1 # $Id: configure.ac,v 1.568 2014/01/30 00:26:46 djm Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18 AC_REVISION($Revision: 1.568 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_CONFIG_HEADER([config.h])
27 # Checks for programs.
33 AC_PATH_PROG([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROGS([PERL], [perl5 perl])
37 AC_PATH_PROG([SED], [sed])
39 AC_PATH_PROG([ENT], [ent])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44 AC_PATH_PROG([SH], [sh])
45 AC_PATH_PROG([GROFF], [groff])
46 AC_PATH_PROG([NROFF], [nroff])
47 AC_PATH_PROG([MANDOC], [mandoc])
48 AC_SUBST([TEST_SHELL], [sh])
50 dnl select manpage formatter
51 if test "x$MANDOC" != "x" ; then
53 elif test "x$NROFF" != "x" ; then
54 MANFMT="$NROFF -mandoc"
55 elif test "x$GROFF" != "x" ; then
56 MANFMT="$GROFF -mandoc -Tascii"
58 AC_MSG_WARN([no manpage formatted found])
64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67 [/usr/sbin${PATH_SEPARATOR}/etc])
68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69 if test -x /sbin/sh; then
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
78 if test -z "$AR" ; then
79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
82 # Use LOGIN_PROGRAM from environment if possible
83 if test ! -z "$LOGIN_PROGRAM" ; then
84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
85 [If your header files don't define LOGIN_PROGRAM,
86 then use this (detected) from environment and PATH])
89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
95 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
96 if test ! -z "$PATH_PASSWD_PROG" ; then
97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
98 [Full path of your "passwd" program])
101 if test -z "$LD" ; then
108 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
109 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
110 #include <sys/types.h>
111 #include <sys/param.h>
112 #include <dev/systrace.h>
114 AC_CHECK_DECL([RLIMIT_NPROC],
115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
116 #include <sys/types.h>
117 #include <sys/resource.h>
119 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
120 #include <sys/types.h>
121 #include <linux/prctl.h>
124 use_stack_protector=1
125 use_toolchain_hardening=1
126 AC_ARG_WITH([stackprotect],
127 [ --without-stackprotect Don't use compiler's stack protection], [
128 if test "x$withval" = "xno"; then
129 use_stack_protector=0
131 AC_ARG_WITH([hardening],
132 [ --without-hardening Don't use toolchain hardening flags], [
133 if test "x$withval" = "xno"; then
134 use_toolchain_hardening=0
137 # We use -Werror for the tests only so that we catch warnings like "this is
138 # on by default" for things like -fPIE.
139 AC_MSG_CHECKING([if $CC supports -Werror])
140 saved_CFLAGS="$CFLAGS"
141 CFLAGS="$CFLAGS -Werror"
142 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
143 [ AC_MSG_RESULT([yes])
145 [ AC_MSG_RESULT([no])
148 CFLAGS="$saved_CFLAGS"
150 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
151 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
152 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
153 OSSH_CHECK_CFLAG_COMPILE([-Wall])
154 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
155 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
156 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
157 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
158 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
159 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
160 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
161 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
162 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
163 if test "x$use_toolchain_hardening" = "x1"; then
164 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
165 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
166 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
167 # NB. -ftrapv expects certain support functions to be present in
168 # the compiler library (libgcc or similar) to detect integer operations
169 # that can overflow. We must check that the result of enabling it
170 # actually links. The test program compiled/linked includes a number
171 # of integer operations that should exercise this.
172 OSSH_CHECK_CFLAG_LINK([-ftrapv])
174 AC_MSG_CHECKING([gcc version])
175 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
177 1.*) no_attrib_nonnull=1 ;;
181 2.*) no_attrib_nonnull=1 ;;
184 AC_MSG_RESULT([$GCC_VER])
186 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
187 saved_CFLAGS="$CFLAGS"
188 CFLAGS="$CFLAGS -fno-builtin-memset"
189 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
190 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
191 [ AC_MSG_RESULT([yes]) ],
192 [ AC_MSG_RESULT([no])
193 CFLAGS="$saved_CFLAGS" ]
196 # -fstack-protector-all doesn't always work for some GCC versions
197 # and/or platforms, so we test if we can. If it's not supported
198 # on a given platform gcc will emit a warning so we use -Werror.
199 if test "x$use_stack_protector" = "x1"; then
200 for t in -fstack-protector-strong -fstack-protector-all \
201 -fstack-protector; do
202 AC_MSG_CHECKING([if $CC supports $t])
203 saved_CFLAGS="$CFLAGS"
204 saved_LDFLAGS="$LDFLAGS"
205 CFLAGS="$CFLAGS $t -Werror"
206 LDFLAGS="$LDFLAGS $t -Werror"
208 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
211 snprintf(x, sizeof(x), "XXX");
213 [ AC_MSG_RESULT([yes])
214 CFLAGS="$saved_CFLAGS $t"
215 LDFLAGS="$saved_LDFLAGS $t"
216 AC_MSG_CHECKING([if $t works])
218 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
221 snprintf(x, sizeof(x), "XXX");
223 [ AC_MSG_RESULT([yes])
225 [ AC_MSG_RESULT([no]) ],
226 [ AC_MSG_WARN([cross compiling: cannot test])
230 [ AC_MSG_RESULT([no]) ]
232 CFLAGS="$saved_CFLAGS"
233 LDFLAGS="$saved_LDFLAGS"
237 if test -z "$have_llong_max"; then
238 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
239 unset ac_cv_have_decl_LLONG_MAX
240 saved_CFLAGS="$CFLAGS"
241 CFLAGS="$CFLAGS -std=gnu99"
242 AC_CHECK_DECL([LLONG_MAX],
244 [CFLAGS="$saved_CFLAGS"],
245 [#include <limits.h>]
250 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
254 __attribute__((__unused__)) static void foo(void){return;}]],
256 [ AC_MSG_RESULT([yes]) ],
257 [ AC_MSG_RESULT([no])
258 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
259 [compiler does not accept __attribute__ on return types]) ]
262 if test "x$no_attrib_nonnull" != "x1" ; then
263 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
267 [ --without-rpath Disable auto-added -R linker paths],
269 if test "x$withval" = "xno" ; then
272 if test "x$withval" = "xyes" ; then
278 # Allow user to specify flags
279 AC_ARG_WITH([cflags],
280 [ --with-cflags Specify additional flags to pass to compiler],
282 if test -n "$withval" && test "x$withval" != "xno" && \
283 test "x${withval}" != "xyes"; then
284 CFLAGS="$CFLAGS $withval"
288 AC_ARG_WITH([cppflags],
289 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
291 if test -n "$withval" && test "x$withval" != "xno" && \
292 test "x${withval}" != "xyes"; then
293 CPPFLAGS="$CPPFLAGS $withval"
297 AC_ARG_WITH([ldflags],
298 [ --with-ldflags Specify additional flags to pass to linker],
300 if test -n "$withval" && test "x$withval" != "xno" && \
301 test "x${withval}" != "xyes"; then
302 LDFLAGS="$LDFLAGS $withval"
307 [ --with-libs Specify additional libraries to link with],
309 if test -n "$withval" && test "x$withval" != "xno" && \
310 test "x${withval}" != "xyes"; then
311 LIBS="$LIBS $withval"
315 AC_ARG_WITH([Werror],
316 [ --with-Werror Build main code with -Werror],
318 if test -n "$withval" && test "x$withval" != "xno"; then
319 werror_flags="-Werror"
320 if test "x${withval}" != "xyes"; then
321 werror_flags="$withval"
357 security/pam_appl.h \
397 # lastlog.h requires sys/time.h to be included first on Solaris
398 AC_CHECK_HEADERS([lastlog.h], [], [], [
399 #ifdef HAVE_SYS_TIME_H
400 # include <sys/time.h>
404 # sys/ptms.h requires sys/stream.h to be included first on Solaris
405 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
406 #ifdef HAVE_SYS_STREAM_H
407 # include <sys/stream.h>
411 # login_cap.h requires sys/types.h on NetBSD
412 AC_CHECK_HEADERS([login_cap.h], [], [], [
413 #include <sys/types.h>
416 # older BSDs need sys/param.h before sys/mount.h
417 AC_CHECK_HEADERS([sys/mount.h], [], [], [
418 #include <sys/param.h>
421 # Android requires sys/socket.h to be included before sys/un.h
422 AC_CHECK_HEADERS([sys/un.h], [], [], [
423 #include <sys/types.h>
424 #include <sys/socket.h>
427 # Messages for features tested for in target-specific section
432 # Check for some target-specific stuff
435 # Some versions of VAC won't allow macro redefinitions at
436 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
437 # particularly with older versions of vac or xlc.
438 # It also throws errors about null macro argments, but these are
440 AC_MSG_CHECKING([if compiler allows macro redefinitions])
443 #define testmacro foo
444 #define testmacro bar]],
446 [ AC_MSG_RESULT([yes]) ],
447 [ AC_MSG_RESULT([no])
448 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
449 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
450 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
451 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
455 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
456 if (test -z "$blibpath"); then
457 blibpath="/usr/lib:/lib"
459 saved_LDFLAGS="$LDFLAGS"
460 if test "$GCC" = "yes"; then
461 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
463 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
465 for tryflags in $flags ;do
466 if (test -z "$blibflags"); then
467 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
468 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
469 [blibflags=$tryflags], [])
472 if (test -z "$blibflags"); then
473 AC_MSG_RESULT([not found])
474 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
476 AC_MSG_RESULT([$blibflags])
478 LDFLAGS="$saved_LDFLAGS"
479 dnl Check for authenticate. Might be in libs.a on older AIXes
480 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
481 [Define if you want to enable AIX4's authenticate function])],
482 [AC_CHECK_LIB([s], [authenticate],
483 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
487 dnl Check for various auth function declarations in headers.
488 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
489 passwdexpired, setauthdb], , , [#include <usersec.h>])
490 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
491 AC_CHECK_DECLS([loginfailed],
492 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
493 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
494 [[ (void)loginfailed("user","host","tty",0); ]])],
495 [AC_MSG_RESULT([yes])
496 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
497 [Define if your AIX loginfailed() function
498 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
501 [#include <usersec.h>]
503 AC_CHECK_FUNCS([getgrset setauthdb])
504 AC_CHECK_DECL([F_CLOSEM],
505 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
507 [ #include <limits.h>
510 check_for_aix_broken_getaddrinfo=1
511 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
512 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
513 [Define if your platform breaks doing a seteuid before a setuid])
514 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
515 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
516 dnl AIX handles lastlog as part of its login message
517 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
518 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
519 [Some systems need a utmpx entry for /bin/login to work])
520 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
521 [Define to a Set Process Title type if your system is
522 supported by bsd-setproctitle.c])
523 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
524 [AIX 5.2 and 5.3 (and presumably newer) require this])
525 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
526 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
529 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
530 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
533 check_for_libcrypt_later=1
534 LIBS="$LIBS /usr/lib/textreadmode.o"
535 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
536 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
537 AC_DEFINE([DISABLE_SHADOW], [1],
538 [Define if you want to disable shadow passwords])
539 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
540 [Define if X11 doesn't support AF_UNIX sockets on that system])
541 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
542 [Define if the concept of ports only accessible to
543 superusers isn't known])
544 AC_DEFINE([DISABLE_FD_PASSING], [1],
545 [Define if your platform needs to skip post auth
546 file descriptor passing])
547 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
548 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
549 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
550 # reasons which cause compile warnings, so we disable those warnings.
