xref: /freebsd/crypto/openssh/configure.ac (revision 63d1fd5970ec814904aa0f4580b10a0d302d08b2)
1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
2# $FreeBSD$
3#
4# Copyright (c) 1999-2004 Damien Miller
5#
6# Permission to use, copy, modify, and distribute this software for any
7# purpose with or without fee is hereby granted, provided that the above
8# copyright notice and this permission notice appear in all copies.
9#
10# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
19AC_REVISION($Revision: 1.583 $)
20AC_CONFIG_SRCDIR([ssh.c])
21AC_LANG([C])
22
23AC_CONFIG_HEADER([config.h])
24AC_PROG_CC
25AC_CANONICAL_HOST
26AC_C_BIGENDIAN
27
28# Checks for programs.
29AC_PROG_AWK
30AC_PROG_CPP
31AC_PROG_RANLIB
32AC_PROG_INSTALL
33AC_PROG_EGREP
34AC_CHECK_TOOLS([AR], [ar])
35AC_PATH_PROG([CAT], [cat])
36AC_PATH_PROG([KILL], [kill])
37AC_PATH_PROGS([PERL], [perl5 perl])
38AC_PATH_PROG([SED], [sed])
39AC_SUBST([PERL])
40AC_PATH_PROG([ENT], [ent])
41AC_SUBST([ENT])
42AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
43AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
44AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
45AC_PATH_PROG([SH], [sh])
46AC_PATH_PROG([GROFF], [groff])
47AC_PATH_PROG([NROFF], [nroff])
48AC_PATH_PROG([MANDOC], [mandoc])
49AC_SUBST([TEST_SHELL], [sh])
50
51dnl select manpage formatter
52if test "x$MANDOC" != "x" ; then
53	MANFMT="$MANDOC"
54elif test "x$NROFF" != "x" ; then
55	MANFMT="$NROFF -mandoc"
56elif test "x$GROFF" != "x" ; then
57	MANFMT="$GROFF -mandoc -Tascii"
58else
59	AC_MSG_WARN([no manpage formatted found])
60	MANFMT="false"
61fi
62AC_SUBST([MANFMT])
63
64dnl for buildpkg.sh
65AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
66	[/usr/sbin${PATH_SEPARATOR}/etc])
67AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
68	[/usr/sbin${PATH_SEPARATOR}/etc])
69AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
70if test -x /sbin/sh; then
71	AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72else
73	AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
74fi
75
76# System features
77AC_SYS_LARGEFILE
78
79if test -z "$AR" ; then
80	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
81fi
82
83# Use LOGIN_PROGRAM from environment if possible
84if test ! -z "$LOGIN_PROGRAM" ; then
85	AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
86		[If your header files don't define LOGIN_PROGRAM,
87		then use this (detected) from environment and PATH])
88else
89	# Search for login
90	AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
91	if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
92		AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
93	fi
94fi
95
96AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
97if test ! -z "$PATH_PASSWD_PROG" ; then
98	AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
99		[Full path of your "passwd" program])
100fi
101
102if test -z "$LD" ; then
103	LD=$CC
104fi
105AC_SUBST([LD])
106
107AC_C_INLINE
108
109AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
110AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
111	#include <sys/types.h>
112	#include <sys/param.h>
113	#include <dev/systrace.h>
114])
115AC_CHECK_DECL([RLIMIT_NPROC],
116    [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
117	#include <sys/types.h>
118	#include <sys/resource.h>
119])
120AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
121	#include <sys/types.h>
122	#include <linux/prctl.h>
123])
124
125openssl=yes
126ssh1=no
127AC_ARG_WITH([openssl],
128	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
129	[  if test "x$withval" = "xno" ; then
130		openssl=no
131		ssh1=no
132	   fi
133	]
134)
135AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
136if test "x$openssl" = "xyes" ; then
137	AC_MSG_RESULT([yes])
138	AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
139else
140	AC_MSG_RESULT([no])
141fi
142
143AC_ARG_WITH([ssh1],
144	[  --with-ssh1             Enable support for SSH protocol 1],
145	[
146		if test "x$withval" = "xyes" ; then
147			if test "x$openssl" = "xno" ; then
148				AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
149			fi
150			ssh1=yes
151		elif test "x$withval" = "xno" ; then
152			ssh1=no
153		else
154			AC_MSG_ERROR([unknown --with-ssh1 argument])
155		fi
156	]
157)
158AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
159if test "x$ssh1" = "xyes" ; then
160	AC_MSG_RESULT([yes])
161	AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
162else
163	AC_MSG_RESULT([no])
164fi
165
166use_stack_protector=1
167use_toolchain_hardening=1
168AC_ARG_WITH([stackprotect],
169    [  --without-stackprotect  Don't use compiler's stack protection], [
170    if test "x$withval" = "xno"; then
171	use_stack_protector=0
172    fi ])
173AC_ARG_WITH([hardening],
174    [  --without-hardening     Don't use toolchain hardening flags], [
175    if test "x$withval" = "xno"; then
176	use_toolchain_hardening=0
177    fi ])
178
179# We use -Werror for the tests only so that we catch warnings like "this is
180# on by default" for things like -fPIE.
