Lines Matching +full:pam +full:- +full:afs +full:- +full:session
2 # Copyright (c) 1999-2004 Damien Miller
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
22 if test "$i" -nt "$srcdir/configure"; then
33 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
37 ]], [[return F(1, 2, -3);]])],
39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
65 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
72 MANFMT="$NROFF -mandoc"
74 MANFMT="$GROFF -mandoc -Tascii"
87 if test -x /sbin/sh; then
96 if test -z "$AR" ; then
101 if test ! -z "$PATH_PASSWD_PROG" ; then
108 dnl use case we overlooked and someone needs to re-enable it. Unless a good
130 …[ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL…
149 [ --without-stackprotect Don't use compiler's stack protection], [
154 [ --without-hardening Don't use toolchain hardening flags], [
159 [ --without-retpoline Enable retpoline spectre mitigation], [
164 # We use -Werror for the tests only so that we catch warnings like "this is
165 # on by default" for things like -fPIE.
166 AC_MSG_CHECKING([if $CC supports -Werror])
168 CFLAGS="$CFLAGS -Werror"
171 WERROR="-Werror"],
179 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
191 ver="`$CC -v 2>&1`"
193 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \
201 OSSH_CHECK_CFLAG_COMPILE([-pipe])
202 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
203 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
204 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
205 OSSH_CHECK_CFLAG_COMPILE([-Wall])
206 OSSH_CHECK_CFLAG_COMPILE([-Wextra])
207 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
208 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
209 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
210 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
211 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
212 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
213 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
214 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
215 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
216 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
217 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
218 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
220 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
221 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
222 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
223 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
224 # NB. -ftrapv expects certain support functions to be present in
229 OSSH_CHECK_CFLAG_LINK([-ftrapv])
230 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See
232 # https://github.com/llvm/llvm-project/issues/59242
236 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
238 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
240 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
243 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
244 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
247 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
249 CFLAGS="$CFLAGS -fno-builtin-memset"
257 # -fstack-protector-all doesn't always work for some GCC versions
259 # on a given platform gcc will emit a warning so we use -Werror.
261 for t in -fstack-protector-strong -fstack-protector-all \
262 -fstack-protector; do
266 CFLAGS="$CFLAGS $t -Werror"
267 LDFLAGS="$LDFLAGS $t -Werror"
304 if test -z "$have_llong_max"; then
305 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
308 CFLAGS="$CFLAGS -std=gnu99"
344 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
354 [[ int a; a = 1; int b = 1; exit(a-b); ]])],
366 [ --without-rpath Disable auto-added -R linker paths],
371 rpath_opt="-R"
380 [ --with-cflags Specify additional flags to pass to compiler],
382 if test -n "$withval" && test "x$withval" != "xno" && \
389 AC_ARG_WITH([cflags-after],
390 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
392 if test -n "$withval" && test "x$withval" != "xno" && \
399 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
401 if test -n "$withval" && test "x$withval" != "xno" && \
408 [ --with-ldflags Specify additional flags to pass to linker],
410 if test -n "$withval" && test "x$withval" != "xno" && \
416 AC_ARG_WITH([ldflags-after],
417 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
419 if test -n "$withval" && test "x$withval" != "xno" && \
426 [ --with-libs Specify additional libraries to link with],
428 if test -n "$withval" && test "x$withval" != "xno" && \
435 [ --with-Werror Build main code with -Werror],
437 if test -n "$withval" && test "x$withval" != "xno"; then
438 werror_flags="-Werror"
446 dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
482 pam/pam_appl.h \
619 # Messages for features tested for in target-specific section
626 # the --with-solaris-privs option and --with-sandbox=solaris).
