2 # Copyright (c) 1999-2004 Damien Miller
4 # Permission to use, copy, modify, and distribute this software for any
5 # purpose with or without fee is hereby granted, provided that the above
6 # copyright notice and this permission notice appear in all copies.
8 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17 AC_CONFIG_MACRO_DIR([m4])
18 AC_CONFIG_SRCDIR([ssh.c])
20 # Check for stale configure as early as possible.
21 for i in $srcdir/configure.ac $srcdir/m4/*.m4; do
22 if test "$i" -nt "$srcdir/configure"; then
23 AC_MSG_ERROR([$i newer than configure, run autoreconf])
29 AC_CONFIG_HEADERS([config.h])
30 AC_PROG_CC([cc gcc clang])
32 # XXX relax this after reimplementing logit() etc.
33 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
34 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
35 int f(int a, int b, int c) { return a + b + c; }
36 #define F(a, ...) f(a, __VA_ARGS__)
37 ]], [[return F(1, 2, -3);]])],
38 [ AC_MSG_RESULT([yes]) ],
39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
45 # Checks for programs.
52 AC_CHECK_TOOLS([AR], [ar])
53 AC_PATH_PROG([CAT], [cat])
54 AC_PATH_PROG([KILL], [kill])
55 AC_PATH_PROG([SED], [sed])
56 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
57 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
58 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
59 AC_PATH_PROG([SH], [bash])
60 AC_PATH_PROG([SH], [ksh])
61 AC_PATH_PROG([SH], [sh])
62 AC_PATH_PROG([GROFF], [groff])
63 AC_PATH_PROG([NROFF], [nroff awf])
64 AC_PATH_PROG([MANDOC], [mandoc])
65 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
66 AC_SUBST([TEST_SHELL], [sh])
68 dnl select manpage formatter to be used to build "cat" format pages.
69 if test "x$MANDOC" != "x" ; then
71 elif test "x$NROFF" != "x" ; then
72 MANFMT="$NROFF -mandoc"
73 elif test "x$GROFF" != "x" ; then
74 MANFMT="$GROFF -mandoc -Tascii"
76 AC_MSG_WARN([no manpage formatter found])
82 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
83 [/usr/sbin${PATH_SEPARATOR}/etc])
84 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
85 [/usr/sbin${PATH_SEPARATOR}/etc])
86 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
87 if test -x /sbin/sh; then
88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
96 if test -z "$AR" ; then
97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
100 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
101 if test ! -z "$PATH_PASSWD_PROG" ; then
102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
103 [Full path of your "passwd" program])
106 dnl Since autoconf doesn't support it very well, we no longer allow users to
107 dnl override LD, however keeping the hook here for now in case there's a use
108 dnl use case we overlooked and someone needs to re-enable it. Unless a good
109 dnl reason is found we'll be removing this in future.
115 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
116 AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
117 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
118 #include <sys/types.h>
119 #include <sys/param.h>
120 #include <dev/systrace.h>
122 AC_CHECK_DECL([RLIMIT_NPROC],
123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
124 #include <sys/types.h>
125 #include <sys/resource.h>
127 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
128 #include <sys/types.h>
129 #include <linux/prctl.h>
133 AC_ARG_WITH([openssl],
134 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
135 [ if test "x$withval" = "xno" ; then
140 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
141 if test "x$openssl" = "xyes" ; then
143 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
148 use_stack_protector=1
149 use_toolchain_hardening=1
150 AC_ARG_WITH([stackprotect],
151 [ --without-stackprotect Don't use compiler's stack protection], [
152 if test "x$withval" = "xno"; then
153 use_stack_protector=0
155 AC_ARG_WITH([hardening],
156 [ --without-hardening Don't use toolchain hardening flags], [
157 if test "x$withval" = "xno"; then
158 use_toolchain_hardening=0
161 # We use -Werror for the tests only so that we catch warnings like "this is
162 # on by default" for things like -fPIE.
163 AC_MSG_CHECKING([if $CC supports -Werror])
164 saved_CFLAGS="$CFLAGS"
165 CFLAGS="$CFLAGS -Werror"
166 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
167 [ AC_MSG_RESULT([yes])
169 [ AC_MSG_RESULT([no])
172 CFLAGS="$saved_CFLAGS"
174 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
175 OSSH_CHECK_CFLAG_COMPILE([-pipe])
176 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
177 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
178 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
179 OSSH_CHECK_CFLAG_COMPILE([-Wall])
180 OSSH_CHECK_CFLAG_COMPILE([-Wextra])
181 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
182 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
183 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
184 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
185 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
186 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
187 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
188 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
189 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
190 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
191 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
192 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
193 if test "x$use_toolchain_hardening" = "x1"; then
194 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
195 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
196 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
197 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
198 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
199 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
200 # NB. -ftrapv expects certain support functions to be present in
201 # the compiler library (libgcc or similar) to detect integer operations
202 # that can overflow. We must check that the result of enabling it
203 # actually links. The test program compiled/linked includes a number
204 # of integer operations that should exercise this.
205 OSSH_CHECK_CFLAG_LINK([-ftrapv])
206 OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all])
207 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
209 AC_MSG_CHECKING([gcc version])
210 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
212 1.*) no_attrib_nonnull=1 ;;
216 2.*) no_attrib_nonnull=1 ;;
219 AC_MSG_RESULT([$GCC_VER])
221 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
222 saved_CFLAGS="$CFLAGS"
223 CFLAGS="$CFLAGS -fno-builtin-memset"
224 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
225 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
226 [ AC_MSG_RESULT([yes]) ],
227 [ AC_MSG_RESULT([no])
228 CFLAGS="$saved_CFLAGS" ]
231 # -fstack-protector-all doesn't always work for some GCC versions
232 # and/or platforms, so we test if we can. If it's not supported
233 # on a given platform gcc will emit a warning so we use -Werror.
234 if test "x$use_stack_protector" = "x1"; then
235 for t in -fstack-protector-strong -fstack-protector-all \
236 -fstack-protector; do
237 AC_MSG_CHECKING([if $CC supports $t])
238 saved_CFLAGS="$CFLAGS"
239 saved_LDFLAGS="$LDFLAGS"
240 CFLAGS="$CFLAGS $t -Werror"
241 LDFLAGS="$LDFLAGS $t -Werror"
245 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
249 snprintf(x, sizeof(x), "XXX%d", func(1));
251 [ AC_MSG_RESULT([yes])
252 CFLAGS="$saved_CFLAGS $t"
253 LDFLAGS="$saved_LDFLAGS $t"
254 AC_MSG_CHECKING([if $t works])
258 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
262 snprintf(x, sizeof(x), "XXX%d", func(1));
264 [ AC_MSG_RESULT([yes])
266 [ AC_MSG_RESULT([no]) ],
267 [ AC_MSG_WARN([cross compiling: cannot test])
271 [ AC_MSG_RESULT([no]) ]
273 CFLAGS="$saved_CFLAGS"
274 LDFLAGS="$saved_LDFLAGS"
278 if test -z "$have_llong_max"; then
279 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
280 unset ac_cv_have_decl_LLONG_MAX
281 saved_CFLAGS="$CFLAGS"
282 CFLAGS="$CFLAGS -std=gnu99"
283 AC_CHECK_DECL([LLONG_MAX],
285 [CFLAGS="$saved_CFLAGS"],
286 [#include <limits.h>]
291 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
295 __attribute__((__unused__)) static void foo(void){return;}]],
297 [ AC_MSG_RESULT([yes]) ],
298 [ AC_MSG_RESULT([no])
299 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
300 [compiler does not accept __attribute__ on return types]) ]
303 AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
307 typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
309 [ AC_MSG_RESULT([yes]) ],
310 [ AC_MSG_RESULT([no])
311 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
312 [compiler does not accept __attribute__ on prototype args]) ]
315 AC_MSG_CHECKING([if compiler supports variable length arrays])
317 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
318 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
319 [ AC_MSG_RESULT([yes])
320 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
321 [compiler supports variable length arrays]) ],
322 [ AC_MSG_RESULT([no]) ]
325 AC_MSG_CHECKING([if compiler accepts variable declarations after code])
327 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
328 [[ int a; a = 1; int b = 1; exit(a-b); ]])],
329 [ AC_MSG_RESULT([yes])
330 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
331 [compiler variable declarations after code]) ],
332 [ AC_MSG_RESULT([no]) ]
335 if test "x$no_attrib_nonnull" != "x1" ; then
336 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
340 [ --without-rpath Disable auto-added -R linker paths],
342 if test "x$withval" = "xno" ; then
344 elif test "x$withval" = "xyes" ; then
352 # Allow user to specify flags
353 AC_ARG_WITH([cflags],
354 [ --with-cflags Specify additional flags to pass to compiler],
356 if test -n "$withval" && test "x$withval" != "xno" && \
357 test "x${withval}" != "xyes"; then
358 CFLAGS="$CFLAGS $withval"
363 AC_ARG_WITH([cflags-after],
364 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
366 if test -n "$withval" && test "x$withval" != "xno" && \
367 test "x${withval}" != "xyes"; then
368 CFLAGS_AFTER="$withval"
372 AC_ARG_WITH([cppflags],
373 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
375 if test -n "$withval" && test "x$withval" != "xno" && \
376 test "x${withval}" != "xyes"; then
377 CPPFLAGS="$CPPFLAGS $withval"
381 AC_ARG_WITH([ldflags],
382 [ --with-ldflags Specify additional flags to pass to linker],
384 if test -n "$withval" && test "x$withval" != "xno" && \
385 test "x${withval}" != "xyes"; then
386 LDFLAGS="$LDFLAGS $withval"
390 AC_ARG_WITH([ldflags-after],
391 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
393 if test -n "$withval" && test "x$withval" != "xno" && \
394 test "x${withval}" != "xyes"; then
395 LDFLAGS_AFTER="$withval"
400 [ --with-libs Specify additional libraries to link with],
402 if test -n "$withval" && test "x$withval" != "xno" && \
403 test "x${withval}" != "xyes"; then
404 LIBS="$LIBS $withval"
408 AC_ARG_WITH([Werror],
409 [ --with-Werror Build main code with -Werror],
411 if test -n "$withval" && test "x$withval" != "xno"; then
412 werror_flags="-Werror"
413 if test "x${withval}" != "xyes"; then
414 werror_flags="$withval"
454 security/pam_appl.h \
501 # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
502 # to be included first.
503 AC_CHECK_HEADERS([sys/audit.h], [], [], [
504 #ifdef HAVE_SYS_TIME_H
505 # include <sys/time.h>
507 #ifdef HAVE_SYS_TYPES_H
508 # include <sys/types.h>
510 #ifdef HAVE_SYS_LABEL_H
511 # include <sys/label.h>
515 # sys/capsicum.h requires sys/types.h
516 AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [
517 #ifdef HAVE_SYS_TYPES_H
518 # include <sys/types.h>
522 AC_MSG_CHECKING([for caph_cache_tzdata])
524 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]],
525 [[caph_cache_tzdata();]])],
528 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1],
529 [Define if you have caph_cache_tzdata])
531 [ AC_MSG_RESULT([no]) ]
534 # net/route.h requires sys/socket.h and sys/types.h.
535 # sys/sysctl.h also requires sys/param.h
536 AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
537 #ifdef HAVE_SYS_TYPES_H
538 # include <sys/types.h>
540 #include <sys/param.h>
541 #include <sys/socket.h>
544 # lastlog.h requires sys/time.h to be included first on Solaris
545 AC_CHECK_HEADERS([lastlog.h], [], [], [
546 #ifdef HAVE_SYS_TIME_H
547 # include <sys/time.h>
551 # sys/ptms.h requires sys/stream.h to be included first on Solaris
552 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
553 #ifdef HAVE_SYS_STREAM_H
554 # include <sys/stream.h>
558 # login_cap.h requires sys/types.h on NetBSD
559 AC_CHECK_HEADERS([login_cap.h], [], [], [
560 #include <sys/types.h>
563 # older BSDs need sys/param.h before sys/mount.h
564 AC_CHECK_HEADERS([sys/mount.h], [], [], [
565 #include <sys/param.h>
568 # Android requires sys/socket.h to be included before sys/un.h
569 AC_CHECK_HEADERS([sys/un.h], [], [], [
570 #include <sys/types.h>
571 #include <sys/socket.h>
574 # Messages for features tested for in target-specific section
580 # Support for Solaris/Illumos privileges (this test is used by both
581 # the --with-solaris-privs option and --with-sandbox=solaris).
584 # Check for some target-specific stuff
587 # Some versions of VAC won't allow macro redefinitions at
588 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
589 # particularly with older versions of vac or xlc.
590 # It also throws errors about null macro arguments, but these are
592 AC_MSG_CHECKING([if compiler allows macro redefinitions])
595 #define testmacro foo
596 #define testmacro bar]],
598 [ AC_MSG_RESULT([yes]) ],
599 [ AC_MSG_RESULT([no])
600 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
601 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
602 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
606 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
607 if (test -z "$blibpath"); then
608 blibpath="/usr/lib:/lib"
610 saved_LDFLAGS="$LDFLAGS"
611 if test "$GCC" = "yes"; then
612 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
614 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
616 for tryflags in $flags ;do
617 if (test -z "$blibflags"); then
618 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
619 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
620 [blibflags=$tryflags], [])
623 if (test -z "$blibflags"); then
624 AC_MSG_RESULT([not found])
625 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
627 AC_MSG_RESULT([$blibflags])
629 LDFLAGS="$saved_LDFLAGS"
630 dnl Check for authenticate. Might be in libs.a on older AIXes
631 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
632 [Define if you want to enable AIX4's authenticate function])],
633 [AC_CHECK_LIB([s], [authenticate],
634 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
638 dnl Check for various auth function declarations in headers.
639 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
640 passwdexpired, setauthdb], , , [#include <usersec.h>])
641 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
642 AC_CHECK_DECLS([loginfailed],
643 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
644 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
645 [[ (void)loginfailed("user","host","tty",0); ]])],
646 [AC_MSG_RESULT([yes])
647 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
648 [Define if your AIX loginfailed() function
649 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
652 [#include <usersec.h>]
654 AC_CHECK_FUNCS([getgrset setauthdb])
655 AC_CHECK_DECL([F_CLOSEM],
656 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
658 [ #include <limits.h>
661 check_for_aix_broken_getaddrinfo=1
662 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
663 [Define if your platform breaks doing a seteuid before a setuid])
664 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
665 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
666 dnl AIX handles lastlog as part of its login message
667 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
668 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
669 [Some systems need a utmpx entry for /bin/login to work])
670 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
671 [Define to a Set Process Title type if your system is
672 supported by bsd-setproctitle.c])
673 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
674 [AIX 5.2 and 5.3 (and presumably newer) require this])
675 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
676 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
677 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
678 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
681 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
682 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
685 LIBS="$LIBS /usr/lib/textreadmode.o"
686 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
687 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
688 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
689 [Define to disable UID restoration test])
690 AC_DEFINE([DISABLE_SHADOW], [1],
691 [Define if you want to disable shadow passwords])
692 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
693 [Define if X11 doesn't support AF_UNIX sockets on that system])
694 AC_DEFINE([DISABLE_FD_PASSING], [1],
695 [Define if your platform needs to skip post auth
696 file descriptor passing])
697 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
698 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
699 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
700 # reasons which cause compile warnings, so we disable those warnings.
