemd160], ,
2805 [unsupported_algorithms="$unsupported_algorithms \
2807 hmac-ripemd160@openssh.com \
2808 hmac-ripemd160-etm@openssh.com"
2812 # Check complete ECC support in OpenSSL
2813 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2816 #include <openssl/ec.h>
2817 #include <openssl/ecdh.h>
2818 #include <openssl/ecdsa.h>
2819 #include <openssl/evp.h>
2820 #include <openssl/objects.h>
2821 #include <openssl/opensslv.h>
2822 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2823 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2826 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2827 const EVP_MD *m = EVP_sha256(); /* We need this too */
2829 [ AC_MSG_RESULT([yes])
2830 enable_nistp256=1 ],
2831 [ AC_MSG_RESULT([no]) ]
2834 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2837 #include <openssl/ec.h>
2838 #include <openssl/ecdh.h>
2839 #include <openssl/ecdsa.h>
2840 #include <openssl/evp.h>
2841 #include <openssl/objects.h>
2842 #include <openssl/opensslv.h>
2843 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2844 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2847 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2848 const EVP_MD *m = EVP_sha384(); /* We need this too */
2850 [ AC_MSG_RESULT([yes])
2851 enable_nistp384=1 ],
2852 [ AC_MSG_RESULT([no]) ]
2855 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2858 #include <openssl/ec.h>
2859 #include <openssl/ecdh.h>
2860 #include <openssl/ecdsa.h>
2861 #include <openssl/evp.h>
2862 #include <openssl/objects.h>
2863 #include <openssl/opensslv.h>
2864 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2865 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2868 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2869 const EVP_MD *m = EVP_sha512(); /* We need this too */
2871 [ AC_MSG_RESULT([yes])
2872 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2875 #include <openssl/ec.h>
2876 #include <openssl/ecdh.h>
2877 #include <openssl/ecdsa.h>
2878 #include <openssl/evp.h>
2879 #include <openssl/objects.h>
2880 #include <openssl/opensslv.h>
2882 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2883 const EVP_MD *m = EVP_sha512(); /* We need this too */
2884 exit(e == NULL || m == NULL);
2886 [ AC_MSG_RESULT([yes])
2887 enable_nistp521=1 ],
2888 [ AC_MSG_RESULT([no]) ],
2889 [ AC_MSG_WARN([cross-compiling: assuming yes])
2895 COMMENT_OUT_ECC="#no ecc#"
2898 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2899 test x$enable_nistp521 = x1; then
2900 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2902 if test x$enable_nistp256 = x1; then
2903 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2904 [libcrypto has NID_X9_62_prime256v1])
2908 unsupported_algorithms="$unsupported_algorithms \
2909 ecdsa-sha2-nistp256 \
2910 ecdh-sha2-nistp256 \
2911 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2913 if test x$enable_nistp384 = x1; then
2914 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2918 unsupported_algorithms="$unsupported_algorithms \
2919 ecdsa-sha2-nistp384 \
2920 ecdh-sha2-nistp384 \
2921 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2923 if test x$enable_nistp521 = x1; then
2924 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2928 unsupported_algorithms="$unsupported_algorithms \
2929 ecdh-sha2-nistp521 \
2930 ecdsa-sha2-nistp521 \
2931 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2934 AC_SUBST([TEST_SSH_ECC])
2935 AC_SUBST([COMMENT_OUT_ECC])
2937 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2938 AC_CHECK_FUNCS([crypt])
2945 arc4random_uniform \
2949 AC_CHECK_LIB([iaf], [ia_openinfo], [
2951 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2952 AC_DEFINE([HAVE_LIBIAF], [1],
2953 [Define if system has libiaf that supports set_id])
2958 ### Configure cryptographic random number support
2960 # Check wheter OpenSSL seeds itself
2961 if test "x$openssl" = "xyes" ; then
2962 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2966 #include <openssl/rand.h>
2968 exit(RAND_status() == 1 ? 0 : 1);
2971 OPENSSL_SEEDS_ITSELF=yes
2972 AC_MSG_RESULT([yes])
2978 AC_MSG_WARN([cross compiling: assuming yes])
2979 # This is safe, since we will fatal() at runtime if
2980 # OpenSSL is not seeded correctly.
2981 OPENSSL_SEEDS_ITSELF=yes
2987 AC_ARG_WITH([prngd-port],
2988 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2997 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3000 if test ! -z "$withval" ; then
3001 PRNGD_PORT="$withval"
3002 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3003 [Port number of PRNGD/EGD random number socket])
3008 # PRNGD Unix domain socket
3009 AC_ARG_WITH([prngd-socket],
3010 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3014 withval="/var/run/egd-pool"
3022 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3026 if test ! -z "$withval" ; then
3027 if test ! -z "$PRNGD_PORT" ; then
3028 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3030 if test ! -r "$withval" ; then
3031 AC_MSG_WARN([Entropy socket is not readable])
3033 PRNGD_SOCKET="$withval"
3034 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3035 [Location of PRNGD/EGD random number socket])
3039 # Check for existing socket only if we don't have a random device already
3040 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3041 AC_MSG_CHECKING([for PRNGD/EGD socket])
3042 # Insert other locations here
3043 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3044 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3045 PRNGD_SOCKET="$sock"
3046 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3050 if test ! -z "$PRNGD_SOCKET" ; then
3051 AC_MSG_RESULT([$PRNGD_SOCKET])
3053 AC_MSG_RESULT([not found])
3059 # Which randomness source do we use?
