xref: /freebsd/crypto/openssh/configure.ac (revision 1f1e2261e341e6ca6862f82261066ef1705f0a7a)
1#
2# Copyright (c) 1999-2004 Damien Miller
3#
4# Permission to use, copy, modify, and distribute this software for any
5# purpose with or without fee is hereby granted, provided that the above
6# copyright notice and this permission notice appear in all copies.
7#
8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15
16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17AC_CONFIG_MACRO_DIR([m4])
18AC_CONFIG_SRCDIR([ssh.c])
19AC_LANG([C])
20
21AC_CONFIG_HEADERS([config.h])
22AC_PROG_CC([cc gcc clang])
23
24# XXX relax this after reimplementing logit() etc.
25AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
26AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
27int f(int a, int b, int c) { return a + b + c; }
28#define F(a, ...) f(a, __VA_ARGS__)
29]], [[return F(1, 2, -3);]])],
30	[ AC_MSG_RESULT([yes]) ],
31	[ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
32)
33
34AC_CANONICAL_HOST
35AC_C_BIGENDIAN
36
37# Checks for programs.
38AC_PROG_AWK
39AC_PROG_CPP
40AC_PROG_RANLIB
41AC_PROG_INSTALL
42AC_PROG_EGREP
43AC_PROG_MKDIR_P
44AC_CHECK_TOOLS([AR], [ar])
45AC_PATH_PROG([CAT], [cat])
46AC_PATH_PROG([KILL], [kill])
47AC_PATH_PROG([SED], [sed])
48AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
49AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
50AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
51AC_PATH_PROG([SH], [bash])
52AC_PATH_PROG([SH], [ksh])
53AC_PATH_PROG([SH], [sh])
54AC_PATH_PROG([GROFF], [groff])
55AC_PATH_PROG([NROFF], [nroff awf])
56AC_PATH_PROG([MANDOC], [mandoc])
57AC_SUBST([TEST_SHELL], [sh])
58
59dnl select manpage formatter to be used to build "cat" format pages.
60if test "x$MANDOC" != "x" ; then
61	MANFMT="$MANDOC"
62elif test "x$NROFF" != "x" ; then
63	MANFMT="$NROFF -mandoc"
64elif test "x$GROFF" != "x" ; then
65	MANFMT="$GROFF -mandoc -Tascii"
66else
67	AC_MSG_WARN([no manpage formatter found])
68	MANFMT="false"
69fi
70AC_SUBST([MANFMT])
71
72dnl for buildpkg.sh
73AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
74	[/usr/sbin${PATH_SEPARATOR}/etc])
75AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
76	[/usr/sbin${PATH_SEPARATOR}/etc])
77AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
78if test -x /sbin/sh; then
79	AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
80else
81	AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
82fi
83
84# System features
85AC_SYS_LARGEFILE
86
87if test -z "$AR" ; then
88	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
89fi
90
91AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
92if test ! -z "$PATH_PASSWD_PROG" ; then
93	AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
94		[Full path of your "passwd" program])
95fi
96
97dnl Since autoconf doesn't support it very well,  we no longer allow users to
98dnl override LD, however keeping the hook here for now in case there's a use
99dnl use case we overlooked and someone needs to re-enable it.  Unless a good
100dnl reason is found we'll be removing this in future.
101LD="$CC"
102AC_SUBST([LD])
103
104AC_C_INLINE
105
106AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
107AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
108AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
109	#include <sys/types.h>
110	#include <sys/param.h>
111	#include <dev/systrace.h>
112])
113AC_CHECK_DECL([RLIMIT_NPROC],
114    [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
115	#include <sys/types.h>
116	#include <sys/resource.h>
117])
118AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
119	#include <sys/types.h>
120	#include <linux/prctl.h>
121])
122
123openssl=yes
124AC_ARG_WITH([openssl],
125	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
126	[  if test "x$withval" = "xno" ; then
127		openssl=no
128	   fi
129	]
130)
131AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
132if test "x$openssl" = "xyes" ; then
133	AC_MSG_RESULT([yes])
134	AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
135else
136	AC_MSG_RESULT([no])
137fi
138
139use_stack_protector=1
140use_toolchain_hardening=1
141AC_ARG_WITH([stackprotect],
142    [  --without-stackprotect  Don't use compiler's stack protection], [
143    if test "x$withval" = "xno"; then
144	use_stack_protector=0
145    fi ])
146AC_ARG_WITH([hardening],
147    [  --without-hardening     Don't use toolchain hardening flags], [
148    if test "x$withval" = "xno"; then
149	use_toolchain_hardening=0
150    fi ])
151
152# We use -Werror for the tests only so that we catch warnings like "this is
153# on by default" for things like -fPIE.
154AC_MSG_CHECKING([if $CC supports -Werror])
155saved_CFLAGS="$CFLAGS"
156CFLAGS="$CFLAGS -Werror"
157AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
158	[ AC_MSG_RESULT([yes])
159	  WERROR="-Werror"],
160	[ AC_MSG_RESULT([no])
161	  WERROR="" ]
162)
163CFLAGS="$saved_CFLAGS"
164
165if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
166	OSSH_CHECK_CFLAG_COMPILE([-pipe])
167	OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
168	OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
169	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
170	OSSH_CHECK_CFLAG_COMPILE([-Wall])
171	OSSH_CHECK_CFLAG_COMPILE([-Wextra])
172	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
173	OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
174	OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
175	OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
176	OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
177	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
178	OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
179	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
180	OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
181	OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
182	OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
183	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
184    if test "x$use_toolchain_hardening" = "x1"; then
185	OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
186	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
187	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
188	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
189	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
190	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
191	# NB. -ftrapv expects certain support functions to be present in
192	# the compiler library (libgcc or similar) to detect integer operations
193	# that can overflow. We must check that the result of enabling it
194	# actually links. The test program compiled/linked includes a number
195	# of integer operations that should exercise this.
196	OSSH_CHECK_CFLAG_LINK([-ftrapv])
197	OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all])
198	OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
199    fi
200	AC_MSG_CHECKING([gcc version])
201	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
202	case $GCC_VER in
203		1.*) no_attrib_nonnull=1 ;;
204		2.8* | 2.9*)
205		     no_attrib_nonnull=1
206		     ;;
207		2.*) no_attrib_nonnull=1 ;;
208		*) ;;
209	esac
210	AC_MSG_RESULT([$GCC_VER])
211
212	AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
213	saved_CFLAGS="$CFLAGS"
214	CFLAGS="$CFLAGS -fno-builtin-memset"
215	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
216			[[ char b[10]; memset(b, 0, sizeof(b)); ]])],
217		[ AC_MSG_RESULT([yes]) ],
218		[ AC_MSG_RESULT([no])
219		  CFLAGS="$saved_CFLAGS" ]
220	)
221
222	# -fstack-protector-all doesn't always work for some GCC versions
223	# and/or platforms, so we test if we can.  If it's not supported
224	# on a given platform gcc will emit a warning so we use -Werror.
225	if test "x$use_stack_protector" = "x1"; then
226	    for t in -fstack-protector-strong -fstack-protector-all \
227		    -fstack-protector; do
228		AC_MSG_CHECKING([if $CC supports $t])
229		saved_CFLAGS="$CFLAGS"
230		saved_LDFLAGS="$LDFLAGS"
231		CFLAGS="$CFLAGS $t -Werror"
232		LDFLAGS="$LDFLAGS $t -Werror"
233		AC_LINK_IFELSE(
234			[AC_LANG_PROGRAM([[
235	#include <stdio.h>
236	int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
237			 ]],
238			[[
239	char x[256];
240	snprintf(x, sizeof(x), "XXX%d", func(1));
241			 ]])],
242		    [ AC_MSG_RESULT([yes])
243		      CFLAGS="$saved_CFLAGS $t"
244		      LDFLAGS="$saved_LDFLAGS $t"
245		      AC_MSG_CHECKING([if $t works])
246		      AC_RUN_IFELSE(
247			[AC_LANG_PROGRAM([[
248	#include <stdio.h>
249	int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
250			]],
251			[[
252	char x[256];
253	snprintf(x, sizeof(x), "XXX%d", func(1));
254			]])],
255			[ AC_MSG_RESULT([yes])
256			  break ],
257			[ AC_MSG_RESULT([no]) ],
258			[ AC_MSG_WARN([cross compiling: cannot test])
259			  break ]
260		      )
261		    ],
262		    [ AC_MSG_RESULT([no]) ]
263		)
264		CFLAGS="$saved_CFLAGS"
265		LDFLAGS="$saved_LDFLAGS"
266	    done
267	fi
268
269	if test -z "$have_llong_max"; then
270		# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
271		unset ac_cv_have_decl_LLONG_MAX
272		saved_CFLAGS="$CFLAGS"
273		CFLAGS="$CFLAGS -std=gnu99"
274		AC_CHECK_DECL([LLONG_MAX],
275		    [have_llong_max=1],
276		    [CFLAGS="$saved_CFLAGS"],
277		    [#include <limits.h>]
278		)
279	fi
280fi
281
282AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
283AC_COMPILE_IFELSE(
284    [AC_LANG_PROGRAM([[
285#include <stdlib.h>
286__attribute__((__unused__)) static void foo(void){return;}]],
287    [[ exit(0); ]])],
288    [ AC_MSG_RESULT([yes]) ],
289    [ AC_MSG_RESULT([no])
290      AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
291	 [compiler does not accept __attribute__ on return types]) ]
292)
293
294AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
295AC_COMPILE_IFELSE(
296    [AC_LANG_PROGRAM([[
297#include <stdlib.h>
298typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
299    [[ exit(0); ]])],
300    [ AC_MSG_RESULT([yes]) ],
301    [ AC_MSG_RESULT([no])
302      AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
303	 [compiler does not accept __attribute__ on prototype args]) ]
304)
305
306AC_MSG_CHECKING([if compiler supports variable length arrays])
307AC_COMPILE_IFELSE(
308    [AC_LANG_PROGRAM([[#include <stdlib.h>]],
309    [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
310    [ AC_MSG_RESULT([yes])
311      AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
312	 [compiler supports variable length arrays]) ],
313    [ AC_MSG_RESULT([no]) ]
314)
315
316AC_MSG_CHECKING([if compiler accepts variable declarations after code])
317AC_COMPILE_IFELSE(
318    [AC_LANG_PROGRAM([[#include <stdlib.h>]],
319    [[ int a; a = 1; int b = 1; exit(a-b); ]])],
320    [ AC_MSG_RESULT([yes])
321      AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
322	 [compiler variable declarations after code]) ],
323    [ AC_MSG_RESULT([no]) ]
324)
325
326if test "x$no_attrib_nonnull" != "x1" ; then
327	AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
328fi
329
330AC_ARG_WITH([rpath],
331	[  --without-rpath         Disable auto-added -R linker paths],
332	[
333		if test "x$withval" = "xno" ; then
334			rpath_opt=""
335		elif test "x$withval" = "xyes" ; then
336			rpath_opt="-R"
337		else
338			rpath_opt="$withval"
339		fi
340	]
341)
342
343# Allow user to specify flags
344AC_ARG_WITH([cflags],
345	[  --with-cflags           Specify additional flags to pass to compiler],
346	[
347		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
348		    test "x${withval}" != "xyes"; then
349			CFLAGS="$CFLAGS $withval"
350		fi
351	]
352)
353
354AC_ARG_WITH([cflags-after],
355	[  --with-cflags-after     Specify additional flags to pass to compiler after configure],
356	[
357		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
358		    test "x${withval}" != "xyes"; then
359			CFLAGS_AFTER="$withval"
360		fi
361	]
362)
363AC_ARG_WITH([cppflags],
364	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
365	[
366		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
367		    test "x${withval}" != "xyes"; then
368			CPPFLAGS="$CPPFLAGS $withval"
369		fi
370	]
371)
372AC_ARG_WITH([ldflags],
373	[  --with-ldflags          Specify additional flags to pass to linker],
374	[
375		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
376		    test "x${withval}" != "xyes"; then
377			LDFLAGS="$LDFLAGS $withval"
378		fi
379	]
380)
381AC_ARG_WITH([ldflags-after],
382	[  --with-ldflags-after    Specify additional flags to pass to linker after configure],
383	[
384		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
385		    test "x${withval}" != "xyes"; then
386			LDFLAGS_AFTER="$withval"
387		fi
388	]
389)
390AC_ARG_WITH([libs],
391	[  --with-libs             Specify additional libraries to link with],
392	[
393		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
394		    test "x${withval}" != "xyes"; then
395			LIBS="$LIBS $withval"
396		fi
397	]
398)
399AC_ARG_WITH([Werror],
400	[  --with-Werror           Build main code with -Werror],
401	[
402		if test -n "$withval"  &&  test "x$withval" != "xno"; then
403			werror_flags="-Werror"
404			if test "x${withval}" != "xyes"; then
405				werror_flags="$withval"
406			fi
407		fi
408	]
409)
410
411AC_CHECK_HEADERS([ \
412	blf.h \
413	bstring.h \
414	crypt.h \
415	crypto/sha2.h \
416	dirent.h \
417	endian.h \
418	elf.h \
419	err.h \
420	features.h \
421	fcntl.h \
422	floatingpoint.h \
423	fnmatch.h \
424	getopt.h \
425	glob.h \
426	ia.h \
427	iaf.h \
428	ifaddrs.h \
429	inttypes.h \
430	langinfo.h \
431	limits.h \
432	locale.h \
433	login.h \
434	maillock.h \
435	ndir.h \
436	net/if_tun.h \
437	netdb.h \
438	netgroup.h \
439	pam/pam_appl.h \
440	paths.h \
441	poll.h \
442	pty.h \
443	readpassphrase.h \
444	rpc/types.h \
445	security/pam_appl.h \
446	sha2.h \
447	shadow.h \
448	stddef.h \
449	stdint.h \
450	string.h \
451	strings.h \
452	sys/bitypes.h \
453	sys/byteorder.h \
454	sys/bsdtty.h \
455	sys/cdefs.h \
456	sys/dir.h \
457	sys/file.h \
458	sys/mman.h \
459	sys/label.h \
460	sys/ndir.h \
461	sys/param.h \
462	sys/poll.h \
463	sys/prctl.h \
464	sys/procctl.h \
465	sys/pstat.h \
466	sys/ptrace.h \
467	sys/random.h \
468	sys/select.h \
469	sys/stat.h \
470	sys/stream.h \
471	sys/stropts.h \
472	sys/strtio.h \
473	sys/statvfs.h \
474	sys/sysmacros.h \
475	sys/time.h \
476	sys/timers.h \
477	sys/vfs.h \
478	time.h \
479	tmpdir.h \
480	ttyent.h \
481	ucred.h \
482	unistd.h \
483	usersec.h \
484	util.h \
485	utime.h \
486	utmp.h \
487	utmpx.h \
488	vis.h \
489	wchar.h \
490])
491
492# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
493# to be included first.
494AC_CHECK_HEADERS([sys/audit.h], [], [], [
495#ifdef HAVE_SYS_TIME_H
496# include <sys/time.h>
497#endif
498#ifdef HAVE_SYS_TYPES_H
499# include <sys/types.h>
500#endif
501#ifdef HAVE_SYS_LABEL_H
502# include <sys/label.h>
503#endif
504])
505
506# sys/capsicum.h requires sys/types.h
507AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
508#ifdef HAVE_SYS_TYPES_H
509# include <sys/types.h>
510#endif
511])
512
513# net/route.h requires sys/socket.h and sys/types.h.
514# sys/sysctl.h also requires sys/param.h
515AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
516#ifdef HAVE_SYS_TYPES_H
517# include <sys/types.h>
518#endif
519#include <sys/param.h>
520#include <sys/socket.h>
521])
522
523# lastlog.h requires sys/time.h to be included first on Solaris
524AC_CHECK_HEADERS([lastlog.h], [], [], [
525#ifdef HAVE_SYS_TIME_H
526# include <sys/time.h>
527#endif
528])
529
530# sys/ptms.h requires sys/stream.h to be included first on Solaris
531AC_CHECK_HEADERS([sys/ptms.h], [], [], [
532#ifdef HAVE_SYS_STREAM_H
533# include <sys/stream.h>
534#endif
535])
536
537# login_cap.h requires sys/types.h on NetBSD
538AC_CHECK_HEADERS([login_cap.h], [], [], [
539#include <sys/types.h>
540])
541
542# older BSDs need sys/param.h before sys/mount.h
543AC_CHECK_HEADERS([sys/mount.h], [], [], [
544#include <sys/param.h>
545])
546
547# Android requires sys/socket.h to be included before sys/un.h
548AC_CHECK_HEADERS([sys/un.h], [], [], [
549#include <sys/types.h>
550#include <sys/socket.h>
551])
552
553# Messages for features tested for in target-specific section
554SIA_MSG="no"
555SPC_MSG="no"
556SP_MSG="no"
557SPP_MSG="no"
558
559# Support for Solaris/Illumos privileges (this test is used by both
560# the --with-solaris-privs option and --with-sandbox=solaris).
561SOLARIS_PRIVS="no"
562
563# Check for some target-specific stuff
564case "$host" in
565*-*-aix*)
566	# Some versions of VAC won't allow macro redefinitions at
567	# -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
568	# particularly with older versions of vac or xlc.
569	# It also throws errors about null macro arguments, but these are
570	# not fatal.
571	AC_MSG_CHECKING([if compiler allows macro redefinitions])
572	AC_COMPILE_IFELSE(
573	    [AC_LANG_PROGRAM([[
574#define testmacro foo
575#define testmacro bar]],
576	    [[ exit(0); ]])],
577	    [ AC_MSG_RESULT([yes]) ],
578	    [ AC_MSG_RESULT([no])
579	      CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
580	      CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
581	      CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
582	    ]
583	)
584
585	AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
586	if (test -z "$blibpath"); then
587		blibpath="/usr/lib:/lib"
588	fi
589	saved_LDFLAGS="$LDFLAGS"
590	if test "$GCC" = "yes"; then
591		flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
592	else
593		flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
594	fi
595	for tryflags in $flags ;do
596		if (test -z "$blibflags"); then
597			LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
598			AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
599			[blibflags=$tryflags], [])
600		fi
601	done
602	if (test -z "$blibflags"); then
603		AC_MSG_RESULT([not found])
604		AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
605	else
606		AC_MSG_RESULT([$blibflags])
607	fi
608	LDFLAGS="$saved_LDFLAGS"
609	dnl Check for authenticate.  Might be in libs.a on older AIXes
610	AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
611		[Define if you want to enable AIX4's authenticate function])],
612		[AC_CHECK_LIB([s], [authenticate],
613			[ AC_DEFINE([WITH_AIXAUTHENTICATE])
614				LIBS="$LIBS -ls"
615			])
616		])
617	dnl Check for various auth function declarations in headers.
618	AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
619	    passwdexpired, setauthdb], , , [#include <usersec.h>])
620	dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
621	AC_CHECK_DECLS([loginfailed],
622	    [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
623	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
624		[[ (void)loginfailed("user","host","tty",0); ]])],
625		[AC_MSG_RESULT([yes])
626		AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
627			[Define if your AIX loginfailed() function
628			takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
629	    ])],
630	    [],
631	    [#include <usersec.h>]
632	)
633	AC_CHECK_FUNCS([getgrset setauthdb])
634	AC_CHECK_DECL([F_CLOSEM],
635	    AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
636	    [],
637	    [ #include <limits.h>
638	      #include <fcntl.h> ]
639	)
640	check_for_aix_broken_getaddrinfo=1
641	AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
642	    [Define if your platform breaks doing a seteuid before a setuid])
643	AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
644	AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
645	dnl AIX handles lastlog as part of its login message
646	AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
647	AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
648		[Some systems need a utmpx entry for /bin/login to work])
649	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
650		[Define to a Set Process Title type if your system is
651		supported by bsd-setproctitle.c])
652	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
653	    [AIX 5.2 and 5.3 (and presumably newer) require this])
654	AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
655	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
656	AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
657	AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
658	;;
659*-*-android*)
660	AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
661	AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
662	;;
663*-*-cygwin*)
664	check_for_libcrypt_later=1
665	LIBS="$LIBS /usr/lib/textreadmode.o"
666	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
667	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
668	AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
669		[Define to disable UID restoration test])
670	AC_DEFINE([DISABLE_SHADOW], [1],
671		[Define if you want to disable shadow passwords])
672	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
673		[Define if X11 doesn't support AF_UNIX sockets on that system])
674	AC_DEFINE([DISABLE_FD_PASSING], [1],
675		[Define if your platform needs to skip post auth
676		file descriptor passing])
677	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
678	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
679	# Cygwin defines optargs, optargs as declspec(dllimport) for historical
680	# reasons which cause compile warnings, so we disable those warnings.
681	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
682	;;
683*-*-dgux*)
684	AC_DEFINE([IP_TOS_IS_BROKEN], [1],
685		[Define if your system choked on IP TOS setting])
686	AC_DEFINE([SETEUID_BREAKS_SETUID])
687	AC_DEFINE([BROKEN_SETREUID])
688	AC_DEFINE([BROKEN_SETREGID])
689	;;
690*-*-darwin*)
691	use_pie=auto
692	AC_MSG_CHECKING([if we have working getaddrinfo])
693	AC_RUN_IFELSE([AC_LANG_SOURCE([[
694#include <mach-o/dyld.h>
695#include <stdlib.h>
696main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
697		exit(0);
698	else
699		exit(1);
700}
701			]])],
702	[AC_MSG_RESULT([working])],
703	[AC_MSG_RESULT([buggy])
704	AC_DEFINE([BROKEN_GETADDRINFO], [1],
705		[getaddrinfo is broken (if present)])
706	],
707	[AC_MSG_RESULT([assume it is working])])
708	AC_DEFINE([SETEUID_BREAKS_SETUID])
709	AC_DEFINE([BROKEN_SETREUID])
710	AC_DEFINE([BROKEN_SETREGID])
711	AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
712	AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
713		[Define if your resolver libs need this for getrrsetbyname])
714	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
715	AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
716	    [Use tunnel device compatibility to OpenBSD])
717	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
718	    [Prepend the address family to IP tunnel traffic])
719	m4_pattern_allow([AU_IPv])
720	AC_CHECK_DECL([AU_IPv4], [],
721	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
722	    [#include <bsm/audit.h>]
723	AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
724	    [Define if pututxline updates lastlog too])
725	)
726	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
727		[Define to a Set Process Title type if your system is
728		supported by bsd-setproctitle.c])
729	AC_CHECK_FUNCS([sandbox_init])
730	AC_CHECK_HEADERS([sandbox.h])
731	AC_CHECK_LIB([sandbox], [sandbox_apply], [
732	    SSHDLIBS="$SSHDLIBS -lsandbox"
733	])
734	# proc_pidinfo()-based closefrom() replacement.