181AC_MSG_CHECKING([if $CC supports -Werror])
182saved_CFLAGS="$CFLAGS"
183CFLAGS="$CFLAGS -Werror"
184AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
185	[ AC_MSG_RESULT([yes])
186	  WERROR="-Werror"],
187	[ AC_MSG_RESULT([no])
188	  WERROR="" ]
189)
190CFLAGS="$saved_CFLAGS"
191
192if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
193	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
194	OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
195	OSSH_CHECK_CFLAG_COMPILE([-Wall])
196	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
197	OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
198	OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
199	OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
200	OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
201	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
202	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
203	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
204	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
205    if test "x$use_toolchain_hardening" = "x1"; then
206	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
207	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
208	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
209	# NB. -ftrapv expects certain support functions to be present in
210	# the compiler library (libgcc or similar) to detect integer operations
211	# that can overflow. We must check that the result of enabling it
212	# actually links. The test program compiled/linked includes a number
213	# of integer operations that should exercise this.
214	OSSH_CHECK_CFLAG_LINK([-ftrapv])
215    fi
216	AC_MSG_CHECKING([gcc version])
217	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
218	case $GCC_VER in
219		1.*) no_attrib_nonnull=1 ;;
220		2.8* | 2.9*)
221		     no_attrib_nonnull=1
222		     ;;
223		2.*) no_attrib_nonnull=1 ;;
224		*) ;;
225	esac
226	AC_MSG_RESULT([$GCC_VER])
227
228	AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
229	saved_CFLAGS="$CFLAGS"
230	CFLAGS="$CFLAGS -fno-builtin-memset"
231	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
232			[[ char b[10]; memset(b, 0, sizeof(b)); ]])],
233		[ AC_MSG_RESULT([yes]) ],
234		[ AC_MSG_RESULT([no])
235		  CFLAGS="$saved_CFLAGS" ]
236	)
237
238	# -fstack-protector-all doesn't always work for some GCC versions
239	# and/or platforms, so we test if we can.  If it's not supported
240	# on a given platform gcc will emit a warning so we use -Werror.
241	if test "x$use_stack_protector" = "x1"; then
242	    for t in -fstack-protector-strong -fstack-protector-all \
243		    -fstack-protector; do
244		AC_MSG_CHECKING([if $CC supports $t])
245		saved_CFLAGS="$CFLAGS"
246		saved_LDFLAGS="$LDFLAGS"
247		CFLAGS="$CFLAGS $t -Werror"
248		LDFLAGS="$LDFLAGS $t -Werror"
249		AC_LINK_IFELSE(
250			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
251			[[
252	char x[256];
253	snprintf(x, sizeof(x), "XXX");
254			 ]])],
255		    [ AC_MSG_RESULT([yes])
256		      CFLAGS="$saved_CFLAGS $t"
257		      LDFLAGS="$saved_LDFLAGS $t"
258		      AC_MSG_CHECKING([if $t works])
259		      AC_RUN_IFELSE(
260			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
261			[[
262	char x[256];
263	snprintf(x, sizeof(x), "XXX");
264			]])],
265			[ AC_MSG_RESULT([yes])
266			  break ],
267			[ AC_MSG_RESULT([no]) ],
268			[ AC_MSG_WARN([cross compiling: cannot test])
269			  break ]
270		      )
271		    ],
272		    [ AC_MSG_RESULT([no]) ]
273		)
