1 # $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
19 AC_REVISION($Revision: 1.583 $)
20 AC_CONFIG_SRCDIR([ssh.c])
23 AC_CONFIG_HEADER([config.h])
28 # Checks for programs.
34 AC_CHECK_TOOLS([AR], [ar])
35 AC_PATH_PROG([CAT], [cat])
36 AC_PATH_PROG([KILL], [kill])
37 AC_PATH_PROGS([PERL], [perl5 perl])
38 AC_PATH_PROG([SED], [sed])
40 AC_PATH_PROG([ENT], [ent])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
44 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
45 AC_PATH_PROG([SH], [sh])
46 AC_PATH_PROG([GROFF], [groff])
47 AC_PATH_PROG([NROFF], [nroff])
48 AC_PATH_PROG([MANDOC], [mandoc])
49 AC_SUBST([TEST_SHELL], [sh])
51 dnl select manpage formatter
52 if test "x$MANDOC" != "x" ; then
54 elif test "x$NROFF" != "x" ; then
55 MANFMT="$NROFF -mandoc"
56 elif test "x$GROFF" != "x" ; then
57 MANFMT="$GROFF -mandoc -Tascii"
59 AC_MSG_WARN([no manpage formatted found])
65 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
66 [/usr/sbin${PATH_SEPARATOR}/etc])
67 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
68 [/usr/sbin${PATH_SEPARATOR}/etc])
69 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
70 if test -x /sbin/sh; then
71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
79 if test -z "$AR" ; then
80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
83 # Use LOGIN_PROGRAM from environment if possible
84 if test ! -z "$LOGIN_PROGRAM" ; then
85 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
86 [If your header files don't define LOGIN_PROGRAM,
87 then use this (detected) from environment and PATH])
90 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
91 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
92 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
96 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
97 if test ! -z "$PATH_PASSWD_PROG" ; then
98 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
99 [Full path of your "passwd" program])
102 if test -z "$LD" ; then
109 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
110 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
111 #include <sys/types.h>
112 #include <sys/param.h>
113 #include <dev/systrace.h>
115 AC_CHECK_DECL([RLIMIT_NPROC],
116 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
117 #include <sys/types.h>
118 #include <sys/resource.h>
120 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
121 #include <sys/types.h>
122 #include <linux/prctl.h>
127 AC_ARG_WITH([openssl],
128 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
129 [ if test "x$withval" = "xno" ; then
135 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
136 if test "x$openssl" = "xyes" ; then
138 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
144 [ --with-ssh1 Enable support for SSH protocol 1],
146 if test "x$withval" = "xyes" ; then
147 if test "x$openssl" = "xno" ; then
148 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
151 elif test "x$withval" = "xno" ; then
154 AC_MSG_ERROR([unknown --with-ssh1 argument])
158 AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
159 if test "x$ssh1" = "xyes" ; then
161 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
166 use_stack_protector=1
167 use_toolchain_hardening=1
168 AC_ARG_WITH([stackprotect],
169 [ --without-stackprotect Don't use compiler's stack protection], [
170 if test "x$withval" = "xno"; then
171 use_stack_protector=0
173 AC_ARG_WITH([hardening],
174 [ --without-hardening Don't use toolchain hardening flags], [
175 if test "x$withval" = "xno"; then
176 use_toolchain_hardening=0
179 # We use -Werror for the tests only so that we catch warnings like "this is
180 # on by default" for things like -fPIE.
181 AC_MSG_CHECKING([if $CC supports -Werror])
182 saved_CFLAGS="$CFLAGS"
183 CFLAGS="$CFLAGS -Werror"
184 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
185 [ AC_MSG_RESULT([yes])
187 [ AC_MSG_RESULT([no])
190 CFLAGS="$saved_CFLAGS"
192 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
193 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
195 OSSH_CHECK_CFLAG_COMPILE([-Wall])
196 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
197 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
198 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
199 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
200 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
201 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
202 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
203 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
204 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
205 if test "x$use_toolchain_hardening" = "x1"; then
206 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
207 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
208 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
209 # NB. -ftrapv expects certain support functions to be present in
210 # the compiler library (libgcc or similar) to detect integer operations
211 # that can overflow. We must check that the result of enabling it
212 # actually links. The test program compiled/linked includes a number
213 # of integer operations that should exercise this.
214 OSSH_CHECK_CFLAG_LINK([-ftrapv])
216 AC_MSG_CHECKING([gcc version])
217 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
219 1.*) no_attrib_nonnull=1 ;;
223 2.*) no_attrib_nonnull=1 ;;
226 AC_MSG_RESULT([$GCC_VER])
228 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
229 saved_CFLAGS="$CFLAGS"
230 CFLAGS="$CFLAGS -fno-builtin-memset"
231 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
232 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
233 [ AC_MSG_RESULT([yes]) ],
234 [ AC_MSG_RESULT([no])
235 CFLAGS="$saved_CFLAGS" ]
238 # -fstack-protector-all doesn't always work for some GCC versions
239 # and/or platforms, so we test if we can. If it's not supported
240 # on a given platform gcc will emit a warning so we use -Werror.
241 if test "x$use_stack_protector" = "x1"; then
242 for t in -fstack-protector-strong -fstack-protector-all \
243 -fstack-protector; do
244 AC_MSG_CHECKING([if $CC supports $t])
245 saved_CFLAGS="$CFLAGS"
246 saved_LDFLAGS="$LDFLAGS"
247 CFLAGS="$CFLAGS $t -Werror"
248 LDFLAGS="$LDFLAGS $t -Werror"
250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
253 snprintf(x, sizeof(x), "XXX");
255 [ AC_MSG_RESULT([yes])
256 CFLAGS="$saved_CFLAGS $t"
257 LDFLAGS="$saved_LDFLAGS $t"
258 AC_MSG_CHECKING([if $t works])
260 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
263 snprintf(x, sizeof(x), "XXX");
265 [ AC_MSG_RESULT([yes])
267 [ AC_MSG_RESULT([no]) ],
268 [ AC_MSG_WARN([cross compiling: cannot test])
272 [ AC_MSG_RESULT([no]) ]
274 CFLAGS="$saved_CFLAGS"
275 LDFLAGS="$saved_LDFLAGS"
279 if test -z "$have_llong_max"; then
280 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
281 unset ac_cv_have_decl_LLONG_MAX
282 saved_CFLAGS="$CFLAGS"
283 CFLAGS="$CFLAGS -std=gnu99"
284 AC_CHECK_DECL([LLONG_MAX],
286 [CFLAGS="$saved_CFLAGS"],
287 [#include <limits.h>]
292 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
296 __attribute__((__unused__)) static void foo(void){return;}]],
298 [ AC_MSG_RESULT([yes]) ],
299 [ AC_MSG_RESULT([no])
300 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
301 [compiler does not accept __attribute__ on return types]) ]
304 if test "x$no_attrib_nonnull" != "x1" ; then
305 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
309 [ --without-rpath Disable auto-added -R linker paths],
311 if test "x$withval" = "xno" ; then
314 if test "x$withval" = "xyes" ; then
320 # Allow user to specify flags
321 AC_ARG_WITH([cflags],
322 [ --with-cflags Specify additional flags to pass to compiler],
324 if test -n "$withval" && test "x$withval" != "xno" && \
325 test "x${withval}" != "xyes"; then
326 CFLAGS="$CFLAGS $withval"
330 AC_ARG_WITH([cppflags],
331 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
333 if test -n "$withval" && test "x$withval" != "xno" && \
334 test "x${withval}" != "xyes"; then
335 CPPFLAGS="$CPPFLAGS $withval"
339 AC_ARG_WITH([ldflags],
340 [ --with-ldflags Specify additional flags to pass to linker],
342 if test -n "$withval" && test "x$withval" != "xno" && \
343 test "x${withval}" != "xyes"; then
344 LDFLAGS="$LDFLAGS $withval"
349 [ --with-libs Specify additional libraries to link with],
351 if test -n "$withval" && test "x$withval" != "xno" && \
352 test "x${withval}" != "xyes"; then
353 LIBS="$LIBS $withval"
357 AC_ARG_WITH([Werror],
358 [ --with-Werror Build main code with -Werror],
360 if test -n "$withval" && test "x$withval" != "xno"; then
361 werror_flags="-Werror"
362 if test "x${withval}" != "xyes"; then
363 werror_flags="$withval"
399 security/pam_appl.h \
438 # sys/capsicum.h requires sys/types.h
439 AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
440 #ifdef HAVE_SYS_TYPES_H
441 # include <sys/types.h>
445 # lastlog.h requires sys/time.h to be included first on Solaris
446 AC_CHECK_HEADERS([lastlog.h], [], [], [
447 #ifdef HAVE_SYS_TIME_H
448 # include <sys/time.h>
452 # sys/ptms.h requires sys/stream.h to be included first on Solaris
453 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
454 #ifdef HAVE_SYS_STREAM_H
455 # include <sys/stream.h>
459 # login_cap.h requires sys/types.h on NetBSD
460 AC_CHECK_HEADERS([login_cap.h], [], [], [
461 #include <sys/types.h>
464 # older BSDs need sys/param.h before sys/mount.h
465 AC_CHECK_HEADERS([sys/mount.h], [], [], [
466 #include <sys/param.h>
469 # Android requires sys/socket.h to be included before sys/un.h
470 AC_CHECK_HEADERS([sys/un.h], [], [], [
471 #include <sys/types.h>
472 #include <sys/socket.h>
475 # Messages for features tested for in target-specific section
481 # Support for Solaris/Illumos privileges (this test is used by both
482 # the --with-solaris-privs option and --with-sandbox=solaris).
485 # Check for some target-specific stuff
488 # Some versions of VAC won't allow macro redefinitions at
489 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
490 # particularly with older versions of vac or xlc.
491 # It also throws errors about null macro argments, but these are
493 AC_MSG_CHECKING([if compiler allows macro redefinitions])
496 #define testmacro foo
497 #define testmacro bar]],
499 [ AC_MSG_RESULT([yes]) ],
500 [ AC_MSG_RESULT([no])
501 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
502 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
503 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
504 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
508 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
509 if (test -z "$blibpath"); then
510 blibpath="/usr/lib:/lib"
512 saved_LDFLAGS="$LDFLAGS"
513 if test "$GCC" = "yes"; then
514 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
516 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
518 for tryflags in $flags ;do
519 if (test -z "$blibflags"); then
520 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
521 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
522 [blibflags=$tryflags], [])
525 if (test -z "$blibflags"); then
526 AC_MSG_RESULT([not found])
527 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
529 AC_MSG_RESULT([$blibflags])
531 LDFLAGS="$saved_LDFLAGS"
532 dnl Check for authenticate. Might be in libs.a on older AIXes
533 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
534 [Define if you want to enable AIX4's authenticate function])],
535 [AC_CHECK_LIB([s], [authenticate],
536 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
540 dnl Check for various auth function declarations in headers.
541 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
542 passwdexpired, setauthdb], , , [#include <usersec.h>])
543 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
544 AC_CHECK_DECLS([loginfailed],
545 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
546 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
547 [[ (void)loginfailed("user","host","tty",0); ]])],
548 [AC_MSG_RESULT([yes])
549 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
550 [Define if your AIX loginfailed() function
551 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
554 [#include <usersec.h>]
556 AC_CHECK_FUNCS([getgrset setauthdb])
557 AC_CHECK_DECL([F_CLOSEM],
558 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
560 [ #include <limits.h>
563 check_for_aix_broken_getaddrinfo=1
564 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
565 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
566 [Define if your platform breaks doing a seteuid before a setuid])
567 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
568 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
569 dnl AIX handles lastlog as part of its login message
570 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
571 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
572 [Some systems need a utmpx entry for /bin/login to work])
573 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
574 [Define to a Set Process Title type if your system is
575 supported by bsd-setproctitle.c])
576 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
577 [AIX 5.2 and 5.3 (and presumably newer) require this])
578 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
579 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
582 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
583 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
586 check_for_libcrypt_later=1
587 LIBS="$LIBS /usr/lib/textreadmode.o"
588 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
589 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
590 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
591 [Define to disable UID restoration test])
592 AC_DEFINE([DISABLE_SHADOW], [1],
593 [Define if you want to disable shadow passwords])
594 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
595 [Define if X11 doesn't support AF_UNIX sockets on that system])
596 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
597 [Define if the concept of ports only accessible to
598 superusers isn't known])
599 AC_DEFINE([DISABLE_FD_PASSING], [1],
600 [Define if your platform needs to skip post auth
601 file descriptor passing])
602 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
603 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
604 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
605 # reasons which cause compile warnings, so we disable those warnings.