632 # Check for some target-specific stuff
634 *-*-aix*)
636 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
649 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
650 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
651 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
656 if (test -z "$blibpath"); then
661 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
663 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
666 if (test -z "$blibflags"); then
672 if (test -z "$blibflags"); then
674 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
684 LIBS="$LIBS -ls"
721 supported by bsd-setproctitle.c])
724 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
729 *-*-android*)
733 *-*-cygwin*)
750 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
753 *-*-dgux*)
760 *-*-darwin*)
764 #include <mach-o/dyld.h>
798 supported by bsd-setproctitle.c])
802 SSHDLIBS="$SSHDLIBS -lsandbox"
804 # proc_pidinfo()-based closefrom() replacement.
807 # poll(2) is broken for character-special devices (at least).
813 *-*-dragonfly*)
817 *-*-haiku*)
818 LIBS="$LIBS -lbsd "
819 CFLAGS="$CFLAGS -D_BSD_SOURCE"
825 *-*-hpux*)
826 # first we define all of the options common to all HP-UX releases
827 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
836 LIBS="$LIBS -lsec"
838 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
842 *-*-hpux10*)
843 if test -z "$GCC"; then
844 CFLAGS="$CFLAGS -Ae"
848 *-*-hpux11*)
850 [Define if you are using Solaris-derived PAM which
863 *-*-hpux10.26)
865 [Define if you have SecureWare-based
868 LIBS="$LIBS -lsecpw"
872 *-*-irix5*)
885 *-*-irix6*)
889 (cluster-wide session management, not C arrays)])
904 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
911 *-*-linux*)
915 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
918 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
921 [Work around problematic Linux PAM modules handling of PAM_TTY])
930 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
931 AC_ARG_WITH([linux-memlock-onfault],
932 [ --with-linux-memlock-onfault Enables memory locking on Linux],
954 case `uname -r` in
1003 x86_64-*)
1006 i*86-*)
1009 arm*-*)
1012 aarch64*-*)
1015 s390x-*)
1018 s390-*)
1021 powerpc-*)
1024 powerpc64-*)
1027 powerpc64le-*)
1030 mips-*)
1033 mipsel-*)
1036 mips64-*)
1046 mips64el-*)
1056 riscv64-*)
1068 *-*-minix)
1074 mips-sony-bsd|mips-sony-newsos4)
1078 *-*-netbsd*)
1080 rpath_opt="-R"
1082 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1092 *-*-freebsd*)
1105 *-*-freebsd9.*|*-*-freebsd10.*)
1106 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1110 *-*-bsdi*)
1115 *-next-*)
1124 *-*-openbsd*)
1133 *-*-solaris*)
1135 rpath_opt="-R"
1155 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1156 if test "$sol2ver" -ge 8; then
1168 AC_ARG_WITH([solaris-contracts],
1169 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1174 LIBS="$LIBS -lcontract"
1178 AC_ARG_WITH([solaris-projects],
1179 [ --with-solaris-projects Enable Solaris projects (experimental)],
1184 LIBS="$LIBS -lproject"
1188 AC_ARG_WITH([solaris-privs],
1189 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1192 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1203 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1209 *-*-sunos4*)
1210 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1219 *-ncr-sysv*)
1220 LIBS="$LIBS -lc89"
1227 *-sni-sysv*)
1230 # -lresolv needs to be at the end of LIBS or DNS lookups break
1231 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1245 *-*-sysv4.2*)
1255 *-*-sysv5*)
1256 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1267 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1270 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1271 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1278 *-*-sysv*)
1281 *-*-sco3.2v4*)
1285 *-*-sco3.2v5*)
1286 if test -z "$GCC"; then
1287 CFLAGS="$CFLAGS -belf"
1289 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1307 *-dec-osf*)
1311 [ --with-osfsia Enable Digital Unix SIA],
1319 if test -z "$no_osfsia" ; then
1320 if test -f /etc/sia/matrix.conf; then
1329 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1344 *-*-nto-qnx*)
1352 *-*-nto-qnx6*)
1358 *-*-ultrix*)
1359 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1369 mkdir -p netinet
1371 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1381 *-*-lynxos)
1382 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1386 *-*-gnu*)
1387 dnl GNU Hurd. Needs to be after the linux and the other *-gnu entries.