735	AC_CHECK_HEADERS([libproc.h])
736	AC_CHECK_FUNCS([proc_pidinfo])
737	# poll(2) is broken for character-special devices (at least).
738	# cf. Apple bug 3710161 (not public, but searchable)
739	AC_DEFINE([BROKEN_POLL], [1],
740	    [System poll(2) implementation is broken])
741	;;
742*-*-dragonfly*)
743	SSHDLIBS="$SSHDLIBS -lcrypt"
744	TEST_MALLOC_OPTIONS="AFGJPRX"
745	;;
746*-*-haiku*)
747	LIBS="$LIBS -lbsd "
748	CFLAGS="$CFLAGS -D_BSD_SOURCE"
749	AC_CHECK_LIB([network], [socket])
750	AC_DEFINE([HAVE_U_INT64_T])
751	AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
752	MANTYPE=man
753	;;
754*-*-hpux*)
755	# first we define all of the options common to all HP-UX releases
756	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
757	IPADDR_IN_DISPLAY=yes
758	AC_DEFINE([USE_PIPES])
759	AC_DEFINE([LOGIN_NEEDS_UTMPX])
760	AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
761		[String used in /etc/passwd to denote locked account])
762	AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
763	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
764	maildir="/var/mail"
765	LIBS="$LIBS -lsec"
766	AC_CHECK_LIB([xnet], [t_error], ,
767	    [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
768
769	# next, we define all of the options specific to major releases
770	case "$host" in
771	*-*-hpux10*)
772		if test -z "$GCC"; then
773			CFLAGS="$CFLAGS -Ae"
774		fi
775		AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect])
776		;;
777	*-*-hpux11*)
778		AC_DEFINE([PAM_SUN_CODEBASE], [1],
779			[Define if you are using Solaris-derived PAM which
780			passes pam_messages to the conversation function
781			with an extra level of indirection])
782		AC_DEFINE([DISABLE_UTMP], [1],
783			[Define if you don't want to use utmp])
784		AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
785		check_for_hpux_broken_getaddrinfo=1
786		check_for_conflicting_getspnam=1
787		;;
788	esac
789
790	# lastly, we define options specific to minor releases
791	case "$host" in
792	*-*-hpux10.26)
793		AC_DEFINE([HAVE_SECUREWARE], [1],
794			[Define if you have SecureWare-based
795			protected password database])
796		disable_ptmx_check=yes
797		LIBS="$LIBS -lsecpw"
798		;;
799	esac
800	;;
801*-*-irix5*)
802	PATH="$PATH:/usr/etc"
803	AC_DEFINE([BROKEN_INET_NTOA], [1],
804		[Define if you system's inet_ntoa is busted
805		(e.g. Irix gcc issue)])
806	AC_DEFINE([SETEUID_BREAKS_SETUID])
807	AC_DEFINE([BROKEN_SETREUID])
808	AC_DEFINE([BROKEN_SETREGID])
809	AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
810		[Define if you shouldn't strip 'tty' from your
811		ttyname in [uw]tmp])
812	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
813	;;
814*-*-irix6*)
815	PATH="$PATH:/usr/etc"
816	AC_DEFINE([WITH_IRIX_ARRAY], [1],
817		[Define if you have/want arrays
818		(cluster-wide session management, not C arrays)])
819	AC_DEFINE([WITH_IRIX_PROJECT], [1],
820		[Define if you want IRIX project management])
821	AC_DEFINE([WITH_IRIX_AUDIT], [1],
822		[Define if you want IRIX audit trails])
823	AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
824		[Define if you want IRIX kernel jobs])])
825	AC_DEFINE([BROKEN_INET_NTOA])
826	AC_DEFINE([SETEUID_BREAKS_SETUID])
827	AC_DEFINE([BROKEN_SETREUID])
828	AC_DEFINE([BROKEN_SETREGID])
829	AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
830	AC_DEFINE([WITH_ABBREV_NO_TTY])
831	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
832	;;
833*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
834	check_for_libcrypt_later=1
835	AC_DEFINE([PAM_TTY_KLUDGE])
836	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
837	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
838	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
839	AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
840	;;
841*-*-linux*)
842	no_dev_ptmx=1
843	use_pie=auto
844	check_for_libcrypt_later=1
845	check_for_openpty_ctty_bug=1
846	dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
847	dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
848	CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
849	AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
850	AC_DEFINE([PAM_TTY_KLUDGE], [1],
851		[Work around problematic Linux PAM modules handling of PAM_TTY])
852	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
853		[String used in /etc/passwd to denote locked account])
854	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
855	AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
856		[Define to whatever link() returns for "not supported"
857		if it doesn't return EOPNOTSUPP.])
858	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
859	AC_DEFINE([USE_BTMP])
860	AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
861	inet6_default_4in6=yes
862	case `uname -r` in
863	1.*|2.0.*)
864		AC_DEFINE([BROKEN_CMSG_TYPE], [1],
865			[Define if cmsg_type is not passed correctly])
866		;;
867	esac
868	# tun(4) forwarding compat code
869	AC_CHECK_HEADERS([linux/if_tun.h])
870	if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
871		AC_DEFINE([SSH_TUN_LINUX], [1],
872		    [Open tunnel devices the Linux tun/tap way])
873		AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
874		    [Use tunnel device compatibility to OpenBSD])
875		AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
876		    [Prepend the address family to IP tunnel traffic])
877	fi
878	AC_CHECK_HEADER([linux/if.h],
879	    AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
880		[Support routing domains using Linux VRF]), [], [
881#ifdef HAVE_SYS_TYPES_H
882# include <sys/types.h>
883#endif
884	    ])
885	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
886	    [], [#include <linux/types.h>])
887	# Obtain MIPS ABI
888	case "$host" in
889	mips*)
890		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
891#if _MIPS_SIM != _ABIO32
892#error
893#endif
894			]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
895#if _MIPS_SIM != _ABIN32
896#error
897#endif
898				]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
899#if _MIPS_SIM != _ABI64
900#error
901#endif
902					]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
903				])
904			])
905		])
906		;;
907	esac
908	AC_MSG_CHECKING([for seccomp architecture])
909	seccomp_audit_arch=
910	case "$host" in
911	x86_64-*)
912		seccomp_audit_arch=AUDIT_ARCH_X86_64
913		;;
914	i*86-*)
915		seccomp_audit_arch=AUDIT_ARCH_I386
916		;;
917	arm*-*)
918		seccomp_audit_arch=AUDIT_ARCH_ARM
919		;;
920	aarch64*-*)
921		seccomp_audit_arch=AUDIT_ARCH_AARCH64
922		;;
923	s390x-*)
924		seccomp_audit_arch=AUDIT_ARCH_S390X
925		;;
926	s390-*)
927		seccomp_audit_arch=AUDIT_ARCH_S390
928		;;
929	powerpc64-*)
930		seccomp_audit_arch=AUDIT_ARCH_PPC64
931		;;
932	powerpc64le-*)
933		seccomp_audit_arch=AUDIT_ARCH_PPC64LE
934		;;
935	mips-*)
936		seccomp_audit_arch=AUDIT_ARCH_MIPS
937		;;
938	mipsel-*)
939		seccomp_audit_arch=AUDIT_ARCH_MIPSEL
940		;;
941	mips64-*)
942		case "$mips_abi" in
943		"n32")
944			seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
945			;;
946		"n64")
947			seccomp_audit_arch=AUDIT_ARCH_MIPS64
948			;;
949		esac
950		;;
951	mips64el-*)
952		case "$mips_abi" in
953		"n32")
954			seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
955			;;
956		"n64")
957			seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
958			;;
959		esac
960		;;
961	riscv64-*)
962		seccomp_audit_arch=AUDIT_ARCH_RISCV64
963		;;
964	esac
965	if test "x$seccomp_audit_arch" != "x" ; then
966		AC_MSG_RESULT(["$seccomp_audit_arch"])
967		AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
968		    [Specify the system call convention in use])
969	else
970		AC_MSG_RESULT([architecture not supported])
971	fi
972	;;
973*-*-minix)
974	AC_DEFINE([SETEUID_BREAKS_SETUID])
975	# poll(2) seems to choke on /dev/null; "Bad file descriptor"
976	AC_DEFINE([BROKEN_POLL], [1],
977	    [System poll(2) implementation is broken])
978	;;
979mips-sony-bsd|mips-sony-newsos4)
980	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
981	SONY=1
982	;;
983*-*-netbsd*)
984	check_for_libcrypt_before=1
985	if test "x$withval" != "xno" ; then
986		rpath_opt="-R"
987	fi
988	CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
989	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
990	AC_CHECK_HEADER([net/if_tap.h], ,
991	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
992	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
993	    [Prepend the address family to IP tunnel traffic])
994	TEST_MALLOC_OPTIONS="AJRX"
995	AC_DEFINE([BROKEN_READ_COMPARISON], [1],
996	    [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
997	;;
998*-*-freebsd*)
999	check_for_libcrypt_later=1
1000	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
1001	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1002	AC_CHECK_HEADER([net/if_tap.h], ,
1003	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1004	AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
1005	TEST_MALLOC_OPTIONS="AJRX"
1006	# Preauth crypto occasionally uses file descriptors for crypto offload
1007	# and will crash if they cannot be opened.
1008	AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
1009	    [define if setrlimit RLIMIT_NOFILE breaks things])
1010	case "$host" in
1011	*-*-freebsd9.*|*-*-freebsd10.*)
1012		# Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1013		disable_capsicum=yes
1014	esac
1015	;;
1016*-*-bsdi*)
1017	AC_DEFINE([SETEUID_BREAKS_SETUID])
1018	AC_DEFINE([BROKEN_SETREUID])
1019	AC_DEFINE([BROKEN_SETREGID])
1020	;;
1021*-next-*)
1022	conf_lastlog_location="/usr/adm/lastlog"
1023	conf_utmp_location=/etc/utmp
1024	conf_wtmp_location=/usr/adm/wtmp
1025	maildir=/usr/spool/mail
1026	AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
1027	AC_DEFINE([USE_PIPES])
1028	AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
1029	;;
1030*-*-openbsd*)
1031	use_pie=auto
1032	AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
1033	AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
1034	AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
1035	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
1036	    [syslog_r function is safe to use in in a signal handler])
1037	TEST_MALLOC_OPTIONS="AFGJPRX"
1038	;;
1039*-*-solaris*)
1040	if test "x$withval" != "xno" ; then
1041		rpath_opt="-R"
1042	fi
1043	AC_DEFINE([PAM_SUN_CODEBASE])
1044	AC_DEFINE([LOGIN_NEEDS_UTMPX])
1045	AC_DEFINE([PAM_TTY_KLUDGE])
1046	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
1047		[Define if pam_chauthtok wants real uid set
1048		to the unpriv'ed user])
1049	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1050	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
1051	AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
1052		[Define if sshd somehow reacquires a controlling TTY
1053		after setsid()])
1054	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
1055		in case the name is longer than 8 chars])
1056	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
1057	external_path_file=/etc/default/login
1058	# hardwire lastlog location (can't detect it on some versions)
1059	conf_lastlog_location="/var/adm/lastlog"
1060	AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
1061	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1062	if test "$sol2ver" -ge 8; then
1063		AC_MSG_RESULT([yes])
1064		AC_DEFINE([DISABLE_UTMP])
1065		AC_DEFINE([DISABLE_WTMP], [1],
1066			[Define if you don't want to use wtmp])
1067	else
1068		AC_MSG_RESULT([no])
1069	fi
1070	AC_CHECK_FUNCS([setpflags])
1071	AC_CHECK_FUNCS([setppriv])
1072	AC_CHECK_FUNCS([priv_basicset])
1073	AC_CHECK_HEADERS([priv.h])
1074	AC_ARG_WITH([solaris-contracts],
1075		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
1076		[
1077		AC_CHECK_LIB([contract], [ct_tmpl_activate],
1078			[ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1079				[Define if you have Solaris process contracts])
1080			  LIBS="$LIBS -lcontract"
1081			  SPC_MSG="yes" ], )
1082		],
1083	)
1084	AC_ARG_WITH([solaris-projects],
1085		[  --with-solaris-projects Enable Solaris projects (experimental)],
1086		[
1087		AC_CHECK_LIB([project], [setproject],
1088			[ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1089				[Define if you have Solaris projects])
1090			LIBS="$LIBS -lproject"
1091			SP_MSG="yes" ], )
1092		],
1093	)
1094	AC_ARG_WITH([solaris-privs],
1095		[  --with-solaris-privs    Enable Solaris/Illumos privileges (experimental)],
1096		[
1097		AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1098		if test "x$ac_cv_func_setppriv" = "xyes" -a \
1099			"x$ac_cv_header_priv_h" = "xyes" ; then
1100			SOLARIS_PRIVS=yes
1101			AC_MSG_RESULT([found])
1102			AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1103				[Define to disable UID restoration test])
1104			AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1105				[Define if you have Solaris privileges])
1106			SPP_MSG="yes"
1107		else
1108			AC_MSG_RESULT([not found])
1109			AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1110		fi
1111		],
1112	)
1113	TEST_SHELL=$SHELL	# let configure find us a capable shell
1114	;;
1115*-*-sunos4*)
1116	CPPFLAGS="$CPPFLAGS -DSUNOS4"
1117	AC_CHECK_FUNCS([getpwanam])
1118	AC_DEFINE([PAM_SUN_CODEBASE])
1119	conf_utmp_location=/etc/utmp
1120	conf_wtmp_location=/var/adm/wtmp
1121	conf_lastlog_location=/var/adm/lastlog
1122	AC_DEFINE([USE_PIPES])
1123	AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1124	;;
1125*-ncr-sysv*)
1126	LIBS="$LIBS -lc89"
1127	AC_DEFINE([USE_PIPES])
1128	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1129	AC_DEFINE([SETEUID_BREAKS_SETUID])
1130	AC_DEFINE([BROKEN_SETREUID])
1131	AC_DEFINE([BROKEN_SETREGID])
1132	;;
1133*-sni-sysv*)
1134	# /usr/ucblib MUST NOT be searched on ReliantUNIX
1135	AC_CHECK_LIB([dl], [dlsym], ,)
1136	# -lresolv needs to be at the end of LIBS or DNS lookups break
1137	AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1138	IPADDR_IN_DISPLAY=yes
1139	AC_DEFINE([USE_PIPES])
1140	AC_DEFINE([IP_TOS_IS_BROKEN])
1141	AC_DEFINE([SETEUID_BREAKS_SETUID])
1142	AC_DEFINE([BROKEN_SETREUID])
1143	AC_DEFINE([BROKEN_SETREGID])
1144	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1145	external_path_file=/etc/default/login
1146	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1147	# Attention: always take care to bind libsocket and libnsl before libc,
1148	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1149	;;
1150# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1151*-*-sysv4.2*)
1152	AC_DEFINE([USE_PIPES])
1153	AC_DEFINE([SETEUID_BREAKS_SETUID])
1154	AC_DEFINE([BROKEN_SETREUID])
1155	AC_DEFINE([BROKEN_SETREGID])
1156	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1157	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1158	TEST_SHELL=$SHELL	# let configure find us a capable shell
1159	;;
1160# UnixWare 7.x, OpenUNIX 8
1161*-*-sysv5*)
1162	CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1163	AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1164	AC_DEFINE([USE_PIPES])
1165	AC_DEFINE([SETEUID_BREAKS_SETUID])
1166	AC_DEFINE([BROKEN_GETADDRINFO])
1167	AC_DEFINE([BROKEN_SETREUID])
1168	AC_DEFINE([BROKEN_SETREGID])
1169	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1170	AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1171	TEST_SHELL=$SHELL	# let configure find us a capable shell
1172	check_for_libcrypt_later=1
1173	case "$host" in
1174	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
1175		maildir=/var/spool/mail
1176		AC_DEFINE([BROKEN_UPDWTMPX])
1177		AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1178			AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1179			], , )
1180		;;
1181	*)	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1182		;;
1183	esac
1184	;;
1185*-*-sysv*)
1186	;;
1187# SCO UNIX and OEM versions of SCO UNIX
1188*-*-sco3.2v4*)
1189	AC_MSG_ERROR("This Platform is no longer supported.")
1190	;;
1191# SCO OpenServer 5.x
1192*-*-sco3.2v5*)
1193	if test -z "$GCC"; then
1194		CFLAGS="$CFLAGS -belf"
1195	fi
1196	LIBS="$LIBS -lprot -lx -ltinfo -lm"
1197	no_dev_ptmx=1
1198	AC_DEFINE([USE_PIPES])
1199	AC_DEFINE([HAVE_SECUREWARE])
1200	AC_DEFINE([DISABLE_SHADOW])
1201	AC_DEFINE([DISABLE_FD_PASSING])
1202	AC_DEFINE([SETEUID_BREAKS_SETUID])
1203	AC_DEFINE([BROKEN_GETADDRINFO])
1204	AC_DEFINE([BROKEN_SETREUID])
1205	AC_DEFINE([BROKEN_SETREGID])
1206	AC_DEFINE([WITH_ABBREV_NO_TTY])
1207	AC_DEFINE([BROKEN_UPDWTMPX])
1208	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1209	AC_CHECK_FUNCS([getluid setluid])
1210	MANTYPE=man
1211	TEST_SHELL=$SHELL	# let configure find us a capable shell
1212	SKIP_DISABLE_LASTLOG_DEFINE=yes
1213	;;
1214*-dec-osf*)
1215	AC_MSG_CHECKING([for Digital Unix SIA])
1216	no_osfsia=""
1217	AC_ARG_WITH([osfsia],
1218		[  --with-osfsia           Enable Digital Unix SIA],
1219		[
1220			if test "x$withval" = "xno" ; then
1221				AC_MSG_RESULT([disabled])
1222				no_osfsia=1
1223			fi
1224		],
1225	)
1226	if test -z "$no_osfsia" ; then
1227		if test -f /etc/sia/matrix.conf; then
1228			AC_MSG_RESULT([yes])
1229			AC_DEFINE([HAVE_OSF_SIA], [1],
1230				[Define if you have Digital Unix Security
1231				Integration Architecture])
1232			AC_DEFINE([DISABLE_LOGIN], [1],
1233				[Define if you don't want to use your
1234				system's login() call])
1235			AC_DEFINE([DISABLE_FD_PASSING])
1236			LIBS="$LIBS -lsecurity -ldb -lm -laud"
1237			SIA_MSG="yes"
1238		else
1239			AC_MSG_RESULT([no])
1240			AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1241			  [String used in /etc/passwd to denote locked account])
1242		fi
1243	fi
1244	AC_DEFINE([BROKEN_GETADDRINFO])
1245	AC_DEFINE([SETEUID_BREAKS_SETUID])
1246	AC_DEFINE([BROKEN_SETREUID])
1247	AC_DEFINE([BROKEN_SETREGID])
1248	AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1249	;;
1250
1251*-*-nto-qnx*)
1252	AC_DEFINE([USE_PIPES])
1253	AC_DEFINE([NO_X11_UNIX_SOCKETS])
1254	AC_DEFINE([DISABLE_LASTLOG])
1255	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1256	AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1257	enable_etc_default_login=no	# has incompatible /etc/default/login
1258	case "$host" in
1259	*-*-nto-qnx6*)
1260		AC_DEFINE([DISABLE_FD_PASSING])
1261		;;
1262	esac
1263	;;
1264
1265*-*-ultrix*)
1266	AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1267	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1268	AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1269	AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1270	# DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1271	# don't get a controlling tty.
1272	AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1273	# On Ultrix some headers are not protected against multiple includes,
1274	# so we create wrappers and put it where the compiler will find it.
1275	AC_MSG_WARN([creating compat wrappers for headers])
1276	mkdir -p netinet
1277	for header in netinet/ip.h netdb.h resolv.h; do
1278		name=`echo $header | tr 'a-z/.' 'A-Z__'`
1279		cat >$header <<EOD
1280#ifndef _SSH_COMPAT_${name}
1281#define _SSH_COMPAT_${name}
1282#include "/usr/include/${header}"
1283#endif
1284EOD
1285	done
1286	;;
1287
1288*-*-lynxos)
1289	CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1290	AC_DEFINE([BROKEN_SETVBUF], [1],
1291	    [LynxOS has broken setvbuf() implementation])
1292	;;
1293esac
1294
1295AC_MSG_CHECKING([compiler and flags for sanity])
1296AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
1297	[	AC_MSG_RESULT([yes]) ],
1298	[
1299		AC_MSG_RESULT([no])
1300		AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1301	],
1302	[	AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1303)
1304
1305dnl Checks for header files.
1306# Checks for libraries.
1307AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1308
1309dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1310AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1311	AC_CHECK_LIB([gen], [dirname], [
1312		AC_CACHE_CHECK([for broken dirname],
1313			ac_cv_have_broken_dirname, [
1314			save_LIBS="$LIBS"
1315			LIBS="$LIBS -lgen"
1316			AC_RUN_IFELSE(
1317				[AC_LANG_SOURCE([[
1318#include <libgen.h>
1319#include <string.h>
1320#include <stdlib.h>
1321
1322int main(int argc, char **argv) {
1323    char *s, buf[32];
1324
1325    strncpy(buf,"/etc", 32);
1326    s = dirname(buf);
1327    if (!s || strncmp(s, "/", 32) != 0) {
1328	exit(1);
1329    } else {
1330	exit(0);
1331    }
1332}
1333				]])],
1334				[ ac_cv_have_broken_dirname="no" ],
1335				[ ac_cv_have_broken_dirname="yes" ],
1336				[ ac_cv_have_broken_dirname="no" ],
1337			)
1338			LIBS="$save_LIBS"
1339		])
1340		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1341			LIBS="$LIBS -lgen"
1342			AC_DEFINE([HAVE_DIRNAME])
1343			AC_CHECK_HEADERS([libgen.h])
1344		fi
1345	])
1346])
1347
1348AC_CHECK_FUNC([getspnam], ,
1349	[AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1350AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1351	[Define if you have the basename function.])])