3060 if test ! -z "$PRNGD_PORT" ; then
3061 RAND_MSG="PRNGd port $PRNGD_PORT"
3062 elif test ! -z "$PRNGD_SOCKET" ; then
3063 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3064 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3065 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3066 [Define if you want the OpenSSL internally seeded PRNG only])
3067 RAND_MSG="OpenSSL internal ONLY"
3068 elif test "x$openssl" = "xno" ; then
3069 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3071 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3074 # Check for PAM libs
3077 [ --with-pam Enable PAM support ],
3079 if test "x$withval" != "xno" ; then
3080 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3081 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3082 AC_MSG_ERROR([PAM headers not found])
3086 AC_CHECK_LIB([dl], [dlopen], , )
3087 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3088 AC_CHECK_FUNCS([pam_getenvlist])
3089 AC_CHECK_FUNCS([pam_putenv])
3094 SSHDLIBS="$SSHDLIBS -lpam"
3095 AC_DEFINE([USE_PAM], [1],
3096 [Define if you want to enable PAM support])
3098 if test $ac_cv_lib_dl_dlopen = yes; then
3101 # libdl already in LIBS
3104 SSHDLIBS="$SSHDLIBS -ldl"
3112 AC_ARG_WITH([pam-service],
3113 [ --with-pam-service=name Specify PAM service name ],
3115 if test "x$withval" != "xno" && \
3116 test "x$withval" != "xyes" ; then
3117 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3118 ["$withval"], [sshd PAM service name])
3123 # Check for older PAM
3124 if test "x$PAM_MSG" = "xyes" ; then
3125 # Check PAM strerror arguments (old PAM)
3126 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3127 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3129 #if defined(HAVE_SECURITY_PAM_APPL_H)
3130 #include <security/pam_appl.h>
3131 #elif defined (HAVE_PAM_PAM_APPL_H)
3132 #include <pam/pam_appl.h>
3135 (void)pam_strerror((pam_handle_t *)NULL, -1);
3136 ]])], [AC_MSG_RESULT([no])], [
3137 AC_DEFINE([HAVE_OLD_PAM], [1],
3138 [Define if you have an old version of PAM
3139 which takes only one argument to pam_strerror])
3140 AC_MSG_RESULT([yes])
3141 PAM_MSG="yes (old library)"
3148 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3151 SSH_PRIVSEP_USER=sshd
3154 AC_ARG_WITH([privsep-user],
3155 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3157 if test -n "$withval" && test "x$withval" != "xno" && \
3158 test "x${withval}" != "xyes"; then
3159 SSH_PRIVSEP_USER=$withval
3163 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3164 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3165 [Cygwin function to fetch non-privileged user for privilege separation])
3167 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3168 [non-privileged user for privilege separation])
3170 AC_SUBST([SSH_PRIVSEP_USER])
3172 if test "x$have_linux_no_new_privs" = "x1" ; then
3173 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3174 #include <sys/types.h>
3175 #include <linux/seccomp.h>
3178 if test "x$have_seccomp_filter" = "x1" ; then
3179 AC_MSG_CHECKING([kernel for seccomp_filter support])
3180 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3183 #include <linux/audit.h>
3184 #include <linux/seccomp.h>
3186 #include <sys/prctl.h>
3188 [[ int i = $seccomp_audit_arch;
3190 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3191 exit(errno == EFAULT ? 0 : 1); ]])],
3192 [ AC_MSG_RESULT([yes]) ], [
3194 # Disable seccomp filter as a target
3195 have_seccomp_filter=0
3200 # Decide which sandbox style to use
3202 AC_ARG_WITH([sandbox],
3203 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3205 if test "x$withval" = "xyes" ; then
3208 sandbox_arg="$withval"
3213 # Some platforms (seems to be the ones that have a kernel poll(2)-type
3214 # function with which they implement select(2)) use an extra file descriptor
3215 # when calling select(2), which means we can't use the rlimit sandbox.
3216 AC_MSG_CHECKING([if select works with descriptor rlimit])
3219 #include <sys/types.h>
3220 #ifdef HAVE_SYS_TIME_H
3221 # include <sys/time.h>
3223 #include <sys/resource.h>
3224 #ifdef HAVE_SYS_SELECT_H
3225 # include <sys/select.h>
3231 struct rlimit rl_zero;
3236 fd = open("/dev/null", O_RDONLY);
3239 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3240 setrlimit(RLIMIT_FSIZE, &rl_zero);
3241 setrlimit(RLIMIT_NOFILE, &rl_zero);
3244 r = select(fd+1, &fds, NULL, NULL, &tv);
3245 exit (r == -1 ? 1 : 0);
3247 [AC_MSG_RESULT([yes])
3248 select_works_with_rlimit=yes],
3249 [AC_MSG_RESULT([no])
3250 select_works_with_rlimit=no],
3251 [AC_MSG_WARN([cross compiling: assuming yes])]
3254 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3257 #include <sys/types.h>
3258 #ifdef HAVE_SYS_TIME_H
3259 # include <sys/time.h>
3261 #include <sys/resource.h>
3265 struct rlimit rl_zero;
3269 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3270 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3271 exit (r == -1 ? 1 : 0);
3273 [AC_MSG_RESULT([yes])
3274 rlimit_nofile_zero_works=yes],
3275 [AC_MSG_RESULT([no])
3276 rlimit_nofile_zero_works=no],
3277 [AC_MSG_WARN([cross compiling: assuming yes])]
3280 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3283 #include <sys/types.h>
3284 #include <sys/resource.h>
3287 struct rlimit rl_zero;
3289 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3290 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3292 [AC_MSG_RESULT([yes])],
3293 [AC_MSG_RESULT([no])
3294 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3295 [setrlimit RLIMIT_FSIZE works])],
3296 [AC_MSG_WARN([cross compiling: assuming yes])]
3299 if test "x$sandbox_arg" = "xpledge" || \
3300 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3301 test "x$ac_cv_func_pledge" != "xyes" && \
3302 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3303 SANDBOX_STYLE="pledge"
3304 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3305 elif test "x$sandbox_arg" = "xsystrace" || \
3306 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3307 test "x$have_systr_policy_kill" != "x1" && \
3308 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3309 SANDBOX_STYLE="systrace"
3310 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3311 elif test "x$sandbox_arg" = "xdarwin" || \
3312 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3313 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3314 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3315 "x$ac_cv_header_sandbox_h" != "xyes" && \
3316 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3317 SANDBOX_STYLE="darwin"
3318 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3319 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3320 ( test -z "$sandbox_arg" && \
3321 test "x$have_seccomp_filter" = "x1" && \
3322 test "x$ac_cv_header_elf_h" = "xyes" && \
3323 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3324 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3325 test "x$seccomp_audit_arch" != "x" && \
3326 test "x$have_linux_no_new_privs" = "x1" && \
3327 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3328 test "x$seccomp_audit_arch" = "x" && \
3329 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3330 test "x$have_linux_no_new_privs" != "x1" && \
3331 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3332 test "x$have_seccomp_filter" != "x1" && \
3333 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3334 test "x$ac_cv_func_prctl" != "xyes" && \
3335 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3336 SANDBOX_STYLE="seccomp_filter"
3337 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3338 elif test "x$sandbox_arg" = "xcapsicum" || \
3339 ( test -z "$sandbox_arg" && \
3340 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3341 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3342 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3343 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3344 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3345 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3346 SANDBOX_STYLE="capsicum"
3347 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3348 elif test "x$sandbox_arg" = "xrlimit" || \
3349 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3350 test "x$select_works_with_rlimit" = "xyes" && \
3351 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3352 test "x$ac_cv_func_setrlimit" != "xyes" && \
3353 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3354 test "x$select_works_with_rlimit" != "xyes" && \
3355 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3356 SANDBOX_STYLE="rlimit"
3357 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3358 elif test "x$sandbox_arg" = "xsolaris" || \
3359 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3360 SANDBOX_STYLE="solaris"
3361 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3362 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3363 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3364 SANDBOX_STYLE="none"
3365 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3367 AC_MSG_ERROR([unsupported --with-sandbox])
3370 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3371 if test ! -z "$SONY" ; then
3372 LIBS="$LIBS -liberty";
3375 # Check for long long datatypes
3376 AC_CHECK_TYPES([long long, unsigned long long, long double])
3378 # Check datatype sizes
3379 AC_CHECK_SIZEOF([short int], [2])
3380 AC_CHECK_SIZEOF([int], [4])
3381 AC_CHECK_SIZEOF([long int], [4])
3382 AC_CHECK_SIZEOF([long long int], [8])
3384 # Sanity check long long for some platforms (AIX)
3385 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3386 ac_cv_sizeof_long_long_int=0
3389 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3390 if test -z "$have_llong_max"; then
3391 AC_MSG_CHECKING([for max value of long long])
3395 /* Why is this so damn hard? */
3399 #define __USE_ISOC99
3401 #define DATA "conftest.llminmax"
3402 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3405 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3406 * we do this the hard way.