1388 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
1391 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
1415 LIBS="$LIBS -lgen"
1441 LIBS="$LIBS -lgen"
1449 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1456 [ --with-zlib=PATH Use zlib in PATH],
1460 if test -d "$withval/lib"; then
1461 if test -n "${rpath_opt}"; then
1462 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1464 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1467 if test -n "${rpath_opt}"; then
1468 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1470 LDFLAGS="-L${withval} ${LDFLAGS}"
1473 if test -d "$withval/include"; then
1474 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1476 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1488 CHANNELLIBS="$CHANNELLIBS -lz"
1491 …AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check confi…
1497 if test -n "${rpath_opt}"; then
1498 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1500 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1502 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1505 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1511 AC_ARG_WITH([zlib-version-check],
1512 [ --without-zlib-version-check Disable zlib version check],
1545 if test -z "$zlib_check_nonfatal" ; then
1546 AC_MSG_ERROR([*** zlib too old - check config.log ***
1550 "./configure --without-zlib-version-check".
1564 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1568 LIBS="$LIBS -lc89"]) ]
1592 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1597 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1611 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1700 if test -d "/proc/$$/fd" ; then
1709 AC_ARG_WITH([tcp-wrappers],
1710 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1716 if test -n "${withval}" && \
1718 if test -d "${withval}/lib"; then
1719 if test -n "${need_dash_r}"; then
1720 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1722 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1725 if test -n "${need_dash_r}"; then
1726 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1728 LDFLAGS="-L${withval} ${LDFLAGS}"
1731 if test -d "${withval}/include"; then
1732 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1734 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1737 LIBS="-lwrap $LIBS"
1752 SSHDLIBS="$SSHDLIBS -lwrap"
1765 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1769 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1771 LIBS="-lldns $LIBS"
1774 LIBS="$LIBS `$LDNSCONFIG --libs`"
1775 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1779 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1780 LDFLAGS="$LDFLAGS -L${withval}/lib"
1781 LIBS="-lldns $LIBS"
1812 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1825 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1826 if test -n "${rpath_opt}"; then
1827 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1829 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1833 LIBEDIT=`$PKGCONFIG --libs libedit`
1834 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1836 LIBEDIT="-ledit -lcurses"
1838 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1868 [ --with-wtmpdb[[=PATH]] Enable wtmpdb support for sshd],
1881 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1882 if test -n "${rpath_opt}"; then
1883 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1885 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1889 LIBWTMPDB=`$PKGCONFIG --libs libwtmpdb`
1890 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libwtmpdb`"
1892 LIBWTMPDB="-lwtmpdb"
1894 OTHERLIBS=`echo $LIBWTMPDB | sed 's/-lwtmpdb//'`
1909 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1932 if test "$sol2ver" -ge 11; then
1933 SSHDLIBS="$SSHDLIBS -lscf"
1943 SSHDLIBS="$SSHDLIBS -laudit"
1961 [ --with-pie Build Position Independent Executables if possible], [
1993 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1994 OSSH_CHECK_LDFLAG_LINK([-pie])
1995 # We use both -fPIE and -pie or neither.
1996 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1997 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1998 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
2007 AC_MSG_CHECKING([whether -fPIC is accepted])
2009 CFLAGS="$CFLAGS -fPIC"
2013 PICFLAG="-fPIC"; ],
2170 exit(y == 6 ? 0 : -1); ]])],
2189 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2209 [ --disable-pkcs11 disable PKCS#11 support code [no]],
2218 AC_ARG_ENABLE([security-key],
2219 [ --disable-security-key disable U2F/FIDO support code [no]],
2227 AC_ARG_WITH([security-key-builtin],
2228 [ --with-security-key-builtin include builtin U2F/FIDO support],
2233 AC_ARG_WITH([security-key-standalone],
2234 [ --with-security-key-standalone build standalone sk-libfido2 SecurityKeyProvider],
2264 dnl check if we need -D_REENTRANT for localtime_r declaration.