551 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
554 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
555 [Define if your system choked on IP TOS setting])
556 AC_DEFINE([SETEUID_BREAKS_SETUID])
557 AC_DEFINE([BROKEN_SETREUID])
558 AC_DEFINE([BROKEN_SETREGID])
562 AC_MSG_CHECKING([if we have working getaddrinfo])
563 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
564 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
570 [AC_MSG_RESULT([working])],
571 [AC_MSG_RESULT([buggy])
572 AC_DEFINE([BROKEN_GETADDRINFO], [1],
573 [getaddrinfo is broken (if present)])
575 [AC_MSG_RESULT([assume it is working])])
576 AC_DEFINE([SETEUID_BREAKS_SETUID])
577 AC_DEFINE([BROKEN_SETREUID])
578 AC_DEFINE([BROKEN_SETREGID])
579 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
580 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
581 [Define if your resolver libs need this for getrrsetbyname])
582 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
583 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
584 [Use tunnel device compatibility to OpenBSD])
585 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
586 [Prepend the address family to IP tunnel traffic])
587 m4_pattern_allow([AU_IPv])
588 AC_CHECK_DECL([AU_IPv4], [],
589 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
590 [#include <bsm/audit.h>]
591 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
592 [Define if pututxline updates lastlog too])
594 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
595 [Define to a Set Process Title type if your system is
596 supported by bsd-setproctitle.c])
597 AC_CHECK_FUNCS([sandbox_init])
598 AC_CHECK_HEADERS([sandbox.h])
601 SSHDLIBS="$SSHDLIBS -lcrypt"
602 TEST_MALLOC_OPTIONS="AFGJPRX"
606 AC_CHECK_LIB([network], [socket])
607 AC_DEFINE([HAVE_U_INT64_T])
611 # first we define all of the options common to all HP-UX releases
612 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
613 IPADDR_IN_DISPLAY=yes
614 AC_DEFINE([USE_PIPES])
615 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
616 [Define if your login program cannot handle end of options ("--")])
617 AC_DEFINE([LOGIN_NEEDS_UTMPX])
618 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
619 [String used in /etc/passwd to denote locked account])
620 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
621 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
624 AC_CHECK_LIB([xnet], [t_error], ,
625 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
627 # next, we define all of the options specific to major releases
630 if test -z "$GCC"; then
635 AC_DEFINE([PAM_SUN_CODEBASE], [1],
636 [Define if you are using Solaris-derived PAM which
637 passes pam_messages to the conversation function
638 with an extra level of indirection])
639 AC_DEFINE([DISABLE_UTMP], [1],
640 [Define if you don't want to use utmp])
641 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
642 check_for_hpux_broken_getaddrinfo=1
643 check_for_conflicting_getspnam=1
647 # lastly, we define options specific to minor releases
650 AC_DEFINE([HAVE_SECUREWARE], [1],
651 [Define if you have SecureWare-based
652 protected password database])
653 disable_ptmx_check=yes
659 PATH="$PATH:/usr/etc"
660 AC_DEFINE([BROKEN_INET_NTOA], [1],
661 [Define if you system's inet_ntoa is busted
662 (e.g. Irix gcc issue)])
663 AC_DEFINE([SETEUID_BREAKS_SETUID])
664 AC_DEFINE([BROKEN_SETREUID])
665 AC_DEFINE([BROKEN_SETREGID])
666 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
667 [Define if you shouldn't strip 'tty' from your
669 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
672 PATH="$PATH:/usr/etc"
673 AC_DEFINE([WITH_IRIX_ARRAY], [1],
674 [Define if you have/want arrays
675 (cluster-wide session managment, not C arrays)])
676 AC_DEFINE([WITH_IRIX_PROJECT], [1],
677 [Define if you want IRIX project management])
678 AC_DEFINE([WITH_IRIX_AUDIT], [1],
679 [Define if you want IRIX audit trails])
680 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
681 [Define if you want IRIX kernel jobs])])
682 AC_DEFINE([BROKEN_INET_NTOA])
683 AC_DEFINE([SETEUID_BREAKS_SETUID])
684 AC_DEFINE([BROKEN_SETREUID])
685 AC_DEFINE([BROKEN_SETREGID])
686 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
687 AC_DEFINE([WITH_ABBREV_NO_TTY])
688 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
690 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
691 check_for_libcrypt_later=1
692 AC_DEFINE([PAM_TTY_KLUDGE])
693 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
694 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
695 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
696 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
701 check_for_libcrypt_later=1
702 check_for_openpty_ctty_bug=1
703 AC_DEFINE([PAM_TTY_KLUDGE], [1],
704 [Work around problematic Linux PAM modules handling of PAM_TTY])
705 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
706 [String used in /etc/passwd to denote locked account])
707 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
708 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
709 [Define to whatever link() returns for "not supported"
710 if it doesn't return EOPNOTSUPP.])
711 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
712 AC_DEFINE([USE_BTMP])
713 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
714 inet6_default_4in6=yes
717 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
718 [Define if cmsg_type is not passed correctly])
721 # tun(4) forwarding compat code
722 AC_CHECK_HEADERS([linux/if_tun.h])
723 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
724 AC_DEFINE([SSH_TUN_LINUX], [1],
725 [Open tunnel devices the Linux tun/tap way])
726 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
727 [Use tunnel device compatibility to OpenBSD])
728 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
729 [Prepend the address family to IP tunnel traffic])
731 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
732 [], [#include <linux/types.h>])
733 AC_CHECK_FUNCS([prctl])
734 AC_MSG_CHECKING([for seccomp architecture])
738 seccomp_audit_arch=AUDIT_ARCH_X86_64
741 seccomp_audit_arch=AUDIT_ARCH_I386
744 seccomp_audit_arch=AUDIT_ARCH_ARM
747 if test "x$seccomp_audit_arch" != "x" ; then
748 AC_MSG_RESULT(["$seccomp_audit_arch"])
749 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
750 [Specify the system call convention in use])
752 AC_MSG_RESULT([architecture not supported])
755 mips-sony-bsd|mips-sony-newsos4)
756 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
760 check_for_libcrypt_before=1
761 if test "x$withval" != "xno" ; then
764 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
765 AC_CHECK_HEADER([net/if_tap.h], ,
766 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
767 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
768 [Prepend the address family to IP tunnel traffic])
769 TEST_MALLOC_OPTIONS="AJRX"
770 AC_DEFINE([BROKEN_STRNVIS], [1],
771 [NetBSD strnvis argument order is swapped compared to OpenBSD])
772 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
773 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
776 check_for_libcrypt_later=1
777 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
778 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
779 AC_CHECK_HEADER([net/if_tap.h], ,
780 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
781 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
782 AC_DEFINE([BROKEN_STRNVIS], [1],
783 [FreeBSD strnvis argument order is swapped compared to OpenBSD])
784 TEST_MALLOC_OPTIONS="AJRX"
785 # Preauth crypto occasionally uses file descriptors for crypto offload
786 # and will crash if they cannot be opened.
787 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
788 [define if setrlimit RLIMIT_NOFILE breaks things])],
791 AC_DEFINE([SETEUID_BREAKS_SETUID])
792 AC_DEFINE([BROKEN_SETREUID])
793 AC_DEFINE([BROKEN_SETREGID])
796 conf_lastlog_location="/usr/adm/lastlog"
797 conf_utmp_location=/etc/utmp
798 conf_wtmp_location=/usr/adm/wtmp
799 maildir=/usr/spool/mail
800 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
801 AC_DEFINE([BROKEN_REALPATH])
802 AC_DEFINE([USE_PIPES])
803 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
807 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
808 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
809 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
810 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
811 [syslog_r function is safe to use in in a signal handler])
812 TEST_MALLOC_OPTIONS="AFGJPRX"
815 if test "x$withval" != "xno" ; then
818 AC_DEFINE([PAM_SUN_CODEBASE])
819 AC_DEFINE([LOGIN_NEEDS_UTMPX])
820 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
821 [Some versions of /bin/login need the TERM supplied
823 AC_DEFINE([PAM_TTY_KLUDGE])
824 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
825 [Define if pam_chauthtok wants real uid set
826 to the unpriv'ed user])
827 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
828 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
829 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
830 [Define if sshd somehow reacquires a controlling TTY
832 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
833 in case the name is longer than 8 chars])
834 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
835 external_path_file=/etc/default/login
836 # hardwire lastlog location (can't detect it on some versions)
837 conf_lastlog_location="/var/adm/lastlog"
838 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
839 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
840 if test "$sol2ver" -ge 8; then
842 AC_DEFINE([DISABLE_UTMP])
843 AC_DEFINE([DISABLE_WTMP], [1],
844 [Define if you don't want to use wtmp])
848 AC_ARG_WITH([solaris-contracts],
849 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
851 AC_CHECK_LIB([contract], [ct_tmpl_activate],
852 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
853 [Define if you have Solaris process contracts])
854 SSHDLIBS="$SSHDLIBS -lcontract"
858 AC_ARG_WITH([solaris-projects],
859 [ --with-solaris-projects Enable Solaris projects (experimental)],
861 AC_CHECK_LIB([project], [setproject],
862 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
863 [Define if you have Solaris projects])
864 SSHDLIBS="$SSHDLIBS -lproject"
868 TEST_SHELL=$SHELL # let configure find us a capable shell
871 CPPFLAGS="$CPPFLAGS -DSUNOS4"
872 AC_CHECK_FUNCS([getpwanam])
873 AC_DEFINE([PAM_SUN_CODEBASE])
874 conf_utmp_location=/etc/utmp
875 conf_wtmp_location=/var/adm/wtmp
876 conf_lastlog_location=/var/adm/lastlog
877 AC_DEFINE([USE_PIPES])
881 AC_DEFINE([USE_PIPES])
882 AC_DEFINE([SSHD_ACQUIRES_CTTY])
883 AC_DEFINE([SETEUID_BREAKS_SETUID])
884 AC_DEFINE([BROKEN_SETREUID])
885 AC_DEFINE([BROKEN_SETREGID])
888 # /usr/ucblib MUST NOT be searched on ReliantUNIX
889 AC_CHECK_LIB([dl], [dlsym], ,)
890 # -lresolv needs to be at the end of LIBS or DNS lookups break
891 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
892 IPADDR_IN_DISPLAY=yes
893 AC_DEFINE([USE_PIPES])
894 AC_DEFINE([IP_TOS_IS_BROKEN])
895 AC_DEFINE([SETEUID_BREAKS_SETUID])
896 AC_DEFINE([BROKEN_SETREUID])
897 AC_DEFINE([BROKEN_SETREGID])
898 AC_DEFINE([SSHD_ACQUIRES_CTTY])
899 external_path_file=/etc/default/login
900 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
901 # Attention: always take care to bind libsocket and libnsl before libc,
902 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
904 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
906 AC_DEFINE([USE_PIPES])
907 AC_DEFINE([SETEUID_BREAKS_SETUID])
908 AC_DEFINE([BROKEN_SETREUID])
909 AC_DEFINE([BROKEN_SETREGID])
910 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
911 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
912 TEST_SHELL=$SHELL # let configure find us a capable shell
914 # UnixWare 7.x, OpenUNIX 8
916 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
917 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
918 AC_DEFINE([USE_PIPES])
919 AC_DEFINE([SETEUID_BREAKS_SETUID])
920 AC_DEFINE([BROKEN_GETADDRINFO])
921 AC_DEFINE([BROKEN_SETREUID])
922 AC_DEFINE([BROKEN_SETREGID])
923 AC_DEFINE([PASSWD_NEEDS_USERNAME])
924 TEST_SHELL=$SHELL # let configure find us a capable shell
926 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
927 maildir=/var/spool/mail
928 AC_DEFINE([BROKEN_LIBIAF], [1],
929 [ia_uinfo routines not supported by OS yet])
930 AC_DEFINE([BROKEN_UPDWTMPX])
931 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
932 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
933 AC_DEFINE([HAVE_SECUREWARE])
934 AC_DEFINE([DISABLE_SHADOW])
937 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
938 check_for_libcrypt_later=1
944 # SCO UNIX and OEM versions of SCO UNIX
946 AC_MSG_ERROR("This Platform is no longer supported.")
950 if test -z "$GCC"; then
951 CFLAGS="$CFLAGS -belf"
953 LIBS="$LIBS -lprot -lx -ltinfo -lm"
955 AC_DEFINE([USE_PIPES])
956 AC_DEFINE([HAVE_SECUREWARE])
957 AC_DEFINE([DISABLE_SHADOW])
958 AC_DEFINE([DISABLE_FD_PASSING])
959 AC_DEFINE([SETEUID_BREAKS_SETUID])
960 AC_DEFINE([BROKEN_GETADDRINFO])
961 AC_DEFINE([BROKEN_SETREUID])
962 AC_DEFINE([BROKEN_SETREGID])
963 AC_DEFINE([WITH_ABBREV_NO_TTY])
964 AC_DEFINE([BROKEN_UPDWTMPX])
965 AC_DEFINE([PASSWD_NEEDS_USERNAME])
966 AC_CHECK_FUNCS([getluid setluid])
968 TEST_SHELL=$SHELL # let configure find us a capable shell
969 SKIP_DISABLE_LASTLOG_DEFINE=yes
972 AC_DEFINE([NO_SSH_LASTLOG], [1],
973 [Define if you don't want to use lastlog in session.c])
974 AC_DEFINE([SETEUID_BREAKS_SETUID])
975 AC_DEFINE([BROKEN_SETREUID])
976 AC_DEFINE([BROKEN_SETREGID])
977 AC_DEFINE([USE_PIPES])
978 AC_DEFINE([DISABLE_FD_PASSING])
980 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
984 AC_DEFINE([SETEUID_BREAKS_SETUID])
985 AC_DEFINE([BROKEN_SETREUID])
986 AC_DEFINE([BROKEN_SETREGID])
987 AC_DEFINE([WITH_ABBREV_NO_TTY])
988 AC_DEFINE([USE_PIPES])
989 AC_DEFINE([DISABLE_FD_PASSING])
991 LIBS="$LIBS -lgen -lacid -ldb"
995 AC_DEFINE([SETEUID_BREAKS_SETUID])
996 AC_DEFINE([BROKEN_SETREUID])
997 AC_DEFINE([BROKEN_SETREGID])
998 AC_DEFINE([USE_PIPES])
999 AC_DEFINE([DISABLE_FD_PASSING])
1000 AC_DEFINE([NO_SSH_LASTLOG])
1001 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1002 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1006 AC_MSG_CHECKING([for Digital Unix SIA])
1008 AC_ARG_WITH([osfsia],
1009 [ --with-osfsia Enable Digital Unix SIA],
1011 if test "x$withval" = "xno" ; then
1012 AC_MSG_RESULT([disabled])
1017 if test -z "$no_osfsia" ; then
1018 if test -f /etc/sia/matrix.conf; then
1019 AC_MSG_RESULT([yes])
1020 AC_DEFINE([HAVE_OSF_SIA], [1],
1021 [Define if you have Digital Unix Security
1022 Integration Architecture])
1023 AC_DEFINE([DISABLE_LOGIN], [1],
1024 [Define if you don't want to use your
1025 system's login() call])
1026 AC_DEFINE([DISABLE_FD_PASSING])
1027 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1031 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1032 [String used in /etc/passwd to denote locked account])
1035 AC_DEFINE([BROKEN_GETADDRINFO])
1036 AC_DEFINE([SETEUID_BREAKS_SETUID])
1037 AC_DEFINE([BROKEN_SETREUID])
1038 AC_DEFINE([BROKEN_SETREGID])
1039 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1043 AC_DEFINE([USE_PIPES])
1044 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1045 AC_DEFINE([DISABLE_LASTLOG])
1046 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1047 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1048 enable_etc_default_login=no # has incompatible /etc/default/login
1051 AC_DEFINE([DISABLE_FD_PASSING])
1057 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1058 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1059 AC_DEFINE([NEED_SETPGRP])
1060 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1064 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1065 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1069 AC_MSG_CHECKING([compiler and flags for sanity])
1070 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1071 [ AC_MSG_RESULT([yes]) ],
1074 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1076 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1079 dnl Checks for header files.
