1 # $Id: configure.ac,v 1.571 2014/02/21 17:09:34 tim Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18 AC_REVISION($Revision: 1.571 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_CONFIG_HEADER([config.h])
27 # Checks for programs.
33 AC_PATH_PROG([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROGS([PERL], [perl5 perl])
37 AC_PATH_PROG([SED], [sed])
39 AC_PATH_PROG([ENT], [ent])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44 AC_PATH_PROG([SH], [sh])
45 AC_PATH_PROG([GROFF], [groff])
46 AC_PATH_PROG([NROFF], [nroff])
47 AC_PATH_PROG([MANDOC], [mandoc])
48 AC_SUBST([TEST_SHELL], [sh])
50 dnl select manpage formatter
51 if test "x$MANDOC" != "x" ; then
53 elif test "x$NROFF" != "x" ; then
54 MANFMT="$NROFF -mandoc"
55 elif test "x$GROFF" != "x" ; then
56 MANFMT="$GROFF -mandoc -Tascii"
58 AC_MSG_WARN([no manpage formatted found])
64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67 [/usr/sbin${PATH_SEPARATOR}/etc])
68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69 if test -x /sbin/sh; then
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
78 if test -z "$AR" ; then
79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
82 # Use LOGIN_PROGRAM from environment if possible
83 if test ! -z "$LOGIN_PROGRAM" ; then
84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
85 [If your header files don't define LOGIN_PROGRAM,
86 then use this (detected) from environment and PATH])
89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
95 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
96 if test ! -z "$PATH_PASSWD_PROG" ; then
97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
98 [Full path of your "passwd" program])
101 if test -z "$LD" ; then
108 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
109 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
110 #include <sys/types.h>
111 #include <sys/param.h>
112 #include <dev/systrace.h>
114 AC_CHECK_DECL([RLIMIT_NPROC],
115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
116 #include <sys/types.h>
117 #include <sys/resource.h>
119 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
120 #include <sys/types.h>
121 #include <linux/prctl.h>
124 use_stack_protector=1
125 use_toolchain_hardening=1
126 AC_ARG_WITH([stackprotect],
127 [ --without-stackprotect Don't use compiler's stack protection], [
128 if test "x$withval" = "xno"; then
129 use_stack_protector=0
131 AC_ARG_WITH([hardening],
132 [ --without-hardening Don't use toolchain hardening flags], [
133 if test "x$withval" = "xno"; then
134 use_toolchain_hardening=0
137 # We use -Werror for the tests only so that we catch warnings like "this is
138 # on by default" for things like -fPIE.
139 AC_MSG_CHECKING([if $CC supports -Werror])
140 saved_CFLAGS="$CFLAGS"
141 CFLAGS="$CFLAGS -Werror"
142 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
143 [ AC_MSG_RESULT([yes])
145 [ AC_MSG_RESULT([no])
148 CFLAGS="$saved_CFLAGS"
150 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
151 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
152 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
153 OSSH_CHECK_CFLAG_COMPILE([-Wall])
154 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
155 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
156 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
157 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
158 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
159 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
160 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
161 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
162 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
163 if test "x$use_toolchain_hardening" = "x1"; then
164 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
165 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
166 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
167 # NB. -ftrapv expects certain support functions to be present in
168 # the compiler library (libgcc or similar) to detect integer operations
169 # that can overflow. We must check that the result of enabling it
170 # actually links. The test program compiled/linked includes a number
171 # of integer operations that should exercise this.
172 OSSH_CHECK_CFLAG_LINK([-ftrapv])
174 AC_MSG_CHECKING([gcc version])
175 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
177 1.*) no_attrib_nonnull=1 ;;
181 2.*) no_attrib_nonnull=1 ;;
184 AC_MSG_RESULT([$GCC_VER])
186 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
187 saved_CFLAGS="$CFLAGS"
188 CFLAGS="$CFLAGS -fno-builtin-memset"
189 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
190 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
191 [ AC_MSG_RESULT([yes]) ],
192 [ AC_MSG_RESULT([no])
193 CFLAGS="$saved_CFLAGS" ]
196 # -fstack-protector-all doesn't always work for some GCC versions
197 # and/or platforms, so we test if we can. If it's not supported
198 # on a given platform gcc will emit a warning so we use -Werror.
199 if test "x$use_stack_protector" = "x1"; then
200 for t in -fstack-protector-strong -fstack-protector-all \
201 -fstack-protector; do
202 AC_MSG_CHECKING([if $CC supports $t])
203 saved_CFLAGS="$CFLAGS"
204 saved_LDFLAGS="$LDFLAGS"
205 CFLAGS="$CFLAGS $t -Werror"
206 LDFLAGS="$LDFLAGS $t -Werror"
208 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
211 snprintf(x, sizeof(x), "XXX");
213 [ AC_MSG_RESULT([yes])
214 CFLAGS="$saved_CFLAGS $t"
215 LDFLAGS="$saved_LDFLAGS $t"
216 AC_MSG_CHECKING([if $t works])
218 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
221 snprintf(x, sizeof(x), "XXX");
223 [ AC_MSG_RESULT([yes])
225 [ AC_MSG_RESULT([no]) ],
226 [ AC_MSG_WARN([cross compiling: cannot test])
230 [ AC_MSG_RESULT([no]) ]
232 CFLAGS="$saved_CFLAGS"
233 LDFLAGS="$saved_LDFLAGS"
237 if test -z "$have_llong_max"; then
238 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
239 unset ac_cv_have_decl_LLONG_MAX
240 saved_CFLAGS="$CFLAGS"
241 CFLAGS="$CFLAGS -std=gnu99"
242 AC_CHECK_DECL([LLONG_MAX],
244 [CFLAGS="$saved_CFLAGS"],
245 [#include <limits.h>]
250 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
254 __attribute__((__unused__)) static void foo(void){return;}]],
256 [ AC_MSG_RESULT([yes]) ],
257 [ AC_MSG_RESULT([no])
258 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
259 [compiler does not accept __attribute__ on return types]) ]
262 if test "x$no_attrib_nonnull" != "x1" ; then
263 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
267 [ --without-rpath Disable auto-added -R linker paths],
269 if test "x$withval" = "xno" ; then
272 if test "x$withval" = "xyes" ; then
278 # Allow user to specify flags
279 AC_ARG_WITH([cflags],
280 [ --with-cflags Specify additional flags to pass to compiler],
282 if test -n "$withval" && test "x$withval" != "xno" && \
283 test "x${withval}" != "xyes"; then
284 CFLAGS="$CFLAGS $withval"
288 AC_ARG_WITH([cppflags],
289 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
291 if test -n "$withval" && test "x$withval" != "xno" && \
292 test "x${withval}" != "xyes"; then
293 CPPFLAGS="$CPPFLAGS $withval"
297 AC_ARG_WITH([ldflags],
298 [ --with-ldflags Specify additional flags to pass to linker],
300 if test -n "$withval" && test "x$withval" != "xno" && \
301 test "x${withval}" != "xyes"; then
302 LDFLAGS="$LDFLAGS $withval"
307 [ --with-libs Specify additional libraries to link with],
309 if test -n "$withval" && test "x$withval" != "xno" && \
310 test "x${withval}" != "xyes"; then
311 LIBS="$LIBS $withval"
315 AC_ARG_WITH([Werror],
316 [ --with-Werror Build main code with -Werror],
318 if test -n "$withval" && test "x$withval" != "xno"; then
319 werror_flags="-Werror"
320 if test "x${withval}" != "xyes"; then
321 werror_flags="$withval"
357 security/pam_appl.h \
397 # lastlog.h requires sys/time.h to be included first on Solaris
398 AC_CHECK_HEADERS([lastlog.h], [], [], [
399 #ifdef HAVE_SYS_TIME_H
400 # include <sys/time.h>
404 # sys/ptms.h requires sys/stream.h to be included first on Solaris
405 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
406 #ifdef HAVE_SYS_STREAM_H
407 # include <sys/stream.h>
411 # login_cap.h requires sys/types.h on NetBSD
412 AC_CHECK_HEADERS([login_cap.h], [], [], [
413 #include <sys/types.h>
416 # older BSDs need sys/param.h before sys/mount.h
417 AC_CHECK_HEADERS([sys/mount.h], [], [], [
418 #include <sys/param.h>
421 # Android requires sys/socket.h to be included before sys/un.h
422 AC_CHECK_HEADERS([sys/un.h], [], [], [
423 #include <sys/types.h>
424 #include <sys/socket.h>
427 # Messages for features tested for in target-specific section
432 # Check for some target-specific stuff
435 # Some versions of VAC won't allow macro redefinitions at
436 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
437 # particularly with older versions of vac or xlc.
438 # It also throws errors about null macro argments, but these are
440 AC_MSG_CHECKING([if compiler allows macro redefinitions])
443 #define testmacro foo
444 #define testmacro bar]],
446 [ AC_MSG_RESULT([yes]) ],
447 [ AC_MSG_RESULT([no])
448 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
449 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
450 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
451 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
455 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
456 if (test -z "$blibpath"); then
457 blibpath="/usr/lib:/lib"
459 saved_LDFLAGS="$LDFLAGS"
460 if test "$GCC" = "yes"; then
461 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
463 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
465 for tryflags in $flags ;do
466 if (test -z "$blibflags"); then
467 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
468 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
469 [blibflags=$tryflags], [])
472 if (test -z "$blibflags"); then
473 AC_MSG_RESULT([not found])
474 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
476 AC_MSG_RESULT([$blibflags])
478 LDFLAGS="$saved_LDFLAGS"
479 dnl Check for authenticate. Might be in libs.a on older AIXes
480 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
481 [Define if you want to enable AIX4's authenticate function])],
482 [AC_CHECK_LIB([s], [authenticate],
483 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
487 dnl Check for various auth function declarations in headers.
488 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
489 passwdexpired, setauthdb], , , [#include <usersec.h>])
490 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
491 AC_CHECK_DECLS([loginfailed],
492 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
493 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
494 [[ (void)loginfailed("user","host","tty",0); ]])],
495 [AC_MSG_RESULT([yes])
496 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
497 [Define if your AIX loginfailed() function
498 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
501 [#include <usersec.h>]
503 AC_CHECK_FUNCS([getgrset setauthdb])
504 AC_CHECK_DECL([F_CLOSEM],
505 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
507 [ #include <limits.h>
510 check_for_aix_broken_getaddrinfo=1
511 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
512 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
513 [Define if your platform breaks doing a seteuid before a setuid])
514 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
515 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
516 dnl AIX handles lastlog as part of its login message
517 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
518 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
519 [Some systems need a utmpx entry for /bin/login to work])
520 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
521 [Define to a Set Process Title type if your system is
522 supported by bsd-setproctitle.c])
523 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
524 [AIX 5.2 and 5.3 (and presumably newer) require this])
525 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
526 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
529 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
530 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
533 check_for_libcrypt_later=1
534 LIBS="$LIBS /usr/lib/textreadmode.o"
535 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
536 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
537 AC_DEFINE([DISABLE_SHADOW], [1],
538 [Define if you want to disable shadow passwords])
539 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
540 [Define if X11 doesn't support AF_UNIX sockets on that system])
541 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
542 [Define if the concept of ports only accessible to
543 superusers isn't known])
544 AC_DEFINE([DISABLE_FD_PASSING], [1],
545 [Define if your platform needs to skip post auth
546 file descriptor passing])
547 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
548 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
549 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
550 # reasons which cause compile warnings, so we disable those warnings.