701 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
704 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
705 [Define if your system choked on IP TOS setting])
706 AC_DEFINE([SETEUID_BREAKS_SETUID])
707 AC_DEFINE([BROKEN_SETREUID])
708 AC_DEFINE([BROKEN_SETREGID])
712 AC_MSG_CHECKING([if we have working getaddrinfo])
713 AC_RUN_IFELSE([AC_LANG_SOURCE([[
714 #include <mach-o/dyld.h>
716 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
722 [AC_MSG_RESULT([working])],
723 [AC_MSG_RESULT([buggy])
724 AC_DEFINE([BROKEN_GETADDRINFO], [1],
725 [getaddrinfo is broken (if present)])
727 [AC_MSG_RESULT([assume it is working])])
728 AC_DEFINE([SETEUID_BREAKS_SETUID])
729 AC_DEFINE([BROKEN_SETREUID])
730 AC_DEFINE([BROKEN_SETREGID])
731 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
732 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
733 [Define if your resolver libs need this for getrrsetbyname])
734 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
735 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
736 [Use tunnel device compatibility to OpenBSD])
737 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
738 [Prepend the address family to IP tunnel traffic])
739 m4_pattern_allow([AU_IPv])
740 AC_CHECK_DECL([AU_IPv4], [],
741 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
742 [#include <bsm/audit.h>]
743 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
744 [Define if pututxline updates lastlog too])
746 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
747 [Define to a Set Process Title type if your system is
748 supported by bsd-setproctitle.c])
749 AC_CHECK_FUNCS([sandbox_init])
750 AC_CHECK_HEADERS([sandbox.h])
751 AC_CHECK_LIB([sandbox], [sandbox_apply], [
752 SSHDLIBS="$SSHDLIBS -lsandbox"
754 # proc_pidinfo()-based closefrom() replacement.
755 AC_CHECK_HEADERS([libproc.h])
756 AC_CHECK_FUNCS([proc_pidinfo])
757 # poll(2) is broken for character-special devices (at least).
758 # cf. Apple bug 3710161 (not public, but searchable)
759 AC_DEFINE([BROKEN_POLL], [1],
760 [System poll(2) implementation is broken])
764 TEST_MALLOC_OPTIONS="AFGJPRX"
768 CFLAGS="$CFLAGS -D_BSD_SOURCE"
769 AC_CHECK_LIB([network], [socket])
770 AC_DEFINE([HAVE_U_INT64_T])
771 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
775 # first we define all of the options common to all HP-UX releases
776 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
777 IPADDR_IN_DISPLAY=yes
778 AC_DEFINE([USE_PIPES])
779 AC_DEFINE([LOGIN_NEEDS_UTMPX])
780 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
781 [String used in /etc/passwd to denote locked account])
782 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
783 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
786 AC_CHECK_LIB([xnet], [t_error], ,
787 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
789 # next, we define all of the options specific to major releases
792 if test -z "$GCC"; then
795 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect])
798 AC_DEFINE([PAM_SUN_CODEBASE], [1],
799 [Define if you are using Solaris-derived PAM which
800 passes pam_messages to the conversation function
801 with an extra level of indirection])
802 AC_DEFINE([DISABLE_UTMP], [1],
803 [Define if you don't want to use utmp])
804 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
805 check_for_hpux_broken_getaddrinfo=1
806 check_for_conflicting_getspnam=1
810 # lastly, we define options specific to minor releases
813 AC_DEFINE([HAVE_SECUREWARE], [1],
814 [Define if you have SecureWare-based
815 protected password database])
816 disable_ptmx_check=yes
822 PATH="$PATH:/usr/etc"
823 AC_DEFINE([BROKEN_INET_NTOA], [1],
824 [Define if you system's inet_ntoa is busted
825 (e.g. Irix gcc issue)])
826 AC_DEFINE([SETEUID_BREAKS_SETUID])
827 AC_DEFINE([BROKEN_SETREUID])
828 AC_DEFINE([BROKEN_SETREGID])
829 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
830 [Define if you shouldn't strip 'tty' from your
832 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
835 PATH="$PATH:/usr/etc"
836 AC_DEFINE([WITH_IRIX_ARRAY], [1],
837 [Define if you have/want arrays
838 (cluster-wide session management, not C arrays)])
839 AC_DEFINE([WITH_IRIX_PROJECT], [1],
840 [Define if you want IRIX project management])
841 AC_DEFINE([WITH_IRIX_AUDIT], [1],
842 [Define if you want IRIX audit trails])
843 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
844 [Define if you want IRIX kernel jobs])])
845 AC_DEFINE([BROKEN_INET_NTOA])
846 AC_DEFINE([SETEUID_BREAKS_SETUID])
847 AC_DEFINE([BROKEN_SETREUID])
848 AC_DEFINE([BROKEN_SETREGID])
849 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
850 AC_DEFINE([WITH_ABBREV_NO_TTY])
851 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
853 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
854 AC_DEFINE([PAM_TTY_KLUDGE])
855 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
856 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
857 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
858 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
863 check_for_openpty_ctty_bug=1
864 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
865 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
866 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
867 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
868 AC_DEFINE([PAM_TTY_KLUDGE], [1],
869 [Work around problematic Linux PAM modules handling of PAM_TTY])
870 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
871 [String used in /etc/passwd to denote locked account])
872 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
873 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
874 [Define to whatever link() returns for "not supported"
875 if it doesn't return EOPNOTSUPP.])
876 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
877 AC_DEFINE([USE_BTMP])
878 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
879 inet6_default_4in6=yes
882 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
883 [Define if cmsg_type is not passed correctly])
886 # tun(4) forwarding compat code
887 AC_CHECK_HEADERS([linux/if_tun.h])
888 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
889 AC_DEFINE([SSH_TUN_LINUX], [1],
890 [Open tunnel devices the Linux tun/tap way])
891 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
892 [Use tunnel device compatibility to OpenBSD])
893 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
894 [Prepend the address family to IP tunnel traffic])
896 AC_CHECK_HEADER([linux/if.h],
897 AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
898 [Support routing domains using Linux VRF]), [], [
899 #ifdef HAVE_SYS_TYPES_H
900 # include <sys/types.h>
903 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
904 [], [#include <linux/types.h>])
908 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
909 #if _MIPS_SIM != _ABIO32
912 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
913 #if _MIPS_SIM != _ABIN32
916 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
917 #if _MIPS_SIM != _ABI64
920 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
926 AC_MSG_CHECKING([for seccomp architecture])
930 seccomp_audit_arch=AUDIT_ARCH_X86_64
933 seccomp_audit_arch=AUDIT_ARCH_I386
936 seccomp_audit_arch=AUDIT_ARCH_ARM
939 seccomp_audit_arch=AUDIT_ARCH_AARCH64
942 seccomp_audit_arch=AUDIT_ARCH_S390X
945 seccomp_audit_arch=AUDIT_ARCH_S390
948 seccomp_audit_arch=AUDIT_ARCH_PPC
951 seccomp_audit_arch=AUDIT_ARCH_PPC64
954 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
957 seccomp_audit_arch=AUDIT_ARCH_MIPS
960 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
965 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
968 seccomp_audit_arch=AUDIT_ARCH_MIPS64
975 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
978 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
983 seccomp_audit_arch=AUDIT_ARCH_RISCV64
986 if test "x$seccomp_audit_arch" != "x" ; then
987 AC_MSG_RESULT(["$seccomp_audit_arch"])
988 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
989 [Specify the system call convention in use])
991 AC_MSG_RESULT([architecture not supported])
995 AC_DEFINE([SETEUID_BREAKS_SETUID])
996 # poll(2) seems to choke on /dev/null; "Bad file descriptor"
997 AC_DEFINE([BROKEN_POLL], [1],
998 [System poll(2) implementation is broken])
1000 mips-sony-bsd|mips-sony-newsos4)
1001 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
1005 if test "x$withval" != "xno" ; then
1008 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1009 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1010 AC_CHECK_HEADER([net/if_tap.h], ,
1011 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1012 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
1013 [Prepend the address family to IP tunnel traffic])
1014 TEST_MALLOC_OPTIONS="AJRX"
1015 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
1016 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
1019 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
1020 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1021 AC_CHECK_HEADER([net/if_tap.h], ,
1022 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1023 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
1024 TEST_MALLOC_OPTIONS="AJRX"
1025 # Preauth crypto occasionally uses file descriptors for crypto offload
1026 # and will crash if they cannot be opened.
1027 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
1028 [define if setrlimit RLIMIT_NOFILE breaks things])
1030 *-*-freebsd9.*|*-*-freebsd10.*)
1031 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1032 disable_capsicum=yes
1036 AC_DEFINE([SETEUID_BREAKS_SETUID])
1037 AC_DEFINE([BROKEN_SETREUID])
1038 AC_DEFINE([BROKEN_SETREGID])
1041 conf_lastlog_location="/usr/adm/lastlog"
1042 conf_utmp_location=/etc/utmp
1043 conf_wtmp_location=/usr/adm/wtmp
1044 maildir=/usr/spool/mail
1045 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
1046 AC_DEFINE([USE_PIPES])
1047 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
1051 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
1052 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
1053 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
1054 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
1055 [syslog_r function is safe to use in in a signal handler])
1056 TEST_MALLOC_OPTIONS="AFGJPRX"
1059 if test "x$withval" != "xno" ; then
1062 AC_DEFINE([PAM_SUN_CODEBASE])
1063 AC_DEFINE([LOGIN_NEEDS_UTMPX])
1064 AC_DEFINE([PAM_TTY_KLUDGE])
1065 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
1066 [Define if pam_chauthtok wants real uid set
1067 to the unpriv'ed user])
1068 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1069 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
1070 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
1071 [Define if sshd somehow reacquires a controlling TTY
1073 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
1074 in case the name is longer than 8 chars])
1075 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
1076 external_path_file=/etc/default/login
1077 # hardwire lastlog location (can't detect it on some versions)
1078 conf_lastlog_location="/var/adm/lastlog"
1079 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
1080 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1081 if test "$sol2ver" -ge 8; then
1082 AC_MSG_RESULT([yes])
1083 AC_DEFINE([DISABLE_UTMP])
1084 AC_DEFINE([DISABLE_WTMP], [1],
1085 [Define if you don't want to use wtmp])
1089 AC_CHECK_FUNCS([setpflags])
1090 AC_CHECK_FUNCS([setppriv])
1091 AC_CHECK_FUNCS([priv_basicset])
1092 AC_CHECK_HEADERS([priv.h])
1093 AC_ARG_WITH([solaris-contracts],
1094 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1096 AC_CHECK_LIB([contract], [ct_tmpl_activate],
1097 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1098 [Define if you have Solaris process contracts])
1099 LIBS="$LIBS -lcontract"
1103 AC_ARG_WITH([solaris-projects],
1104 [ --with-solaris-projects Enable Solaris projects (experimental)],
1106 AC_CHECK_LIB([project], [setproject],
1107 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1108 [Define if you have Solaris projects])
1109 LIBS="$LIBS -lproject"
1113 AC_ARG_WITH([solaris-privs],
1114 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1116 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1117 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1118 "x$ac_cv_header_priv_h" = "xyes" ; then
1120 AC_MSG_RESULT([found])
1121 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1122 [Define to disable UID restoration test])
1123 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1124 [Define if you have Solaris privileges])
1127 AC_MSG_RESULT([not found])
1128 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1132 TEST_SHELL=$SHELL # let configure find us a capable shell
1135 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1136 AC_CHECK_FUNCS([getpwanam])
1137 AC_DEFINE([PAM_SUN_CODEBASE])
1138 conf_utmp_location=/etc/utmp
1139 conf_wtmp_location=/var/adm/wtmp
1140 conf_lastlog_location=/var/adm/lastlog
1141 AC_DEFINE([USE_PIPES])
1142 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1146 AC_DEFINE([USE_PIPES])
1147 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1148 AC_DEFINE([SETEUID_BREAKS_SETUID])
1149 AC_DEFINE([BROKEN_SETREUID])
1150 AC_DEFINE([BROKEN_SETREGID])
1153 # /usr/ucblib MUST NOT be searched on ReliantUNIX
1154 AC_CHECK_LIB([dl], [dlsym], ,)
1155 # -lresolv needs to be at the end of LIBS or DNS lookups break
1156 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1157 IPADDR_IN_DISPLAY=yes
1158 AC_DEFINE([USE_PIPES])
1159 AC_DEFINE([IP_TOS_IS_BROKEN])
1160 AC_DEFINE([SETEUID_BREAKS_SETUID])
1161 AC_DEFINE([BROKEN_SETREUID])
1162 AC_DEFINE([BROKEN_SETREGID])
1163 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1164 external_path_file=/etc/default/login
1165 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1166 # Attention: always take care to bind libsocket and libnsl before libc,
1167 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1169 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1171 AC_DEFINE([USE_PIPES])
1172 AC_DEFINE([SETEUID_BREAKS_SETUID])
1173 AC_DEFINE([BROKEN_SETREUID])
1174 AC_DEFINE([BROKEN_SETREGID])
1175 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1176 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1177 TEST_SHELL=$SHELL # let configure find us a capable shell
1179 # UnixWare 7.x, OpenUNIX 8
1181 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1182 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1183 AC_DEFINE([USE_PIPES])
1184 AC_DEFINE([SETEUID_BREAKS_SETUID])
1185 AC_DEFINE([BROKEN_GETADDRINFO])
1186 AC_DEFINE([BROKEN_SETREUID])
1187 AC_DEFINE([BROKEN_SETREGID])
1188 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1189 AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1190 TEST_SHELL=$SHELL # let configure find us a capable shell
1192 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1193 maildir=/var/spool/mail
1194 AC_DEFINE([BROKEN_UPDWTMPX])
1195 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1196 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1199 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1205 # SCO UNIX and OEM versions of SCO UNIX
1207 AC_MSG_ERROR("This Platform is no longer supported.")
1209 # SCO OpenServer 5.x
1211 if test -z "$GCC"; then
1212 CFLAGS="$CFLAGS -belf"
1214 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1216 AC_DEFINE([USE_PIPES])
1217 AC_DEFINE([HAVE_SECUREWARE])
1218 AC_DEFINE([DISABLE_SHADOW])
1219 AC_DEFINE([DISABLE_FD_PASSING])
1220 AC_DEFINE([SETEUID_BREAKS_SETUID])
1221 AC_DEFINE([BROKEN_GETADDRINFO])
1222 AC_DEFINE([BROKEN_SETREUID])
1223 AC_DEFINE([BROKEN_SETREGID])
1224 AC_DEFINE([WITH_ABBREV_NO_TTY])
1225 AC_DEFINE([BROKEN_UPDWTMPX])
1226 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1227 AC_CHECK_FUNCS([getluid setluid])
1229 TEST_SHELL=$SHELL # let configure find us a capable shell
1230 SKIP_DISABLE_LASTLOG_DEFINE=yes
1233 AC_MSG_CHECKING([for Digital Unix SIA])
1235 AC_ARG_WITH([osfsia],
1236 [ --with-osfsia Enable Digital Unix SIA],
1238 if test "x$withval" = "xno" ; then
1239 AC_MSG_RESULT([disabled])
1244 if test -z "$no_osfsia" ; then
1245 if test -f /etc/sia/matrix.conf; then
1246 AC_MSG_RESULT([yes])
1247 AC_DEFINE([HAVE_OSF_SIA], [1],
1248 [Define if you have Digital Unix Security
1249 Integration Architecture])
1250 AC_DEFINE([DISABLE_LOGIN], [1],
1251 [Define if you don't want to use your
1252 system's login() call])
1253 AC_DEFINE([DISABLE_FD_PASSING])
1254 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1258 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1259 [String used in /etc/passwd to denote locked account])
1262 AC_DEFINE([BROKEN_GETADDRINFO])
1263 AC_DEFINE([SETEUID_BREAKS_SETUID])
1264 AC_DEFINE([BROKEN_SETREUID])
1265 AC_DEFINE([BROKEN_SETREGID])
1266 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1270 AC_DEFINE([USE_PIPES])
1271 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1272 AC_DEFINE([DISABLE_LASTLOG])
1273 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1274 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1275 enable_etc_default_login=no # has incompatible /etc/default/login
1278 AC_DEFINE([DISABLE_FD_PASSING])
1284 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1285 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1286 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1287 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1288 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1289 # don't get a controlling tty.