1080 # Checks for libraries.
1081 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
1082 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1084 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1085 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1086 AC_CHECK_LIB([gen], [dirname], [
1087 AC_CACHE_CHECK([for broken dirname],
1088 ac_cv_have_broken_dirname, [
1096 int main(int argc, char **argv) {
1099 strncpy(buf,"/etc", 32);
1101 if (!s || strncmp(s, "/", 32) != 0) {
1108 [ ac_cv_have_broken_dirname="no" ],
1109 [ ac_cv_have_broken_dirname="yes" ],
1110 [ ac_cv_have_broken_dirname="no" ],
1114 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1116 AC_DEFINE([HAVE_DIRNAME])
1117 AC_CHECK_HEADERS([libgen.h])
1122 AC_CHECK_FUNC([getspnam], ,
1123 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1124 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1125 [Define if you have the basename function.])])
1127 dnl zlib is required
1129 [ --with-zlib=PATH Use zlib in PATH],
1130 [ if test "x$withval" = "xno" ; then
1131 AC_MSG_ERROR([*** zlib is required ***])
1132 elif test "x$withval" != "xyes"; then
1133 if test -d "$withval/lib"; then
1134 if test -n "${need_dash_r}"; then
1135 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1137 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1140 if test -n "${need_dash_r}"; then
1141 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1143 LDFLAGS="-L${withval} ${LDFLAGS}"
1146 if test -d "$withval/include"; then
1147 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1149 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1154 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1155 AC_CHECK_LIB([z], [deflate], ,
1157 saved_CPPFLAGS="$CPPFLAGS"
1158 saved_LDFLAGS="$LDFLAGS"
1160 dnl Check default zlib install dir
1161 if test -n "${need_dash_r}"; then
1162 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1164 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1166 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1168 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1170 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1176 AC_ARG_WITH([zlib-version-check],
1177 [ --without-zlib-version-check Disable zlib version check],
1178 [ if test "x$withval" = "xno" ; then
1179 zlib_check_nonfatal=1
1184 AC_MSG_CHECKING([for possibly buggy zlib])
1185 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1191 int a=0, b=0, c=0, d=0, n, v;
1192 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1193 if (n != 3 && n != 4)
1195 v = a*1000000 + b*10000 + c*100 + d;
1196 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1199 if (a == 1 && b == 1 && c >= 4)
1202 /* 1.2.3 and up are OK */
1208 AC_MSG_RESULT([no]),
1209 [ AC_MSG_RESULT([yes])
1210 if test -z "$zlib_check_nonfatal" ; then
1211 AC_MSG_ERROR([*** zlib too old - check config.log ***
1212 Your reported zlib version has known security problems. It's possible your
1213 vendor has fixed these problems without changing the version number. If you
1214 are sure this is the case, you can disable the check by running
1215 "./configure --without-zlib-version-check".
1216 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1217 See http://www.gzip.org/zlib/ for details.])
1219 AC_MSG_WARN([zlib version may have security problems])
1222 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1226 AC_CHECK_FUNC([strcasecmp],
1227 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1229 AC_CHECK_FUNCS([utimes],
1230 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1231 LIBS="$LIBS -lc89"]) ]
1234 dnl Checks for libutil functions
1235 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1236 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1237 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1238 AC_SEARCH_LIBS([login], [util bsd])
1239 AC_SEARCH_LIBS([logout], [util bsd])
1240 AC_SEARCH_LIBS([logwtmp], [util bsd])
1241 AC_SEARCH_LIBS([openpty], [util bsd])
1242 AC_SEARCH_LIBS([updwtmp], [util bsd])
1243 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1245 # On some platforms, inet_ntop may be found in libresolv or libnsl.
1246 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1250 # Check for ALTDIRFUNC glob() extension
1251 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1252 AC_EGREP_CPP([FOUNDIT],
1255 #ifdef GLOB_ALTDIRFUNC
1260 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1261 [Define if your system glob() function has
1262 the GLOB_ALTDIRFUNC extension])
1263 AC_MSG_RESULT([yes])
1270 # Check for g.gl_matchc glob() extension
1271 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1272 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1273 [[ glob_t g; g.gl_matchc = 1; ]])],
1275 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1276 [Define if your system glob() function has
1277 gl_matchc options in glob_t])
1278 AC_MSG_RESULT([yes])
1283 # Check for g.gl_statv glob() extension
1284 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1285 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1286 #ifndef GLOB_KEEPSTAT
1287 #error "glob does not support GLOB_KEEPSTAT extension"
1293 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1294 [Define if your system glob() function has
1295 gl_statv options in glob_t])
1296 AC_MSG_RESULT([yes])
1302 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1304 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1307 #include <sys/types.h>
1308 #include <dirent.h>]],
1311 exit(sizeof(d.d_name)<=sizeof(char));
1313 [AC_MSG_RESULT([yes])],
1316 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1317 [Define if your struct dirent expects you to
1318 allocate extra space for d_name])
1321 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1322 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1326 AC_MSG_CHECKING([for /proc/pid/fd directory])
1327 if test -d "/proc/$$/fd" ; then
1328 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1329 AC_MSG_RESULT([yes])
1334 # Check whether user wants S/Key support
1337 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1339 if test "x$withval" != "xno" ; then
1341 if test "x$withval" != "xyes" ; then
1342 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1343 LDFLAGS="$LDFLAGS -L${withval}/lib"
1346 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1350 AC_MSG_CHECKING([for s/key support])
1356 char *ff = skey_keyinfo(""); ff="";
1359 [AC_MSG_RESULT([yes])],
1362 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1364 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1365 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1369 (void)skeychallenge(NULL,"name","",0);
1372 AC_MSG_RESULT([yes])
1373 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1374 [Define if your skeychallenge()
1375 function takes 4 arguments (NetBSD)])],
1383 # Check whether user wants TCP wrappers support
1385 AC_ARG_WITH([tcp-wrappers],
1386 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1388 if test "x$withval" != "xno" ; then
1390 saved_LDFLAGS="$LDFLAGS"
1391 saved_CPPFLAGS="$CPPFLAGS"
1392 if test -n "${withval}" && \
1393 test "x${withval}" != "xyes"; then
1394 if test -d "${withval}/lib"; then
1395 if test -n "${need_dash_r}"; then
1396 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1398 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1401 if test -n "${need_dash_r}"; then
1402 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1404 LDFLAGS="-L${withval} ${LDFLAGS}"
1407 if test -d "${withval}/include"; then
1408 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1410 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1414 AC_MSG_CHECKING([for libwrap])
1415 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1416 #include <sys/types.h>
1417 #include <sys/socket.h>
1418 #include <netinet/in.h>
1420 int deny_severity = 0, allow_severity = 0;
1424 AC_MSG_RESULT([yes])
1425 AC_DEFINE([LIBWRAP], [1],
1427 TCP Wrappers support])
1428 SSHDLIBS="$SSHDLIBS -lwrap"
1431 AC_MSG_ERROR([*** libwrap missing])
1439 # Check whether user wants to use ldns
1442 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1444 if test "x$withval" != "xno" ; then
1446 if test "x$withval" != "xyes" ; then
1447 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1448 LDFLAGS="$LDFLAGS -L${withval}/lib"
1451 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1455 AC_MSG_CHECKING([for ldns support])
1461 #include <ldns/ldns.h>
1462 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1465 [AC_MSG_RESULT(yes)],
1468 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1474 # Check whether user wants libedit support
1476 AC_ARG_WITH([libedit],
1477 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1478 [ if test "x$withval" != "xno" ; then
1479 if test "x$withval" = "xyes" ; then
1480 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1481 if test "x$PKGCONFIG" != "xno"; then
1482 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1483 if "$PKGCONFIG" libedit; then
1484 AC_MSG_RESULT([yes])
1485 use_pkgconfig_for_libedit=yes
1491 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1492 if test -n "${need_dash_r}"; then
1493 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1495 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1498 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1499 LIBEDIT=`$PKGCONFIG --libs libedit`
1500 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1502 LIBEDIT="-ledit -lcurses"
1504 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1505 AC_CHECK_LIB([edit], [el_init],
1506 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1510 [ AC_MSG_ERROR([libedit not found]) ],
1513 AC_MSG_CHECKING([if libedit version is compatible])
1515 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1518 el_init("", NULL, NULL, NULL);
1521 [ AC_MSG_RESULT([yes]) ],
1522 [ AC_MSG_RESULT([no])
1523 AC_MSG_ERROR([libedit version is not compatible]) ]
1529 AC_ARG_WITH([audit],
1530 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1532 AC_MSG_CHECKING([for supported audit module])
1535 AC_MSG_RESULT([bsm])
1537 dnl Checks for headers, libs and functions
1538 AC_CHECK_HEADERS([bsm/audit.h], [],
1539 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1546 AC_CHECK_LIB([bsm], [getaudit], [],
1547 [AC_MSG_ERROR([BSM enabled and required library not found])])
1548 AC_CHECK_FUNCS([getaudit], [],
1549 [AC_MSG_ERROR([BSM enabled and required function not found])])
1550 # These are optional
1551 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1552 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1553 if test "$sol2ver" -ge 11; then
1554 SSHDLIBS="$SSHDLIBS -lscf"
1555 AC_DEFINE([BROKEN_BSM_API], [1],
1556 [The system has incomplete BSM API])
1560 AC_MSG_RESULT([linux])
1562 dnl Checks for headers, libs and functions
1563 AC_CHECK_HEADERS([libaudit.h])
1564 SSHDLIBS="$SSHDLIBS -laudit"
1565 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1569 AC_MSG_RESULT([debug])
1570 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1576 AC_MSG_ERROR([Unknown audit module $withval])
1582 [ --with-pie Build Position Independent Executables if possible], [
1583 if test "x$withval" = "xno"; then
1586 if test "x$withval" = "xyes"; then
1591 if test "x$use_pie" = "x"; then
1594 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1595 # Turn off automatic PIE when toolchain hardening is off.
1598 if test "x$use_pie" = "xauto"; then
1599 # Automatic PIE requires gcc >= 4.x
1600 AC_MSG_CHECKING([for gcc >= 4.x])
1601 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1602 #if !defined(__GNUC__) || __GNUC__ < 4
1603 #error gcc is too old
1606 [ AC_MSG_RESULT([yes]) ],
1607 [ AC_MSG_RESULT([no])
1611 if test "x$use_pie" != "xno"; then
1612 SAVED_CFLAGS="$CFLAGS"
1613 SAVED_LDFLAGS="$LDFLAGS"
1614 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1615 OSSH_CHECK_LDFLAG_LINK([-pie])
1616 # We use both -fPIE and -pie or neither.
1617 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1618 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1619 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1620 AC_MSG_RESULT([yes])
1623 CFLAGS="$SAVED_CFLAGS"
1624 LDFLAGS="$SAVED_LDFLAGS"
1628 dnl Checks for library functions. Please keep in alphabetical order
1630 Blowfish_initstate \
1631 Blowfish_expandstate \
1632 Blowfish_expand0state \
1633 Blowfish_stream2word \
1637 arc4random_uniform \
1745 [[ #include <ctype.h> ]],
1746 [[ return (isblank('a')); ]])],
1747 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1750 # PKCS#11 support requires dlopen() and co
1751 AC_SEARCH_LIBS([dlopen], [dl],
1752 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1755 # IRIX has a const char return value for gai_strerror()
1756 AC_CHECK_FUNCS([gai_strerror], [
1757 AC_DEFINE([HAVE_GAI_STRERROR])
1758 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1759 #include <sys/types.h>
1760 #include <sys/socket.h>
1763 const char *gai_strerror(int);
1766 str = gai_strerror(0);
1768 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1769 [Define if gai_strerror() returns const char *])], [])])
1771 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1772 [Some systems put nanosleep outside of libc])])
1774 AC_SEARCH_LIBS([clock_gettime], [rt],
1775 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1777 dnl Make sure prototypes are defined for these before using them.