551 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
554 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
555 [Define if your system choked on IP TOS setting])
556 AC_DEFINE([SETEUID_BREAKS_SETUID])
557 AC_DEFINE([BROKEN_SETREUID])
558 AC_DEFINE([BROKEN_SETREGID])
562 AC_MSG_CHECKING([if we have working getaddrinfo])
563 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
564 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
570 [AC_MSG_RESULT([working])],
571 [AC_MSG_RESULT([buggy])
572 AC_DEFINE([BROKEN_GETADDRINFO], [1],
573 [getaddrinfo is broken (if present)])
575 [AC_MSG_RESULT([assume it is working])])
576 AC_DEFINE([SETEUID_BREAKS_SETUID])
577 AC_DEFINE([BROKEN_SETREUID])
578 AC_DEFINE([BROKEN_SETREGID])
579 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
580 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
581 [Define if your resolver libs need this for getrrsetbyname])
582 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
583 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
584 [Use tunnel device compatibility to OpenBSD])
585 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
586 [Prepend the address family to IP tunnel traffic])
587 m4_pattern_allow([AU_IPv])
588 AC_CHECK_DECL([AU_IPv4], [],
589 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
590 [#include <bsm/audit.h>]
591 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
592 [Define if pututxline updates lastlog too])
594 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
595 [Define to a Set Process Title type if your system is
596 supported by bsd-setproctitle.c])
597 AC_CHECK_FUNCS([sandbox_init])
598 AC_CHECK_HEADERS([sandbox.h])
601 SSHDLIBS="$SSHDLIBS -lcrypt"
602 TEST_MALLOC_OPTIONS="AFGJPRX"
606 AC_CHECK_LIB([network], [socket])
607 AC_DEFINE([HAVE_U_INT64_T])
611 # first we define all of the options common to all HP-UX releases
612 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
613 IPADDR_IN_DISPLAY=yes
614 AC_DEFINE([USE_PIPES])
615 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
616 [Define if your login program cannot handle end of options ("--")])
617 AC_DEFINE([LOGIN_NEEDS_UTMPX])
618 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
619 [String used in /etc/passwd to denote locked account])
620 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
621 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
624 AC_CHECK_LIB([xnet], [t_error], ,
625 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
627 # next, we define all of the options specific to major releases
630 if test -z "$GCC"; then
635 AC_DEFINE([PAM_SUN_CODEBASE], [1],
636 [Define if you are using Solaris-derived PAM which
637 passes pam_messages to the conversation function
638 with an extra level of indirection])
639 AC_DEFINE([DISABLE_UTMP], [1],
640 [Define if you don't want to use utmp])
641 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
642 check_for_hpux_broken_getaddrinfo=1
643 check_for_conflicting_getspnam=1
647 # lastly, we define options specific to minor releases
650 AC_DEFINE([HAVE_SECUREWARE], [1],
651 [Define if you have SecureWare-based
652 protected password database])
653 disable_ptmx_check=yes
659 PATH="$PATH:/usr/etc"
660 AC_DEFINE([BROKEN_INET_NTOA], [1],
661 [Define if you system's inet_ntoa is busted
662 (e.g. Irix gcc issue)])
663 AC_DEFINE([SETEUID_BREAKS_SETUID])
664 AC_DEFINE([BROKEN_SETREUID])
665 AC_DEFINE([BROKEN_SETREGID])
666 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
667 [Define if you shouldn't strip 'tty' from your
669 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
672 PATH="$PATH:/usr/etc"
673 AC_DEFINE([WITH_IRIX_ARRAY], [1],
674 [Define if you have/want arrays
675 (cluster-wide session managment, not C arrays)])
676 AC_DEFINE([WITH_IRIX_PROJECT], [1],
677 [Define if you want IRIX project management])
678 AC_DEFINE([WITH_IRIX_AUDIT], [1],
679 [Define if you want IRIX audit trails])
680 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
681 [Define if you want IRIX kernel jobs])])
682 AC_DEFINE([BROKEN_INET_NTOA])
683 AC_DEFINE([SETEUID_BREAKS_SETUID])
684 AC_DEFINE([BROKEN_SETREUID])
685 AC_DEFINE([BROKEN_SETREGID])
686 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
687 AC_DEFINE([WITH_ABBREV_NO_TTY])
688 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
690 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
691 check_for_libcrypt_later=1
692 AC_DEFINE([PAM_TTY_KLUDGE])
693 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
694 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
695 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
696 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
701 check_for_libcrypt_later=1
702 check_for_openpty_ctty_bug=1
703 AC_DEFINE([PAM_TTY_KLUDGE], [1],
704 [Work around problematic Linux PAM modules handling of PAM_TTY])
705 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
706 [String used in /etc/passwd to denote locked account])
707 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
708 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
709 [Define to whatever link() returns for "not supported"
710 if it doesn't return EOPNOTSUPP.])
711 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
712 AC_DEFINE([USE_BTMP])
713 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
714 inet6_default_4in6=yes
717 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
718 [Define if cmsg_type is not passed correctly])
721 # tun(4) forwarding compat code
722 AC_CHECK_HEADERS([linux/if_tun.h])
723 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
724 AC_DEFINE([SSH_TUN_LINUX], [1],
725 [Open tunnel devices the Linux tun/tap way])
726 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
727 [Use tunnel device compatibility to OpenBSD])
728 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
729 [Prepend the address family to IP tunnel traffic])
731 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
732 [], [#include <linux/types.h>])
733 AC_CHECK_FUNCS([prctl])
734 AC_MSG_CHECKING([for seccomp architecture])
738 seccomp_audit_arch=AUDIT_ARCH_X86_64
741 seccomp_audit_arch=AUDIT_ARCH_I386
744 seccomp_audit_arch=AUDIT_ARCH_ARM
747 if test "x$seccomp_audit_arch" != "x" ; then
748 AC_MSG_RESULT(["$seccomp_audit_arch"])
749 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
750 [Specify the system call convention in use])
752 AC_MSG_RESULT([architecture not supported])
755 mips-sony-bsd|mips-sony-newsos4)
756 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
760 check_for_libcrypt_before=1
761 if test "x$withval" != "xno" ; then
764 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
765 AC_CHECK_HEADER([net/if_tap.h], ,
766 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
767 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
768 [Prepend the address family to IP tunnel traffic])
769 TEST_MALLOC_OPTIONS="AJRX"
770 AC_DEFINE([BROKEN_STRNVIS], [1],
771 [NetBSD strnvis argument order is swapped compared to OpenBSD])
772 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
773 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
776 check_for_libcrypt_later=1
777 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
778 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
779 AC_CHECK_HEADER([net/if_tap.h], ,
780 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
781 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
782 AC_DEFINE([BROKEN_STRNVIS], [1],
783 [FreeBSD strnvis argument order is swapped compared to OpenBSD])
784 TEST_MALLOC_OPTIONS="AJRX"
785 # Preauth crypto occasionally uses file descriptors for crypto offload
786 # and will crash if they cannot be opened.
787 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
788 [define if setrlimit RLIMIT_NOFILE breaks things])
791 AC_DEFINE([SETEUID_BREAKS_SETUID])
792 AC_DEFINE([BROKEN_SETREUID])
793 AC_DEFINE([BROKEN_SETREGID])
796 conf_lastlog_location="/usr/adm/lastlog"
797 conf_utmp_location=/etc/utmp
798 conf_wtmp_location=/usr/adm/wtmp
799 maildir=/usr/spool/mail
800 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
801 AC_DEFINE([BROKEN_REALPATH])
802 AC_DEFINE([USE_PIPES])
803 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
807 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
808 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
809 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
810 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
811 [syslog_r function is safe to use in in a signal handler])
812 TEST_MALLOC_OPTIONS="AFGJPRX"
815 if test "x$withval" != "xno" ; then
818 AC_DEFINE([PAM_SUN_CODEBASE])
819 AC_DEFINE([LOGIN_NEEDS_UTMPX])
820 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
821 [Some versions of /bin/login need the TERM supplied
823 AC_DEFINE([PAM_TTY_KLUDGE])
824 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
825 [Define if pam_chauthtok wants real uid set
826 to the unpriv'ed user])
827 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
828 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
829 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
830 [Define if sshd somehow reacquires a controlling TTY
832 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
833 in case the name is longer than 8 chars])
834 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
835 external_path_file=/etc/default/login
836 # hardwire lastlog location (can't detect it on some versions)
837 conf_lastlog_location="/var/adm/lastlog"
838 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
839 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
840 if test "$sol2ver" -ge 8; then
842 AC_DEFINE([DISABLE_UTMP])
843 AC_DEFINE([DISABLE_WTMP], [1],
844 [Define if you don't want to use wtmp])
848 AC_ARG_WITH([solaris-contracts],
849 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
851 AC_CHECK_LIB([contract], [ct_tmpl_activate],
852 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
853 [Define if you have Solaris process contracts])
854 SSHDLIBS="$SSHDLIBS -lcontract"
858 AC_ARG_WITH([solaris-projects],
859 [ --with-solaris-projects Enable Solaris projects (experimental)],
861 AC_CHECK_LIB([project], [setproject],
862 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
863 [Define if you have Solaris projects])
864 SSHDLIBS="$SSHDLIBS -lproject"
868 TEST_SHELL=$SHELL # let configure find us a capable shell
871 CPPFLAGS="$CPPFLAGS -DSUNOS4"
872 AC_CHECK_FUNCS([getpwanam])
873 AC_DEFINE([PAM_SUN_CODEBASE])
874 conf_utmp_location=/etc/utmp
875 conf_wtmp_location=/var/adm/wtmp
876 conf_lastlog_location=/var/adm/lastlog
877 AC_DEFINE([USE_PIPES])
881 AC_DEFINE([USE_PIPES])
882 AC_DEFINE([SSHD_ACQUIRES_CTTY])
883 AC_DEFINE([SETEUID_BREAKS_SETUID])
884 AC_DEFINE([BROKEN_SETREUID])
885 AC_DEFINE([BROKEN_SETREGID])
888 # /usr/ucblib MUST NOT be searched on ReliantUNIX
889 AC_CHECK_LIB([dl], [dlsym], ,)
890 # -lresolv needs to be at the end of LIBS or DNS lookups break
891 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
892 IPADDR_IN_DISPLAY=yes
893 AC_DEFINE([USE_PIPES])
894 AC_DEFINE([IP_TOS_IS_BROKEN])
895 AC_DEFINE([SETEUID_BREAKS_SETUID])
896 AC_DEFINE([BROKEN_SETREUID])
897 AC_DEFINE([BROKEN_SETREGID])
898 AC_DEFINE([SSHD_ACQUIRES_CTTY])
899 external_path_file=/etc/default/login
900 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
901 # Attention: always take care to bind libsocket and libnsl before libc,
902 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
904 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
906 AC_DEFINE([USE_PIPES])
907 AC_DEFINE([SETEUID_BREAKS_SETUID])
908 AC_DEFINE([BROKEN_SETREUID])
909 AC_DEFINE([BROKEN_SETREGID])
910 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
911 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
912 TEST_SHELL=$SHELL # let configure find us a capable shell
914 # UnixWare 7.x, OpenUNIX 8
916 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
917 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
918 AC_DEFINE([USE_PIPES])
919 AC_DEFINE([SETEUID_BREAKS_SETUID])
920 AC_DEFINE([BROKEN_GETADDRINFO])
921 AC_DEFINE([BROKEN_SETREUID])
922 AC_DEFINE([BROKEN_SETREGID])
923 AC_DEFINE([PASSWD_NEEDS_USERNAME])
924 TEST_SHELL=$SHELL # let configure find us a capable shell
926 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
927 maildir=/var/spool/mail
928 AC_DEFINE([BROKEN_LIBIAF], [1],
929 [ia_uinfo routines not supported by OS yet])
930 AC_DEFINE([BROKEN_UPDWTMPX])
931 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
932 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
933 AC_DEFINE([HAVE_SECUREWARE])
934 AC_DEFINE([DISABLE_SHADOW])
937 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
938 check_for_libcrypt_later=1
944 # SCO UNIX and OEM versions of SCO UNIX
946 AC_MSG_ERROR("This Platform is no longer supported.")
950 if test -z "$GCC"; then
951 CFLAGS="$CFLAGS -belf"
953 LIBS="$LIBS -lprot -lx -ltinfo -lm"
955 AC_DEFINE([USE_PIPES])
956 AC_DEFINE([HAVE_SECUREWARE])
957 AC_DEFINE([DISABLE_SHADOW])
958 AC_DEFINE([DISABLE_FD_PASSING])
959 AC_DEFINE([SETEUID_BREAKS_SETUID])
960 AC_DEFINE([BROKEN_GETADDRINFO])
961 AC_DEFINE([BROKEN_SETREUID])
962 AC_DEFINE([BROKEN_SETREGID])
963 AC_DEFINE([WITH_ABBREV_NO_TTY])
964 AC_DEFINE([BROKEN_UPDWTMPX])
965 AC_DEFINE([PASSWD_NEEDS_USERNAME])
966 AC_CHECK_FUNCS([getluid setluid])
968 TEST_SHELL=$SHELL # let configure find us a capable shell
969 SKIP_DISABLE_LASTLOG_DEFINE=yes
972 AC_DEFINE([NO_SSH_LASTLOG], [1],
973 [Define if you don't want to use lastlog in session.c])
974 AC_DEFINE([SETEUID_BREAKS_SETUID])
975 AC_DEFINE([BROKEN_SETREUID])
976 AC_DEFINE([BROKEN_SETREGID])
977 AC_DEFINE([USE_PIPES])
978 AC_DEFINE([DISABLE_FD_PASSING])
980 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
984 AC_DEFINE([SETEUID_BREAKS_SETUID])
985 AC_DEFINE([BROKEN_SETREUID])
986 AC_DEFINE([BROKEN_SETREGID])
987 AC_DEFINE([WITH_ABBREV_NO_TTY])
988 AC_DEFINE([USE_PIPES])
989 AC_DEFINE([DISABLE_FD_PASSING])
991 LIBS="$LIBS -lgen -lacid -ldb"
995 AC_DEFINE([SETEUID_BREAKS_SETUID])
996 AC_DEFINE([BROKEN_SETREUID])
997 AC_DEFINE([BROKEN_SETREGID])
998 AC_DEFINE([USE_PIPES])
999 AC_DEFINE([DISABLE_FD_PASSING])
1000 AC_DEFINE([NO_SSH_LASTLOG])
1001 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1002 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1006 AC_MSG_CHECKING([for Digital Unix SIA])
1008 AC_ARG_WITH([osfsia],
1009 [ --with-osfsia Enable Digital Unix SIA],
1011 if test "x$withval" = "xno" ; then
1012 AC_MSG_RESULT([disabled])
1017 if test -z "$no_osfsia" ; then
1018 if test -f /etc/sia/matrix.conf; then
1019 AC_MSG_RESULT([yes])
1020 AC_DEFINE([HAVE_OSF_SIA], [1],
1021 [Define if you have Digital Unix Security
1022 Integration Architecture])
1023 AC_DEFINE([DISABLE_LOGIN], [1],
1024 [Define if you don't want to use your
1025 system's login() call])
1026 AC_DEFINE([DISABLE_FD_PASSING])
1027 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1031 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1032 [String used in /etc/passwd to denote locked account])
1035 AC_DEFINE([BROKEN_GETADDRINFO])
1036 AC_DEFINE([SETEUID_BREAKS_SETUID])
1037 AC_DEFINE([BROKEN_SETREUID])
1038 AC_DEFINE([BROKEN_SETREGID])
1039 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1043 AC_DEFINE([USE_PIPES])
1044 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1045 AC_DEFINE([DISABLE_LASTLOG])
1046 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1047 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1048 enable_etc_default_login=no # has incompatible /etc/default/login
1051 AC_DEFINE([DISABLE_FD_PASSING])
1057 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1058 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1059 AC_DEFINE([NEED_SETPGRP])
1060 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1064 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1065 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1069 AC_MSG_CHECKING([compiler and flags for sanity])
1070 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1071 [ AC_MSG_RESULT([yes]) ],
1074 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1076 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1079 dnl Checks for header files.