1290 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1291 # On Ultrix some headers are not protected against multiple includes,
1292 # so we create wrappers and put it where the compiler will find it.
1293 AC_MSG_WARN([creating compat wrappers for headers])
1295 for header in netinet/ip.h netdb.h resolv.h; do
1296 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1298 #ifndef _SSH_COMPAT_${name}
1299 #define _SSH_COMPAT_${name}
1300 #include "/usr/include/${header}"
1307 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1308 AC_DEFINE([BROKEN_SETVBUF], [1],
1309 [LynxOS has broken setvbuf() implementation])
1313 AC_MSG_CHECKING([compiler and flags for sanity])
1314 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
1315 [ AC_MSG_RESULT([yes]) ],
1318 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1320 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1323 dnl Checks for header files.
1324 # Checks for libraries.
1325 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1327 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1328 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1329 AC_CHECK_LIB([gen], [dirname], [
1330 AC_CACHE_CHECK([for broken dirname],
1331 ac_cv_have_broken_dirname, [
1340 int main(int argc, char **argv) {
1343 strncpy(buf,"/etc", 32);
1345 if (!s || strncmp(s, "/", 32) != 0) {
1352 [ ac_cv_have_broken_dirname="no" ],
1353 [ ac_cv_have_broken_dirname="yes" ],
1354 [ ac_cv_have_broken_dirname="no" ],
1358 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1360 AC_DEFINE([HAVE_DIRNAME])
1361 AC_CHECK_HEADERS([libgen.h])
1366 AC_CHECK_FUNC([getspnam], ,
1367 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1368 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1369 [Define if you have the basename function.])])
1371 dnl zlib defaults to enabled
1374 [ --with-zlib=PATH Use zlib in PATH],
1375 [ if test "x$withval" = "xno" ; then
1377 elif test "x$withval" != "xyes"; then
1378 if test -d "$withval/lib"; then
1379 if test -n "${rpath_opt}"; then
1380 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1382 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1385 if test -n "${rpath_opt}"; then
1386 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1388 LDFLAGS="-L${withval} ${LDFLAGS}"
1391 if test -d "$withval/include"; then
1392 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1394 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1399 # These libraries are needed for anything that links in the channel code.
1401 AC_MSG_CHECKING([for zlib])
1402 if test "x${zlib}" = "xno"; then
1406 CHANNELLIBS="$CHANNELLIBS -lz"
1407 AC_MSG_RESULT([yes])
1408 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1409 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1410 AC_CHECK_LIB([z], [deflate], [],
1412 saved_CPPFLAGS="$CPPFLAGS"
1413 saved_LDFLAGS="$LDFLAGS"
1414 dnl Check default zlib install dir
1415 if test -n "${rpath_opt}"; then
1416 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1418 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1420 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1421 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1423 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1429 AC_ARG_WITH([zlib-version-check],
1430 [ --without-zlib-version-check Disable zlib version check],
1431 [ if test "x$withval" = "xno" ; then
1432 zlib_check_nonfatal=1
1437 AC_MSG_CHECKING([for possibly buggy zlib])
1438 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1444 int a=0, b=0, c=0, d=0, n, v;
1445 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1446 if (n != 3 && n != 4)
1448 v = a*1000000 + b*10000 + c*100 + d;
1449 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1452 if (a == 1 && b == 1 && c >= 4)
1455 /* 1.2.3 and up are OK */
1461 AC_MSG_RESULT([no]),
1462 [ AC_MSG_RESULT([yes])
1463 if test -z "$zlib_check_nonfatal" ; then
1464 AC_MSG_ERROR([*** zlib too old - check config.log ***
1465 Your reported zlib version has known security problems. It's possible your
1466 vendor has fixed these problems without changing the version number. If you
1467 are sure this is the case, you can disable the check by running
1468 "./configure --without-zlib-version-check".
1469 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1470 See http://www.gzip.org/zlib/ for details.])
1472 AC_MSG_WARN([zlib version may have security problems])
1475 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1481 AC_CHECK_FUNC([strcasecmp],
1482 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1484 AC_CHECK_FUNCS([utimes],
1485 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1486 LIBS="$LIBS -lc89"]) ]
1489 dnl Checks for libutil functions
1490 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1491 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1492 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1493 AC_SEARCH_LIBS([login], [util bsd])
1494 AC_SEARCH_LIBS([logout], [util bsd])
1495 AC_SEARCH_LIBS([logwtmp], [util bsd])
1496 AC_SEARCH_LIBS([openpty], [util bsd])
1497 AC_SEARCH_LIBS([updwtmp], [util bsd])
1498 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1500 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1502 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1503 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1505 # Some Linux distribtions ship the BSD libc hashing functions in
1506 # separate libraries.
1507 AC_SEARCH_LIBS([SHA256Update], [md bsd])
1509 # "Particular Function Checks"
1510 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1514 # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1515 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1518 [[ #include <stdlib.h> ]],
1519 [[ void *p = calloc(0, 1); exit(p == NULL); ]]
1521 [ func_calloc_0_nonnull=yes ],
1522 [ func_calloc_0_nonnull=no ],
1523 [ AC_MSG_WARN([cross compiling: assuming same as malloc])
1524 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1526 AC_MSG_RESULT([$func_calloc_0_nonnull])
1528 if test "x$func_calloc_0_nonnull" = "xyes"; then
1529 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1531 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1532 AC_DEFINE(calloc, rpl_calloc,
1533 [Define to rpl_calloc if the replacement function should be used.])
1536 # Check for ALTDIRFUNC glob() extension
1537 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1538 AC_EGREP_CPP([FOUNDIT],
1541 #ifdef GLOB_ALTDIRFUNC
1546 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1547 [Define if your system glob() function has
1548 the GLOB_ALTDIRFUNC extension])
1549 AC_MSG_RESULT([yes])
1556 # Check for g.gl_matchc glob() extension
1557 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1558 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1559 [[ glob_t g; g.gl_matchc = 1; ]])],
1561 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1562 [Define if your system glob() function has
1563 gl_matchc options in glob_t])
1564 AC_MSG_RESULT([yes])
1569 # Check for g.gl_statv glob() extension
1570 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1571 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1572 #ifndef GLOB_KEEPSTAT
1573 #error "glob does not support GLOB_KEEPSTAT extension"
1579 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1580 [Define if your system glob() function has
1581 gl_statv options in glob_t])
1582 AC_MSG_RESULT([yes])
1588 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1590 AC_CHECK_DECL([VIS_ALL], ,
1591 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1593 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1596 #include <sys/types.h>
1602 exit(sizeof(d.d_name)<=sizeof(char));
1604 [AC_MSG_RESULT([yes])],
1607 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1608 [Define if your struct dirent expects you to
1609 allocate extra space for d_name])
1612 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1613 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1617 AC_MSG_CHECKING([for /proc/pid/fd directory])
1618 if test -d "/proc/$$/fd" ; then
1619 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1620 AC_MSG_RESULT([yes])
1625 # Check whether user wants TCP wrappers support
1627 AC_ARG_WITH([tcp-wrappers],
1628 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1630 if test "x$withval" != "xno" ; then
1632 saved_LDFLAGS="$LDFLAGS"
1633 saved_CPPFLAGS="$CPPFLAGS"
1634 if test -n "${withval}" && \
1635 test "x${withval}" != "xyes"; then
1636 if test -d "${withval}/lib"; then
1637 if test -n "${need_dash_r}"; then
1638 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1640 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1643 if test -n "${need_dash_r}"; then
1644 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1646 LDFLAGS="-L${withval} ${LDFLAGS}"
1649 if test -d "${withval}/include"; then
1650 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1652 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1656 AC_MSG_CHECKING([for libwrap])
1657 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1658 #include <sys/types.h>
1659 #include <sys/socket.h>
1660 #include <netinet/in.h>
1662 int deny_severity = 0, allow_severity = 0;
1666 AC_MSG_RESULT([yes])
1667 AC_DEFINE([LIBWRAP], [1],
1669 TCP Wrappers support])
1670 SSHDLIBS="$SSHDLIBS -lwrap"
1673 AC_MSG_ERROR([*** libwrap missing])
1680 # Check whether user wants to use ldns
1683 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1686 if test "x$withval" = "xyes" ; then
1687 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1688 if test "x$LDNSCONFIG" = "xno"; then
1692 LIBS="$LIBS `$LDNSCONFIG --libs`"
1693 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1696 elif test "x$withval" != "xno" ; then
1697 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1698 LDFLAGS="$LDFLAGS -L${withval}/lib"
1703 # Verify that it works.
1704 if test "x$ldns" = "xyes" ; then
1705 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1707 AC_MSG_CHECKING([for ldns support])
1712 #ifdef HAVE_STDINT_H
1713 # include <stdint.h>
1715 #include <ldns/ldns.h>
1716 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1719 [AC_MSG_RESULT(yes)],
1722 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1727 # Check whether user wants libedit support
1729 AC_ARG_WITH([libedit],
1730 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1731 [ if test "x$withval" != "xno" ; then
1732 if test "x$withval" = "xyes" ; then
1733 if test "x$PKGCONFIG" != "xno"; then
1734 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1735 if "$PKGCONFIG" libedit; then
1736 AC_MSG_RESULT([yes])
1737 use_pkgconfig_for_libedit=yes
1743 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1744 if test -n "${rpath_opt}"; then
1745 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1747 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1750 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1751 LIBEDIT=`$PKGCONFIG --libs libedit`
1752 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1754 LIBEDIT="-ledit -lcurses"
1756 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1757 AC_CHECK_LIB([edit], [el_init],
1758 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1762 [ AC_MSG_ERROR([libedit not found]) ],
1765 AC_MSG_CHECKING([if libedit version is compatible])
1768 #include <histedit.h>
1773 el_init("", NULL, NULL, NULL);
1776 [ AC_MSG_RESULT([yes]) ],
1777 [ AC_MSG_RESULT([no])
1778 AC_MSG_ERROR([libedit version is not compatible]) ]
1784 AC_ARG_WITH([audit],
1785 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1787 AC_MSG_CHECKING([for supported audit module])
1790 AC_MSG_RESULT([bsm])
1792 dnl Checks for headers, libs and functions
1793 AC_CHECK_HEADERS([bsm/audit.h], [],
1794 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1801 AC_CHECK_LIB([bsm], [getaudit], [],
1802 [AC_MSG_ERROR([BSM enabled and required library not found])])
1803 AC_CHECK_FUNCS([getaudit], [],
1804 [AC_MSG_ERROR([BSM enabled and required function not found])])
1805 # These are optional
1806 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1807 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1808 if test "$sol2ver" -ge 11; then
1809 SSHDLIBS="$SSHDLIBS -lscf"
1810 AC_DEFINE([BROKEN_BSM_API], [1],
1811 [The system has incomplete BSM API])
1815 AC_MSG_RESULT([linux])
1817 dnl Checks for headers, libs and functions
1818 AC_CHECK_HEADERS([libaudit.h])
1819 SSHDLIBS="$SSHDLIBS -laudit"
1820 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1824 AC_MSG_RESULT([debug])
1825 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1831 AC_MSG_ERROR([Unknown audit module $withval])
1837 [ --with-pie Build Position Independent Executables if possible], [
1838 if test "x$withval" = "xno"; then
1841 if test "x$withval" = "xyes"; then
1846 if test "x$use_pie" = "x"; then
1849 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1850 # Turn off automatic PIE when toolchain hardening is off.
1853 if test "x$use_pie" = "xauto"; then
1854 # Automatic PIE requires gcc >= 4.x
1855 AC_MSG_CHECKING([for gcc >= 4.x])
1856 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1857 #if !defined(__GNUC__) || __GNUC__ < 4
1858 #error gcc is too old
1861 [ AC_MSG_RESULT([yes]) ],
1862 [ AC_MSG_RESULT([no])
1866 if test "x$use_pie" != "xno"; then
1867 SAVED_CFLAGS="$CFLAGS"
1868 SAVED_LDFLAGS="$LDFLAGS"
1869 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1870 OSSH_CHECK_LDFLAG_LINK([-pie])
1871 # We use both -fPIE and -pie or neither.
1872 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1873 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1874 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1875 AC_MSG_RESULT([yes])
1878 CFLAGS="$SAVED_CFLAGS"
1879 LDFLAGS="$SAVED_LDFLAGS"
1883 AC_MSG_CHECKING([whether -fPIC is accepted])
1884 SAVED_CFLAGS="$CFLAGS"
1885 CFLAGS="$CFLAGS -fPIC"
1887 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1888 [AC_MSG_RESULT([yes])
1890 [AC_MSG_RESULT([no])
1892 CFLAGS="$SAVED_CFLAGS"
1895 dnl Checks for library functions. Please keep in alphabetical order
1899 Blowfish_initstate \
1900 Blowfish_expandstate \
1901 Blowfish_expand0state \
1902 Blowfish_stream2word \
2041 AC_CHECK_DECLS([bzero, memmem])
2043 dnl Wide character support.
2044 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
2046 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
2047 AC_MSG_CHECKING([for utf8 locale support])
2053 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2061 AC_MSG_WARN([cross compiling: assuming yes])
2066 [[ #include <ctype.h> ]],
2067 [[ return (isblank('a')); ]])],
2068 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
2072 AC_ARG_ENABLE([pkcs11],
2073 [ --disable-pkcs11 disable PKCS#11 support code [no]],
2075 if test "x$enableval" = "xno" ; then
2082 AC_ARG_ENABLE([security-key],
2083 [ --disable-security-key disable U2F/FIDO support code [no]],
2085 if test "x$enableval" = "xno" ; then
2091 AC_ARG_WITH([security-key-builtin],
2092 [ --with-security-key-builtin include builtin U2F/FIDO support],
2093 [ enable_sk_internal=$withval ]
2096 AC_SEARCH_LIBS([dlopen], [dl])
2097 AC_CHECK_FUNCS([dlopen])
2098 AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
2100 # IRIX has a const char return value for gai_strerror()
2101 AC_CHECK_FUNCS([gai_strerror], [
2102 AC_DEFINE([HAVE_GAI_STRERROR])
2103 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2104 #include <sys/types.h>
2105 #include <sys/socket.h>
2108 const char *gai_strerror(int);
2111 str = gai_strerror(0);
2113 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
2114 [Define if gai_strerror() returns const char *])], [])])
2116 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
2117 [Some systems put nanosleep outside of libc])])
2119 AC_SEARCH_LIBS([clock_gettime], [rt],
2120 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
2122 dnl check if we need -D_REENTRANT for localtime_r declaration.
2123 AC_CHECK_DECL([localtime_r], [],
2124 [ saved_CPPFLAGS="$CPPFLAGS"
2125 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2126 unset ac_cv_have_decl_localtime_r
2127 AC_CHECK_DECL([localtime_r], [],
2128 [ CPPFLAGS="$saved_CPPFLAGS" ],
2129 [ #include <time.h> ]
2132 [ #include <time.h> ]
2135 dnl Make sure prototypes are defined for these before using them.