1352
1353dnl zlib defaults to enabled
1354zlib=yes
1355AC_ARG_WITH([zlib],
1356	[  --with-zlib=PATH        Use zlib in PATH],
1357	[ if test "x$withval" = "xno" ; then
1358		zlib=no
1359	  elif test "x$withval" != "xyes"; then
1360		if test -d "$withval/lib"; then
1361			if test -n "${rpath_opt}"; then
1362				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1363			else
1364				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1365			fi
1366		else
1367			if test -n "${rpath_opt}"; then
1368				LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1369			else
1370				LDFLAGS="-L${withval} ${LDFLAGS}"
1371			fi
1372		fi
1373		if test -d "$withval/include"; then
1374			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1375		else
1376			CPPFLAGS="-I${withval} ${CPPFLAGS}"
1377		fi
1378	fi ]
1379)
1380
1381AC_MSG_CHECKING([for zlib])
1382if test "x${zlib}" = "xno"; then
1383	AC_MSG_RESULT([no])
1384else
1385	AC_MSG_RESULT([yes])
1386	AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1387    AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1388    AC_CHECK_LIB([z], [deflate], ,
1389	[
1390		saved_CPPFLAGS="$CPPFLAGS"
1391		saved_LDFLAGS="$LDFLAGS"
1392		save_LIBS="$LIBS"
1393		dnl Check default zlib install dir
1394		if test -n "${rpath_opt}"; then
1395			LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1396		else
1397			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1398		fi
1399		CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1400		LIBS="$LIBS -lz"
1401		AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1402			[
1403				AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1404			]
1405		)
1406	]
1407    )
1408
1409    AC_ARG_WITH([zlib-version-check],
1410	[  --without-zlib-version-check Disable zlib version check],
1411	[  if test "x$withval" = "xno" ; then
1412		zlib_check_nonfatal=1
1413	   fi
1414	]
1415    )
1416
1417    AC_MSG_CHECKING([for possibly buggy zlib])
1418    AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1419#include <stdio.h>
1420#include <stdlib.h>
1421#include <zlib.h>
1422	]],
1423	[[
1424	int a=0, b=0, c=0, d=0, n, v;
1425	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1426	if (n != 3 && n != 4)
1427		exit(1);
1428	v = a*1000000 + b*10000 + c*100 + d;
1429	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1430
1431	/* 1.1.4 is OK */
1432	if (a == 1 && b == 1 && c >= 4)
1433		exit(0);
1434
1435	/* 1.2.3 and up are OK */
1436	if (v >= 1020300)
1437		exit(0);
1438
1439	exit(2);
1440	]])],
1441	AC_MSG_RESULT([no]),
1442	[ AC_MSG_RESULT([yes])
1443	  if test -z "$zlib_check_nonfatal" ; then
1444		AC_MSG_ERROR([*** zlib too old - check config.log ***
1445Your reported zlib version has known security problems.  It's possible your
1446vendor has fixed these problems without changing the version number.  If you
1447are sure this is the case, you can disable the check by running
1448"./configure --without-zlib-version-check".
1449If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1450See http://www.gzip.org/zlib/ for details.])
1451	  else
1452		AC_MSG_WARN([zlib version may have security problems])
1453	  fi
1454	],
1455	[	AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1456    )
1457fi
1458
1459dnl UnixWare 2.x
1460AC_CHECK_FUNC([strcasecmp],
1461	[], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1462)
1463AC_CHECK_FUNCS([utimes],
1464	[], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1465					LIBS="$LIBS -lc89"]) ]
1466)
1467
1468dnl    Checks for libutil functions
1469AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1470AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1471AC_SEARCH_LIBS([scan_scaled], [util bsd])
1472AC_SEARCH_LIBS([login], [util bsd])
1473AC_SEARCH_LIBS([logout], [util bsd])
1474AC_SEARCH_LIBS([logwtmp], [util bsd])
1475AC_SEARCH_LIBS([openpty], [util bsd])
1476AC_SEARCH_LIBS([updwtmp], [util bsd])
1477AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1478
1479# On some platforms, inet_ntop and gethostbyname may be found in libresolv
1480# or libnsl.
1481AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1482AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1483
1484# Some Linux distribtions ship the BSD libc hashing functions in
1485# separate libraries.
1486AC_SEARCH_LIBS([SHA256Update], [md bsd])
1487
1488# "Particular Function Checks"
1489# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1490AC_FUNC_STRFTIME
1491AC_FUNC_MALLOC
1492AC_FUNC_REALLOC
1493# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1494AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1495AC_RUN_IFELSE(
1496	[AC_LANG_PROGRAM(
1497		[[ #include <stdlib.h> ]],
1498		[[ void *p = calloc(0, 1); exit(p == NULL); ]]
1499	)],
1500	[ func_calloc_0_nonnull=yes ],
1501	[ func_calloc_0_nonnull=no ],
1502	[ AC_MSG_WARN([cross compiling: assuming same as malloc])
1503	  func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1504)
1505AC_MSG_RESULT([$func_calloc_0_nonnull])
1506
1507if test "x$func_calloc_0_nonnull" = "xyes"; then
1508	AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1509else
1510	AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1511	AC_DEFINE(calloc, rpl_calloc,
1512	    [Define to rpl_calloc if the replacement function should be used.])
1513fi
1514
1515# Check for ALTDIRFUNC glob() extension
1516AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1517AC_EGREP_CPP([FOUNDIT],
1518	[
1519		#include <glob.h>
1520		#ifdef GLOB_ALTDIRFUNC
1521		FOUNDIT
1522		#endif
1523	],
1524	[
1525		AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1526			[Define if your system glob() function has
1527			the GLOB_ALTDIRFUNC extension])
1528		AC_MSG_RESULT([yes])
1529	],
1530	[
1531		AC_MSG_RESULT([no])
1532	]
1533)
1534
1535# Check for g.gl_matchc glob() extension
1536AC_MSG_CHECKING([for gl_matchc field in glob_t])
1537AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1538	[[ glob_t g; g.gl_matchc = 1; ]])],
1539	[
1540		AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1541			[Define if your system glob() function has
1542			gl_matchc options in glob_t])
1543		AC_MSG_RESULT([yes])
1544	], [
1545		AC_MSG_RESULT([no])
1546])
1547
1548# Check for g.gl_statv glob() extension
1549AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1550AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1551#ifndef GLOB_KEEPSTAT
1552#error "glob does not support GLOB_KEEPSTAT extension"
1553#endif
1554glob_t g;
1555g.gl_statv = NULL;
1556]])],
1557	[
1558		AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1559			[Define if your system glob() function has
1560			gl_statv options in glob_t])
1561		AC_MSG_RESULT([yes])
1562	], [
1563		AC_MSG_RESULT([no])
1564
1565])
1566
1567AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1568
1569AC_CHECK_DECL([VIS_ALL], ,
1570    AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1571
1572AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1573AC_RUN_IFELSE(
1574	[AC_LANG_PROGRAM([[
1575#include <sys/types.h>
1576#include <dirent.h>
1577#include <stdlib.h>
1578	]],
1579	[[
1580	struct dirent d;
1581	exit(sizeof(d.d_name)<=sizeof(char));
1582	]])],
1583	[AC_MSG_RESULT([yes])],
1584	[
1585		AC_MSG_RESULT([no])
1586		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1587			[Define if your struct dirent expects you to
1588			allocate extra space for d_name])
1589	],
1590	[
1591		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1592		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1593	]
1594)
1595
1596AC_MSG_CHECKING([for /proc/pid/fd directory])
1597if test -d "/proc/$$/fd" ; then
1598	AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1599	AC_MSG_RESULT([yes])
1600else
1601	AC_MSG_RESULT([no])
1602fi
1603
1604# Check whether user wants TCP wrappers support
1605TCPW_MSG="no"
1606AC_ARG_WITH([tcp-wrappers],
1607	[  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1608	[
1609		if test "x$withval" != "xno" ; then
1610			saved_LIBS="$LIBS"
1611			saved_LDFLAGS="$LDFLAGS"
1612			saved_CPPFLAGS="$CPPFLAGS"
1613			if test -n "${withval}" && \
1614			    test "x${withval}" != "xyes"; then
1615				if test -d "${withval}/lib"; then
1616					if test -n "${need_dash_r}"; then
1617						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1618					else
1619						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1620					fi
1621				else
1622					if test -n "${need_dash_r}"; then
1623						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1624					else
1625						LDFLAGS="-L${withval} ${LDFLAGS}"
1626					fi
1627				fi
1628				if test -d "${withval}/include"; then
1629					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1630				else
1631					CPPFLAGS="-I${withval} ${CPPFLAGS}"
1632				fi
1633			fi
1634			LIBS="-lwrap $LIBS"
1635			AC_MSG_CHECKING([for libwrap])
1636			AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1637#include <sys/types.h>
1638#include <sys/socket.h>
1639#include <netinet/in.h>
1640#include <tcpd.h>
1641int deny_severity = 0, allow_severity = 0;
1642				]], [[
1643	hosts_access(0);
1644				]])], [
1645					AC_MSG_RESULT([yes])
1646					AC_DEFINE([LIBWRAP], [1],
1647						[Define if you want
1648						TCP Wrappers support])
1649					SSHDLIBS="$SSHDLIBS -lwrap"
1650					TCPW_MSG="yes"
1651				], [
1652					AC_MSG_ERROR([*** libwrap missing])
1653			])
1654			LIBS="$saved_LIBS"
1655		fi
1656	]
1657)
1658
1659# Check whether user wants to use ldns
1660LDNS_MSG="no"
1661AC_ARG_WITH(ldns,
1662	[  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
1663	[
1664	ldns=""
1665	if test "x$withval" = "xyes" ; then
1666		AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1667		if test "x$LDNSCONFIG" = "xno"; then
1668			LIBS="-lldns $LIBS"
1669			ldns=yes
1670		else
1671			LIBS="$LIBS `$LDNSCONFIG --libs`"
1672			CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1673			ldns=yes
1674		fi
1675	elif test "x$withval" != "xno" ; then
1676			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1677			LDFLAGS="$LDFLAGS -L${withval}/lib"
1678			LIBS="-lldns $LIBS"
1679			ldns=yes
1680	fi
1681
1682	# Verify that it works.
1683	if test "x$ldns" = "xyes" ; then
1684		AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1685		LDNS_MSG="yes"
1686		AC_MSG_CHECKING([for ldns support])
1687		AC_LINK_IFELSE(
1688			[AC_LANG_SOURCE([[
1689#include <stdio.h>
1690#include <stdlib.h>
1691#ifdef HAVE_STDINT_H
1692# include <stdint.h>
1693#endif
1694#include <ldns/ldns.h>
1695int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1696			]])
1697		],
1698			[AC_MSG_RESULT(yes)],
1699				[
1700					AC_MSG_RESULT(no)
1701					AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1702				])
1703	fi
1704])
1705
1706# Check whether user wants libedit support
1707LIBEDIT_MSG="no"
1708AC_ARG_WITH([libedit],
1709	[  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1710	[ if test "x$withval" != "xno" ; then
1711		if test "x$withval" = "xyes" ; then
1712			AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1713			if test "x$PKGCONFIG" != "xno"; then
1714				AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1715				if "$PKGCONFIG" libedit; then
1716					AC_MSG_RESULT([yes])
1717					use_pkgconfig_for_libedit=yes
1718				else
1719					AC_MSG_RESULT([no])
1720				fi
1721			fi
1722		else
1723			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1724			if test -n "${rpath_opt}"; then
1725				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1726			else
1727				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1728			fi
1729		fi
1730		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1731			LIBEDIT=`$PKGCONFIG --libs libedit`
1732			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1733		else
1734			LIBEDIT="-ledit -lcurses"
1735		fi
1736		OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1737		AC_CHECK_LIB([edit], [el_init],
1738			[ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1739			  LIBEDIT_MSG="yes"
1740			  AC_SUBST([LIBEDIT])
1741			],
1742			[ AC_MSG_ERROR([libedit not found]) ],
1743			[ $OTHERLIBS ]
1744		)
1745		AC_MSG_CHECKING([if libedit version is compatible])
1746		AC_COMPILE_IFELSE(
1747		    [AC_LANG_PROGRAM([[
1748#include <histedit.h>
1749#include <stdlib.h>
1750		    ]],
1751		    [[
1752	int i = H_SETSIZE;
1753	el_init("", NULL, NULL, NULL);
1754	exit(0);
1755		    ]])],
1756		    [ AC_MSG_RESULT([yes]) ],
1757		    [ AC_MSG_RESULT([no])
1758		      AC_MSG_ERROR([libedit version is not compatible]) ]
1759		)
1760	fi ]
1761)
1762
1763AUDIT_MODULE=none
1764AC_ARG_WITH([audit],
1765	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
1766	[
1767	  AC_MSG_CHECKING([for supported audit module])
1768	  case "$withval" in
1769	  bsm)
1770		AC_MSG_RESULT([bsm])
1771		AUDIT_MODULE=bsm
1772		dnl    Checks for headers, libs and functions
1773		AC_CHECK_HEADERS([bsm/audit.h], [],
1774		    [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1775		    [
1776#ifdef HAVE_TIME_H
1777# include <time.h>
1778#endif
1779		    ]
1780)
1781		AC_CHECK_LIB([bsm], [getaudit], [],
1782		    [AC_MSG_ERROR([BSM enabled and required library not found])])
1783		AC_CHECK_FUNCS([getaudit], [],
1784		    [AC_MSG_ERROR([BSM enabled and required function not found])])
1785		# These are optional
1786		AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1787		AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1788		if test "$sol2ver" -ge 11; then
1789			SSHDLIBS="$SSHDLIBS -lscf"
1790			AC_DEFINE([BROKEN_BSM_API], [1],
1791				[The system has incomplete BSM API])
1792		fi
1793		;;
1794	  linux)
1795		AC_MSG_RESULT([linux])
1796		AUDIT_MODULE=linux
1797		dnl    Checks for headers, libs and functions
1798		AC_CHECK_HEADERS([libaudit.h])
1799		SSHDLIBS="$SSHDLIBS -laudit"
1800		AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1801		;;
1802	  debug)
1803		AUDIT_MODULE=debug
1804		AC_MSG_RESULT([debug])
1805		AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1806		;;
1807	  no)
1808		AC_MSG_RESULT([no])
1809		;;
1810	  *)
1811		AC_MSG_ERROR([Unknown audit module $withval])
1812		;;
1813	esac ]
1814)
1815
1816AC_ARG_WITH([pie],
1817    [  --with-pie              Build Position Independent Executables if possible], [
1818	if test "x$withval" = "xno"; then
1819		use_pie=no
1820	fi
1821	if test "x$withval" = "xyes"; then
1822		use_pie=yes
1823	fi
1824    ]
1825)
1826if test "x$use_pie" = "x"; then
1827	use_pie=no
1828fi
1829if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1830	# Turn off automatic PIE when toolchain hardening is off.
1831	use_pie=no
1832fi
1833if test "x$use_pie" = "xauto"; then
1834	# Automatic PIE requires gcc >= 4.x
1835	AC_MSG_CHECKING([for gcc >= 4.x])
1836	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1837#if !defined(__GNUC__) || __GNUC__ < 4
1838#error gcc is too old
1839#endif
1840]])],
1841	[ AC_MSG_RESULT([yes]) ],
1842	[ AC_MSG_RESULT([no])
1843	  use_pie=no ]
1844)
1845fi
1846if test "x$use_pie" != "xno"; then
1847	SAVED_CFLAGS="$CFLAGS"
1848	SAVED_LDFLAGS="$LDFLAGS"
1849	OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1850	OSSH_CHECK_LDFLAG_LINK([-pie])
1851	# We use both -fPIE and -pie or neither.
1852	AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1853	if echo "x $CFLAGS"  | grep ' -fPIE' >/dev/null 2>&1 && \
1854	   echo "x $LDFLAGS" | grep ' -pie'  >/dev/null 2>&1 ; then
1855		AC_MSG_RESULT([yes])
1856	else
1857		AC_MSG_RESULT([no])
1858		CFLAGS="$SAVED_CFLAGS"
1859		LDFLAGS="$SAVED_LDFLAGS"
1860	fi
1861fi
1862
1863AC_MSG_CHECKING([whether -fPIC is accepted])
1864SAVED_CFLAGS="$CFLAGS"
1865CFLAGS="$CFLAGS -fPIC"
1866AC_COMPILE_IFELSE(
1867	[AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1868   [AC_MSG_RESULT([yes])
1869    PICFLAG="-fPIC"; ],
1870   [AC_MSG_RESULT([no])
1871    PICFLAG=""; ])
1872CFLAGS="$SAVED_CFLAGS"
1873AC_SUBST([PICFLAG])
1874
1875dnl    Checks for library functions. Please keep in alphabetical order
1876AC_CHECK_FUNCS([ \
1877	auth_hostok \
1878	auth_timeok \
1879	Blowfish_initstate \
1880	Blowfish_expandstate \
1881	Blowfish_expand0state \
1882	Blowfish_stream2word \
1883	SHA256Update \
1884	SHA384Update \
1885	SHA512Update \
1886	asprintf \
1887	b64_ntop \
1888	__b64_ntop \
1889	b64_pton \
1890	__b64_pton \
1891	bcopy \
1892	bcrypt_pbkdf \
1893	bindresvport_sa \
1894	blf_enc \
1895	bzero \
1896	cap_rights_limit \
1897	clock \
1898	closefrom \
1899	close_range \
1900	dirfd \
1901	endgrent \
1902	err \
1903	errx \
1904	explicit_bzero \
1905	explicit_memset \
1906	fchmod \
1907	fchmodat \
1908	fchown \
1909	fchownat \
1910	flock \
1911	fnmatch \
1912	freeaddrinfo \
1913	freezero \
1914	fstatfs \
1915	fstatvfs \
1916	futimes \
1917	getaddrinfo \
1918	getcwd \
1919	getgrouplist \
1920	getline \
1921	getnameinfo \
1922	getopt \
1923	getpagesize \
1924	getpeereid \
1925	getpeerucred \
1926	getpgid \
1927	_getpty \
1928	getrlimit \
1929	getrandom \
1930	getsid \
1931	getttyent \
1932	glob \
1933	group_from_gid \
1934	inet_aton \
1935	inet_ntoa \
1936	inet_ntop \
1937	innetgr \
1938	killpg \
1939	llabs \
1940	localtime_r \
1941	login_getcapbool \
1942	login_getpwclass \
1943	memmem \
1944	memmove \
1945	memset_s \
1946	mkdtemp \
1947	ngetaddrinfo \
1948	nsleep \
1949	ogetaddrinfo \
1950	openlog_r \
1951	pledge \
1952	poll \
1953	ppoll \
1954	prctl \
1955	procctl \
1956	pselect \
1957	pstat \
1958	raise \
1959	readpassphrase \
1960	reallocarray \
1961	realpath \
1962	recvmsg \
1963	recallocarray \
1964	rresvport_af \
1965	sendmsg \
1966	setdtablesize \
1967	setegid \
1968	setenv \
1969	seteuid \
1970	setgroupent \
1971	setgroups \
1972	setlinebuf \
1973	setlogin \
1974	setpassent\
1975	setpcred \
1976	setproctitle \
1977	setregid \
1978	setreuid \
1979	setrlimit \
1980	setsid \
1981	setvbuf \
1982	sigaction \
1983	sigvec \
1984	snprintf \
1985	socketpair \
1986	statfs \
1987	statvfs \
1988	strcasestr \
1989	strdup \
1990	strerror \
1991	strlcat \
1992	strlcpy \
1993	strmode \
1994	strndup \
1995	strnlen \
1996	strnvis \
1997	strptime \
1998	strsignal \
1999	strtonum \
2000	strtoll \
2001	strtoul \
2002	strtoull \
2003	swap32 \
2004	sysconf \
2005	tcgetpgrp \
2006	timingsafe_bcmp \
2007	truncate \
2008	unsetenv \
2009	updwtmpx \
2010	utimensat \
2011	user_from_uid \
2012	usleep \
2013	vasprintf \
2014	vsnprintf \
2015	waitpid \
2016	warn \
2017])
2018
2019AC_CHECK_DECLS([bzero, memmem])
2020
2021dnl Wide character support.
2022AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
2023
2024TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
2025AC_MSG_CHECKING([for utf8 locale support])
2026AC_RUN_IFELSE(
2027	[AC_LANG_PROGRAM([[
2028#include <locale.h>
2029#include <stdlib.h>
2030	]], [[
2031	char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2032	if (loc != NULL)
2033		exit(0);
2034	exit(1);
2035	]])],
2036	AC_MSG_RESULT(yes),
2037	[AC_MSG_RESULT(no)
2038	 TEST_SSH_UTF8=no],
2039	AC_MSG_WARN([cross compiling: assuming yes])
2040)
2041
2042AC_LINK_IFELSE(
2043        [AC_LANG_PROGRAM(
2044           [[ #include <ctype.h> ]],
2045           [[ return (isblank('a')); ]])],
2046	[AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
2047])
2048
2049disable_pkcs11=
2050AC_ARG_ENABLE([pkcs11],
2051	[  --disable-pkcs11        disable PKCS#11 support code [no]],
2052	[
2053		if test "x$enableval" = "xno" ; then
2054			disable_pkcs11=1
2055		fi
2056	]
2057)
2058
2059disable_sk=
2060AC_ARG_ENABLE([security-key],
2061	[  --disable-security-key  disable U2F/FIDO support code [no]],
2062	[
2063		if test "x$enableval" = "xno" ; then
2064			disable_sk=1
2065		fi
2066	]
2067)
2068enable_sk_internal=
2069AC_ARG_WITH([security-key-builtin],
2070	[  --with-security-key-builtin include builtin U2F/FIDO support],
2071	[
2072		if test "x$withval" != "xno" ; then
2073			enable_sk_internal=yes
2074		fi
2075	]
2076)
2077test "x$disable_sk" != "x" && enable_sk_internal=""
2078
2079AC_SEARCH_LIBS([dlopen], [dl])
2080AC_CHECK_FUNCS([dlopen])
2081AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
2082
2083# IRIX has a const char return value for gai_strerror()
2084AC_CHECK_FUNCS([gai_strerror], [
2085	AC_DEFINE([HAVE_GAI_STRERROR])
2086	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2087#include <sys/types.h>
2088#include <sys/socket.h>
2089#include <netdb.h>
2090
2091const char *gai_strerror(int);
2092			]], [[
2093	char *str;
2094	str = gai_strerror(0);
2095			]])], [
2096		AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
2097		[Define if gai_strerror() returns const char *])], [])])
2098
2099AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
2100	[Some systems put nanosleep outside of libc])])
2101
2102AC_SEARCH_LIBS([clock_gettime], [rt],
2103	[AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
2104
2105dnl check if we need -D_REENTRANT for localtime_r declaration.