1080 # Checks for libraries.
1081 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
1082 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1084 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1085 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1086 AC_CHECK_LIB([gen], [dirname], [
1087 AC_CACHE_CHECK([for broken dirname],
1088 ac_cv_have_broken_dirname, [
1096 int main(int argc, char **argv) {
1099 strncpy(buf,"/etc", 32);
1101 if (!s || strncmp(s, "/", 32) != 0) {
1108 [ ac_cv_have_broken_dirname="no" ],
1109 [ ac_cv_have_broken_dirname="yes" ],
1110 [ ac_cv_have_broken_dirname="no" ],
1114 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1116 AC_DEFINE([HAVE_DIRNAME])
1117 AC_CHECK_HEADERS([libgen.h])
1122 AC_CHECK_FUNC([getspnam], ,
1123 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1124 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1125 [Define if you have the basename function.])])
1127 dnl zlib is required
1129 [ --with-zlib=PATH Use zlib in PATH],
1130 [ if test "x$withval" = "xno" ; then
1131 AC_MSG_ERROR([*** zlib is required ***])
1132 elif test "x$withval" != "xyes"; then
1133 if test -d "$withval/lib"; then
1134 if test -n "${need_dash_r}"; then
1135 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1137 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1140 if test -n "${need_dash_r}"; then
1141 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1143 LDFLAGS="-L${withval} ${LDFLAGS}"
1146 if test -d "$withval/include"; then
1147 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1149 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1154 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1155 AC_CHECK_LIB([z], [deflate], ,
1157 saved_CPPFLAGS="$CPPFLAGS"
1158 saved_LDFLAGS="$LDFLAGS"
1160 dnl Check default zlib install dir
1161 if test -n "${need_dash_r}"; then
1162 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1164 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1166 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1168 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1170 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1176 AC_ARG_WITH([zlib-version-check],
1177 [ --without-zlib-version-check Disable zlib version check],
1178 [ if test "x$withval" = "xno" ; then
1179 zlib_check_nonfatal=1
1184 AC_MSG_CHECKING([for possibly buggy zlib])
1185 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1191 int a=0, b=0, c=0, d=0, n, v;
1192 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1193 if (n != 3 && n != 4)
1195 v = a*1000000 + b*10000 + c*100 + d;
1196 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1199 if (a == 1 && b == 1 && c >= 4)
1202 /* 1.2.3 and up are OK */
1208 AC_MSG_RESULT([no]),
1209 [ AC_MSG_RESULT([yes])
1210 if test -z "$zlib_check_nonfatal" ; then
1211 AC_MSG_ERROR([*** zlib too old - check config.log ***
1212 Your reported zlib version has known security problems. It's possible your
1213 vendor has fixed these problems without changing the version number. If you
1214 are sure this is the case, you can disable the check by running
1215 "./configure --without-zlib-version-check".
1216 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1217 See http://www.gzip.org/zlib/ for details.])
1219 AC_MSG_WARN([zlib version may have security problems])
1222 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1226 AC_CHECK_FUNC([strcasecmp],
1227 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1229 AC_CHECK_FUNCS([utimes],
1230 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1231 LIBS="$LIBS -lc89"]) ]
1234 dnl Checks for libutil functions
1235 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1236 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1237 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1238 AC_SEARCH_LIBS([login], [util bsd])
1239 AC_SEARCH_LIBS([logout], [util bsd])
1240 AC_SEARCH_LIBS([logwtmp], [util bsd])
1241 AC_SEARCH_LIBS([openpty], [util bsd])
1242 AC_SEARCH_LIBS([updwtmp], [util bsd])
1243 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1245 # On some platforms, inet_ntop may be found in libresolv or libnsl.
1246 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1250 # Check for ALTDIRFUNC glob() extension
1251 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1252 AC_EGREP_CPP([FOUNDIT],
1255 #ifdef GLOB_ALTDIRFUNC
1260 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1261 [Define if your system glob() function has
1262 the GLOB_ALTDIRFUNC extension])
1263 AC_MSG_RESULT([yes])
1270 # Check for g.gl_matchc glob() extension
1271 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1272 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1273 [[ glob_t g; g.gl_matchc = 1; ]])],
1275 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1276 [Define if your system glob() function has
1277 gl_matchc options in glob_t])
1278 AC_MSG_RESULT([yes])
1283 # Check for g.gl_statv glob() extension
1284 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1285 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1286 #ifndef GLOB_KEEPSTAT
1287 #error "glob does not support GLOB_KEEPSTAT extension"
1293 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1294 [Define if your system glob() function has
1295 gl_statv options in glob_t])
1296 AC_MSG_RESULT([yes])
1302 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1304 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1307 #include <sys/types.h>
1308 #include <dirent.h>]],
1311 exit(sizeof(d.d_name)<=sizeof(char));
1313 [AC_MSG_RESULT([yes])],
1316 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1317 [Define if your struct dirent expects you to
1318 allocate extra space for d_name])
1321 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1322 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1326 AC_MSG_CHECKING([for /proc/pid/fd directory])
1327 if test -d "/proc/$$/fd" ; then
1328 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1329 AC_MSG_RESULT([yes])
1334 # Check whether user wants S/Key support
1337 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1339 if test "x$withval" != "xno" ; then
1341 if test "x$withval" != "xyes" ; then
1342 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1343 LDFLAGS="$LDFLAGS -L${withval}/lib"
1346 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1350 AC_MSG_CHECKING([for s/key support])
1356 char *ff = skey_keyinfo(""); ff="";
1359 [AC_MSG_RESULT([yes])],
1362 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1364 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1365 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1369 (void)skeychallenge(NULL,"name","",0);
1372 AC_MSG_RESULT([yes])
1373 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1374 [Define if your skeychallenge()
1375 function takes 4 arguments (NetBSD)])],
1383 # Check whether user wants TCP wrappers support
1385 AC_ARG_WITH([tcp-wrappers],
1386 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1388 if test "x$withval" != "xno" ; then
1390 saved_LDFLAGS="$LDFLAGS"
1391 saved_CPPFLAGS="$CPPFLAGS"
1392 if test -n "${withval}" && \
1393 test "x${withval}" != "xyes"; then
1394 if test -d "${withval}/lib"; then
1395 if test -n "${need_dash_r}"; then
1396 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1398 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1401 if test -n "${need_dash_r}"; then
1402 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1404 LDFLAGS="-L${withval} ${LDFLAGS}"
1407 if test -d "${withval}/include"; then
1408 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1410 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1414 AC_MSG_CHECKING([for libwrap])
1415 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1416 #include <sys/types.h>
1417 #include <sys/socket.h>
1418 #include <netinet/in.h>
1420 int deny_severity = 0, allow_severity = 0;
1424 AC_MSG_RESULT([yes])
1425 AC_DEFINE([LIBWRAP], [1],
1427 TCP Wrappers support])
1428 SSHDLIBS="$SSHDLIBS -lwrap"
1431 AC_MSG_ERROR([*** libwrap missing])
1439 # Check whether user wants to use ldns
1442 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1444 if test "x$withval" != "xno" ; then
1446 if test "x$withval" != "xyes" ; then
1447 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1448 LDFLAGS="$LDFLAGS -L${withval}/lib"
1451 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1455 AC_MSG_CHECKING([for ldns support])
1461 #include <ldns/ldns.h>
1462 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1465 [AC_MSG_RESULT(yes)],
1468 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1474 # Check whether user wants libedit support
1476 AC_ARG_WITH([libedit],
1477 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1478 [ if test "x$withval" != "xno" ; then
1479 if test "x$withval" = "xyes" ; then
1480 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1481 if test "x$PKGCONFIG" != "xno"; then
1482 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1483 if "$PKGCONFIG" libedit; then
1484 AC_MSG_RESULT([yes])
1485 use_pkgconfig_for_libedit=yes
1491 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1492 if test -n "${need_dash_r}"; then
1493 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1495 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1498 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1499 LIBEDIT=`$PKGCONFIG --libs libedit`
1500 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1502 LIBEDIT="-ledit -lcurses"
1504 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1505 AC_CHECK_LIB([edit], [el_init],
1506 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1510 [ AC_MSG_ERROR([libedit not found]) ],
1513 AC_MSG_CHECKING([if libedit version is compatible])
1515 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1518 el_init("", NULL, NULL, NULL);
1521 [ AC_MSG_RESULT([yes]) ],
1522 [ AC_MSG_RESULT([no])
1523 AC_MSG_ERROR([libedit version is not compatible]) ]
1529 AC_ARG_WITH([audit],
1530 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1532 AC_MSG_CHECKING([for supported audit module])
1535 AC_MSG_RESULT([bsm])
1537 dnl Checks for headers, libs and functions
1538 AC_CHECK_HEADERS([bsm/audit.h], [],
1539 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1546 AC_CHECK_LIB([bsm], [getaudit], [],
1547 [AC_MSG_ERROR([BSM enabled and required library not found])])
1548 AC_CHECK_FUNCS([getaudit], [],
1549 [AC_MSG_ERROR([BSM enabled and required function not found])])
1550 # These are optional
1551 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1552 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1553 if test "$sol2ver" -ge 11; then
1554 SSHDLIBS="$SSHDLIBS -lscf"
1555 AC_DEFINE([BROKEN_BSM_API], [1],
1556 [The system has incomplete BSM API])
1560 AC_MSG_RESULT([linux])
1562 dnl Checks for headers, libs and functions
1563 AC_CHECK_HEADERS([libaudit.h])
1564 SSHDLIBS="$SSHDLIBS -laudit"
1565 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1569 AC_MSG_RESULT([debug])
1570 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1576 AC_MSG_ERROR([Unknown audit module $withval])
1582 [ --with-pie Build Position Independent Executables if possible], [
1583 if test "x$withval" = "xno"; then
1586 if test "x$withval" = "xyes"; then
1591 if test "x$use_pie" = "x"; then
1594 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1595 # Turn off automatic PIE when toolchain hardening is off.
1598 if test "x$use_pie" = "xauto"; then
1599 # Automatic PIE requires gcc >= 4.x
1600 AC_MSG_CHECKING([for gcc >= 4.x])
1601 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1602 #if !defined(__GNUC__) || __GNUC__ < 4
1603 #error gcc is too old
1606 [ AC_MSG_RESULT([yes]) ],
1607 [ AC_MSG_RESULT([no])
1611 if test "x$use_pie" != "xno"; then
1612 SAVED_CFLAGS="$CFLAGS"
1613 SAVED_LDFLAGS="$LDFLAGS"
1614 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1615 OSSH_CHECK_LDFLAG_LINK([-pie])
1616 # We use both -fPIE and -pie or neither.
1617 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1618 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1619 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1620 AC_MSG_RESULT([yes])
1623 CFLAGS="$SAVED_CFLAGS"
1624 LDFLAGS="$SAVED_LDFLAGS"
1628 dnl Checks for library functions. Please keep in alphabetical order
1630 Blowfish_initstate \
1631 Blowfish_expandstate \
1632 Blowfish_expand0state \
1633 Blowfish_stream2word \
1637 arc4random_uniform \
1746 [[ #include <ctype.h> ]],
1747 [[ return (isblank('a')); ]])],
1748 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1751 # PKCS#11 support requires dlopen() and co
1752 AC_SEARCH_LIBS([dlopen], [dl],
1753 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1756 # IRIX has a const char return value for gai_strerror()
1757 AC_CHECK_FUNCS([gai_strerror], [
1758 AC_DEFINE([HAVE_GAI_STRERROR])
1759 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1760 #include <sys/types.h>
1761 #include <sys/socket.h>
1764 const char *gai_strerror(int);
1767 str = gai_strerror(0);
1769 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1770 [Define if gai_strerror() returns const char *])], [])])
1772 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1773 [Some systems put nanosleep outside of libc])])
1775 AC_SEARCH_LIBS([clock_gettime], [rt],
1776 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1778 dnl Make sure prototypes are defined for these before using them.