2136 AC_CHECK_DECL([strsep],
2137 [AC_CHECK_FUNCS([strsep])],
2140 #ifdef HAVE_STRING_H
2141 # include <string.h>
2145 dnl tcsendbreak might be a macro
2146 AC_CHECK_DECL([tcsendbreak],
2147 [AC_DEFINE([HAVE_TCSENDBREAK])],
2148 [AC_CHECK_FUNCS([tcsendbreak])],
2149 [#include <termios.h>]
2152 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2154 AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
2156 #include <sys/types.h>
2157 #include <sys/socket.h>
2161 AC_CHECK_DECLS([O_NONBLOCK], , ,
2163 #include <sys/types.h>
2164 #ifdef HAVE_SYS_STAT_H
2165 # include <sys/stat.h>
2172 AC_CHECK_DECLS([ftruncate, getentropy], , ,
2174 #include <sys/types.h>
2178 AC_CHECK_DECLS([readv, writev], , , [
2179 #include <sys/types.h>
2180 #include <sys/uio.h>
2184 AC_CHECK_DECLS([MAXSYMLINKS], , , [
2185 #include <sys/param.h>
2188 AC_CHECK_DECLS([offsetof], , , [
2192 # extra bits for select(2)
2193 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2194 #include <sys/param.h>
2195 #include <sys/types.h>
2196 #ifdef HAVE_SYS_SYSMACROS_H
2197 #include <sys/sysmacros.h>
2199 #ifdef HAVE_SYS_SELECT_H
2200 #include <sys/select.h>
2202 #ifdef HAVE_SYS_TIME_H
2203 #include <sys/time.h>
2205 #ifdef HAVE_UNISTD_H
2209 AC_CHECK_TYPES([fd_mask], [], [], [[
2210 #include <sys/param.h>
2211 #include <sys/types.h>
2212 #ifdef HAVE_SYS_SELECT_H
2213 #include <sys/select.h>
2215 #ifdef HAVE_SYS_TIME_H
2216 #include <sys/time.h>
2218 #ifdef HAVE_UNISTD_H
2223 AC_CHECK_FUNCS([setresuid], [
2224 dnl Some platorms have setresuid that isn't implemented, test for this
2225 AC_MSG_CHECKING([if setresuid seems to work])
2238 [AC_MSG_RESULT([yes])],
2239 [AC_DEFINE([BROKEN_SETRESUID], [1],
2240 [Define if your setresuid() is broken])
2241 AC_MSG_RESULT([not implemented])],
2242 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2246 AC_CHECK_FUNCS([setresgid], [
2247 dnl Some platorms have setresgid that isn't implemented, test for this
2248 AC_MSG_CHECKING([if setresgid seems to work])
2261 [AC_MSG_RESULT([yes])],
2262 [AC_DEFINE([BROKEN_SETRESGID], [1],
2263 [Define if your setresgid() is broken])
2264 AC_MSG_RESULT([not implemented])],
2265 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2269 AC_MSG_CHECKING([for working fflush(NULL)])
2275 [[fflush(NULL); exit(0);]])],
2276 AC_MSG_RESULT([yes]),
2277 [AC_MSG_RESULT([no])
2278 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2279 [define if fflush(NULL) does not work])],
2280 AC_MSG_WARN([cross compiling: assuming working])
2283 dnl Checks for time functions
2284 AC_CHECK_FUNCS([gettimeofday time])
2285 dnl Checks for utmp functions
2286 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2287 AC_CHECK_FUNCS([utmpname])
2288 dnl Checks for utmpx functions
2289 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2290 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2291 dnl Checks for lastlog functions
2292 AC_CHECK_FUNCS([getlastlogxbyname])
2294 AC_CHECK_FUNC([daemon],
2295 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2296 [AC_CHECK_LIB([bsd], [daemon],
2297 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2300 AC_CHECK_FUNC([getpagesize],
2301 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2302 [Define if your libraries define getpagesize()])],
2303 [AC_CHECK_LIB([ucb], [getpagesize],
2304 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2307 # Check for broken snprintf
2308 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2309 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2317 snprintf(b,5,"123456789");
2320 [AC_MSG_RESULT([yes])],
2323 AC_DEFINE([BROKEN_SNPRINTF], [1],
2324 [Define if your snprintf is busted])
2325 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2327 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2331 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2332 AC_MSG_CHECKING([whether snprintf understands %zu])
2335 #include <sys/types.h>
2341 size_t a = 1, b = 2;
2343 snprintf(z, sizeof z, "%zu%zu", a, b);
2344 exit(strcmp(z, "12"));
2346 [AC_MSG_RESULT([yes])],
2349 AC_DEFINE([BROKEN_SNPRINTF], [1],
2350 [snprintf does not understand %zu])
2352 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2356 # We depend on vsnprintf returning the right thing on overflow: the
2357 # number of characters it tried to create (as per SUSv3)
2358 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2359 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2362 #include <sys/types.h>
2366 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2372 ret = vsnprintf(str, count, fmt, ap);
2378 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2380 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2384 [AC_MSG_RESULT([yes])],
2387 AC_DEFINE([BROKEN_SNPRINTF], [1],
2388 [Define if your snprintf is busted])
2389 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2391 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2395 # On systems where [v]snprintf is broken, but is declared in stdio,
2396 # check that the fmt argument is const char * or just char *.
2397 # This is only useful for when BROKEN_SNPRINTF
2398 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2399 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2401 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2405 [AC_MSG_RESULT([yes])
2406 AC_DEFINE([SNPRINTF_CONST], [const],
2407 [Define as const if snprintf() can declare const char *fmt])],
2408 [AC_MSG_RESULT([no])
2409 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2411 # Check for missing getpeereid (or equiv) support
2413 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2414 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2415 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2416 #include <sys/types.h>
2417 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2418 [ AC_MSG_RESULT([yes])
2419 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2420 ], [AC_MSG_RESULT([no])
2425 dnl make sure that openpty does not reacquire controlling terminal
2426 if test ! -z "$check_for_openpty_ctty_bug"; then
2427 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2433 #include <sys/fcntl.h>
2434 #include <sys/types.h>
2435 #include <sys/wait.h>
2438 int fd, ptyfd, ttyfd, status;
2441 if (pid < 0) { /* failed */
2443 } else if (pid > 0) { /* parent */
2444 waitpid(pid, &status, 0);
2445 if (WIFEXITED(status))
2446 exit(WEXITSTATUS(status));
2449 } else { /* child */
2450 close(0); close(1); close(2);
2452 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2453 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2455 exit(3); /* Acquired ctty: broken */
2457 exit(0); /* Did not acquire ctty: OK */
2461 AC_MSG_RESULT([yes])
2465 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2468 AC_MSG_RESULT([cross-compiling, assuming yes])
2473 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2474 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2475 AC_MSG_CHECKING([if getaddrinfo seems to work])
2480 #include <sys/socket.h>
2483 #include <netinet/in.h>
2485 #define TEST_PORT "2222"
2488 struct addrinfo *gai_ai, *ai, hints;
2489 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2491 memset(&hints, 0, sizeof(hints));
2492 hints.ai_family = PF_UNSPEC;
2493 hints.ai_socktype = SOCK_STREAM;
2494 hints.ai_flags = AI_PASSIVE;
2496 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2498 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2502 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2503 if (ai->ai_family != AF_INET6)
2506 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2507 sizeof(ntop), strport, sizeof(strport),
2508 NI_NUMERICHOST|NI_NUMERICSERV);
2511 if (err == EAI_SYSTEM)
2512 perror("getnameinfo EAI_SYSTEM");
2514 fprintf(stderr, "getnameinfo failed: %s\n",
2519 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2522 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2530 AC_MSG_RESULT([yes])
2534 AC_DEFINE([BROKEN_GETADDRINFO])
2537 AC_MSG_RESULT([cross-compiling, assuming yes])
2542 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2543 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2544 AC_MSG_CHECKING([if getaddrinfo seems to work])
2549 #include <sys/socket.h>
2552 #include <netinet/in.h>
2554 #define TEST_PORT "2222"
2557 struct addrinfo *gai_ai, *ai, hints;
2558 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2560 memset(&hints, 0, sizeof(hints));
2561 hints.ai_family = PF_UNSPEC;
2562 hints.ai_socktype = SOCK_STREAM;
2563 hints.ai_flags = AI_PASSIVE;
2565 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2567 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2571 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2572 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2575 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2576 sizeof(ntop), strport, sizeof(strport),
2577 NI_NUMERICHOST|NI_NUMERICSERV);
2579 if (ai->ai_family == AF_INET && err != 0) {
2580 perror("getnameinfo");
2587 AC_MSG_RESULT([yes])
2588 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2589 [Define if you have a getaddrinfo that fails
2590 for the all-zeros IPv6 address])
2594 AC_DEFINE([BROKEN_GETADDRINFO])
2597 AC_MSG_RESULT([cross-compiling, assuming no])
2602 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2603 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2604 [#include <sys/types.h>
2605 #include <sys/socket.h>
2606 #include <netdb.h>])
2609 if test "x$check_for_conflicting_getspnam" = "x1"; then
2610 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2611 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2620 AC_MSG_RESULT([yes])
2621 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2622 [Conflicting defs for getspnam])
2627 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2628 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2629 dnl for over ten years). Despite this incompatibility being reported during
2630 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2631 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2632 dnl implementation. Try to detect this mess, and assume the only safe option
2633 dnl if we're cross compiling.
2635 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2636 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2637 if test "x$ac_cv_func_strnvis" = "xyes"; then
2638 AC_MSG_CHECKING([for working strnvis])
2646 static void sighandler(int sig) { _exit(1); }
2650 signal(SIGSEGV, sighandler);
2651 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2655 [AC_MSG_RESULT([yes])],
2656 [AC_MSG_RESULT([no])
2657 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2658 [AC_MSG_WARN([cross compiling: assuming broken])
2659 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2663 AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
2666 #ifdef HAVE_SYS_SELECT
2667 # include <sys/select.h>
2669 #include <sys/types.h>
2670 #include <sys/time.h>
2674 static void sighandler(int sig) { }
2678 struct sigaction sa;
2680 sa.sa_handler = sighandler;
2681 sa.sa_flags = SA_RESTART;
2682 (void)sigaction(SIGTERM, &sa, NULL);
2683 if ((pid = fork()) == 0) { /* child */
2688 if (getppid() == pid) /* if parent did not exit, shoot it */
2691 } else { /* parent */
2692 r = select(0, NULL, NULL, NULL, NULL);
2694 exit(r == -1 ? 0 : 1);
2696 [AC_MSG_RESULT([yes])],
2697 [AC_MSG_RESULT([no])
2698 AC_DEFINE([NO_SA_RESTART], [1],
2699 [SA_RESTARTed signals do no interrupt select])],
2700 [AC_MSG_WARN([cross compiling: assuming yes])]
2703 AC_CHECK_FUNCS([getpgrp],[
2704 AC_MSG_CHECKING([if getpgrp accepts zero args])
2706 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2707 [ AC_MSG_RESULT([yes])
2708 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2709 [ AC_MSG_RESULT([no])
2710 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2714 # Search for OpenSSL
2715 saved_CPPFLAGS="$CPPFLAGS"
2716 saved_LDFLAGS="$LDFLAGS"
2717 AC_ARG_WITH([ssl-dir],
2718 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2720 if test "x$openssl" = "xno" ; then
2721 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2723 if test "x$withval" != "xno" ; then
2726 ./*|../*) withval="`pwd`/$withval"
2728 if test -d "$withval/lib"; then
2729 libcrypto_path="${withval}/lib"
2730 elif test -d "$withval/lib64"; then
2731 libcrypto_path="$withval/lib64"
2733 # Built but not installed
2734 libcrypto_path="${withval}"
2736 if test -n "${rpath_opt}"; then
2737 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2739 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2741 if test -d "$withval/include"; then
2742 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2744 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2750 AC_ARG_WITH([openssl-header-check],
2751 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2753 if test "x$withval" = "xno" ; then
2754 openssl_check_nonfatal=1
2760 AC_ARG_WITH([ssl-engine],
2761 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2763 if test "x$withval" != "xno" ; then
2764 if test "x$openssl" = "xno" ; then
2765 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2772 nocrypto_saved_LIBS="$LIBS"
2773 if test "x$openssl" = "xyes" ; then
2774 LIBS="-lcrypto $LIBS"
2775 CHANNELLIBS="-lcrypto $CHANNELLIBS"
2776 AC_TRY_LINK_FUNC([RAND_add], ,
2777 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
2778 AC_CHECK_HEADER([openssl/opensslv.h], ,
2779 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2781 # Determine OpenSSL header version
2782 AC_MSG_CHECKING([OpenSSL header version])
2788 #include <openssl/opensslv.h>
2789 #define DATA "conftest.sslincver"
2794 fd = fopen(DATA,"w");
2798 if ((rc = fprintf(fd, "%08lx (%s)\n",
2799 (unsigned long)OPENSSL_VERSION_NUMBER,
2800 OPENSSL_VERSION_TEXT)) < 0)
2806 ssl_header_ver=`cat conftest.sslincver`
2807 AC_MSG_RESULT([$ssl_header_ver])
2810 AC_MSG_RESULT([not found])
2811 AC_MSG_ERROR([OpenSSL version header not found.])
2814 AC_MSG_WARN([cross compiling: not checking])
2818 # Determining OpenSSL library version is version dependent.
2819 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
2821 # Determine OpenSSL library version
2822 AC_MSG_CHECKING([OpenSSL library version])
2828 #include <openssl/opensslv.h>
2829 #include <openssl/crypto.h>
2830 #define DATA "conftest.ssllibver"
2835 fd = fopen(DATA,"w");
2838 #ifndef OPENSSL_VERSION
2839 # define OPENSSL_VERSION SSLEAY_VERSION
2841 #ifndef HAVE_OPENSSL_VERSION
2842 # define OpenSSL_version SSLeay_version
2844 #ifndef HAVE_OPENSSL_VERSION_NUM
2845 # define OpenSSL_version_num SSLeay
2847 if ((rc = fprintf(fd, "%08lx (%s)\n",
2848 (unsigned long)OpenSSL_version_num(),
2849 OpenSSL_version(OPENSSL_VERSION))) < 0)
2855 ssl_library_ver=`cat conftest.ssllibver`
2856 # Check version is supported.
2857 case "$ssl_library_ver" in
2859 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2863 # https://github.com/openssl/openssl/pull/4613
2864 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
2869 # OpenSSL 3; we use the 1.1x API
2870 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2873 # OpenSSL development branch; request 1.1x API
2874 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2877 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
2880 AC_MSG_RESULT([$ssl_library_ver])
2883 AC_MSG_RESULT([not found])
2884 AC_MSG_ERROR([OpenSSL library not found.])
2887 AC_MSG_WARN([cross compiling: not checking])
2893 case "$ssl_library_ver" in
2895 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2900 # Sanity check OpenSSL headers
2901 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2906 #include <openssl/opensslv.h>
2907 #include <openssl/crypto.h>
2909 #ifndef HAVE_OPENSSL_VERSION_NUM
2910 # define OpenSSL_version_num SSLeay
2912 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2915 AC_MSG_RESULT([yes])
2919 if test "x$openssl_check_nonfatal" = "x"; then
2920 AC_MSG_ERROR([Your OpenSSL headers do not match your
2921 library. Check config.log for details.
2922 If you are sure your installation is consistent, you can disable the check
2923 by running "./configure --without-openssl-header-check".
2924 Also see contrib/findssl.sh for help identifying header/library mismatches.
2927 AC_MSG_WARN([Your OpenSSL headers do not match your
2928 library. Check config.log for details.