3409 fprint_ll(FILE *f, long long n)
3412 int l[sizeof(long long) * 8];
3415 if (fprintf(f, "-") < 0)
3417 for (i = 0; n != 0; i++) {
3418 l[i] = my_abs(n % 10);
3422 if (fprintf(f, "%d", l[--i]) < 0)
3425 if (fprintf(f, " ") < 0)
3431 long long i, llmin, llmax = 0;
3433 if((f = fopen(DATA,"w")) == NULL)
3436 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3437 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3441 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3442 /* This will work on one's complement and two's complement */
3443 for (i = 1; i > llmax; i <<= 1, i++)
3445 llmin = llmax + 1LL; /* wrap */
3449 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3450 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3451 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3452 fprintf(f, "unknown unknown\n");
3456 if (fprint_ll(f, llmin) < 0)
3458 if (fprint_ll(f, llmax) < 0)
3465 llong_min=`$AWK '{print $1}' conftest.llminmax`
3466 llong_max=`$AWK '{print $2}' conftest.llminmax`
3468 AC_MSG_RESULT([$llong_max])
3469 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3470 [max value of long long calculated by configure])
3471 AC_MSG_CHECKING([for min value of long long])
3472 AC_MSG_RESULT([$llong_min])
3473 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3474 [min value of long long calculated by configure])
3477 AC_MSG_RESULT([not found])
3480 AC_MSG_WARN([cross compiling: not checking])
3486 # More checks for data types
3487 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3488 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3489 [[ u_int a; a = 1;]])],
3490 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3493 if test "x$ac_cv_have_u_int" = "xyes" ; then
3494 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3498 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3499 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3500 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3501 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3504 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3505 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3509 if (test -z "$have_intxx_t" && \
3510 test "x$ac_cv_header_stdint_h" = "xyes")
3512 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3513 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3514 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3516 AC_DEFINE([HAVE_INTXX_T])
3517 AC_MSG_RESULT([yes])
3518 ], [ AC_MSG_RESULT([no])
3522 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3523 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3524 #include <sys/types.h>
3525 #ifdef HAVE_STDINT_H
3526 # include <stdint.h>
3528 #include <sys/socket.h>
3529 #ifdef HAVE_SYS_BITYPES_H
3530 # include <sys/bitypes.h>
3535 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3538 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3539 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3542 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3543 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3544 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3545 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3548 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3549 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3553 if test -z "$have_u_intxx_t" ; then
3554 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3555 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3556 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3558 AC_DEFINE([HAVE_U_INTXX_T])
3559 AC_MSG_RESULT([yes])
3560 ], [ AC_MSG_RESULT([no])
3564 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3565 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3566 [[ u_int64_t a; a = 1;]])],
3567 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3570 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3571 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3575 if (test -z "$have_u_int64_t" && \
3576 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3578 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3579 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3580 [[ u_int64_t a; a = 1]])],
3582 AC_DEFINE([HAVE_U_INT64_T])
3583 AC_MSG_RESULT([yes])
3584 ], [ AC_MSG_RESULT([no])
3588 if test -z "$have_u_intxx_t" ; then
3589 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3590 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3591 #include <sys/types.h>
3598 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3601 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3602 AC_DEFINE([HAVE_UINTXX_T], [1],
3603 [define if you have uintxx_t data type])
3607 if (test -z "$have_uintxx_t" && \
3608 test "x$ac_cv_header_stdint_h" = "xyes")
3610 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3611 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3612 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3614 AC_DEFINE([HAVE_UINTXX_T])
3615 AC_MSG_RESULT([yes])
3616 ], [ AC_MSG_RESULT([no])
3620 if (test -z "$have_uintxx_t" && \
3621 test "x$ac_cv_header_inttypes_h" = "xyes")
3623 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3624 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3625 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3627 AC_DEFINE([HAVE_UINTXX_T])
3628 AC_MSG_RESULT([yes])
3629 ], [ AC_MSG_RESULT([no])
3633 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3634 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3636 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3637 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3638 #include <sys/bitypes.h>
3640 int8_t a; int16_t b; int32_t c;
3641 u_int8_t e; u_int16_t f; u_int32_t g;
3642 a = b = c = e = f = g = 1;
3645 AC_DEFINE([HAVE_U_INTXX_T])
3646 AC_DEFINE([HAVE_INTXX_T])
3647 AC_MSG_RESULT([yes])
3648 ], [AC_MSG_RESULT([no])
3653 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3654 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3655 [[ u_char foo; foo = 125; ]])],
3656 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3659 if test "x$ac_cv_have_u_char" = "xyes" ; then
3660 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3663 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3664 #include <sys/types.h>
3670 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3671 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3672 #include <sys/types.h>
3673 #ifdef HAVE_SYS_BITYPES_H
3674 #include <sys/bitypes.h>
3676 #ifdef HAVE_SYS_STATFS_H
3677 #include <sys/statfs.h>
3679 #ifdef HAVE_SYS_STATVFS_H
3680 #include <sys/statvfs.h>
3684 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3685 [#include <sys/types.h>
3686 #include <netinet/in.h>])
3688 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3689 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3690 [[ size_t foo; foo = 1235; ]])],
3691 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3694 if test "x$ac_cv_have_size_t" = "xyes" ; then
3695 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3698 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3699 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3700 [[ ssize_t foo; foo = 1235; ]])],
3701 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3704 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3705 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3708 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3709 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3710 [[ clock_t foo; foo = 1235; ]])],
3711 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3714 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3715 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3718 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3719 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3720 #include <sys/types.h>
3721 #include <sys/socket.h>
3722 ]], [[ sa_family_t foo; foo = 1235; ]])],
3723 [ ac_cv_have_sa_family_t="yes" ],
3724 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3725 #include <sys/types.h>
3726 #include <sys/socket.h>
3727 #include <netinet/in.h>
3728 ]], [[ sa_family_t foo; foo = 1235; ]])],