2267 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2441 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2448 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2557 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2570 if test ! -z "$check_for_openpty_ctty_bug"; then
2615 AC_MSG_RESULT([cross-compiling, assuming yes])
2649 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2650 if (ai->ai_family != AF_INET6)
2653 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2666 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2669 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2684 AC_MSG_RESULT([cross-compiling, assuming yes])
2718 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2719 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2722 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2726 if (ai->ai_family == AF_INET && err != 0) {
2737 for the all-zeros IPv6 address])
2744 AC_MSG_RESULT([cross-compiling, assuming no])
2841 exit(r == -1 ? 0 : 1);
2865 AC_ARG_WITH([ssl-dir],
2866 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2869 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2876 if test -d "$withval/lib"; then
2878 elif test -d "$withval/lib64"; then
2884 if test -n "${rpath_opt}"; then
2885 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2887 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2889 if test -d "$withval/include"; then
2890 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2892 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2896 if test -x "${withval}/bin/openssl" && \
2899 elif test -x "${withval}/apps/openssl" && \
2909 AC_ARG_WITH([openssl-header-check],
2910 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2919 AC_ARG_WITH([ssl-engine],
2920 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2924 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2933 LIBS="-lcrypto $LIBS"
2934 CHANNELLIBS="-lcrypto $CHANNELLIBS"
2938 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
3009 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
3018 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
3026 lver=`echo "$sslver" | sed 's/.*libressl-//'`
3036 # https://openssl.org/policies/general/versioning-policy.html
3037 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
3055 x86_64-*)
3058 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
3083 by running "./configure --without-openssl-header-check".
3106 LIBS="$LIBS -ldl"
3107 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
3113 CHANNELLIBS="$CHANNELLIBS -ldl"
3283 [ AC_MSG_WARN([cross-compiling: assuming yes])
3302 ecdsa-sha2-nistp256 \
3303 ecdh-sha2-nistp256 \
3304 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3310 ecdsa-sha2-nistp384 \
3311 ecdh-sha2-nistp384 \
3312 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3318 ecdh-sha2-nistp521 \
3319 ecdsa-sha2-nistp521 \
3320 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3353 [enable_pkcs11="disabled; PKCS#11 not supported with AWS-LC"],
3368 if test ! -z "$disable_pkcs11" ; then
3371 if test ! -z "$disable_sk" ; then
3384 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3386 # Do not try to build sk-dummy library.
3391 # Now check for built-in security key support.
3392 if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3404 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3405 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3407 LIBFIDO2="-lprivatefido2 -lprivatecbor"
3409 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3423 if test ! -z "$fido2_error" ; then
3433 [Enable for built-in U2F/FIDO support])
3434 enable_sk="built-in"
3452 AC_MSG_CHECKING([whether to build standalone sk-libfido2])
3455 AC_SUBST([SK_STANDALONE], [sk-libfido2$SHLIBEXT])
3497 AC_ARG_WITH([prngd-port],
3498 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3504 [[0-9]]*)
3507 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3510 if test ! -z "$withval" ; then
3519 AC_ARG_WITH([prngd-socket],
3520 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3524 withval="/var/run/egd-pool"
3536 if test ! -z "$withval" ; then
3537 if test ! -z "$PRNGD_PORT" ; then
3540 if test ! -r "$withval" ; then
3553 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3554 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3560 if test ! -z "$PRNGD_SOCKET" ; then
3570 if test ! -z "$PRNGD_PORT" ; then
3572 elif test ! -z "$PRNGD_SOCKET" ; then
3574 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3581 …figure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --…