2106AC_CHECK_DECL([localtime_r], [],
2107	[ saved_CPPFLAGS="$CPPFLAGS"
2108	  CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2109	  unset ac_cv_have_decl_localtime_r
2110	  AC_CHECK_DECL([localtime_r], [],
2111		[ CPPFLAGS="$saved_CPPFLAGS" ],
2112		[ #include <time.h> ]
2113	  )
2114	],
2115	[ #include <time.h> ]
2116)
2117
2118dnl Make sure prototypes are defined for these before using them.
2119AC_CHECK_DECL([strsep],
2120	[AC_CHECK_FUNCS([strsep])],
2121	[],
2122	[
2123#ifdef HAVE_STRING_H
2124# include <string.h>
2125#endif
2126	])
2127
2128dnl tcsendbreak might be a macro
2129AC_CHECK_DECL([tcsendbreak],
2130	[AC_DEFINE([HAVE_TCSENDBREAK])],
2131	[AC_CHECK_FUNCS([tcsendbreak])],
2132	[#include <termios.h>]
2133)
2134
2135AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2136
2137AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
2138	[
2139#include <sys/types.h>
2140#include <sys/socket.h>
2141#include <unistd.h>
2142	])
2143
2144AC_CHECK_DECLS([O_NONBLOCK], , ,
2145	[
2146#include <sys/types.h>
2147#ifdef HAVE_SYS_STAT_H
2148# include <sys/stat.h>
2149#endif
2150#ifdef HAVE_FCNTL_H
2151# include <fcntl.h>
2152#endif
2153	])
2154
2155AC_CHECK_DECLS([ftruncate], , ,
2156	[
2157#include <sys/types.h>
2158#include <unistd.h>
2159	])
2160
2161AC_CHECK_DECLS([readv, writev], , , [
2162#include <sys/types.h>
2163#include <sys/uio.h>
2164#include <unistd.h>
2165	])
2166
2167AC_CHECK_DECLS([MAXSYMLINKS], , , [
2168#include <sys/param.h>
2169	])
2170
2171AC_CHECK_DECLS([offsetof], , , [
2172#include <stddef.h>
2173	])
2174
2175# extra bits for select(2)
2176AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2177#include <sys/param.h>
2178#include <sys/types.h>
2179#ifdef HAVE_SYS_SYSMACROS_H
2180#include <sys/sysmacros.h>
2181#endif
2182#ifdef HAVE_SYS_SELECT_H
2183#include <sys/select.h>
2184#endif
2185#ifdef HAVE_SYS_TIME_H
2186#include <sys/time.h>
2187#endif
2188#ifdef HAVE_UNISTD_H
2189#include <unistd.h>
2190#endif
2191	]])
2192AC_CHECK_TYPES([fd_mask], [], [], [[
2193#include <sys/param.h>
2194#include <sys/types.h>
2195#ifdef HAVE_SYS_SELECT_H
2196#include <sys/select.h>
2197#endif
2198#ifdef HAVE_SYS_TIME_H
2199#include <sys/time.h>
2200#endif
2201#ifdef HAVE_UNISTD_H
2202#include <unistd.h>
2203#endif
2204	]])
2205
2206AC_CHECK_FUNCS([setresuid], [
2207	dnl Some platorms have setresuid that isn't implemented, test for this
2208	AC_MSG_CHECKING([if setresuid seems to work])
2209	AC_RUN_IFELSE(
2210		[AC_LANG_PROGRAM([[
2211#include <stdlib.h>
2212#include <errno.h>
2213		]], [[
2214	errno=0;
2215	setresuid(0,0,0);
2216	if (errno==ENOSYS)
2217		exit(1);
2218	else
2219		exit(0);
2220		]])],
2221		[AC_MSG_RESULT([yes])],
2222		[AC_DEFINE([BROKEN_SETRESUID], [1],
2223			[Define if your setresuid() is broken])
2224		 AC_MSG_RESULT([not implemented])],
2225		[AC_MSG_WARN([cross compiling: not checking setresuid])]
2226	)
2227])
2228
2229AC_CHECK_FUNCS([setresgid], [
2230	dnl Some platorms have setresgid that isn't implemented, test for this
2231	AC_MSG_CHECKING([if setresgid seems to work])
2232	AC_RUN_IFELSE(
2233		[AC_LANG_PROGRAM([[
2234#include <stdlib.h>
2235#include <errno.h>
2236		]], [[
2237	errno=0;
2238	setresgid(0,0,0);
2239	if (errno==ENOSYS)
2240		exit(1);
2241	else
2242		exit(0);
2243		]])],
2244		[AC_MSG_RESULT([yes])],
2245		[AC_DEFINE([BROKEN_SETRESGID], [1],
2246			[Define if your setresgid() is broken])
2247		 AC_MSG_RESULT([not implemented])],
2248		[AC_MSG_WARN([cross compiling: not checking setresuid])]
2249	)
2250])
2251
2252AC_MSG_CHECKING([for working fflush(NULL)])
2253AC_RUN_IFELSE(
2254	[AC_LANG_PROGRAM([[
2255#include <stdio.h>
2256#include <stdlib.h>
2257	]],
2258	[[fflush(NULL); exit(0);]])],
2259	AC_MSG_RESULT([yes]),
2260	[AC_MSG_RESULT([no])
2261	 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2262	    [define if fflush(NULL) does not work])],
2263	AC_MSG_WARN([cross compiling: assuming working])
2264)
2265
2266dnl    Checks for time functions
2267AC_CHECK_FUNCS([gettimeofday time])
2268dnl    Checks for utmp functions
2269AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2270AC_CHECK_FUNCS([utmpname])
2271dnl    Checks for utmpx functions
2272AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2273AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2274dnl    Checks for lastlog functions
2275AC_CHECK_FUNCS([getlastlogxbyname])
2276
2277AC_CHECK_FUNC([daemon],
2278	[AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2279	[AC_CHECK_LIB([bsd], [daemon],
2280		[LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2281)
2282
2283AC_CHECK_FUNC([getpagesize],
2284	[AC_DEFINE([HAVE_GETPAGESIZE], [1],
2285		[Define if your libraries define getpagesize()])],
2286	[AC_CHECK_LIB([ucb], [getpagesize],
2287		[LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2288)
2289
2290# Check for broken snprintf
2291if test "x$ac_cv_func_snprintf" = "xyes" ; then
2292	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2293	AC_RUN_IFELSE(
2294		[AC_LANG_PROGRAM([[
2295#include <stdio.h>
2296#include <stdlib.h>
2297		]],
2298		[[
2299	char b[5];
2300	snprintf(b,5,"123456789");
2301	exit(b[4]!='\0');
2302		]])],
2303		[AC_MSG_RESULT([yes])],
2304		[
2305			AC_MSG_RESULT([no])
2306			AC_DEFINE([BROKEN_SNPRINTF], [1],
2307				[Define if your snprintf is busted])
2308			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2309		],
2310		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2311	)
2312fi
2313
2314if test "x$ac_cv_func_snprintf" = "xyes" ; then
2315	AC_MSG_CHECKING([whether snprintf understands %zu])
2316	AC_RUN_IFELSE(
2317		[AC_LANG_PROGRAM([[
2318#include <sys/types.h>
2319#include <stdio.h>
2320#include <stdlib.h>
2321#include <string.h>
2322		]],
2323		[[
2324	size_t a = 1, b = 2;
2325	char z[128];
2326	snprintf(z, sizeof z, "%zu%zu", a, b);
2327	exit(strcmp(z, "12"));
2328		]])],
2329		[AC_MSG_RESULT([yes])],
2330		[
2331			AC_MSG_RESULT([no])
2332			AC_DEFINE([BROKEN_SNPRINTF], [1],
2333				[snprintf does not understand %zu])
2334		],
2335		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2336	)
2337fi
2338
2339# We depend on vsnprintf returning the right thing on overflow: the
2340# number of characters it tried to create (as per SUSv3)
2341if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2342	AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2343	AC_RUN_IFELSE(
2344		[AC_LANG_PROGRAM([[
2345#include <sys/types.h>
2346#include <stdio.h>
2347#include <stdarg.h>
2348
2349int x_snprintf(char *str, size_t count, const char *fmt, ...)
2350{
2351	size_t ret;
2352	va_list ap;
2353
2354	va_start(ap, fmt);
2355	ret = vsnprintf(str, count, fmt, ap);
2356	va_end(ap);
2357	return ret;
2358}
2359		]], [[
2360char x[1];
2361if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2362	return 1;
2363if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2364	return 1;
2365return 0;
2366		]])],
2367		[AC_MSG_RESULT([yes])],
2368		[
2369			AC_MSG_RESULT([no])
2370			AC_DEFINE([BROKEN_SNPRINTF], [1],
2371				[Define if your snprintf is busted])
2372			AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2373		],
2374		[ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2375	)
2376fi
2377
2378# On systems where [v]snprintf is broken, but is declared in stdio,
2379# check that the fmt argument is const char * or just char *.
2380# This is only useful for when BROKEN_SNPRINTF
2381AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2382AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2383#include <stdio.h>
2384int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2385		]], [[
2386	snprintf(0, 0, 0);
2387		]])],
2388   [AC_MSG_RESULT([yes])
2389    AC_DEFINE([SNPRINTF_CONST], [const],
2390              [Define as const if snprintf() can declare const char *fmt])],
2391   [AC_MSG_RESULT([no])
2392    AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2393
2394# Check for missing getpeereid (or equiv) support
2395NO_PEERCHECK=""
2396if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2397	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2398	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2399#include <sys/types.h>
2400#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2401		[ AC_MSG_RESULT([yes])
2402		  AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2403		], [AC_MSG_RESULT([no])
2404		NO_PEERCHECK=1
2405        ])
2406fi
2407
2408dnl make sure that openpty does not reacquire controlling terminal
2409if test ! -z "$check_for_openpty_ctty_bug"; then
2410	AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2411	AC_RUN_IFELSE(
2412		[AC_LANG_PROGRAM([[
2413#include <stdio.h>
2414#include <stdlib.h>
2415#include <unistd.h>
2416#include <sys/fcntl.h>
2417#include <sys/types.h>
2418#include <sys/wait.h>
2419		]], [[
2420	pid_t pid;
2421	int fd, ptyfd, ttyfd, status;
2422
2423	pid = fork();
2424	if (pid < 0) {		/* failed */
2425		exit(1);
2426	} else if (pid > 0) {	/* parent */
2427		waitpid(pid, &status, 0);
2428		if (WIFEXITED(status))
2429			exit(WEXITSTATUS(status));
2430		else
2431			exit(2);
2432	} else {		/* child */
2433		close(0); close(1); close(2);
2434		setsid();
2435		openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2436		fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2437		if (fd >= 0)
2438			exit(3);	/* Acquired ctty: broken */
2439		else
2440			exit(0);	/* Did not acquire ctty: OK */
2441	}
2442		]])],
2443		[
2444			AC_MSG_RESULT([yes])
2445		],
2446		[
2447			AC_MSG_RESULT([no])
2448			AC_DEFINE([SSHD_ACQUIRES_CTTY])
2449		],
2450		[
2451			AC_MSG_RESULT([cross-compiling, assuming yes])
2452		]
2453	)
2454fi
2455
2456if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2457    test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2458	AC_MSG_CHECKING([if getaddrinfo seems to work])
2459	AC_RUN_IFELSE(
2460		[AC_LANG_PROGRAM([[
2461#include <stdio.h>
2462#include <stdlib.h>
2463#include <sys/socket.h>
2464#include <netdb.h>
2465#include <errno.h>
2466#include <netinet/in.h>
2467
2468#define TEST_PORT "2222"
2469		]], [[
2470	int err, sock;
2471	struct addrinfo *gai_ai, *ai, hints;
2472	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2473
2474	memset(&hints, 0, sizeof(hints));
2475	hints.ai_family = PF_UNSPEC;
2476	hints.ai_socktype = SOCK_STREAM;
2477	hints.ai_flags = AI_PASSIVE;
2478
2479	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2480	if (err != 0) {
2481		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2482		exit(1);
2483	}
2484
2485	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2486		if (ai->ai_family != AF_INET6)
2487			continue;
2488
2489		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2490		    sizeof(ntop), strport, sizeof(strport),
2491		    NI_NUMERICHOST|NI_NUMERICSERV);
2492
2493		if (err != 0) {
2494			if (err == EAI_SYSTEM)
2495				perror("getnameinfo EAI_SYSTEM");
2496			else
2497				fprintf(stderr, "getnameinfo failed: %s\n",
2498				    gai_strerror(err));
2499			exit(2);
2500		}
2501
2502		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2503		if (sock < 0)
2504			perror("socket");
2505		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2506			if (errno == EBADF)
2507				exit(3);
2508		}
2509	}
2510	exit(0);
2511		]])],
2512		[
2513			AC_MSG_RESULT([yes])
2514		],
2515		[
2516			AC_MSG_RESULT([no])
2517			AC_DEFINE([BROKEN_GETADDRINFO])
2518		],
2519		[
2520			AC_MSG_RESULT([cross-compiling, assuming yes])
2521		]
2522	)
2523fi
2524
2525if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2526    test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2527	AC_MSG_CHECKING([if getaddrinfo seems to work])
2528	AC_RUN_IFELSE(
2529		[AC_LANG_PROGRAM([[
2530#include <stdio.h>
2531#include <stdlib.h>
2532#include <sys/socket.h>
2533#include <netdb.h>
2534#include <errno.h>
2535#include <netinet/in.h>
2536
2537#define TEST_PORT "2222"
2538		]], [[
2539	int err, sock;
2540	struct addrinfo *gai_ai, *ai, hints;
2541	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2542
2543	memset(&hints, 0, sizeof(hints));
2544	hints.ai_family = PF_UNSPEC;
2545	hints.ai_socktype = SOCK_STREAM;
2546	hints.ai_flags = AI_PASSIVE;
2547
2548	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2549	if (err != 0) {
2550		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2551		exit(1);
2552	}
2553
2554	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2555		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2556			continue;
2557
2558		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2559		    sizeof(ntop), strport, sizeof(strport),
2560		    NI_NUMERICHOST|NI_NUMERICSERV);
2561
2562		if (ai->ai_family == AF_INET && err != 0) {
2563			perror("getnameinfo");
2564			exit(2);
2565		}
2566	}
2567	exit(0);
2568		]])],
2569		[
2570			AC_MSG_RESULT([yes])
2571			AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2572				[Define if you have a getaddrinfo that fails
2573				for the all-zeros IPv6 address])
2574		],
2575		[
2576			AC_MSG_RESULT([no])
2577			AC_DEFINE([BROKEN_GETADDRINFO])
2578		],
2579		[
2580			AC_MSG_RESULT([cross-compiling, assuming no])
2581		]
2582	)
2583fi
2584
2585if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2586	AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2587	    [#include <sys/types.h>
2588	     #include <sys/socket.h>
2589	     #include <netdb.h>])
2590fi
2591
2592if test "x$check_for_conflicting_getspnam" = "x1"; then
2593	AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2594	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2595#include <shadow.h>
2596#include <stdlib.h>
2597		]],
2598		[[ exit(0); ]])],
2599		[
2600			AC_MSG_RESULT([no])
2601		],
2602		[
2603			AC_MSG_RESULT([yes])
2604			AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2605			    [Conflicting defs for getspnam])
2606		]
2607	)
2608fi
2609
2610dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2611dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2612dnl for over ten years). Despite this incompatibility being reported during
2613dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2614dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2615dnl implementation.  Try to detect this mess, and assume the only safe option
2616dnl if we're cross compiling.
2617dnl
2618dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2619dnl NetBSD: 2012,  strnvis(char *dst, size_t dlen, const char *src, int flag);
2620if test "x$ac_cv_func_strnvis" = "xyes"; then
2621	AC_MSG_CHECKING([for working strnvis])
2622	AC_RUN_IFELSE(
2623		[AC_LANG_PROGRAM([[
2624#include <signal.h>
2625#include <stdlib.h>
2626#include <string.h>
2627#include <unistd.h>
2628#include <vis.h>
2629static void sighandler(int sig) { _exit(1); }
2630		]], [[
2631	char dst[16];
2632
2633	signal(SIGSEGV, sighandler);
2634	if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2635		exit(0);
2636	exit(1)
2637		]])],
2638		[AC_MSG_RESULT([yes])],
2639		[AC_MSG_RESULT([no])
2640		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2641		[AC_MSG_WARN([cross compiling: assuming broken])
2642		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2643	)
2644fi
2645
2646AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
2647AC_RUN_IFELSE(
2648	[AC_LANG_PROGRAM([[
2649#ifdef HAVE_SYS_SELECT
2650# include <sys/select.h>
2651#endif
2652#include <sys/types.h>
2653#include <sys/time.h>
2654#include <stdlib.h>
2655#include <signal.h>
2656#include <unistd.h>
2657static void sighandler(int sig) { }
2658		]], [[
2659	int r;
2660	pid_t pid;
2661	struct sigaction sa;
2662
2663	sa.sa_handler = sighandler;
2664	sa.sa_flags = SA_RESTART;
2665	(void)sigaction(SIGTERM, &sa, NULL);
2666	if ((pid = fork()) == 0) { /* child */
2667		pid = getppid();
2668		sleep(1);
2669		kill(pid, SIGTERM);
2670		sleep(1);
2671		if (getppid() == pid) /* if parent did not exit, shoot it */
2672			kill(pid, SIGKILL);
2673		exit(0);
2674	} else { /* parent */
2675		r = select(0, NULL, NULL, NULL, NULL);
2676	}
2677	exit(r == -1 ? 0 : 1);
2678	]])],
2679	[AC_MSG_RESULT([yes])],
2680	[AC_MSG_RESULT([no])
2681	 AC_DEFINE([NO_SA_RESTART], [1],
2682	    [SA_RESTARTed signals do no interrupt select])],
2683	[AC_MSG_WARN([cross compiling: assuming yes])]
2684)
2685
2686AC_CHECK_FUNCS([getpgrp],[
2687	AC_MSG_CHECKING([if getpgrp accepts zero args])
2688	AC_COMPILE_IFELSE(
2689		[AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2690		[ AC_MSG_RESULT([yes])
2691		  AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2692		[ AC_MSG_RESULT([no])
2693		  AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2694	)
2695])
2696
2697# Search for OpenSSL
2698saved_CPPFLAGS="$CPPFLAGS"
2699saved_LDFLAGS="$LDFLAGS"
2700AC_ARG_WITH([ssl-dir],
2701	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
2702	[
2703		if test "x$openssl" = "xno" ; then
2704			AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2705		fi
2706		if test "x$withval" != "xno" ; then
2707			case "$withval" in
2708				# Relative paths
2709				./*|../*)	withval="`pwd`/$withval"
2710			esac
2711			if test -d "$withval/lib"; then
2712				libcrypto_path="${withval}/lib"
2713			elif test -d "$withval/lib64"; then
2714				libcrypto_path="$withval/lib64"
2715			else
2716				# Built but not installed
2717				libcrypto_path="${withval}"
2718			fi
2719			if test -n "${rpath_opt}"; then
2720				LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2721			else
2722				LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2723			fi
2724			if test -d "$withval/include"; then
2725				CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2726			else
2727				CPPFLAGS="-I${withval} ${CPPFLAGS}"
2728			fi
2729		fi
2730	]
2731)
2732
2733AC_ARG_WITH([openssl-header-check],
2734	[  --without-openssl-header-check Disable OpenSSL version consistency check],
2735	[
2736		if test "x$withval" = "xno" ; then
2737			openssl_check_nonfatal=1
2738		fi
2739	]
2740)
2741
2742openssl_engine=no
2743AC_ARG_WITH([ssl-engine],
2744	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
2745	[
2746		if test "x$withval" != "xno" ; then
2747			if test "x$openssl" = "xno" ; then
2748				AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2749			fi
2750			openssl_engine=yes
2751		fi
2752	]
2753)
2754
2755if test "x$openssl" = "xyes" ; then
2756	LIBS="-lcrypto $LIBS"
2757	AC_TRY_LINK_FUNC([RAND_add], ,
2758	    [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
2759	AC_CHECK_HEADER([openssl/opensslv.h], ,
2760	    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2761
2762	# Determine OpenSSL header version
2763	AC_MSG_CHECKING([OpenSSL header version])
2764	AC_RUN_IFELSE(
2765		[AC_LANG_PROGRAM([[
2766	#include <stdlib.h>
2767	#include <stdio.h>
2768	#include <string.h>
2769	#include <openssl/opensslv.h>
2770	#define DATA "conftest.sslincver"
2771		]], [[
2772		FILE *fd;
2773		int rc;
2774
2775		fd = fopen(DATA,"w");
2776		if(fd == NULL)
2777			exit(1);
2778
2779		if ((rc = fprintf(fd, "%08lx (%s)\n",
2780		    (unsigned long)OPENSSL_VERSION_NUMBER,
2781		     OPENSSL_VERSION_TEXT)) < 0)
2782			exit(1);
2783
2784		exit(0);
2785		]])],
2786		[
2787			ssl_header_ver=`cat conftest.sslincver`
2788			AC_MSG_RESULT([$ssl_header_ver])
2789		],
2790		[
2791			AC_MSG_RESULT([not found])
2792			AC_MSG_ERROR([OpenSSL version header not found.])
2793		],
2794		[
2795			AC_MSG_WARN([cross compiling: not checking])
2796		]
2797	)
2798
2799	# Determining OpenSSL library version is version dependent.
2800	AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
2801
2802	# Determine OpenSSL library version
2803	AC_MSG_CHECKING([OpenSSL library version])
2804	AC_RUN_IFELSE(
2805		[AC_LANG_PROGRAM([[
2806	#include <stdio.h>
2807	#include <stdlib.h>
2808	#include <string.h>
2809	#include <openssl/opensslv.h>
2810	#include <openssl/crypto.h>
2811	#define DATA "conftest.ssllibver"
2812		]], [[
2813		FILE *fd;
2814		int rc;
2815
2816		fd = fopen(DATA,"w");
2817		if(fd == NULL)
2818			exit(1);
2819#ifndef OPENSSL_VERSION
2820# define OPENSSL_VERSION SSLEAY_VERSION
2821#endif
2822#ifndef HAVE_OPENSSL_VERSION
2823# define OpenSSL_version	SSLeay_version
2824#endif
2825#ifndef HAVE_OPENSSL_VERSION_NUM
2826# define OpenSSL_version_num	SSLeay
2827#endif
2828		if ((rc = fprintf(fd, "%08lx (%s)\n",
2829		    (unsigned long)OpenSSL_version_num(),
2830		    OpenSSL_version(OPENSSL_VERSION))) < 0)
2831			exit(1);
2832
2833		exit(0);
2834		]])],
2835		[
2836			ssl_library_ver=`cat conftest.ssllibver`
2837			# Check version is supported.