1778 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1779 AC_CHECK_DECL([strsep],
1780 [AC_CHECK_FUNCS([strsep])],
1783 #ifdef HAVE_STRING_H
1784 # include <string.h>
1788 dnl tcsendbreak might be a macro
1789 AC_CHECK_DECL([tcsendbreak],
1790 [AC_DEFINE([HAVE_TCSENDBREAK])],
1791 [AC_CHECK_FUNCS([tcsendbreak])],
1792 [#include <termios.h>]
1795 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1797 AC_CHECK_DECLS([SHUT_RD], , ,
1799 #include <sys/types.h>
1800 #include <sys/socket.h>
1803 AC_CHECK_DECLS([O_NONBLOCK], , ,
1805 #include <sys/types.h>
1806 #ifdef HAVE_SYS_STAT_H
1807 # include <sys/stat.h>
1814 AC_CHECK_DECLS([writev], , , [
1815 #include <sys/types.h>
1816 #include <sys/uio.h>
1820 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1821 #include <sys/param.h>
1824 AC_CHECK_DECLS([offsetof], , , [
1828 # extra bits for select(2)
1829 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1830 #include <sys/param.h>
1831 #include <sys/types.h>
1832 #ifdef HAVE_SYS_SYSMACROS_H
1833 #include <sys/sysmacros.h>
1835 #ifdef HAVE_SYS_SELECT_H
1836 #include <sys/select.h>
1838 #ifdef HAVE_SYS_TIME_H
1839 #include <sys/time.h>
1841 #ifdef HAVE_UNISTD_H
1845 AC_CHECK_TYPES([fd_mask], [], [], [[
1846 #include <sys/param.h>
1847 #include <sys/types.h>
1848 #ifdef HAVE_SYS_SELECT_H
1849 #include <sys/select.h>
1851 #ifdef HAVE_SYS_TIME_H
1852 #include <sys/time.h>
1854 #ifdef HAVE_UNISTD_H
1859 AC_CHECK_FUNCS([setresuid], [
1860 dnl Some platorms have setresuid that isn't implemented, test for this
1861 AC_MSG_CHECKING([if setresuid seems to work])
1874 [AC_MSG_RESULT([yes])],
1875 [AC_DEFINE([BROKEN_SETRESUID], [1],
1876 [Define if your setresuid() is broken])
1877 AC_MSG_RESULT([not implemented])],
1878 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1882 AC_CHECK_FUNCS([setresgid], [
1883 dnl Some platorms have setresgid that isn't implemented, test for this
1884 AC_MSG_CHECKING([if setresgid seems to work])
1897 [AC_MSG_RESULT([yes])],
1898 [AC_DEFINE([BROKEN_SETRESGID], [1],
1899 [Define if your setresgid() is broken])
1900 AC_MSG_RESULT([not implemented])],
1901 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1905 dnl Checks for time functions
1906 AC_CHECK_FUNCS([gettimeofday time])
1907 dnl Checks for utmp functions
1908 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1909 AC_CHECK_FUNCS([utmpname])
1910 dnl Checks for utmpx functions
1911 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1912 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1913 dnl Checks for lastlog functions
1914 AC_CHECK_FUNCS([getlastlogxbyname])
1916 AC_CHECK_FUNC([daemon],
1917 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1918 [AC_CHECK_LIB([bsd], [daemon],
1919 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1922 AC_CHECK_FUNC([getpagesize],
1923 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1924 [Define if your libraries define getpagesize()])],
1925 [AC_CHECK_LIB([ucb], [getpagesize],
1926 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1929 # Check for broken snprintf
1930 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1931 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1933 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1936 snprintf(b,5,"123456789");
1939 [AC_MSG_RESULT([yes])],
1942 AC_DEFINE([BROKEN_SNPRINTF], [1],
1943 [Define if your snprintf is busted])
1944 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1946 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1950 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1951 # returning the right thing on overflow: the number of characters it tried to
1952 # create (as per SUSv3)
1953 if test "x$ac_cv_func_asprintf" != "xyes" && \
1954 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1955 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1958 #include <sys/types.h>
1962 int x_snprintf(char *str,size_t count,const char *fmt,...)
1964 size_t ret; va_list ap;
1965 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1970 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1972 [AC_MSG_RESULT([yes])],
1975 AC_DEFINE([BROKEN_SNPRINTF], [1],
1976 [Define if your snprintf is busted])
1977 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1979 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1983 # On systems where [v]snprintf is broken, but is declared in stdio,
1984 # check that the fmt argument is const char * or just char *.
1985 # This is only useful for when BROKEN_SNPRINTF
1986 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1987 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1989 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1993 [AC_MSG_RESULT([yes])
1994 AC_DEFINE([SNPRINTF_CONST], [const],
1995 [Define as const if snprintf() can declare const char *fmt])],
1996 [AC_MSG_RESULT([no])
1997 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
1999 # Check for missing getpeereid (or equiv) support
2001 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2002 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2003 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2004 #include <sys/types.h>
2005 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2006 [ AC_MSG_RESULT([yes])
2007 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2008 ], [AC_MSG_RESULT([no])
2013 dnl see whether mkstemp() requires XXXXXX
2014 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2015 AC_MSG_CHECKING([for (overly) strict mkstemp])
2020 char template[]="conftest.mkstemp-test";
2021 if (mkstemp(template) == -1)
2030 AC_MSG_RESULT([yes])
2031 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2034 AC_MSG_RESULT([yes])
2035 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2040 dnl make sure that openpty does not reacquire controlling terminal
2041 if test ! -z "$check_for_openpty_ctty_bug"; then
2042 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2046 #include <sys/fcntl.h>
2047 #include <sys/types.h>
2048 #include <sys/wait.h>
2051 int fd, ptyfd, ttyfd, status;
2054 if (pid < 0) { /* failed */
2056 } else if (pid > 0) { /* parent */
2057 waitpid(pid, &status, 0);
2058 if (WIFEXITED(status))
2059 exit(WEXITSTATUS(status));
2062 } else { /* child */
2063 close(0); close(1); close(2);
2065 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2066 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2068 exit(3); /* Acquired ctty: broken */
2070 exit(0); /* Did not acquire ctty: OK */
2074 AC_MSG_RESULT([yes])
2078 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2081 AC_MSG_RESULT([cross-compiling, assuming yes])
2086 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2087 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2088 AC_MSG_CHECKING([if getaddrinfo seems to work])
2092 #include <sys/socket.h>
2095 #include <netinet/in.h>
2097 #define TEST_PORT "2222"
2100 struct addrinfo *gai_ai, *ai, hints;
2101 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2103 memset(&hints, 0, sizeof(hints));
2104 hints.ai_family = PF_UNSPEC;
2105 hints.ai_socktype = SOCK_STREAM;
2106 hints.ai_flags = AI_PASSIVE;
2108 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2110 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2114 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2115 if (ai->ai_family != AF_INET6)
2118 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2119 sizeof(ntop), strport, sizeof(strport),
2120 NI_NUMERICHOST|NI_NUMERICSERV);
2123 if (err == EAI_SYSTEM)
2124 perror("getnameinfo EAI_SYSTEM");
2126 fprintf(stderr, "getnameinfo failed: %s\n",
2131 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2134 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2142 AC_MSG_RESULT([yes])
2146 AC_DEFINE([BROKEN_GETADDRINFO])
2149 AC_MSG_RESULT([cross-compiling, assuming yes])
2154 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2155 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2156 AC_MSG_CHECKING([if getaddrinfo seems to work])
2160 #include <sys/socket.h>
2163 #include <netinet/in.h>
2165 #define TEST_PORT "2222"
2168 struct addrinfo *gai_ai, *ai, hints;
2169 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2171 memset(&hints, 0, sizeof(hints));
2172 hints.ai_family = PF_UNSPEC;
2173 hints.ai_socktype = SOCK_STREAM;
2174 hints.ai_flags = AI_PASSIVE;
2176 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2178 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2182 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2183 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2186 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2187 sizeof(ntop), strport, sizeof(strport),
2188 NI_NUMERICHOST|NI_NUMERICSERV);
2190 if (ai->ai_family == AF_INET && err != 0) {
2191 perror("getnameinfo");
2198 AC_MSG_RESULT([yes])
2199 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2200 [Define if you have a getaddrinfo that fails
2201 for the all-zeros IPv6 address])
2205 AC_DEFINE([BROKEN_GETADDRINFO])
2208 AC_MSG_RESULT([cross-compiling, assuming no])
2213 if test "x$check_for_conflicting_getspnam" = "x1"; then
2214 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2215 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2221 AC_MSG_RESULT([yes])
2222 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2223 [Conflicting defs for getspnam])
2230 # Search for OpenSSL
2231 saved_CPPFLAGS="$CPPFLAGS"
2232 saved_LDFLAGS="$LDFLAGS"
2233 AC_ARG_WITH([ssl-dir],
2234 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2236 if test "x$withval" != "xno" ; then
2239 ./*|../*) withval="`pwd`/$withval"
2241 if test -d "$withval/lib"; then
2242 if test -n "${need_dash_r}"; then
2243 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2245 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2247 elif test -d "$withval/lib64"; then
2248 if test -n "${need_dash_r}"; then
2249 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2251 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2254 if test -n "${need_dash_r}"; then
2255 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2257 LDFLAGS="-L${withval} ${LDFLAGS}"
2260 if test -d "$withval/include"; then
2261 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2263 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2268 LIBS="-lcrypto $LIBS"
2269 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2270 [Define if your ssl headers are included
2271 with #include <openssl/header.h>])],
2273 dnl Check default openssl install dir
2274 if test -n "${need_dash_r}"; then
2275 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2277 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2279 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2280 AC_CHECK_HEADER([openssl/opensslv.h], ,
2281 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2282 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2284 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2290 # Determine OpenSSL header version
2291 AC_MSG_CHECKING([OpenSSL header version])
2296 #include <openssl/opensslv.h>
2297 #define DATA "conftest.sslincver"
2302 fd = fopen(DATA,"w");
2306 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2312 ssl_header_ver=`cat conftest.sslincver`
2313 AC_MSG_RESULT([$ssl_header_ver])
2316 AC_MSG_RESULT([not found])
2317 AC_MSG_ERROR([OpenSSL version header not found.])
2320 AC_MSG_WARN([cross compiling: not checking])
2324 # Determine OpenSSL library version
2325 AC_MSG_CHECKING([OpenSSL library version])
2330 #include <openssl/opensslv.h>
2331 #include <openssl/crypto.h>
2332 #define DATA "conftest.ssllibver"
2337 fd = fopen(DATA,"w");
2341 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2347 ssl_library_ver=`cat conftest.ssllibver`
2348 AC_MSG_RESULT([$ssl_library_ver])
2351 AC_MSG_RESULT([not found])
2352 AC_MSG_ERROR([OpenSSL library not found.])
2355 AC_MSG_WARN([cross compiling: not checking])
2359 AC_ARG_WITH([openssl-header-check],
2360 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2361 [ if test "x$withval" = "xno" ; then
2362 openssl_check_nonfatal=1
2367 # Sanity check OpenSSL headers
2368 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2372 #include <openssl/opensslv.h>
2374 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2377 AC_MSG_RESULT([yes])
2381 if test "x$openssl_check_nonfatal" = "x"; then
2382 AC_MSG_ERROR([Your OpenSSL headers do not match your
2383 library. Check config.log for details.
2384 If you are sure your installation is consistent, you can disable the check
2385 by running "./configure --without-openssl-header-check".
2386 Also see contrib/findssl.sh for help identifying header/library mismatches.
2389 AC_MSG_WARN([Your OpenSSL headers do not match your
2390 library. Check config.log for details.
2391 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2395 AC_MSG_WARN([cross compiling: not checking])
2399 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2401 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2402 [[ SSLeay_add_all_algorithms(); ]])],
2404 AC_MSG_RESULT([yes])
2410 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2412 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2413 [[ SSLeay_add_all_algorithms(); ]])],
2415 AC_MSG_RESULT([yes])
2427 DSA_generate_parameters_ex \
2429 EVP_DigestFinal_ex \
2431 EVP_MD_CTX_cleanup \
2433 RSA_generate_key_ex \
2434 RSA_get_default_method \
2437 AC_ARG_WITH([ssl-engine],
2438 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2439 [ if test "x$withval" != "xno" ; then
2440 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2442 #include <openssl/engine.h>
2444 ENGINE_load_builtin_engines();
2445 ENGINE_register_all_complete();
2447 [ AC_MSG_RESULT([yes])
2448 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2449 [Enable OpenSSL engine support])
2450 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2455 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2456 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2460 #include <openssl/evp.h>
2462 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2468 AC_MSG_RESULT([yes])
2469 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2470 [libcrypto is missing AES 192 and 256 bit functions])
2474 # Check for OpenSSL with EVP_aes_*ctr
2475 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2479 #include <openssl/evp.h>
2481 exit(EVP_aes_128_ctr() == NULL ||
2482 EVP_aes_192_cbc() == NULL ||
2483 EVP_aes_256_cbc() == NULL);
2486 AC_MSG_RESULT([yes])
2487 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2488 [libcrypto has EVP AES CTR])
2495 # Check for OpenSSL with EVP_aes_*gcm
2496 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2500 #include <openssl/evp.h>
2502 exit(EVP_aes_128_gcm() == NULL ||
2503 EVP_aes_256_gcm() == NULL ||
2504 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2505 EVP_CTRL_GCM_IV_GEN == 0 ||
2506 EVP_CTRL_GCM_SET_TAG == 0 ||
2507 EVP_CTRL_GCM_GET_TAG == 0 ||
2508 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2511 AC_MSG_RESULT([yes])
2512 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2513 [libcrypto has EVP AES GCM])
2517 unsupported_algorithms="$unsupported_cipers \
2518 aes128-gcm@openssh.com aes256-gcm@openssh.com"
2522 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2523 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2524 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2526 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2530 #include <openssl/evp.h>
2532 if(EVP_DigestUpdate(NULL, NULL,0))
2536 AC_MSG_RESULT([yes])
2540 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2541 [Define if EVP_DigestUpdate returns void])
2545 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2546 # because the system crypt() is more featureful.