1779 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1780 AC_CHECK_DECL([strsep],
1781 [AC_CHECK_FUNCS([strsep])],
1784 #ifdef HAVE_STRING_H
1785 # include <string.h>
1789 dnl tcsendbreak might be a macro
1790 AC_CHECK_DECL([tcsendbreak],
1791 [AC_DEFINE([HAVE_TCSENDBREAK])],
1792 [AC_CHECK_FUNCS([tcsendbreak])],
1793 [#include <termios.h>]
1796 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1798 AC_CHECK_DECLS([SHUT_RD], , ,
1800 #include <sys/types.h>
1801 #include <sys/socket.h>
1804 AC_CHECK_DECLS([O_NONBLOCK], , ,
1806 #include <sys/types.h>
1807 #ifdef HAVE_SYS_STAT_H
1808 # include <sys/stat.h>
1815 AC_CHECK_DECLS([writev], , , [
1816 #include <sys/types.h>
1817 #include <sys/uio.h>
1821 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1822 #include <sys/param.h>
1825 AC_CHECK_DECLS([offsetof], , , [
1829 # extra bits for select(2)
1830 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1831 #include <sys/param.h>
1832 #include <sys/types.h>
1833 #ifdef HAVE_SYS_SYSMACROS_H
1834 #include <sys/sysmacros.h>
1836 #ifdef HAVE_SYS_SELECT_H
1837 #include <sys/select.h>
1839 #ifdef HAVE_SYS_TIME_H
1840 #include <sys/time.h>
1842 #ifdef HAVE_UNISTD_H
1846 AC_CHECK_TYPES([fd_mask], [], [], [[
1847 #include <sys/param.h>
1848 #include <sys/types.h>
1849 #ifdef HAVE_SYS_SELECT_H
1850 #include <sys/select.h>
1852 #ifdef HAVE_SYS_TIME_H
1853 #include <sys/time.h>
1855 #ifdef HAVE_UNISTD_H
1860 AC_CHECK_FUNCS([setresuid], [
1861 dnl Some platorms have setresuid that isn't implemented, test for this
1862 AC_MSG_CHECKING([if setresuid seems to work])
1875 [AC_MSG_RESULT([yes])],
1876 [AC_DEFINE([BROKEN_SETRESUID], [1],
1877 [Define if your setresuid() is broken])
1878 AC_MSG_RESULT([not implemented])],
1879 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1883 AC_CHECK_FUNCS([setresgid], [
1884 dnl Some platorms have setresgid that isn't implemented, test for this
1885 AC_MSG_CHECKING([if setresgid seems to work])
1898 [AC_MSG_RESULT([yes])],
1899 [AC_DEFINE([BROKEN_SETRESGID], [1],
1900 [Define if your setresgid() is broken])
1901 AC_MSG_RESULT([not implemented])],
1902 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1906 dnl Checks for time functions
1907 AC_CHECK_FUNCS([gettimeofday time])
1908 dnl Checks for utmp functions
1909 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1910 AC_CHECK_FUNCS([utmpname])
1911 dnl Checks for utmpx functions
1912 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1913 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1914 dnl Checks for lastlog functions
1915 AC_CHECK_FUNCS([getlastlogxbyname])
1917 AC_CHECK_FUNC([daemon],
1918 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1919 [AC_CHECK_LIB([bsd], [daemon],
1920 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1923 AC_CHECK_FUNC([getpagesize],
1924 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1925 [Define if your libraries define getpagesize()])],
1926 [AC_CHECK_LIB([ucb], [getpagesize],
1927 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1930 # Check for broken snprintf
1931 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1932 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1934 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1937 snprintf(b,5,"123456789");
1940 [AC_MSG_RESULT([yes])],
1943 AC_DEFINE([BROKEN_SNPRINTF], [1],
1944 [Define if your snprintf is busted])
1945 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1947 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1951 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1952 # returning the right thing on overflow: the number of characters it tried to
1953 # create (as per SUSv3)
1954 if test "x$ac_cv_func_asprintf" != "xyes" && \
1955 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1956 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1959 #include <sys/types.h>
1963 int x_snprintf(char *str,size_t count,const char *fmt,...)
1965 size_t ret; va_list ap;
1966 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1971 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1973 [AC_MSG_RESULT([yes])],
1976 AC_DEFINE([BROKEN_SNPRINTF], [1],
1977 [Define if your snprintf is busted])
1978 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1980 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1984 # On systems where [v]snprintf is broken, but is declared in stdio,
1985 # check that the fmt argument is const char * or just char *.
1986 # This is only useful for when BROKEN_SNPRINTF
1987 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1988 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1990 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1994 [AC_MSG_RESULT([yes])
1995 AC_DEFINE([SNPRINTF_CONST], [const],
1996 [Define as const if snprintf() can declare const char *fmt])],
1997 [AC_MSG_RESULT([no])
1998 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2000 # Check for missing getpeereid (or equiv) support
2002 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2003 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2004 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2005 #include <sys/types.h>
2006 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2007 [ AC_MSG_RESULT([yes])
2008 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2009 ], [AC_MSG_RESULT([no])
2014 dnl see whether mkstemp() requires XXXXXX
2015 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2016 AC_MSG_CHECKING([for (overly) strict mkstemp])
2021 char template[]="conftest.mkstemp-test";
2022 if (mkstemp(template) == -1)
2031 AC_MSG_RESULT([yes])
2032 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2035 AC_MSG_RESULT([yes])
2036 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2041 dnl make sure that openpty does not reacquire controlling terminal
2042 if test ! -z "$check_for_openpty_ctty_bug"; then
2043 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2047 #include <sys/fcntl.h>
2048 #include <sys/types.h>
2049 #include <sys/wait.h>
2052 int fd, ptyfd, ttyfd, status;
2055 if (pid < 0) { /* failed */
2057 } else if (pid > 0) { /* parent */
2058 waitpid(pid, &status, 0);
2059 if (WIFEXITED(status))
2060 exit(WEXITSTATUS(status));
2063 } else { /* child */
2064 close(0); close(1); close(2);
2066 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2067 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2069 exit(3); /* Acquired ctty: broken */
2071 exit(0); /* Did not acquire ctty: OK */
2075 AC_MSG_RESULT([yes])
2079 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2082 AC_MSG_RESULT([cross-compiling, assuming yes])
2087 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2088 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2089 AC_MSG_CHECKING([if getaddrinfo seems to work])
2093 #include <sys/socket.h>
2096 #include <netinet/in.h>
2098 #define TEST_PORT "2222"
2101 struct addrinfo *gai_ai, *ai, hints;
2102 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2104 memset(&hints, 0, sizeof(hints));
2105 hints.ai_family = PF_UNSPEC;
2106 hints.ai_socktype = SOCK_STREAM;
2107 hints.ai_flags = AI_PASSIVE;
2109 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2111 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2115 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2116 if (ai->ai_family != AF_INET6)
2119 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2120 sizeof(ntop), strport, sizeof(strport),
2121 NI_NUMERICHOST|NI_NUMERICSERV);
2124 if (err == EAI_SYSTEM)
2125 perror("getnameinfo EAI_SYSTEM");
2127 fprintf(stderr, "getnameinfo failed: %s\n",
2132 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2135 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2143 AC_MSG_RESULT([yes])
2147 AC_DEFINE([BROKEN_GETADDRINFO])
2150 AC_MSG_RESULT([cross-compiling, assuming yes])
2155 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2156 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2157 AC_MSG_CHECKING([if getaddrinfo seems to work])
2161 #include <sys/socket.h>
2164 #include <netinet/in.h>
2166 #define TEST_PORT "2222"
2169 struct addrinfo *gai_ai, *ai, hints;
2170 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2172 memset(&hints, 0, sizeof(hints));
2173 hints.ai_family = PF_UNSPEC;
2174 hints.ai_socktype = SOCK_STREAM;
2175 hints.ai_flags = AI_PASSIVE;
2177 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2179 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2183 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2184 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2187 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2188 sizeof(ntop), strport, sizeof(strport),
2189 NI_NUMERICHOST|NI_NUMERICSERV);
2191 if (ai->ai_family == AF_INET && err != 0) {
2192 perror("getnameinfo");
2199 AC_MSG_RESULT([yes])
2200 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2201 [Define if you have a getaddrinfo that fails
2202 for the all-zeros IPv6 address])
2206 AC_DEFINE([BROKEN_GETADDRINFO])
2209 AC_MSG_RESULT([cross-compiling, assuming no])
2214 if test "x$check_for_conflicting_getspnam" = "x1"; then
2215 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2216 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2222 AC_MSG_RESULT([yes])
2223 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2224 [Conflicting defs for getspnam])
2231 # Search for OpenSSL
2232 saved_CPPFLAGS="$CPPFLAGS"
2233 saved_LDFLAGS="$LDFLAGS"
2234 AC_ARG_WITH([ssl-dir],
2235 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2237 if test "x$withval" != "xno" ; then
2240 ./*|../*) withval="`pwd`/$withval"
2242 if test -d "$withval/lib"; then
2243 if test -n "${need_dash_r}"; then
2244 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2246 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2248 elif test -d "$withval/lib64"; then
2249 if test -n "${need_dash_r}"; then
2250 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2252 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2255 if test -n "${need_dash_r}"; then
2256 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2258 LDFLAGS="-L${withval} ${LDFLAGS}"
2261 if test -d "$withval/include"; then
2262 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2264 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2269 LIBS="-lcrypto $LIBS"
2270 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2271 [Define if your ssl headers are included
2272 with #include <openssl/header.h>])],
2274 dnl Check default openssl install dir
2275 if test -n "${need_dash_r}"; then
2276 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2278 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2280 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2281 AC_CHECK_HEADER([openssl/opensslv.h], ,
2282 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2283 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2285 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2291 # Determine OpenSSL header version
2292 AC_MSG_CHECKING([OpenSSL header version])
2297 #include <openssl/opensslv.h>
2298 #define DATA "conftest.sslincver"
2303 fd = fopen(DATA,"w");
2307 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2313 ssl_header_ver=`cat conftest.sslincver`
2314 AC_MSG_RESULT([$ssl_header_ver])
2317 AC_MSG_RESULT([not found])
2318 AC_MSG_ERROR([OpenSSL version header not found.])
2321 AC_MSG_WARN([cross compiling: not checking])
2325 # Determine OpenSSL library version
2326 AC_MSG_CHECKING([OpenSSL library version])
2331 #include <openssl/opensslv.h>
2332 #include <openssl/crypto.h>
2333 #define DATA "conftest.ssllibver"
2338 fd = fopen(DATA,"w");
2342 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2348 ssl_library_ver=`cat conftest.ssllibver`
2349 AC_MSG_RESULT([$ssl_library_ver])
2352 AC_MSG_RESULT([not found])
2353 AC_MSG_ERROR([OpenSSL library not found.])
2356 AC_MSG_WARN([cross compiling: not checking])
2360 AC_ARG_WITH([openssl-header-check],
2361 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2362 [ if test "x$withval" = "xno" ; then
2363 openssl_check_nonfatal=1
2368 # Sanity check OpenSSL headers
2369 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2373 #include <openssl/opensslv.h>
2375 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2378 AC_MSG_RESULT([yes])
2382 if test "x$openssl_check_nonfatal" = "x"; then
2383 AC_MSG_ERROR([Your OpenSSL headers do not match your
2384 library. Check config.log for details.
2385 If you are sure your installation is consistent, you can disable the check
2386 by running "./configure --without-openssl-header-check".
2387 Also see contrib/findssl.sh for help identifying header/library mismatches.
2390 AC_MSG_WARN([Your OpenSSL headers do not match your
2391 library. Check config.log for details.
2392 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2396 AC_MSG_WARN([cross compiling: not checking])
2400 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2402 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2403 [[ SSLeay_add_all_algorithms(); ]])],
2405 AC_MSG_RESULT([yes])
2411 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2413 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2414 [[ SSLeay_add_all_algorithms(); ]])],
2416 AC_MSG_RESULT([yes])
2428 DSA_generate_parameters_ex \
2430 EVP_DigestFinal_ex \
2432 EVP_MD_CTX_cleanup \
2433 EVP_MD_CTX_copy_ex \
2435 RSA_generate_key_ex \
2436 RSA_get_default_method \
2439 AC_ARG_WITH([ssl-engine],
2440 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2441 [ if test "x$withval" != "xno" ; then
2442 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2443 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2444 #include <openssl/engine.h>
2446 ENGINE_load_builtin_engines();
2447 ENGINE_register_all_complete();
2449 [ AC_MSG_RESULT([yes])
2450 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2451 [Enable OpenSSL engine support])
2452 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2457 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2458 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2462 #include <openssl/evp.h>
2464 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2470 AC_MSG_RESULT([yes])
2471 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2472 [libcrypto is missing AES 192 and 256 bit functions])
2476 # Check for OpenSSL with EVP_aes_*ctr
2477 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2481 #include <openssl/evp.h>
2483 exit(EVP_aes_128_ctr() == NULL ||
2484 EVP_aes_192_cbc() == NULL ||
2485 EVP_aes_256_cbc() == NULL);
2488 AC_MSG_RESULT([yes])
2489 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2490 [libcrypto has EVP AES CTR])
2497 # Check for OpenSSL with EVP_aes_*gcm
2498 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2502 #include <openssl/evp.h>
2504 exit(EVP_aes_128_gcm() == NULL ||
2505 EVP_aes_256_gcm() == NULL ||
2506 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2507 EVP_CTRL_GCM_IV_GEN == 0 ||
2508 EVP_CTRL_GCM_SET_TAG == 0 ||
2509 EVP_CTRL_GCM_GET_TAG == 0 ||
2510 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2513 AC_MSG_RESULT([yes])
2514 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2515 [libcrypto has EVP AES GCM])
2519 unsupported_algorithms="$unsupported_cipers \
2520 aes128-gcm@openssh.com aes256-gcm@openssh.com"
2524 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2525 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2526 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2528 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2532 #include <openssl/evp.h>
2534 if(EVP_DigestUpdate(NULL, NULL,0))
2538 AC_MSG_RESULT([yes])
2542 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2543 [Define if EVP_DigestUpdate returns void])
2547 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2548 # because the system crypt() is more featureful.