2838			case "$ssl_library_ver" in
2839			10000*|0*)
2840				AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2841		                ;;
2842			100*)   ;; # 1.0.x
2843			101000[[0123456]]*)
2844				# https://github.com/openssl/openssl/pull/4613
2845				AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
2846				;;
2847			101*)   ;; # 1.1.x
2848			200*)   ;; # LibreSSL
2849			300*)   ;; # OpenSSL 3
2850			301*)   ;; # OpenSSL development branch.
2851		        *)
2852				AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
2853		                ;;
2854			esac
2855			AC_MSG_RESULT([$ssl_library_ver])
2856		],
2857		[
2858			AC_MSG_RESULT([not found])
2859			AC_MSG_ERROR([OpenSSL library not found.])
2860		],
2861		[
2862			AC_MSG_WARN([cross compiling: not checking])
2863		]
2864	)
2865
2866	# Sanity check OpenSSL headers
2867	AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2868	AC_RUN_IFELSE(
2869		[AC_LANG_PROGRAM([[
2870	#include <stdlib.h>
2871	#include <string.h>
2872	#include <openssl/opensslv.h>
2873	#include <openssl/crypto.h>
2874		]], [[
2875#ifndef HAVE_OPENSSL_VERSION_NUM
2876# define OpenSSL_version_num	SSLeay
2877#endif
2878		exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2879		]])],
2880		[
2881			AC_MSG_RESULT([yes])
2882		],
2883		[
2884			AC_MSG_RESULT([no])
2885			if test "x$openssl_check_nonfatal" = "x"; then
2886				AC_MSG_ERROR([Your OpenSSL headers do not match your
2887	library. Check config.log for details.
2888	If you are sure your installation is consistent, you can disable the check
2889	by running "./configure --without-openssl-header-check".
2890	Also see contrib/findssl.sh for help identifying header/library mismatches.
2891	])
2892			else
2893				AC_MSG_WARN([Your OpenSSL headers do not match your
2894	library. Check config.log for details.
2895	Also see contrib/findssl.sh for help identifying header/library mismatches.])
2896			fi
2897		],
2898		[
2899			AC_MSG_WARN([cross compiling: not checking])
2900		]
2901	)
2902
2903	AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2904	AC_LINK_IFELSE(
2905		[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2906		[[ ERR_load_crypto_strings(); ]])],
2907		[
2908			AC_MSG_RESULT([yes])
2909		],
2910		[
2911			AC_MSG_RESULT([no])
2912			saved_LIBS="$LIBS"
2913			LIBS="$LIBS -ldl"
2914			AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2915			AC_LINK_IFELSE(
2916				[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2917				[[ ERR_load_crypto_strings(); ]])],
2918				[
2919					AC_MSG_RESULT([yes])
2920				],
2921				[
2922					AC_MSG_RESULT([no])
2923					LIBS="$saved_LIBS"
2924				]
2925			)
2926		]
2927	)
2928
2929	AC_CHECK_FUNCS([ \
2930		BN_is_prime_ex \
2931		DSA_generate_parameters_ex \
2932		EVP_CIPHER_CTX_ctrl \
2933		EVP_DigestFinal_ex \
2934		EVP_DigestInit_ex \
2935		EVP_MD_CTX_cleanup \
2936		EVP_MD_CTX_copy_ex \
2937		EVP_MD_CTX_init \
2938		HMAC_CTX_init \
2939		RSA_generate_key_ex \
2940		RSA_get_default_method \
2941	])
2942
2943	# OpenSSL_add_all_algorithms may be a macro.
2944	AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
2945	    AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
2946	    AC_CHECK_DECL(OpenSSL_add_all_algorithms,
2947		AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
2948		[[#include <openssl/evp.h>]]
2949	    )
2950	)
2951
2952	# LibreSSL/OpenSSL 1.1x API
2953	AC_CHECK_FUNCS([ \
2954		OPENSSL_init_crypto \
2955		DH_get0_key \
2956		DH_get0_pqg \
2957		DH_set0_key \
2958		DH_set_length \
2959		DH_set0_pqg \
2960		DSA_get0_key \
2961		DSA_get0_pqg \
2962		DSA_set0_key \
2963		DSA_set0_pqg \
2964		DSA_SIG_get0 \
2965		DSA_SIG_set0 \
2966		ECDSA_SIG_get0 \
2967		ECDSA_SIG_set0 \
2968		EVP_CIPHER_CTX_iv \
2969		EVP_CIPHER_CTX_iv_noconst \
2970		EVP_CIPHER_CTX_get_iv \
2971		EVP_CIPHER_CTX_get_updated_iv \
2972		EVP_CIPHER_CTX_set_iv \
2973		RSA_get0_crt_params \
2974		RSA_get0_factors \
2975		RSA_get0_key \
2976		RSA_set0_crt_params \
2977		RSA_set0_factors \
2978		RSA_set0_key \
2979		RSA_meth_free \
2980		RSA_meth_dup \
2981		RSA_meth_set1_name \
2982		RSA_meth_get_finish \
2983		RSA_meth_set_priv_enc \
2984		RSA_meth_set_priv_dec \
2985		RSA_meth_set_finish \
2986		EVP_PKEY_get0_RSA \
2987		EVP_MD_CTX_new \
2988		EVP_MD_CTX_free \
2989		EVP_chacha20 \
2990	])
2991
2992	if test "x$openssl_engine" = "xyes" ; then
2993		AC_MSG_CHECKING([for OpenSSL ENGINE support])
2994		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2995	#include <openssl/engine.h>
2996			]], [[
2997				ENGINE_load_builtin_engines();
2998				ENGINE_register_all_complete();
2999			]])],
3000			[ AC_MSG_RESULT([yes])
3001			  AC_DEFINE([USE_OPENSSL_ENGINE], [1],
3002			     [Enable OpenSSL engine support])
3003			], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
3004		])
3005	fi
3006
3007	# Check for OpenSSL without EVP_aes_{192,256}_cbc
3008	AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3009	AC_LINK_IFELSE(
3010		[AC_LANG_PROGRAM([[
3011	#include <stdlib.h>
3012	#include <string.h>
3013	#include <openssl/evp.h>
3014		]], [[
3015		exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
3016		]])],
3017		[
3018			AC_MSG_RESULT([no])
3019		],
3020		[
3021			AC_MSG_RESULT([yes])
3022			AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
3023			    [libcrypto is missing AES 192 and 256 bit functions])
3024		]
3025	)
3026
3027	# Check for OpenSSL with EVP_aes_*ctr
3028	AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
3029	AC_LINK_IFELSE(
3030		[AC_LANG_PROGRAM([[
3031	#include <stdlib.h>
3032	#include <string.h>
3033	#include <openssl/evp.h>
3034		]], [[
3035		exit(EVP_aes_128_ctr() == NULL ||
3036		    EVP_aes_192_cbc() == NULL ||
3037		    EVP_aes_256_cbc() == NULL);
3038		]])],
3039		[
3040			AC_MSG_RESULT([yes])
3041			AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
3042			    [libcrypto has EVP AES CTR])
3043		],
3044		[
3045			AC_MSG_RESULT([no])
3046		]
3047	)
3048
3049	# Check for OpenSSL with EVP_aes_*gcm
3050	AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
3051	AC_LINK_IFELSE(
3052		[AC_LANG_PROGRAM([[
3053	#include <stdlib.h>
3054	#include <string.h>
3055	#include <openssl/evp.h>
3056		]], [[
3057		exit(EVP_aes_128_gcm() == NULL ||
3058		    EVP_aes_256_gcm() == NULL ||
3059		    EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
3060		    EVP_CTRL_GCM_IV_GEN == 0 ||
3061		    EVP_CTRL_GCM_SET_TAG == 0 ||
3062		    EVP_CTRL_GCM_GET_TAG == 0 ||
3063		    EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
3064		]])],
3065		[
3066			AC_MSG_RESULT([yes])
3067			AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
3068			    [libcrypto has EVP AES GCM])
3069		],
3070		[
3071			AC_MSG_RESULT([no])
3072			unsupported_algorithms="$unsupported_cipers \
3073			   aes128-gcm@openssh.com \
3074			   aes256-gcm@openssh.com"
3075		]
3076	)
3077
3078	AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
3079	AC_LINK_IFELSE(
3080		[AC_LANG_PROGRAM([[
3081	#include <stdlib.h>
3082	#include <string.h>
3083	#include <openssl/evp.h>
3084		]], [[
3085		if(EVP_DigestUpdate(NULL, NULL,0))
3086			exit(0);
3087		]])],
3088		[
3089			AC_MSG_RESULT([yes])
3090		],
3091		[
3092			AC_MSG_RESULT([no])
3093			AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
3094			    [Define if EVP_DigestUpdate returns void])
3095		]
3096	)
3097
3098	# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
3099	# because the system crypt() is more featureful.
3100	if test "x$check_for_libcrypt_before" = "x1"; then
3101		AC_CHECK_LIB([crypt], [crypt])
3102	fi
3103
3104	# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
3105	# version in OpenSSL.
3106	if test "x$check_for_libcrypt_later" = "x1"; then
3107		AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
3108	fi
3109	AC_CHECK_FUNCS([crypt DES_crypt])
3110
3111	# Check for SHA256, SHA384 and SHA512 support in OpenSSL
3112	AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
3113
3114	# Check complete ECC support in OpenSSL
3115	AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3116	AC_LINK_IFELSE(
3117		[AC_LANG_PROGRAM([[
3118	#include <openssl/ec.h>
3119	#include <openssl/ecdh.h>
3120	#include <openssl/ecdsa.h>
3121	#include <openssl/evp.h>
3122	#include <openssl/objects.h>
3123	#include <openssl/opensslv.h>
3124		]], [[
3125		EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3126		const EVP_MD *m = EVP_sha256(); /* We need this too */
3127		]])],
3128		[ AC_MSG_RESULT([yes])
3129		  enable_nistp256=1 ],
3130		[ AC_MSG_RESULT([no]) ]
3131	)
3132
3133	AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3134	AC_LINK_IFELSE(
3135		[AC_LANG_PROGRAM([[
3136	#include <openssl/ec.h>
3137	#include <openssl/ecdh.h>
3138	#include <openssl/ecdsa.h>
3139	#include <openssl/evp.h>
3140	#include <openssl/objects.h>
3141	#include <openssl/opensslv.h>
3142		]], [[
3143		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3144		const EVP_MD *m = EVP_sha384(); /* We need this too */
3145		]])],
3146		[ AC_MSG_RESULT([yes])
3147		  enable_nistp384=1 ],
3148		[ AC_MSG_RESULT([no]) ]
3149	)
3150
3151	AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3152	AC_LINK_IFELSE(
3153		[AC_LANG_PROGRAM([[
3154	#include <openssl/ec.h>
3155	#include <openssl/ecdh.h>
3156	#include <openssl/ecdsa.h>
3157	#include <openssl/evp.h>
3158	#include <openssl/objects.h>
3159	#include <openssl/opensslv.h>
3160		]], [[
3161		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3162		const EVP_MD *m = EVP_sha512(); /* We need this too */
3163		]])],
3164		[ AC_MSG_RESULT([yes])
3165		  AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3166		  AC_RUN_IFELSE(
3167			[AC_LANG_PROGRAM([[
3168	#include <stdlib.h>
3169	#include <openssl/ec.h>
3170	#include <openssl/ecdh.h>
3171	#include <openssl/ecdsa.h>
3172	#include <openssl/evp.h>
3173	#include <openssl/objects.h>
3174	#include <openssl/opensslv.h>
3175			]],[[
3176			EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3177			const EVP_MD *m = EVP_sha512(); /* We need this too */
3178			exit(e == NULL || m == NULL);
3179			]])],
3180			[ AC_MSG_RESULT([yes])
3181			  enable_nistp521=1 ],
3182			[ AC_MSG_RESULT([no]) ],
3183			[ AC_MSG_WARN([cross-compiling: assuming yes])
3184			  enable_nistp521=1 ]
3185		  )],
3186		AC_MSG_RESULT([no])
3187	)
3188
3189	if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3190	    test x$enable_nistp521 = x1; then
3191		AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3192		AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3193		openssl_ecc=yes
3194	else
3195		openssl_ecc=no
3196	fi
3197	if test x$enable_nistp256 = x1; then
3198		AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3199		    [libcrypto has NID_X9_62_prime256v1])
3200	else
3201		unsupported_algorithms="$unsupported_algorithms \
3202			ecdsa-sha2-nistp256 \
3203			ecdh-sha2-nistp256 \
3204			ecdsa-sha2-nistp256-cert-v01@openssh.com"
3205	fi
3206	if test x$enable_nistp384 = x1; then
3207		AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3208	else
3209		unsupported_algorithms="$unsupported_algorithms \
3210			ecdsa-sha2-nistp384 \
3211			ecdh-sha2-nistp384 \
3212			ecdsa-sha2-nistp384-cert-v01@openssh.com"
3213	fi
3214	if test x$enable_nistp521 = x1; then
3215		AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3216	else
3217		unsupported_algorithms="$unsupported_algorithms \
3218			ecdh-sha2-nistp521 \
3219			ecdsa-sha2-nistp521 \
3220			ecdsa-sha2-nistp521-cert-v01@openssh.com"
3221	fi
3222
3223else
3224	AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
3225	AC_CHECK_FUNCS([crypt])
3226fi
3227
3228# PKCS11/U2F depend on OpenSSL and dlopen().
3229enable_pkcs11=yes
3230enable_sk=yes
3231if test "x$openssl" != "xyes" ; then
3232	enable_pkcs11="disabled; missing libcrypto"
3233fi
3234if test "x$ac_cv_func_dlopen" != "xyes" ; then
3235	enable_pkcs11="disabled; missing dlopen(3)"
3236	enable_sk="disabled; missing dlopen(3)"
3237fi
3238if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3239	enable_pkcs11="disabled; missing RTLD_NOW"
3240	enable_sk="disabled; missing RTLD_NOW"
3241fi
3242if test ! -z "$disable_pkcs11" ; then
3243	enable_pkcs11="disabled by user"
3244fi
3245if test ! -z "$disable_sk" ; then
3246	enable_sk="disabled by user"
3247fi
3248
3249AC_MSG_CHECKING([whether to enable PKCS11])
3250if test "x$enable_pkcs11" = "xyes" ; then
3251	AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3252fi
3253AC_MSG_RESULT([$enable_pkcs11])
3254
3255AC_MSG_CHECKING([whether to enable U2F])
3256if test "x$enable_sk" = "xyes" ; then
3257	AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3258	AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3259else
3260	# Do not try to build sk-dummy library.
3261	AC_SUBST(SK_DUMMY_LIBRARY, [""])
3262fi
3263AC_MSG_RESULT([$enable_sk])
3264
3265# Now check for built-in security key support.
3266if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
3267	AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
3268	use_pkgconfig_for_libfido2=
3269	if test "x$PKGCONFIG" != "xno"; then
3270		AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3271		if "$PKGCONFIG" libfido2; then
3272			AC_MSG_RESULT([yes])
3273			use_pkgconfig_for_libfido2=yes
3274		else
3275			AC_MSG_RESULT([no])
3276		fi
3277	fi
3278	if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3279		LIBFIDO2=`$PKGCONFIG --libs libfido2`
3280		CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3281	else
3282		LIBFIDO2="-lprivatefido2 -lprivatecbor"
3283	fi
3284	OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3285	AC_CHECK_LIB([privatefido2], [fido_init],
3286		[
3287			AC_SUBST([LIBFIDO2])
3288			AC_DEFINE([ENABLE_SK_INTERNAL], [],
3289			    [Enable for built-in U2F/FIDO support])
3290			enable_sk="built-in"
3291		], [ AC_MSG_ERROR([no usable libprivatefido2 found]) ],
3292		[ $OTHERLIBS ]
3293	)
3294	saved_LIBS="$LIBS"
3295	LIBS="$LIBS $LIBFIDO2"
3296	AC_CHECK_FUNCS([ \
3297		fido_assert_set_clientdata \
3298		fido_cred_prot \
3299		fido_cred_set_prot \
3300		fido_cred_set_clientdata \
3301		fido_dev_get_touch_begin \
3302		fido_dev_get_touch_status \
3303		fido_dev_supports_cred_prot \
3304	])
3305	LIBS="$saved_LIBS"
3306	AC_CHECK_HEADER([fido.h], [],
3307		AC_MSG_ERROR([missing fido.h from libfido2]))
3308	AC_CHECK_HEADER([fido/credman.h], [],
3309		AC_MSG_ERROR([missing fido/credman.h from libfido2]),
3310		[#include <fido.h>]
3311	)
3312fi
3313
3314AC_CHECK_FUNCS([ \
3315	arc4random \
3316	arc4random_buf \
3317	arc4random_stir \
3318	arc4random_uniform \
3319])
3320
3321saved_LIBS="$LIBS"
3322AC_CHECK_LIB([iaf], [ia_openinfo], [
3323	LIBS="$LIBS -liaf"
3324	AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3325				AC_DEFINE([HAVE_LIBIAF], [1],
3326			[Define if system has libiaf that supports set_id])
3327				])
3328])
3329LIBS="$saved_LIBS"
3330
3331### Configure cryptographic random number support
3332
3333# Check whether OpenSSL seeds itself
3334if test "x$openssl" = "xyes" ; then
3335	AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3336	AC_RUN_IFELSE(
3337		[AC_LANG_PROGRAM([[
3338	#include <stdlib.h>
3339	#include <string.h>
3340	#include <openssl/rand.h>
3341		]], [[
3342		exit(RAND_status() == 1 ? 0 : 1);
3343		]])],
3344		[
3345			OPENSSL_SEEDS_ITSELF=yes
3346			AC_MSG_RESULT([yes])
3347		],
3348		[
3349			AC_MSG_RESULT([no])
3350		],
3351		[
3352			AC_MSG_WARN([cross compiling: assuming yes])
3353			# This is safe, since we will fatal() at runtime if
3354			# OpenSSL is not seeded correctly.
3355			OPENSSL_SEEDS_ITSELF=yes
3356		]
3357	)
3358fi
3359
3360# PRNGD TCP socket
3361AC_ARG_WITH([prngd-port],
3362	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
3363	[
3364		case "$withval" in
3365		no)
3366			withval=""
3367			;;
3368		[[0-9]]*)
3369			;;
3370		*)
3371			AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3372			;;
3373		esac
3374		if test ! -z "$withval" ; then
3375			PRNGD_PORT="$withval"
3376			AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3377				[Port number of PRNGD/EGD random number socket])
3378		fi
3379	]
3380)
3381
3382# PRNGD Unix domain socket
3383AC_ARG_WITH([prngd-socket],
3384	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3385	[
3386		case "$withval" in
3387		yes)
3388			withval="/var/run/egd-pool"
3389			;;
3390		no)
3391			withval=""
3392			;;
3393		/*)
3394			;;
3395		*)
3396			AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3397			;;
3398		esac
3399
3400		if test ! -z "$withval" ; then
3401			if test ! -z "$PRNGD_PORT" ; then
3402				AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3403			fi
3404			if test ! -r "$withval" ; then
3405				AC_MSG_WARN([Entropy socket is not readable])
3406			fi
3407			PRNGD_SOCKET="$withval"
3408			AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3409				[Location of PRNGD/EGD random number socket])
3410		fi
3411	],
3412	[
3413		# Check for existing socket only if we don't have a random device already
3414		if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3415			AC_MSG_CHECKING([for PRNGD/EGD socket])
3416			# Insert other locations here
3417			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3418				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3419					PRNGD_SOCKET="$sock"
3420					AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3421					break;
3422				fi
3423			done
3424			if test ! -z "$PRNGD_SOCKET" ; then
3425				AC_MSG_RESULT([$PRNGD_SOCKET])
3426			else
3427				AC_MSG_RESULT([not found])
3428			fi
3429		fi
3430	]
3431)
3432
3433# Which randomness source do we use?
3434if test ! -z "$PRNGD_PORT" ; then
3435	RAND_MSG="PRNGd port $PRNGD_PORT"
3436elif test ! -z "$PRNGD_SOCKET" ; then
3437	RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3438elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3439	AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3440		[Define if you want the OpenSSL internally seeded PRNG only])
3441	RAND_MSG="OpenSSL internal ONLY"
3442elif test "x$openssl" = "xno" ; then
3443	AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3444else
3445	AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3446fi
3447
3448# Check for PAM libs
3449PAM_MSG="no"
3450AC_ARG_WITH([pam],
3451	[  --with-pam              Enable PAM support ],
3452	[
3453		if test "x$withval" != "xno" ; then
3454			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3455			   test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3456				AC_MSG_ERROR([PAM headers not found])
3457			fi
3458
3459			saved_LIBS="$LIBS"
3460			AC_CHECK_LIB([dl], [dlopen], , )
3461			AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3462			AC_CHECK_FUNCS([pam_getenvlist])
3463			AC_CHECK_FUNCS([pam_putenv])
3464			LIBS="$saved_LIBS"
3465
3466			PAM_MSG="yes"
3467
3468			SSHDLIBS="$SSHDLIBS -lpam"
3469			AC_DEFINE([USE_PAM], [1],
3470				[Define if you want to enable PAM support])
3471
3472			if test $ac_cv_lib_dl_dlopen = yes; then
3473				case "$LIBS" in
3474				*-ldl*)
3475					# libdl already in LIBS
3476					;;
3477				*)
3478					SSHDLIBS="$SSHDLIBS -ldl"
3479					;;
3480				esac
3481			fi
3482		fi
3483	]
3484)
3485
3486AC_ARG_WITH([pam-service],
3487	[  --with-pam-service=name Specify PAM service name ],
3488	[
3489		if test "x$withval" != "xno" && \
3490		   test "x$withval" != "xyes" ; then
3491			AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3492				["$withval"], [sshd PAM service name])
3493		fi
3494	]
3495)
3496
3497# Check for older PAM
3498if test "x$PAM_MSG" = "xyes" ; then
3499	# Check PAM strerror arguments (old PAM)
3500	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3501	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3502#include <stdlib.h>
3503#if defined(HAVE_SECURITY_PAM_APPL_H)
3504#include <security/pam_appl.h>
3505#elif defined (HAVE_PAM_PAM_APPL_H)
3506#include <pam/pam_appl.h>
3507#endif
3508		]], [[
3509(void)pam_strerror((pam_handle_t *)NULL, -1);
3510		]])], [AC_MSG_RESULT([no])], [
3511			AC_DEFINE([HAVE_OLD_PAM], [1],
3512				[Define if you have an old version of PAM
3513				which takes only one argument to pam_strerror])
3514			AC_MSG_RESULT([yes])
3515			PAM_MSG="yes (old library)"
3516
3517	])
3518fi
3519
3520case "$host" in
3521*-*-cygwin*)
3522	SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3523	;;
3524*)
3525	SSH_PRIVSEP_USER=sshd
3526	;;
3527esac
3528AC_ARG_WITH([privsep-user],
3529	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
3530	[
3531		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3532		    test "x${withval}" != "xyes"; then
3533			SSH_PRIVSEP_USER=$withval
3534		fi
3535	]
3536)
3537if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3538	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3539		[Cygwin function to fetch non-privileged user for privilege separation])
3540else
3541	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3542		[non-privileged user for privilege separation])
3543fi
3544AC_SUBST([SSH_PRIVSEP_USER])
3545
3546if test "x$have_linux_no_new_privs" = "x1" ; then
3547AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3548	#include <sys/types.h>
3549	#include <linux/seccomp.h>
3550])
3551fi
3552if test "x$have_seccomp_filter" = "x1" ; then
3553AC_MSG_CHECKING([kernel for seccomp_filter support])
3554AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3555		#include <errno.h>
3556		#include <elf.h>
3557		#include <linux/audit.h>
3558		#include <linux/seccomp.h>
3559		#include <stdlib.h>
3560		#include <sys/prctl.h>
3561	]],
3562	[[ int i = $seccomp_audit_arch;
3563	   errno = 0;
3564	   prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3565	   exit(errno == EFAULT ? 0 : 1); ]])],
3566	[ AC_MSG_RESULT([yes]) ], [
3567		AC_MSG_RESULT([no])
3568		# Disable seccomp filter as a target
3569		have_seccomp_filter=0
3570	]
3571)
3572fi
3573
3574# Decide which sandbox style to use
3575sandbox_arg=""
3576AC_ARG_WITH([sandbox],
3577	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3578	[
3579		if test "x$withval" = "xyes" ; then
3580			sandbox_arg=""
3581		else
3582			sandbox_arg="$withval"
3583		fi
3584	]
3585)
3586
3587# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
3588# is greater than OPEN_MAX".  On some platforms that includes implementions
3589# ofselect in userspace on top of poll() so check both work with rlimit NOFILES
3590# so check that both work before enabling the rlimit sandbox.