606 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
609 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
610 [Define if your system choked on IP TOS setting])
611 AC_DEFINE([SETEUID_BREAKS_SETUID])
612 AC_DEFINE([BROKEN_SETREUID])
613 AC_DEFINE([BROKEN_SETREGID])
617 AC_MSG_CHECKING([if we have working getaddrinfo])
618 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
619 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
625 [AC_MSG_RESULT([working])],
626 [AC_MSG_RESULT([buggy])
627 AC_DEFINE([BROKEN_GETADDRINFO], [1],
628 [getaddrinfo is broken (if present)])
630 [AC_MSG_RESULT([assume it is working])])
631 AC_DEFINE([SETEUID_BREAKS_SETUID])
632 AC_DEFINE([BROKEN_SETREUID])
633 AC_DEFINE([BROKEN_SETREGID])
634 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
635 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
636 [Define if your resolver libs need this for getrrsetbyname])
637 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
638 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
639 [Use tunnel device compatibility to OpenBSD])
640 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
641 [Prepend the address family to IP tunnel traffic])
642 m4_pattern_allow([AU_IPv])
643 AC_CHECK_DECL([AU_IPv4], [],
644 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
645 [#include <bsm/audit.h>]
646 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
647 [Define if pututxline updates lastlog too])
649 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
650 [Define to a Set Process Title type if your system is
651 supported by bsd-setproctitle.c])
652 AC_CHECK_FUNCS([sandbox_init])
653 AC_CHECK_HEADERS([sandbox.h])
654 AC_CHECK_LIB([sandbox], [sandbox_apply], [
655 SSHDLIBS="$SSHDLIBS -lsandbox"
659 SSHDLIBS="$SSHDLIBS -lcrypt"
660 TEST_MALLOC_OPTIONS="AFGJPRX"
664 AC_CHECK_LIB([network], [socket])
665 AC_DEFINE([HAVE_U_INT64_T])
669 # first we define all of the options common to all HP-UX releases
670 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
671 IPADDR_IN_DISPLAY=yes
672 AC_DEFINE([USE_PIPES])
673 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
674 [Define if your login program cannot handle end of options ("--")])
675 AC_DEFINE([LOGIN_NEEDS_UTMPX])
676 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
677 [String used in /etc/passwd to denote locked account])
678 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
679 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
682 AC_CHECK_LIB([xnet], [t_error], ,
683 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
685 # next, we define all of the options specific to major releases
688 if test -z "$GCC"; then
693 AC_DEFINE([PAM_SUN_CODEBASE], [1],
694 [Define if you are using Solaris-derived PAM which
695 passes pam_messages to the conversation function
696 with an extra level of indirection])
697 AC_DEFINE([DISABLE_UTMP], [1],
698 [Define if you don't want to use utmp])
699 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
700 check_for_hpux_broken_getaddrinfo=1
701 check_for_conflicting_getspnam=1
705 # lastly, we define options specific to minor releases
708 AC_DEFINE([HAVE_SECUREWARE], [1],
709 [Define if you have SecureWare-based
710 protected password database])
711 disable_ptmx_check=yes
717 PATH="$PATH:/usr/etc"
718 AC_DEFINE([BROKEN_INET_NTOA], [1],
719 [Define if you system's inet_ntoa is busted
720 (e.g. Irix gcc issue)])
721 AC_DEFINE([SETEUID_BREAKS_SETUID])
722 AC_DEFINE([BROKEN_SETREUID])
723 AC_DEFINE([BROKEN_SETREGID])
724 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
725 [Define if you shouldn't strip 'tty' from your
727 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
730 PATH="$PATH:/usr/etc"
731 AC_DEFINE([WITH_IRIX_ARRAY], [1],
732 [Define if you have/want arrays
733 (cluster-wide session managment, not C arrays)])
734 AC_DEFINE([WITH_IRIX_PROJECT], [1],
735 [Define if you want IRIX project management])
736 AC_DEFINE([WITH_IRIX_AUDIT], [1],
737 [Define if you want IRIX audit trails])
738 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
739 [Define if you want IRIX kernel jobs])])
740 AC_DEFINE([BROKEN_INET_NTOA])
741 AC_DEFINE([SETEUID_BREAKS_SETUID])
742 AC_DEFINE([BROKEN_SETREUID])
743 AC_DEFINE([BROKEN_SETREGID])
744 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
745 AC_DEFINE([WITH_ABBREV_NO_TTY])
746 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
748 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
749 check_for_libcrypt_later=1
750 AC_DEFINE([PAM_TTY_KLUDGE])
751 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
752 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
753 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
754 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
759 check_for_libcrypt_later=1
760 check_for_openpty_ctty_bug=1
761 AC_DEFINE([PAM_TTY_KLUDGE], [1],
762 [Work around problematic Linux PAM modules handling of PAM_TTY])
763 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
764 [String used in /etc/passwd to denote locked account])
765 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
766 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
767 [Define to whatever link() returns for "not supported"
768 if it doesn't return EOPNOTSUPP.])
769 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
770 AC_DEFINE([USE_BTMP])
771 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
772 inet6_default_4in6=yes
775 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
776 [Define if cmsg_type is not passed correctly])
779 # tun(4) forwarding compat code
780 AC_CHECK_HEADERS([linux/if_tun.h])
781 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
782 AC_DEFINE([SSH_TUN_LINUX], [1],
783 [Open tunnel devices the Linux tun/tap way])
784 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
785 [Use tunnel device compatibility to OpenBSD])
786 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
787 [Prepend the address family to IP tunnel traffic])
789 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
790 [], [#include <linux/types.h>])
791 AC_CHECK_FUNCS([prctl])
792 AC_MSG_CHECKING([for seccomp architecture])
796 seccomp_audit_arch=AUDIT_ARCH_X86_64
799 seccomp_audit_arch=AUDIT_ARCH_I386
802 seccomp_audit_arch=AUDIT_ARCH_ARM
805 seccomp_audit_arch=AUDIT_ARCH_AARCH64
808 if test "x$seccomp_audit_arch" != "x" ; then
809 AC_MSG_RESULT(["$seccomp_audit_arch"])
810 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
811 [Specify the system call convention in use])
813 AC_MSG_RESULT([architecture not supported])
816 mips-sony-bsd|mips-sony-newsos4)
817 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
821 check_for_libcrypt_before=1
822 if test "x$withval" != "xno" ; then
825 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
826 AC_CHECK_HEADER([net/if_tap.h], ,
827 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
828 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
829 [Prepend the address family to IP tunnel traffic])
830 TEST_MALLOC_OPTIONS="AJRX"
831 AC_DEFINE([BROKEN_STRNVIS], [1],
832 [NetBSD strnvis argument order is swapped compared to OpenBSD])
833 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
834 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
837 check_for_libcrypt_later=1
838 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
839 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
840 AC_CHECK_HEADER([net/if_tap.h], ,
841 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
842 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
843 AC_DEFINE([BROKEN_STRNVIS], [1],
844 [FreeBSD strnvis argument order is swapped compared to OpenBSD])
845 TEST_MALLOC_OPTIONS="AJRX"
846 # Preauth crypto occasionally uses file descriptors for crypto offload
847 # and will crash if they cannot be opened.
848 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
849 [define if setrlimit RLIMIT_NOFILE breaks things])
852 AC_DEFINE([SETEUID_BREAKS_SETUID])
853 AC_DEFINE([BROKEN_SETREUID])
854 AC_DEFINE([BROKEN_SETREGID])
857 conf_lastlog_location="/usr/adm/lastlog"
858 conf_utmp_location=/etc/utmp
859 conf_wtmp_location=/usr/adm/wtmp
860 maildir=/usr/spool/mail
861 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
862 AC_DEFINE([BROKEN_REALPATH])
863 AC_DEFINE([USE_PIPES])
864 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
868 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
869 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
870 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
871 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
872 [syslog_r function is safe to use in in a signal handler])
873 TEST_MALLOC_OPTIONS="AFGJPRX"
876 if test "x$withval" != "xno" ; then
879 AC_DEFINE([PAM_SUN_CODEBASE])
880 AC_DEFINE([LOGIN_NEEDS_UTMPX])
881 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
882 [Some versions of /bin/login need the TERM supplied
884 AC_DEFINE([PAM_TTY_KLUDGE])
885 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
886 [Define if pam_chauthtok wants real uid set
887 to the unpriv'ed user])
888 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
889 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
890 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
891 [Define if sshd somehow reacquires a controlling TTY
893 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
894 in case the name is longer than 8 chars])
895 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
896 external_path_file=/etc/default/login
897 # hardwire lastlog location (can't detect it on some versions)
898 conf_lastlog_location="/var/adm/lastlog"
899 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
900 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
901 if test "$sol2ver" -ge 8; then
903 AC_DEFINE([DISABLE_UTMP])
904 AC_DEFINE([DISABLE_WTMP], [1],
905 [Define if you don't want to use wtmp])
909 AC_CHECK_FUNCS([setppriv])
910 AC_CHECK_FUNCS([priv_basicset])
911 AC_CHECK_HEADERS([priv.h])
912 AC_ARG_WITH([solaris-contracts],
913 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
915 AC_CHECK_LIB([contract], [ct_tmpl_activate],
916 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
917 [Define if you have Solaris process contracts])
918 LIBS="$LIBS -lcontract"
922 AC_ARG_WITH([solaris-projects],
923 [ --with-solaris-projects Enable Solaris projects (experimental)],
925 AC_CHECK_LIB([project], [setproject],
926 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
927 [Define if you have Solaris projects])
928 LIBS="$LIBS -lproject"
932 AC_ARG_WITH([solaris-privs],
933 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
935 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
936 if test "x$ac_cv_func_setppriv" = "xyes" -a \
937 "x$ac_cv_header_priv_h" = "xyes" ; then
939 AC_MSG_RESULT([found])
940 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
941 [Define to disable UID restoration test])
942 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
943 [Define if you have Solaris privileges])
946 AC_MSG_RESULT([not found])
947 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
951 TEST_SHELL=$SHELL # let configure find us a capable shell
954 CPPFLAGS="$CPPFLAGS -DSUNOS4"
955 AC_CHECK_FUNCS([getpwanam])
956 AC_DEFINE([PAM_SUN_CODEBASE])
957 conf_utmp_location=/etc/utmp
958 conf_wtmp_location=/var/adm/wtmp
959 conf_lastlog_location=/var/adm/lastlog
960 AC_DEFINE([USE_PIPES])
964 AC_DEFINE([USE_PIPES])
965 AC_DEFINE([SSHD_ACQUIRES_CTTY])
966 AC_DEFINE([SETEUID_BREAKS_SETUID])
967 AC_DEFINE([BROKEN_SETREUID])
968 AC_DEFINE([BROKEN_SETREGID])
971 # /usr/ucblib MUST NOT be searched on ReliantUNIX
972 AC_CHECK_LIB([dl], [dlsym], ,)
973 # -lresolv needs to be at the end of LIBS or DNS lookups break
974 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
975 IPADDR_IN_DISPLAY=yes
976 AC_DEFINE([USE_PIPES])
977 AC_DEFINE([IP_TOS_IS_BROKEN])
978 AC_DEFINE([SETEUID_BREAKS_SETUID])
979 AC_DEFINE([BROKEN_SETREUID])
980 AC_DEFINE([BROKEN_SETREGID])
981 AC_DEFINE([SSHD_ACQUIRES_CTTY])
982 external_path_file=/etc/default/login
983 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
984 # Attention: always take care to bind libsocket and libnsl before libc,
985 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
987 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
989 AC_DEFINE([USE_PIPES])
990 AC_DEFINE([SETEUID_BREAKS_SETUID])
991 AC_DEFINE([BROKEN_SETREUID])
992 AC_DEFINE([BROKEN_SETREGID])
993 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
994 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
995 TEST_SHELL=$SHELL # let configure find us a capable shell
997 # UnixWare 7.x, OpenUNIX 8
999 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1000 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1001 AC_DEFINE([USE_PIPES])
1002 AC_DEFINE([SETEUID_BREAKS_SETUID])
1003 AC_DEFINE([BROKEN_GETADDRINFO])
1004 AC_DEFINE([BROKEN_SETREUID])
1005 AC_DEFINE([BROKEN_SETREGID])
1006 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1007 TEST_SHELL=$SHELL # let configure find us a capable shell
1009 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1010 maildir=/var/spool/mail
1011 AC_DEFINE([BROKEN_LIBIAF], [1],
1012 [ia_uinfo routines not supported by OS yet])
1013 AC_DEFINE([BROKEN_UPDWTMPX])
1014 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1015 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1016 AC_DEFINE([HAVE_SECUREWARE])
1017 AC_DEFINE([DISABLE_SHADOW])
1020 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1021 check_for_libcrypt_later=1
1027 # SCO UNIX and OEM versions of SCO UNIX
1029 AC_MSG_ERROR("This Platform is no longer supported.")
1031 # SCO OpenServer 5.x
1033 if test -z "$GCC"; then
1034 CFLAGS="$CFLAGS -belf"
1036 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1038 AC_DEFINE([USE_PIPES])
1039 AC_DEFINE([HAVE_SECUREWARE])
1040 AC_DEFINE([DISABLE_SHADOW])
1041 AC_DEFINE([DISABLE_FD_PASSING])
1042 AC_DEFINE([SETEUID_BREAKS_SETUID])
1043 AC_DEFINE([BROKEN_GETADDRINFO])
1044 AC_DEFINE([BROKEN_SETREUID])
1045 AC_DEFINE([BROKEN_SETREGID])
1046 AC_DEFINE([WITH_ABBREV_NO_TTY])
1047 AC_DEFINE([BROKEN_UPDWTMPX])
1048 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1049 AC_CHECK_FUNCS([getluid setluid])
1051 TEST_SHELL=$SHELL # let configure find us a capable shell
1052 SKIP_DISABLE_LASTLOG_DEFINE=yes
1055 AC_DEFINE([NO_SSH_LASTLOG], [1],
1056 [Define if you don't want to use lastlog in session.c])
1057 AC_DEFINE([SETEUID_BREAKS_SETUID])
1058 AC_DEFINE([BROKEN_SETREUID])
1059 AC_DEFINE([BROKEN_SETREGID])
1060 AC_DEFINE([USE_PIPES])
1061 AC_DEFINE([DISABLE_FD_PASSING])
1063 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1067 AC_DEFINE([SETEUID_BREAKS_SETUID])
1068 AC_DEFINE([BROKEN_SETREUID])
1069 AC_DEFINE([BROKEN_SETREGID])
1070 AC_DEFINE([WITH_ABBREV_NO_TTY])
1071 AC_DEFINE([USE_PIPES])
1072 AC_DEFINE([DISABLE_FD_PASSING])
1074 LIBS="$LIBS -lgen -lacid -ldb"
1078 AC_DEFINE([SETEUID_BREAKS_SETUID])
1079 AC_DEFINE([BROKEN_SETREUID])
1080 AC_DEFINE([BROKEN_SETREGID])
1081 AC_DEFINE([USE_PIPES])
1082 AC_DEFINE([DISABLE_FD_PASSING])
1083 AC_DEFINE([NO_SSH_LASTLOG])
1084 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1085 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1089 AC_MSG_CHECKING([for Digital Unix SIA])
1091 AC_ARG_WITH([osfsia],
1092 [ --with-osfsia Enable Digital Unix SIA],
1094 if test "x$withval" = "xno" ; then
1095 AC_MSG_RESULT([disabled])
1100 if test -z "$no_osfsia" ; then
1101 if test -f /etc/sia/matrix.conf; then
1102 AC_MSG_RESULT([yes])
1103 AC_DEFINE([HAVE_OSF_SIA], [1],
1104 [Define if you have Digital Unix Security
1105 Integration Architecture])
1106 AC_DEFINE([DISABLE_LOGIN], [1],
1107 [Define if you don't want to use your
1108 system's login() call])
1109 AC_DEFINE([DISABLE_FD_PASSING])
1110 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1114 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1115 [String used in /etc/passwd to denote locked account])
1118 AC_DEFINE([BROKEN_GETADDRINFO])
1119 AC_DEFINE([SETEUID_BREAKS_SETUID])
1120 AC_DEFINE([BROKEN_SETREUID])
1121 AC_DEFINE([BROKEN_SETREGID])
1122 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1126 AC_DEFINE([USE_PIPES])
1127 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1128 AC_DEFINE([DISABLE_LASTLOG])
1129 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1130 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1131 enable_etc_default_login=no # has incompatible /etc/default/login
1134 AC_DEFINE([DISABLE_FD_PASSING])
1140 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1141 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1142 AC_DEFINE([NEED_SETPGRP])
1143 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1147 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1148 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1152 AC_MSG_CHECKING([compiler and flags for sanity])
1153 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1154 [ AC_MSG_RESULT([yes]) ],
1157 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1159 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1162 dnl Checks for header files.