2549 if test "x$check_for_libcrypt_before" = "x1"; then
2550 AC_CHECK_LIB([crypt], [crypt])
2553 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2554 # version in OpenSSL.
2555 if test "x$check_for_libcrypt_later" = "x1"; then
2556 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2558 AC_CHECK_FUNCS([crypt DES_crypt])
2560 # Search for SHA256 support in libc and/or OpenSSL
2561 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2562 [unsupported_algorithms="$unsupported_algorithms \
2563 hmac-sha2-256 hmac-sha2-512 \
2564 diffie-hellman-group-exchange-sha256 \
2565 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
2569 # Check complete ECC support in OpenSSL
2570 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2573 #include <openssl/ec.h>
2574 #include <openssl/ecdh.h>
2575 #include <openssl/ecdsa.h>
2576 #include <openssl/evp.h>
2577 #include <openssl/objects.h>
2578 #include <openssl/opensslv.h>
2579 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2580 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2583 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2584 const EVP_MD *m = EVP_sha256(); /* We need this too */
2586 [ AC_MSG_RESULT([yes])
2587 enable_nistp256=1 ],
2588 [ AC_MSG_RESULT([no]) ]
2591 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2594 #include <openssl/ec.h>
2595 #include <openssl/ecdh.h>
2596 #include <openssl/ecdsa.h>
2597 #include <openssl/evp.h>
2598 #include <openssl/objects.h>
2599 #include <openssl/opensslv.h>
2600 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2601 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2604 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2605 const EVP_MD *m = EVP_sha384(); /* We need this too */
2607 [ AC_MSG_RESULT([yes])
2608 enable_nistp384=1 ],
2609 [ AC_MSG_RESULT([no]) ]
2612 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2615 #include <openssl/ec.h>
2616 #include <openssl/ecdh.h>
2617 #include <openssl/ecdsa.h>
2618 #include <openssl/evp.h>
2619 #include <openssl/objects.h>
2620 #include <openssl/opensslv.h>
2621 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2622 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2625 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2626 const EVP_MD *m = EVP_sha512(); /* We need this too */
2628 [ AC_MSG_RESULT([yes])
2629 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2632 #include <openssl/ec.h>
2633 #include <openssl/ecdh.h>
2634 #include <openssl/ecdsa.h>
2635 #include <openssl/evp.h>
2636 #include <openssl/objects.h>
2637 #include <openssl/opensslv.h>
2639 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2640 const EVP_MD *m = EVP_sha512(); /* We need this too */
2641 exit(e == NULL || m == NULL);
2643 [ AC_MSG_RESULT([yes])
2644 enable_nistp521=1 ],
2645 [ AC_MSG_RESULT([no]) ],
2646 [ AC_MSG_WARN([cross-compiling: assuming yes])
2652 COMMENT_OUT_ECC="#no ecc#"
2655 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2656 test x$enable_nistp521 = x1; then
2657 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2659 if test x$enable_nistp256 = x1; then
2660 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2661 [libcrypto has NID_X9_62_prime256v1])
2665 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \
2666 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2668 if test x$enable_nistp384 = x1; then
2669 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2673 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \
2674 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2676 if test x$enable_nistp521 = x1; then
2677 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2681 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \
2682 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2685 AC_SUBST([TEST_SSH_ECC])
2686 AC_SUBST([COMMENT_OUT_ECC])
2689 AC_CHECK_LIB([iaf], [ia_openinfo], [
2691 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2692 AC_DEFINE([HAVE_LIBIAF], [1],
2693 [Define if system has libiaf that supports set_id])
2698 ### Configure cryptographic random number support
2700 # Check wheter OpenSSL seeds itself
2701 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2705 #include <openssl/rand.h>
2707 exit(RAND_status() == 1 ? 0 : 1);
2710 OPENSSL_SEEDS_ITSELF=yes
2711 AC_MSG_RESULT([yes])
2717 AC_MSG_WARN([cross compiling: assuming yes])
2718 # This is safe, since we will fatal() at runtime if
2719 # OpenSSL is not seeded correctly.
2720 OPENSSL_SEEDS_ITSELF=yes
2725 AC_ARG_WITH([prngd-port],
2726 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2735 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2738 if test ! -z "$withval" ; then
2739 PRNGD_PORT="$withval"
2740 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2741 [Port number of PRNGD/EGD random number socket])
2746 # PRNGD Unix domain socket
2747 AC_ARG_WITH([prngd-socket],
2748 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2752 withval="/var/run/egd-pool"
2760 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2764 if test ! -z "$withval" ; then
2765 if test ! -z "$PRNGD_PORT" ; then
2766 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2768 if test ! -r "$withval" ; then
2769 AC_MSG_WARN([Entropy socket is not readable])
2771 PRNGD_SOCKET="$withval"
2772 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2773 [Location of PRNGD/EGD random number socket])
2777 # Check for existing socket only if we don't have a random device already
2778 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2779 AC_MSG_CHECKING([for PRNGD/EGD socket])
2780 # Insert other locations here
2781 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2782 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2783 PRNGD_SOCKET="$sock"
2784 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2788 if test ! -z "$PRNGD_SOCKET" ; then
2789 AC_MSG_RESULT([$PRNGD_SOCKET])
2791 AC_MSG_RESULT([not found])
2797 # Which randomness source do we use?
2798 if test ! -z "$PRNGD_PORT" ; then
2799 RAND_MSG="PRNGd port $PRNGD_PORT"
2800 elif test ! -z "$PRNGD_SOCKET" ; then
2801 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2802 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2803 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2804 [Define if you want OpenSSL's internally seeded PRNG only])
2805 RAND_MSG="OpenSSL internal ONLY"
2807 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2810 # Check for PAM libs
2813 [ --with-pam Enable PAM support ],
2815 if test "x$withval" != "xno" ; then
2816 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2817 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2818 AC_MSG_ERROR([PAM headers not found])
2822 AC_CHECK_LIB([dl], [dlopen], , )
2823 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2824 AC_CHECK_FUNCS([pam_getenvlist])
2825 AC_CHECK_FUNCS([pam_putenv])
2830 SSHDLIBS="$SSHDLIBS -lpam"
2831 AC_DEFINE([USE_PAM], [1],
2832 [Define if you want to enable PAM support])
2834 if test $ac_cv_lib_dl_dlopen = yes; then
2837 # libdl already in LIBS
2840 SSHDLIBS="$SSHDLIBS -ldl"
2848 # Check for older PAM
2849 if test "x$PAM_MSG" = "xyes" ; then
2850 # Check PAM strerror arguments (old PAM)
2851 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2852 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2854 #if defined(HAVE_SECURITY_PAM_APPL_H)
2855 #include <security/pam_appl.h>
2856 #elif defined (HAVE_PAM_PAM_APPL_H)
2857 #include <pam/pam_appl.h>
2860 (void)pam_strerror((pam_handle_t *)NULL, -1);
2861 ]])], [AC_MSG_RESULT([no])], [
2862 AC_DEFINE([HAVE_OLD_PAM], [1],
2863 [Define if you have an old version of PAM
2864 which takes only one argument to pam_strerror])
2865 AC_MSG_RESULT([yes])
2866 PAM_MSG="yes (old library)"
2871 SSH_PRIVSEP_USER=sshd
2872 AC_ARG_WITH([privsep-user],
2873 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2875 if test -n "$withval" && test "x$withval" != "xno" && \
2876 test "x${withval}" != "xyes"; then
2877 SSH_PRIVSEP_USER=$withval
2881 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2882 [non-privileged user for privilege separation])
2883 AC_SUBST([SSH_PRIVSEP_USER])
2885 if test "x$have_linux_no_new_privs" = "x1" ; then
2886 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
2887 #include <sys/types.h>
2888 #include <linux/seccomp.h>
2891 if test "x$have_seccomp_filter" = "x1" ; then
2892 AC_MSG_CHECKING([kernel for seccomp_filter support])
2893 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
2896 #include <linux/audit.h>
2897 #include <linux/seccomp.h>
2899 #include <sys/prctl.h>
2901 [[ int i = $seccomp_audit_arch;
2903 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
2904 exit(errno == EFAULT ? 0 : 1); ]])],
2905 [ AC_MSG_RESULT([yes]) ], [
2907 # Disable seccomp filter as a target
2908 have_seccomp_filter=0
2913 # Decide which sandbox style to use
2915 AC_ARG_WITH([sandbox],
2916 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)],
2918 if test "x$withval" = "xyes" ; then
2921 sandbox_arg="$withval"
2926 # Some platforms (seems to be the ones that have a kernel poll(2)-type
2927 # function with which they implement select(2)) use an extra file descriptor
2928 # when calling select(2), which means we can't use the rlimit sandbox.
2929 AC_MSG_CHECKING([if select works with descriptor rlimit])
2932 #include <sys/types.h>
2933 #ifdef HAVE_SYS_TIME_H
2934 # include <sys/time.h>
2936 #include <sys/resource.h>
2937 #ifdef HAVE_SYS_SELECT_H
2938 # include <sys/select.h>
2944 struct rlimit rl_zero;
2949 fd = open("/dev/null", O_RDONLY);
2952 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2953 setrlimit(RLIMIT_FSIZE, &rl_zero);
2954 setrlimit(RLIMIT_NOFILE, &rl_zero);
2957 r = select(fd+1, &fds, NULL, NULL, &tv);
2958 exit (r == -1 ? 1 : 0);
2960 [AC_MSG_RESULT([yes])
2961 select_works_with_rlimit=yes],
2962 [AC_MSG_RESULT([no])
2963 select_works_with_rlimit=no],
2964 [AC_MSG_WARN([cross compiling: assuming yes])]
2967 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
2970 #include <sys/types.h>
2971 #ifdef HAVE_SYS_TIME_H
2972 # include <sys/time.h>
2974 #include <sys/resource.h>
2978 struct rlimit rl_zero;
2982 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2983 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
2984 exit (r == -1 ? 1 : 0);
2986 [AC_MSG_RESULT([yes])
2987 rlimit_nofile_zero_works=yes],
2988 [AC_MSG_RESULT([no])
2989 rlimit_nofile_zero_works=no],
2990 [AC_MSG_WARN([cross compiling: assuming yes])]
2993 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
2996 #include <sys/types.h>
2997 #include <sys/resource.h>
3000 struct rlimit rl_zero;
3002 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3003 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3005 [AC_MSG_RESULT([yes])],
3006 [AC_MSG_RESULT([no])
3007 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3008 [setrlimit RLIMIT_FSIZE works])],
3009 [AC_MSG_WARN([cross compiling: assuming yes])]
3012 if test "x$sandbox_arg" = "xsystrace" || \
3013 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3014 test "x$have_systr_policy_kill" != "x1" && \
3015 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3016 SANDBOX_STYLE="systrace"
3017 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3018 elif test "x$sandbox_arg" = "xdarwin" || \
3019 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3020 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3021 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3022 "x$ac_cv_header_sandbox_h" != "xyes" && \
3023 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3024 SANDBOX_STYLE="darwin"
3025 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3026 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3027 ( test -z "$sandbox_arg" && \
3028 test "x$have_seccomp_filter" = "x1" && \
3029 test "x$ac_cv_header_elf_h" = "xyes" && \
3030 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3031 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3032 test "x$seccomp_audit_arch" != "x" && \
3033 test "x$have_linux_no_new_privs" = "x1" && \
3034 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3035 test "x$seccomp_audit_arch" = "x" && \
3036 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3037 test "x$have_linux_no_new_privs" != "x1" && \
3038 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3039 test "x$have_seccomp_filter" != "x1" && \
3040 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3041 test "x$ac_cv_func_prctl" != "xyes" && \
3042 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3043 SANDBOX_STYLE="seccomp_filter"
3044 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3045 elif test "x$sandbox_arg" = "xcapsicum" || \
3046 ( test -z "$sandbox_arg" && \
3047 test "x$ac_cv_header_sys_capability_h" = "xyes" && \
3048 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3049 test "x$ac_cv_header_sys_capability_h" != "xyes" && \
3050 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header])
3051 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3052 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3053 SANDBOX_STYLE="capsicum"
3054 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3055 elif test "x$sandbox_arg" = "xrlimit" || \
3056 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3057 test "x$select_works_with_rlimit" = "xyes" && \
3058 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3059 test "x$ac_cv_func_setrlimit" != "xyes" && \
3060 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3061 test "x$select_works_with_rlimit" != "xyes" && \
3062 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3063 SANDBOX_STYLE="rlimit"
3064 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3065 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3066 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3067 SANDBOX_STYLE="none"
3068 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3070 AC_MSG_ERROR([unsupported --with-sandbox])
3073 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3074 if test ! -z "$SONY" ; then
3075 LIBS="$LIBS -liberty";
3078 # Check for long long datatypes
3079 AC_CHECK_TYPES([long long, unsigned long long, long double])
3081 # Check datatype sizes
3082 AC_CHECK_SIZEOF([short int], [2])
3083 AC_CHECK_SIZEOF([int], [4])
3084 AC_CHECK_SIZEOF([long int], [4])
3085 AC_CHECK_SIZEOF([long long int], [8])
3087 # Sanity check long long for some platforms (AIX)
3088 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3089 ac_cv_sizeof_long_long_int=0
3092 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3093 if test -z "$have_llong_max"; then
3094 AC_MSG_CHECKING([for max value of long long])
3098 /* Why is this so damn hard? */
3102 #define __USE_ISOC99
3104 #define DATA "conftest.llminmax"
3105 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3108 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3109 * we do this the hard way.
