Lines Matching +full:libselinux +full:- +full:dev
2 # Copyright (c) 1999-2004 Damien Miller
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
22 if test "$i" -nt "$srcdir/configure"; then
33 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
37 ]], [[return F(1, 2, -3);]])],
39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
65 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
72 MANFMT="$NROFF -mandoc"
74 MANFMT="$GROFF -mandoc -Tascii"
87 if test -x /sbin/sh; then
96 if test -z "$AR" ; then
101 if test ! -z "$PATH_PASSWD_PROG" ; then
108 dnl use case we overlooked and someone needs to re-enable it. Unless a good
120 #include <dev/systrace.h>
135 …[ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL…
154 [ --without-stackprotect Don't use compiler's stack protection], [
159 [ --without-hardening Don't use toolchain hardening flags], [
164 [ --without-retpoline Enable retpoline spectre mitigation], [
169 # We use -Werror for the tests only so that we catch warnings like "this is
170 # on by default" for things like -fPIE.
171 AC_MSG_CHECKING([if $CC supports -Werror])
173 CFLAGS="$CFLAGS -Werror"
176 WERROR="-Werror"],
184 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
196 ver="`$CC -v 2>&1`"
197 if echo "$ver" | grep "Apple" >/dev/null; then
198 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \
206 OSSH_CHECK_CFLAG_COMPILE([-pipe])
207 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
208 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
209 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
210 OSSH_CHECK_CFLAG_COMPILE([-Wall])
211 OSSH_CHECK_CFLAG_COMPILE([-Wextra])
212 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
213 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
214 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
215 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
216 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
217 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
218 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
219 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
220 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
221 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
222 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
223 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
225 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
226 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
227 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
228 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
229 # NB. -ftrapv expects certain support functions to be present in
234 OSSH_CHECK_CFLAG_LINK([-ftrapv])
235 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See
237 # https://github.com/llvm/llvm-project/issues/59242
241 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
243 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
245 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
248 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
249 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
252 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
254 CFLAGS="$CFLAGS -fno-builtin-memset"
262 # -fstack-protector-all doesn't always work for some GCC versions
264 # on a given platform gcc will emit a warning so we use -Werror.
266 for t in -fstack-protector-strong -fstack-protector-all \
267 -fstack-protector; do
271 CFLAGS="$CFLAGS $t -Werror"
272 LDFLAGS="$LDFLAGS $t -Werror"
309 if test -z "$have_llong_max"; then
310 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
313 CFLAGS="$CFLAGS -std=gnu99"
349 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
359 [[ int a; a = 1; int b = 1; exit(a-b); ]])],
371 [ --without-rpath Disable auto-added -R linker paths],
376 rpath_opt="-R"
385 [ --with-cflags Specify additional flags to pass to compiler],
387 if test -n "$withval" && test "x$withval" != "xno" && \
394 AC_ARG_WITH([cflags-after],
395 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
397 if test -n "$withval" && test "x$withval" != "xno" && \
404 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
406 if test -n "$withval" && test "x$withval" != "xno" && \
413 [ --with-ldflags Specify additional flags to pass to linker],
415 if test -n "$withval" && test "x$withval" != "xno" && \
421 AC_ARG_WITH([ldflags-after],
422 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
424 if test -n "$withval" && test "x$withval" != "xno" && \
431 [ --with-libs Specify additional libraries to link with],
433 if test -n "$withval" && test "x$withval" != "xno" && \
440 [ --with-Werror Build main code with -Werror],
442 if test -n "$withval" && test "x$withval" != "xno"; then
443 werror_flags="-Werror"
451 dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
612 # Messages for features tested for in target-specific section
619 # the --with-solaris-privs option and --with-sandbox=solaris).
622 # Check for some target-specific stuff
624 *-*-aix*)
626 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
638 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
639 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
640 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
645 if (test -z "$blibpath"); then
650 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
652 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
655 if (test -z "$blibflags"); then
661 if (test -z "$blibflags"); then
663 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
673 LIBS="$LIBS -ls"
710 supported by bsd-setproctitle.c])
713 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
718 *-*-android*)
722 *-*-cygwin*)
739 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
741 *-*-dgux*)
748 *-*-darwin*)
752 #include <mach-o/dyld.h>
786 supported by bsd-setproctitle.c])
790 SSHDLIBS="$SSHDLIBS -lsandbox"
792 # proc_pidinfo()-based closefrom() replacement.
795 # poll(2) is broken for character-special devices (at least).