3591AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
3592AC_RUN_IFELSE(
3593	[AC_LANG_PROGRAM([[
3594#include <sys/types.h>
3595#ifdef HAVE_SYS_TIME_H
3596# include <sys/time.h>
3597#endif
3598#include <sys/resource.h>
3599#ifdef HAVE_SYS_SELECT_H
3600# include <sys/select.h>
3601#endif
3602#ifdef HAVE_POLL_H
3603# include <poll.h>
3604#elif HAVE_SYS_POLL_H
3605# include <sys/poll.h>
3606#endif
3607#include <errno.h>
3608#include <fcntl.h>
3609#include <stdlib.h>
3610	]],[[
3611	struct rlimit rl_zero;
3612	int fd, r;
3613	fd_set fds;
3614	struct timeval tv;
3615#ifdef HAVE_POLL
3616	struct pollfd pfd;
3617#endif
3618
3619	fd = open("/dev/null", O_RDONLY);
3620	FD_ZERO(&fds);
3621	FD_SET(fd, &fds);
3622	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3623	setrlimit(RLIMIT_FSIZE, &rl_zero);
3624	setrlimit(RLIMIT_NOFILE, &rl_zero);
3625	tv.tv_sec = 1;
3626	tv.tv_usec = 0;
3627	r = select(fd+1, &fds, NULL, NULL, &tv);
3628	if (r == -1)
3629		exit(1);
3630#ifdef HAVE_POLL
3631	pfd.fd = fd;
3632	pfd.events = POLLIN;
3633	r = poll(&pfd, 1, 1);
3634	if (r == -1)
3635		exit(2);
3636#endif
3637	exit(0);
3638	]])],
3639	[AC_MSG_RESULT([yes])
3640	 select_works_with_rlimit=yes],
3641	[AC_MSG_RESULT([no])
3642	 select_works_with_rlimit=no],
3643	[AC_MSG_WARN([cross compiling: assuming no])
3644	 select_works_with_rlimit=no]
3645)
3646
3647AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
3648#include <sys/types.h>
3649#ifdef HAVE_POLL_H
3650#include <poll.h>
3651#endif
3652#ifdef HAVE_SYS_POLL_H
3653#include <sys/poll.h>
3654#endif
3655]])
3656
3657AC_CHECK_TYPES([nfds_t], , , [
3658#include <sys/types.h>
3659#ifdef HAVE_POLL_H
3660#include <poll.h>
3661#endif
3662#ifdef HAVE_SYS_POLL_H
3663#include <sys/poll.h>
3664#endif
3665])
3666
3667AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3668AC_RUN_IFELSE(
3669	[AC_LANG_PROGRAM([[
3670#include <sys/types.h>
3671#ifdef HAVE_SYS_TIME_H
3672# include <sys/time.h>
3673#endif
3674#include <sys/resource.h>
3675#include <errno.h>
3676#include <stdlib.h>
3677	]],[[
3678	struct rlimit rl_zero;
3679	int r;
3680
3681	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3682	r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3683	exit (r == -1 ? 1 : 0);
3684	]])],
3685	[AC_MSG_RESULT([yes])
3686	 rlimit_nofile_zero_works=yes],
3687	[AC_MSG_RESULT([no])
3688	 rlimit_nofile_zero_works=no],
3689	[AC_MSG_WARN([cross compiling: assuming yes])
3690	 rlimit_nofile_zero_works=yes]
3691)
3692
3693AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3694AC_RUN_IFELSE(
3695	[AC_LANG_PROGRAM([[
3696#include <sys/types.h>
3697#include <sys/resource.h>
3698#include <stdlib.h>
3699	]],[[
3700		struct rlimit rl_zero;
3701
3702		rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3703		exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3704	]])],
3705	[AC_MSG_RESULT([yes])],
3706	[AC_MSG_RESULT([no])
3707	 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3708	    [setrlimit RLIMIT_FSIZE works])],
3709	[AC_MSG_WARN([cross compiling: assuming yes])]
3710)
3711
3712if test "x$sandbox_arg" = "xpledge" || \
3713   ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3714	test "x$ac_cv_func_pledge" != "xyes" && \
3715		AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3716	SANDBOX_STYLE="pledge"
3717	AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3718elif test "x$sandbox_arg" = "xsystrace" || \
3719   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3720	test "x$have_systr_policy_kill" != "x1" && \
3721		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3722	SANDBOX_STYLE="systrace"
3723	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3724elif test "x$sandbox_arg" = "xdarwin" || \
3725     ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3726       test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3727	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3728	     "x$ac_cv_header_sandbox_h" != "xyes" && \
3729		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3730	SANDBOX_STYLE="darwin"
3731	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3732elif test "x$sandbox_arg" = "xseccomp_filter" || \
3733     ( test -z "$sandbox_arg" && \
3734       test "x$have_seccomp_filter" = "x1" && \
3735       test "x$ac_cv_header_elf_h" = "xyes" && \
3736       test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3737       test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3738       test "x$seccomp_audit_arch" != "x" && \
3739       test "x$have_linux_no_new_privs" = "x1" && \
3740       test "x$ac_cv_func_prctl" = "xyes" ) ; then
3741	test "x$seccomp_audit_arch" = "x" && \
3742		AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3743	test "x$have_linux_no_new_privs" != "x1" && \
3744		AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3745	test "x$have_seccomp_filter" != "x1" && \
3746		AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3747	test "x$ac_cv_func_prctl" != "xyes" && \
3748		AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3749	SANDBOX_STYLE="seccomp_filter"
3750	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3751elif test "x$sandbox_arg" = "xcapsicum" || \
3752     ( test -z "$sandbox_arg" && \
3753       test "x$disable_capsicum" != "xyes" && \
3754       test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3755       test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3756       test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3757		AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3758       test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3759		AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3760       SANDBOX_STYLE="capsicum"
3761       AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3762elif test "x$sandbox_arg" = "xrlimit" || \
3763     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3764       test "x$select_works_with_rlimit" = "xyes" && \
3765       test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3766	test "x$ac_cv_func_setrlimit" != "xyes" && \
3767		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3768	test "x$select_works_with_rlimit" != "xyes" && \
3769		AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3770	SANDBOX_STYLE="rlimit"
3771	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3772elif test "x$sandbox_arg" = "xsolaris" || \
3773   ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3774	SANDBOX_STYLE="solaris"
3775	AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3776elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3777     test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3778	SANDBOX_STYLE="none"
3779	AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3780else
3781	AC_MSG_ERROR([unsupported --with-sandbox])
3782fi
3783
3784# Cheap hack to ensure NEWS-OS libraries are arranged right.
3785if test ! -z "$SONY" ; then
3786  LIBS="$LIBS -liberty";
3787fi
3788
3789# Check for long long datatypes
3790AC_CHECK_TYPES([long long, unsigned long long, long double])
3791
3792# Check datatype sizes
3793AC_CHECK_SIZEOF([short int])
3794AC_CHECK_SIZEOF([int])
3795AC_CHECK_SIZEOF([long int])
3796AC_CHECK_SIZEOF([long long int])
3797AC_CHECK_SIZEOF([time_t], [], [[
3798    #include <sys/types.h>
3799    #ifdef HAVE_SYS_TIME_H
3800    # include <sys/time.h>
3801    #endif
3802    #ifdef HAVE_TIME_H
3803    # include <time.h>
3804    #endif
3805	]]
3806)
3807
3808# Sanity check long long for some platforms (AIX)
3809if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3810	ac_cv_sizeof_long_long_int=0
3811fi
3812
3813# compute LLONG_MIN and LLONG_MAX if we don't know them.
3814if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3815	AC_MSG_CHECKING([for max value of long long])
3816	AC_RUN_IFELSE(
3817		[AC_LANG_PROGRAM([[
3818#include <stdio.h>
3819#include <stdlib.h>
3820/* Why is this so damn hard? */
3821#ifdef __GNUC__
3822# undef __GNUC__
3823#endif
3824#define __USE_ISOC99
3825#include <limits.h>
3826#define DATA "conftest.llminmax"
3827#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3828
3829/*
3830 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3831 * we do this the hard way.
3832 */
3833static int
3834fprint_ll(FILE *f, long long n)
3835{
3836	unsigned int i;
3837	int l[sizeof(long long) * 8];
3838
3839	if (n < 0)
3840		if (fprintf(f, "-") < 0)
3841			return -1;
3842	for (i = 0; n != 0; i++) {
3843		l[i] = my_abs(n % 10);
3844		n /= 10;
3845	}
3846	do {
3847		if (fprintf(f, "%d", l[--i]) < 0)
3848			return -1;
3849	} while (i != 0);
3850	if (fprintf(f, " ") < 0)
3851		return -1;
3852	return 0;
3853}
3854		]], [[
3855	FILE *f;
3856	long long i, llmin, llmax = 0;
3857
3858	if((f = fopen(DATA,"w")) == NULL)
3859		exit(1);
3860
3861#if defined(LLONG_MIN) && defined(LLONG_MAX)
3862	fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3863	llmin = LLONG_MIN;
3864	llmax = LLONG_MAX;
3865#else
3866	fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
3867	/* This will work on one's complement and two's complement */
3868	for (i = 1; i > llmax; i <<= 1, i++)
3869		llmax = i;
3870	llmin = llmax + 1LL;	/* wrap */
3871#endif
3872
3873	/* Sanity check */
3874	if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3875	    || llmax - 1 > llmax || llmin == llmax || llmin == 0
3876	    || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3877		fprintf(f, "unknown unknown\n");
3878		exit(2);
3879	}
3880
3881	if (fprint_ll(f, llmin) < 0)
3882		exit(3);
3883	if (fprint_ll(f, llmax) < 0)
3884		exit(4);
3885	if (fclose(f) < 0)
3886		exit(5);
3887	exit(0);
3888		]])],
3889		[
3890			llong_min=`$AWK '{print $1}' conftest.llminmax`
3891			llong_max=`$AWK '{print $2}' conftest.llminmax`
3892
3893			AC_MSG_RESULT([$llong_max])
3894			AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3895			    [max value of long long calculated by configure])
3896			AC_MSG_CHECKING([for min value of long long])
3897			AC_MSG_RESULT([$llong_min])
3898			AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3899			    [min value of long long calculated by configure])
3900		],
3901		[
3902			AC_MSG_RESULT([not found])
3903		],
3904		[
3905			AC_MSG_WARN([cross compiling: not checking])
3906		]
3907	)
3908fi
3909
3910AC_CHECK_DECLS([UINT32_MAX], , , [[
3911#ifdef HAVE_SYS_LIMITS_H
3912# include <sys/limits.h>
3913#endif
3914#ifdef HAVE_LIMITS_H
3915# include <limits.h>
3916#endif
3917#ifdef HAVE_STDINT_H
3918# include <stdint.h>
3919#endif
3920]])
3921
3922# More checks for data types
3923AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3924	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3925	[[ u_int a; a = 1;]])],
3926	[ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3927	])
3928])
3929if test "x$ac_cv_have_u_int" = "xyes" ; then
3930	AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3931	have_u_int=1
3932fi
3933
3934AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3935	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3936	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3937	[ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3938	])
3939])
3940if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3941	AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3942	have_intxx_t=1
3943fi
3944
3945if (test -z "$have_intxx_t" && \
3946	   test "x$ac_cv_header_stdint_h" = "xyes")
3947then
3948    AC_MSG_CHECKING([for intXX_t types in stdint.h])
3949	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3950	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3951		[
3952			AC_DEFINE([HAVE_INTXX_T])
3953			AC_MSG_RESULT([yes])
3954		], [ AC_MSG_RESULT([no])
3955	])
3956fi
3957
3958AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3959	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3960#include <sys/types.h>
3961#ifdef HAVE_STDINT_H
3962# include <stdint.h>
3963#endif
3964#include <sys/socket.h>
3965#ifdef HAVE_SYS_BITYPES_H
3966# include <sys/bitypes.h>
3967#endif
3968		]], [[
3969int64_t a; a = 1;
3970		]])],
3971	[ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3972	])
3973])
3974if test "x$ac_cv_have_int64_t" = "xyes" ; then
3975	AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3976fi
3977
3978AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3979	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3980	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3981	[ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3982	])
3983])
3984if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3985	AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3986	have_u_intxx_t=1
3987fi
3988
3989if test -z "$have_u_intxx_t" ; then
3990    AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3991	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3992	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3993		[
3994			AC_DEFINE([HAVE_U_INTXX_T])
3995			AC_MSG_RESULT([yes])
3996		], [ AC_MSG_RESULT([no])
3997	])
3998fi
3999
4000AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
4001	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4002	[[ u_int64_t a; a = 1;]])],
4003	[ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
4004	])
4005])
4006if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
4007	AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
4008	have_u_int64_t=1
4009fi
4010
4011if (test -z "$have_u_int64_t" && \
4012	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4013then
4014    AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
4015	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
4016	[[ u_int64_t a; a = 1]])],
4017		[
4018			AC_DEFINE([HAVE_U_INT64_T])
4019			AC_MSG_RESULT([yes])
4020		], [ AC_MSG_RESULT([no])
4021	])
4022fi
4023
4024if test -z "$have_u_intxx_t" ; then
4025	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
4026		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4027#include <sys/types.h>
4028			]], [[
4029	uint8_t a;
4030	uint16_t b;
4031	uint32_t c;
4032	a = b = c = 1;
4033			]])],
4034		[ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
4035		])
4036	])
4037	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
4038		AC_DEFINE([HAVE_UINTXX_T], [1],
4039			[define if you have uintxx_t data type])
4040	fi
4041fi
4042
4043if (test -z "$have_uintxx_t" && \
4044	   test "x$ac_cv_header_stdint_h" = "xyes")
4045then
4046    AC_MSG_CHECKING([for uintXX_t types in stdint.h])
4047	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
4048	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4049		[
4050			AC_DEFINE([HAVE_UINTXX_T])
4051			AC_MSG_RESULT([yes])
4052		], [ AC_MSG_RESULT([no])
4053	])
4054fi
4055
4056if (test -z "$have_uintxx_t" && \
4057	   test "x$ac_cv_header_inttypes_h" = "xyes")
4058then
4059    AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
4060	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
4061	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4062		[
4063			AC_DEFINE([HAVE_UINTXX_T])
4064			AC_MSG_RESULT([yes])
4065		], [ AC_MSG_RESULT([no])
4066	])
4067fi
4068
4069if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4070	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4071then
4072	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
4073	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4074#include <sys/bitypes.h>
4075		]], [[
4076			int8_t a; int16_t b; int32_t c;
4077			u_int8_t e; u_int16_t f; u_int32_t g;
4078			a = b = c = e = f = g = 1;
4079		]])],
4080		[
4081			AC_DEFINE([HAVE_U_INTXX_T])
4082			AC_DEFINE([HAVE_INTXX_T])
4083			AC_MSG_RESULT([yes])
4084		], [AC_MSG_RESULT([no])
4085	])
4086fi
4087
4088
4089AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
4090	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4091	[[ u_char foo; foo = 125; ]])],
4092	[ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
4093	])
4094])
4095if test "x$ac_cv_have_u_char" = "xyes" ; then
4096	AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
4097fi
4098
4099AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
4100#include <sys/types.h>
4101#ifdef HAVE_STDINT_H
4102# include <stdint.h>
4103#endif
4104])
4105
4106TYPE_SOCKLEN_T
4107
4108AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
4109AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
4110#include <sys/types.h>
4111#ifdef HAVE_SYS_BITYPES_H
4112#include <sys/bitypes.h>
4113#endif
4114#ifdef HAVE_SYS_STATFS_H
4115#include <sys/statfs.h>
4116#endif
4117#ifdef HAVE_SYS_STATVFS_H
4118#include <sys/statvfs.h>
4119#endif
4120])
4121
4122AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
4123#include <sys/param.h>
4124#include <sys/types.h>
4125#ifdef HAVE_SYS_BITYPES_H
4126#include <sys/bitypes.h>
4127#endif
4128#ifdef HAVE_SYS_STATFS_H
4129#include <sys/statfs.h>
4130#endif
4131#ifdef HAVE_SYS_STATVFS_H
4132#include <sys/statvfs.h>
4133#endif
4134#ifdef HAVE_SYS_VFS_H
4135#include <sys/vfs.h>
4136#endif
4137#ifdef HAVE_SYS_MOUNT_H
4138#include <sys/mount.h>
4139#endif
4140]])
4141
4142
4143AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
4144[#include <sys/types.h>
4145#include <netinet/in.h>])
4146
4147AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
4148	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4149	[[ size_t foo; foo = 1235; ]])],
4150	[ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
4151	])
4152])
4153if test "x$ac_cv_have_size_t" = "xyes" ; then
4154	AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
4155fi
4156
4157AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
4158	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4159	[[ ssize_t foo; foo = 1235; ]])],
4160	[ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
4161	])
4162])
4163if test "x$ac_cv_have_ssize_t" = "xyes" ; then
4164	AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
4165fi
4166
4167AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
4168	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
4169	[[ clock_t foo; foo = 1235; ]])],
4170	[ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
4171	])
4172])
4173if test "x$ac_cv_have_clock_t" = "xyes" ; then
4174	AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
4175fi
4176
4177AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
4178	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4179#include <sys/types.h>
4180#include <sys/socket.h>
4181		]], [[ sa_family_t foo; foo = 1235; ]])],
4182	[ ac_cv_have_sa_family_t="yes" ],
4183	[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4184#include <sys/types.h>
4185#include <sys/socket.h>
4186#include <netinet/in.h>
4187		]], [[ sa_family_t foo; foo = 1235; ]])],
4188		[ ac_cv_have_sa_family_t="yes" ],
4189		[ ac_cv_have_sa_family_t="no" ]
4190	)
4191	])
4192])
4193if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
4194	AC_DEFINE([HAVE_SA_FAMILY_T], [1],
4195		[define if you have sa_family_t data type])
4196fi
4197
4198AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
4199	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4200	[[ pid_t foo; foo = 1235; ]])],
4201	[ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
4202	])
4203])
4204if test "x$ac_cv_have_pid_t" = "xyes" ; then
4205	AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
4206fi
4207
4208AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
4209	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4210	[[ mode_t foo; foo = 1235; ]])],
4211	[ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
4212	])
4213])
4214if test "x$ac_cv_have_mode_t" = "xyes" ; then
4215	AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
4216fi
4217
4218
4219AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
4220	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4221#include <sys/types.h>
4222#include <sys/socket.h>
4223		]], [[ struct sockaddr_storage s; ]])],
4224	[ ac_cv_have_struct_sockaddr_storage="yes" ],
4225	[ ac_cv_have_struct_sockaddr_storage="no"
4226	])
4227])
4228if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
4229	AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
4230		[define if you have struct sockaddr_storage data type])
4231fi
4232
4233AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
4234	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4235#include <sys/types.h>
4236#include <netinet/in.h>
4237		]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
4238	[ ac_cv_have_struct_sockaddr_in6="yes" ],
4239	[ ac_cv_have_struct_sockaddr_in6="no"
4240	])
4241])
4242if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
4243	AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
4244		[define if you have struct sockaddr_in6 data type])
4245fi
4246
4247AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4248	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4249#include <sys/types.h>
4250#include <netinet/in.h>
4251		]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4252	[ ac_cv_have_struct_in6_addr="yes" ],
4253	[ ac_cv_have_struct_in6_addr="no"
4254	])
4255])
4256if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4257	AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4258		[define if you have struct in6_addr data type])
4259
4260dnl Now check for sin6_scope_id
4261	AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4262		[
4263#ifdef HAVE_SYS_TYPES_H
4264#include <sys/types.h>
4265#endif
4266#include <netinet/in.h>
4267		])
4268fi
4269
4270AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4271	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4272#include <sys/types.h>
4273#include <sys/socket.h>
4274#include <netdb.h>
4275		]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4276	[ ac_cv_have_struct_addrinfo="yes" ],
4277	[ ac_cv_have_struct_addrinfo="no"
4278	])
4279])
4280if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4281	AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4282		[define if you have struct addrinfo data type])
4283fi
4284
4285AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4286	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4287	[[ struct timeval tv; tv.tv_sec = 1;]])],
4288	[ ac_cv_have_struct_timeval="yes" ],
4289	[ ac_cv_have_struct_timeval="no"
4290	])
4291])
4292if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4293	AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4294	have_struct_timeval=1
4295fi
4296
4297AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4298	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4299    #ifdef HAVE_SYS_TIME_H
4300    # include <sys/time.h>
4301    #endif
4302    #ifdef HAVE_TIME_H
4303    # include <time.h>
4304    #endif
4305	]],
4306	[[ struct timespec ts; ts.tv_sec = 1;]])],
4307	[ ac_cv_have_struct_timespec="yes" ],
4308	[ ac_cv_have_struct_timespec="no"
4309	])
4310])
4311if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4312	AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4313	have_struct_timespec=1
4314fi
4315
4316# We need int64_t or else certain parts of the compile will fail.