3729 [ ac_cv_have_sa_family_t="yes" ],
3730 [ ac_cv_have_sa_family_t="no" ]
3734 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3735 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3736 [define if you have sa_family_t data type])
3739 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3740 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3741 [[ pid_t foo; foo = 1235; ]])],
3742 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3745 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3746 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3749 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3750 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3751 [[ mode_t foo; foo = 1235; ]])],
3752 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3755 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3756 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3760 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3761 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3762 #include <sys/types.h>
3763 #include <sys/socket.h>
3764 ]], [[ struct sockaddr_storage s; ]])],
3765 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3766 [ ac_cv_have_struct_sockaddr_storage="no"
3769 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3770 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3771 [define if you have struct sockaddr_storage data type])
3774 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3775 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3776 #include <sys/types.h>
3777 #include <netinet/in.h>
3778 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3779 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3780 [ ac_cv_have_struct_sockaddr_in6="no"
3783 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3784 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3785 [define if you have struct sockaddr_in6 data type])
3788 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3789 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3790 #include <sys/types.h>
3791 #include <netinet/in.h>
3792 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3793 [ ac_cv_have_struct_in6_addr="yes" ],
3794 [ ac_cv_have_struct_in6_addr="no"
3797 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3798 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3799 [define if you have struct in6_addr data type])
3801 dnl Now check for sin6_scope_id
3802 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3804 #ifdef HAVE_SYS_TYPES_H
3805 #include <sys/types.h>
3807 #include <netinet/in.h>
3811 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3812 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3813 #include <sys/types.h>
3814 #include <sys/socket.h>
3816 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3817 [ ac_cv_have_struct_addrinfo="yes" ],
3818 [ ac_cv_have_struct_addrinfo="no"
3821 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3822 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3823 [define if you have struct addrinfo data type])
3826 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3827 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3828 [[ struct timeval tv; tv.tv_sec = 1;]])],
3829 [ ac_cv_have_struct_timeval="yes" ],
3830 [ ac_cv_have_struct_timeval="no"
3833 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3834 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3835 have_struct_timeval=1
3838 AC_CHECK_TYPES([struct timespec])
3840 # We need int64_t or else certian parts of the compile will fail.
3841 if test "x$ac_cv_have_int64_t" = "xno" && \
3842 test "x$ac_cv_sizeof_long_int" != "x8" && \
3843 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3844 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3845 echo "an alternative compiler (I.E., GCC) before continuing."
3849 dnl test snprintf (broken on SCO w/gcc)
3854 #ifdef HAVE_SNPRINTF
3858 char expected_out[50];
3860 #if (SIZEOF_LONG_INT == 8)
3861 long int num = 0x7fffffffffffffff;
3863 long long num = 0x7fffffffffffffffll;
3865 strcpy(expected_out, "9223372036854775807");
3866 snprintf(buf, mazsize, "%lld", num);
3867 if(strcmp(buf, expected_out) != 0)
3874 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3875 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3879 dnl Checks for structure members
3880 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3881 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3882 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3883 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3884 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3885 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3886 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3887 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3888 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3889 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3890 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3891 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3892 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3893 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3894 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3895 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3896 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3898 AC_CHECK_MEMBERS([struct stat.st_blksize])
3899 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3900 struct passwd.pw_change, struct passwd.pw_expire],
3902 #include <sys/types.h>
3906 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3907 [Define if we don't have struct __res_state in resolv.h])],
3910 #if HAVE_SYS_TYPES_H
3911 # include <sys/types.h>
3913 #include <netinet/in.h>
3914 #include <arpa/nameser.h>
3918 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3919 ac_cv_have_ss_family_in_struct_ss, [
3920 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3921 #include <sys/types.h>
3922 #include <sys/socket.h>
3923 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3924 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3925 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3927 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3928 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3931 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3932 ac_cv_have___ss_family_in_struct_ss, [
3933 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3934 #include <sys/types.h>
3935 #include <sys/socket.h>
3936 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3937 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3938 [ ac_cv_have___ss_family_in_struct_ss="no"
3941 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3942 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3943 [Fields in struct sockaddr_storage])
3946 dnl make sure we're using the real structure members and not defines
3947 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3948 ac_cv_have_accrights_in_msghdr, [
3949 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3950 #include <sys/types.h>
3951 #include <sys/socket.h>
3952 #include <sys/uio.h>
3954 #ifdef msg_accrights
3955 #error "msg_accrights is a macro"
3959 m.msg_accrights = 0;
3962 [ ac_cv_have_accrights_in_msghdr="yes" ],
3963 [ ac_cv_have_accrights_in_msghdr="no" ]
3966 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3967 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3968 [Define if your system uses access rights style
3969 file descriptor passing])
3972 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3973 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3974 #include <sys/param.h>
3975 #include <sys/stat.h>
3976 #ifdef HAVE_SYS_TIME_H
3977 # include <sys/time.h>
3979 #ifdef HAVE_SYS_MOUNT_H
3980 #include <sys/mount.h>
3982 #ifdef HAVE_SYS_STATVFS_H
3983 #include <sys/statvfs.h>
3985 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3986 [ AC_MSG_RESULT([yes]) ],
3987 [ AC_MSG_RESULT([no])
3989 AC_MSG_CHECKING([if fsid_t has member val])
3990 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3991 #include <sys/types.h>
3992 #include <sys/statvfs.h>