3587 LIBS="$LIBS -liaf"
3588 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3598 LIBS="-lcrypt $LIBS"
3599 SSHDLIBS="-lcrypt $SSHDLIBS"
3604 # Check for PAM libs
3606 AC_ARG_WITH([pam], optwith
3607 [ --with-pam Enable PAM support ],
3612 AC_MSG_ERROR([PAM headers not found])
3617 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3624 SSHDLIBS="$SSHDLIBS -lpam"
3626 [Define if you want to enable PAM support])
3630 *-ldl*)
3634 SSHDLIBS="$SSHDLIBS -ldl"
3642 AC_ARG_WITH([pam-service],
3643 [ --with-pam-service=name Specify PAM service name ],
3648 ["$withval"], [sshd PAM service name])
3653 # Check for older PAM
3655 # Check PAM strerror arguments (old PAM)
3662 #include <pam/pam_appl.h>
3665 (void)pam_strerror((pam_handle_t *)NULL, -1);
3668 [Define if you have an old version of PAM
3677 *-*-cygwin*)
3684 AC_ARG_WITH([privsep-user],
3685 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3687 if test -n "$withval" && test "x$withval" != "xno" && \
3695 [Cygwin function to fetch non-privileged user for privilege separation])
3698 [non-privileged user for privilege separation])
3753 …[ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, sec…
3805 if (r == -1)
3811 if (r == -1)
3840 exit (r == -1 ? 1 : 0);
3871 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3873 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3879 ( test -z "$sandbox_arg" && \
3898 ( test -z "$sandbox_arg" && \
3909 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3919 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3922 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3927 AC_MSG_ERROR([unsupported --with-sandbox])
3930 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3931 if test ! -z "$SONY" ; then
3932 LIBS="$LIBS -liberty";
3960 if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3973 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3986 if (fprintf(f, "-") < 0)
3987 return -1;
3993 if (fprintf(f, "%d", l[--i]) < 0)
3994 return -1;
3997 return -1;
4020 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
4021 || llmax - 1 > llmax || llmin == llmax || llmin == 0
4091 if (test -z "$have_intxx_t" && \
4135 if test -z "$have_u_intxx_t" ; then
4157 if (test -z "$have_u_int64_t" && \
4170 if test -z "$have_u_intxx_t" ; then
4189 if (test -z "$have_uintxx_t" && \
4202 if (test -z "$have_uintxx_t" && \
4215 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4792 LIBS="$LIBS -lresolv"
4793 AC_MSG_CHECKING([for res_query in -lresolv])
4842 [ --with-selinux Enable SELinux support],
4851 [ LIBSELINUX="-lselinux"
4852 LIBS="$LIBS -lselinux"
4864 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4886 K5CFLAGS=`$PKGCONFIG --cflags krb5`
4887 K5LIBS=`$PKGCONFIG --libs krb5`
4891 if "$PKGCONFIG" krb5-gssapi; then
4896 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4897 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4912 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4913 [$KRB5ROOT/bin/krb5-config],
4915 if test -x $KRB5CONF ; then
4916 K5CFLAGS="`$KRB5CONF --cflags`"
4917 K5LIBS="`$KRB5CONF --libs`"
4926 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4927 GSSLIBS="`$KRB5CONF --libs gssapi`"
4942 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4943 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4949 K5LIBS="-lkrb5"
4950 K5LIBS="$K5LIBS -lcom_err -lasn1"
4952 [K5LIBS="$K5LIBS -lroken"])
4954 [K5LIBS="$K5LIBS -ldes"])
4956 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4962 GSSLIBS="-lgssapi_krb5" ],
4965 GSSLIBS="-lgssapi" ],
4968 GSSLIBS="-lgss" ],
4969 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4975 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4977 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4983 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4989 if test -n "${rpath_opt}" ; then
4992 if test ! -z "$blibpath" ; then
5001 [Define this if you want to use libkafs' AFS support])])
5031 AC_ARG_WITH([privsep-path],
5032 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
5034 if test -n "$withval" && test "x$withval" != "xno" && \
5043 [ --with-xauth=PATH Specify path to xauth program ],
5045 if test -n "$withval" && test "x$withval" != "xno" && \
5057 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
5063 STRIP_OPT=-s
5065 [ --disable-strip Disable calling strip(1) on install],
5074 if test -z "$xauth_path" ; then
5084 dnl # --with-maildir=/path/to/mail gets top priority.