4317if test "x$ac_cv_have_int64_t" = "xno" && \
4318	test "x$ac_cv_sizeof_long_int" != "x8" && \
4319	test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4320	echo "OpenSSH requires int64_t support.  Contact your vendor or install"
4321	echo "an alternative compiler (I.E., GCC) before continuing."
4322	echo ""
4323	exit 1;
4324else
4325dnl test snprintf (broken on SCO w/gcc)
4326	AC_RUN_IFELSE(
4327		[AC_LANG_SOURCE([[
4328#include <stdio.h>
4329#include <stdlib.h>
4330#include <string.h>
4331#ifdef HAVE_SNPRINTF
4332main()
4333{
4334	char buf[50];
4335	char expected_out[50];
4336	int mazsize = 50 ;
4337#if (SIZEOF_LONG_INT == 8)
4338	long int num = 0x7fffffffffffffff;
4339#else
4340	long long num = 0x7fffffffffffffffll;
4341#endif
4342	strcpy(expected_out, "9223372036854775807");
4343	snprintf(buf, mazsize, "%lld", num);
4344	if(strcmp(buf, expected_out) != 0)
4345		exit(1);
4346	exit(0);
4347}
4348#else
4349main() { exit(0); }
4350#endif
4351		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4352		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4353	)
4354fi
4355
4356dnl Checks for structure members
4357OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4358OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4359OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4360OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4361OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4362OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4363OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4364OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4365OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4366OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4367OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4368OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4369OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4370OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4371OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4372OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4373OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4374OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
4375
4376AC_CHECK_MEMBERS([struct stat.st_blksize])
4377AC_CHECK_MEMBERS([struct stat.st_mtim])
4378AC_CHECK_MEMBERS([struct stat.st_mtime])
4379AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4380struct passwd.pw_change, struct passwd.pw_expire],
4381[], [], [[
4382#include <sys/types.h>
4383#include <pwd.h>
4384]])
4385
4386AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4387	[Define if we don't have struct __res_state in resolv.h])],
4388[[
4389#include <stdio.h>
4390#if HAVE_SYS_TYPES_H
4391# include <sys/types.h>
4392#endif
4393#include <netinet/in.h>
4394#include <arpa/nameser.h>
4395#include <resolv.h>
4396]])
4397
4398AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4399		ac_cv_have_ss_family_in_struct_ss, [
4400	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4401#include <sys/types.h>
4402#include <sys/socket.h>
4403		]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4404	[ ac_cv_have_ss_family_in_struct_ss="yes" ],
4405	[ ac_cv_have_ss_family_in_struct_ss="no" ])
4406])
4407if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4408	AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4409fi
4410
4411AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4412		ac_cv_have___ss_family_in_struct_ss, [
4413	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4414#include <sys/types.h>
4415#include <sys/socket.h>
4416		]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4417	[ ac_cv_have___ss_family_in_struct_ss="yes" ],
4418	[ ac_cv_have___ss_family_in_struct_ss="no"
4419	])
4420])
4421if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4422	AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4423		[Fields in struct sockaddr_storage])
4424fi
4425
4426dnl make sure we're using the real structure members and not defines
4427AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4428		ac_cv_have_accrights_in_msghdr, [
4429	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4430#include <sys/types.h>
4431#include <sys/socket.h>
4432#include <sys/uio.h>
4433#include <stdlib.h>
4434		]], [[
4435#ifdef msg_accrights
4436#error "msg_accrights is a macro"
4437exit(1);
4438#endif
4439struct msghdr m;
4440m.msg_accrights = 0;
4441exit(0);
4442		]])],
4443		[ ac_cv_have_accrights_in_msghdr="yes" ],
4444		[ ac_cv_have_accrights_in_msghdr="no" ]
4445	)
4446])
4447if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4448	AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4449		[Define if your system uses access rights style
4450		file descriptor passing])
4451fi
4452
4453AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4454AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4455#include <sys/param.h>
4456#include <sys/stat.h>
4457#ifdef HAVE_SYS_TIME_H
4458# include <sys/time.h>
4459#endif
4460#ifdef HAVE_SYS_MOUNT_H
4461#include <sys/mount.h>
4462#endif
4463#ifdef HAVE_SYS_STATVFS_H
4464#include <sys/statvfs.h>
4465#endif
4466	]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4467	[ AC_MSG_RESULT([yes]) ],
4468	[ AC_MSG_RESULT([no])
4469
4470	AC_MSG_CHECKING([if fsid_t has member val])
4471	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4472#include <sys/types.h>
4473#include <sys/statvfs.h>
4474	]], [[ fsid_t t; t.val[0] = 0; ]])],
4475	[ AC_MSG_RESULT([yes])
4476	  AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4477	[ AC_MSG_RESULT([no]) ])
4478
4479	AC_MSG_CHECKING([if f_fsid has member __val])
4480	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4481#include <sys/types.h>
4482#include <sys/statvfs.h>
4483	]], [[ fsid_t t; t.__val[0] = 0; ]])],
4484	[ AC_MSG_RESULT([yes])
4485	  AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4486	[ AC_MSG_RESULT([no]) ])
4487])
4488
4489AC_CACHE_CHECK([for msg_control field in struct msghdr],
4490		ac_cv_have_control_in_msghdr, [
4491	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4492#include <sys/types.h>
4493#include <sys/socket.h>
4494#include <sys/uio.h>
4495#include <stdlib.h>
4496		]], [[
4497#ifdef msg_control
4498#error "msg_control is a macro"
4499exit(1);
4500#endif
4501struct msghdr m;
4502m.msg_control = 0;
4503exit(0);
4504		]])],
4505		[ ac_cv_have_control_in_msghdr="yes" ],
4506		[ ac_cv_have_control_in_msghdr="no" ]
4507	)
4508])
4509if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4510	AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4511		[Define if your system uses ancillary data style
4512		file descriptor passing])
4513fi
4514
4515AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4516	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4517		[[ extern char *__progname; printf("%s", __progname); ]])],
4518	[ ac_cv_libc_defines___progname="yes" ],
4519	[ ac_cv_libc_defines___progname="no"
4520	])
4521])
4522if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4523	AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4524fi
4525
4526AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4527	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4528		[[ printf("%s", __FUNCTION__); ]])],
4529	[ ac_cv_cc_implements___FUNCTION__="yes" ],
4530	[ ac_cv_cc_implements___FUNCTION__="no"
4531	])
4532])
4533if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4534	AC_DEFINE([HAVE___FUNCTION__], [1],
4535		[Define if compiler implements __FUNCTION__])
4536fi
4537
4538AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4539	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4540		[[ printf("%s", __func__); ]])],
4541	[ ac_cv_cc_implements___func__="yes" ],
4542	[ ac_cv_cc_implements___func__="no"
4543	])
4544])
4545if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4546	AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4547fi
4548
4549AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4550	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4551#include <stdarg.h>
4552va_list x,y;
4553		]], [[ va_copy(x,y); ]])],
4554	[ ac_cv_have_va_copy="yes" ],
4555	[ ac_cv_have_va_copy="no"
4556	])
4557])
4558if test "x$ac_cv_have_va_copy" = "xyes" ; then
4559	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4560fi
4561
4562AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4563	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4564#include <stdarg.h>
4565va_list x,y;
4566		]], [[ __va_copy(x,y); ]])],
4567	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4568	])
4569])
4570if test "x$ac_cv_have___va_copy" = "xyes" ; then
4571	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4572fi
4573
4574AC_CACHE_CHECK([whether getopt has optreset support],
4575		ac_cv_have_getopt_optreset, [
4576	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4577		[[ extern int optreset; optreset = 0; ]])],
4578	[ ac_cv_have_getopt_optreset="yes" ],
4579	[ ac_cv_have_getopt_optreset="no"
4580	])
4581])
4582if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4583	AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4584		[Define if your getopt(3) defines and uses optreset])
4585fi
4586
4587AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4588	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4589[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4590	[ ac_cv_libc_defines_sys_errlist="yes" ],
4591	[ ac_cv_libc_defines_sys_errlist="no"
4592	])
4593])
4594if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4595	AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4596		[Define if your system defines sys_errlist[]])
4597fi
4598
4599
4600AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4601	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4602[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4603	[ ac_cv_libc_defines_sys_nerr="yes" ],
4604	[ ac_cv_libc_defines_sys_nerr="no"
4605	])
4606])
4607if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4608	AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4609fi
4610
4611# Check libraries needed by DNS fingerprint support
4612AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4613	[AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4614		[Define if getrrsetbyname() exists])],
4615	[
4616		# Needed by our getrrsetbyname()
4617		AC_SEARCH_LIBS([res_query], [resolv])
4618		AC_SEARCH_LIBS([dn_expand], [resolv])
4619		AC_MSG_CHECKING([if res_query will link])
4620		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4621#include <sys/types.h>
4622#include <netinet/in.h>
4623#include <arpa/nameser.h>
4624#include <netdb.h>
4625#include <resolv.h>
4626				]], [[
4627	res_query (0, 0, 0, 0, 0);
4628				]])],
4629		    AC_MSG_RESULT([yes]),
4630		   [AC_MSG_RESULT([no])
4631		    saved_LIBS="$LIBS"
4632		    LIBS="$LIBS -lresolv"
4633		    AC_MSG_CHECKING([for res_query in -lresolv])
4634		    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4635#include <sys/types.h>
4636#include <netinet/in.h>
4637#include <arpa/nameser.h>
4638#include <netdb.h>
4639#include <resolv.h>
4640				]], [[
4641	res_query (0, 0, 0, 0, 0);
4642				]])],
4643			[AC_MSG_RESULT([yes])],
4644			[LIBS="$saved_LIBS"
4645			 AC_MSG_RESULT([no])])
4646		    ])
4647		AC_CHECK_FUNCS([_getshort _getlong])
4648		AC_CHECK_DECLS([_getshort, _getlong], , ,
4649		    [#include <sys/types.h>
4650		    #include <arpa/nameser.h>])
4651		AC_CHECK_MEMBER([HEADER.ad],
4652			[AC_DEFINE([HAVE_HEADER_AD], [1],
4653			    [Define if HEADER.ad exists in arpa/nameser.h])], ,
4654			[#include <arpa/nameser.h>])
4655	])
4656
4657AC_MSG_CHECKING([if struct __res_state _res is an extern])
4658AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4659#include <stdio.h>
4660#if HAVE_SYS_TYPES_H
4661# include <sys/types.h>
4662#endif
4663#include <netinet/in.h>
4664#include <arpa/nameser.h>
4665#include <resolv.h>
4666extern struct __res_state _res;
4667		]], [[
4668struct __res_state *volatile p = &_res;  /* force resolution of _res */
4669return 0;
4670		]],)],
4671		[AC_MSG_RESULT([yes])
4672		 AC_DEFINE([HAVE__RES_EXTERN], [1],
4673		    [Define if you have struct __res_state _res as an extern])
4674		],
4675		[ AC_MSG_RESULT([no]) ]
4676)
4677
4678# Check whether user wants SELinux support
4679SELINUX_MSG="no"
4680LIBSELINUX=""
4681AC_ARG_WITH([selinux],
4682	[  --with-selinux          Enable SELinux support],
4683	[ if test "x$withval" != "xno" ; then
4684		save_LIBS="$LIBS"
4685		AC_DEFINE([WITH_SELINUX], [1],
4686			[Define if you want SELinux support.])
4687		SELINUX_MSG="yes"
4688		AC_CHECK_HEADER([selinux/selinux.h], ,
4689			AC_MSG_ERROR([SELinux support requires selinux.h header]))
4690		AC_CHECK_LIB([selinux], [setexeccon],
4691			[ LIBSELINUX="-lselinux"
4692			  LIBS="$LIBS -lselinux"
4693			],
4694			AC_MSG_ERROR([SELinux support requires libselinux library]))
4695		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4696		LIBS="$save_LIBS $LIBSELINUX"
4697	fi ]
4698)
4699AC_SUBST([SSHDLIBS])
4700
4701# Check whether user wants Kerberos 5 support
4702KRB5_MSG="no"
4703AC_ARG_WITH([kerberos5],
4704	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
4705	[ if test "x$withval" != "xno" ; then
4706		if test "x$withval" = "xyes" ; then
4707			KRB5ROOT="/usr/local"
4708		else
4709			KRB5ROOT=${withval}
4710		fi
4711
4712		AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4713		KRB5_MSG="yes"
4714
4715		AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
4716		use_pkgconfig_for_krb5=
4717		if test "x$PKGCONFIG" != "xno"; then
4718			AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
4719			if "$PKGCONFIG" krb5; then
4720				AC_MSG_RESULT([yes])
4721				use_pkgconfig_for_krb5=yes
4722			else
4723				AC_MSG_RESULT([no])
4724			fi
4725		fi
4726		if test "x$use_pkgconfig_for_krb5" = "xyes"; then
4727			K5CFLAGS=`$PKGCONFIG --cflags krb5`
4728			K5LIBS=`$PKGCONFIG --libs krb5`
4729			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4730
4731			AC_MSG_CHECKING([for gssapi support])
4732			if "$PKGCONFIG" krb5-gssapi; then
4733				AC_MSG_RESULT([yes])
4734				AC_DEFINE([GSSAPI], [1],
4735					[Define this if you want GSSAPI
4736					support in the version 2 protocol])
4737				GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4738				GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4739				CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4740			else
4741				AC_MSG_RESULT([no])
4742			fi
4743			AC_MSG_CHECKING([whether we are using Heimdal])
4744			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4745				]], [[ char *tmp = heimdal_version; ]])],
4746				[ AC_MSG_RESULT([yes])
4747				AC_DEFINE([HEIMDAL], [1],
4748				[Define this if you are using the Heimdal
4749				version of Kerberos V5]) ],
4750				[AC_MSG_RESULT([no])
4751			])
4752		else
4753			AC_PATH_TOOL([KRB5CONF], [krb5-config],
4754				     [$KRB5ROOT/bin/krb5-config],
4755				     [$KRB5ROOT/bin:$PATH])
4756			if test -x $KRB5CONF ; then
4757				K5CFLAGS="`$KRB5CONF --cflags`"
4758				K5LIBS="`$KRB5CONF --libs`"
4759				CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4760
4761				AC_MSG_CHECKING([for gssapi support])
4762				if $KRB5CONF | grep gssapi >/dev/null ; then
4763					AC_MSG_RESULT([yes])
4764					AC_DEFINE([GSSAPI], [1],
4765						[Define this if you want GSSAPI
4766						support in the version 2 protocol])
4767					GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4768					GSSLIBS="`$KRB5CONF --libs gssapi`"
4769					CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4770				else
4771					AC_MSG_RESULT([no])
4772				fi
4773				AC_MSG_CHECKING([whether we are using Heimdal])
4774				AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4775					]], [[ char *tmp = heimdal_version; ]])],
4776					[ AC_MSG_RESULT([yes])
4777					AC_DEFINE([HEIMDAL], [1],
4778					[Define this if you are using the Heimdal
4779					version of Kerberos V5]) ],
4780					[AC_MSG_RESULT([no])
4781				])
4782			else
4783				CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4784				LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4785				AC_MSG_CHECKING([whether we are using Heimdal])
4786				AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4787					]], [[ char *tmp = heimdal_version; ]])],
4788						[ AC_MSG_RESULT([yes])
4789						 AC_DEFINE([HEIMDAL])
4790						 K5LIBS="-lkrb5"
4791						 K5LIBS="$K5LIBS -lcom_err -lasn1"
4792						 AC_CHECK_LIB([roken], [net_write],
4793						   [K5LIBS="$K5LIBS -lroken"])
4794						 AC_CHECK_LIB([des], [des_cbc_encrypt],
4795						   [K5LIBS="$K5LIBS -ldes"])
4796					       ], [ AC_MSG_RESULT([no])
4797						 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4798				])
4799				AC_SEARCH_LIBS([dn_expand], [resolv])
4800
4801				AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4802					[ AC_DEFINE([GSSAPI])
4803					  GSSLIBS="-lgssapi_krb5" ],
4804					[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4805						[ AC_DEFINE([GSSAPI])
4806						  GSSLIBS="-lgssapi" ],
4807						[ AC_CHECK_LIB([gss], [gss_init_sec_context],
4808							[ AC_DEFINE([GSSAPI])
4809							  GSSLIBS="-lgss" ],
4810							AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4811						])
4812					])
4813
4814				AC_CHECK_HEADER([gssapi.h], ,
4815					[ unset ac_cv_header_gssapi_h
4816					  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4817					  AC_CHECK_HEADERS([gssapi.h], ,
4818						AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4819					  )
4820					]
4821				)
4822
4823				oldCPP="$CPPFLAGS"
4824				CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4825				AC_CHECK_HEADER([gssapi_krb5.h], ,
4826						[ CPPFLAGS="$oldCPP" ])
4827
4828			fi
4829		fi
4830		if test -n "${rpath_opt}" ; then
4831			LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
4832		fi
4833		if test ! -z "$blibpath" ; then
4834			blibpath="$blibpath:${KRB5ROOT}/lib"
4835		fi
4836
4837		AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4838		AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4839		AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4840
4841		AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4842			[Define this if you want to use libkafs' AFS support])])
4843
4844		AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4845#ifdef HAVE_GSSAPI_H
4846# include <gssapi.h>
4847#elif defined(HAVE_GSSAPI_GSSAPI_H)
4848# include <gssapi/gssapi.h>
4849#endif
4850
4851#ifdef HAVE_GSSAPI_GENERIC_H
4852# include <gssapi_generic.h>
4853#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4854# include <gssapi/gssapi_generic.h>
4855#endif
4856		]])
4857		saved_LIBS="$LIBS"
4858		LIBS="$LIBS $K5LIBS"
4859		AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4860		LIBS="$saved_LIBS"
4861
4862	fi
4863	]
4864)
4865AC_SUBST([GSSLIBS])
4866AC_SUBST([K5LIBS])
4867
4868# Looking for programs, paths and files
4869
4870PRIVSEP_PATH=/var/empty
4871AC_ARG_WITH([privsep-path],
4872	[  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4873	[
4874		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4875		    test "x${withval}" != "xyes"; then
4876			PRIVSEP_PATH=$withval
4877		fi
4878	]
4879)
4880AC_SUBST([PRIVSEP_PATH])
4881
4882AC_ARG_WITH([xauth],
4883	[  --with-xauth=PATH       Specify path to xauth program ],
4884	[
4885		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4886		    test "x${withval}" != "xyes"; then
4887			xauth_path=$withval
4888		fi
4889	],
4890	[
4891		TestPath="$PATH"
4892		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4893		TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4894		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4895		TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4896		AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4897		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4898			xauth_path="/usr/openwin/bin/xauth"
4899		fi
4900	]
4901)
4902
4903STRIP_OPT=-s
4904AC_ARG_ENABLE([strip],
4905	[  --disable-strip         Disable calling strip(1) on install],
4906	[
4907		if test "x$enableval" = "xno" ; then
4908			STRIP_OPT=
4909		fi
4910	]
4911)
4912AC_SUBST([STRIP_OPT])
4913
4914if test -z "$xauth_path" ; then
4915	XAUTH_PATH="undefined"
4916	AC_SUBST([XAUTH_PATH])
4917else
4918	AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4919		[Define if xauth is found in your path])
4920	XAUTH_PATH=$xauth_path
4921	AC_SUBST([XAUTH_PATH])
4922fi
4923
4924dnl # --with-maildir=/path/to/mail gets top priority.
4925dnl # if maildir is set in the platform case statement above we use that.
4926dnl # Otherwise we run a program to get the dir from system headers.
4927dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4928dnl # If we find _PATH_MAILDIR we do nothing because that is what
4929dnl # session.c expects anyway. Otherwise we set to the value found
4930dnl # stripping any trailing slash. If for some strage reason our program
4931dnl # does not find what it needs, we default to /var/spool/mail.