1163 # Checks for libraries.
1164 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1166 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1167 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1168 AC_CHECK_LIB([gen], [dirname], [
1169 AC_CACHE_CHECK([for broken dirname],
1170 ac_cv_have_broken_dirname, [
1178 int main(int argc, char **argv) {
1181 strncpy(buf,"/etc", 32);
1183 if (!s || strncmp(s, "/", 32) != 0) {
1190 [ ac_cv_have_broken_dirname="no" ],
1191 [ ac_cv_have_broken_dirname="yes" ],
1192 [ ac_cv_have_broken_dirname="no" ],
1196 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1198 AC_DEFINE([HAVE_DIRNAME])
1199 AC_CHECK_HEADERS([libgen.h])
1204 AC_CHECK_FUNC([getspnam], ,
1205 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1206 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1207 [Define if you have the basename function.])])
1209 dnl zlib is required
1211 [ --with-zlib=PATH Use zlib in PATH],
1212 [ if test "x$withval" = "xno" ; then
1213 AC_MSG_ERROR([*** zlib is required ***])
1214 elif test "x$withval" != "xyes"; then
1215 if test -d "$withval/lib"; then
1216 if test -n "${need_dash_r}"; then
1217 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1219 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1222 if test -n "${need_dash_r}"; then
1223 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1225 LDFLAGS="-L${withval} ${LDFLAGS}"
1228 if test -d "$withval/include"; then
1229 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1231 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1236 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1237 AC_CHECK_LIB([z], [deflate], ,
1239 saved_CPPFLAGS="$CPPFLAGS"
1240 saved_LDFLAGS="$LDFLAGS"
1242 dnl Check default zlib install dir
1243 if test -n "${need_dash_r}"; then
1244 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1246 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1248 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1250 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1252 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1258 AC_ARG_WITH([zlib-version-check],
1259 [ --without-zlib-version-check Disable zlib version check],
1260 [ if test "x$withval" = "xno" ; then
1261 zlib_check_nonfatal=1
1266 AC_MSG_CHECKING([for possibly buggy zlib])
1267 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1273 int a=0, b=0, c=0, d=0, n, v;
1274 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1275 if (n != 3 && n != 4)
1277 v = a*1000000 + b*10000 + c*100 + d;
1278 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1281 if (a == 1 && b == 1 && c >= 4)
1284 /* 1.2.3 and up are OK */
1290 AC_MSG_RESULT([no]),
1291 [ AC_MSG_RESULT([yes])
1292 if test -z "$zlib_check_nonfatal" ; then
1293 AC_MSG_ERROR([*** zlib too old - check config.log ***
1294 Your reported zlib version has known security problems. It's possible your
1295 vendor has fixed these problems without changing the version number. If you
1296 are sure this is the case, you can disable the check by running
1297 "./configure --without-zlib-version-check".
1298 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1299 See http://www.gzip.org/zlib/ for details.])
1301 AC_MSG_WARN([zlib version may have security problems])
1304 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1308 AC_CHECK_FUNC([strcasecmp],
1309 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1311 AC_CHECK_FUNCS([utimes],
1312 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1313 LIBS="$LIBS -lc89"]) ]
1316 dnl Checks for libutil functions
1317 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1318 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1319 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1320 AC_SEARCH_LIBS([login], [util bsd])
1321 AC_SEARCH_LIBS([logout], [util bsd])
1322 AC_SEARCH_LIBS([logwtmp], [util bsd])
1323 AC_SEARCH_LIBS([openpty], [util bsd])
1324 AC_SEARCH_LIBS([updwtmp], [util bsd])
1325 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1327 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1329 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1330 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1334 # Check for ALTDIRFUNC glob() extension
1335 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1336 AC_EGREP_CPP([FOUNDIT],
1339 #ifdef GLOB_ALTDIRFUNC
1344 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1345 [Define if your system glob() function has
1346 the GLOB_ALTDIRFUNC extension])
1347 AC_MSG_RESULT([yes])
1354 # Check for g.gl_matchc glob() extension
1355 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1356 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1357 [[ glob_t g; g.gl_matchc = 1; ]])],
1359 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1360 [Define if your system glob() function has
1361 gl_matchc options in glob_t])
1362 AC_MSG_RESULT([yes])
1367 # Check for g.gl_statv glob() extension
1368 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1369 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1370 #ifndef GLOB_KEEPSTAT
1371 #error "glob does not support GLOB_KEEPSTAT extension"
1377 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1378 [Define if your system glob() function has
1379 gl_statv options in glob_t])
1380 AC_MSG_RESULT([yes])
1386 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1388 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1391 #include <sys/types.h>
1392 #include <dirent.h>]],
1395 exit(sizeof(d.d_name)<=sizeof(char));
1397 [AC_MSG_RESULT([yes])],
1400 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1401 [Define if your struct dirent expects you to
1402 allocate extra space for d_name])
1405 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1406 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1410 AC_MSG_CHECKING([for /proc/pid/fd directory])
1411 if test -d "/proc/$$/fd" ; then
1412 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1413 AC_MSG_RESULT([yes])
1418 # Check whether user wants S/Key support
1421 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1423 if test "x$withval" != "xno" ; then
1425 if test "x$withval" != "xyes" ; then
1426 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1427 LDFLAGS="$LDFLAGS -L${withval}/lib"
1430 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1434 AC_MSG_CHECKING([for s/key support])
1440 char *ff = skey_keyinfo(""); ff="";
1443 [AC_MSG_RESULT([yes])],
1446 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1448 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1449 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1453 (void)skeychallenge(NULL,"name","",0);
1456 AC_MSG_RESULT([yes])
1457 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1458 [Define if your skeychallenge()
1459 function takes 4 arguments (NetBSD)])],
1467 # Check whether user wants TCP wrappers support
1469 AC_ARG_WITH([tcp-wrappers],
1470 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1472 if test "x$withval" != "xno" ; then
1474 saved_LDFLAGS="$LDFLAGS"
1475 saved_CPPFLAGS="$CPPFLAGS"
1476 if test -n "${withval}" && \
1477 test "x${withval}" != "xyes"; then
1478 if test -d "${withval}/lib"; then
1479 if test -n "${need_dash_r}"; then
1480 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1482 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1485 if test -n "${need_dash_r}"; then
1486 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1488 LDFLAGS="-L${withval} ${LDFLAGS}"
1491 if test -d "${withval}/include"; then
1492 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1494 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1498 AC_MSG_CHECKING([for libwrap])
1499 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1500 #include <sys/types.h>
1501 #include <sys/socket.h>
1502 #include <netinet/in.h>
1504 int deny_severity = 0, allow_severity = 0;
1508 AC_MSG_RESULT([yes])
1509 AC_DEFINE([LIBWRAP], [1],
1511 TCP Wrappers support])
1512 SSHDLIBS="$SSHDLIBS -lwrap"
1515 AC_MSG_ERROR([*** libwrap missing])
1523 # Check whether user wants to use ldns
1526 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1528 if test "x$withval" != "xno" ; then
1530 if test "x$withval" != "xyes" ; then
1531 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1532 LDFLAGS="$LDFLAGS -L${withval}/lib"
1535 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1539 AC_MSG_CHECKING([for ldns support])
1545 #include <ldns/ldns.h>
1546 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1549 [AC_MSG_RESULT(yes)],
1552 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1558 # Check whether user wants libedit support
1560 AC_ARG_WITH([libedit],
1561 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1562 [ if test "x$withval" != "xno" ; then
1563 if test "x$withval" = "xyes" ; then
1564 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1565 if test "x$PKGCONFIG" != "xno"; then
1566 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1567 if "$PKGCONFIG" libedit; then
1568 AC_MSG_RESULT([yes])
1569 use_pkgconfig_for_libedit=yes
1575 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1576 if test -n "${need_dash_r}"; then
1577 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1579 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1582 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1583 LIBEDIT=`$PKGCONFIG --libs libedit`
1584 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1586 LIBEDIT="-ledit -lcurses"
1588 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1589 AC_CHECK_LIB([edit], [el_init],
1590 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1594 [ AC_MSG_ERROR([libedit not found]) ],
1597 AC_MSG_CHECKING([if libedit version is compatible])
1599 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1602 el_init("", NULL, NULL, NULL);
1605 [ AC_MSG_RESULT([yes]) ],
1606 [ AC_MSG_RESULT([no])
1607 AC_MSG_ERROR([libedit version is not compatible]) ]
1613 AC_ARG_WITH([audit],
1614 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1616 AC_MSG_CHECKING([for supported audit module])
1619 AC_MSG_RESULT([bsm])
1621 dnl Checks for headers, libs and functions
1622 AC_CHECK_HEADERS([bsm/audit.h], [],
1623 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1630 AC_CHECK_LIB([bsm], [getaudit], [],
1631 [AC_MSG_ERROR([BSM enabled and required library not found])])
1632 AC_CHECK_FUNCS([getaudit], [],
1633 [AC_MSG_ERROR([BSM enabled and required function not found])])
1634 # These are optional
1635 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1636 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1637 if test "$sol2ver" -ge 11; then
1638 SSHDLIBS="$SSHDLIBS -lscf"
1639 AC_DEFINE([BROKEN_BSM_API], [1],
1640 [The system has incomplete BSM API])
1644 AC_MSG_RESULT([linux])
1646 dnl Checks for headers, libs and functions
1647 AC_CHECK_HEADERS([libaudit.h])
1648 SSHDLIBS="$SSHDLIBS -laudit"
1649 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1653 AC_MSG_RESULT([debug])
1654 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1660 AC_MSG_ERROR([Unknown audit module $withval])
1666 [ --with-pie Build Position Independent Executables if possible], [
1667 if test "x$withval" = "xno"; then
1670 if test "x$withval" = "xyes"; then
1675 if test "x$use_pie" = "x"; then
1678 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1679 # Turn off automatic PIE when toolchain hardening is off.
1682 if test "x$use_pie" = "xauto"; then
1683 # Automatic PIE requires gcc >= 4.x
1684 AC_MSG_CHECKING([for gcc >= 4.x])
1685 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1686 #if !defined(__GNUC__) || __GNUC__ < 4
1687 #error gcc is too old
1690 [ AC_MSG_RESULT([yes]) ],
1691 [ AC_MSG_RESULT([no])
1695 if test "x$use_pie" != "xno"; then
1696 SAVED_CFLAGS="$CFLAGS"
1697 SAVED_LDFLAGS="$LDFLAGS"
1698 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1699 OSSH_CHECK_LDFLAG_LINK([-pie])
1700 # We use both -fPIE and -pie or neither.
1701 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1702 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1703 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1704 AC_MSG_RESULT([yes])
1707 CFLAGS="$SAVED_CFLAGS"
1708 LDFLAGS="$SAVED_LDFLAGS"
1712 dnl Checks for library functions. Please keep in alphabetical order
1714 Blowfish_initstate \
1715 Blowfish_expandstate \
1716 Blowfish_expand0state \
1717 Blowfish_stream2word \
1827 [[ #include <ctype.h> ]],
1828 [[ return (isblank('a')); ]])],
1829 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1832 # PKCS11 depends on OpenSSL.
1833 if test "x$openssl" = "xyes" ; then
1834 # PKCS#11 support requires dlopen() and co
1835 AC_SEARCH_LIBS([dlopen], [dl],
1836 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1840 # IRIX has a const char return value for gai_strerror()
1841 AC_CHECK_FUNCS([gai_strerror], [
1842 AC_DEFINE([HAVE_GAI_STRERROR])
1843 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1844 #include <sys/types.h>
1845 #include <sys/socket.h>
1848 const char *gai_strerror(int);
1851 str = gai_strerror(0);
1853 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1854 [Define if gai_strerror() returns const char *])], [])])
1856 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1857 [Some systems put nanosleep outside of libc])])
1859 AC_SEARCH_LIBS([clock_gettime], [rt],
1860 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1862 dnl Make sure prototypes are defined for these before using them.