274		CFLAGS="$saved_CFLAGS"
275		LDFLAGS="$saved_LDFLAGS"
276	    done
277	fi
278
279	if test -z "$have_llong_max"; then
280		# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
281		unset ac_cv_have_decl_LLONG_MAX
282		saved_CFLAGS="$CFLAGS"
283		CFLAGS="$CFLAGS -std=gnu99"
284		AC_CHECK_DECL([LLONG_MAX],
285		    [have_llong_max=1],
286		    [CFLAGS="$saved_CFLAGS"],
287		    [#include <limits.h>]
288		)
289	fi
290fi
291
292AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
293AC_COMPILE_IFELSE(
294    [AC_LANG_PROGRAM([[
295#include <stdlib.h>
296__attribute__((__unused__)) static void foo(void){return;}]],
297    [[ exit(0); ]])],
298    [ AC_MSG_RESULT([yes]) ],
299    [ AC_MSG_RESULT([no])
300      AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
301	 [compiler does not accept __attribute__ on return types]) ]
302)
303
304if test "x$no_attrib_nonnull" != "x1" ; then
305	AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
306fi
307
308AC_ARG_WITH([rpath],
309	[  --without-rpath         Disable auto-added -R linker paths],
310	[
311		if test "x$withval" = "xno" ; then
312			need_dash_r=""
313		fi
314		if test "x$withval" = "xyes" ; then
315			need_dash_r=1
316		fi
317	]
318)
319
320# Allow user to specify flags
321AC_ARG_WITH([cflags],
322	[  --with-cflags           Specify additional flags to pass to compiler],
323	[
324		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
325		    test "x${withval}" != "xyes"; then
326			CFLAGS="$CFLAGS $withval"
327		fi
328	]
329)
330AC_ARG_WITH([cppflags],
331	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
332	[
333		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
334		    test "x${withval}" != "xyes"; then
335			CPPFLAGS="$CPPFLAGS $withval"
336		fi
337	]
338)
339AC_ARG_WITH([ldflags],
340	[  --with-ldflags          Specify additional flags to pass to linker],
341	[
342		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
343		    test "x${withval}" != "xyes"; then
344			LDFLAGS="$LDFLAGS $withval"
345		fi
346	]
347)
348AC_ARG_WITH([libs],
349	[  --with-libs             Specify additional libraries to link with],
350	[
351		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
352		    test "x${withval}" != "xyes"; then
353			LIBS="$LIBS $withval"
354		fi
355	]
356)
357AC_ARG_WITH([Werror],
358	[  --with-Werror           Build main code with -Werror],
359	[
360		if test -n "$withval"  &&  test "x$withval" != "xno"; then
361			werror_flags="-Werror"
362			if test "x${withval}" != "xyes"; then
363				werror_flags="$withval"
364			fi
365		fi
366	]
367)
368
369AC_CHECK_HEADERS([ \
370	blf.h \
371	bstring.h \
372	crypt.h \
373	crypto/sha2.h \
374	dirent.h \
375	endian.h \
376	elf.h \
377	features.h \
378	fcntl.h \
379	floatingpoint.h \
380	getopt.h \
381	glob.h \
382	ia.h \
383	iaf.h \
384	inttypes.h \
385	limits.h \
386	locale.h \
387	login.h \
388	maillock.h \
389	ndir.h \
390	net/if_tun.h \
391	netdb.h \
392	netgroup.h \
393	pam/pam_appl.h \
394	paths.h \
395	poll.h \
396	pty.h \
397	readpassphrase.h \
398	rpc/types.h \
399	security/pam_appl.h \
400	sha2.h \
401	shadow.h \
402	stddef.h \
403	stdint.h \
404	string.h \
405	strings.h \
406	sys/audit.h \
407	sys/bitypes.h \
408	sys/bsdtty.h \
409	sys/cdefs.h \
410	sys/dir.h \
411	sys/mman.h \
412	sys/ndir.h \
413	sys/poll.h \
414	sys/prctl.h \
415	sys/pstat.h \
416	sys/select.h \
417	sys/stat.h \
418	sys/stream.h \
419	sys/stropts.h \
420	sys/strtio.h \
421	sys/statvfs.h \
422	sys/sysmacros.h \
423	sys/time.h \