2929 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2933 AC_MSG_WARN([cross compiling: not checking])
2937 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2939 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2940 [[ ERR_load_crypto_strings(); ]])],
2942 AC_MSG_RESULT([yes])
2947 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2949 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2950 [[ ERR_load_crypto_strings(); ]])],
2952 AC_MSG_RESULT([yes])
2953 CHANNELLIBS="$CHANNELLIBS -ldl"
2965 DSA_generate_parameters_ex \
2966 EVP_DigestFinal_ex \
2968 EVP_MD_CTX_cleanup \
2969 EVP_MD_CTX_copy_ex \
2972 RSA_generate_key_ex \
2973 RSA_get_default_method \
2976 # OpenSSL_add_all_algorithms may be a macro.
2977 AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
2978 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
2979 AC_CHECK_DECL(OpenSSL_add_all_algorithms,
2980 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
2981 [[#include <openssl/evp.h>]]
2985 # LibreSSL/OpenSSL 1.1x API
2987 OPENSSL_init_crypto \
3002 EVP_CIPHER_CTX_iv_noconst \
3003 EVP_CIPHER_CTX_get_iv \
3004 EVP_CIPHER_CTX_get_updated_iv \
3005 EVP_CIPHER_CTX_set_iv \
3006 RSA_get0_crt_params \
3009 RSA_set0_crt_params \
3014 RSA_meth_set1_name \
3015 RSA_meth_get_finish \
3016 RSA_meth_set_priv_enc \
3017 RSA_meth_set_priv_dec \
3018 RSA_meth_set_finish \
3025 if test "x$openssl_engine" = "xyes" ; then
3026 AC_MSG_CHECKING([for OpenSSL ENGINE support])
3027 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3028 #include <openssl/engine.h>
3030 ENGINE_load_builtin_engines();
3031 ENGINE_register_all_complete();
3033 [ AC_MSG_RESULT([yes])
3034 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
3035 [Enable OpenSSL engine support])
3036 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
3040 # Check for OpenSSL without EVP_aes_{192,256}_cbc
3041 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3046 #include <openssl/evp.h>
3048 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
3054 AC_MSG_RESULT([yes])
3055 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
3056 [libcrypto is missing AES 192 and 256 bit functions])
3060 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
3065 #include <openssl/evp.h>
3067 if(EVP_DigestUpdate(NULL, NULL,0))
3071 AC_MSG_RESULT([yes])
3075 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
3076 [Define if EVP_DigestUpdate returns void])
3080 # Check for SHA256, SHA384 and SHA512 support in OpenSSL
3081 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
3083 # Check complete ECC support in OpenSSL
3084 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3087 #include <openssl/ec.h>
3088 #include <openssl/ecdh.h>
3089 #include <openssl/ecdsa.h>
3090 #include <openssl/evp.h>
3091 #include <openssl/objects.h>
3092 #include <openssl/opensslv.h>
3094 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3095 const EVP_MD *m = EVP_sha256(); /* We need this too */
3097 [ AC_MSG_RESULT([yes])
3098 enable_nistp256=1 ],
3099 [ AC_MSG_RESULT([no]) ]
3102 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3105 #include <openssl/ec.h>
3106 #include <openssl/ecdh.h>
3107 #include <openssl/ecdsa.h>
3108 #include <openssl/evp.h>
3109 #include <openssl/objects.h>
3110 #include <openssl/opensslv.h>
3112 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3113 const EVP_MD *m = EVP_sha384(); /* We need this too */
3115 [ AC_MSG_RESULT([yes])
3116 enable_nistp384=1 ],
3117 [ AC_MSG_RESULT([no]) ]
3120 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3123 #include <openssl/ec.h>
3124 #include <openssl/ecdh.h>
3125 #include <openssl/ecdsa.h>
3126 #include <openssl/evp.h>
3127 #include <openssl/objects.h>
3128 #include <openssl/opensslv.h>
3130 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3131 const EVP_MD *m = EVP_sha512(); /* We need this too */
3133 [ AC_MSG_RESULT([yes])
3134 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3138 #include <openssl/ec.h>
3139 #include <openssl/ecdh.h>
3140 #include <openssl/ecdsa.h>
3141 #include <openssl/evp.h>
3142 #include <openssl/objects.h>
3143 #include <openssl/opensslv.h>
3145 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3146 const EVP_MD *m = EVP_sha512(); /* We need this too */
3147 exit(e == NULL || m == NULL);
3149 [ AC_MSG_RESULT([yes])
3150 enable_nistp521=1 ],
3151 [ AC_MSG_RESULT([no]) ],
3152 [ AC_MSG_WARN([cross-compiling: assuming yes])
3158 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3159 test x$enable_nistp521 = x1; then
3160 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3161 AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3166 if test x$enable_nistp256 = x1; then
3167 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3168 [libcrypto has NID_X9_62_prime256v1])
3170 unsupported_algorithms="$unsupported_algorithms \
3171 ecdsa-sha2-nistp256 \
3172 ecdh-sha2-nistp256 \
3173 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3175 if test x$enable_nistp384 = x1; then
3176 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3178 unsupported_algorithms="$unsupported_algorithms \
3179 ecdsa-sha2-nistp384 \
3180 ecdh-sha2-nistp384 \
3181 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3183 if test x$enable_nistp521 = x1; then
3184 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3186 unsupported_algorithms="$unsupported_algorithms \
3187 ecdh-sha2-nistp521 \
3188 ecdsa-sha2-nistp521 \
3189 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3193 # PKCS11/U2F depend on OpenSSL and dlopen().
3196 if test "x$openssl" != "xyes" ; then
3197 enable_pkcs11="disabled; missing libcrypto"
3199 if test "x$ac_cv_func_dlopen" != "xyes" ; then
3200 enable_pkcs11="disabled; missing dlopen(3)"
3201 enable_sk="disabled; missing dlopen(3)"
3203 if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3204 enable_pkcs11="disabled; missing RTLD_NOW"
3205 enable_sk="disabled; missing RTLD_NOW"
3207 if test ! -z "$disable_pkcs11" ; then
3208 enable_pkcs11="disabled by user"
3210 if test ! -z "$disable_sk" ; then
3211 enable_sk="disabled by user"
3214 AC_MSG_CHECKING([whether to enable PKCS11])
3215 if test "x$enable_pkcs11" = "xyes" ; then
3216 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3218 AC_MSG_RESULT([$enable_pkcs11])
3220 AC_MSG_CHECKING([whether to enable U2F])
3221 if test "x$enable_sk" = "xyes" ; then
3222 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3223 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3225 # Do not try to build sk-dummy library.
3226 AC_SUBST(SK_DUMMY_LIBRARY, [""])
3228 AC_MSG_RESULT([$enable_sk])
3230 # Now check for built-in security key support.
3231 if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3232 use_pkgconfig_for_libfido2=
3233 if test "x$PKGCONFIG" != "xno"; then
3234 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3235 if "$PKGCONFIG" libfido2; then
3236 AC_MSG_RESULT([yes])
3237 use_pkgconfig_for_libfido2=yes
3242 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3243 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3244 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3246 LIBFIDO2="-lprivatefido2 -lprivatecbor"
3248 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3250 AC_CHECK_LIB([privatefido2], [fido_init],
3252 [ fido2_error="missing/unusable libfido2" ],
3255 AC_CHECK_HEADER([fido.h], [],
3256 [ fido2_error="missing fido.h from libfido2" ])
3257 AC_CHECK_HEADER([fido/credman.h], [],
3258 [ fido2_error="missing fido/credman.h from libfido2" ],
3259 [ #include <fido.h> ]
3261 AC_MSG_CHECKING([for usable libfido2 installation])
3262 if test ! -z "$fido2_error" ; then
3263 AC_MSG_RESULT([$fido2_error])
3264 if test "x$enable_sk_internal" = "xyes" ; then
3265 AC_MSG_ERROR([No usable libfido2 library/headers found])
3269 AC_MSG_RESULT([yes])
3270 AC_SUBST([LIBFIDO2])
3271 AC_DEFINE([ENABLE_SK_INTERNAL], [],
3272 [Enable for built-in U2F/FIDO support])
3273 enable_sk="built-in"
3275 LIBS="$LIBS $LIBFIDO2"
3277 fido_assert_set_clientdata \
3279 fido_cred_set_prot \
3280 fido_cred_set_clientdata \
3281 fido_dev_get_touch_begin \
3282 fido_dev_get_touch_status \
3283 fido_dev_supports_cred_prot \
3284 fido_dev_is_winhello \
3294 arc4random_uniform \
3296 ### Configure cryptographic random number support
3298 # Check whether OpenSSL seeds itself
3299 if test "x$openssl" = "xyes" ; then
3300 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3305 #include <openssl/rand.h>
3307 exit(RAND_status() == 1 ? 0 : 1);
3310 OPENSSL_SEEDS_ITSELF=yes
3311 AC_MSG_RESULT([yes])
3317 AC_MSG_WARN([cross compiling: assuming yes])
3318 # This is safe, since we will fatal() at runtime if
3319 # OpenSSL is not seeded correctly.
3320 OPENSSL_SEEDS_ITSELF=yes
3326 AC_ARG_WITH([prngd-port],
3327 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3336 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3339 if test ! -z "$withval" ; then
3340 PRNGD_PORT="$withval"
3341 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3342 [Port number of PRNGD/EGD random number socket])
3347 # PRNGD Unix domain socket
3348 AC_ARG_WITH([prngd-socket],
3349 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3353 withval="/var/run/egd-pool"
3361 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3365 if test ! -z "$withval" ; then
3366 if test ! -z "$PRNGD_PORT" ; then
3367 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3369 if test ! -r "$withval" ; then
3370 AC_MSG_WARN([Entropy socket is not readable])
3372 PRNGD_SOCKET="$withval"
3373 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3374 [Location of PRNGD/EGD random number socket])
3378 # Check for existing socket only if we don't have a random device already
3379 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3380 AC_MSG_CHECKING([for PRNGD/EGD socket])
3381 # Insert other locations here
3382 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3383 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3384 PRNGD_SOCKET="$sock"
3385 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3389 if test ! -z "$PRNGD_SOCKET" ; then
3390 AC_MSG_RESULT([$PRNGD_SOCKET])
3392 AC_MSG_RESULT([not found])
3398 # Which randomness source do we use?
3399 if test ! -z "$PRNGD_PORT" ; then
3400 RAND_MSG="PRNGd port $PRNGD_PORT"
3401 elif test ! -z "$PRNGD_SOCKET" ; then
3402 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3403 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3404 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3405 [Define if you want the OpenSSL internally seeded PRNG only])
3406 RAND_MSG="OpenSSL internal ONLY"
3407 elif test "x$openssl" = "xno" ; then
3408 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3410 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3412 LIBS="$nocrypto_saved_LIBS"
3415 AC_CHECK_LIB([iaf], [ia_openinfo], [
3417 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3418 AC_DEFINE([HAVE_LIBIAF], [1],
3419 [Define if system has libiaf that supports set_id])
3424 # Check for crypt() in libcrypt. If we have it, we only need it for sshd.
3426 AC_CHECK_LIB([crypt], [crypt], [
3427 LIBS="-lcrypt $LIBS"
3428 SSHDLIBS="-lcrypt $SSHDLIBS"
3430 AC_CHECK_FUNCS([crypt])
3433 # Check for PAM libs
3436 [ --with-pam Enable PAM support ],
3438 if test "x$withval" != "xno" ; then
3439 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3440 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3441 AC_MSG_ERROR([PAM headers not found])
3445 AC_CHECK_LIB([dl], [dlopen], , )
3446 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3447 AC_CHECK_FUNCS([pam_getenvlist])
3448 AC_CHECK_FUNCS([pam_putenv])
3453 SSHDLIBS="$SSHDLIBS -lpam"
3454 AC_DEFINE([USE_PAM], [1],
3455 [Define if you want to enable PAM support])
3457 if test $ac_cv_lib_dl_dlopen = yes; then
3460 # libdl already in LIBS
3463 SSHDLIBS="$SSHDLIBS -ldl"
3471 AC_ARG_WITH([pam-service],
3472 [ --with-pam-service=name Specify PAM service name ],
3474 if test "x$withval" != "xno" && \
3475 test "x$withval" != "xyes" ; then
3476 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3477 ["$withval"], [sshd PAM service name])
3482 # Check for older PAM
3483 if test "x$PAM_MSG" = "xyes" ; then
3484 # Check PAM strerror arguments (old PAM)
3485 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3486 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3488 #if defined(HAVE_SECURITY_PAM_APPL_H)
3489 #include <security/pam_appl.h>
3490 #elif defined (HAVE_PAM_PAM_APPL_H)
3491 #include <pam/pam_appl.h>
3494 (void)pam_strerror((pam_handle_t *)NULL, -1);
3495 ]])], [AC_MSG_RESULT([no])], [
3496 AC_DEFINE([HAVE_OLD_PAM], [1],
3497 [Define if you have an old version of PAM
3498 which takes only one argument to pam_strerror])
3499 AC_MSG_RESULT([yes])
3500 PAM_MSG="yes (old library)"
3507 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3510 SSH_PRIVSEP_USER=sshd
3513 AC_ARG_WITH([privsep-user],
3514 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3516 if test -n "$withval" && test "x$withval" != "xno" && \
3517 test "x${withval}" != "xyes"; then
3518 SSH_PRIVSEP_USER=$withval
3522 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3523 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3524 [Cygwin function to fetch non-privileged user for privilege separation])
3526 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3527 [non-privileged user for privilege separation])
3529 AC_SUBST([SSH_PRIVSEP_USER])
3531 if test "x$have_linux_no_new_privs" = "x1" ; then
3532 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3533 #include <sys/types.h>
3534 #include <linux/seccomp.h>
3537 if test "x$have_seccomp_filter" = "x1" ; then
3538 AC_MSG_CHECKING([kernel for seccomp_filter support])
3539 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3542 #include <linux/audit.h>
3543 #include <linux/seccomp.h>
3545 #include <sys/prctl.h>
3547 [[ int i = $seccomp_audit_arch;
3549 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3550 exit(errno == EFAULT ? 0 : 1); ]])],
3551 [ AC_MSG_RESULT([yes]) ], [
3553 # Disable seccomp filter as a target
3554 have_seccomp_filter=0
3559 AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
3560 #include <sys/types.h>
3564 #ifdef HAVE_SYS_POLL_H
3565 #include <sys/poll.h>
3569 AC_CHECK_TYPES([nfds_t], , , [
3570 #include <sys/types.h>
3574 #ifdef HAVE_SYS_POLL_H
3575 #include <sys/poll.h>
3579 # Decide which sandbox style to use
3581 AC_ARG_WITH([sandbox],
3582 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3584 if test "x$withval" = "xyes" ; then
3587 sandbox_arg="$withval"
3592 if test "x$sandbox_arg" != "xno"; then
3593 # POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
3594 # is greater than OPEN_MAX". On some platforms that includes implementions
3595 # of select in userspace on top of poll() so check both work with rlimit
3596 # NOFILES so check that both work before enabling the rlimit sandbox.