1863 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1864 AC_CHECK_DECL([strsep],
1865 [AC_CHECK_FUNCS([strsep])],
1868 #ifdef HAVE_STRING_H
1869 # include <string.h>
1873 dnl tcsendbreak might be a macro
1874 AC_CHECK_DECL([tcsendbreak],
1875 [AC_DEFINE([HAVE_TCSENDBREAK])],
1876 [AC_CHECK_FUNCS([tcsendbreak])],
1877 [#include <termios.h>]
1880 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1882 AC_CHECK_DECLS([SHUT_RD], , ,
1884 #include <sys/types.h>
1885 #include <sys/socket.h>
1888 AC_CHECK_DECLS([O_NONBLOCK], , ,
1890 #include <sys/types.h>
1891 #ifdef HAVE_SYS_STAT_H
1892 # include <sys/stat.h>
1899 AC_CHECK_DECLS([writev], , , [
1900 #include <sys/types.h>
1901 #include <sys/uio.h>
1905 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1906 #include <sys/param.h>
1909 AC_CHECK_DECLS([offsetof], , , [
1913 # extra bits for select(2)
1914 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1915 #include <sys/param.h>
1916 #include <sys/types.h>
1917 #ifdef HAVE_SYS_SYSMACROS_H
1918 #include <sys/sysmacros.h>
1920 #ifdef HAVE_SYS_SELECT_H
1921 #include <sys/select.h>
1923 #ifdef HAVE_SYS_TIME_H
1924 #include <sys/time.h>
1926 #ifdef HAVE_UNISTD_H
1930 AC_CHECK_TYPES([fd_mask], [], [], [[
1931 #include <sys/param.h>
1932 #include <sys/types.h>
1933 #ifdef HAVE_SYS_SELECT_H
1934 #include <sys/select.h>
1936 #ifdef HAVE_SYS_TIME_H
1937 #include <sys/time.h>
1939 #ifdef HAVE_UNISTD_H
1944 AC_CHECK_FUNCS([setresuid], [
1945 dnl Some platorms have setresuid that isn't implemented, test for this
1946 AC_MSG_CHECKING([if setresuid seems to work])
1959 [AC_MSG_RESULT([yes])],
1960 [AC_DEFINE([BROKEN_SETRESUID], [1],
1961 [Define if your setresuid() is broken])
1962 AC_MSG_RESULT([not implemented])],
1963 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1967 AC_CHECK_FUNCS([setresgid], [
1968 dnl Some platorms have setresgid that isn't implemented, test for this
1969 AC_MSG_CHECKING([if setresgid seems to work])
1982 [AC_MSG_RESULT([yes])],
1983 [AC_DEFINE([BROKEN_SETRESGID], [1],
1984 [Define if your setresgid() is broken])
1985 AC_MSG_RESULT([not implemented])],
1986 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1990 AC_CHECK_FUNCS([realpath], [
1991 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
1992 dnl path name", however some implementations of realpath (and some
1993 dnl versions of the POSIX spec) do not work on non-existent files,
1994 dnl so we use the OpenBSD implementation on those platforms.
1995 AC_MSG_CHECKING([if realpath works with non-existent files])
2003 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
2004 if (errno == ENOENT)
2008 [AC_MSG_RESULT([yes])],
2009 [AC_DEFINE([BROKEN_REALPATH], [1],
2010 [realpath does not work with nonexistent files])
2011 AC_MSG_RESULT([no])],
2012 [AC_MSG_WARN([cross compiling: assuming working])]
2016 dnl Checks for time functions
2017 AC_CHECK_FUNCS([gettimeofday time])
2018 dnl Checks for utmp functions
2019 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2020 AC_CHECK_FUNCS([utmpname])
2021 dnl Checks for utmpx functions
2022 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2023 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2024 dnl Checks for lastlog functions
2025 AC_CHECK_FUNCS([getlastlogxbyname])
2027 AC_CHECK_FUNC([daemon],
2028 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2029 [AC_CHECK_LIB([bsd], [daemon],
2030 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2033 AC_CHECK_FUNC([getpagesize],
2034 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2035 [Define if your libraries define getpagesize()])],
2036 [AC_CHECK_LIB([ucb], [getpagesize],
2037 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2040 # Check for broken snprintf
2041 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2042 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2044 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2047 snprintf(b,5,"123456789");
2050 [AC_MSG_RESULT([yes])],
2053 AC_DEFINE([BROKEN_SNPRINTF], [1],
2054 [Define if your snprintf is busted])
2055 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2057 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2061 # We depend on vsnprintf returning the right thing on overflow: the
2062 # number of characters it tried to create (as per SUSv3)
2063 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2064 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2067 #include <sys/types.h>
2071 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2077 ret = vsnprintf(str, count, fmt, ap);
2083 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2085 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2089 [AC_MSG_RESULT([yes])],
2092 AC_DEFINE([BROKEN_SNPRINTF], [1],
2093 [Define if your snprintf is busted])
2094 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2096 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2100 # On systems where [v]snprintf is broken, but is declared in stdio,
2101 # check that the fmt argument is const char * or just char *.
2102 # This is only useful for when BROKEN_SNPRINTF
2103 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2104 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2106 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2110 [AC_MSG_RESULT([yes])
2111 AC_DEFINE([SNPRINTF_CONST], [const],
2112 [Define as const if snprintf() can declare const char *fmt])],
2113 [AC_MSG_RESULT([no])
2114 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2116 # Check for missing getpeereid (or equiv) support
2118 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2119 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2120 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2121 #include <sys/types.h>
2122 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2123 [ AC_MSG_RESULT([yes])
2124 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2125 ], [AC_MSG_RESULT([no])
2130 dnl see whether mkstemp() requires XXXXXX
2131 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2132 AC_MSG_CHECKING([for (overly) strict mkstemp])
2137 char template[]="conftest.mkstemp-test";
2138 if (mkstemp(template) == -1)
2147 AC_MSG_RESULT([yes])
2148 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2151 AC_MSG_RESULT([yes])
2152 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2157 dnl make sure that openpty does not reacquire controlling terminal
2158 if test ! -z "$check_for_openpty_ctty_bug"; then
2159 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2163 #include <sys/fcntl.h>
2164 #include <sys/types.h>
2165 #include <sys/wait.h>
2168 int fd, ptyfd, ttyfd, status;
2171 if (pid < 0) { /* failed */
2173 } else if (pid > 0) { /* parent */
2174 waitpid(pid, &status, 0);
2175 if (WIFEXITED(status))
2176 exit(WEXITSTATUS(status));
2179 } else { /* child */
2180 close(0); close(1); close(2);
2182 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2183 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2185 exit(3); /* Acquired ctty: broken */
2187 exit(0); /* Did not acquire ctty: OK */
2191 AC_MSG_RESULT([yes])
2195 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2198 AC_MSG_RESULT([cross-compiling, assuming yes])
2203 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2204 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2205 AC_MSG_CHECKING([if getaddrinfo seems to work])
2209 #include <sys/socket.h>
2212 #include <netinet/in.h>
2214 #define TEST_PORT "2222"
2217 struct addrinfo *gai_ai, *ai, hints;
2218 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2220 memset(&hints, 0, sizeof(hints));
2221 hints.ai_family = PF_UNSPEC;
2222 hints.ai_socktype = SOCK_STREAM;
2223 hints.ai_flags = AI_PASSIVE;
2225 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2227 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2231 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2232 if (ai->ai_family != AF_INET6)
2235 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2236 sizeof(ntop), strport, sizeof(strport),
2237 NI_NUMERICHOST|NI_NUMERICSERV);
2240 if (err == EAI_SYSTEM)
2241 perror("getnameinfo EAI_SYSTEM");
2243 fprintf(stderr, "getnameinfo failed: %s\n",
2248 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2251 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2259 AC_MSG_RESULT([yes])
2263 AC_DEFINE([BROKEN_GETADDRINFO])
2266 AC_MSG_RESULT([cross-compiling, assuming yes])
2271 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2272 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2273 AC_MSG_CHECKING([if getaddrinfo seems to work])
2277 #include <sys/socket.h>
2280 #include <netinet/in.h>
2282 #define TEST_PORT "2222"
2285 struct addrinfo *gai_ai, *ai, hints;
2286 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2288 memset(&hints, 0, sizeof(hints));
2289 hints.ai_family = PF_UNSPEC;
2290 hints.ai_socktype = SOCK_STREAM;
2291 hints.ai_flags = AI_PASSIVE;
2293 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2295 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2299 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2300 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2303 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2304 sizeof(ntop), strport, sizeof(strport),
2305 NI_NUMERICHOST|NI_NUMERICSERV);
2307 if (ai->ai_family == AF_INET && err != 0) {
2308 perror("getnameinfo");
2315 AC_MSG_RESULT([yes])
2316 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2317 [Define if you have a getaddrinfo that fails
2318 for the all-zeros IPv6 address])
2322 AC_DEFINE([BROKEN_GETADDRINFO])
2325 AC_MSG_RESULT([cross-compiling, assuming no])
2330 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2331 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2332 [#include <sys/types.h>
2333 #include <sys/socket.h>
2334 #include <netdb.h>])
2337 if test "x$check_for_conflicting_getspnam" = "x1"; then
2338 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2339 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2345 AC_MSG_RESULT([yes])
2346 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2347 [Conflicting defs for getspnam])
2354 # Search for OpenSSL
2355 saved_CPPFLAGS="$CPPFLAGS"
2356 saved_LDFLAGS="$LDFLAGS"
2357 AC_ARG_WITH([ssl-dir],
2358 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2360 if test "x$openssl" = "xno" ; then
2361 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2363 if test "x$withval" != "xno" ; then
2366 ./*|../*) withval="`pwd`/$withval"
2368 if test -d "$withval/lib"; then
2369 if test -n "${need_dash_r}"; then
2370 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2372 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2374 elif test -d "$withval/lib64"; then
2375 if test -n "${need_dash_r}"; then
2376 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2378 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2381 if test -n "${need_dash_r}"; then
2382 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2384 LDFLAGS="-L${withval} ${LDFLAGS}"
2387 if test -d "$withval/include"; then
2388 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2390 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2396 AC_ARG_WITH([openssl-header-check],
2397 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2399 if test "x$withval" = "xno" ; then
2400 openssl_check_nonfatal=1
2406 AC_ARG_WITH([ssl-engine],
2407 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2409 if test "x$withval" != "xno" ; then
2410 if test "x$openssl" = "xno" ; then
2411 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2418 if test "x$openssl" = "xyes" ; then
2419 LIBS="-lcrypto $LIBS"
2420 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2421 [Define if your ssl headers are included
2422 with #include <openssl/header.h>])],
2424 dnl Check default openssl install dir
2425 if test -n "${need_dash_r}"; then
2426 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2428 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2430 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2431 AC_CHECK_HEADER([openssl/opensslv.h], ,
2432 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2433 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2435 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2441 # Determine OpenSSL header version
2442 AC_MSG_CHECKING([OpenSSL header version])
2448 #include <openssl/opensslv.h>
2449 #define DATA "conftest.sslincver"
2454 fd = fopen(DATA,"w");
2458 if ((rc = fprintf(fd ,"%08lx (%s)\n",
2459 (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2465 ssl_header_ver=`cat conftest.sslincver`
2466 AC_MSG_RESULT([$ssl_header_ver])
2469 AC_MSG_RESULT([not found])
2470 AC_MSG_ERROR([OpenSSL version header not found.])
2473 AC_MSG_WARN([cross compiling: not checking])
2477 # Determine OpenSSL library version
2478 AC_MSG_CHECKING([OpenSSL library version])
2483 #include <openssl/opensslv.h>
2484 #include <openssl/crypto.h>
2485 #define DATA "conftest.ssllibver"
2490 fd = fopen(DATA,"w");
2494 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(),
2495 SSLeay_version(SSLEAY_VERSION))) <0)
2501 ssl_library_ver=`cat conftest.ssllibver`
2502 # Check version is supported.
2503 case "$ssl_library_ver" in
2504 0090[[0-7]]*|009080[[0-5]]*)
2505 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")])
2509 AC_MSG_RESULT([$ssl_library_ver])
2512 AC_MSG_RESULT([not found])
2513 AC_MSG_ERROR([OpenSSL library not found.])
2516 AC_MSG_WARN([cross compiling: not checking])
2520 # Sanity check OpenSSL headers
2521 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2525 #include <openssl/opensslv.h>
2526 #include <openssl/crypto.h>
2528 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2531 AC_MSG_RESULT([yes])
2535 if test "x$openssl_check_nonfatal" = "x"; then
2536 AC_MSG_ERROR([Your OpenSSL headers do not match your
2537 library. Check config.log for details.
2538 If you are sure your installation is consistent, you can disable the check
2539 by running "./configure --without-openssl-header-check".
2540 Also see contrib/findssl.sh for help identifying header/library mismatches.
2543 AC_MSG_WARN([Your OpenSSL headers do not match your
2544 library. Check config.log for details.