3993 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3994 [ AC_MSG_RESULT([yes])
3995 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3996 [ AC_MSG_RESULT([no]) ])
3998 AC_MSG_CHECKING([if f_fsid has member __val])
3999 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4000 #include <sys/types.h>
4001 #include <sys/statvfs.h>
4002 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4003 [ AC_MSG_RESULT([yes])
4004 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4005 [ AC_MSG_RESULT([no]) ])
4008 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4009 ac_cv_have_control_in_msghdr, [
4010 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4011 #include <sys/types.h>
4012 #include <sys/socket.h>
4013 #include <sys/uio.h>
4016 #error "msg_control is a macro"
4023 [ ac_cv_have_control_in_msghdr="yes" ],
4024 [ ac_cv_have_control_in_msghdr="no" ]
4027 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4028 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4029 [Define if your system uses ancillary data style
4030 file descriptor passing])
4033 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4034 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4035 [[ extern char *__progname; printf("%s", __progname); ]])],
4036 [ ac_cv_libc_defines___progname="yes" ],
4037 [ ac_cv_libc_defines___progname="no"
4040 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4041 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4044 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4045 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4046 [[ printf("%s", __FUNCTION__); ]])],
4047 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4048 [ ac_cv_cc_implements___FUNCTION__="no"
4051 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4052 AC_DEFINE([HAVE___FUNCTION__], [1],
4053 [Define if compiler implements __FUNCTION__])
4056 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4057 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4058 [[ printf("%s", __func__); ]])],
4059 [ ac_cv_cc_implements___func__="yes" ],
4060 [ ac_cv_cc_implements___func__="no"
4063 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4064 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4067 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4068 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4071 ]], [[ va_copy(x,y); ]])],
4072 [ ac_cv_have_va_copy="yes" ],
4073 [ ac_cv_have_va_copy="no"
4076 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4077 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4080 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4081 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4084 ]], [[ __va_copy(x,y); ]])],
4085 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4088 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4089 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4092 AC_CACHE_CHECK([whether getopt has optreset support],
4093 ac_cv_have_getopt_optreset, [
4094 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4095 [[ extern int optreset; optreset = 0; ]])],
4096 [ ac_cv_have_getopt_optreset="yes" ],
4097 [ ac_cv_have_getopt_optreset="no"
4100 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4101 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4102 [Define if your getopt(3) defines and uses optreset])
4105 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4106 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4107 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4108 [ ac_cv_libc_defines_sys_errlist="yes" ],
4109 [ ac_cv_libc_defines_sys_errlist="no"
4112 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4113 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4114 [Define if your system defines sys_errlist[]])
4118 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4119 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4120 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4121 [ ac_cv_libc_defines_sys_nerr="yes" ],
4122 [ ac_cv_libc_defines_sys_nerr="no"
4125 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4126 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4129 # Check libraries needed by DNS fingerprint support
4130 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4131 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4132 [Define if getrrsetbyname() exists])],
4134 # Needed by our getrrsetbyname()
4135 AC_SEARCH_LIBS([res_query], [resolv])
4136 AC_SEARCH_LIBS([dn_expand], [resolv])
4137 AC_MSG_CHECKING([if res_query will link])
4138 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4139 #include <sys/types.h>
4140 #include <netinet/in.h>
4141 #include <arpa/nameser.h>
4145 res_query (0, 0, 0, 0, 0);
4147 AC_MSG_RESULT([yes]),
4148 [AC_MSG_RESULT([no])
4150 LIBS="$LIBS -lresolv"
4151 AC_MSG_CHECKING([for res_query in -lresolv])
4152 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4153 #include <sys/types.h>
4154 #include <netinet/in.h>
4155 #include <arpa/nameser.h>
4159 res_query (0, 0, 0, 0, 0);
4161 [AC_MSG_RESULT([yes])],
4163 AC_MSG_RESULT([no])])
4165 AC_CHECK_FUNCS([_getshort _getlong])
4166 AC_CHECK_DECLS([_getshort, _getlong], , ,
4167 [#include <sys/types.h>
4168 #include <arpa/nameser.h>])
4169 AC_CHECK_MEMBER([HEADER.ad],
4170 [AC_DEFINE([HAVE_HEADER_AD], [1],
4171 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4172 [#include <arpa/nameser.h>])
4175 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4176 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4178 #if HAVE_SYS_TYPES_H
4179 # include <sys/types.h>
4181 #include <netinet/in.h>
4182 #include <arpa/nameser.h>
4184 extern struct __res_state _res;
4186 struct __res_state *volatile p = &_res; /* force resolution of _res */
4189 [AC_MSG_RESULT([yes])
4190 AC_DEFINE([HAVE__RES_EXTERN], [1],
4191 [Define if you have struct __res_state _res as an extern])
4193 [ AC_MSG_RESULT([no]) ]
4196 # Check whether user wants SELinux support
4199 AC_ARG_WITH([selinux],
4200 [ --with-selinux Enable SELinux support],
4201 [ if test "x$withval" != "xno" ; then
4203 AC_DEFINE([WITH_SELINUX], [1],
4204 [Define if you want SELinux support.])
4206 AC_CHECK_HEADER([selinux/selinux.h], ,
4207 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4208 AC_CHECK_LIB([selinux], [setexeccon],
4209 [ LIBSELINUX="-lselinux"
4210 LIBS="$LIBS -lselinux"
4212 AC_MSG_ERROR([SELinux support requires libselinux library]))
4213 SSHLIBS="$SSHLIBS $LIBSELINUX"
4214 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4215 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4220 AC_SUBST([SSHDLIBS])
4222 # Check whether user wants Kerberos 5 support
4224 AC_ARG_WITH([kerberos5],
4225 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4226 [ if test "x$withval" != "xno" ; then
4227 if test "x$withval" = "xyes" ; then
4228 KRB5ROOT="/usr/local"
4233 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4236 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4237 [$KRB5ROOT/bin/krb5-config],
4238 [$KRB5ROOT/bin:$PATH])
4239 if test -x $KRB5CONF ; then
4240 K5CFLAGS="`$KRB5CONF --cflags`"
4241 K5LIBS="`$KRB5CONF --libs`"
4242 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4244 AC_MSG_CHECKING([for gssapi support])
4245 if $KRB5CONF | grep gssapi >/dev/null ; then
4246 AC_MSG_RESULT([yes])
4247 AC_DEFINE([GSSAPI], [1],
4248 [Define this if you want GSSAPI
4249 support in the version 2 protocol])
4250 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4251 GSSLIBS="`$KRB5CONF --libs gssapi`"
4252 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4256 AC_MSG_CHECKING([whether we are using Heimdal])
4257 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4258 ]], [[ char *tmp = heimdal_version; ]])],
4259 [ AC_MSG_RESULT([yes])
4260 AC_DEFINE([HEIMDAL], [1],
4261 [Define this if you are using the Heimdal
4262 version of Kerberos V5]) ],
4263 [AC_MSG_RESULT([no])
4266 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4267 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4268 AC_MSG_CHECKING([whether we are using Heimdal])
4269 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4270 ]], [[ char *tmp = heimdal_version; ]])],