3597 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
3600 #include <sys/types.h>
3601 #ifdef HAVE_SYS_TIME_H
3602 # include <sys/time.h>
3604 #include <sys/resource.h>
3605 #ifdef HAVE_SYS_SELECT_H
3606 # include <sys/select.h>
3610 #elif HAVE_SYS_POLL_H
3611 # include <sys/poll.h>
3617 struct rlimit rl_zero;
3625 fd = open("/dev/null", O_RDONLY);
3628 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3629 setrlimit(RLIMIT_FSIZE, &rl_zero);
3630 setrlimit(RLIMIT_NOFILE, &rl_zero);
3633 r = select(fd+1, &fds, NULL, NULL, &tv);
3638 pfd.events = POLLIN;
3639 r = poll(&pfd, 1, 1);
3645 [AC_MSG_RESULT([yes])
3646 select_works_with_rlimit=yes],
3647 [AC_MSG_RESULT([no])
3648 select_works_with_rlimit=no],
3649 [AC_MSG_WARN([cross compiling: assuming no])
3650 select_works_with_rlimit=no]
3653 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3656 #include <sys/types.h>
3657 #ifdef HAVE_SYS_TIME_H
3658 # include <sys/time.h>
3660 #include <sys/resource.h>
3664 struct rlimit rl_zero;
3667 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3668 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3669 exit (r == -1 ? 1 : 0);
3671 [AC_MSG_RESULT([yes])
3672 rlimit_nofile_zero_works=yes],
3673 [AC_MSG_RESULT([no])
3674 rlimit_nofile_zero_works=no],
3675 [AC_MSG_WARN([cross compiling: assuming yes])
3676 rlimit_nofile_zero_works=yes]
3679 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3682 #include <sys/types.h>
3683 #include <sys/resource.h>
3686 struct rlimit rl_zero;
3688 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3689 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3691 [AC_MSG_RESULT([yes])],
3692 [AC_MSG_RESULT([no])
3693 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3694 [setrlimit RLIMIT_FSIZE works])],
3695 [AC_MSG_WARN([cross compiling: assuming yes])]
3699 if test "x$sandbox_arg" = "xpledge" || \
3700 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3701 test "x$ac_cv_func_pledge" != "xyes" && \
3702 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3703 SANDBOX_STYLE="pledge"
3704 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3705 elif test "x$sandbox_arg" = "xsystrace" || \
3706 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3707 test "x$have_systr_policy_kill" != "x1" && \
3708 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3709 SANDBOX_STYLE="systrace"
3710 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3711 elif test "x$sandbox_arg" = "xdarwin" || \
3712 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3713 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3714 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3715 "x$ac_cv_header_sandbox_h" != "xyes" && \
3716 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3717 SANDBOX_STYLE="darwin"
3718 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3719 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3720 ( test -z "$sandbox_arg" && \
3721 test "x$have_seccomp_filter" = "x1" && \
3722 test "x$ac_cv_header_elf_h" = "xyes" && \
3723 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3724 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3725 test "x$seccomp_audit_arch" != "x" && \
3726 test "x$have_linux_no_new_privs" = "x1" && \
3727 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3728 test "x$seccomp_audit_arch" = "x" && \
3729 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3730 test "x$have_linux_no_new_privs" != "x1" && \
3731 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3732 test "x$have_seccomp_filter" != "x1" && \
3733 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3734 test "x$ac_cv_func_prctl" != "xyes" && \
3735 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3736 SANDBOX_STYLE="seccomp_filter"
3737 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3738 elif test "x$sandbox_arg" = "xcapsicum" || \
3739 ( test -z "$sandbox_arg" && \
3740 test "x$disable_capsicum" != "xyes" && \
3741 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3742 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3743 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3744 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3745 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3746 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3747 SANDBOX_STYLE="capsicum"
3748 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3749 elif test "x$sandbox_arg" = "xrlimit" || \
3750 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3751 test "x$select_works_with_rlimit" = "xyes" && \
3752 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3753 test "x$ac_cv_func_setrlimit" != "xyes" && \
3754 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3755 test "x$select_works_with_rlimit" != "xyes" && \
3756 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3757 SANDBOX_STYLE="rlimit"
3758 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3759 elif test "x$sandbox_arg" = "xsolaris" || \
3760 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3761 SANDBOX_STYLE="solaris"
3762 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3763 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3764 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3765 SANDBOX_STYLE="none"
3766 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3768 AC_MSG_ERROR([unsupported --with-sandbox])
3771 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3772 if test ! -z "$SONY" ; then
3773 LIBS="$LIBS -liberty";
3776 # Check for long long datatypes
3777 AC_CHECK_TYPES([long long, unsigned long long, long double])
3779 # Check datatype sizes
3780 AC_CHECK_SIZEOF([short int])
3781 AC_CHECK_SIZEOF([int])
3782 AC_CHECK_SIZEOF([long int])
3783 AC_CHECK_SIZEOF([long long int])
3784 AC_CHECK_SIZEOF([time_t], [], [[
3785 #include <sys/types.h>
3786 #ifdef HAVE_SYS_TIME_H
3787 # include <sys/time.h>
3795 # Sanity check long long for some platforms (AIX)
3796 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3797 ac_cv_sizeof_long_long_int=0
3800 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3801 if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3802 AC_MSG_CHECKING([for max value of long long])
3807 /* Why is this so damn hard? */
3811 #define __USE_ISOC99
3813 #define DATA "conftest.llminmax"
3814 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3817 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3818 * we do this the hard way.
3821 fprint_ll(FILE *f, long long n)
3824 int l[sizeof(long long) * 8];
3827 if (fprintf(f, "-") < 0)
3829 for (i = 0; n != 0; i++) {
3830 l[i] = my_abs(n % 10);
3834 if (fprintf(f, "%d", l[--i]) < 0)
3837 if (fprintf(f, " ") < 0)
3843 long long i, llmin, llmax = 0;
3845 if((f = fopen(DATA,"w")) == NULL)
3848 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3849 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3853 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3854 /* This will work on one's complement and two's complement */
3855 for (i = 1; i > llmax; i <<= 1, i++)
3857 llmin = llmax + 1LL; /* wrap */
3861 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3862 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3863 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3864 fprintf(f, "unknown unknown\n");
3868 if (fprint_ll(f, llmin) < 0)
3870 if (fprint_ll(f, llmax) < 0)
3877 llong_min=`$AWK '{print $1}' conftest.llminmax`
3878 llong_max=`$AWK '{print $2}' conftest.llminmax`
3880 AC_MSG_RESULT([$llong_max])
3881 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3882 [max value of long long calculated by configure])
3883 AC_MSG_CHECKING([for min value of long long])
3884 AC_MSG_RESULT([$llong_min])
3885 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3886 [min value of long long calculated by configure])
3889 AC_MSG_RESULT([not found])
3892 AC_MSG_WARN([cross compiling: not checking])
3897 AC_CHECK_DECLS([UINT32_MAX], , , [[
3898 #ifdef HAVE_SYS_LIMITS_H
3899 # include <sys/limits.h>
3901 #ifdef HAVE_LIMITS_H
3902 # include <limits.h>
3904 #ifdef HAVE_STDINT_H
3905 # include <stdint.h>
3909 # More checks for data types
3910 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3911 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3912 [[ u_int a; a = 1;]])],
3913 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3916 if test "x$ac_cv_have_u_int" = "xyes" ; then
3917 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3921 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3922 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3923 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3924 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3927 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3928 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3932 if (test -z "$have_intxx_t" && \
3933 test "x$ac_cv_header_stdint_h" = "xyes")
3935 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3936 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3937 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3939 AC_DEFINE([HAVE_INTXX_T])
3940 AC_MSG_RESULT([yes])
3941 ], [ AC_MSG_RESULT([no])
3945 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3947 #include <sys/types.h>
3948 #ifdef HAVE_STDINT_H
3949 # include <stdint.h>
3951 #include <sys/socket.h>
3952 #ifdef HAVE_SYS_BITYPES_H
3953 # include <sys/bitypes.h>
3958 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3961 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3962 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3965 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3966 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3967 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3968 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3971 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3972 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3976 if test -z "$have_u_intxx_t" ; then
3977 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3978 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3979 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3981 AC_DEFINE([HAVE_U_INTXX_T])
3982 AC_MSG_RESULT([yes])
3983 ], [ AC_MSG_RESULT([no])
3987 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3988 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3989 [[ u_int64_t a; a = 1;]])],
3990 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3993 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3994 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3998 if (test -z "$have_u_int64_t" && \
3999 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4001 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
4002 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
4003 [[ u_int64_t a; a = 1]])],
4005 AC_DEFINE([HAVE_U_INT64_T])
4006 AC_MSG_RESULT([yes])
4007 ], [ AC_MSG_RESULT([no])
4011 if test -z "$have_u_intxx_t" ; then
4012 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
4013 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4014 #include <sys/types.h>
4021 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
4024 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
4025 AC_DEFINE([HAVE_UINTXX_T], [1],
4026 [define if you have uintxx_t data type])
4030 if (test -z "$have_uintxx_t" && \
4031 test "x$ac_cv_header_stdint_h" = "xyes")
4033 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
4034 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
4035 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4037 AC_DEFINE([HAVE_UINTXX_T])
4038 AC_MSG_RESULT([yes])
4039 ], [ AC_MSG_RESULT([no])
4043 if (test -z "$have_uintxx_t" && \
4044 test "x$ac_cv_header_inttypes_h" = "xyes")
4046 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
4047 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
4048 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4050 AC_DEFINE([HAVE_UINTXX_T])
4051 AC_MSG_RESULT([yes])
4052 ], [ AC_MSG_RESULT([no])
4056 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4057 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4059 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
4060 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4061 #include <sys/bitypes.h>
4063 int8_t a; int16_t b; int32_t c;
4064 u_int8_t e; u_int16_t f; u_int32_t g;
4065 a = b = c = e = f = g = 1;
4068 AC_DEFINE([HAVE_U_INTXX_T])
4069 AC_DEFINE([HAVE_INTXX_T])
4070 AC_MSG_RESULT([yes])
4071 ], [AC_MSG_RESULT([no])
4076 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
4077 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4078 [[ u_char foo; foo = 125; ]])],
4079 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
4082 if test "x$ac_cv_have_u_char" = "xyes" ; then
4083 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
4086 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
4087 #include <sys/types.h>
4088 #ifdef HAVE_STDINT_H
4089 # include <stdint.h>
4095 AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
4096 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
4097 #include <sys/types.h>
4098 #ifdef HAVE_SYS_BITYPES_H
4099 #include <sys/bitypes.h>
4101 #ifdef HAVE_SYS_STATFS_H
4102 #include <sys/statfs.h>
4104 #ifdef HAVE_SYS_STATVFS_H
4105 #include <sys/statvfs.h>
4109 AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
4110 #include <sys/param.h>
4111 #include <sys/types.h>
4112 #ifdef HAVE_SYS_BITYPES_H
4113 #include <sys/bitypes.h>
4115 #ifdef HAVE_SYS_STATFS_H
4116 #include <sys/statfs.h>
4118 #ifdef HAVE_SYS_STATVFS_H
4119 #include <sys/statvfs.h>
4121 #ifdef HAVE_SYS_VFS_H
4122 #include <sys/vfs.h>
4124 #ifdef HAVE_SYS_MOUNT_H
4125 #include <sys/mount.h>
4130 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
4131 [#include <sys/types.h>
4132 #include <netinet/in.h>])
4134 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
4135 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4136 [[ size_t foo; foo = 1235; ]])],
4137 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
4140 if test "x$ac_cv_have_size_t" = "xyes" ; then
4141 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
4144 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
4145 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4146 [[ ssize_t foo; foo = 1235; ]])],
4147 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
4150 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
4151 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
4154 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
4155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
4156 [[ clock_t foo; foo = 1235; ]])],
4157 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
4160 if test "x$ac_cv_have_clock_t" = "xyes" ; then
4161 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
4164 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
4165 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4166 #include <sys/types.h>
4167 #include <sys/socket.h>
4168 ]], [[ sa_family_t foo; foo = 1235; ]])],
4169 [ ac_cv_have_sa_family_t="yes" ],
4170 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4171 #include <sys/types.h>
4172 #include <sys/socket.h>
4173 #include <netinet/in.h>
4174 ]], [[ sa_family_t foo; foo = 1235; ]])],
4175 [ ac_cv_have_sa_family_t="yes" ],
4176 [ ac_cv_have_sa_family_t="no" ]
4180 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
4181 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
4182 [define if you have sa_family_t data type])
4185 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
4186 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4187 [[ pid_t foo; foo = 1235; ]])],
4188 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
4191 if test "x$ac_cv_have_pid_t" = "xyes" ; then
4192 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
4195 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
4196 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4197 [[ mode_t foo; foo = 1235; ]])],
4198 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
4201 if test "x$ac_cv_have_mode_t" = "xyes" ; then
4202 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
4206 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
4207 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4208 #include <sys/types.h>
4209 #include <sys/socket.h>
4210 ]], [[ struct sockaddr_storage s; ]])],
4211 [ ac_cv_have_struct_sockaddr_storage="yes" ],
4212 [ ac_cv_have_struct_sockaddr_storage="no"
4215 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
4216 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
4217 [define if you have struct sockaddr_storage data type])
4220 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
4221 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4222 #include <sys/types.h>
4223 #include <netinet/in.h>
4224 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
4225 [ ac_cv_have_struct_sockaddr_in6="yes" ],
4226 [ ac_cv_have_struct_sockaddr_in6="no"
4229 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
4230 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
4231 [define if you have struct sockaddr_in6 data type])
4234 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4235 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4236 #include <sys/types.h>
4237 #include <netinet/in.h>
4238 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4239 [ ac_cv_have_struct_in6_addr="yes" ],
4240 [ ac_cv_have_struct_in6_addr="no"
4243 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4244 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4245 [define if you have struct in6_addr data type])
4247 dnl Now check for sin6_scope_id
4248 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4250 #ifdef HAVE_SYS_TYPES_H
4251 #include <sys/types.h>
4253 #include <netinet/in.h>
4257 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4258 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4259 #include <sys/types.h>
4260 #include <sys/socket.h>
4262 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4263 [ ac_cv_have_struct_addrinfo="yes" ],
4264 [ ac_cv_have_struct_addrinfo="no"
4267 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4268 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4269 [define if you have struct addrinfo data type])
4272 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4273 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4274 [[ struct timeval tv; tv.tv_sec = 1;]])],
4275 [ ac_cv_have_struct_timeval="yes" ],
4276 [ ac_cv_have_struct_timeval="no"
4279 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4280 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4281 have_struct_timeval=1
4284 AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4285 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4286 #ifdef HAVE_SYS_TIME_H
4287 # include <sys/time.h>
4293 [[ struct timespec ts; ts.tv_sec = 1;]])],
4294 [ ac_cv_have_struct_timespec="yes" ],
4295 [ ac_cv_have_struct_timespec="no"
4298 if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4299 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4300 have_struct_timespec=1
4303 # We need int64_t or else certain parts of the compile will fail.
4304 if test "x$ac_cv_have_int64_t" = "xno" && \
4305 test "x$ac_cv_sizeof_long_int" != "x8" && \
4306 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4307 echo "OpenSSH requires int64_t support. Contact your vendor or install"
4308 echo "an alternative compiler (I.E., GCC) before continuing."