2545 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2549 AC_MSG_WARN([cross compiling: not checking])
2553 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2555 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2556 [[ SSLeay_add_all_algorithms(); ]])],
2558 AC_MSG_RESULT([yes])
2564 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2566 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2567 [[ SSLeay_add_all_algorithms(); ]])],
2569 AC_MSG_RESULT([yes])
2581 DSA_generate_parameters_ex \
2583 EVP_DigestFinal_ex \
2585 EVP_MD_CTX_cleanup \
2586 EVP_MD_CTX_copy_ex \
2588 RSA_generate_key_ex \
2589 RSA_get_default_method \
2592 if test "x$openssl_engine" = "xyes" ; then
2593 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2594 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2595 #include <openssl/engine.h>
2597 ENGINE_load_builtin_engines();
2598 ENGINE_register_all_complete();
2600 [ AC_MSG_RESULT([yes])
2601 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2602 [Enable OpenSSL engine support])
2603 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2607 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2608 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2612 #include <openssl/evp.h>
2614 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2620 AC_MSG_RESULT([yes])
2621 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2622 [libcrypto is missing AES 192 and 256 bit functions])
2626 # Check for OpenSSL with EVP_aes_*ctr
2627 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2631 #include <openssl/evp.h>
2633 exit(EVP_aes_128_ctr() == NULL ||
2634 EVP_aes_192_cbc() == NULL ||
2635 EVP_aes_256_cbc() == NULL);
2638 AC_MSG_RESULT([yes])
2639 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2640 [libcrypto has EVP AES CTR])
2647 # Check for OpenSSL with EVP_aes_*gcm
2648 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2652 #include <openssl/evp.h>
2654 exit(EVP_aes_128_gcm() == NULL ||
2655 EVP_aes_256_gcm() == NULL ||
2656 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2657 EVP_CTRL_GCM_IV_GEN == 0 ||
2658 EVP_CTRL_GCM_SET_TAG == 0 ||
2659 EVP_CTRL_GCM_GET_TAG == 0 ||
2660 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2663 AC_MSG_RESULT([yes])
2664 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2665 [libcrypto has EVP AES GCM])
2669 unsupported_algorithms="$unsupported_cipers \
2670 aes128-gcm@openssh.com aes256-gcm@openssh.com"
2674 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2675 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2676 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2678 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2682 #include <openssl/evp.h>
2684 if(EVP_DigestUpdate(NULL, NULL,0))
2688 AC_MSG_RESULT([yes])
2692 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2693 [Define if EVP_DigestUpdate returns void])
2697 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2698 # because the system crypt() is more featureful.
2699 if test "x$check_for_libcrypt_before" = "x1"; then
2700 AC_CHECK_LIB([crypt], [crypt])
2703 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2704 # version in OpenSSL.
2705 if test "x$check_for_libcrypt_later" = "x1"; then
2706 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2708 AC_CHECK_FUNCS([crypt DES_crypt])
2710 # Search for SHA256 support in libc and/or OpenSSL
2711 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2712 [unsupported_algorithms="$unsupported_algorithms \
2713 hmac-sha2-256 hmac-sha2-512 \
2714 diffie-hellman-group-exchange-sha256 \
2715 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
2718 # Search for RIPE-MD support in OpenSSL
2719 AC_CHECK_FUNCS([EVP_ripemd160], ,
2720 [unsupported_algorithms="$unsupported_algorithms \
2722 hmac-ripemd160@openssh.com
2723 hmac-ripemd160-etm@openssh.com"
2727 # Check complete ECC support in OpenSSL
2728 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2731 #include <openssl/ec.h>
2732 #include <openssl/ecdh.h>
2733 #include <openssl/ecdsa.h>
2734 #include <openssl/evp.h>
2735 #include <openssl/objects.h>
2736 #include <openssl/opensslv.h>
2737 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2738 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2741 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2742 const EVP_MD *m = EVP_sha256(); /* We need this too */
2744 [ AC_MSG_RESULT([yes])
2745 enable_nistp256=1 ],
2746 [ AC_MSG_RESULT([no]) ]
2749 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2752 #include <openssl/ec.h>
2753 #include <openssl/ecdh.h>
2754 #include <openssl/ecdsa.h>
2755 #include <openssl/evp.h>
2756 #include <openssl/objects.h>
2757 #include <openssl/opensslv.h>
2758 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2759 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2762 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2763 const EVP_MD *m = EVP_sha384(); /* We need this too */
2765 [ AC_MSG_RESULT([yes])
2766 enable_nistp384=1 ],
2767 [ AC_MSG_RESULT([no]) ]
2770 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2773 #include <openssl/ec.h>
2774 #include <openssl/ecdh.h>
2775 #include <openssl/ecdsa.h>
2776 #include <openssl/evp.h>
2777 #include <openssl/objects.h>
2778 #include <openssl/opensslv.h>
2779 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2780 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2783 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2784 const EVP_MD *m = EVP_sha512(); /* We need this too */
2786 [ AC_MSG_RESULT([yes])
2787 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2790 #include <openssl/ec.h>
2791 #include <openssl/ecdh.h>
2792 #include <openssl/ecdsa.h>
2793 #include <openssl/evp.h>
2794 #include <openssl/objects.h>
2795 #include <openssl/opensslv.h>
2797 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2798 const EVP_MD *m = EVP_sha512(); /* We need this too */
2799 exit(e == NULL || m == NULL);
2801 [ AC_MSG_RESULT([yes])
2802 enable_nistp521=1 ],
2803 [ AC_MSG_RESULT([no]) ],
2804 [ AC_MSG_WARN([cross-compiling: assuming yes])
2810 COMMENT_OUT_ECC="#no ecc#"
2813 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2814 test x$enable_nistp521 = x1; then
2815 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2817 if test x$enable_nistp256 = x1; then
2818 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2819 [libcrypto has NID_X9_62_prime256v1])
2823 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \
2824 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2826 if test x$enable_nistp384 = x1; then
2827 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2831 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \
2832 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2834 if test x$enable_nistp521 = x1; then
2835 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2839 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \
2840 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2843 AC_SUBST([TEST_SSH_ECC])
2844 AC_SUBST([COMMENT_OUT_ECC])
2846 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2847 AC_CHECK_FUNCS([crypt])
2854 arc4random_uniform \
2858 AC_CHECK_LIB([iaf], [ia_openinfo], [
2860 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2861 AC_DEFINE([HAVE_LIBIAF], [1],
2862 [Define if system has libiaf that supports set_id])
2867 ### Configure cryptographic random number support
2869 # Check wheter OpenSSL seeds itself
2870 if test "x$openssl" = "xyes" ; then
2871 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2875 #include <openssl/rand.h>
2877 exit(RAND_status() == 1 ? 0 : 1);
2880 OPENSSL_SEEDS_ITSELF=yes
2881 AC_MSG_RESULT([yes])
2887 AC_MSG_WARN([cross compiling: assuming yes])
2888 # This is safe, since we will fatal() at runtime if
2889 # OpenSSL is not seeded correctly.
2890 OPENSSL_SEEDS_ITSELF=yes
2896 AC_ARG_WITH([prngd-port],
2897 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2906 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2909 if test ! -z "$withval" ; then
2910 PRNGD_PORT="$withval"
2911 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2912 [Port number of PRNGD/EGD random number socket])
2917 # PRNGD Unix domain socket
2918 AC_ARG_WITH([prngd-socket],
2919 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2923 withval="/var/run/egd-pool"
2931 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2935 if test ! -z "$withval" ; then
2936 if test ! -z "$PRNGD_PORT" ; then
2937 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2939 if test ! -r "$withval" ; then
2940 AC_MSG_WARN([Entropy socket is not readable])
2942 PRNGD_SOCKET="$withval"
2943 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2944 [Location of PRNGD/EGD random number socket])
2948 # Check for existing socket only if we don't have a random device already
2949 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2950 AC_MSG_CHECKING([for PRNGD/EGD socket])
2951 # Insert other locations here
2952 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2953 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2954 PRNGD_SOCKET="$sock"
2955 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2959 if test ! -z "$PRNGD_SOCKET" ; then
2960 AC_MSG_RESULT([$PRNGD_SOCKET])
2962 AC_MSG_RESULT([not found])
2968 # Which randomness source do we use?
2969 if test ! -z "$PRNGD_PORT" ; then
2970 RAND_MSG="PRNGd port $PRNGD_PORT"
2971 elif test ! -z "$PRNGD_SOCKET" ; then
2972 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2973 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2974 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2975 [Define if you want the OpenSSL internally seeded PRNG only])
2976 RAND_MSG="OpenSSL internal ONLY"
2977 elif test "x$openssl" = "xno" ; then
2978 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
2980 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2983 # Check for PAM libs
2986 [ --with-pam Enable PAM support ],
2988 if test "x$withval" != "xno" ; then
2989 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2990 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2991 AC_MSG_ERROR([PAM headers not found])
2995 AC_CHECK_LIB([dl], [dlopen], , )
2996 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2997 AC_CHECK_FUNCS([pam_getenvlist])
2998 AC_CHECK_FUNCS([pam_putenv])
3003 SSHDLIBS="$SSHDLIBS -lpam"
3004 AC_DEFINE([USE_PAM], [1],
3005 [Define if you want to enable PAM support])
3007 if test $ac_cv_lib_dl_dlopen = yes; then
3010 # libdl already in LIBS
3013 SSHDLIBS="$SSHDLIBS -ldl"
3021 # Check for older PAM
3022 if test "x$PAM_MSG" = "xyes" ; then
3023 # Check PAM strerror arguments (old PAM)
3024 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3025 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3027 #if defined(HAVE_SECURITY_PAM_APPL_H)
3028 #include <security/pam_appl.h>
3029 #elif defined (HAVE_PAM_PAM_APPL_H)
3030 #include <pam/pam_appl.h>
3033 (void)pam_strerror((pam_handle_t *)NULL, -1);
3034 ]])], [AC_MSG_RESULT([no])], [
3035 AC_DEFINE([HAVE_OLD_PAM], [1],
3036 [Define if you have an old version of PAM
3037 which takes only one argument to pam_strerror])
3038 AC_MSG_RESULT([yes])
3039 PAM_MSG="yes (old library)"
3046 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3049 SSH_PRIVSEP_USER=sshd
3052 AC_ARG_WITH([privsep-user],
3053 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3055 if test -n "$withval" && test "x$withval" != "xno" && \
3056 test "x${withval}" != "xyes"; then
3057 SSH_PRIVSEP_USER=$withval
3061 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3062 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3063 [Cygwin function to fetch non-privileged user for privilege separation])
3065 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3066 [non-privileged user for privilege separation])
3068 AC_SUBST([SSH_PRIVSEP_USER])
3070 if test "x$have_linux_no_new_privs" = "x1" ; then
3071 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3072 #include <sys/types.h>
3073 #include <linux/seccomp.h>
3076 if test "x$have_seccomp_filter" = "x1" ; then
3077 AC_MSG_CHECKING([kernel for seccomp_filter support])
3078 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3081 #include <linux/audit.h>
3082 #include <linux/seccomp.h>
3084 #include <sys/prctl.h>
3086 [[ int i = $seccomp_audit_arch;
3088 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3089 exit(errno == EFAULT ? 0 : 1); ]])],
3090 [ AC_MSG_RESULT([yes]) ], [
3092 # Disable seccomp filter as a target
3093 have_seccomp_filter=0
3098 # Decide which sandbox style to use
3100 AC_ARG_WITH([sandbox],
3101 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3103 if test "x$withval" = "xyes" ; then
3106 sandbox_arg="$withval"
3111 # Some platforms (seems to be the ones that have a kernel poll(2)-type
3112 # function with which they implement select(2)) use an extra file descriptor
3113 # when calling select(2), which means we can't use the rlimit sandbox.
3114 AC_MSG_CHECKING([if select works with descriptor rlimit])
3117 #include <sys/types.h>
3118 #ifdef HAVE_SYS_TIME_H
3119 # include <sys/time.h>
3121 #include <sys/resource.h>
3122 #ifdef HAVE_SYS_SELECT_H
3123 # include <sys/select.h>
3129 struct rlimit rl_zero;
3134 fd = open("/dev/null", O_RDONLY);
3137 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3138 setrlimit(RLIMIT_FSIZE, &rl_zero);
3139 setrlimit(RLIMIT_NOFILE, &rl_zero);
3142 r = select(fd+1, &fds, NULL, NULL, &tv);
3143 exit (r == -1 ? 1 : 0);
3145 [AC_MSG_RESULT([yes])
3146 select_works_with_rlimit=yes],
3147 [AC_MSG_RESULT([no])
3148 select_works_with_rlimit=no],
3149 [AC_MSG_WARN([cross compiling: assuming yes])]
3152 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3155 #include <sys/types.h>
3156 #ifdef HAVE_SYS_TIME_H
3157 # include <sys/time.h>
3159 #include <sys/resource.h>
3163 struct rlimit rl_zero;
3167 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3168 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3169 exit (r == -1 ? 1 : 0);
3171 [AC_MSG_RESULT([yes])
3172 rlimit_nofile_zero_works=yes],
3173 [AC_MSG_RESULT([no])
3174 rlimit_nofile_zero_works=no],
3175 [AC_MSG_WARN([cross compiling: assuming yes])]
3178 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3181 #include <sys/types.h>
3182 #include <sys/resource.h>
3185 struct rlimit rl_zero;
3187 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3188 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3190 [AC_MSG_RESULT([yes])],
3191 [AC_MSG_RESULT([no])
3192 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3193 [setrlimit RLIMIT_FSIZE works])],
3194 [AC_MSG_WARN([cross compiling: assuming yes])]
3197 if test "x$sandbox_arg" = "xpledge" || \
3198 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3199 test "x$ac_cv_func_pledge" != "xyes" && \
3200 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3201 SANDBOX_STYLE="pledge"
3202 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3203 elif test "x$sandbox_arg" = "xsystrace" || \
3204 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3205 test "x$have_systr_policy_kill" != "x1" && \
3206 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3207 SANDBOX_STYLE="systrace"
3208 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3209 elif test "x$sandbox_arg" = "xdarwin" || \
3210 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3211 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3212 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3213 "x$ac_cv_header_sandbox_h" != "xyes" && \
3214 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3215 SANDBOX_STYLE="darwin"
3216 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3217 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3218 ( test -z "$sandbox_arg" && \
3219 test "x$have_seccomp_filter" = "x1" && \
3220 test "x$ac_cv_header_elf_h" = "xyes" && \
3221 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3222 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3223 test "x$seccomp_audit_arch" != "x" && \
3224 test "x$have_linux_no_new_privs" = "x1" && \
3225 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3226 test "x$seccomp_audit_arch" = "x" && \
3227 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3228 test "x$have_linux_no_new_privs" != "x1" && \
3229 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3230 test "x$have_seccomp_filter" != "x1" && \
3231 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3232 test "x$ac_cv_func_prctl" != "xyes" && \
3233 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3234 SANDBOX_STYLE="seccomp_filter"
3235 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3236 elif test "x$sandbox_arg" = "xcapsicum" || \
3237 ( test -z "$sandbox_arg" && \
3238 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3239 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3240 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3241 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3242 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3243 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3244 SANDBOX_STYLE="capsicum"
3245 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3246 elif test "x$sandbox_arg" = "xrlimit" || \
3247 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3248 test "x$select_works_with_rlimit" = "xyes" && \
3249 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3250 test "x$ac_cv_func_setrlimit" != "xyes" && \
3251 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3252 test "x$select_works_with_rlimit" != "xyes" && \
3253 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3254 SANDBOX_STYLE="rlimit"
3255 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3256 elif test "x$sandbox_arg" = "xsolaris" || \
3257 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3258 SANDBOX_STYLE="solaris"
3259 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3260 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3261 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3262 SANDBOX_STYLE="none"
3263 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3265 AC_MSG_ERROR([unsupported --with-sandbox])
3268 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3269 if test ! -z "$SONY" ; then
3270 LIBS="$LIBS -liberty";
3273 # Check for long long datatypes
3274 AC_CHECK_TYPES([long long, unsigned long long, long double])
3276 # Check datatype sizes
3277 AC_CHECK_SIZEOF([short int], [2])
3278 AC_CHECK_SIZEOF([int], [4])
3279 AC_CHECK_SIZEOF([long int], [4])
3280 AC_CHECK_SIZEOF([long long int], [8])
3282 # Sanity check long long for some platforms (AIX)
3283 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3284 ac_cv_sizeof_long_long_int=0
3287 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3288 if test -z "$have_llong_max"; then
3289 AC_MSG_CHECKING([for max value of long long])
3293 /* Why is this so damn hard? */
3297 #define __USE_ISOC99
3299 #define DATA "conftest.llminmax"
3300 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3303 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3304 * we do this the hard way.