4932# Check for mail directory
4933AC_ARG_WITH([maildir],
4934    [  --with-maildir=/path/to/mail    Specify your system mail directory],
4935    [
4936	if test "X$withval" != X  &&  test "x$withval" != xno  &&  \
4937	    test "x${withval}" != xyes; then
4938		AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4939            [Set this to your mail directory if you do not have _PATH_MAILDIR])
4940	    fi
4941     ],[
4942	if test "X$maildir" != "X"; then
4943	    AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4944	else
4945	    AC_MSG_CHECKING([Discovering system mail directory])
4946	    AC_RUN_IFELSE(
4947		[AC_LANG_PROGRAM([[
4948#include <stdio.h>
4949#include <stdlib.h>
4950#include <string.h>
4951#ifdef HAVE_PATHS_H
4952#include <paths.h>
4953#endif
4954#ifdef HAVE_MAILLOCK_H
4955#include <maillock.h>
4956#endif
4957#define DATA "conftest.maildir"
4958	]], [[
4959	FILE *fd;
4960	int rc;
4961
4962	fd = fopen(DATA,"w");
4963	if(fd == NULL)
4964		exit(1);
4965
4966#if defined (_PATH_MAILDIR)
4967	if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4968		exit(1);
4969#elif defined (MAILDIR)
4970	if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4971		exit(1);
4972#elif defined (_PATH_MAIL)
4973	if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4974		exit(1);
4975#else
4976	exit (2);
4977#endif
4978
4979	exit(0);
4980		]])],
4981		[
4982		    maildir_what=`awk -F: '{print $1}' conftest.maildir`
4983		    maildir=`awk -F: '{print $2}' conftest.maildir \
4984			| sed 's|/$||'`
4985		    AC_MSG_RESULT([Using: $maildir from $maildir_what])
4986		    if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4987			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4988		    fi
4989		],
4990		[
4991		    if test "X$ac_status" = "X2";then
4992# our test program didn't find it. Default to /var/spool/mail
4993			AC_MSG_RESULT([Using: default value of /var/spool/mail])
4994			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4995		     else
4996			AC_MSG_RESULT([*** not found ***])
4997		     fi
4998		],
4999		[
5000			AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5001		]
5002	    )
5003	fi
5004    ]
5005) # maildir
5006
5007if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5008	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5009	disable_ptmx_check=yes
5010fi
5011if test -z "$no_dev_ptmx" ; then
5012	if test "x$disable_ptmx_check" != "xyes" ; then
5013		AC_CHECK_FILE(["/dev/ptmx"],
5014			[
5015				AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
5016					[Define if you have /dev/ptmx])
5017				have_dev_ptmx=1
5018			]
5019		)
5020	fi
5021fi
5022
5023if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5024	AC_CHECK_FILE(["/dev/ptc"],
5025		[
5026			AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
5027				[Define if you have /dev/ptc])
5028			have_dev_ptc=1
5029		]
5030	)
5031else
5032	AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5033fi
5034
5035# Options from here on. Some of these are preset by platform above
5036AC_ARG_WITH([mantype],
5037	[  --with-mantype=man|cat|doc  Set man page type],
5038	[
5039		case "$withval" in
5040		man|cat|doc)
5041			MANTYPE=$withval
5042			;;
5043		*)
5044			AC_MSG_ERROR([invalid man type: $withval])
5045			;;
5046		esac
5047	]
5048)
5049if test -z "$MANTYPE"; then
5050	if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5051		MANTYPE=doc
5052	elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5053		MANTYPE=doc
5054	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5055		MANTYPE=man
5056	else
5057		MANTYPE=cat
5058	fi
5059fi
5060AC_SUBST([MANTYPE])
5061if test "$MANTYPE" = "doc"; then
5062	mansubdir=man;
5063else
5064	mansubdir=$MANTYPE;
5065fi
5066AC_SUBST([mansubdir])
5067
5068# Whether to disable shadow password support
5069AC_ARG_WITH([shadow],
5070	[  --without-shadow        Disable shadow password support],
5071	[
5072		if test "x$withval" = "xno" ; then
5073			AC_DEFINE([DISABLE_SHADOW])
5074			disable_shadow=yes
5075		fi
5076	]
5077)
5078
5079if test -z "$disable_shadow" ; then
5080	AC_MSG_CHECKING([if the systems has expire shadow information])
5081	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5082#include <sys/types.h>
5083#include <shadow.h>
5084struct spwd sp;
5085		]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
5086		[ sp_expire_available=yes ], [
5087	])
5088
5089	if test "x$sp_expire_available" = "xyes" ; then
5090		AC_MSG_RESULT([yes])
5091		AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
5092		    [Define if you want to use shadow password expire field])
5093	else
5094		AC_MSG_RESULT([no])
5095	fi
5096fi
5097
5098# Use ip address instead of hostname in $DISPLAY
5099if test ! -z "$IPADDR_IN_DISPLAY" ; then
5100	DISPLAY_HACK_MSG="yes"
5101	AC_DEFINE([IPADDR_IN_DISPLAY], [1],
5102		[Define if you need to use IP address
5103		instead of hostname in $DISPLAY])
5104else
5105	DISPLAY_HACK_MSG="no"
5106	AC_ARG_WITH([ipaddr-display],
5107		[  --with-ipaddr-display   Use ip address instead of hostname in $DISPLAY],
5108		[
5109			if test "x$withval" != "xno" ; then
5110				AC_DEFINE([IPADDR_IN_DISPLAY])
5111				DISPLAY_HACK_MSG="yes"
5112			fi
5113		]
5114	)
5115fi
5116
5117# check for /etc/default/login and use it if present.
5118AC_ARG_ENABLE([etc-default-login],
5119	[  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5120	[ if test "x$enableval" = "xno"; then
5121		AC_MSG_NOTICE([/etc/default/login handling disabled])
5122		etc_default_login=no
5123	  else
5124		etc_default_login=yes
5125	  fi ],
5126	[ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5127	  then
5128		AC_MSG_WARN([cross compiling: not checking /etc/default/login])
5129		etc_default_login=no
5130	  else
5131		etc_default_login=yes
5132	  fi ]
5133)
5134
5135if test "x$etc_default_login" != "xno"; then
5136	AC_CHECK_FILE(["/etc/default/login"],
5137	    [ external_path_file=/etc/default/login ])
5138	if test "x$external_path_file" = "x/etc/default/login"; then
5139		AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
5140			[Define if your system has /etc/default/login])
5141	fi
5142fi
5143
5144dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5145if test $ac_cv_func_login_getcapbool = "yes" && \
5146	test $ac_cv_header_login_cap_h = "yes" ; then
5147	external_path_file=/etc/login.conf
5148fi
5149
5150# Whether to mess with the default path
5151SERVER_PATH_MSG="(default)"
5152AC_ARG_WITH([default-path],
5153	[  --with-default-path=    Specify default $PATH environment for server],
5154	[
5155		if test "x$external_path_file" = "x/etc/login.conf" ; then
5156			AC_MSG_WARN([
5157--with-default-path=PATH has no effect on this system.
5158Edit /etc/login.conf instead.])
5159		elif test "x$withval" != "xno" ; then
5160			if test ! -z "$external_path_file" ; then
5161				AC_MSG_WARN([
5162--with-default-path=PATH will only be used if PATH is not defined in
5163$external_path_file .])
5164			fi
5165			user_path="$withval"
5166			SERVER_PATH_MSG="$withval"
5167		fi
5168	],
5169	[ if test "x$external_path_file" = "x/etc/login.conf" ; then
5170		AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
5171	else
5172		if test ! -z "$external_path_file" ; then
5173			AC_MSG_WARN([
5174If PATH is defined in $external_path_file, ensure the path to scp is included,
5175otherwise scp will not work.])
5176		fi
5177		AC_RUN_IFELSE(
5178			[AC_LANG_PROGRAM([[
5179/* find out what STDPATH is */
5180#include <stdio.h>
5181#include <stdlib.h>
5182#ifdef HAVE_PATHS_H
5183# include <paths.h>
5184#endif
5185#ifndef _PATH_STDPATH
5186# ifdef _PATH_USERPATH	/* Irix */
5187#  define _PATH_STDPATH _PATH_USERPATH
5188# else
5189#  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
5190# endif
5191#endif
5192#include <sys/types.h>
5193#include <sys/stat.h>
5194#include <fcntl.h>
5195#define DATA "conftest.stdpath"
5196			]], [[
5197	FILE *fd;
5198	int rc;
5199
5200	fd = fopen(DATA,"w");
5201	if(fd == NULL)
5202		exit(1);
5203
5204	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
5205		exit(1);
5206
5207	exit(0);
5208		]])],
5209		[ user_path=`cat conftest.stdpath` ],
5210		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
5211		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
5212	)
5213# make sure $bindir is in USER_PATH so scp will work
5214		t_bindir="${bindir}"
5215		while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5216			t_bindir=`eval echo ${t_bindir}`
5217			case $t_bindir in
5218				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
5219			esac
5220			case $t_bindir in
5221				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
5222			esac
5223		done
5224		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
5225		if test $? -ne 0  ; then
5226			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
5227			if test $? -ne 0  ; then
5228				user_path=$user_path:$t_bindir
5229				AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
5230			fi
5231		fi
5232	fi ]
5233)
5234if test "x$external_path_file" != "x/etc/login.conf" ; then
5235	AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
5236	AC_SUBST([user_path])
5237fi
5238
5239# Set superuser path separately to user path
5240AC_ARG_WITH([superuser-path],
5241	[  --with-superuser-path=  Specify different path for super-user],
5242	[
5243		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
5244		    test "x${withval}" != "xyes"; then
5245			AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
5246				[Define if you want a different $PATH
5247				for the superuser])
5248			superuser_path=$withval
5249		fi
5250	]
5251)
5252
5253
5254AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5255IPV4_IN6_HACK_MSG="no"
5256AC_ARG_WITH(4in6,
5257	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
5258	[
5259		if test "x$withval" != "xno" ; then
5260			AC_MSG_RESULT([yes])
5261			AC_DEFINE([IPV4_IN_IPV6], [1],
5262				[Detect IPv4 in IPv6 mapped addresses
5263				and treat as IPv4])
5264			IPV4_IN6_HACK_MSG="yes"
5265		else
5266			AC_MSG_RESULT([no])
5267		fi
5268	], [
5269		if test "x$inet6_default_4in6" = "xyes"; then
5270			AC_MSG_RESULT([yes (default)])
5271			AC_DEFINE([IPV4_IN_IPV6])
5272			IPV4_IN6_HACK_MSG="yes"
5273		else
5274			AC_MSG_RESULT([no (default)])
5275		fi
5276	]
5277)
5278
5279# Whether to enable BSD auth support
5280BSD_AUTH_MSG=no
5281AC_ARG_WITH([bsd-auth],
5282	[  --with-bsd-auth         Enable BSD auth support],
5283	[
5284		if test "x$withval" != "xno" ; then
5285			AC_DEFINE([BSD_AUTH], [1],
5286				[Define if you have BSD auth support])
5287			BSD_AUTH_MSG=yes
5288		fi
5289	]
5290)
5291
5292# Where to place sshd.pid
5293piddir=/var/run
5294# make sure the directory exists
5295if test ! -d $piddir ; then
5296	piddir=`eval echo ${sysconfdir}`
5297	case $piddir in
5298		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5299	esac
5300fi
5301
5302AC_ARG_WITH([pid-dir],
5303	[  --with-pid-dir=PATH     Specify location of sshd.pid file],
5304	[
5305		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
5306		    test "x${withval}" != "xyes"; then
5307			piddir=$withval
5308			if test ! -d $piddir ; then
5309			AC_MSG_WARN([** no $piddir directory on this system **])
5310			fi
5311		fi
5312	]
5313)
5314
5315AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5316	[Specify location of ssh.pid])
5317AC_SUBST([piddir])
5318
5319dnl allow user to disable some login recording features
5320AC_ARG_ENABLE([lastlog],
5321	[  --disable-lastlog       disable use of lastlog even if detected [no]],
5322	[
5323		if test "x$enableval" = "xno" ; then
5324			AC_DEFINE([DISABLE_LASTLOG])
5325		fi
5326	]
5327)
5328AC_ARG_ENABLE([utmp],
5329	[  --disable-utmp          disable use of utmp even if detected [no]],
5330	[
5331		if test "x$enableval" = "xno" ; then
5332			AC_DEFINE([DISABLE_UTMP])
5333		fi
5334	]
5335)
5336AC_ARG_ENABLE([utmpx],
5337	[  --disable-utmpx         disable use of utmpx even if detected [no]],
5338	[
5339		if test "x$enableval" = "xno" ; then
5340			AC_DEFINE([DISABLE_UTMPX], [1],
5341				[Define if you don't want to use utmpx])
5342		fi
5343	]
5344)
5345AC_ARG_ENABLE([wtmp],
5346	[  --disable-wtmp          disable use of wtmp even if detected [no]],
5347	[
5348		if test "x$enableval" = "xno" ; then
5349			AC_DEFINE([DISABLE_WTMP])
5350		fi
5351	]
5352)
5353AC_ARG_ENABLE([wtmpx],
5354	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
5355	[
5356		if test "x$enableval" = "xno" ; then
5357			AC_DEFINE([DISABLE_WTMPX], [1],
5358				[Define if you don't want to use wtmpx])
5359		fi
5360	]
5361)
5362AC_ARG_ENABLE([libutil],
5363	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
5364	[
5365		if test "x$enableval" = "xno" ; then
5366			AC_DEFINE([DISABLE_LOGIN])
5367		fi
5368	]
5369)
5370AC_ARG_ENABLE([pututline],
5371	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
5372	[
5373		if test "x$enableval" = "xno" ; then
5374			AC_DEFINE([DISABLE_PUTUTLINE], [1],
5375				[Define if you don't want to use pututline()
5376				etc. to write [uw]tmp])
5377		fi
5378	]
5379)
5380AC_ARG_ENABLE([pututxline],
5381	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
5382	[
5383		if test "x$enableval" = "xno" ; then
5384			AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5385				[Define if you don't want to use pututxline()
5386				etc. to write [uw]tmpx])
5387		fi
5388	]
5389)
5390AC_ARG_WITH([lastlog],
5391  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5392	[
5393		if test "x$withval" = "xno" ; then
5394			AC_DEFINE([DISABLE_LASTLOG])
5395		elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
5396			conf_lastlog_location=$withval
5397		fi
5398	]
5399)
5400
5401dnl lastlog, [uw]tmpx? detection
5402dnl  NOTE: set the paths in the platform section to avoid the
5403dnl   need for command-line parameters
5404dnl lastlog and [uw]tmp are subject to a file search if all else fails
5405
5406dnl lastlog detection
5407dnl  NOTE: the code itself will detect if lastlog is a directory
5408AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5409AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5410#include <sys/types.h>
5411#include <utmp.h>
5412#ifdef HAVE_LASTLOG_H
5413#  include <lastlog.h>
5414#endif
5415#ifdef HAVE_PATHS_H
5416#  include <paths.h>
5417#endif
5418#ifdef HAVE_LOGIN_H
5419# include <login.h>
5420#endif
5421	]], [[ char *lastlog = LASTLOG_FILE; ]])],
5422		[ AC_MSG_RESULT([yes]) ],
5423		[
5424		AC_MSG_RESULT([no])
5425		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5426		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5427#include <sys/types.h>
5428#include <utmp.h>
5429#ifdef HAVE_LASTLOG_H
5430#  include <lastlog.h>
5431#endif
5432#ifdef HAVE_PATHS_H
5433#  include <paths.h>
5434#endif
5435		]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5436		[ AC_MSG_RESULT([yes]) ],
5437		[
5438			AC_MSG_RESULT([no])
5439			system_lastlog_path=no
5440		])
5441])
5442
5443if test -z "$conf_lastlog_location"; then
5444	if test x"$system_lastlog_path" = x"no" ; then
5445		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5446				if (test -d "$f" || test -f "$f") ; then
5447					conf_lastlog_location=$f
5448				fi
5449		done
5450		if test -z "$conf_lastlog_location"; then
5451			AC_MSG_WARN([** Cannot find lastlog **])
5452			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5453		fi
5454	fi
5455fi
5456
5457if test -n "$conf_lastlog_location"; then
5458	AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5459		[Define if you want to specify the path to your lastlog file])
5460fi
5461
5462dnl utmp detection
5463AC_MSG_CHECKING([if your system defines UTMP_FILE])
5464AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5465#include <sys/types.h>
5466#include <utmp.h>
5467#ifdef HAVE_PATHS_H
5468#  include <paths.h>
5469#endif
5470	]], [[ char *utmp = UTMP_FILE; ]])],
5471	[ AC_MSG_RESULT([yes]) ],
5472	[ AC_MSG_RESULT([no])
5473	  system_utmp_path=no
5474])
5475if test -z "$conf_utmp_location"; then
5476	if test x"$system_utmp_path" = x"no" ; then
5477		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5478			if test -f $f ; then
5479				conf_utmp_location=$f
5480			fi
5481		done
5482		if test -z "$conf_utmp_location"; then
5483			AC_DEFINE([DISABLE_UTMP])
5484		fi
5485	fi
5486fi
5487if test -n "$conf_utmp_location"; then
5488	AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5489		[Define if you want to specify the path to your utmp file])
5490fi
5491
5492dnl wtmp detection
5493AC_MSG_CHECKING([if your system defines WTMP_FILE])
5494AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5495#include <sys/types.h>
5496#include <utmp.h>
5497#ifdef HAVE_PATHS_H
5498#  include <paths.h>
5499#endif
5500	]], [[ char *wtmp = WTMP_FILE; ]])],
5501	[ AC_MSG_RESULT([yes]) ],
5502	[ AC_MSG_RESULT([no])
5503	  system_wtmp_path=no
5504])
5505if test -z "$conf_wtmp_location"; then
5506	if test x"$system_wtmp_path" = x"no" ; then
5507		for f in /usr/adm/wtmp /var/log/wtmp; do
5508			if test -f $f ; then
5509				conf_wtmp_location=$f
5510			fi
5511		done
5512		if test -z "$conf_wtmp_location"; then
5513			AC_DEFINE([DISABLE_WTMP])
5514		fi
5515	fi
5516fi
5517if test -n "$conf_wtmp_location"; then
5518	AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5519		[Define if you want to specify the path to your wtmp file])
5520fi
5521
5522dnl wtmpx detection
5523AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5524AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5525#include <sys/types.h>
5526#include <utmp.h>
5527#ifdef HAVE_UTMPX_H
5528#include <utmpx.h>
5529#endif
5530#ifdef HAVE_PATHS_H
5531#  include <paths.h>
5532#endif
5533	]], [[ char *wtmpx = WTMPX_FILE; ]])],
5534	[ AC_MSG_RESULT([yes]) ],
5535	[ AC_MSG_RESULT([no])
5536	  system_wtmpx_path=no
5537])
5538if test -z "$conf_wtmpx_location"; then
5539	if test x"$system_wtmpx_path" = x"no" ; then
5540		AC_DEFINE([DISABLE_WTMPX])
5541	fi
5542else
5543	AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5544		[Define if you want to specify the path to your wtmpx file])
5545fi
5546
5547
5548if test ! -z "$blibpath" ; then
5549	LDFLAGS="$LDFLAGS $blibflags$blibpath"
5550	AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5551fi
5552
5553AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5554    if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5555	AC_DEFINE([DISABLE_LASTLOG])
5556    fi
5557	], [
5558#ifdef HAVE_SYS_TYPES_H
5559#include <sys/types.h>
5560#endif
5561#ifdef HAVE_UTMP_H
5562#include <utmp.h>
5563#endif
5564#ifdef HAVE_UTMPX_H
5565#include <utmpx.h>
5566#endif
5567#ifdef HAVE_LASTLOG_H
5568#include <lastlog.h>
5569#endif
5570	])
5571
5572AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5573	AC_DEFINE([DISABLE_UTMP])
5574	AC_DEFINE([DISABLE_WTMP])
5575	], [
5576#ifdef HAVE_SYS_TYPES_H
5577#include <sys/types.h>
5578#endif
5579#ifdef HAVE_UTMP_H
5580#include <utmp.h>
5581#endif
5582#ifdef HAVE_UTMPX_H
5583#include <utmpx.h>
5584#endif
5585#ifdef HAVE_LASTLOG_H
5586#include <lastlog.h>
5587#endif
5588	])
5589
5590dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5591dnl Add now.
5592CFLAGS="$CFLAGS $werror_flags"
5593
5594if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5595	TEST_SSH_IPV6=no
5596else
5597	TEST_SSH_IPV6=yes
5598fi
5599AC_CHECK_DECL([BROKEN_GETADDRINFO],  [TEST_SSH_IPV6=no])
5600AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5601AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5602AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5603AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5604AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5605
5606CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5607LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5608
5609# Make a copy of CFLAGS/LDFLAGS without PIE options.
5610LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5611CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5612AC_SUBST([LDFLAGS_NOPIE])
5613AC_SUBST([CFLAGS_NOPIE])
5614
5615AC_EXEEXT
5616AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5617	openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5618	survey.sh])
5619AC_OUTPUT
5620
5621# Print summary of options
5622
5623# Someone please show me a better way :)
5624A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5625B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5626C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5627D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5628E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5629F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5630G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5631H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5632I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5633J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5634
5635echo ""
5636echo "OpenSSH has been configured with the following options:"
5637echo "                     User binaries: $B"
5638echo "                   System binaries: $C"
5639echo "               Configuration files: $D"
5640echo "                   Askpass program: $E"
5641echo "                      Manual pages: $F"
5642echo "                          PID file: $G"
5643echo "  Privilege separation chroot path: $H"
5644if test "x$external_path_file" = "x/etc/login.conf" ; then
5645echo "   At runtime, sshd will use the path defined in $external_path_file"
5646echo "   Make sure the path to scp is present, otherwise scp will not work"
5647else
5648echo "            sshd default user PATH: $I"
5649	if test ! -z "$external_path_file"; then
5650echo "   (If PATH is set in $external_path_file it will be used instead. If"
5651echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
5652	fi
5653fi
5654if test ! -z "$superuser_path" ; then
5655echo "          sshd superuser user PATH: $J"
5656fi
5657echo "                    Manpage format: $MANTYPE"
5658echo "                       PAM support: $PAM_MSG"
5659echo "                   OSF SIA support: $SIA_MSG"
5660echo "                 KerberosV support: $KRB5_MSG"
5661echo "                   SELinux support: $SELINUX_MSG"
5662echo "              TCP Wrappers support: $TCPW_MSG"
5663echo "                   libedit support: $LIBEDIT_MSG"
5664echo "                   libldns support: $LDNS_MSG"
5665echo "  Solaris process contract support: $SPC_MSG"
5666echo "           Solaris project support: $SP_MSG"
5667echo "         Solaris privilege support: $SPP_MSG"
5668echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5669echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5670echo "                  BSD Auth support: $BSD_AUTH_MSG"
5671echo "              Random number source: $RAND_MSG"
5672echo "             Privsep sandbox style: $SANDBOX_STYLE"
5673echo "                   PKCS#11 support: $enable_pkcs11"
5674echo "                  U2F/FIDO support: $enable_sk"
5675
5676echo ""
5677
5678echo "              Host: ${host}"
5679echo "          Compiler: ${CC}"
5680echo "    Compiler flags: ${CFLAGS}"
5681echo "Preprocessor flags: ${CPPFLAGS}"
5682echo "      Linker flags: ${LDFLAGS}"
5683echo "         Libraries: ${LIBS}"
5684if test ! -z "${SSHDLIBS}"; then
5685echo "         +for sshd: ${SSHDLIBS}"
5686fi
5687
5688echo ""
5689
5690if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5691	echo "SVR4 style packages are supported with \"make package\""
5692	echo ""
5693fi
5694
5695if test "x$PAM_MSG" = "xyes" ; then
5696	echo "PAM is enabled. You may need to install a PAM control file "
5697	echo "for sshd, otherwise password authentication may fail. "
5698	echo "Example PAM control files can be found in the contrib/ "
5699	echo "subdirectory"
5700	echo ""
5701fi
5702
5703if test ! -z "$NO_PEERCHECK" ; then
5704	echo "WARNING: the operating system that you are using does not"
5705	echo "appear to support getpeereid(), getpeerucred() or the"
5706	echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5707	echo "enforce security checks to prevent unauthorised connections to"
5708	echo "ssh-agent. Their absence increases the risk that a malicious"
5709	echo "user can connect to your agent."
5710	echo ""
5711fi
5712
5713if test "$AUDIT_MODULE" = "bsm" ; then
5714	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5715	echo "See the Solaris section in README.platform for details."
5716fi
5717