4271 [ AC_MSG_RESULT([yes])
4272 AC_DEFINE([HEIMDAL])
4274 K5LIBS="$K5LIBS -lcom_err -lasn1"
4275 AC_CHECK_LIB([roken], [net_write],
4276 [K5LIBS="$K5LIBS -lroken"])
4277 AC_CHECK_LIB([des], [des_cbc_encrypt],
4278 [K5LIBS="$K5LIBS -ldes"])
4279 ], [ AC_MSG_RESULT([no])
4280 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4282 AC_SEARCH_LIBS([dn_expand], [resolv])
4284 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4285 [ AC_DEFINE([GSSAPI])
4286 GSSLIBS="-lgssapi_krb5" ],
4287 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4288 [ AC_DEFINE([GSSAPI])
4289 GSSLIBS="-lgssapi" ],
4290 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4291 [ AC_DEFINE([GSSAPI])
4293 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4297 AC_CHECK_HEADER([gssapi.h], ,
4298 [ unset ac_cv_header_gssapi_h
4299 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4300 AC_CHECK_HEADERS([gssapi.h], ,
4301 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4307 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4308 AC_CHECK_HEADER([gssapi_krb5.h], ,
4309 [ CPPFLAGS="$oldCPP" ])
4312 if test ! -z "$need_dash_r" ; then
4313 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4315 if test ! -z "$blibpath" ; then
4316 blibpath="$blibpath:${KRB5ROOT}/lib"
4319 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4320 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4321 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4323 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4324 [Define this if you want to use libkafs' AFS support])])
4326 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4327 #ifdef HAVE_GSSAPI_H
4328 # include <gssapi.h>
4329 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4330 # include <gssapi/gssapi.h>
4333 #ifdef HAVE_GSSAPI_GENERIC_H
4334 # include <gssapi_generic.h>
4335 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4336 # include <gssapi/gssapi_generic.h>
4340 LIBS="$LIBS $K5LIBS"
4341 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4350 # Looking for programs, paths and files
4352 PRIVSEP_PATH=/var/empty
4353 AC_ARG_WITH([privsep-path],
4354 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4356 if test -n "$withval" && test "x$withval" != "xno" && \
4357 test "x${withval}" != "xyes"; then
4358 PRIVSEP_PATH=$withval
4362 AC_SUBST([PRIVSEP_PATH])
4364 AC_ARG_WITH([xauth],
4365 [ --with-xauth=PATH Specify path to xauth program ],
4367 if test -n "$withval" && test "x$withval" != "xno" && \
4368 test "x${withval}" != "xyes"; then
4374 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4375 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4376 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4377 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4378 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4379 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4380 xauth_path="/usr/openwin/bin/xauth"
4386 AC_ARG_ENABLE([strip],
4387 [ --disable-strip Disable calling strip(1) on install],
4389 if test "x$enableval" = "xno" ; then
4394 AC_SUBST([STRIP_OPT])
4396 if test -z "$xauth_path" ; then
4397 XAUTH_PATH="undefined"
4398 AC_SUBST([XAUTH_PATH])
4400 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4401 [Define if xauth is found in your path])
4402 XAUTH_PATH=$xauth_path
4403 AC_SUBST([XAUTH_PATH])
4406 dnl # --with-maildir=/path/to/mail gets top priority.
4407 dnl # if maildir is set in the platform case statement above we use that.
4408 dnl # Otherwise we run a program to get the dir from system headers.
4409 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4410 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4411 dnl # session.c expects anyway. Otherwise we set to the value found
4412 dnl # stripping any trailing slash. If for some strage reason our program
4413 dnl # does not find what it needs, we default to /var/spool/mail.
4414 # Check for mail directory
4415 AC_ARG_WITH([maildir],
4416 [ --with-maildir=/path/to/mail Specify your system mail directory],
4418 if test "X$withval" != X && test "x$withval" != xno && \
4419 test "x${withval}" != xyes; then
4420 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4421 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4424 if test "X$maildir" != "X"; then
4425 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4427 AC_MSG_CHECKING([Discovering system mail directory])
4435 #ifdef HAVE_MAILLOCK_H
4436 #include <maillock.h>
4438 #define DATA "conftest.maildir"
4443 fd = fopen(DATA,"w");
4447 #if defined (_PATH_MAILDIR)
4448 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4450 #elif defined (MAILDIR)
4451 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4453 #elif defined (_PATH_MAIL)
4454 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4463 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4464 maildir=`awk -F: '{print $2}' conftest.maildir \
4466 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4467 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4468 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4472 if test "X$ac_status" = "X2";then
4473 # our test program didn't find it. Default to /var/spool/mail
4474 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4475 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4477 AC_MSG_RESULT([*** not found ***])
4481 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4488 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4489 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4490 disable_ptmx_check=yes
4492 if test -z "$no_dev_ptmx" ; then
4493 if test "x$disable_ptmx_check" != "xyes" ; then
4494 AC_CHECK_FILE(["/dev/ptmx"],
4496 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4497 [Define if you have /dev/ptmx])
4504 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4505 AC_CHECK_FILE(["/dev/ptc"],
4507 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4508 [Define if you have /dev/ptc])
4513 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4516 # Options from here on. Some of these are preset by platform above
4517 AC_ARG_WITH([mantype],
4518 [ --with-mantype=man|cat|doc Set man page type],
4525 AC_MSG_ERROR([invalid man type: $withval])
4530 if test -z "$MANTYPE"; then
4531 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4532 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4533 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4535 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4542 if test "$MANTYPE" = "doc"; then
4547 AC_SUBST([mansubdir])
4549 # Check whether to enable MD5 passwords
4551 AC_ARG_WITH([md5-passwords],
4552 [ --with-md5-passwords Enable use of MD5 passwords],
4554 if test "x$withval" != "xno" ; then
4555 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4556 [Define if you want to allow MD5 passwords])
4562 # Whether to disable shadow password support
4563 AC_ARG_WITH([shadow],
4564 [ --without-shadow Disable shadow password support],
4566 if test "x$withval" = "xno" ; then
4567 AC_DEFINE([DISABLE_SHADOW])
4573 if test -z "$disable_shadow" ; then
4574 AC_MSG_CHECKING([if the systems has expire shadow information])
4575 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4576 #include <sys/types.h>
4579 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4580 [ sp_expire_available=yes ], [
4583 if test "x$sp_expire_available" = "xyes" ; then
4584 AC_MSG_RESULT([yes])
4585 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4586 [Define if you want to use shadow password expire field])
4592 # Use ip address instead of hostname in $DISPLAY
4593 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4594 DISPLAY_HACK_MSG="yes"
4595 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4596 [Define if you need to use IP address
4597 instead of hostname in $DISPLAY])
4599 DISPLAY_HACK_MSG="no"
4600 AC_ARG_WITH([ipaddr-display],
4601 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
4603 if test "x$withval" != "xno" ; then
4604 AC_DEFINE([IPADDR_IN_DISPLAY])
4605 DISPLAY_HACK_MSG="yes"
4611 # check for /etc/default/login and use it if present.