4312 dnl test snprintf (broken on SCO w/gcc)
4318 #ifdef HAVE_SNPRINTF
4322 char expected_out[50];
4324 #if (SIZEOF_LONG_INT == 8)
4325 long int num = 0x7fffffffffffffff;
4327 long long num = 0x7fffffffffffffffll;
4329 strcpy(expected_out, "9223372036854775807");
4330 snprintf(buf, mazsize, "%lld", num);
4331 if(strcmp(buf, expected_out) != 0)
4338 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4339 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4343 dnl Checks for structure members
4344 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4345 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4346 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4347 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4348 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4349 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4350 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4351 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4352 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4353 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4354 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4355 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4356 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4357 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4358 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4359 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4360 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4361 OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
4363 AC_CHECK_MEMBERS([struct stat.st_blksize])
4364 AC_CHECK_MEMBERS([struct stat.st_mtim])
4365 AC_CHECK_MEMBERS([struct stat.st_mtime])
4366 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4367 struct passwd.pw_change, struct passwd.pw_expire],
4369 #include <sys/types.h>
4373 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4374 [Define if we don't have struct __res_state in resolv.h])],
4377 #if HAVE_SYS_TYPES_H
4378 # include <sys/types.h>
4380 #include <netinet/in.h>
4381 #include <arpa/nameser.h>
4385 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4386 ac_cv_have_ss_family_in_struct_ss, [
4387 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4388 #include <sys/types.h>
4389 #include <sys/socket.h>
4390 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4391 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
4392 [ ac_cv_have_ss_family_in_struct_ss="no" ])
4394 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4395 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4398 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4399 ac_cv_have___ss_family_in_struct_ss, [
4400 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4401 #include <sys/types.h>
4402 #include <sys/socket.h>
4403 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4404 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
4405 [ ac_cv_have___ss_family_in_struct_ss="no"
4408 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4409 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4410 [Fields in struct sockaddr_storage])
4413 dnl make sure we're using the real structure members and not defines
4414 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4415 ac_cv_have_accrights_in_msghdr, [
4416 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4417 #include <sys/types.h>
4418 #include <sys/socket.h>
4419 #include <sys/uio.h>
4422 #ifdef msg_accrights
4423 #error "msg_accrights is a macro"
4427 m.msg_accrights = 0;
4430 [ ac_cv_have_accrights_in_msghdr="yes" ],
4431 [ ac_cv_have_accrights_in_msghdr="no" ]
4434 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4435 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4436 [Define if your system uses access rights style
4437 file descriptor passing])
4440 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4442 #include <sys/param.h>
4443 #include <sys/stat.h>
4444 #ifdef HAVE_SYS_TIME_H
4445 # include <sys/time.h>
4447 #ifdef HAVE_SYS_MOUNT_H
4448 #include <sys/mount.h>
4450 #ifdef HAVE_SYS_STATVFS_H
4451 #include <sys/statvfs.h>
4453 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4454 [ AC_MSG_RESULT([yes]) ],
4455 [ AC_MSG_RESULT([no])
4457 AC_MSG_CHECKING([if fsid_t has member val])
4458 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4459 #include <sys/types.h>
4460 #include <sys/statvfs.h>
4461 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4462 [ AC_MSG_RESULT([yes])
4463 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4464 [ AC_MSG_RESULT([no]) ])
4466 AC_MSG_CHECKING([if f_fsid has member __val])
4467 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4468 #include <sys/types.h>
4469 #include <sys/statvfs.h>
4470 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4471 [ AC_MSG_RESULT([yes])
4472 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4473 [ AC_MSG_RESULT([no]) ])
4476 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4477 ac_cv_have_control_in_msghdr, [
4478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4479 #include <sys/types.h>
4480 #include <sys/socket.h>
4481 #include <sys/uio.h>
4485 #error "msg_control is a macro"
4492 [ ac_cv_have_control_in_msghdr="yes" ],
4493 [ ac_cv_have_control_in_msghdr="no" ]
4496 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4497 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4498 [Define if your system uses ancillary data style
4499 file descriptor passing])
4502 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4503 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4504 [[ extern char *__progname; printf("%s", __progname); ]])],
4505 [ ac_cv_libc_defines___progname="yes" ],
4506 [ ac_cv_libc_defines___progname="no"
4509 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4510 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4513 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4514 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4515 [[ printf("%s", __FUNCTION__); ]])],
4516 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4517 [ ac_cv_cc_implements___FUNCTION__="no"
4520 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4521 AC_DEFINE([HAVE___FUNCTION__], [1],
4522 [Define if compiler implements __FUNCTION__])
4525 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4526 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4527 [[ printf("%s", __func__); ]])],
4528 [ ac_cv_cc_implements___func__="yes" ],
4529 [ ac_cv_cc_implements___func__="no"
4532 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4533 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4536 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4537 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4540 ]], [[ va_copy(x,y); ]])],
4541 [ ac_cv_have_va_copy="yes" ],
4542 [ ac_cv_have_va_copy="no"
4545 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4546 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4549 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4550 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4553 ]], [[ __va_copy(x,y); ]])],
4554 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4557 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4558 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4561 AC_CACHE_CHECK([whether getopt has optreset support],
4562 ac_cv_have_getopt_optreset, [
4563 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4564 [[ extern int optreset; optreset = 0; ]])],
4565 [ ac_cv_have_getopt_optreset="yes" ],
4566 [ ac_cv_have_getopt_optreset="no"
4569 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4570 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4571 [Define if your getopt(3) defines and uses optreset])
4574 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4575 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4576 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4577 [ ac_cv_libc_defines_sys_errlist="yes" ],
4578 [ ac_cv_libc_defines_sys_errlist="no"
4581 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4582 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4583 [Define if your system defines sys_errlist[]])
4587 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4588 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4589 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4590 [ ac_cv_libc_defines_sys_nerr="yes" ],
4591 [ ac_cv_libc_defines_sys_nerr="no"
4594 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4595 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4598 # Check libraries needed by DNS fingerprint support
4599 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4600 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4601 [Define if getrrsetbyname() exists])],
4603 # Needed by our getrrsetbyname()
4604 AC_SEARCH_LIBS([res_query], [resolv])
4605 AC_SEARCH_LIBS([dn_expand], [resolv])
4606 AC_MSG_CHECKING([if res_query will link])
4607 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4608 #include <sys/types.h>
4609 #include <netinet/in.h>
4610 #include <arpa/nameser.h>
4614 res_query (0, 0, 0, 0, 0);
4616 AC_MSG_RESULT([yes]),
4617 [AC_MSG_RESULT([no])
4619 LIBS="$LIBS -lresolv"
4620 AC_MSG_CHECKING([for res_query in -lresolv])
4621 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4622 #include <sys/types.h>
4623 #include <netinet/in.h>
4624 #include <arpa/nameser.h>
4628 res_query (0, 0, 0, 0, 0);
4630 [AC_MSG_RESULT([yes])],
4632 AC_MSG_RESULT([no])])
4634 AC_CHECK_FUNCS([_getshort _getlong])
4635 AC_CHECK_DECLS([_getshort, _getlong], , ,
4636 [#include <sys/types.h>
4637 #include <arpa/nameser.h>])
4638 AC_CHECK_MEMBER([HEADER.ad],
4639 [AC_DEFINE([HAVE_HEADER_AD], [1],
4640 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4641 [#include <arpa/nameser.h>])
4644 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4645 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4647 #if HAVE_SYS_TYPES_H
4648 # include <sys/types.h>
4650 #include <netinet/in.h>
4651 #include <arpa/nameser.h>
4653 extern struct __res_state _res;
4655 struct __res_state *volatile p = &_res; /* force resolution of _res */
4658 [AC_MSG_RESULT([yes])
4659 AC_DEFINE([HAVE__RES_EXTERN], [1],
4660 [Define if you have struct __res_state _res as an extern])
4662 [ AC_MSG_RESULT([no]) ]
4665 # Check whether user wants SELinux support
4668 AC_ARG_WITH([selinux],
4669 [ --with-selinux Enable SELinux support],
4670 [ if test "x$withval" != "xno" ; then
4672 AC_DEFINE([WITH_SELINUX], [1],
4673 [Define if you want SELinux support.])
4675 AC_CHECK_HEADER([selinux/selinux.h], ,
4676 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4677 AC_CHECK_LIB([selinux], [setexeccon],
4678 [ LIBSELINUX="-lselinux"
4679 LIBS="$LIBS -lselinux"
4681 AC_MSG_ERROR([SELinux support requires libselinux library]))
4682 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4683 LIBS="$save_LIBS $LIBSELINUX"
4686 AC_SUBST([SSHDLIBS])
4688 # Check whether user wants Kerberos 5 support
4690 AC_ARG_WITH([kerberos5],
4691 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4692 [ if test "x$withval" != "xno" ; then
4693 if test "x$withval" = "xyes" ; then
4694 KRB5ROOT="/usr/local"
4699 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4702 use_pkgconfig_for_krb5=
4703 if test "x$PKGCONFIG" != "xno"; then
4704 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
4705 if "$PKGCONFIG" krb5; then
4706 AC_MSG_RESULT([yes])
4707 use_pkgconfig_for_krb5=yes
4712 if test "x$use_pkgconfig_for_krb5" = "xyes"; then
4713 K5CFLAGS=`$PKGCONFIG --cflags krb5`
4714 K5LIBS=`$PKGCONFIG --libs krb5`
4715 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4717 AC_MSG_CHECKING([for gssapi support])
4718 if "$PKGCONFIG" krb5-gssapi; then
4719 AC_MSG_RESULT([yes])
4720 AC_DEFINE([GSSAPI], [1],
4721 [Define this if you want GSSAPI
4722 support in the version 2 protocol])
4723 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4724 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4725 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4729 AC_MSG_CHECKING([whether we are using Heimdal])
4730 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4731 ]], [[ char *tmp = heimdal_version; ]])],
4732 [ AC_MSG_RESULT([yes])
4733 AC_DEFINE([HEIMDAL], [1],
4734 [Define this if you are using the Heimdal
4735 version of Kerberos V5]) ],
4736 [AC_MSG_RESULT([no])
4739 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4740 [$KRB5ROOT/bin/krb5-config],
4741 [$KRB5ROOT/bin:$PATH])
4742 if test -x $KRB5CONF ; then
4743 K5CFLAGS="`$KRB5CONF --cflags`"
4744 K5LIBS="`$KRB5CONF --libs`"
4745 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4747 AC_MSG_CHECKING([for gssapi support])
4748 if $KRB5CONF | grep gssapi >/dev/null ; then
4749 AC_MSG_RESULT([yes])
4750 AC_DEFINE([GSSAPI], [1],
4751 [Define this if you want GSSAPI
4752 support in the version 2 protocol])
4753 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4754 GSSLIBS="`$KRB5CONF --libs gssapi`"
4755 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4759 AC_MSG_CHECKING([whether we are using Heimdal])
4760 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4761 ]], [[ char *tmp = heimdal_version; ]])],
4762 [ AC_MSG_RESULT([yes])
4763 AC_DEFINE([HEIMDAL], [1],
4764 [Define this if you are using the Heimdal
4765 version of Kerberos V5]) ],
4766 [AC_MSG_RESULT([no])
4769 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4770 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4771 AC_MSG_CHECKING([whether we are using Heimdal])
4772 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4773 ]], [[ char *tmp = heimdal_version; ]])],
4774 [ AC_MSG_RESULT([yes])
4775 AC_DEFINE([HEIMDAL])
4777 K5LIBS="$K5LIBS -lcom_err -lasn1"
4778 AC_CHECK_LIB([roken], [net_write],
4779 [K5LIBS="$K5LIBS -lroken"])
4780 AC_CHECK_LIB([des], [des_cbc_encrypt],
4781 [K5LIBS="$K5LIBS -ldes"])
4782 ], [ AC_MSG_RESULT([no])
4783 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4785 AC_SEARCH_LIBS([dn_expand], [resolv])
4787 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4788 [ AC_DEFINE([GSSAPI])
4789 GSSLIBS="-lgssapi_krb5" ],
4790 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4791 [ AC_DEFINE([GSSAPI])
4792 GSSLIBS="-lgssapi" ],
4793 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4794 [ AC_DEFINE([GSSAPI])
4796 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4800 AC_CHECK_HEADER([gssapi.h], ,
4801 [ unset ac_cv_header_gssapi_h
4802 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4803 AC_CHECK_HEADERS([gssapi.h], ,
4804 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4810 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4811 AC_CHECK_HEADER([gssapi_krb5.h], ,
4812 [ CPPFLAGS="$oldCPP" ])
4816 if test -n "${rpath_opt}" ; then
4817 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
4819 if test ! -z "$blibpath" ; then
4820 blibpath="$blibpath:${KRB5ROOT}/lib"
4823 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4824 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4825 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4827 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4828 [Define this if you want to use libkafs' AFS support])])
4830 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4831 #ifdef HAVE_GSSAPI_H
4832 # include <gssapi.h>
4833 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4834 # include <gssapi/gssapi.h>
4837 #ifdef HAVE_GSSAPI_GENERIC_H
4838 # include <gssapi_generic.h>
4839 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4840 # include <gssapi/gssapi_generic.h>
4844 LIBS="$LIBS $K5LIBS"
4845 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4853 AC_SUBST([CHANNELLIBS])
4855 # Looking for programs, paths and files
4857 PRIVSEP_PATH=/var/empty
4858 AC_ARG_WITH([privsep-path],
4859 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4861 if test -n "$withval" && test "x$withval" != "xno" && \
4862 test "x${withval}" != "xyes"; then
4863 PRIVSEP_PATH=$withval
4867 AC_SUBST([PRIVSEP_PATH])
4869 AC_ARG_WITH([xauth],
4870 [ --with-xauth=PATH Specify path to xauth program ],
4872 if test -n "$withval" && test "x$withval" != "xno" && \
4873 test "x${withval}" != "xyes"; then
4879 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4880 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4881 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4882 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4883 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4884 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4885 xauth_path="/usr/openwin/bin/xauth"
4891 AC_ARG_ENABLE([strip],
4892 [ --disable-strip Disable calling strip(1) on install],
4894 if test "x$enableval" = "xno" ; then
4899 AC_SUBST([STRIP_OPT])
4901 if test -z "$xauth_path" ; then
4902 XAUTH_PATH="undefined"
4903 AC_SUBST([XAUTH_PATH])
4905 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4906 [Define if xauth is found in your path])
4907 XAUTH_PATH=$xauth_path
4908 AC_SUBST([XAUTH_PATH])
4911 dnl # --with-maildir=/path/to/mail gets top priority.
4912 dnl # if maildir is set in the platform case statement above we use that.
4913 dnl # Otherwise we run a program to get the dir from system headers.
4914 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4915 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4916 dnl # session.c expects anyway. Otherwise we set to the value found
4917 dnl # stripping any trailing slash. If for some strage reason our program
4918 dnl # does not find what it needs, we default to /var/spool/mail.
4919 # Check for mail directory
4920 AC_ARG_WITH([maildir],
4921 [ --with-maildir=/path/to/mail Specify your system mail directory],
4923 if test "X$withval" != X && test "x$withval" != xno && \
4924 test "x${withval}" != xyes; then
4925 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4926 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4929 if test "X$maildir" != "X"; then
4930 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4932 AC_MSG_CHECKING([Discovering system mail directory])
4941 #ifdef HAVE_MAILLOCK_H
4942 #include <maillock.h>
4944 #define DATA "conftest.maildir"
4949 fd = fopen(DATA,"w");
4953 #if defined (_PATH_MAILDIR)
4954 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4956 #elif defined (MAILDIR)
4957 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4959 #elif defined (_PATH_MAIL)
4960 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4969 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4970 maildir=`awk -F: '{print $2}' conftest.maildir \
4972 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4973 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4974 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4978 if test "X$ac_status" = "X2";then
4979 # our test program didn't find it. Default to /var/spool/mail
4980 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4981 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4983 AC_MSG_RESULT([*** not found ***])
4987 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4994 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4995 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4996 disable_ptmx_check=yes
4998 if test -z "$no_dev_ptmx" ; then
4999 if test "x$disable_ptmx_check" != "xyes" ; then
5000 AC_CHECK_FILE(["/dev/ptmx"],
5002 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
5003 [Define if you have /dev/ptmx])
5010 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5011 AC_CHECK_FILE(["/dev/ptc"],
5013 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
5014 [Define if you have /dev/ptc])
5019 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5022 # Options from here on. Some of these are preset by platform above
5023 AC_ARG_WITH([mantype],
5024 [ --with-mantype=man|cat|doc Set man page type],
5031 AC_MSG_ERROR([invalid man type: $withval])
5036 if test -z "$MANTYPE"; then
5037 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5039 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5041 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5048 if test "$MANTYPE" = "doc"; then
5053 AC_SUBST([mansubdir])
5055 # Whether to disable shadow password support
5056 AC_ARG_WITH([shadow],
5057 [ --without-shadow Disable shadow password support],
5059 if test "x$withval" = "xno" ; then
5060 AC_DEFINE([DISABLE_SHADOW])
5066 if test -z "$disable_shadow" ; then
5067 AC_MSG_CHECKING([if the systems has expire shadow information])
5068 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5069 #include <sys/types.h>
5072 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
5073 [ sp_expire_available=yes ], [
5076 if test "x$sp_expire_available" = "xyes" ; then
5077 AC_MSG_RESULT([yes])
5078 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
5079 [Define if you want to use shadow password expire field])
5085 # Use ip address instead of hostname in $DISPLAY
5086 if test ! -z "$IPADDR_IN_DISPLAY" ; then
5087 DISPLAY_HACK_MSG="yes"
5088 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
5089 [Define if you need to use IP address
5090 instead of hostname in $DISPLAY])
5092 DISPLAY_HACK_MSG="no"
5093 AC_ARG_WITH([ipaddr-display],
5094 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
5096 if test "x$withval" != "xno" ; then
5097 AC_DEFINE([IPADDR_IN_DISPLAY])
5098 DISPLAY_HACK_MSG="yes"
5104 # check for /etc/default/login and use it if present.