800 *-*-dragonfly*)
804 *-*-haiku*)
805 LIBS="$LIBS -lbsd "
806 CFLAGS="$CFLAGS -D_BSD_SOURCE"
812 *-*-hpux*)
813 # first we define all of the options common to all HP-UX releases
814 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
823 LIBS="$LIBS -lsec"
825 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
829 *-*-hpux10*)
830 if test -z "$GCC"; then
831 CFLAGS="$CFLAGS -Ae"
835 *-*-hpux11*)
837 [Define if you are using Solaris-derived PAM which
850 *-*-hpux10.26)
852 [Define if you have SecureWare-based
855 LIBS="$LIBS -lsecpw"
859 *-*-irix5*)
872 *-*-irix6*)
876 (cluster-wide session management, not C arrays)])
891 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
898 *-*-linux*)
902 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
905 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
917 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
920 case `uname -r` in
969 x86_64-*)
972 i*86-*)
975 arm*-*)
978 aarch64*-*)
981 s390x-*)
984 s390-*)
987 powerpc-*)
990 powerpc64-*)
993 powerpc64le-*)
996 mips-*)
999 mipsel-*)
1002 mips64-*)
1012 mips64el-*)
1022 riscv64-*)
1034 *-*-minix)
1036 # poll(2) seems to choke on /dev/null; "Bad file descriptor"
1040 mips-sony-bsd|mips-sony-newsos4)
1044 *-*-netbsd*)
1046 rpath_opt="-R"
1048 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1058 *-*-freebsd*)
1071 *-*-freebsd9.*|*-*-freebsd10.*)
1072 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1076 *-*-bsdi*)
1081 *-next-*)
1090 *-*-openbsd*)
1099 *-*-solaris*)
1101 rpath_opt="-R"
1121 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1122 if test "$sol2ver" -ge 8; then
1134 AC_ARG_WITH([solaris-contracts],
1135 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1140 LIBS="$LIBS -lcontract"
1144 AC_ARG_WITH([solaris-projects],
1145 [ --with-solaris-projects Enable Solaris projects (experimental)],
1150 LIBS="$LIBS -lproject"
1154 AC_ARG_WITH([solaris-privs],
1155 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1158 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1169 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1175 *-*-sunos4*)
1176 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1185 *-ncr-sysv*)
1186 LIBS="$LIBS -lc89"
1193 *-sni-sysv*)
1196 # -lresolv needs to be at the end of LIBS or DNS lookups break
1197 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1211 *-*-sysv4.2*)
1221 *-*-sysv5*)
1222 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1233 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1236 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1237 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1244 *-*-sysv*)
1247 *-*-sco3.2v4*)
1251 *-*-sco3.2v5*)
1252 if test -z "$GCC"; then
1253 CFLAGS="$CFLAGS -belf"
1255 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1273 *-dec-osf*)
1277 [ --with-osfsia Enable Digital Unix SIA],
1285 if test -z "$no_osfsia" ; then
1286 if test -f /etc/sia/matrix.conf; then
1295 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1310 *-*-nto-qnx*)
1318 *-*-nto-qnx6*)
1324 *-*-ultrix*)
1325 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1335 mkdir -p netinet
1337 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1347 *-*-lynxos)
1348 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1352 *-*-gnu*)
1353 dnl GNU Hurd. Needs to be after the linux and the other *-gnu entries.
1354 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
1357 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
1381 LIBS="$LIBS -lgen"
1407 LIBS="$LIBS -lgen"
1415 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1422 [ --with-zlib=PATH Use zlib in PATH],
1426 if test -d "$withval/lib"; then
1427 if test -n "${rpath_opt}"; then
1428 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1430 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1433 if test -n "${rpath_opt}"; then
1434 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1436 LDFLAGS="-L${withval} ${LDFLAGS}"
1439 if test -d "$withval/include"; then
1440 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1442 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1454 CHANNELLIBS="$CHANNELLIBS -lz"
1457 …AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check confi…
1463 if test -n "${rpath_opt}"; then
1464 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1466 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1468 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1471 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1477 AC_ARG_WITH([zlib-version-check],
1478 [ --without-zlib-version-check Disable zlib version check],
1511 if test -z "$zlib_check_nonfatal" ; then
1512 AC_MSG_ERROR([*** zlib too old - check config.log ***
1516 "./configure --without-zlib-version-check".