3112 fprint_ll(FILE *f, long long n)
3115 int l[sizeof(long long) * 8];
3118 if (fprintf(f, "-") < 0)
3120 for (i = 0; n != 0; i++) {
3121 l[i] = my_abs(n % 10);
3125 if (fprintf(f, "%d", l[--i]) < 0)
3128 if (fprintf(f, " ") < 0)
3134 long long i, llmin, llmax = 0;
3136 if((f = fopen(DATA,"w")) == NULL)
3139 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3140 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3144 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3145 /* This will work on one's complement and two's complement */
3146 for (i = 1; i > llmax; i <<= 1, i++)
3148 llmin = llmax + 1LL; /* wrap */
3152 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3153 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3154 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3155 fprintf(f, "unknown unknown\n");
3159 if (fprint_ll(f, llmin) < 0)
3161 if (fprint_ll(f, llmax) < 0)
3168 llong_min=`$AWK '{print $1}' conftest.llminmax`
3169 llong_max=`$AWK '{print $2}' conftest.llminmax`
3171 AC_MSG_RESULT([$llong_max])
3172 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3173 [max value of long long calculated by configure])
3174 AC_MSG_CHECKING([for min value of long long])
3175 AC_MSG_RESULT([$llong_min])
3176 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3177 [min value of long long calculated by configure])
3180 AC_MSG_RESULT([not found])
3183 AC_MSG_WARN([cross compiling: not checking])
3189 # More checks for data types
3190 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3191 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3192 [[ u_int a; a = 1;]])],
3193 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3196 if test "x$ac_cv_have_u_int" = "xyes" ; then
3197 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3201 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3202 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3203 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3204 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3207 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3208 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3212 if (test -z "$have_intxx_t" && \
3213 test "x$ac_cv_header_stdint_h" = "xyes")
3215 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3216 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3217 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3219 AC_DEFINE([HAVE_INTXX_T])
3220 AC_MSG_RESULT([yes])
3221 ], [ AC_MSG_RESULT([no])
3225 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3226 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3227 #include <sys/types.h>
3228 #ifdef HAVE_STDINT_H
3229 # include <stdint.h>
3231 #include <sys/socket.h>
3232 #ifdef HAVE_SYS_BITYPES_H
3233 # include <sys/bitypes.h>
3238 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3241 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3242 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3245 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3246 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3247 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3248 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3251 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3252 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3256 if test -z "$have_u_intxx_t" ; then
3257 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3258 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3259 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3261 AC_DEFINE([HAVE_U_INTXX_T])
3262 AC_MSG_RESULT([yes])
3263 ], [ AC_MSG_RESULT([no])
3267 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3268 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3269 [[ u_int64_t a; a = 1;]])],
3270 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3273 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3274 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3278 if (test -z "$have_u_int64_t" && \
3279 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3281 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3282 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3283 [[ u_int64_t a; a = 1]])],
3285 AC_DEFINE([HAVE_U_INT64_T])
3286 AC_MSG_RESULT([yes])
3287 ], [ AC_MSG_RESULT([no])
3291 if test -z "$have_u_intxx_t" ; then
3292 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3293 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3294 #include <sys/types.h>
3301 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3304 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3305 AC_DEFINE([HAVE_UINTXX_T], [1],
3306 [define if you have uintxx_t data type])
3310 if (test -z "$have_uintxx_t" && \
3311 test "x$ac_cv_header_stdint_h" = "xyes")
3313 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3314 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3315 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3317 AC_DEFINE([HAVE_UINTXX_T])
3318 AC_MSG_RESULT([yes])
3319 ], [ AC_MSG_RESULT([no])
3323 if (test -z "$have_uintxx_t" && \
3324 test "x$ac_cv_header_inttypes_h" = "xyes")
3326 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3327 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3328 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3330 AC_DEFINE([HAVE_UINTXX_T])
3331 AC_MSG_RESULT([yes])
3332 ], [ AC_MSG_RESULT([no])
3336 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3337 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3339 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3340 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3341 #include <sys/bitypes.h>
3343 int8_t a; int16_t b; int32_t c;
3344 u_int8_t e; u_int16_t f; u_int32_t g;
3345 a = b = c = e = f = g = 1;
3348 AC_DEFINE([HAVE_U_INTXX_T])
3349 AC_DEFINE([HAVE_INTXX_T])
3350 AC_MSG_RESULT([yes])
3351 ], [AC_MSG_RESULT([no])
3356 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3357 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3358 [[ u_char foo; foo = 125; ]])],
3359 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3362 if test "x$ac_cv_have_u_char" = "xyes" ; then
3363 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3366 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3367 #include <sys/types.h>
3373 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3374 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3375 #include <sys/types.h>
3376 #ifdef HAVE_SYS_BITYPES_H
3377 #include <sys/bitypes.h>
3379 #ifdef HAVE_SYS_STATFS_H
3380 #include <sys/statfs.h>
3382 #ifdef HAVE_SYS_STATVFS_H
3383 #include <sys/statvfs.h>
3387 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3388 [#include <sys/types.h>
3389 #include <netinet/in.h>])
3391 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3392 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3393 [[ size_t foo; foo = 1235; ]])],
3394 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3397 if test "x$ac_cv_have_size_t" = "xyes" ; then
3398 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3401 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3402 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3403 [[ ssize_t foo; foo = 1235; ]])],
3404 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3407 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3408 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3411 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3412 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3413 [[ clock_t foo; foo = 1235; ]])],
3414 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3417 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3418 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3421 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3422 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3423 #include <sys/types.h>
3424 #include <sys/socket.h>
3425 ]], [[ sa_family_t foo; foo = 1235; ]])],
3426 [ ac_cv_have_sa_family_t="yes" ],
3427 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3428 #include <sys/types.h>
3429 #include <sys/socket.h>
3430 #include <netinet/in.h>
3431 ]], [[ sa_family_t foo; foo = 1235; ]])],
3432 [ ac_cv_have_sa_family_t="yes" ],
3433 [ ac_cv_have_sa_family_t="no" ]
3437 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3438 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3439 [define if you have sa_family_t data type])
3442 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3443 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3444 [[ pid_t foo; foo = 1235; ]])],
3445 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3448 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3449 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3452 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3453 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3454 [[ mode_t foo; foo = 1235; ]])],
3455 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3458 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3459 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3463 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3464 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3465 #include <sys/types.h>
3466 #include <sys/socket.h>
3467 ]], [[ struct sockaddr_storage s; ]])],
3468 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3469 [ ac_cv_have_struct_sockaddr_storage="no"
3472 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3473 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3474 [define if you have struct sockaddr_storage data type])
3477 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3479 #include <sys/types.h>
3480 #include <netinet/in.h>
3481 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3482 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3483 [ ac_cv_have_struct_sockaddr_in6="no"
3486 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3487 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3488 [define if you have struct sockaddr_in6 data type])
3491 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3493 #include <sys/types.h>
3494 #include <netinet/in.h>
3495 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3496 [ ac_cv_have_struct_in6_addr="yes" ],
3497 [ ac_cv_have_struct_in6_addr="no"
3500 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3501 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3502 [define if you have struct in6_addr data type])
3504 dnl Now check for sin6_scope_id
3505 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3507 #ifdef HAVE_SYS_TYPES_H
3508 #include <sys/types.h>
3510 #include <netinet/in.h>
3514 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3515 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3516 #include <sys/types.h>
3517 #include <sys/socket.h>
3519 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3520 [ ac_cv_have_struct_addrinfo="yes" ],
3521 [ ac_cv_have_struct_addrinfo="no"
3524 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3525 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3526 [define if you have struct addrinfo data type])
3529 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3530 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3531 [[ struct timeval tv; tv.tv_sec = 1;]])],
3532 [ ac_cv_have_struct_timeval="yes" ],
3533 [ ac_cv_have_struct_timeval="no"
3536 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3537 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3538 have_struct_timeval=1
3541 AC_CHECK_TYPES([struct timespec])
3543 # We need int64_t or else certian parts of the compile will fail.
3544 if test "x$ac_cv_have_int64_t" = "xno" && \
3545 test "x$ac_cv_sizeof_long_int" != "x8" && \
3546 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3547 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3548 echo "an alternative compiler (I.E., GCC) before continuing."
3552 dnl test snprintf (broken on SCO w/gcc)
3557 #ifdef HAVE_SNPRINTF
3561 char expected_out[50];
3563 #if (SIZEOF_LONG_INT == 8)
3564 long int num = 0x7fffffffffffffff;
3566 long long num = 0x7fffffffffffffffll;
3568 strcpy(expected_out, "9223372036854775807");
3569 snprintf(buf, mazsize, "%lld", num);
3570 if(strcmp(buf, expected_out) != 0)
3577 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3578 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3582 dnl Checks for structure members
3583 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3584 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3585 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3586 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3587 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3588 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3589 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3590 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3591 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3592 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3593 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3594 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3595 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3596 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3597 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3598 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3599 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3601 AC_CHECK_MEMBERS([struct stat.st_blksize])
3602 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3603 struct passwd.pw_change, struct passwd.pw_expire],
3605 #include <sys/types.h>
3609 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3610 [Define if we don't have struct __res_state in resolv.h])],
3613 #if HAVE_SYS_TYPES_H
3614 # include <sys/types.h>
3616 #include <netinet/in.h>
3617 #include <arpa/nameser.h>
3621 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3622 ac_cv_have_ss_family_in_struct_ss, [
3623 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3624 #include <sys/types.h>
3625 #include <sys/socket.h>
3626 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3627 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3628 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3630 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3631 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3634 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3635 ac_cv_have___ss_family_in_struct_ss, [
3636 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3637 #include <sys/types.h>
3638 #include <sys/socket.h>
3639 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3640 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3641 [ ac_cv_have___ss_family_in_struct_ss="no"
3644 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3645 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3646 [Fields in struct sockaddr_storage])
3649 dnl make sure we're using the real structure members and not defines
3650 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3651 ac_cv_have_accrights_in_msghdr, [
3652 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3653 #include <sys/types.h>
3654 #include <sys/socket.h>
3655 #include <sys/uio.h>
3657 #ifdef msg_accrights
3658 #error "msg_accrights is a macro"
3662 m.msg_accrights = 0;
3665 [ ac_cv_have_accrights_in_msghdr="yes" ],
3666 [ ac_cv_have_accrights_in_msghdr="no" ]
3669 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3670 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3671 [Define if your system uses access rights style
3672 file descriptor passing])
3675 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3676 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3677 #include <sys/param.h>
3678 #include <sys/stat.h>
3679 #ifdef HAVE_SYS_TIME_H
3680 # include <sys/time.h>
3682 #ifdef HAVE_SYS_MOUNT_H
3683 #include <sys/mount.h>
3685 #ifdef HAVE_SYS_STATVFS_H
3686 #include <sys/statvfs.h>
3688 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3689 [ AC_MSG_RESULT([yes]) ],
3690 [ AC_MSG_RESULT([no])
3692 AC_MSG_CHECKING([if fsid_t has member val])
3693 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3694 #include <sys/types.h>
3695 #include <sys/statvfs.h>
3696 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3697 [ AC_MSG_RESULT([yes])
3698 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3699 [ AC_MSG_RESULT([no]) ])
3701 AC_MSG_CHECKING([if f_fsid has member __val])
3702 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3703 #include <sys/types.h>
3704 #include <sys/statvfs.h>
3705 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3706 [ AC_MSG_RESULT([yes])
3707 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3708 [ AC_MSG_RESULT([no]) ])
3711 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3712 ac_cv_have_control_in_msghdr, [
3713 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3714 #include <sys/types.h>
3715 #include <sys/socket.h>
3716 #include <sys/uio.h>
3719 #error "msg_control is a macro"
3726 [ ac_cv_have_control_in_msghdr="yes" ],
3727 [ ac_cv_have_control_in_msghdr="no" ]
3730 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3731 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3732 [Define if your system uses ancillary data style
3733 file descriptor passing])
3736 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3737 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3738 [[ extern char *__progname; printf("%s", __progname); ]])],
3739 [ ac_cv_libc_defines___progname="yes" ],
3740 [ ac_cv_libc_defines___progname="no"
3743 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3744 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3747 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3748 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3749 [[ printf("%s", __FUNCTION__); ]])],
3750 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3751 [ ac_cv_cc_implements___FUNCTION__="no"
3754 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3755 AC_DEFINE([HAVE___FUNCTION__], [1],
3756 [Define if compiler implements __FUNCTION__])
3759 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3760 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3761 [[ printf("%s", __func__); ]])],
3762 [ ac_cv_cc_implements___func__="yes" ],
3763 [ ac_cv_cc_implements___func__="no"
3766 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3767 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3770 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3771 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3774 ]], [[ va_copy(x,y); ]])],
3775 [ ac_cv_have_va_copy="yes" ],
3776 [ ac_cv_have_va_copy="no"
3779 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3780 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3783 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3784 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3787 ]], [[ __va_copy(x,y); ]])],
3788 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3791 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3792 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3795 AC_CACHE_CHECK([whether getopt has optreset support],
3796 ac_cv_have_getopt_optreset, [
3797 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3798 [[ extern int optreset; optreset = 0; ]])],
3799 [ ac_cv_have_getopt_optreset="yes" ],
3800 [ ac_cv_have_getopt_optreset="no"
3803 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3804 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3805 [Define if your getopt(3) defines and uses optreset])
3808 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3809 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3810 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3811 [ ac_cv_libc_defines_sys_errlist="yes" ],
3812 [ ac_cv_libc_defines_sys_errlist="no"
3815 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3816 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3817 [Define if your system defines sys_errlist[]])
3821 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3822 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3823 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3824 [ ac_cv_libc_defines_sys_nerr="yes" ],
3825 [ ac_cv_libc_defines_sys_nerr="no"
3828 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3829 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3832 # Check libraries needed by DNS fingerprint support
3833 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3834 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3835 [Define if getrrsetbyname() exists])],
3837 # Needed by our getrrsetbyname()
3838 AC_SEARCH_LIBS([res_query], [resolv])
3839 AC_SEARCH_LIBS([dn_expand], [resolv])
3840 AC_MSG_CHECKING([if res_query will link])
3841 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3842 #include <sys/types.h>
3843 #include <netinet/in.h>
3844 #include <arpa/nameser.h>
3848 res_query (0, 0, 0, 0, 0);
3850 AC_MSG_RESULT([yes]),
3851 [AC_MSG_RESULT([no])
3853 LIBS="$LIBS -lresolv"
3854 AC_MSG_CHECKING([for res_query in -lresolv])
3855 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3856 #include <sys/types.h>
3857 #include <netinet/in.h>
3858 #include <arpa/nameser.h>
3862 res_query (0, 0, 0, 0, 0);
3864 [AC_MSG_RESULT([yes])],
3866 AC_MSG_RESULT([no])])
3868 AC_CHECK_FUNCS([_getshort _getlong])
3869 AC_CHECK_DECLS([_getshort, _getlong], , ,
3870 [#include <sys/types.h>
3871 #include <arpa/nameser.h>])
3872 AC_CHECK_MEMBER([HEADER.ad],
3873 [AC_DEFINE([HAVE_HEADER_AD], [1],
3874 [Define if HEADER.ad exists in arpa/nameser.h])], ,
3875 [#include <arpa/nameser.h>])
3878 AC_MSG_CHECKING([if struct __res_state _res is an extern])
3879 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3881 #if HAVE_SYS_TYPES_H
3882 # include <sys/types.h>
3884 #include <netinet/in.h>
3885 #include <arpa/nameser.h>
3887 extern struct __res_state _res;
3889 [AC_MSG_RESULT([yes])
3890 AC_DEFINE([HAVE__RES_EXTERN], [1],
3891 [Define if you have struct __res_state _res as an extern])
3893 [ AC_MSG_RESULT([no]) ]
3896 # Check whether user wants SELinux support
3899 AC_ARG_WITH([selinux],
3900 [ --with-selinux Enable SELinux support],
3901 [ if test "x$withval" != "xno" ; then
3903 AC_DEFINE([WITH_SELINUX], [1],
3904 [Define if you want SELinux support.])