3307 fprint_ll(FILE *f, long long n)
3310 int l[sizeof(long long) * 8];
3313 if (fprintf(f, "-") < 0)
3315 for (i = 0; n != 0; i++) {
3316 l[i] = my_abs(n % 10);
3320 if (fprintf(f, "%d", l[--i]) < 0)
3323 if (fprintf(f, " ") < 0)
3329 long long i, llmin, llmax = 0;
3331 if((f = fopen(DATA,"w")) == NULL)
3334 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3335 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3339 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3340 /* This will work on one's complement and two's complement */
3341 for (i = 1; i > llmax; i <<= 1, i++)
3343 llmin = llmax + 1LL; /* wrap */
3347 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3348 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3349 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3350 fprintf(f, "unknown unknown\n");
3354 if (fprint_ll(f, llmin) < 0)
3356 if (fprint_ll(f, llmax) < 0)
3363 llong_min=`$AWK '{print $1}' conftest.llminmax`
3364 llong_max=`$AWK '{print $2}' conftest.llminmax`
3366 AC_MSG_RESULT([$llong_max])
3367 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3368 [max value of long long calculated by configure])
3369 AC_MSG_CHECKING([for min value of long long])
3370 AC_MSG_RESULT([$llong_min])
3371 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3372 [min value of long long calculated by configure])
3375 AC_MSG_RESULT([not found])
3378 AC_MSG_WARN([cross compiling: not checking])
3384 # More checks for data types
3385 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3386 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3387 [[ u_int a; a = 1;]])],
3388 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3391 if test "x$ac_cv_have_u_int" = "xyes" ; then
3392 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3396 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3397 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3398 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3399 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3402 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3403 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3407 if (test -z "$have_intxx_t" && \
3408 test "x$ac_cv_header_stdint_h" = "xyes")
3410 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3411 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3412 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3414 AC_DEFINE([HAVE_INTXX_T])
3415 AC_MSG_RESULT([yes])
3416 ], [ AC_MSG_RESULT([no])
3420 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3421 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3422 #include <sys/types.h>
3423 #ifdef HAVE_STDINT_H
3424 # include <stdint.h>
3426 #include <sys/socket.h>
3427 #ifdef HAVE_SYS_BITYPES_H
3428 # include <sys/bitypes.h>
3433 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3436 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3437 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3440 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3442 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3443 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3446 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3447 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3451 if test -z "$have_u_intxx_t" ; then
3452 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3453 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3454 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3456 AC_DEFINE([HAVE_U_INTXX_T])
3457 AC_MSG_RESULT([yes])
3458 ], [ AC_MSG_RESULT([no])
3462 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3463 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3464 [[ u_int64_t a; a = 1;]])],
3465 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3468 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3469 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3473 if (test -z "$have_u_int64_t" && \
3474 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3476 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3477 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3478 [[ u_int64_t a; a = 1]])],
3480 AC_DEFINE([HAVE_U_INT64_T])
3481 AC_MSG_RESULT([yes])
3482 ], [ AC_MSG_RESULT([no])
3486 if test -z "$have_u_intxx_t" ; then
3487 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3488 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3489 #include <sys/types.h>
3496 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3499 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3500 AC_DEFINE([HAVE_UINTXX_T], [1],
3501 [define if you have uintxx_t data type])
3505 if (test -z "$have_uintxx_t" && \
3506 test "x$ac_cv_header_stdint_h" = "xyes")
3508 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3509 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3510 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3512 AC_DEFINE([HAVE_UINTXX_T])
3513 AC_MSG_RESULT([yes])
3514 ], [ AC_MSG_RESULT([no])
3518 if (test -z "$have_uintxx_t" && \
3519 test "x$ac_cv_header_inttypes_h" = "xyes")
3521 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3522 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3523 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3525 AC_DEFINE([HAVE_UINTXX_T])
3526 AC_MSG_RESULT([yes])
3527 ], [ AC_MSG_RESULT([no])
3531 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3532 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3534 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3535 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3536 #include <sys/bitypes.h>
3538 int8_t a; int16_t b; int32_t c;
3539 u_int8_t e; u_int16_t f; u_int32_t g;
3540 a = b = c = e = f = g = 1;
3543 AC_DEFINE([HAVE_U_INTXX_T])
3544 AC_DEFINE([HAVE_INTXX_T])
3545 AC_MSG_RESULT([yes])
3546 ], [AC_MSG_RESULT([no])
3551 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3552 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3553 [[ u_char foo; foo = 125; ]])],
3554 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3557 if test "x$ac_cv_have_u_char" = "xyes" ; then
3558 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3561 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3562 #include <sys/types.h>
3568 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3569 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3570 #include <sys/types.h>
3571 #ifdef HAVE_SYS_BITYPES_H
3572 #include <sys/bitypes.h>
3574 #ifdef HAVE_SYS_STATFS_H
3575 #include <sys/statfs.h>
3577 #ifdef HAVE_SYS_STATVFS_H
3578 #include <sys/statvfs.h>
3582 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3583 [#include <sys/types.h>
3584 #include <netinet/in.h>])
3586 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3587 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3588 [[ size_t foo; foo = 1235; ]])],
3589 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3592 if test "x$ac_cv_have_size_t" = "xyes" ; then
3593 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3596 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3597 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3598 [[ ssize_t foo; foo = 1235; ]])],
3599 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3602 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3603 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3606 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3607 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3608 [[ clock_t foo; foo = 1235; ]])],
3609 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3612 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3613 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3616 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3617 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3618 #include <sys/types.h>
3619 #include <sys/socket.h>
3620 ]], [[ sa_family_t foo; foo = 1235; ]])],
3621 [ ac_cv_have_sa_family_t="yes" ],
3622 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3623 #include <sys/types.h>
3624 #include <sys/socket.h>
3625 #include <netinet/in.h>
3626 ]], [[ sa_family_t foo; foo = 1235; ]])],
3627 [ ac_cv_have_sa_family_t="yes" ],
3628 [ ac_cv_have_sa_family_t="no" ]
3632 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3633 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3634 [define if you have sa_family_t data type])
3637 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3638 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3639 [[ pid_t foo; foo = 1235; ]])],
3640 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3643 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3644 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3647 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3649 [[ mode_t foo; foo = 1235; ]])],
3650 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3653 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3654 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3658 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3659 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3660 #include <sys/types.h>
3661 #include <sys/socket.h>
3662 ]], [[ struct sockaddr_storage s; ]])],
3663 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3664 [ ac_cv_have_struct_sockaddr_storage="no"
3667 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3668 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3669 [define if you have struct sockaddr_storage data type])
3672 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3673 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3674 #include <sys/types.h>
3675 #include <netinet/in.h>
3676 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3677 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3678 [ ac_cv_have_struct_sockaddr_in6="no"
3681 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3682 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3683 [define if you have struct sockaddr_in6 data type])
3686 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3687 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3688 #include <sys/types.h>
3689 #include <netinet/in.h>
3690 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3691 [ ac_cv_have_struct_in6_addr="yes" ],
3692 [ ac_cv_have_struct_in6_addr="no"
3695 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3696 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3697 [define if you have struct in6_addr data type])
3699 dnl Now check for sin6_scope_id
3700 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3702 #ifdef HAVE_SYS_TYPES_H
3703 #include <sys/types.h>
3705 #include <netinet/in.h>
3709 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3710 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3711 #include <sys/types.h>
3712 #include <sys/socket.h>
3714 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3715 [ ac_cv_have_struct_addrinfo="yes" ],
3716 [ ac_cv_have_struct_addrinfo="no"
3719 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3720 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3721 [define if you have struct addrinfo data type])
3724 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3725 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3726 [[ struct timeval tv; tv.tv_sec = 1;]])],
3727 [ ac_cv_have_struct_timeval="yes" ],
3728 [ ac_cv_have_struct_timeval="no"
3731 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3732 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3733 have_struct_timeval=1
3736 AC_CHECK_TYPES([struct timespec])
3738 # We need int64_t or else certian parts of the compile will fail.
3739 if test "x$ac_cv_have_int64_t" = "xno" && \
3740 test "x$ac_cv_sizeof_long_int" != "x8" && \
3741 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3742 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3743 echo "an alternative compiler (I.E., GCC) before continuing."