4612 AC_ARG_ENABLE([etc-default-login],
4613 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4614 [ if test "x$enableval" = "xno"; then
4615 AC_MSG_NOTICE([/etc/default/login handling disabled])
4616 etc_default_login=no
4618 etc_default_login=yes
4620 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4622 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4623 etc_default_login=no
4625 etc_default_login=yes
4629 if test "x$etc_default_login" != "xno"; then
4630 AC_CHECK_FILE(["/etc/default/login"],
4631 [ external_path_file=/etc/default/login ])
4632 if test "x$external_path_file" = "x/etc/default/login"; then
4633 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4634 [Define if your system has /etc/default/login])
4638 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4639 if test $ac_cv_func_login_getcapbool = "yes" && \
4640 test $ac_cv_header_login_cap_h = "yes" ; then
4641 external_path_file=/etc/login.conf
4644 # Whether to mess with the default path
4645 SERVER_PATH_MSG="(default)"
4646 AC_ARG_WITH([default-path],
4647 [ --with-default-path= Specify default $PATH environment for server],
4649 if test "x$external_path_file" = "x/etc/login.conf" ; then
4651 --with-default-path=PATH has no effect on this system.
4652 Edit /etc/login.conf instead.])
4653 elif test "x$withval" != "xno" ; then
4654 if test ! -z "$external_path_file" ; then
4656 --with-default-path=PATH will only be used if PATH is not defined in
4657 $external_path_file .])
4659 user_path="$withval"
4660 SERVER_PATH_MSG="$withval"
4663 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4664 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4666 if test ! -z "$external_path_file" ; then
4668 If PATH is defined in $external_path_file, ensure the path to scp is included,
4669 otherwise scp will not work.])
4673 /* find out what STDPATH is */
4678 #ifndef _PATH_STDPATH
4679 # ifdef _PATH_USERPATH /* Irix */
4680 # define _PATH_STDPATH _PATH_USERPATH
4682 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4685 #include <sys/types.h>
4686 #include <sys/stat.h>
4688 #define DATA "conftest.stdpath"
4693 fd = fopen(DATA,"w");
4697 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4702 [ user_path=`cat conftest.stdpath` ],
4703 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4704 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4706 # make sure $bindir is in USER_PATH so scp will work
4707 t_bindir="${bindir}"
4708 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4709 t_bindir=`eval echo ${t_bindir}`
4711 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4714 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4717 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4718 if test $? -ne 0 ; then
4719 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4720 if test $? -ne 0 ; then
4721 user_path=$user_path:$t_bindir
4722 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4727 if test "x$external_path_file" != "x/etc/login.conf" ; then
4728 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4729 AC_SUBST([user_path])
4732 # Set superuser path separately to user path
4733 AC_ARG_WITH([superuser-path],
4734 [ --with-superuser-path= Specify different path for super-user],
4736 if test -n "$withval" && test "x$withval" != "xno" && \
4737 test "x${withval}" != "xyes"; then
4738 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4739 [Define if you want a different $PATH
4741 superuser_path=$withval
4747 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4748 IPV4_IN6_HACK_MSG="no"
4750 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4752 if test "x$withval" != "xno" ; then
4753 AC_MSG_RESULT([yes])
4754 AC_DEFINE([IPV4_IN_IPV6], [1],
4755 [Detect IPv4 in IPv6 mapped addresses
4757 IPV4_IN6_HACK_MSG="yes"
4762 if test "x$inet6_default_4in6" = "xyes"; then
4763 AC_MSG_RESULT([yes (default)])
4764 AC_DEFINE([IPV4_IN_IPV6])
4765 IPV4_IN6_HACK_MSG="yes"
4767 AC_MSG_RESULT([no (default)])
4772 # Whether to enable BSD auth support
4774 AC_ARG_WITH([bsd-auth],
4775 [ --with-bsd-auth Enable BSD auth support],
4777 if test "x$withval" != "xno" ; then
4778 AC_DEFINE([BSD_AUTH], [1],
4779 [Define if you have BSD auth support])
4785 # Where to place sshd.pid
4787 # make sure the directory exists
4788 if test ! -d $piddir ; then
4789 piddir=`eval echo ${sysconfdir}`
4791 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4795 AC_ARG_WITH([pid-dir],
4796 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4798 if test -n "$withval" && test "x$withval" != "xno" && \
4799 test "x${withval}" != "xyes"; then
4801 if test ! -d $piddir ; then
4802 AC_MSG_WARN([** no $piddir directory on this system **])
4808 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4809 [Specify location of ssh.pid])
4812 dnl allow user to disable some login recording features
4813 AC_ARG_ENABLE([lastlog],
4814 [ --disable-lastlog disable use of lastlog even if detected [no]],
4816 if test "x$enableval" = "xno" ; then
4817 AC_DEFINE([DISABLE_LASTLOG])
4821 AC_ARG_ENABLE([utmp],
4822 [ --disable-utmp disable use of utmp even if detected [no]],
4824 if test "x$enableval" = "xno" ; then
4825 AC_DEFINE([DISABLE_UTMP])
4829 AC_ARG_ENABLE([utmpx],
4830 [ --disable-utmpx disable use of utmpx even if detected [no]],
4832 if test "x$enableval" = "xno" ; then
4833 AC_DEFINE([DISABLE_UTMPX], [1],
4834 [Define if you don't want to use utmpx])
4838 AC_ARG_ENABLE([wtmp],
4839 [ --disable-wtmp disable use of wtmp even if detected [no]],
4841 if test "x$enableval" = "xno" ; then
4842 AC_DEFINE([DISABLE_WTMP])
4846 AC_ARG_ENABLE([wtmpx],
4847 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4849 if test "x$enableval" = "xno" ; then
4850 AC_DEFINE([DISABLE_WTMPX], [1],
4851 [Define if you don't want to use wtmpx])
4855 AC_ARG_ENABLE([libutil],
4856 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4858 if test "x$enableval" = "xno" ; then
4859 AC_DEFINE([DISABLE_LOGIN])
4863 AC_ARG_ENABLE([pututline],
4864 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4866 if test "x$enableval" = "xno" ; then
4867 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4868 [Define if you don't want to use pututline()
4869 etc. to write [uw]tmp])
4873 AC_ARG_ENABLE([pututxline],
4874 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4876 if test "x$enableval" = "xno" ; then
4877 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4878 [Define if you don't want to use pututxline()
4879 etc. to write [uw]tmpx])
4883 AC_ARG_WITH([lastlog],
4884 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4886 if test "x$withval" = "xno" ; then
4887 AC_DEFINE([DISABLE_LASTLOG])
4888 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4889 conf_lastlog_location=$withval
4894 dnl lastlog, [uw]tmpx? detection
4895 dnl NOTE: set the paths in the platform section to avoid the
4896 dnl need for command-line parameters
4897 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4899 dnl lastlog detection
4900 dnl NOTE: the code itself will detect if lastlog is a directory
4901 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4902 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4903 #include <sys/types.h>
4905 #ifdef HAVE_LASTLOG_H
4906 # include <lastlog.h>
4914 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4915 [ AC_MSG_RESULT([yes]) ],
4918 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4919 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4920 #include <sys/types.h>