3906 AC_CHECK_HEADER([selinux/selinux.h], ,
3907 AC_MSG_ERROR([SELinux support requires selinux.h header]))
3908 AC_CHECK_LIB([selinux], [setexeccon],
3909 [ LIBSELINUX="-lselinux"
3910 LIBS="$LIBS -lselinux"
3912 AC_MSG_ERROR([SELinux support requires libselinux library]))
3913 SSHLIBS="$SSHLIBS $LIBSELINUX"
3914 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3915 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3920 AC_SUBST([SSHDLIBS])
3922 # Check whether user wants Kerberos 5 support
3924 AC_ARG_WITH([kerberos5],
3925 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3926 [ if test "x$withval" != "xno" ; then
3927 if test "x$withval" = "xyes" ; then
3928 KRB5ROOT="/usr/local"
3933 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3936 AC_PATH_PROG([KRB5CONF], [krb5-config],
3937 [$KRB5ROOT/bin/krb5-config],
3938 [$KRB5ROOT/bin:$PATH])
3939 if test -x $KRB5CONF ; then
3940 K5CFLAGS="`$KRB5CONF --cflags`"
3941 K5LIBS="`$KRB5CONF --libs`"
3942 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3944 AC_MSG_CHECKING([for gssapi support])
3945 if $KRB5CONF | grep gssapi >/dev/null ; then
3946 AC_MSG_RESULT([yes])
3947 AC_DEFINE([GSSAPI], [1],
3948 [Define this if you want GSSAPI
3949 support in the version 2 protocol])
3950 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
3951 GSSLIBS="`$KRB5CONF --libs gssapi`"
3952 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
3956 AC_MSG_CHECKING([whether we are using Heimdal])
3957 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3958 ]], [[ char *tmp = heimdal_version; ]])],
3959 [ AC_MSG_RESULT([yes])
3960 AC_DEFINE([HEIMDAL], [1],
3961 [Define this if you are using the Heimdal
3962 version of Kerberos V5]) ],
3963 [AC_MSG_RESULT([no])
3966 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3967 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3968 AC_MSG_CHECKING([whether we are using Heimdal])
3969 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3970 ]], [[ char *tmp = heimdal_version; ]])],
3971 [ AC_MSG_RESULT([yes])
3972 AC_DEFINE([HEIMDAL])
3974 K5LIBS="$K5LIBS -lcom_err -lasn1"
3975 AC_CHECK_LIB([roken], [net_write],
3976 [K5LIBS="$K5LIBS -lroken"])
3977 AC_CHECK_LIB([des], [des_cbc_encrypt],
3978 [K5LIBS="$K5LIBS -ldes"])
3979 ], [ AC_MSG_RESULT([no])
3980 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3983 AC_SEARCH_LIBS([dn_expand], [resolv])
3985 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3986 [ AC_DEFINE([GSSAPI])
3987 GSSLIBS="-lgssapi_krb5" ],
3988 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3989 [ AC_DEFINE([GSSAPI])
3990 GSSLIBS="-lgssapi" ],
3991 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
3992 [ AC_DEFINE([GSSAPI])
3994 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
3998 AC_CHECK_HEADER([gssapi.h], ,
3999 [ unset ac_cv_header_gssapi_h
4000 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4001 AC_CHECK_HEADERS([gssapi.h], ,
4002 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4008 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4009 AC_CHECK_HEADER([gssapi_krb5.h], ,
4010 [ CPPFLAGS="$oldCPP" ])
4013 if test ! -z "$need_dash_r" ; then
4014 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4016 if test ! -z "$blibpath" ; then
4017 blibpath="$blibpath:${KRB5ROOT}/lib"
4020 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4021 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4022 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4024 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4025 [Define this if you want to use libkafs' AFS support])])
4027 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4028 #ifdef HAVE_GSSAPI_H
4029 # include <gssapi.h>
4030 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4031 # include <gssapi/gssapi.h>
4034 #ifdef HAVE_GSSAPI_GENERIC_H
4035 # include <gssapi_generic.h>
4036 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4037 # include <gssapi/gssapi_generic.h>
4041 LIBS="$LIBS $K5LIBS"
4042 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4051 # Looking for programs, paths and files
4053 PRIVSEP_PATH=/var/empty
4054 AC_ARG_WITH([privsep-path],
4055 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4057 if test -n "$withval" && test "x$withval" != "xno" && \
4058 test "x${withval}" != "xyes"; then
4059 PRIVSEP_PATH=$withval
4063 AC_SUBST([PRIVSEP_PATH])
4065 AC_ARG_WITH([xauth],
4066 [ --with-xauth=PATH Specify path to xauth program ],
4068 if test -n "$withval" && test "x$withval" != "xno" && \
4069 test "x${withval}" != "xyes"; then
4075 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4076 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4077 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4078 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4079 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4080 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4081 xauth_path="/usr/openwin/bin/xauth"
4087 AC_ARG_ENABLE([strip],
4088 [ --disable-strip Disable calling strip(1) on install],
4090 if test "x$enableval" = "xno" ; then
4095 AC_SUBST([STRIP_OPT])
4097 if test -z "$xauth_path" ; then
4098 XAUTH_PATH="undefined"
4099 AC_SUBST([XAUTH_PATH])
4101 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4102 [Define if xauth is found in your path])
4103 XAUTH_PATH=$xauth_path
4104 AC_SUBST([XAUTH_PATH])
4107 dnl # --with-maildir=/path/to/mail gets top priority.
4108 dnl # if maildir is set in the platform case statement above we use that.
4109 dnl # Otherwise we run a program to get the dir from system headers.
4110 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4111 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4112 dnl # session.c expects anyway. Otherwise we set to the value found
4113 dnl # stripping any trailing slash. If for some strage reason our program
4114 dnl # does not find what it needs, we default to /var/spool/mail.
4115 # Check for mail directory
4116 AC_ARG_WITH([maildir],
4117 [ --with-maildir=/path/to/mail Specify your system mail directory],
4119 if test "X$withval" != X && test "x$withval" != xno && \
4120 test "x${withval}" != xyes; then
4121 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4122 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4125 if test "X$maildir" != "X"; then
4126 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4128 AC_MSG_CHECKING([Discovering system mail directory])
4136 #ifdef HAVE_MAILLOCK_H
4137 #include <maillock.h>
4139 #define DATA "conftest.maildir"
4144 fd = fopen(DATA,"w");
4148 #if defined (_PATH_MAILDIR)
4149 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4151 #elif defined (MAILDIR)
4152 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4154 #elif defined (_PATH_MAIL)
4155 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4164 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4165 maildir=`awk -F: '{print $2}' conftest.maildir \
4167 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4168 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4169 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4173 if test "X$ac_status" = "X2";then
4174 # our test program didn't find it. Default to /var/spool/mail
4175 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4176 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4178 AC_MSG_RESULT([*** not found ***])
4182 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4189 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4190 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4191 disable_ptmx_check=yes
4193 if test -z "$no_dev_ptmx" ; then
4194 if test "x$disable_ptmx_check" != "xyes" ; then
4195 AC_CHECK_FILE(["/dev/ptmx"],
4197 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4198 [Define if you have /dev/ptmx])
4205 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4206 AC_CHECK_FILE(["/dev/ptc"],
4208 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4209 [Define if you have /dev/ptc])
4214 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4217 # Options from here on. Some of these are preset by platform above
4218 AC_ARG_WITH([mantype],
4219 [ --with-mantype=man|cat|doc Set man page type],
4226 AC_MSG_ERROR([invalid man type: $withval])
4231 if test -z "$MANTYPE"; then
4232 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4233 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4234 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4236 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4243 if test "$MANTYPE" = "doc"; then
4248 AC_SUBST([mansubdir])
4250 # Check whether to enable MD5 passwords
4252 AC_ARG_WITH([md5-passwords],
4253 [ --with-md5-passwords Enable use of MD5 passwords],
4255 if test "x$withval" != "xno" ; then
4256 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4257 [Define if you want to allow MD5 passwords])
4263 # Whether to disable shadow password support
4264 AC_ARG_WITH([shadow],
4265 [ --without-shadow Disable shadow password support],
4267 if test "x$withval" = "xno" ; then
4268 AC_DEFINE([DISABLE_SHADOW])
4274 if test -z "$disable_shadow" ; then
4275 AC_MSG_CHECKING([if the systems has expire shadow information])
4276 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4277 #include <sys/types.h>
4280 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4281 [ sp_expire_available=yes ], [
4284 if test "x$sp_expire_available" = "xyes" ; then
4285 AC_MSG_RESULT([yes])
4286 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4287 [Define if you want to use shadow password expire field])
4293 # Use ip address instead of hostname in $DISPLAY
4294 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4295 DISPLAY_HACK_MSG="yes"
4296 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4297 [Define if you need to use IP address
4298 instead of hostname in $DISPLAY])
4300 DISPLAY_HACK_MSG="no"
4301 AC_ARG_WITH([ipaddr-display],
4302 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
4304 if test "x$withval" != "xno" ; then
4305 AC_DEFINE([IPADDR_IN_DISPLAY])
4306 DISPLAY_HACK_MSG="yes"
4312 # check for /etc/default/login and use it if present.