3747 dnl test snprintf (broken on SCO w/gcc)
3752 #ifdef HAVE_SNPRINTF
3756 char expected_out[50];
3758 #if (SIZEOF_LONG_INT == 8)
3759 long int num = 0x7fffffffffffffff;
3761 long long num = 0x7fffffffffffffffll;
3763 strcpy(expected_out, "9223372036854775807");
3764 snprintf(buf, mazsize, "%lld", num);
3765 if(strcmp(buf, expected_out) != 0)
3772 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3773 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3777 dnl Checks for structure members
3778 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3779 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3780 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3781 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3782 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3783 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3784 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3785 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3786 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3787 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3788 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3789 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3790 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3791 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3792 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3793 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3794 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3796 AC_CHECK_MEMBERS([struct stat.st_blksize])
3797 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3798 struct passwd.pw_change, struct passwd.pw_expire],
3800 #include <sys/types.h>
3804 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3805 [Define if we don't have struct __res_state in resolv.h])],
3808 #if HAVE_SYS_TYPES_H
3809 # include <sys/types.h>
3811 #include <netinet/in.h>
3812 #include <arpa/nameser.h>
3816 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3817 ac_cv_have_ss_family_in_struct_ss, [
3818 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3819 #include <sys/types.h>
3820 #include <sys/socket.h>
3821 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3822 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3823 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3825 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3826 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3829 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3830 ac_cv_have___ss_family_in_struct_ss, [
3831 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3832 #include <sys/types.h>
3833 #include <sys/socket.h>
3834 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3835 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3836 [ ac_cv_have___ss_family_in_struct_ss="no"
3839 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3840 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3841 [Fields in struct sockaddr_storage])
3844 dnl make sure we're using the real structure members and not defines
3845 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3846 ac_cv_have_accrights_in_msghdr, [
3847 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3848 #include <sys/types.h>
3849 #include <sys/socket.h>
3850 #include <sys/uio.h>
3852 #ifdef msg_accrights
3853 #error "msg_accrights is a macro"
3857 m.msg_accrights = 0;
3860 [ ac_cv_have_accrights_in_msghdr="yes" ],
3861 [ ac_cv_have_accrights_in_msghdr="no" ]
3864 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3865 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3866 [Define if your system uses access rights style
3867 file descriptor passing])
3870 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3871 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3872 #include <sys/param.h>
3873 #include <sys/stat.h>
3874 #ifdef HAVE_SYS_TIME_H
3875 # include <sys/time.h>
3877 #ifdef HAVE_SYS_MOUNT_H
3878 #include <sys/mount.h>
3880 #ifdef HAVE_SYS_STATVFS_H
3881 #include <sys/statvfs.h>
3883 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3884 [ AC_MSG_RESULT([yes]) ],
3885 [ AC_MSG_RESULT([no])
3887 AC_MSG_CHECKING([if fsid_t has member val])
3888 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3889 #include <sys/types.h>
3890 #include <sys/statvfs.h>
3891 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3892 [ AC_MSG_RESULT([yes])
3893 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3894 [ AC_MSG_RESULT([no]) ])
3896 AC_MSG_CHECKING([if f_fsid has member __val])
3897 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3898 #include <sys/types.h>
3899 #include <sys/statvfs.h>
3900 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3901 [ AC_MSG_RESULT([yes])
3902 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3903 [ AC_MSG_RESULT([no]) ])
3906 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3907 ac_cv_have_control_in_msghdr, [
3908 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3909 #include <sys/types.h>
3910 #include <sys/socket.h>
3911 #include <sys/uio.h>
3914 #error "msg_control is a macro"
3921 [ ac_cv_have_control_in_msghdr="yes" ],
3922 [ ac_cv_have_control_in_msghdr="no" ]
3925 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3926 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3927 [Define if your system uses ancillary data style
3928 file descriptor passing])
3931 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3932 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3933 [[ extern char *__progname; printf("%s", __progname); ]])],
3934 [ ac_cv_libc_defines___progname="yes" ],
3935 [ ac_cv_libc_defines___progname="no"
3938 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3939 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3942 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3943 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3944 [[ printf("%s", __FUNCTION__); ]])],
3945 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3946 [ ac_cv_cc_implements___FUNCTION__="no"
3949 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3950 AC_DEFINE([HAVE___FUNCTION__], [1],
3951 [Define if compiler implements __FUNCTION__])
3954 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3955 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3956 [[ printf("%s", __func__); ]])],
3957 [ ac_cv_cc_implements___func__="yes" ],
3958 [ ac_cv_cc_implements___func__="no"
3961 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3962 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3965 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3966 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3969 ]], [[ va_copy(x,y); ]])],
3970 [ ac_cv_have_va_copy="yes" ],
3971 [ ac_cv_have_va_copy="no"
3974 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3975 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3978 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3979 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3982 ]], [[ __va_copy(x,y); ]])],
3983 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3986 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3987 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3990 AC_CACHE_CHECK([whether getopt has optreset support],
3991 ac_cv_have_getopt_optreset, [
3992 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3993 [[ extern int optreset; optreset = 0; ]])],
3994 [ ac_cv_have_getopt_optreset="yes" ],
3995 [ ac_cv_have_getopt_optreset="no"
3998 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3999 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4000 [Define if your getopt(3) defines and uses optreset])
4003 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4004 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4005 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4006 [ ac_cv_libc_defines_sys_errlist="yes" ],
4007 [ ac_cv_libc_defines_sys_errlist="no"
4010 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4011 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4012 [Define if your system defines sys_errlist[]])
4016 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4017 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4018 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4019 [ ac_cv_libc_defines_sys_nerr="yes" ],
4020 [ ac_cv_libc_defines_sys_nerr="no"
4023 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4024 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4027 # Check libraries needed by DNS fingerprint support
4028 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4029 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4030 [Define if getrrsetbyname() exists])],
4032 # Needed by our getrrsetbyname()
4033 AC_SEARCH_LIBS([res_query], [resolv])
4034 AC_SEARCH_LIBS([dn_expand], [resolv])
4035 AC_MSG_CHECKING([if res_query will link])
4036 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4037 #include <sys/types.h>
4038 #include <netinet/in.h>
4039 #include <arpa/nameser.h>
4043 res_query (0, 0, 0, 0, 0);
4045 AC_MSG_RESULT([yes]),
4046 [AC_MSG_RESULT([no])
4048 LIBS="$LIBS -lresolv"
4049 AC_MSG_CHECKING([for res_query in -lresolv])
4050 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4051 #include <sys/types.h>
4052 #include <netinet/in.h>
4053 #include <arpa/nameser.h>
4057 res_query (0, 0, 0, 0, 0);
4059 [AC_MSG_RESULT([yes])],
4061 AC_MSG_RESULT([no])])
4063 AC_CHECK_FUNCS([_getshort _getlong])
4064 AC_CHECK_DECLS([_getshort, _getlong], , ,
4065 [#include <sys/types.h>
4066 #include <arpa/nameser.h>])
4067 AC_CHECK_MEMBER([HEADER.ad],
4068 [AC_DEFINE([HAVE_HEADER_AD], [1],
4069 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4070 [#include <arpa/nameser.h>])
4073 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4074 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4076 #if HAVE_SYS_TYPES_H
4077 # include <sys/types.h>
4079 #include <netinet/in.h>
4080 #include <arpa/nameser.h>
4082 extern struct __res_state _res;
4084 struct __res_state *volatile p = &_res; /* force resolution of _res */
4087 [AC_MSG_RESULT([yes])
4088 AC_DEFINE([HAVE__RES_EXTERN], [1],
4089 [Define if you have struct __res_state _res as an extern])
4091 [ AC_MSG_RESULT([no]) ]
4094 # Check whether user wants SELinux support
4097 AC_ARG_WITH([selinux],
4098 [ --with-selinux Enable SELinux support],
4099 [ if test "x$withval" != "xno" ; then
4101 AC_DEFINE([WITH_SELINUX], [1],
4102 [Define if you want SELinux support.])
4104 AC_CHECK_HEADER([selinux/selinux.h], ,
4105 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4106 AC_CHECK_LIB([selinux], [setexeccon],
4107 [ LIBSELINUX="-lselinux"
4108 LIBS="$LIBS -lselinux"
4110 AC_MSG_ERROR([SELinux support requires libselinux library]))
4111 SSHLIBS="$SSHLIBS $LIBSELINUX"
4112 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4113 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4118 AC_SUBST([SSHDLIBS])
4120 # Check whether user wants Kerberos 5 support
4122 AC_ARG_WITH([kerberos5],
4123 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4124 [ if test "x$withval" != "xno" ; then
4125 if test "x$withval" = "xyes" ; then
4126 KRB5ROOT="/usr/local"
4131 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4134 AC_PATH_PROG([KRB5CONF], [krb5-config],
4135 [$KRB5ROOT/bin/krb5-config],
4136 [$KRB5ROOT/bin:$PATH])
4137 if test -x $KRB5CONF ; then
4138 K5CFLAGS="`$KRB5CONF --cflags`"
4139 K5LIBS="`$KRB5CONF --libs`"
4140 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4142 AC_MSG_CHECKING([for gssapi support])
4143 if $KRB5CONF | grep gssapi >/dev/null ; then
4144 AC_MSG_RESULT([yes])
4145 AC_DEFINE([GSSAPI], [1],
4146 [Define this if you want GSSAPI
4147 support in the version 2 protocol])
4148 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4149 GSSLIBS="`$KRB5CONF --libs gssapi`"
4150 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4154 AC_MSG_CHECKING([whether we are using Heimdal])
4155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4156 ]], [[ char *tmp = heimdal_version; ]])],
4157 [ AC_MSG_RESULT([yes])
4158 AC_DEFINE([HEIMDAL], [1],
4159 [Define this if you are using the Heimdal
4160 version of Kerberos V5]) ],
4161 [AC_MSG_RESULT([no])
4164 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4165 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4166 AC_MSG_CHECKING([whether we are using Heimdal])
4167 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4168 ]], [[ char *tmp = heimdal_version; ]])],
4169 [ AC_MSG_RESULT([yes])
4170 AC_DEFINE([HEIMDAL])
4172 K5LIBS="$K5LIBS -lcom_err -lasn1"
4173 AC_CHECK_LIB([roken], [net_write],
4174 [K5LIBS="$K5LIBS -lroken"])
4175 AC_CHECK_LIB([des], [des_cbc_encrypt],
4176 [K5LIBS="$K5LIBS -ldes"])
4177 ], [ AC_MSG_RESULT([no])
4178 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4181 AC_SEARCH_LIBS([dn_expand], [resolv])
4183 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4184 [ AC_DEFINE([GSSAPI])
4185 GSSLIBS="-lgssapi_krb5" ],
4186 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4187 [ AC_DEFINE([GSSAPI])
4188 GSSLIBS="-lgssapi" ],
4189 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4190 [ AC_DEFINE([GSSAPI])
4192 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4196 AC_CHECK_HEADER([gssapi.h], ,
4197 [ unset ac_cv_header_gssapi_h
4198 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4199 AC_CHECK_HEADERS([gssapi.h], ,
4200 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4206 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4207 AC_CHECK_HEADER([gssapi_krb5.h], ,
4208 [ CPPFLAGS="$oldCPP" ])
4211 if test ! -z "$need_dash_r" ; then
4212 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4214 if test ! -z "$blibpath" ; then
4215 blibpath="$blibpath:${KRB5ROOT}/lib"
4218 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4219 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4220 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4222 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4223 [Define this if you want to use libkafs' AFS support])])
4225 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4226 #ifdef HAVE_GSSAPI_H
4227 # include <gssapi.h>
4228 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4229 # include <gssapi/gssapi.h>
4232 #ifdef HAVE_GSSAPI_GENERIC_H
4233 # include <gssapi_generic.h>
4234 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4235 # include <gssapi/gssapi_generic.h>
4239 LIBS="$LIBS $K5LIBS"
4240 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4249 # Looking for programs, paths and files
4251 PRIVSEP_PATH=/var/empty
4252 AC_ARG_WITH([privsep-path],
4253 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4255 if test -n "$withval" && test "x$withval" != "xno" && \
4256 test "x${withval}" != "xyes"; then
4257 PRIVSEP_PATH=$withval
4261 AC_SUBST([PRIVSEP_PATH])
4263 AC_ARG_WITH([xauth],
4264 [ --with-xauth=PATH Specify path to xauth program ],
4266 if test -n "$withval" && test "x$withval" != "xno" && \
4267 test "x${withval}" != "xyes"; then
4273 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4274 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4275 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4276 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4277 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4278 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4279 xauth_path="/usr/openwin/bin/xauth"
4285 AC_ARG_ENABLE([strip],
4286 [ --disable-strip Disable calling strip(1) on install],
4288 if test "x$enableval" = "xno" ; then
4293 AC_SUBST([STRIP_OPT])
4295 if test -z "$xauth_path" ; then
4296 XAUTH_PATH="undefined"
4297 AC_SUBST([XAUTH_PATH])
4299 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4300 [Define if xauth is found in your path])
4301 XAUTH_PATH=$xauth_path
4302 AC_SUBST([XAUTH_PATH])
4305 dnl # --with-maildir=/path/to/mail gets top priority.
4306 dnl # if maildir is set in the platform case statement above we use that.
4307 dnl # Otherwise we run a program to get the dir from system headers.
4308 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4309 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4310 dnl # session.c expects anyway. Otherwise we set to the value found
4311 dnl # stripping any trailing slash. If for some strage reason our program
4312 dnl # does not find what it needs, we default to /var/spool/mail.
4313 # Check for mail directory
4314 AC_ARG_WITH([maildir],
4315 [ --with-maildir=/path/to/mail Specify your system mail directory],
4317 if test "X$withval" != X && test "x$withval" != xno && \
4318 test "x${withval}" != xyes; then
4319 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4320 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4323 if test "X$maildir" != "X"; then
4324 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4326 AC_MSG_CHECKING([Discovering system mail directory])
4334 #ifdef HAVE_MAILLOCK_H
4335 #include <maillock.h>
4337 #define DATA "conftest.maildir"
4342 fd = fopen(DATA,"w");
4346 #if defined (_PATH_MAILDIR)
4347 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4349 #elif defined (MAILDIR)
4350 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4352 #elif defined (_PATH_MAIL)
4353 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4362 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4363 maildir=`awk -F: '{print $2}' conftest.maildir \
4365 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4366 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4367 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4371 if test "X$ac_status" = "X2";then
4372 # our test program didn't find it. Default to /var/spool/mail
4373 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4374 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4376 AC_MSG_RESULT([*** not found ***])
4380 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4387 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4388 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4389 disable_ptmx_check=yes
4391 if test -z "$no_dev_ptmx" ; then
4392 if test "x$disable_ptmx_check" != "xyes" ; then
4393 AC_CHECK_FILE(["/dev/ptmx"],
4395 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4396 [Define if you have /dev/ptmx])
4403 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4404 AC_CHECK_FILE(["/dev/ptc"],
4406 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4407 [Define if you have /dev/ptc])
4412 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4415 # Options from here on. Some of these are preset by platform above
4416 AC_ARG_WITH([mantype],
4417 [ --with-mantype=man|cat|doc Set man page type],
4424 AC_MSG_ERROR([invalid man type: $withval])
4429 if test -z "$MANTYPE"; then
4430 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4431 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4432 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4434 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4441 if test "$MANTYPE" = "doc"; then
4446 AC_SUBST([mansubdir])
4448 # Check whether to enable MD5 passwords
4450 AC_ARG_WITH([md5-passwords],
4451 [ --with-md5-passwords Enable use of MD5 passwords],
4453 if test "x$withval" != "xno" ; then
4454 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4455 [Define if you want to allow MD5 passwords])
4461 # Whether to disable shadow password support
4462 AC_ARG_WITH([shadow],
4463 [ --without-shadow Disable shadow password support],
4465 if test "x$withval" = "xno" ; then
4466 AC_DEFINE([DISABLE_SHADOW])
4472 if test -z "$disable_shadow" ; then
4473 AC_MSG_CHECKING([if the systems has expire shadow information])
4474 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4475 #include <sys/types.h>
4478 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4479 [ sp_expire_available=yes ], [
4482 if test "x$sp_expire_available" = "xyes" ; then
4483 AC_MSG_RESULT([yes])
4484 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4485 [Define if you want to use shadow password expire field])
4491 # Use ip address instead of hostname in $DISPLAY
4492 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4493 DISPLAY_HACK_MSG="yes"
4494 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4495 [Define if you need to use IP address
4496 instead of hostname in $DISPLAY])
4498 DISPLAY_HACK_MSG="no"
4499 AC_ARG_WITH([ipaddr-display],
4500 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
4502 if test "x$withval" != "xno" ; then
4503 AC_DEFINE([IPADDR_IN_DISPLAY])
4504 DISPLAY_HACK_MSG="yes"
4510 # check for /etc/default/login and use it if present.