2547 if test "x$check_for_libcrypt_before" = "x1"; then
2548 AC_CHECK_LIB([crypt], [crypt])
2551 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2552 # version in OpenSSL.
2553 if test "x$check_for_libcrypt_later" = "x1"; then
2554 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2556 AC_CHECK_FUNCS([crypt DES_crypt])
2558 # Search for SHA256 support in libc and/or OpenSSL
2559 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2560 [unsupported_algorithms="$unsupported_algorithms \
2561 hmac-sha2-256 hmac-sha2-512 \
2562 diffie-hellman-group-exchange-sha256 \
2563 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
2567 # Check complete ECC support in OpenSSL
2568 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2571 #include <openssl/ec.h>
2572 #include <openssl/ecdh.h>
2573 #include <openssl/ecdsa.h>
2574 #include <openssl/evp.h>
2575 #include <openssl/objects.h>
2576 #include <openssl/opensslv.h>
2577 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2578 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2581 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2582 const EVP_MD *m = EVP_sha256(); /* We need this too */
2584 [ AC_MSG_RESULT([yes])
2585 enable_nistp256=1 ],
2586 [ AC_MSG_RESULT([no]) ]
2589 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2592 #include <openssl/ec.h>
2593 #include <openssl/ecdh.h>
2594 #include <openssl/ecdsa.h>
2595 #include <openssl/evp.h>
2596 #include <openssl/objects.h>
2597 #include <openssl/opensslv.h>
2598 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2599 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2602 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2603 const EVP_MD *m = EVP_sha384(); /* We need this too */
2605 [ AC_MSG_RESULT([yes])
2606 enable_nistp384=1 ],
2607 [ AC_MSG_RESULT([no]) ]
2610 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2613 #include <openssl/ec.h>
2614 #include <openssl/ecdh.h>
2615 #include <openssl/ecdsa.h>
2616 #include <openssl/evp.h>
2617 #include <openssl/objects.h>
2618 #include <openssl/opensslv.h>
2619 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2620 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2623 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2624 const EVP_MD *m = EVP_sha512(); /* We need this too */
2626 [ AC_MSG_RESULT([yes])
2627 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2630 #include <openssl/ec.h>
2631 #include <openssl/ecdh.h>
2632 #include <openssl/ecdsa.h>
2633 #include <openssl/evp.h>
2634 #include <openssl/objects.h>
2635 #include <openssl/opensslv.h>
2637 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2638 const EVP_MD *m = EVP_sha512(); /* We need this too */
2639 exit(e == NULL || m == NULL);
2641 [ AC_MSG_RESULT([yes])
2642 enable_nistp521=1 ],
2643 [ AC_MSG_RESULT([no]) ],
2644 [ AC_MSG_WARN([cross-compiling: assuming yes])
2650 COMMENT_OUT_ECC="#no ecc#"
2653 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2654 test x$enable_nistp521 = x1; then
2655 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2657 if test x$enable_nistp256 = x1; then
2658 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2659 [libcrypto has NID_X9_62_prime256v1])
2663 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \
2664 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2666 if test x$enable_nistp384 = x1; then
2667 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2671 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \
2672 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2674 if test x$enable_nistp521 = x1; then
2675 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2679 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \
2680 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2683 AC_SUBST([TEST_SSH_ECC])
2684 AC_SUBST([COMMENT_OUT_ECC])
2687 AC_CHECK_LIB([iaf], [ia_openinfo], [
2689 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2690 AC_DEFINE([HAVE_LIBIAF], [1],
2691 [Define if system has libiaf that supports set_id])
2696 ### Configure cryptographic random number support
2698 # Check wheter OpenSSL seeds itself
2699 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2703 #include <openssl/rand.h>
2705 exit(RAND_status() == 1 ? 0 : 1);
2708 OPENSSL_SEEDS_ITSELF=yes
2709 AC_MSG_RESULT([yes])
2715 AC_MSG_WARN([cross compiling: assuming yes])
2716 # This is safe, since we will fatal() at runtime if
2717 # OpenSSL is not seeded correctly.
2718 OPENSSL_SEEDS_ITSELF=yes
2723 AC_ARG_WITH([prngd-port],
2724 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2733 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2736 if test ! -z "$withval" ; then
2737 PRNGD_PORT="$withval"
2738 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2739 [Port number of PRNGD/EGD random number socket])
2744 # PRNGD Unix domain socket
2745 AC_ARG_WITH([prngd-socket],
2746 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2750 withval="/var/run/egd-pool"
2758 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2762 if test ! -z "$withval" ; then
2763 if test ! -z "$PRNGD_PORT" ; then
2764 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2766 if test ! -r "$withval" ; then
2767 AC_MSG_WARN([Entropy socket is not readable])
2769 PRNGD_SOCKET="$withval"
2770 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2771 [Location of PRNGD/EGD random number socket])
2775 # Check for existing socket only if we don't have a random device already
2776 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2777 AC_MSG_CHECKING([for PRNGD/EGD socket])
2778 # Insert other locations here
2779 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2780 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2781 PRNGD_SOCKET="$sock"
2782 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2786 if test ! -z "$PRNGD_SOCKET" ; then
2787 AC_MSG_RESULT([$PRNGD_SOCKET])
2789 AC_MSG_RESULT([not found])
2795 # Which randomness source do we use?
2796 if test ! -z "$PRNGD_PORT" ; then
2797 RAND_MSG="PRNGd port $PRNGD_PORT"
2798 elif test ! -z "$PRNGD_SOCKET" ; then
2799 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2800 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2801 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2802 [Define if you want OpenSSL's internally seeded PRNG only])
2803 RAND_MSG="OpenSSL internal ONLY"
2805 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2808 # Check for PAM libs
2811 [ --with-pam Enable PAM support ],
2813 if test "x$withval" != "xno" ; then
2814 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2815 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2816 AC_MSG_ERROR([PAM headers not found])
2820 AC_CHECK_LIB([dl], [dlopen], , )
2821 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2822 AC_CHECK_FUNCS([pam_getenvlist])
2823 AC_CHECK_FUNCS([pam_putenv])
2828 SSHDLIBS="$SSHDLIBS -lpam"
2829 AC_DEFINE([USE_PAM], [1],
2830 [Define if you want to enable PAM support])
2832 if test $ac_cv_lib_dl_dlopen = yes; then
2835 # libdl already in LIBS
2838 SSHDLIBS="$SSHDLIBS -ldl"
2846 # Check for older PAM
2847 if test "x$PAM_MSG" = "xyes" ; then
2848 # Check PAM strerror arguments (old PAM)
2849 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2850 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2852 #if defined(HAVE_SECURITY_PAM_APPL_H)
2853 #include <security/pam_appl.h>
2854 #elif defined (HAVE_PAM_PAM_APPL_H)
2855 #include <pam/pam_appl.h>
2858 (void)pam_strerror((pam_handle_t *)NULL, -1);
2859 ]])], [AC_MSG_RESULT([no])], [
2860 AC_DEFINE([HAVE_OLD_PAM], [1],
2861 [Define if you have an old version of PAM
2862 which takes only one argument to pam_strerror])
2863 AC_MSG_RESULT([yes])
2864 PAM_MSG="yes (old library)"
2869 SSH_PRIVSEP_USER=sshd
2870 AC_ARG_WITH([privsep-user],
2871 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2873 if test -n "$withval" && test "x$withval" != "xno" && \
2874 test "x${withval}" != "xyes"; then
2875 SSH_PRIVSEP_USER=$withval
2879 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2880 [non-privileged user for privilege separation])
2881 AC_SUBST([SSH_PRIVSEP_USER])
2883 if test "x$have_linux_no_new_privs" = "x1" ; then
2884 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
2885 #include <sys/types.h>
2886 #include <linux/seccomp.h>
2889 if test "x$have_seccomp_filter" = "x1" ; then
2890 AC_MSG_CHECKING([kernel for seccomp_filter support])
2891 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
2894 #include <linux/audit.h>
2895 #include <linux/seccomp.h>
2897 #include <sys/prctl.h>
2899 [[ int i = $seccomp_audit_arch;
2901 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
2902 exit(errno == EFAULT ? 0 : 1); ]])],
2903 [ AC_MSG_RESULT([yes]) ], [
2905 # Disable seccomp filter as a target
2906 have_seccomp_filter=0
2911 # Decide which sandbox style to use
2913 AC_ARG_WITH([sandbox],
2914 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)],
2916 if test "x$withval" = "xyes" ; then
2919 sandbox_arg="$withval"
2924 # Some platforms (seems to be the ones that have a kernel poll(2)-type
2925 # function with which they implement select(2)) use an extra file descriptor
2926 # when calling select(2), which means we can't use the rlimit sandbox.
2927 AC_MSG_CHECKING([if select works with descriptor rlimit])
2930 #include <sys/types.h>
2931 #ifdef HAVE_SYS_TIME_H
2932 # include <sys/time.h>
2934 #include <sys/resource.h>
2935 #ifdef HAVE_SYS_SELECT_H
2936 # include <sys/select.h>
2942 struct rlimit rl_zero;
2947 fd = open("/dev/null", O_RDONLY);
2950 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2951 setrlimit(RLIMIT_FSIZE, &rl_zero);
2952 setrlimit(RLIMIT_NOFILE, &rl_zero);
2955 r = select(fd+1, &fds, NULL, NULL, &tv);
2956 exit (r == -1 ? 1 : 0);
2958 [AC_MSG_RESULT([yes])
2959 select_works_with_rlimit=yes],
2960 [AC_MSG_RESULT([no])
2961 select_works_with_rlimit=no],
2962 [AC_MSG_WARN([cross compiling: assuming yes])]
2965 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
2968 #include <sys/types.h>
2969 #ifdef HAVE_SYS_TIME_H
2970 # include <sys/time.h>
2972 #include <sys/resource.h>
2976 struct rlimit rl_zero;
2980 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2981 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
2982 exit (r == -1 ? 1 : 0);
2984 [AC_MSG_RESULT([yes])
2985 rlimit_nofile_zero_works=yes],
2986 [AC_MSG_RESULT([no])
2987 rlimit_nofile_zero_works=no],
2988 [AC_MSG_WARN([cross compiling: assuming yes])]
2991 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
2994 #include <sys/types.h>
2995 #include <sys/resource.h>
2998 struct rlimit rl_zero;
3000 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3001 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3003 [AC_MSG_RESULT([yes])],
3004 [AC_MSG_RESULT([no])
3005 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3006 [setrlimit RLIMIT_FSIZE works])],
3007 [AC_MSG_WARN([cross compiling: assuming yes])]
3010 if test "x$sandbox_arg" = "xsystrace" || \
3011 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3012 test "x$have_systr_policy_kill" != "x1" && \
3013 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3014 SANDBOX_STYLE="systrace"
3015 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3016 elif test "x$sandbox_arg" = "xdarwin" || \
3017 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3018 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3019 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3020 "x$ac_cv_header_sandbox_h" != "xyes" && \
3021 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3022 SANDBOX_STYLE="darwin"
3023 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3024 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3025 ( test -z "$sandbox_arg" && \
3026 test "x$have_seccomp_filter" = "x1" && \
3027 test "x$ac_cv_header_elf_h" = "xyes" && \
3028 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3029 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3030 test "x$seccomp_audit_arch" != "x" && \
3031 test "x$have_linux_no_new_privs" = "x1" && \
3032 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3033 test "x$seccomp_audit_arch" = "x" && \
3034 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3035 test "x$have_linux_no_new_privs" != "x1" && \
3036 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3037 test "x$have_seccomp_filter" != "x1" && \
3038 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3039 test "x$ac_cv_func_prctl" != "xyes" && \
3040 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3041 SANDBOX_STYLE="seccomp_filter"
3042 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3043 elif test "x$sandbox_arg" = "xcapsicum" || \
3044 ( test -z "$sandbox_arg" && \
3045 test "x$ac_cv_header_sys_capability_h" = "xyes" && \
3046 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3047 test "x$ac_cv_header_sys_capability_h" != "xyes" && \
3048 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header])
3049 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3050 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3051 SANDBOX_STYLE="capsicum"
3052 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3053 elif test "x$sandbox_arg" = "xrlimit" || \
3054 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3055 test "x$select_works_with_rlimit" = "xyes" && \
3056 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3057 test "x$ac_cv_func_setrlimit" != "xyes" && \
3058 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3059 test "x$select_works_with_rlimit" != "xyes" && \
3060 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3061 SANDBOX_STYLE="rlimit"
3062 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3063 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3064 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3065 SANDBOX_STYLE="none"
3066 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3068 AC_MSG_ERROR([unsupported --with-sandbox])
3071 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3072 if test ! -z "$SONY" ; then
3073 LIBS="$LIBS -liberty";
3076 # Check for long long datatypes
3077 AC_CHECK_TYPES([long long, unsigned long long, long double])
3079 # Check datatype sizes
3080 AC_CHECK_SIZEOF([short int], [2])
3081 AC_CHECK_SIZEOF([int], [4])
3082 AC_CHECK_SIZEOF([long int], [4])
3083 AC_CHECK_SIZEOF([long long int], [8])
3085 # Sanity check long long for some platforms (AIX)
3086 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3087 ac_cv_sizeof_long_long_int=0
3090 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3091 if test -z "$have_llong_max"; then
3092 AC_MSG_CHECKING([for max value of long long])
3096 /* Why is this so damn hard? */
3100 #define __USE_ISOC99
3102 #define DATA "conftest.llminmax"
3103 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3106 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3107 * we do this the hard way.