5089 dnl # session.c expects anyway. Otherwise we set to the value found
5094 [ --with-maildir=/path/to/mail Specify your system mail directory],
5142 maildir_what=`awk -F: '{print $1}' conftest.maildir`
5143 maildir=`awk -F: '{print $2}' conftest.maildir \
5160 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5167 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5171 if test -z "$no_dev_ptmx" ; then
5183 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5197 [ --with-mantype=man|cat|doc Set man page type],
5209 if test -z "$MANTYPE"; then
5212 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5214 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5230 [ --without-shadow Disable shadow password support],
5239 if test -z "$disable_shadow" ; then
5259 if test ! -z "$IPADDR_IN_DISPLAY" ; then
5266 AC_ARG_WITH([ipaddr-display],
5267 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
5278 AC_ARG_ENABLE([etc-default-login],
5279 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5286 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5304 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5312 AC_ARG_WITH([default-path],
5313 [ --with-default-path= Specify default $PATH environment for server],
5317 --with-default-path=PATH has no effect on this system.
5320 if test ! -z "$external_path_file" ; then
5322 --with-default-path=PATH will only be used if PATH is not defined in
5332 if test ! -z "$external_path_file" ; then
5385 if test $? -ne 0 ; then
5387 if test $? -ne 0 ; then
5400 AC_ARG_WITH([superuser-path],
5401 [ --with-superuser-path= Specify different path for super-user],
5403 if test -n "$withval" && test "x$withval" != "xno" && \
5414 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5417 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
5441 AC_ARG_WITH([bsd-auth],
5442 [ --with-bsd-auth Enable BSD auth support],
5455 if test ! -d $piddir ; then
5462 AC_ARG_WITH([pid-dir],
5463 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5465 if test -n "$withval" && test "x$withval" != "xno" && \
5468 if test ! -d $piddir ; then
5480 AC_ARG_ENABLE([fd-passing],
5481 [ --disable-fd-passing disable file descriptor passsing [no]],
5491 [ --disable-lastlog disable use of lastlog even if detected [no]],
5499 [ --disable-utmp disable use of utmp even if detected [no]],
5507 [ --disable-utmpx disable use of utmpx even if detected [no]],
5516 [ --disable-wtmp disable use of wtmp even if detected [no]],
5524 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5533 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5541 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5551 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5561 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5565 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5573 dnl need for command-line parameters
5613 if test -z "$conf_lastlog_location"; then
5616 if (test -d "$f" || test -f "$f") ; then
5620 if test -z "$conf_lastlog_location"; then
5622 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5627 if test -n "$conf_lastlog_location"; then
5645 if test -z "$conf_utmp_location"; then
5648 if test -f $f ; then
5652 if test -z "$conf_utmp_location"; then
5657 if test -n "$conf_utmp_location"; then
5675 if test -z "$conf_wtmp_location"; then
5678 if test -f $f ; then
5682 if test -z "$conf_wtmp_location"; then
5687 if test -n "$conf_wtmp_location"; then
5708 if test -z "$conf_wtmpx_location"; then
5718 if test ! -z "$blibpath" ; then
5760 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5789 LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/^-pie //;s/ -pie//g'`
5790 CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/^-fPIE //;s/ -fPIE//g'`
5796 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5807 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5828 if test ! -z "$external_path_file"; then
5833 if test ! -z "$superuser_path" ; then
5837 echo " PAM support: $PAM_MSG"
5863 if test ! -z "${CHANNELLIBS}"; then
5866 if test ! -z "${LIBFIDO2}"; then
5869 if test ! -z "${SSHDLIBS}"; then
5881 echo "PAM is enabled. You may need to install a PAM control file "
5883 echo "Example PAM control files can be found in the contrib/ "
5888 if test ! -z "$NO_PEERCHECK" ; then
5893 echo "ssh-agent. Their absence increases the risk that a malicious"