1530 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1534 LIBS="$LIBS -lc89"]) ]
1558 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1563 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1577 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1666 if test -d "/proc/$$/fd" ; then
1675 AC_ARG_WITH([tcp-wrappers],
1676 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1682 if test -n "${withval}" && \
1684 if test -d "${withval}/lib"; then
1685 if test -n "${need_dash_r}"; then
1686 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1688 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1691 if test -n "${need_dash_r}"; then
1692 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1694 LDFLAGS="-L${withval} ${LDFLAGS}"
1697 if test -d "${withval}/include"; then
1698 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1700 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1703 LIBS="-lwrap $LIBS"
1718 SSHDLIBS="$SSHDLIBS -lwrap"
1731 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1735 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1737 LIBS="-lldns $LIBS"
1740 LIBS="$LIBS `$LDNSCONFIG --libs`"
1741 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1745 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1746 LDFLAGS="$LDFLAGS -L${withval}/lib"
1747 LIBS="-lldns $LIBS"
1778 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1791 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1792 if test -n "${rpath_opt}"; then
1793 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1795 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1799 LIBEDIT=`$PKGCONFIG --libs libedit`
1800 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1802 LIBEDIT="-ledit -lcurses"
1804 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1833 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1856 if test "$sol2ver" -ge 11; then
1857 SSHDLIBS="$SSHDLIBS -lscf"
1867 SSHDLIBS="$SSHDLIBS -laudit"
1885 [ --with-pie Build Position Independent Executables if possible], [
1917 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1918 OSSH_CHECK_LDFLAG_LINK([-pie])
1919 # We use both -fPIE and -pie or neither.
1920 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1921 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1922 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1931 AC_MSG_CHECKING([whether -fPIC is accepted])
1933 CFLAGS="$CFLAGS -fPIC"
1937 PICFLAG="-fPIC"; ],
2100 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2120 [ --disable-pkcs11 disable PKCS#11 support code [no]],
2129 AC_ARG_ENABLE([security-key],
2130 [ --disable-security-key disable U2F/FIDO support code [no]],
2138 AC_ARG_WITH([security-key-builtin],
2139 [ --with-security-key-builtin include builtin U2F/FIDO support],
2169 dnl check if we need -D_REENTRANT for localtime_r declaration.
2172 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2346 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2353 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2462 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2475 if test ! -z "$check_for_openpty_ctty_bug"; then
2505 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2520 AC_MSG_RESULT([cross-compiling, assuming yes])
2554 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2555 if (ai->ai_family != AF_INET6)
2558 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2571 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2574 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2589 AC_MSG_RESULT([cross-compiling, assuming yes])
2623 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2624 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2627 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2631 if (ai->ai_family == AF_INET && err != 0) {
2642 for the all-zeros IPv6 address])
2649 AC_MSG_RESULT([cross-compiling, assuming no])
2746 exit(r == -1 ? 0 : 1);
2770 AC_ARG_WITH([ssl-dir],
2771 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2774 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2781 if test -d "$withval/lib"; then
2783 elif test -d "$withval/lib64"; then
2789 if test -n "${rpath_opt}"; then
2790 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2792 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2794 if test -d "$withval/include"; then
2795 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2797 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2801 if test -x "${withval}/bin/openssl" && \
2802 "${withval}/bin/openssl" version >/dev/null 2>&1; then
2804 elif test -x "${withval}/apps/openssl" && \
2805 "${withval}/apps/openssl" version >/dev/null 2>&1; then
2814 AC_ARG_WITH([openssl-header-check],
2815 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2824 AC_ARG_WITH([ssl-engine],
2825 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2829 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2838 LIBS="-lcrypto $LIBS"
2839 CHANNELLIBS="-lcrypto $CHANNELLIBS"
2843 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2914 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
2923 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
2931 lver=`echo "$sslver" | sed 's/.*libressl-//'`
2941 # https://openssl.org/policies/general/versioning-policy.html
2942 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2960 x86_64-*)
2963 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2988 by running "./configure --without-openssl-header-check".
3011 LIBS="$LIBS -ldl"
3012 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
3018 CHANNELLIBS="$CHANNELLIBS -ldl"
3188 [ AC_MSG_WARN([cross-compiling: assuming yes])
3207 ecdsa-sha2-nistp256 \
3208 ecdh-sha2-nistp256 \
3209 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3215 ecdsa-sha2-nistp384 \
3216 ecdh-sha2-nistp384 \
3217 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3223 ecdh-sha2-nistp521 \
3224 ecdsa-sha2-nistp521 \
3225 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3267 if test ! -z "$disable_pkcs11" ; then
3270 if test ! -z "$disable_sk" ; then
3283 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3285 # Do not try to build sk-dummy library.