3110 fprint_ll(FILE *f, long long n)
3113 int l[sizeof(long long) * 8];
3116 if (fprintf(f, "-") < 0)
3118 for (i = 0; n != 0; i++) {
3119 l[i] = my_abs(n % 10);
3123 if (fprintf(f, "%d", l[--i]) < 0)
3126 if (fprintf(f, " ") < 0)
3132 long long i, llmin, llmax = 0;
3134 if((f = fopen(DATA,"w")) == NULL)
3137 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3138 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3142 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3143 /* This will work on one's complement and two's complement */
3144 for (i = 1; i > llmax; i <<= 1, i++)
3146 llmin = llmax + 1LL; /* wrap */
3150 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3151 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3152 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3153 fprintf(f, "unknown unknown\n");
3157 if (fprint_ll(f, llmin) < 0)
3159 if (fprint_ll(f, llmax) < 0)
3166 llong_min=`$AWK '{print $1}' conftest.llminmax`
3167 llong_max=`$AWK '{print $2}' conftest.llminmax`
3169 AC_MSG_RESULT([$llong_max])
3170 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3171 [max value of long long calculated by configure])
3172 AC_MSG_CHECKING([for min value of long long])
3173 AC_MSG_RESULT([$llong_min])
3174 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3175 [min value of long long calculated by configure])
3178 AC_MSG_RESULT([not found])
3181 AC_MSG_WARN([cross compiling: not checking])
3187 # More checks for data types
3188 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3189 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3190 [[ u_int a; a = 1;]])],
3191 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3194 if test "x$ac_cv_have_u_int" = "xyes" ; then
3195 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3199 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3200 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3201 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3202 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3205 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3206 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3210 if (test -z "$have_intxx_t" && \
3211 test "x$ac_cv_header_stdint_h" = "xyes")
3213 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3214 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3215 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3217 AC_DEFINE([HAVE_INTXX_T])
3218 AC_MSG_RESULT([yes])
3219 ], [ AC_MSG_RESULT([no])
3223 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3224 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3225 #include <sys/types.h>
3226 #ifdef HAVE_STDINT_H
3227 # include <stdint.h>
3229 #include <sys/socket.h>
3230 #ifdef HAVE_SYS_BITYPES_H
3231 # include <sys/bitypes.h>
3236 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3239 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3240 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3243 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3244 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3245 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3246 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3249 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3250 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3254 if test -z "$have_u_intxx_t" ; then
3255 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3256 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3257 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3259 AC_DEFINE([HAVE_U_INTXX_T])
3260 AC_MSG_RESULT([yes])
3261 ], [ AC_MSG_RESULT([no])
3265 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3266 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3267 [[ u_int64_t a; a = 1;]])],
3268 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3271 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3272 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3276 if (test -z "$have_u_int64_t" && \
3277 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3279 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3280 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3281 [[ u_int64_t a; a = 1]])],
3283 AC_DEFINE([HAVE_U_INT64_T])
3284 AC_MSG_RESULT([yes])
3285 ], [ AC_MSG_RESULT([no])
3289 if test -z "$have_u_intxx_t" ; then
3290 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3291 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3292 #include <sys/types.h>
3299 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3302 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3303 AC_DEFINE([HAVE_UINTXX_T], [1],
3304 [define if you have uintxx_t data type])
3308 if (test -z "$have_uintxx_t" && \
3309 test "x$ac_cv_header_stdint_h" = "xyes")
3311 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3312 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3313 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3315 AC_DEFINE([HAVE_UINTXX_T])
3316 AC_MSG_RESULT([yes])
3317 ], [ AC_MSG_RESULT([no])
3321 if (test -z "$have_uintxx_t" && \
3322 test "x$ac_cv_header_inttypes_h" = "xyes")
3324 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3325 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3326 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3328 AC_DEFINE([HAVE_UINTXX_T])
3329 AC_MSG_RESULT([yes])
3330 ], [ AC_MSG_RESULT([no])
3334 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3335 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3337 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3338 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3339 #include <sys/bitypes.h>
3341 int8_t a; int16_t b; int32_t c;
3342 u_int8_t e; u_int16_t f; u_int32_t g;
3343 a = b = c = e = f = g = 1;
3346 AC_DEFINE([HAVE_U_INTXX_T])
3347 AC_DEFINE([HAVE_INTXX_T])
3348 AC_MSG_RESULT([yes])
3349 ], [AC_MSG_RESULT([no])
3354 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3355 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3356 [[ u_char foo; foo = 125; ]])],
3357 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3360 if test "x$ac_cv_have_u_char" = "xyes" ; then
3361 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3364 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3365 #include <sys/types.h>
3371 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3372 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3373 #include <sys/types.h>
3374 #ifdef HAVE_SYS_BITYPES_H
3375 #include <sys/bitypes.h>
3377 #ifdef HAVE_SYS_STATFS_H
3378 #include <sys/statfs.h>
3380 #ifdef HAVE_SYS_STATVFS_H
3381 #include <sys/statvfs.h>
3385 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3386 [#include <sys/types.h>
3387 #include <netinet/in.h>])
3389 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3390 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3391 [[ size_t foo; foo = 1235; ]])],
3392 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3395 if test "x$ac_cv_have_size_t" = "xyes" ; then
3396 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3399 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3400 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3401 [[ ssize_t foo; foo = 1235; ]])],
3402 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3405 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3406 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3409 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3410 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3411 [[ clock_t foo; foo = 1235; ]])],
3412 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3415 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3416 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3419 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3420 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3421 #include <sys/types.h>
3422 #include <sys/socket.h>
3423 ]], [[ sa_family_t foo; foo = 1235; ]])],
3424 [ ac_cv_have_sa_family_t="yes" ],
3425 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3426 #include <sys/types.h>
3427 #include <sys/socket.h>
3428 #include <netinet/in.h>
3429 ]], [[ sa_family_t foo; foo = 1235; ]])],
3430 [ ac_cv_have_sa_family_t="yes" ],
3431 [ ac_cv_have_sa_family_t="no" ]
3435 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3436 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3437 [define if you have sa_family_t data type])
3440 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3442 [[ pid_t foo; foo = 1235; ]])],
3443 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3446 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3447 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3450 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3451 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3452 [[ mode_t foo; foo = 1235; ]])],
3453 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3456 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3457 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3461 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3463 #include <sys/types.h>
3464 #include <sys/socket.h>
3465 ]], [[ struct sockaddr_storage s; ]])],
3466 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3467 [ ac_cv_have_struct_sockaddr_storage="no"
3470 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3471 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3472 [define if you have struct sockaddr_storage data type])
3475 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3476 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3477 #include <sys/types.h>
3478 #include <netinet/in.h>
3479 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3480 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3481 [ ac_cv_have_struct_sockaddr_in6="no"
3484 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3485 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3486 [define if you have struct sockaddr_in6 data type])
3489 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3490 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3491 #include <sys/types.h>
3492 #include <netinet/in.h>
3493 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3494 [ ac_cv_have_struct_in6_addr="yes" ],
3495 [ ac_cv_have_struct_in6_addr="no"
3498 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3499 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3500 [define if you have struct in6_addr data type])
3502 dnl Now check for sin6_scope_id
3503 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3505 #ifdef HAVE_SYS_TYPES_H
3506 #include <sys/types.h>
3508 #include <netinet/in.h>
3512 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3513 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3514 #include <sys/types.h>
3515 #include <sys/socket.h>
3517 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3518 [ ac_cv_have_struct_addrinfo="yes" ],
3519 [ ac_cv_have_struct_addrinfo="no"
3522 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3523 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3524 [define if you have struct addrinfo data type])
3527 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3528 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3529 [[ struct timeval tv; tv.tv_sec = 1;]])],
3530 [ ac_cv_have_struct_timeval="yes" ],
3531 [ ac_cv_have_struct_timeval="no"
3534 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3535 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3536 have_struct_timeval=1
3539 AC_CHECK_TYPES([struct timespec])
3541 # We need int64_t or else certian parts of the compile will fail.
3542 if test "x$ac_cv_have_int64_t" = "xno" && \
3543 test "x$ac_cv_sizeof_long_int" != "x8" && \
3544 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3545 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3546 echo "an alternative compiler (I.E., GCC) before continuing."
3550 dnl test snprintf (broken on SCO w/gcc)
3555 #ifdef HAVE_SNPRINTF
3559 char expected_out[50];
3561 #if (SIZEOF_LONG_INT == 8)
3562 long int num = 0x7fffffffffffffff;
3564 long long num = 0x7fffffffffffffffll;
3566 strcpy(expected_out, "9223372036854775807");
3567 snprintf(buf, mazsize, "%lld", num);
3568 if(strcmp(buf, expected_out) != 0)
3575 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3576 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3580 dnl Checks for structure members
3581 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3582 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3583 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3584 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3585 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3586 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3587 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3588 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3589 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3590 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3591 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3592 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3593 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3594 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3595 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3596 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3597 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3599 AC_CHECK_MEMBERS([struct stat.st_blksize])
3600 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3601 struct passwd.pw_change, struct passwd.pw_expire],
3603 #include <sys/types.h>
3607 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3608 [Define if we don't have struct __res_state in resolv.h])],
3611 #if HAVE_SYS_TYPES_H
3612 # include <sys/types.h>
3614 #include <netinet/in.h>
3615 #include <arpa/nameser.h>
3619 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3620 ac_cv_have_ss_family_in_struct_ss, [
3621 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3622 #include <sys/types.h>
3623 #include <sys/socket.h>
3624 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3625 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3626 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3628 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3629 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3632 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3633 ac_cv_have___ss_family_in_struct_ss, [
3634 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3635 #include <sys/types.h>
3636 #include <sys/socket.h>
3637 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3638 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3639 [ ac_cv_have___ss_family_in_struct_ss="no"
3642 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3643 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3644 [Fields in struct sockaddr_storage])
3647 dnl make sure we're using the real structure members and not defines
3648 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3649 ac_cv_have_accrights_in_msghdr, [
3650 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3651 #include <sys/types.h>
3652 #include <sys/socket.h>
3653 #include <sys/uio.h>
3655 #ifdef msg_accrights
3656 #error "msg_accrights is a macro"
3660 m.msg_accrights = 0;
3663 [ ac_cv_have_accrights_in_msghdr="yes" ],
3664 [ ac_cv_have_accrights_in_msghdr="no" ]
3667 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3668 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3669 [Define if your system uses access rights style
3670 file descriptor passing])
3673 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3674 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3675 #include <sys/param.h>
3676 #include <sys/stat.h>
3677 #ifdef HAVE_SYS_TIME_H
3678 # include <sys/time.h>
3680 #ifdef HAVE_SYS_MOUNT_H
3681 #include <sys/mount.h>
3683 #ifdef HAVE_SYS_STATVFS_H
3684 #include <sys/statvfs.h>
3686 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3687 [ AC_MSG_RESULT([yes]) ],
3688 [ AC_MSG_RESULT([no])
3690 AC_MSG_CHECKING([if fsid_t has member val])
3691 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3692 #include <sys/types.h>
3693 #include <sys/statvfs.h>
3694 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3695 [ AC_MSG_RESULT([yes])
3696 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3697 [ AC_MSG_RESULT([no]) ])
3699 AC_MSG_CHECKING([if f_fsid has member __val])
3700 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3701 #include <sys/types.h>
3702 #include <sys/statvfs.h>
3703 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3704 [ AC_MSG_RESULT([yes])
3705 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3706 [ AC_MSG_RESULT([no]) ])
3709 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3710 ac_cv_have_control_in_msghdr, [
3711 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3712 #include <sys/types.h>
3713 #include <sys/socket.h>
3714 #include <sys/uio.h>
3717 #error "msg_control is a macro"
3724 [ ac_cv_have_control_in_msghdr="yes" ],
3725 [ ac_cv_have_control_in_msghdr="no" ]
3728 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3729 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3730 [Define if your system uses ancillary data style
3731 file descriptor passing])
3734 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3735 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3736 [[ extern char *__progname; printf("%s", __progname); ]])],
3737 [ ac_cv_libc_defines___progname="yes" ],
3738 [ ac_cv_libc_defines___progname="no"
3741 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3742 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3745 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3746 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3747 [[ printf("%s", __FUNCTION__); ]])],
3748 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3749 [ ac_cv_cc_implements___FUNCTION__="no"
3752 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3753 AC_DEFINE([HAVE___FUNCTION__], [1],
3754 [Define if compiler implements __FUNCTION__])
3757 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3758 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3759 [[ printf("%s", __func__); ]])],
3760 [ ac_cv_cc_implements___func__="yes" ],
3761 [ ac_cv_cc_implements___func__="no"
3764 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3765 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3768 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3769 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3772 ]], [[ va_copy(x,y); ]])],
3773 [ ac_cv_have_va_copy="yes" ],
3774 [ ac_cv_have_va_copy="no"
3777 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3778 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3781 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3782 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3785 ]], [[ __va_copy(x,y); ]])],
3786 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3789 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3790 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3793 AC_CACHE_CHECK([whether getopt has optreset support],
3794 ac_cv_have_getopt_optreset, [
3795 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3796 [[ extern int optreset; optreset = 0; ]])],
3797 [ ac_cv_have_getopt_optreset="yes" ],
3798 [ ac_cv_have_getopt_optreset="no"
3801 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3802 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3803 [Define if your getopt(3) defines and uses optreset])
3806 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3807 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3808 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3809 [ ac_cv_libc_defines_sys_errlist="yes" ],
3810 [ ac_cv_libc_defines_sys_errlist="no"
3813 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3814 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3815 [Define if your system defines sys_errlist[]])
3819 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3820 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3821 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3822 [ ac_cv_libc_defines_sys_nerr="yes" ],
3823 [ ac_cv_libc_defines_sys_nerr="no"
3826 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3827 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3830 # Check libraries needed by DNS fingerprint support
3831 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3832 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3833 [Define if getrrsetbyname() exists])],
3835 # Needed by our getrrsetbyname()
3836 AC_SEARCH_LIBS([res_query], [resolv])
3837 AC_SEARCH_LIBS([dn_expand], [resolv])
3838 AC_MSG_CHECKING([if res_query will link])
3839 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3840 #include <sys/types.h>
3841 #include <netinet/in.h>
3842 #include <arpa/nameser.h>
3846 res_query (0, 0, 0, 0, 0);
3848 AC_MSG_RESULT([yes]),
3849 [AC_MSG_RESULT([no])
3851 LIBS="$LIBS -lresolv"
3852 AC_MSG_CHECKING([for res_query in -lresolv])
3853 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3854 #include <sys/types.h>
3855 #include <netinet/in.h>
3856 #include <arpa/nameser.h>
3860 res_query (0, 0, 0, 0, 0);
3862 [AC_MSG_RESULT([yes])],
3864 AC_MSG_RESULT([no])])
3866 AC_CHECK_FUNCS([_getshort _getlong])
3867 AC_CHECK_DECLS([_getshort, _getlong], , ,
3868 [#include <sys/types.h>
3869 #include <arpa/nameser.h>])
3870 AC_CHECK_MEMBER([HEADER.ad],
3871 [AC_DEFINE([HAVE_HEADER_AD], [1],
3872 [Define if HEADER.ad exists in arpa/nameser.h])], ,
3873 [#include <arpa/nameser.h>])
3876 AC_MSG_CHECKING([if struct __res_state _res is an extern])
3877 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3879 #if HAVE_SYS_TYPES_H
3880 # include <sys/types.h>
3882 #include <netinet/in.h>
3883 #include <arpa/nameser.h>
3885 extern struct __res_state _res;
3887 [AC_MSG_RESULT([yes])
3888 AC_DEFINE([HAVE__RES_EXTERN], [1],
3889 [Define if you have struct __res_state _res as an extern])
3891 [ AC_MSG_RESULT([no]) ]
3894 # Check whether user wants SELinux support
3897 AC_ARG_WITH([selinux],
3898 [ --with-selinux Enable SELinux support],
3899 [ if test "x$withval" != "xno" ; then
3901 AC_DEFINE([WITH_SELINUX], [1],
3902 [Define if you want SELinux support.])