5105 AC_ARG_ENABLE([etc-default-login],
5106 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5107 [ if test "x$enableval" = "xno"; then
5108 AC_MSG_NOTICE([/etc/default/login handling disabled])
5109 etc_default_login=no
5111 etc_default_login=yes
5113 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5115 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
5116 etc_default_login=no
5118 etc_default_login=yes
5122 if test "x$etc_default_login" != "xno"; then
5123 AC_CHECK_FILE(["/etc/default/login"],
5124 [ external_path_file=/etc/default/login ])
5125 if test "x$external_path_file" = "x/etc/default/login"; then
5126 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
5127 [Define if your system has /etc/default/login])
5131 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5132 if test $ac_cv_func_login_getcapbool = "yes" && \
5133 test $ac_cv_header_login_cap_h = "yes" ; then
5134 external_path_file=/etc/login.conf
5137 # Whether to mess with the default path
5138 SERVER_PATH_MSG="(default)"
5139 AC_ARG_WITH([default-path],
5140 [ --with-default-path= Specify default $PATH environment for server],
5142 if test "x$external_path_file" = "x/etc/login.conf" ; then
5144 --with-default-path=PATH has no effect on this system.
5145 Edit /etc/login.conf instead.])
5146 elif test "x$withval" != "xno" ; then
5147 if test ! -z "$external_path_file" ; then
5149 --with-default-path=PATH will only be used if PATH is not defined in
5150 $external_path_file .])
5152 user_path="$withval"
5153 SERVER_PATH_MSG="$withval"
5156 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
5157 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
5159 if test ! -z "$external_path_file" ; then
5161 If PATH is defined in $external_path_file, ensure the path to scp is included,
5162 otherwise scp will not work.])
5166 /* find out what STDPATH is */
5172 #ifndef _PATH_STDPATH
5173 # ifdef _PATH_USERPATH /* Irix */
5174 # define _PATH_STDPATH _PATH_USERPATH
5176 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
5179 #include <sys/types.h>
5180 #include <sys/stat.h>
5182 #define DATA "conftest.stdpath"
5187 fd = fopen(DATA,"w");
5191 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
5196 [ user_path=`cat conftest.stdpath` ],
5197 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
5198 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
5200 # make sure $bindir is in USER_PATH so scp will work
5201 t_bindir="${bindir}"
5202 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5203 t_bindir=`eval echo ${t_bindir}`
5205 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
5208 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
5211 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
5212 if test $? -ne 0 ; then
5213 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
5214 if test $? -ne 0 ; then
5215 user_path=$user_path:$t_bindir
5216 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
5221 if test "x$external_path_file" != "x/etc/login.conf" ; then
5222 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
5223 AC_SUBST([user_path])
5226 # Set superuser path separately to user path
5227 AC_ARG_WITH([superuser-path],
5228 [ --with-superuser-path= Specify different path for super-user],
5230 if test -n "$withval" && test "x$withval" != "xno" && \
5231 test "x${withval}" != "xyes"; then
5232 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
5233 [Define if you want a different $PATH
5235 superuser_path=$withval
5241 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5242 IPV4_IN6_HACK_MSG="no"
5244 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
5246 if test "x$withval" != "xno" ; then
5247 AC_MSG_RESULT([yes])
5248 AC_DEFINE([IPV4_IN_IPV6], [1],
5249 [Detect IPv4 in IPv6 mapped addresses
5251 IPV4_IN6_HACK_MSG="yes"
5256 if test "x$inet6_default_4in6" = "xyes"; then
5257 AC_MSG_RESULT([yes (default)])
5258 AC_DEFINE([IPV4_IN_IPV6])
5259 IPV4_IN6_HACK_MSG="yes"
5261 AC_MSG_RESULT([no (default)])
5266 # Whether to enable BSD auth support
5268 AC_ARG_WITH([bsd-auth],
5269 [ --with-bsd-auth Enable BSD auth support],
5271 if test "x$withval" != "xno" ; then
5272 AC_DEFINE([BSD_AUTH], [1],
5273 [Define if you have BSD auth support])
5279 # Where to place sshd.pid
5281 # make sure the directory exists
5282 if test ! -d $piddir ; then
5283 piddir=`eval echo ${sysconfdir}`
5285 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5289 AC_ARG_WITH([pid-dir],
5290 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5292 if test -n "$withval" && test "x$withval" != "xno" && \
5293 test "x${withval}" != "xyes"; then
5295 if test ! -d $piddir ; then
5296 AC_MSG_WARN([** no $piddir directory on this system **])
5302 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5303 [Specify location of ssh.pid])
5306 dnl allow user to disable some login recording features
5307 AC_ARG_ENABLE([lastlog],
5308 [ --disable-lastlog disable use of lastlog even if detected [no]],
5310 if test "x$enableval" = "xno" ; then
5311 AC_DEFINE([DISABLE_LASTLOG])
5315 AC_ARG_ENABLE([utmp],
5316 [ --disable-utmp disable use of utmp even if detected [no]],
5318 if test "x$enableval" = "xno" ; then
5319 AC_DEFINE([DISABLE_UTMP])
5323 AC_ARG_ENABLE([utmpx],
5324 [ --disable-utmpx disable use of utmpx even if detected [no]],
5326 if test "x$enableval" = "xno" ; then
5327 AC_DEFINE([DISABLE_UTMPX], [1],
5328 [Define if you don't want to use utmpx])
5332 AC_ARG_ENABLE([wtmp],
5333 [ --disable-wtmp disable use of wtmp even if detected [no]],
5335 if test "x$enableval" = "xno" ; then
5336 AC_DEFINE([DISABLE_WTMP])
5340 AC_ARG_ENABLE([wtmpx],
5341 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5343 if test "x$enableval" = "xno" ; then
5344 AC_DEFINE([DISABLE_WTMPX], [1],
5345 [Define if you don't want to use wtmpx])
5349 AC_ARG_ENABLE([libutil],
5350 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5352 if test "x$enableval" = "xno" ; then
5353 AC_DEFINE([DISABLE_LOGIN])
5357 AC_ARG_ENABLE([pututline],
5358 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5360 if test "x$enableval" = "xno" ; then
5361 AC_DEFINE([DISABLE_PUTUTLINE], [1],
5362 [Define if you don't want to use pututline()
5363 etc. to write [uw]tmp])
5367 AC_ARG_ENABLE([pututxline],
5368 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5370 if test "x$enableval" = "xno" ; then
5371 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5372 [Define if you don't want to use pututxline()
5373 etc. to write [uw]tmpx])
5377 AC_ARG_WITH([lastlog],
5378 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5380 if test "x$withval" = "xno" ; then
5381 AC_DEFINE([DISABLE_LASTLOG])
5382 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5383 conf_lastlog_location=$withval
5388 dnl lastlog, [uw]tmpx? detection
5389 dnl NOTE: set the paths in the platform section to avoid the
5390 dnl need for command-line parameters
5391 dnl lastlog and [uw]tmp are subject to a file search if all else fails
5393 dnl lastlog detection
5394 dnl NOTE: the code itself will detect if lastlog is a directory
5395 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5396 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5397 #include <sys/types.h>
5399 #ifdef HAVE_LASTLOG_H
5400 # include <lastlog.h>
5408 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
5409 [ AC_MSG_RESULT([yes]) ],
5412 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5413 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5414 #include <sys/types.h>
5416 #ifdef HAVE_LASTLOG_H
5417 # include <lastlog.h>
5422 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5423 [ AC_MSG_RESULT([yes]) ],
5426 system_lastlog_path=no
5430 if test -z "$conf_lastlog_location"; then
5431 if test x"$system_lastlog_path" = x"no" ; then
5432 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5433 if (test -d "$f" || test -f "$f") ; then
5434 conf_lastlog_location=$f
5437 if test -z "$conf_lastlog_location"; then
5438 AC_MSG_WARN([** Cannot find lastlog **])
5439 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5444 if test -n "$conf_lastlog_location"; then
5445 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5446 [Define if you want to specify the path to your lastlog file])
5450 AC_MSG_CHECKING([if your system defines UTMP_FILE])
5451 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5452 #include <sys/types.h>
5457 ]], [[ char *utmp = UTMP_FILE; ]])],
5458 [ AC_MSG_RESULT([yes]) ],
5459 [ AC_MSG_RESULT([no])
5462 if test -z "$conf_utmp_location"; then
5463 if test x"$system_utmp_path" = x"no" ; then
5464 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5465 if test -f $f ; then
5466 conf_utmp_location=$f
5469 if test -z "$conf_utmp_location"; then
5470 AC_DEFINE([DISABLE_UTMP])
5474 if test -n "$conf_utmp_location"; then
5475 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5476 [Define if you want to specify the path to your utmp file])
5480 AC_MSG_CHECKING([if your system defines WTMP_FILE])
5481 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5482 #include <sys/types.h>
5487 ]], [[ char *wtmp = WTMP_FILE; ]])],
5488 [ AC_MSG_RESULT([yes]) ],
5489 [ AC_MSG_RESULT([no])
5492 if test -z "$conf_wtmp_location"; then
5493 if test x"$system_wtmp_path" = x"no" ; then
5494 for f in /usr/adm/wtmp /var/log/wtmp; do
5495 if test -f $f ; then
5496 conf_wtmp_location=$f
5499 if test -z "$conf_wtmp_location"; then
5500 AC_DEFINE([DISABLE_WTMP])
5504 if test -n "$conf_wtmp_location"; then
5505 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5506 [Define if you want to specify the path to your wtmp file])
5510 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5511 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5512 #include <sys/types.h>
5520 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5521 [ AC_MSG_RESULT([yes]) ],
5522 [ AC_MSG_RESULT([no])
5523 system_wtmpx_path=no
5525 if test -z "$conf_wtmpx_location"; then
5526 if test x"$system_wtmpx_path" = x"no" ; then
5527 AC_DEFINE([DISABLE_WTMPX])
5530 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5531 [Define if you want to specify the path to your wtmpx file])
5535 if test ! -z "$blibpath" ; then
5536 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5537 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5540 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5541 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5542 AC_DEFINE([DISABLE_LASTLOG])
5545 #ifdef HAVE_SYS_TYPES_H
5546 #include <sys/types.h>
5554 #ifdef HAVE_LASTLOG_H
5555 #include <lastlog.h>
5559 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5560 AC_DEFINE([DISABLE_UTMP])
5561 AC_DEFINE([DISABLE_WTMP])
5563 #ifdef HAVE_SYS_TYPES_H
5564 #include <sys/types.h>
5572 #ifdef HAVE_LASTLOG_H
5573 #include <lastlog.h>
5577 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5579 CFLAGS="$CFLAGS $werror_flags"
5581 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5586 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5587 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5588 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5589 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5590 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5591 AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5593 CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5594 LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5596 # Make a copy of CFLAGS/LDFLAGS without PIE options.
5597 LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5598 CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5599 AC_SUBST([LDFLAGS_NOPIE])
5600 AC_SUBST([CFLAGS_NOPIE])
5603 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5604 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5608 # Print summary of options
5610 # Someone please show me a better way :)
5611 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5612 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5613 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5614 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5615 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5616 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5617 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5618 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5619 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5620 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5623 echo "OpenSSH has been configured with the following options:"
5624 echo " User binaries: $B"
5625 echo " System binaries: $C"
5626 echo " Configuration files: $D"
5627 echo " Askpass program: $E"
5628 echo " Manual pages: $F"
5629 echo " PID file: $G"
5630 echo " Privilege separation chroot path: $H"
5631 if test "x$external_path_file" = "x/etc/login.conf" ; then
5632 echo " At runtime, sshd will use the path defined in $external_path_file"
5633 echo " Make sure the path to scp is present, otherwise scp will not work"
5635 echo " sshd default user PATH: $I"
5636 if test ! -z "$external_path_file"; then
5637 echo " (If PATH is set in $external_path_file it will be used instead. If"
5638 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5641 if test ! -z "$superuser_path" ; then
5642 echo " sshd superuser user PATH: $J"
5644 echo " Manpage format: $MANTYPE"
5645 echo " PAM support: $PAM_MSG"
5646 echo " OSF SIA support: $SIA_MSG"
5647 echo " KerberosV support: $KRB5_MSG"
5648 echo " SELinux support: $SELINUX_MSG"
5649 echo " TCP Wrappers support: $TCPW_MSG"
5650 echo " libedit support: $LIBEDIT_MSG"
5651 echo " libldns support: $LDNS_MSG"
5652 echo " Solaris process contract support: $SPC_MSG"
5653 echo " Solaris project support: $SP_MSG"
5654 echo " Solaris privilege support: $SPP_MSG"
5655 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5656 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5657 echo " BSD Auth support: $BSD_AUTH_MSG"
5658 echo " Random number source: $RAND_MSG"
5659 echo " Privsep sandbox style: $SANDBOX_STYLE"
5660 echo " PKCS#11 support: $enable_pkcs11"
5661 echo " U2F/FIDO support: $enable_sk"
5665 echo " Host: ${host}"
5666 echo " Compiler: ${CC}"
5667 echo " Compiler flags: ${CFLAGS}"
5668 echo "Preprocessor flags: ${CPPFLAGS}"
5669 echo " Linker flags: ${LDFLAGS}"
5670 echo " Libraries: ${LIBS}"
5671 if test ! -z "${CHANNELLIBS}"; then
5672 echo " +for channels: ${CHANNELLIBS}"
5674 if test ! -z "${LIBFIDO2}"; then
5675 echo " +for FIDO2: ${LIBFIDO2}"
5677 if test ! -z "${SSHDLIBS}"; then
5678 echo " +for sshd: ${SSHDLIBS}"
5683 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5684 echo "SVR4 style packages are supported with \"make package\""
5688 if test "x$PAM_MSG" = "xyes" ; then
5689 echo "PAM is enabled. You may need to install a PAM control file "
5690 echo "for sshd, otherwise password authentication may fail. "
5691 echo "Example PAM control files can be found in the contrib/ "
5696 if test ! -z "$NO_PEERCHECK" ; then
5697 echo "WARNING: the operating system that you are using does not"
5698 echo "appear to support getpeereid(), getpeerucred() or the"
5699 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5700 echo "enforce security checks to prevent unauthorised connections to"
5701 echo "ssh-agent. Their absence increases the risk that a malicious"
5702 echo "user can connect to your agent."
5706 if test "$AUDIT_MODULE" = "bsm" ; then
5707 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5708 echo "See the Solaris section in README.platform for details."