4922 #ifdef HAVE_LASTLOG_H
4923 # include <lastlog.h>
4928 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4929 [ AC_MSG_RESULT([yes]) ],
4932 system_lastlog_path=no
4936 if test -z "$conf_lastlog_location"; then
4937 if test x"$system_lastlog_path" = x"no" ; then
4938 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4939 if (test -d "$f" || test -f "$f") ; then
4940 conf_lastlog_location=$f
4943 if test -z "$conf_lastlog_location"; then
4944 AC_MSG_WARN([** Cannot find lastlog **])
4945 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4950 if test -n "$conf_lastlog_location"; then
4951 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4952 [Define if you want to specify the path to your lastlog file])
4956 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4957 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4958 #include <sys/types.h>
4963 ]], [[ char *utmp = UTMP_FILE; ]])],
4964 [ AC_MSG_RESULT([yes]) ],
4965 [ AC_MSG_RESULT([no])
4968 if test -z "$conf_utmp_location"; then
4969 if test x"$system_utmp_path" = x"no" ; then
4970 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4971 if test -f $f ; then
4972 conf_utmp_location=$f
4975 if test -z "$conf_utmp_location"; then
4976 AC_DEFINE([DISABLE_UTMP])
4980 if test -n "$conf_utmp_location"; then
4981 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4982 [Define if you want to specify the path to your utmp file])
4986 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4987 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4988 #include <sys/types.h>
4993 ]], [[ char *wtmp = WTMP_FILE; ]])],
4994 [ AC_MSG_RESULT([yes]) ],
4995 [ AC_MSG_RESULT([no])
4998 if test -z "$conf_wtmp_location"; then
4999 if test x"$system_wtmp_path" = x"no" ; then
5000 for f in /usr/adm/wtmp /var/log/wtmp; do
5001 if test -f $f ; then
5002 conf_wtmp_location=$f
5005 if test -z "$conf_wtmp_location"; then
5006 AC_DEFINE([DISABLE_WTMP])
5010 if test -n "$conf_wtmp_location"; then
5011 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5012 [Define if you want to specify the path to your wtmp file])
5016 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5017 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5018 #include <sys/types.h>
5026 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5027 [ AC_MSG_RESULT([yes]) ],
5028 [ AC_MSG_RESULT([no])
5029 system_wtmpx_path=no
5031 if test -z "$conf_wtmpx_location"; then
5032 if test x"$system_wtmpx_path" = x"no" ; then
5033 AC_DEFINE([DISABLE_WTMPX])
5036 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5037 [Define if you want to specify the path to your wtmpx file])
5041 if test ! -z "$blibpath" ; then
5042 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5043 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5046 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5047 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5048 AC_DEFINE([DISABLE_LASTLOG])
5051 #ifdef HAVE_SYS_TYPES_H
5052 #include <sys/types.h>
5060 #ifdef HAVE_LASTLOG_H
5061 #include <lastlog.h>
5065 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5066 AC_DEFINE([DISABLE_UTMP])
5067 AC_DEFINE([DISABLE_WTMP])
5069 #ifdef HAVE_SYS_TYPES_H
5070 #include <sys/types.h>
5078 #ifdef HAVE_LASTLOG_H
5079 #include <lastlog.h>
5083 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5085 CFLAGS="$CFLAGS $werror_flags"
5087 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5092 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5093 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5094 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5095 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5096 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5099 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5100 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5104 # Print summary of options
5106 # Someone please show me a better way :)
5107 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5108 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5109 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5110 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5111 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5112 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5113 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5114 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5115 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5116 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5119 echo "OpenSSH has been configured with the following options:"
5120 echo " User binaries: $B"
5121 echo " System binaries: $C"
5122 echo " Configuration files: $D"
5123 echo " Askpass program: $E"
5124 echo " Manual pages: $F"
5125 echo " PID file: $G"
5126 echo " Privilege separation chroot path: $H"
5127 if test "x$external_path_file" = "x/etc/login.conf" ; then
5128 echo " At runtime, sshd will use the path defined in $external_path_file"
5129 echo " Make sure the path to scp is present, otherwise scp will not work"
5131 echo " sshd default user PATH: $I"
5132 if test ! -z "$external_path_file"; then
5133 echo " (If PATH is set in $external_path_file it will be used instead. If"
5134 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5137 if test ! -z "$superuser_path" ; then
5138 echo " sshd superuser user PATH: $J"
5140 echo " Manpage format: $MANTYPE"
5141 echo " PAM support: $PAM_MSG"
5142 echo " OSF SIA support: $SIA_MSG"
5143 echo " KerberosV support: $KRB5_MSG"
5144 echo " SELinux support: $SELINUX_MSG"
5145 echo " Smartcard support: $SCARD_MSG"
5146 echo " S/KEY support: $SKEY_MSG"
5147 echo " TCP Wrappers support: $TCPW_MSG"
5148 echo " MD5 password support: $MD5_MSG"
5149 echo " libedit support: $LIBEDIT_MSG"
5150 echo " Solaris process contract support: $SPC_MSG"
5151 echo " Solaris project support: $SP_MSG"
5152 echo " Solaris privilege support: $SPP_MSG"
5153 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5154 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5155 echo " BSD Auth support: $BSD_AUTH_MSG"
5156 echo " Random number source: $RAND_MSG"
5157 echo " Privsep sandbox style: $SANDBOX_STYLE"
5161 echo " Host: ${host}"
5162 echo " Compiler: ${CC}"
5163 echo " Compiler flags: ${CFLAGS}"
5164 echo "Preprocessor flags: ${CPPFLAGS}"
5165 echo " Linker flags: ${LDFLAGS}"
5166 echo " Libraries: ${LIBS}"
5167 if test ! -z "${SSHDLIBS}"; then
5168 echo " +for sshd: ${SSHDLIBS}"
5170 if test ! -z "${SSHLIBS}"; then
5171 echo " +for ssh: ${SSHLIBS}"
5176 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5177 echo "SVR4 style packages are supported with \"make package\""
5181 if test "x$PAM_MSG" = "xyes" ; then
5182 echo "PAM is enabled. You may need to install a PAM control file "
5183 echo "for sshd, otherwise password authentication may fail. "
5184 echo "Example PAM control files can be found in the contrib/ "
5189 if test ! -z "$NO_PEERCHECK" ; then
5190 echo "WARNING: the operating system that you are using does not"
5191 echo "appear to support getpeereid(), getpeerucred() or the"
5192 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5193 echo "enforce security checks to prevent unauthorised connections to"
5194 echo "ssh-agent. Their absence increases the risk that a malicious"
5195 echo "user can connect to your agent."
5199 if test "$AUDIT_MODULE" = "bsm" ; then
5200 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5201 echo "See the Solaris section in README.platform for details."