4313 AC_ARG_ENABLE([etc-default-login],
4314 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4315 [ if test "x$enableval" = "xno"; then
4316 AC_MSG_NOTICE([/etc/default/login handling disabled])
4317 etc_default_login=no
4319 etc_default_login=yes
4321 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4323 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4324 etc_default_login=no
4326 etc_default_login=yes
4330 if test "x$etc_default_login" != "xno"; then
4331 AC_CHECK_FILE(["/etc/default/login"],
4332 [ external_path_file=/etc/default/login ])
4333 if test "x$external_path_file" = "x/etc/default/login"; then
4334 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4335 [Define if your system has /etc/default/login])
4339 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4340 if test $ac_cv_func_login_getcapbool = "yes" && \
4341 test $ac_cv_header_login_cap_h = "yes" ; then
4342 external_path_file=/etc/login.conf
4345 # Whether to mess with the default path
4346 SERVER_PATH_MSG="(default)"
4347 AC_ARG_WITH([default-path],
4348 [ --with-default-path= Specify default \$PATH environment for server],
4350 if test "x$external_path_file" = "x/etc/login.conf" ; then
4352 --with-default-path=PATH has no effect on this system.
4353 Edit /etc/login.conf instead.])
4354 elif test "x$withval" != "xno" ; then
4355 if test ! -z "$external_path_file" ; then
4357 --with-default-path=PATH will only be used if PATH is not defined in
4358 $external_path_file .])
4360 user_path="$withval"
4361 SERVER_PATH_MSG="$withval"
4364 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4365 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4367 if test ! -z "$external_path_file" ; then
4369 If PATH is defined in $external_path_file, ensure the path to scp is included,
4370 otherwise scp will not work.])
4374 /* find out what STDPATH is */
4379 #ifndef _PATH_STDPATH
4380 # ifdef _PATH_USERPATH /* Irix */
4381 # define _PATH_STDPATH _PATH_USERPATH
4383 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4386 #include <sys/types.h>
4387 #include <sys/stat.h>
4389 #define DATA "conftest.stdpath"
4394 fd = fopen(DATA,"w");
4398 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4403 [ user_path=`cat conftest.stdpath` ],
4404 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4405 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4407 # make sure $bindir is in USER_PATH so scp will work
4408 t_bindir="${bindir}"
4409 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4410 t_bindir=`eval echo ${t_bindir}`
4412 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4415 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4418 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4419 if test $? -ne 0 ; then
4420 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4421 if test $? -ne 0 ; then
4422 user_path=$user_path:$t_bindir
4423 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4428 if test "x$external_path_file" != "x/etc/login.conf" ; then
4429 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4430 AC_SUBST([user_path])
4433 # Set superuser path separately to user path
4434 AC_ARG_WITH([superuser-path],
4435 [ --with-superuser-path= Specify different path for super-user],
4437 if test -n "$withval" && test "x$withval" != "xno" && \
4438 test "x${withval}" != "xyes"; then
4439 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4440 [Define if you want a different $PATH
4442 superuser_path=$withval
4448 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4449 IPV4_IN6_HACK_MSG="no"
4451 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4453 if test "x$withval" != "xno" ; then
4454 AC_MSG_RESULT([yes])
4455 AC_DEFINE([IPV4_IN_IPV6], [1],
4456 [Detect IPv4 in IPv6 mapped addresses
4458 IPV4_IN6_HACK_MSG="yes"
4463 if test "x$inet6_default_4in6" = "xyes"; then
4464 AC_MSG_RESULT([yes (default)])
4465 AC_DEFINE([IPV4_IN_IPV6])
4466 IPV4_IN6_HACK_MSG="yes"
4468 AC_MSG_RESULT([no (default)])
4473 # Whether to enable BSD auth support
4475 AC_ARG_WITH([bsd-auth],
4476 [ --with-bsd-auth Enable BSD auth support],
4478 if test "x$withval" != "xno" ; then
4479 AC_DEFINE([BSD_AUTH], [1],
4480 [Define if you have BSD auth support])
4486 # Where to place sshd.pid
4488 # make sure the directory exists
4489 if test ! -d $piddir ; then
4490 piddir=`eval echo ${sysconfdir}`
4492 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4496 AC_ARG_WITH([pid-dir],
4497 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4499 if test -n "$withval" && test "x$withval" != "xno" && \
4500 test "x${withval}" != "xyes"; then
4502 if test ! -d $piddir ; then
4503 AC_MSG_WARN([** no $piddir directory on this system **])
4509 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4510 [Specify location of ssh.pid])
4513 dnl allow user to disable some login recording features
4514 AC_ARG_ENABLE([lastlog],
4515 [ --disable-lastlog disable use of lastlog even if detected [no]],
4517 if test "x$enableval" = "xno" ; then
4518 AC_DEFINE([DISABLE_LASTLOG])
4522 AC_ARG_ENABLE([utmp],
4523 [ --disable-utmp disable use of utmp even if detected [no]],
4525 if test "x$enableval" = "xno" ; then
4526 AC_DEFINE([DISABLE_UTMP])
4530 AC_ARG_ENABLE([utmpx],
4531 [ --disable-utmpx disable use of utmpx even if detected [no]],
4533 if test "x$enableval" = "xno" ; then
4534 AC_DEFINE([DISABLE_UTMPX], [1],
4535 [Define if you don't want to use utmpx])
4539 AC_ARG_ENABLE([wtmp],
4540 [ --disable-wtmp disable use of wtmp even if detected [no]],
4542 if test "x$enableval" = "xno" ; then
4543 AC_DEFINE([DISABLE_WTMP])
4547 AC_ARG_ENABLE([wtmpx],
4548 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4550 if test "x$enableval" = "xno" ; then
4551 AC_DEFINE([DISABLE_WTMPX], [1],
4552 [Define if you don't want to use wtmpx])
4556 AC_ARG_ENABLE([libutil],
4557 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4559 if test "x$enableval" = "xno" ; then
4560 AC_DEFINE([DISABLE_LOGIN])
4564 AC_ARG_ENABLE([pututline],
4565 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4567 if test "x$enableval" = "xno" ; then
4568 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4569 [Define if you don't want to use pututline()
4570 etc. to write [uw]tmp])
4574 AC_ARG_ENABLE([pututxline],
4575 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4577 if test "x$enableval" = "xno" ; then
4578 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4579 [Define if you don't want to use pututxline()
4580 etc. to write [uw]tmpx])
4584 AC_ARG_WITH([lastlog],
4585 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4587 if test "x$withval" = "xno" ; then
4588 AC_DEFINE([DISABLE_LASTLOG])
4589 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4590 conf_lastlog_location=$withval
4595 dnl lastlog, [uw]tmpx? detection
4596 dnl NOTE: set the paths in the platform section to avoid the
4597 dnl need for command-line parameters
4598 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4600 dnl lastlog detection
4601 dnl NOTE: the code itself will detect if lastlog is a directory
4602 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4603 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4604 #include <sys/types.h>
4606 #ifdef HAVE_LASTLOG_H
4607 # include <lastlog.h>
4615 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4616 [ AC_MSG_RESULT([yes]) ],
4619 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4620 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4621 #include <sys/types.h>
4623 #ifdef HAVE_LASTLOG_H
4624 # include <lastlog.h>
4629 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4630 [ AC_MSG_RESULT([yes]) ],
4633 system_lastlog_path=no
4637 if test -z "$conf_lastlog_location"; then
4638 if test x"$system_lastlog_path" = x"no" ; then
4639 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4640 if (test -d "$f" || test -f "$f") ; then
4641 conf_lastlog_location=$f
4644 if test -z "$conf_lastlog_location"; then
4645 AC_MSG_WARN([** Cannot find lastlog **])
4646 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4651 if test -n "$conf_lastlog_location"; then
4652 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4653 [Define if you want to specify the path to your lastlog file])
4657 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4658 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4659 #include <sys/types.h>
4664 ]], [[ char *utmp = UTMP_FILE; ]])],
4665 [ AC_MSG_RESULT([yes]) ],
4666 [ AC_MSG_RESULT([no])
4669 if test -z "$conf_utmp_location"; then
4670 if test x"$system_utmp_path" = x"no" ; then
4671 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4672 if test -f $f ; then
4673 conf_utmp_location=$f
4676 if test -z "$conf_utmp_location"; then
4677 AC_DEFINE([DISABLE_UTMP])
4681 if test -n "$conf_utmp_location"; then
4682 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4683 [Define if you want to specify the path to your utmp file])
4687 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4688 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4689 #include <sys/types.h>
4694 ]], [[ char *wtmp = WTMP_FILE; ]])],
4695 [ AC_MSG_RESULT([yes]) ],
4696 [ AC_MSG_RESULT([no])
4699 if test -z "$conf_wtmp_location"; then
4700 if test x"$system_wtmp_path" = x"no" ; then
4701 for f in /usr/adm/wtmp /var/log/wtmp; do
4702 if test -f $f ; then
4703 conf_wtmp_location=$f
4706 if test -z "$conf_wtmp_location"; then
4707 AC_DEFINE([DISABLE_WTMP])
4711 if test -n "$conf_wtmp_location"; then
4712 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4713 [Define if you want to specify the path to your wtmp file])
4717 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4718 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4719 #include <sys/types.h>
4727 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4728 [ AC_MSG_RESULT([yes]) ],
4729 [ AC_MSG_RESULT([no])
4730 system_wtmpx_path=no
4732 if test -z "$conf_wtmpx_location"; then
4733 if test x"$system_wtmpx_path" = x"no" ; then
4734 AC_DEFINE([DISABLE_WTMPX])
4737 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4738 [Define if you want to specify the path to your wtmpx file])
4742 if test ! -z "$blibpath" ; then
4743 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4744 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4747 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4748 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4749 AC_DEFINE([DISABLE_LASTLOG])
4752 #ifdef HAVE_SYS_TYPES_H
4753 #include <sys/types.h>
4761 #ifdef HAVE_LASTLOG_H
4762 #include <lastlog.h>
4766 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
4767 AC_DEFINE([DISABLE_UTMP])
4768 AC_DEFINE([DISABLE_WTMP])
4770 #ifdef HAVE_SYS_TYPES_H
4771 #include <sys/types.h>
4779 #ifdef HAVE_LASTLOG_H
4780 #include <lastlog.h>
4784 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4786 CFLAGS="$CFLAGS $werror_flags"
4788 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4793 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4794 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4795 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
4796 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
4799 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4800 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4804 # Print summary of options
4806 # Someone please show me a better way :)
4807 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4808 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4809 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4810 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4811 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4812 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4813 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4814 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4815 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4816 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4819 echo "OpenSSH has been configured with the following options:"
4820 echo " User binaries: $B"
4821 echo " System binaries: $C"
4822 echo " Configuration files: $D"
4823 echo " Askpass program: $E"
4824 echo " Manual pages: $F"
4825 echo " PID file: $G"
4826 echo " Privilege separation chroot path: $H"
4827 if test "x$external_path_file" = "x/etc/login.conf" ; then
4828 echo " At runtime, sshd will use the path defined in $external_path_file"
4829 echo " Make sure the path to scp is present, otherwise scp will not work"
4831 echo " sshd default user PATH: $I"
4832 if test ! -z "$external_path_file"; then
4833 echo " (If PATH is set in $external_path_file it will be used instead. If"
4834 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4837 if test ! -z "$superuser_path" ; then
4838 echo " sshd superuser user PATH: $J"
4840 echo " Manpage format: $MANTYPE"
4841 echo " PAM support: $PAM_MSG"
4842 echo " OSF SIA support: $SIA_MSG"
4843 echo " KerberosV support: $KRB5_MSG"
4844 echo " SELinux support: $SELINUX_MSG"
4845 echo " Smartcard support: $SCARD_MSG"
4846 echo " S/KEY support: $SKEY_MSG"
4847 echo " TCP Wrappers support: $TCPW_MSG"
4848 echo " MD5 password support: $MD5_MSG"
4849 echo " libedit support: $LIBEDIT_MSG"
4850 echo " Solaris process contract support: $SPC_MSG"
4851 echo " Solaris project support: $SP_MSG"
4852 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4853 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4854 echo " BSD Auth support: $BSD_AUTH_MSG"
4855 echo " Random number source: $RAND_MSG"
4856 echo " Privsep sandbox style: $SANDBOX_STYLE"
4860 echo " Host: ${host}"
4861 echo " Compiler: ${CC}"
4862 echo " Compiler flags: ${CFLAGS}"
4863 echo "Preprocessor flags: ${CPPFLAGS}"
4864 echo " Linker flags: ${LDFLAGS}"
4865 echo " Libraries: ${LIBS}"
4866 if test ! -z "${SSHDLIBS}"; then
4867 echo " +for sshd: ${SSHDLIBS}"
4869 if test ! -z "${SSHLIBS}"; then
4870 echo " +for ssh: ${SSHLIBS}"
4875 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4876 echo "SVR4 style packages are supported with \"make package\""
4880 if test "x$PAM_MSG" = "xyes" ; then
4881 echo "PAM is enabled. You may need to install a PAM control file "
4882 echo "for sshd, otherwise password authentication may fail. "
4883 echo "Example PAM control files can be found in the contrib/ "
4888 if test ! -z "$NO_PEERCHECK" ; then
4889 echo "WARNING: the operating system that you are using does not"
4890 echo "appear to support getpeereid(), getpeerucred() or the"
4891 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4892 echo "enforce security checks to prevent unauthorised connections to"
4893 echo "ssh-agent. Their absence increases the risk that a malicious"
4894 echo "user can connect to your agent."
4898 if test "$AUDIT_MODULE" = "bsm" ; then
4899 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4900 echo "See the Solaris section in README.platform for details."
projects / FreeBSD / releng / 10.2.git / blob