4511 AC_ARG_ENABLE([etc-default-login],
4512 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4513 [ if test "x$enableval" = "xno"; then
4514 AC_MSG_NOTICE([/etc/default/login handling disabled])
4515 etc_default_login=no
4517 etc_default_login=yes
4519 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4521 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4522 etc_default_login=no
4524 etc_default_login=yes
4528 if test "x$etc_default_login" != "xno"; then
4529 AC_CHECK_FILE(["/etc/default/login"],
4530 [ external_path_file=/etc/default/login ])
4531 if test "x$external_path_file" = "x/etc/default/login"; then
4532 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4533 [Define if your system has /etc/default/login])
4537 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4538 if test $ac_cv_func_login_getcapbool = "yes" && \
4539 test $ac_cv_header_login_cap_h = "yes" ; then
4540 external_path_file=/etc/login.conf
4543 # Whether to mess with the default path
4544 SERVER_PATH_MSG="(default)"
4545 AC_ARG_WITH([default-path],
4546 [ --with-default-path= Specify default $PATH environment for server],
4548 if test "x$external_path_file" = "x/etc/login.conf" ; then
4550 --with-default-path=PATH has no effect on this system.
4551 Edit /etc/login.conf instead.])
4552 elif test "x$withval" != "xno" ; then
4553 if test ! -z "$external_path_file" ; then
4555 --with-default-path=PATH will only be used if PATH is not defined in
4556 $external_path_file .])
4558 user_path="$withval"
4559 SERVER_PATH_MSG="$withval"
4562 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4563 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4565 if test ! -z "$external_path_file" ; then
4567 If PATH is defined in $external_path_file, ensure the path to scp is included,
4568 otherwise scp will not work.])
4572 /* find out what STDPATH is */
4577 #ifndef _PATH_STDPATH
4578 # ifdef _PATH_USERPATH /* Irix */
4579 # define _PATH_STDPATH _PATH_USERPATH
4581 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4584 #include <sys/types.h>
4585 #include <sys/stat.h>
4587 #define DATA "conftest.stdpath"
4592 fd = fopen(DATA,"w");
4596 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4601 [ user_path=`cat conftest.stdpath` ],
4602 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4603 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4605 # make sure $bindir is in USER_PATH so scp will work
4606 t_bindir="${bindir}"
4607 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4608 t_bindir=`eval echo ${t_bindir}`
4610 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4613 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4616 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4617 if test $? -ne 0 ; then
4618 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4619 if test $? -ne 0 ; then
4620 user_path=$user_path:$t_bindir
4621 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4626 if test "x$external_path_file" != "x/etc/login.conf" ; then
4627 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4628 AC_SUBST([user_path])
4631 # Set superuser path separately to user path
4632 AC_ARG_WITH([superuser-path],
4633 [ --with-superuser-path= Specify different path for super-user],
4635 if test -n "$withval" && test "x$withval" != "xno" && \
4636 test "x${withval}" != "xyes"; then
4637 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4638 [Define if you want a different $PATH
4640 superuser_path=$withval
4646 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4647 IPV4_IN6_HACK_MSG="no"
4649 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4651 if test "x$withval" != "xno" ; then
4652 AC_MSG_RESULT([yes])
4653 AC_DEFINE([IPV4_IN_IPV6], [1],
4654 [Detect IPv4 in IPv6 mapped addresses
4656 IPV4_IN6_HACK_MSG="yes"
4661 if test "x$inet6_default_4in6" = "xyes"; then
4662 AC_MSG_RESULT([yes (default)])
4663 AC_DEFINE([IPV4_IN_IPV6])
4664 IPV4_IN6_HACK_MSG="yes"
4666 AC_MSG_RESULT([no (default)])
4671 # Whether to enable BSD auth support
4673 AC_ARG_WITH([bsd-auth],
4674 [ --with-bsd-auth Enable BSD auth support],
4676 if test "x$withval" != "xno" ; then
4677 AC_DEFINE([BSD_AUTH], [1],
4678 [Define if you have BSD auth support])
4684 # Where to place sshd.pid
4686 # make sure the directory exists
4687 if test ! -d $piddir ; then
4688 piddir=`eval echo ${sysconfdir}`
4690 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4694 AC_ARG_WITH([pid-dir],
4695 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4697 if test -n "$withval" && test "x$withval" != "xno" && \
4698 test "x${withval}" != "xyes"; then
4700 if test ! -d $piddir ; then
4701 AC_MSG_WARN([** no $piddir directory on this system **])
4707 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4708 [Specify location of ssh.pid])
4711 dnl allow user to disable some login recording features
4712 AC_ARG_ENABLE([lastlog],
4713 [ --disable-lastlog disable use of lastlog even if detected [no]],
4715 if test "x$enableval" = "xno" ; then
4716 AC_DEFINE([DISABLE_LASTLOG])
4720 AC_ARG_ENABLE([utmp],
4721 [ --disable-utmp disable use of utmp even if detected [no]],
4723 if test "x$enableval" = "xno" ; then
4724 AC_DEFINE([DISABLE_UTMP])
4728 AC_ARG_ENABLE([utmpx],
4729 [ --disable-utmpx disable use of utmpx even if detected [no]],
4731 if test "x$enableval" = "xno" ; then
4732 AC_DEFINE([DISABLE_UTMPX], [1],
4733 [Define if you don't want to use utmpx])
4737 AC_ARG_ENABLE([wtmp],
4738 [ --disable-wtmp disable use of wtmp even if detected [no]],
4740 if test "x$enableval" = "xno" ; then
4741 AC_DEFINE([DISABLE_WTMP])
4745 AC_ARG_ENABLE([wtmpx],
4746 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4748 if test "x$enableval" = "xno" ; then
4749 AC_DEFINE([DISABLE_WTMPX], [1],
4750 [Define if you don't want to use wtmpx])
4754 AC_ARG_ENABLE([libutil],
4755 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4757 if test "x$enableval" = "xno" ; then
4758 AC_DEFINE([DISABLE_LOGIN])
4762 AC_ARG_ENABLE([pututline],
4763 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4765 if test "x$enableval" = "xno" ; then
4766 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4767 [Define if you don't want to use pututline()
4768 etc. to write [uw]tmp])
4772 AC_ARG_ENABLE([pututxline],
4773 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4775 if test "x$enableval" = "xno" ; then
4776 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4777 [Define if you don't want to use pututxline()
4778 etc. to write [uw]tmpx])
4782 AC_ARG_WITH([lastlog],
4783 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4785 if test "x$withval" = "xno" ; then
4786 AC_DEFINE([DISABLE_LASTLOG])
4787 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4788 conf_lastlog_location=$withval
4793 dnl lastlog, [uw]tmpx? detection
4794 dnl NOTE: set the paths in the platform section to avoid the
4795 dnl need for command-line parameters
4796 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4798 dnl lastlog detection
4799 dnl NOTE: the code itself will detect if lastlog is a directory
4800 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4801 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4802 #include <sys/types.h>
4804 #ifdef HAVE_LASTLOG_H
4805 # include <lastlog.h>
4813 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4814 [ AC_MSG_RESULT([yes]) ],
4817 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4818 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4819 #include <sys/types.h>
4821 #ifdef HAVE_LASTLOG_H
4822 # include <lastlog.h>
4827 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4828 [ AC_MSG_RESULT([yes]) ],
4831 system_lastlog_path=no
4835 if test -z "$conf_lastlog_location"; then
4836 if test x"$system_lastlog_path" = x"no" ; then
4837 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4838 if (test -d "$f" || test -f "$f") ; then
4839 conf_lastlog_location=$f
4842 if test -z "$conf_lastlog_location"; then
4843 AC_MSG_WARN([** Cannot find lastlog **])
4844 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4849 if test -n "$conf_lastlog_location"; then
4850 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4851 [Define if you want to specify the path to your lastlog file])
4855 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4856 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4857 #include <sys/types.h>
4862 ]], [[ char *utmp = UTMP_FILE; ]])],
4863 [ AC_MSG_RESULT([yes]) ],
4864 [ AC_MSG_RESULT([no])
4867 if test -z "$conf_utmp_location"; then
4868 if test x"$system_utmp_path" = x"no" ; then
4869 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4870 if test -f $f ; then
4871 conf_utmp_location=$f
4874 if test -z "$conf_utmp_location"; then
4875 AC_DEFINE([DISABLE_UTMP])
4879 if test -n "$conf_utmp_location"; then
4880 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4881 [Define if you want to specify the path to your utmp file])
4885 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4886 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4887 #include <sys/types.h>
4892 ]], [[ char *wtmp = WTMP_FILE; ]])],
4893 [ AC_MSG_RESULT([yes]) ],
4894 [ AC_MSG_RESULT([no])
4897 if test -z "$conf_wtmp_location"; then
4898 if test x"$system_wtmp_path" = x"no" ; then
4899 for f in /usr/adm/wtmp /var/log/wtmp; do
4900 if test -f $f ; then
4901 conf_wtmp_location=$f
4904 if test -z "$conf_wtmp_location"; then
4905 AC_DEFINE([DISABLE_WTMP])
4909 if test -n "$conf_wtmp_location"; then
4910 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4911 [Define if you want to specify the path to your wtmp file])
4915 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4916 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4917 #include <sys/types.h>
4925 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4926 [ AC_MSG_RESULT([yes]) ],
4927 [ AC_MSG_RESULT([no])
4928 system_wtmpx_path=no
4930 if test -z "$conf_wtmpx_location"; then
4931 if test x"$system_wtmpx_path" = x"no" ; then
4932 AC_DEFINE([DISABLE_WTMPX])
4935 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4936 [Define if you want to specify the path to your wtmpx file])
4940 if test ! -z "$blibpath" ; then
4941 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4942 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4945 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4946 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4947 AC_DEFINE([DISABLE_LASTLOG])
4950 #ifdef HAVE_SYS_TYPES_H
4951 #include <sys/types.h>
4959 #ifdef HAVE_LASTLOG_H
4960 #include <lastlog.h>
4964 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
4965 AC_DEFINE([DISABLE_UTMP])
4966 AC_DEFINE([DISABLE_WTMP])
4968 #ifdef HAVE_SYS_TYPES_H
4969 #include <sys/types.h>
4977 #ifdef HAVE_LASTLOG_H
4978 #include <lastlog.h>
4982 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4984 CFLAGS="$CFLAGS $werror_flags"
4986 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4991 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4992 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4993 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
4994 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
4997 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4998 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5002 # Print summary of options
5004 # Someone please show me a better way :)
5005 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5006 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5007 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5008 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5009 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5010 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5011 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5012 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5013 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5014 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5017 echo "OpenSSH has been configured with the following options:"
5018 echo " User binaries: $B"
5019 echo " System binaries: $C"
5020 echo " Configuration files: $D"
5021 echo " Askpass program: $E"
5022 echo " Manual pages: $F"
5023 echo " PID file: $G"
5024 echo " Privilege separation chroot path: $H"
5025 if test "x$external_path_file" = "x/etc/login.conf" ; then
5026 echo " At runtime, sshd will use the path defined in $external_path_file"
5027 echo " Make sure the path to scp is present, otherwise scp will not work"
5029 echo " sshd default user PATH: $I"
5030 if test ! -z "$external_path_file"; then
5031 echo " (If PATH is set in $external_path_file it will be used instead. If"
5032 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5035 if test ! -z "$superuser_path" ; then
5036 echo " sshd superuser user PATH: $J"
5038 echo " Manpage format: $MANTYPE"
5039 echo " PAM support: $PAM_MSG"
5040 echo " OSF SIA support: $SIA_MSG"
5041 echo " KerberosV support: $KRB5_MSG"
5042 echo " SELinux support: $SELINUX_MSG"
5043 echo " Smartcard support: $SCARD_MSG"
5044 echo " S/KEY support: $SKEY_MSG"
5045 echo " TCP Wrappers support: $TCPW_MSG"
5046 echo " MD5 password support: $MD5_MSG"
5047 echo " libedit support: $LIBEDIT_MSG"
5048 echo " Solaris process contract support: $SPC_MSG"
5049 echo " Solaris project support: $SP_MSG"
5050 echo " Solaris privilege support: $SPP_MSG"
5051 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5052 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5053 echo " BSD Auth support: $BSD_AUTH_MSG"
5054 echo " Random number source: $RAND_MSG"
5055 echo " Privsep sandbox style: $SANDBOX_STYLE"
5059 echo " Host: ${host}"
5060 echo " Compiler: ${CC}"
5061 echo " Compiler flags: ${CFLAGS}"
5062 echo "Preprocessor flags: ${CPPFLAGS}"
5063 echo " Linker flags: ${LDFLAGS}"
5064 echo " Libraries: ${LIBS}"
5065 if test ! -z "${SSHDLIBS}"; then
5066 echo " +for sshd: ${SSHDLIBS}"
5068 if test ! -z "${SSHLIBS}"; then
5069 echo " +for ssh: ${SSHLIBS}"
5074 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5075 echo "SVR4 style packages are supported with \"make package\""
5079 if test "x$PAM_MSG" = "xyes" ; then
5080 echo "PAM is enabled. You may need to install a PAM control file "
5081 echo "for sshd, otherwise password authentication may fail. "
5082 echo "Example PAM control files can be found in the contrib/ "
5087 if test ! -z "$NO_PEERCHECK" ; then
5088 echo "WARNING: the operating system that you are using does not"
5089 echo "appear to support getpeereid(), getpeerucred() or the"
5090 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5091 echo "enforce security checks to prevent unauthorised connections to"
5092 echo "ssh-agent. Their absence increases the risk that a malicious"
5093 echo "user can connect to your agent."
5097 if test "$AUDIT_MODULE" = "bsm" ; then
5098 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5099 echo "See the Solaris section in README.platform for details."