3290 # Now check for built-in security key support.
3291 if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3303 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3304 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3306 LIBFIDO2="-lprivatefido2 -lprivatecbor"
3308 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3322 if test ! -z "$fido2_error" ; then
3332 [Enable for built-in U2F/FIDO support])
3333 enable_sk="built-in"
3386 AC_ARG_WITH([prngd-port],
3387 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3393 [[0-9]]*)
3396 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3399 if test ! -z "$withval" ; then
3408 AC_ARG_WITH([prngd-socket],
3409 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3413 withval="/var/run/egd-pool"
3425 if test ! -z "$withval" ; then
3426 if test ! -z "$PRNGD_PORT" ; then
3429 if test ! -r "$withval" ; then
3442 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3443 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3449 if test ! -z "$PRNGD_SOCKET" ; then
3459 if test ! -z "$PRNGD_PORT" ; then
3461 elif test ! -z "$PRNGD_SOCKET" ; then
3463 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3468 …AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this dev…
3470 …figure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --…
3476 LIBS="$LIBS -liaf"
3477 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3487 LIBS="-lcrypt $LIBS"
3488 SSHDLIBS="-lcrypt $SSHDLIBS"
3496 [ --with-pam Enable PAM support ],
3513 SSHDLIBS="$SSHDLIBS -lpam"
3519 *-ldl*)
3523 SSHDLIBS="$SSHDLIBS -ldl"
3531 AC_ARG_WITH([pam-service],
3532 [ --with-pam-service=name Specify PAM service name ],
3554 (void)pam_strerror((pam_handle_t *)NULL, -1);
3566 *-*-cygwin*)
3573 AC_ARG_WITH([privsep-user],
3574 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3576 if test -n "$withval" && test "x$withval" != "xno" && \
3584 [Cygwin function to fetch non-privileged user for privilege separation])
3587 [non-privileged user for privilege separation])
3642 …[ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, sec…
3685 fd = open("/dev/null", O_RDONLY);
3694 if (r == -1)
3700 if (r == -1)
3729 exit (r == -1 ? 1 : 0);
3760 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3766 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3772 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3774 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3780 ( test -z "$sandbox_arg" && \
3799 ( test -z "$sandbox_arg" && \
3810 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3820 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3823 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3828 AC_MSG_ERROR([unsupported --with-sandbox])
3831 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3832 if test ! -z "$SONY" ; then
3833 LIBS="$LIBS -liberty";
3861 if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3874 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3887 if (fprintf(f, "-") < 0)
3888 return -1;
3894 if (fprintf(f, "%d", l[--i]) < 0)
3895 return -1;
3898 return -1;
3921 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3922 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3992 if (test -z "$have_intxx_t" && \
4036 if test -z "$have_u_intxx_t" ; then
4058 if (test -z "$have_u_int64_t" && \
4071 if test -z "$have_u_intxx_t" ; then
4090 if (test -z "$have_uintxx_t" && \
4103 if (test -z "$have_uintxx_t" && \
4116 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4689 LIBS="$LIBS -lresolv"
4690 AC_MSG_CHECKING([for res_query in -lresolv])
4737 LIBSELINUX=""
4739 [ --with-selinux Enable SELinux support],
4748 [ LIBSELINUX="-lselinux"
4749 LIBS="$LIBS -lselinux"
4751 AC_MSG_ERROR([SELinux support requires libselinux library]))
4753 LIBS="$save_LIBS $LIBSELINUX"
4761 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4783 K5CFLAGS=`$PKGCONFIG --cflags krb5`
4784 K5LIBS=`$PKGCONFIG --libs krb5`
4788 if "$PKGCONFIG" krb5-gssapi; then
4793 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4794 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4809 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4810 [$KRB5ROOT/bin/krb5-config],
4812 if test -x $KRB5CONF ; then
4813 K5CFLAGS="`$KRB5CONF --cflags`"
4814 K5LIBS="`$KRB5CONF --libs`"
4818 if $KRB5CONF | grep gssapi >/dev/null ; then
4823 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4824 GSSLIBS="`$KRB5CONF --libs gssapi`"
4839 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4840 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4846 K5LIBS="-lkrb5"
4847 K5LIBS="$K5LIBS -lcom_err -lasn1"
4849 [K5LIBS="$K5LIBS -lroken"])
4851 [K5LIBS="$K5LIBS -ldes"])
4853 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4859 GSSLIBS="-lgssapi_krb5" ],
4862 GSSLIBS="-lgssapi" ],
4865 GSSLIBS="-lgss" ],
4866 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4872 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4874 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4880 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4886 if test -n "${rpath_opt}" ; then
4889 if test ! -z "$blibpath" ; then
4928 AC_ARG_WITH([privsep-path],
4929 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4931 if test -n "$withval" && test "x$withval" != "xno" && \
4940 [ --with-xauth=PATH Specify path to xauth program ],
4942 if test -n "$withval" && test "x$withval" != "xno" && \
4954 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4960 STRIP_OPT=-s
4962 [ --disable-strip Disable calling strip(1) on install],
4971 if test -z "$xauth_path" ; then
4981 dnl # --with-maildir=/path/to/mail gets top priority.