3904 AC_CHECK_HEADER([selinux/selinux.h], ,
3905 AC_MSG_ERROR([SELinux support requires selinux.h header]))
3906 AC_CHECK_LIB([selinux], [setexeccon],
3907 [ LIBSELINUX="-lselinux"
3908 LIBS="$LIBS -lselinux"
3910 AC_MSG_ERROR([SELinux support requires libselinux library]))
3911 SSHLIBS="$SSHLIBS $LIBSELINUX"
3912 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3913 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3918 AC_SUBST([SSHDLIBS])
3920 # Check whether user wants Kerberos 5 support
3922 AC_ARG_WITH([kerberos5],
3923 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3924 [ if test "x$withval" != "xno" ; then
3925 if test "x$withval" = "xyes" ; then
3926 KRB5ROOT="/usr/local"
3931 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3934 AC_PATH_PROG([KRB5CONF], [krb5-config],
3935 [$KRB5ROOT/bin/krb5-config],
3936 [$KRB5ROOT/bin:$PATH])
3937 if test -x $KRB5CONF ; then
3938 K5CFLAGS="`$KRB5CONF --cflags`"
3939 K5LIBS="`$KRB5CONF --libs`"
3940 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3942 AC_MSG_CHECKING([for gssapi support])
3943 if $KRB5CONF | grep gssapi >/dev/null ; then
3944 AC_MSG_RESULT([yes])
3945 AC_DEFINE([GSSAPI], [1],
3946 [Define this if you want GSSAPI
3947 support in the version 2 protocol])
3948 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
3949 GSSLIBS="`$KRB5CONF --libs gssapi`"
3950 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
3954 AC_MSG_CHECKING([whether we are using Heimdal])
3955 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3956 ]], [[ char *tmp = heimdal_version; ]])],
3957 [ AC_MSG_RESULT([yes])
3958 AC_DEFINE([HEIMDAL], [1],
3959 [Define this if you are using the Heimdal
3960 version of Kerberos V5]) ],
3961 [AC_MSG_RESULT([no])
3964 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3965 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3966 AC_MSG_CHECKING([whether we are using Heimdal])
3967 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3968 ]], [[ char *tmp = heimdal_version; ]])],
3969 [ AC_MSG_RESULT([yes])
3970 AC_DEFINE([HEIMDAL])
3972 K5LIBS="$K5LIBS -lcom_err -lasn1"
3973 AC_CHECK_LIB([roken], [net_write],
3974 [K5LIBS="$K5LIBS -lroken"])
3975 AC_CHECK_LIB([des], [des_cbc_encrypt],
3976 [K5LIBS="$K5LIBS -ldes"])
3977 ], [ AC_MSG_RESULT([no])
3978 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3981 AC_SEARCH_LIBS([dn_expand], [resolv])
3983 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3984 [ AC_DEFINE([GSSAPI])
3985 GSSLIBS="-lgssapi_krb5" ],
3986 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3987 [ AC_DEFINE([GSSAPI])
3988 GSSLIBS="-lgssapi" ],
3989 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
3990 [ AC_DEFINE([GSSAPI])
3992 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
3996 AC_CHECK_HEADER([gssapi.h], ,
3997 [ unset ac_cv_header_gssapi_h
3998 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3999 AC_CHECK_HEADERS([gssapi.h], ,
4000 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4006 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4007 AC_CHECK_HEADER([gssapi_krb5.h], ,
4008 [ CPPFLAGS="$oldCPP" ])
4011 if test ! -z "$need_dash_r" ; then
4012 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4014 if test ! -z "$blibpath" ; then
4015 blibpath="$blibpath:${KRB5ROOT}/lib"
4018 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4019 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4020 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4022 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4023 [Define this if you want to use libkafs' AFS support])])
4025 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4026 #ifdef HAVE_GSSAPI_H
4027 # include <gssapi.h>
4028 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4029 # include <gssapi/gssapi.h>
4032 #ifdef HAVE_GSSAPI_GENERIC_H
4033 # include <gssapi_generic.h>
4034 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4035 # include <gssapi/gssapi_generic.h>
4039 LIBS="$LIBS $K5LIBS"
4040 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4049 # Looking for programs, paths and files
4051 PRIVSEP_PATH=/var/empty
4052 AC_ARG_WITH([privsep-path],
4053 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4055 if test -n "$withval" && test "x$withval" != "xno" && \
4056 test "x${withval}" != "xyes"; then
4057 PRIVSEP_PATH=$withval
4061 AC_SUBST([PRIVSEP_PATH])
4063 AC_ARG_WITH([xauth],
4064 [ --with-xauth=PATH Specify path to xauth program ],
4066 if test -n "$withval" && test "x$withval" != "xno" && \
4067 test "x${withval}" != "xyes"; then
4073 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4074 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4075 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4076 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4077 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4078 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4079 xauth_path="/usr/openwin/bin/xauth"
4085 AC_ARG_ENABLE([strip],
4086 [ --disable-strip Disable calling strip(1) on install],
4088 if test "x$enableval" = "xno" ; then
4093 AC_SUBST([STRIP_OPT])
4095 if test -z "$xauth_path" ; then
4096 XAUTH_PATH="undefined"
4097 AC_SUBST([XAUTH_PATH])
4099 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4100 [Define if xauth is found in your path])
4101 XAUTH_PATH=$xauth_path
4102 AC_SUBST([XAUTH_PATH])
4105 dnl # --with-maildir=/path/to/mail gets top priority.
4106 dnl # if maildir is set in the platform case statement above we use that.
4107 dnl # Otherwise we run a program to get the dir from system headers.
4108 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4109 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4110 dnl # session.c expects anyway. Otherwise we set to the value found
4111 dnl # stripping any trailing slash. If for some strage reason our program
4112 dnl # does not find what it needs, we default to /var/spool/mail.
4113 # Check for mail directory
4114 AC_ARG_WITH([maildir],
4115 [ --with-maildir=/path/to/mail Specify your system mail directory],
4117 if test "X$withval" != X && test "x$withval" != xno && \
4118 test "x${withval}" != xyes; then
4119 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4120 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4123 if test "X$maildir" != "X"; then
4124 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4126 AC_MSG_CHECKING([Discovering system mail directory])
4134 #ifdef HAVE_MAILLOCK_H
4135 #include <maillock.h>
4137 #define DATA "conftest.maildir"
4142 fd = fopen(DATA,"w");
4146 #if defined (_PATH_MAILDIR)
4147 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4149 #elif defined (MAILDIR)
4150 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4152 #elif defined (_PATH_MAIL)
4153 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4162 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4163 maildir=`awk -F: '{print $2}' conftest.maildir \
4165 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4166 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4167 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4171 if test "X$ac_status" = "X2";then
4172 # our test program didn't find it. Default to /var/spool/mail
4173 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4174 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4176 AC_MSG_RESULT([*** not found ***])
4180 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4187 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4188 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4189 disable_ptmx_check=yes
4191 if test -z "$no_dev_ptmx" ; then
4192 if test "x$disable_ptmx_check" != "xyes" ; then
4193 AC_CHECK_FILE(["/dev/ptmx"],
4195 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4196 [Define if you have /dev/ptmx])
4203 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4204 AC_CHECK_FILE(["/dev/ptc"],
4206 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4207 [Define if you have /dev/ptc])
4212 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4215 # Options from here on. Some of these are preset by platform above
4216 AC_ARG_WITH([mantype],
4217 [ --with-mantype=man|cat|doc Set man page type],
4224 AC_MSG_ERROR([invalid man type: $withval])
4229 if test -z "$MANTYPE"; then
4230 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4231 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4232 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4234 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4241 if test "$MANTYPE" = "doc"; then
4246 AC_SUBST([mansubdir])
4248 # Check whether to enable MD5 passwords
4250 AC_ARG_WITH([md5-passwords],
4251 [ --with-md5-passwords Enable use of MD5 passwords],
4253 if test "x$withval" != "xno" ; then
4254 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4255 [Define if you want to allow MD5 passwords])
4261 # Whether to disable shadow password support
4262 AC_ARG_WITH([shadow],
4263 [ --without-shadow Disable shadow password support],
4265 if test "x$withval" = "xno" ; then
4266 AC_DEFINE([DISABLE_SHADOW])
4272 if test -z "$disable_shadow" ; then
4273 AC_MSG_CHECKING([if the systems has expire shadow information])
4274 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4275 #include <sys/types.h>
4278 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4279 [ sp_expire_available=yes ], [
4282 if test "x$sp_expire_available" = "xyes" ; then
4283 AC_MSG_RESULT([yes])
4284 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4285 [Define if you want to use shadow password expire field])
4291 # Use ip address instead of hostname in $DISPLAY
4292 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4293 DISPLAY_HACK_MSG="yes"
4294 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4295 [Define if you need to use IP address
4296 instead of hostname in $DISPLAY])
4298 DISPLAY_HACK_MSG="no"
4299 AC_ARG_WITH([ipaddr-display],
4300 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
4302 if test "x$withval" != "xno" ; then
4303 AC_DEFINE([IPADDR_IN_DISPLAY])
4304 DISPLAY_HACK_MSG="yes"
4310 # check for /etc/default/login and use it if present.