424	sys/timers.h \
425	time.h \
426	tmpdir.h \
427	ttyent.h \
428	ucred.h \
429	unistd.h \
430	usersec.h \
431	util.h \
432	utime.h \
433	utmp.h \
434	utmpx.h \
435	vis.h \
436])
437
438# sys/capsicum.h requires sys/types.h
439AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
440#ifdef HAVE_SYS_TYPES_H
441# include <sys/types.h>
442#endif
443])
444
445# lastlog.h requires sys/time.h to be included first on Solaris
446AC_CHECK_HEADERS([lastlog.h], [], [], [
447#ifdef HAVE_SYS_TIME_H
448# include <sys/time.h>
449#endif
450])
451
452# sys/ptms.h requires sys/stream.h to be included first on Solaris
453AC_CHECK_HEADERS([sys/ptms.h], [], [], [
454#ifdef HAVE_SYS_STREAM_H
455# include <sys/stream.h>
456#endif
457])
458
459# login_cap.h requires sys/types.h on NetBSD
460AC_CHECK_HEADERS([login_cap.h], [], [], [
461#include <sys/types.h>
462])
463
464# older BSDs need sys/param.h before sys/mount.h
465AC_CHECK_HEADERS([sys/mount.h], [], [], [
466#include <sys/param.h>
467])
468
469# Android requires sys/socket.h to be included before sys/un.h
470AC_CHECK_HEADERS([sys/un.h], [], [], [
471#include <sys/types.h>
472#include <sys/socket.h>
473])
474
475# Messages for features tested for in target-specific section
476SIA_MSG="no"
477SPC_MSG="no"
478SP_MSG="no"
479SPP_MSG="no"
480
481# Support for Solaris/Illumos privileges (this test is used by both
482# the --with-solaris-privs option and --with-sandbox=solaris).
483SOLARIS_PRIVS="no"
484
485# Check for some target-specific stuff
486case "$host" in
487*-*-aix*)
488	# Some versions of VAC won't allow macro redefinitions at
489	# -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
490	# particularly with older versions of vac or xlc.
491	# It also throws errors about null macro argments, but these are
492	# not fatal.
493	AC_MSG_CHECKING([if compiler allows macro redefinitions])
494	AC_COMPILE_IFELSE(
495	    [AC_LANG_PROGRAM([[
496#define testmacro foo
497#define testmacro bar]],
498	    [[ exit(0); ]])],
499	    [ AC_MSG_RESULT([yes]) ],
500	    [ AC_MSG_RESULT([no])
501	      CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
502	      LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
503	      CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
504	      CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
505	    ]
506	)
507
508	AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
509	if (test -z "$blibpath"); then
510		blibpath="/usr/lib:/lib"
511	fi
512	saved_LDFLAGS="$LDFLAGS"
513	if test "$GCC" = "yes"; then
514		flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
515	else
516		flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
517	fi
518	for tryflags in $flags ;do
519		if (test -z "$blibflags"); then
520			LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
521			AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
522			[blibflags=$tryflags], [])
523		fi
524	done
525	if (test -z "$blibflags"); then
526		AC_MSG_RESULT([not found])
527		AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
528	else
529		AC_MSG_RESULT([$blibflags])
530	fi
531	LDFLAGS="$saved_LDFLAGS"
532	dnl Check for authenticate.  Might be in libs.a on older AIXes
533	AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
534		[Define if you want to enable AIX4's authenticate function])],
535		[AC_CHECK_LIB([s], [authenticate],
536			[ AC_DEFINE([WITH_AIXAUTHENTICATE])
537				LIBS="$LIBS -ls"
538			])
539		])
540	dnl Check for various auth function declarations in headers.