4991 [ --with-maildir=/path/to/mail Specify your system mail directory],
5039 maildir_what=`awk -F: '{print $1}' conftest.maildir`
5040 maildir=`awk -F: '{print $2}' conftest.maildir \
5057 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5064 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5065 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5068 if test -z "$no_dev_ptmx" ; then
5070 AC_CHECK_FILE(["/dev/ptmx"],
5073 [Define if you have /dev/ptmx])
5080 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5081 AC_CHECK_FILE(["/dev/ptc"],
5084 [Define if you have /dev/ptc])
5089 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5094 [ --with-mantype=man|cat|doc Set man page type],
5106 if test -z "$MANTYPE"; then
5107 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5109 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5111 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5127 [ --without-shadow Disable shadow password support],
5136 if test -z "$disable_shadow" ; then
5156 if test ! -z "$IPADDR_IN_DISPLAY" ; then
5163 AC_ARG_WITH([ipaddr-display],
5164 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
5175 AC_ARG_ENABLE([etc-default-login],
5176 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5183 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5201 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5209 AC_ARG_WITH([default-path],
5210 [ --with-default-path= Specify default $PATH environment for server],
5214 --with-default-path=PATH has no effect on this system.
5217 if test ! -z "$external_path_file" ; then
5219 --with-default-path=PATH will only be used if PATH is not defined in
5229 if test ! -z "$external_path_file" ; then
5272 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5281 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
5282 if test $? -ne 0 ; then
5283 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
5284 if test $? -ne 0 ; then
5297 AC_ARG_WITH([superuser-path],
5298 [ --with-superuser-path= Specify different path for super-user],
5300 if test -n "$withval" && test "x$withval" != "xno" && \
5311 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5314 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
5338 AC_ARG_WITH([bsd-auth],
5339 [ --with-bsd-auth Enable BSD auth support],
5352 if test ! -d $piddir ; then
5359 AC_ARG_WITH([pid-dir],
5360 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5362 if test -n "$withval" && test "x$withval" != "xno" && \
5365 if test ! -d $piddir ; then
5377 AC_ARG_ENABLE([fd-passing],
5378 [ --disable-fd-passing disable file descriptor passsing [no]],
5388 [ --disable-lastlog disable use of lastlog even if detected [no]],
5396 [ --disable-utmp disable use of utmp even if detected [no]],
5404 [ --disable-utmpx disable use of utmpx even if detected [no]],
5413 [ --disable-wtmp disable use of wtmp even if detected [no]],
5421 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5430 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5438 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5448 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5458 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5462 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5470 dnl need for command-line parameters
5510 if test -z "$conf_lastlog_location"; then
5513 if (test -d "$f" || test -f "$f") ; then
5517 if test -z "$conf_lastlog_location"; then
5519 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5524 if test -n "$conf_lastlog_location"; then
5542 if test -z "$conf_utmp_location"; then
5545 if test -f $f ; then
5549 if test -z "$conf_utmp_location"; then
5554 if test -n "$conf_utmp_location"; then
5572 if test -z "$conf_wtmp_location"; then
5575 if test -f $f ; then
5579 if test -z "$conf_wtmp_location"; then
5584 if test -n "$conf_wtmp_location"; then
5605 if test -z "$conf_wtmpx_location"; then
5615 if test ! -z "$blibpath" ; then
5657 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5686 LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5687 CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5693 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5704 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5725 if test ! -z "$external_path_file"; then
5730 if test ! -z "$superuser_path" ; then
5760 if test ! -z "${CHANNELLIBS}"; then
5763 if test ! -z "${LIBFIDO2}"; then
5766 if test ! -z "${SSHDLIBS}"; then
5785 if test ! -z "$NO_PEERCHECK" ; then
5790 echo "ssh-agent. Their absence increases the risk that a malicious"