4311 AC_ARG_ENABLE([etc-default-login],
4312 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4313 [ if test "x$enableval" = "xno"; then
4314 AC_MSG_NOTICE([/etc/default/login handling disabled])
4315 etc_default_login=no
4317 etc_default_login=yes
4319 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4321 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4322 etc_default_login=no
4324 etc_default_login=yes
4328 if test "x$etc_default_login" != "xno"; then
4329 AC_CHECK_FILE(["/etc/default/login"],
4330 [ external_path_file=/etc/default/login ])
4331 if test "x$external_path_file" = "x/etc/default/login"; then
4332 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4333 [Define if your system has /etc/default/login])
4337 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4338 if test $ac_cv_func_login_getcapbool = "yes" && \
4339 test $ac_cv_header_login_cap_h = "yes" ; then
4340 external_path_file=/etc/login.conf
4343 # Whether to mess with the default path
4344 SERVER_PATH_MSG="(default)"
4345 AC_ARG_WITH([default-path],
4346 [ --with-default-path= Specify default \$PATH environment for server],
4348 if test "x$external_path_file" = "x/etc/login.conf" ; then
4350 --with-default-path=PATH has no effect on this system.
4351 Edit /etc/login.conf instead.])
4352 elif test "x$withval" != "xno" ; then
4353 if test ! -z "$external_path_file" ; then
4355 --with-default-path=PATH will only be used if PATH is not defined in
4356 $external_path_file .])
4358 user_path="$withval"
4359 SERVER_PATH_MSG="$withval"
4362 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4363 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4365 if test ! -z "$external_path_file" ; then
4367 If PATH is defined in $external_path_file, ensure the path to scp is included,
4368 otherwise scp will not work.])
4372 /* find out what STDPATH is */
4377 #ifndef _PATH_STDPATH
4378 # ifdef _PATH_USERPATH /* Irix */
4379 # define _PATH_STDPATH _PATH_USERPATH
4381 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4384 #include <sys/types.h>
4385 #include <sys/stat.h>
4387 #define DATA "conftest.stdpath"
4392 fd = fopen(DATA,"w");
4396 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4401 [ user_path=`cat conftest.stdpath` ],
4402 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4403 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4405 # make sure $bindir is in USER_PATH so scp will work
4406 t_bindir="${bindir}"
4407 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4408 t_bindir=`eval echo ${t_bindir}`
4410 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4413 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4416 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4417 if test $? -ne 0 ; then
4418 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4419 if test $? -ne 0 ; then
4420 user_path=$user_path:$t_bindir
4421 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4426 if test "x$external_path_file" != "x/etc/login.conf" ; then
4427 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4428 AC_SUBST([user_path])
4431 # Set superuser path separately to user path
4432 AC_ARG_WITH([superuser-path],
4433 [ --with-superuser-path= Specify different path for super-user],
4435 if test -n "$withval" && test "x$withval" != "xno" && \
4436 test "x${withval}" != "xyes"; then
4437 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4438 [Define if you want a different $PATH
4440 superuser_path=$withval
4446 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4447 IPV4_IN6_HACK_MSG="no"
4449 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4451 if test "x$withval" != "xno" ; then
4452 AC_MSG_RESULT([yes])
4453 AC_DEFINE([IPV4_IN_IPV6], [1],
4454 [Detect IPv4 in IPv6 mapped addresses
4456 IPV4_IN6_HACK_MSG="yes"
4461 if test "x$inet6_default_4in6" = "xyes"; then
4462 AC_MSG_RESULT([yes (default)])
4463 AC_DEFINE([IPV4_IN_IPV6])
4464 IPV4_IN6_HACK_MSG="yes"
4466 AC_MSG_RESULT([no (default)])
4471 # Whether to enable BSD auth support
4473 AC_ARG_WITH([bsd-auth],
4474 [ --with-bsd-auth Enable BSD auth support],
4476 if test "x$withval" != "xno" ; then
4477 AC_DEFINE([BSD_AUTH], [1],
4478 [Define if you have BSD auth support])
4484 # Where to place sshd.pid
4486 # make sure the directory exists
4487 if test ! -d $piddir ; then
4488 piddir=`eval echo ${sysconfdir}`
4490 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4494 AC_ARG_WITH([pid-dir],
4495 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4497 if test -n "$withval" && test "x$withval" != "xno" && \
4498 test "x${withval}" != "xyes"; then
4500 if test ! -d $piddir ; then
4501 AC_MSG_WARN([** no $piddir directory on this system **])
4507 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4508 [Specify location of ssh.pid])
4511 dnl allow user to disable some login recording features
4512 AC_ARG_ENABLE([lastlog],
4513 [ --disable-lastlog disable use of lastlog even if detected [no]],
4515 if test "x$enableval" = "xno" ; then
4516 AC_DEFINE([DISABLE_LASTLOG])
4520 AC_ARG_ENABLE([utmp],
4521 [ --disable-utmp disable use of utmp even if detected [no]],
4523 if test "x$enableval" = "xno" ; then
4524 AC_DEFINE([DISABLE_UTMP])
4528 AC_ARG_ENABLE([utmpx],
4529 [ --disable-utmpx disable use of utmpx even if detected [no]],
4531 if test "x$enableval" = "xno" ; then
4532 AC_DEFINE([DISABLE_UTMPX], [1],
4533 [Define if you don't want to use utmpx])
4537 AC_ARG_ENABLE([wtmp],
4538 [ --disable-wtmp disable use of wtmp even if detected [no]],
4540 if test "x$enableval" = "xno" ; then
4541 AC_DEFINE([DISABLE_WTMP])
4545 AC_ARG_ENABLE([wtmpx],
4546 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4548 if test "x$enableval" = "xno" ; then
4549 AC_DEFINE([DISABLE_WTMPX], [1],
4550 [Define if you don't want to use wtmpx])
4554 AC_ARG_ENABLE([libutil],
4555 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4557 if test "x$enableval" = "xno" ; then
4558 AC_DEFINE([DISABLE_LOGIN])
4562 AC_ARG_ENABLE([pututline],
4563 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4565 if test "x$enableval" = "xno" ; then
4566 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4567 [Define if you don't want to use pututline()
4568 etc. to write [uw]tmp])
4572 AC_ARG_ENABLE([pututxline],
4573 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4575 if test "x$enableval" = "xno" ; then
4576 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4577 [Define if you don't want to use pututxline()
4578 etc. to write [uw]tmpx])
4582 AC_ARG_WITH([lastlog],
4583 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4585 if test "x$withval" = "xno" ; then
4586 AC_DEFINE([DISABLE_LASTLOG])
4587 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4588 conf_lastlog_location=$withval
4593 dnl lastlog, [uw]tmpx? detection
4594 dnl NOTE: set the paths in the platform section to avoid the
4595 dnl need for command-line parameters
4596 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4598 dnl lastlog detection
4599 dnl NOTE: the code itself will detect if lastlog is a directory
4600 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4601 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4602 #include <sys/types.h>
4604 #ifdef HAVE_LASTLOG_H
4605 # include <lastlog.h>
4613 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4614 [ AC_MSG_RESULT([yes]) ],
4617 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4618 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4619 #include <sys/types.h>
4621 #ifdef HAVE_LASTLOG_H
4622 # include <lastlog.h>
4627 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4628 [ AC_MSG_RESULT([yes]) ],
4631 system_lastlog_path=no
4635 if test -z "$conf_lastlog_location"; then
4636 if test x"$system_lastlog_path" = x"no" ; then
4637 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4638 if (test -d "$f" || test -f "$f") ; then
4639 conf_lastlog_location=$f
4642 if test -z "$conf_lastlog_location"; then
4643 AC_MSG_WARN([** Cannot find lastlog **])
4644 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4649 if test -n "$conf_lastlog_location"; then
4650 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4651 [Define if you want to specify the path to your lastlog file])
4655 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4656 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4657 #include <sys/types.h>
4662 ]], [[ char *utmp = UTMP_FILE; ]])],
4663 [ AC_MSG_RESULT([yes]) ],
4664 [ AC_MSG_RESULT([no])
4667 if test -z "$conf_utmp_location"; then
4668 if test x"$system_utmp_path" = x"no" ; then
4669 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4670 if test -f $f ; then
4671 conf_utmp_location=$f
4674 if test -z "$conf_utmp_location"; then
4675 AC_DEFINE([DISABLE_UTMP])
4679 if test -n "$conf_utmp_location"; then
4680 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4681 [Define if you want to specify the path to your utmp file])
4685 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4686 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4687 #include <sys/types.h>
4692 ]], [[ char *wtmp = WTMP_FILE; ]])],
4693 [ AC_MSG_RESULT([yes]) ],
4694 [ AC_MSG_RESULT([no])
4697 if test -z "$conf_wtmp_location"; then
4698 if test x"$system_wtmp_path" = x"no" ; then
4699 for f in /usr/adm/wtmp /var/log/wtmp; do
4700 if test -f $f ; then
4701 conf_wtmp_location=$f
4704 if test -z "$conf_wtmp_location"; then
4705 AC_DEFINE([DISABLE_WTMP])
4709 if test -n "$conf_wtmp_location"; then
4710 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4711 [Define if you want to specify the path to your wtmp file])
4715 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4716 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4717 #include <sys/types.h>
4725 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4726 [ AC_MSG_RESULT([yes]) ],
4727 [ AC_MSG_RESULT([no])
4728 system_wtmpx_path=no
4730 if test -z "$conf_wtmpx_location"; then
4731 if test x"$system_wtmpx_path" = x"no" ; then
4732 AC_DEFINE([DISABLE_WTMPX])
4735 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4736 [Define if you want to specify the path to your wtmpx file])
4740 if test ! -z "$blibpath" ; then
4741 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4742 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4745 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4746 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4747 AC_DEFINE([DISABLE_LASTLOG])
4750 #ifdef HAVE_SYS_TYPES_H
4751 #include <sys/types.h>
4759 #ifdef HAVE_LASTLOG_H
4760 #include <lastlog.h>
4764 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
4765 AC_DEFINE([DISABLE_UTMP])
4766 AC_DEFINE([DISABLE_WTMP])
4768 #ifdef HAVE_SYS_TYPES_H
4769 #include <sys/types.h>
4777 #ifdef HAVE_LASTLOG_H
4778 #include <lastlog.h>
4782 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4784 CFLAGS="$CFLAGS $werror_flags"
4786 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4791 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4792 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4793 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
4794 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
4797 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4798 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4802 # Print summary of options
4804 # Someone please show me a better way :)
4805 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4806 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4807 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4808 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4809 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4810 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4811 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4812 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4813 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4814 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4817 echo "OpenSSH has been configured with the following options:"
4818 echo " User binaries: $B"
4819 echo " System binaries: $C"
4820 echo " Configuration files: $D"
4821 echo " Askpass program: $E"
4822 echo " Manual pages: $F"
4823 echo " PID file: $G"
4824 echo " Privilege separation chroot path: $H"
4825 if test "x$external_path_file" = "x/etc/login.conf" ; then
4826 echo " At runtime, sshd will use the path defined in $external_path_file"
4827 echo " Make sure the path to scp is present, otherwise scp will not work"
4829 echo " sshd default user PATH: $I"
4830 if test ! -z "$external_path_file"; then
4831 echo " (If PATH is set in $external_path_file it will be used instead. If"
4832 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4835 if test ! -z "$superuser_path" ; then
4836 echo " sshd superuser user PATH: $J"
4838 echo " Manpage format: $MANTYPE"
4839 echo " PAM support: $PAM_MSG"
4840 echo " OSF SIA support: $SIA_MSG"
4841 echo " KerberosV support: $KRB5_MSG"
4842 echo " SELinux support: $SELINUX_MSG"
4843 echo " Smartcard support: $SCARD_MSG"
4844 echo " S/KEY support: $SKEY_MSG"
4845 echo " TCP Wrappers support: $TCPW_MSG"
4846 echo " MD5 password support: $MD5_MSG"
4847 echo " libedit support: $LIBEDIT_MSG"
4848 echo " Solaris process contract support: $SPC_MSG"
4849 echo " Solaris project support: $SP_MSG"
4850 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4851 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4852 echo " BSD Auth support: $BSD_AUTH_MSG"
4853 echo " Random number source: $RAND_MSG"
4854 echo " Privsep sandbox style: $SANDBOX_STYLE"
4858 echo " Host: ${host}"
4859 echo " Compiler: ${CC}"
4860 echo " Compiler flags: ${CFLAGS}"
4861 echo "Preprocessor flags: ${CPPFLAGS}"
4862 echo " Linker flags: ${LDFLAGS}"
4863 echo " Libraries: ${LIBS}"
4864 if test ! -z "${SSHDLIBS}"; then
4865 echo " +for sshd: ${SSHDLIBS}"
4867 if test ! -z "${SSHLIBS}"; then
4868 echo " +for ssh: ${SSHLIBS}"
4873 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4874 echo "SVR4 style packages are supported with \"make package\""
4878 if test "x$PAM_MSG" = "xyes" ; then
4879 echo "PAM is enabled. You may need to install a PAM control file "
4880 echo "for sshd, otherwise password authentication may fail. "
4881 echo "Example PAM control files can be found in the contrib/ "
4886 if test ! -z "$NO_PEERCHECK" ; then
4887 echo "WARNING: the operating system that you are using does not"
4888 echo "appear to support getpeereid(), getpeerucred() or the"
4889 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4890 echo "enforce security checks to prevent unauthorised connections to"
4891 echo "ssh-agent. Their absence increases the risk that a malicious"
4892 echo "user can connect to your agent."
4896 if test "$AUDIT_MODULE" = "bsm" ; then
4897 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4898 echo "See the Solaris section in README.platform for details."