541	AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
542	    passwdexpired, setauthdb], , , [#include <usersec.h>])
543	dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
544	AC_CHECK_DECLS([loginfailed],
545	    [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
546	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
547		[[ (void)loginfailed("user","host","tty",0); ]])],
548		[AC_MSG_RESULT([yes])
549		AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
550			[Define if your AIX loginfailed() function
551			takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
552	    ])],
553	    [],
554	    [#include <usersec.h>]
555	)
556	AC_CHECK_FUNCS([getgrset setauthdb])
557	AC_CHECK_DECL([F_CLOSEM],
558	    AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
559	    [],
560	    [ #include <limits.h>
561	      #include <fcntl.h> ]
562	)
563	check_for_aix_broken_getaddrinfo=1
564	AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
565	AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
566	    [Define if your platform breaks doing a seteuid before a setuid])
567	AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
568	AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
569	dnl AIX handles lastlog as part of its login message
570	AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
571	AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
572		[Some systems need a utmpx entry for /bin/login to work])
573	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
574		[Define to a Set Process Title type if your system is
575		supported by bsd-setproctitle.c])
576	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
577	    [AIX 5.2 and 5.3 (and presumably newer) require this])
578	AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
579	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
580	;;
581*-*-android*)
582	AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
583	AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
584	;;
585*-*-cygwin*)
586	check_for_libcrypt_later=1
587	LIBS="$LIBS /usr/lib/textreadmode.o"
588	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
589	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
590	AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
591		[Define to disable UID restoration test])
592	AC_DEFINE([DISABLE_SHADOW], [1],
593		[Define if you want to disable shadow passwords])
594	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
595		[Define if X11 doesn't support AF_UNIX sockets on that system])
596	AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
597		[Define if the concept of ports only accessible to
598		superusers isn't known])
599	AC_DEFINE([DISABLE_FD_PASSING], [1],
600		[Define if your platform needs to skip post auth
601		file descriptor passing])
602	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
603	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
604	# Cygwin defines optargs, optargs as declspec(dllimport) for historical
605	# reasons which cause compile warnings, so we disable those warnings.
606	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
607	;;
608*-*-dgux*)
609	AC_DEFINE([IP_TOS_IS_BROKEN], [1],
610		[Define if your system choked on IP TOS setting])
611	AC_DEFINE([SETEUID_BREAKS_SETUID])
612	AC_DEFINE([BROKEN_SETREUID])
613	AC_DEFINE([BROKEN_SETREGID])
614	;;
615*-*-darwin*)
616	use_pie=auto
617	AC_MSG_CHECKING([if we have working getaddrinfo])
618	AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
619main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
620		exit(0);
621	else
622		exit(1);
623}
624			]])],
625	[AC_MSG_RESULT([working])],
626	[AC_MSG_RESULT([buggy])
627	AC_DEFINE([BROKEN_GETADDRINFO], [1],
628		[getaddrinfo is broken (if present)])
629	],
630	[AC_MSG_RESULT([assume it is working])])
631	AC_DEFINE([SETEUID_BREAKS_SETUID])
632	AC_DEFINE([BROKEN_SETREUID])
633	AC_DEFINE([BROKEN_SETREGID])
634	AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
635	AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
636		[Define if your resolver libs need this for getrrsetbyname])
637	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
638	AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
639	    [Use tunnel device compatibility to OpenBSD])
640	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
641	    [Prepend the address family to IP tunnel traffic])
642	m4_pattern_allow([AU_IPv])
643	AC_CHECK_DECL([AU_IPv4], [],
644	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
645	    [#include <bsm/audit.h>]
646	AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
647	    [Define if pututxline updates lastlog too])
648	)
649	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
650		[Define to a Set Process Title type if your system is
651		supported by bsd-setproctitle.c])
652	AC_CHECK_FUNCS([sandbox_init])
653	AC_CHECK_HEADERS([sandbox.h])
654	AC_CHECK_LIB([sandbox], [sandbox_apply], [
655	    SSHDLIBS="$SSHDLIBS -lsandbox"
656	])
657	;;
658*-*-dragonfly*)
659	SSHDLIBS="$SSHDLIBS -lcrypt"
660	TEST_MALLOC_OPTIONS="AFGJPRX"
661	;;
662*-*-haiku*)
663    LIBS="$LIBS -lbsd "
664    AC_CHECK_LIB([network], [socket])
665    AC_DEFINE([HAVE_U_INT64_T])
666    MANTYPE=man
667    ;;
668*-*-hpux*)
669	# first we define all of the options common to all HP-UX releases
670	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
671	IPADDR_IN_DISPLAY=yes
672	AC_DEFINE([USE_PIPES])
673	AC_DEFINE([LOGIN_NO_ENDOPT], [1],
674	    [Define if your login program cannot handle end of options ("--")])
675	AC_DEFINE([LOGIN_NEEDS_UTMPX])
676	AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
677		[String used in /etc/passwd to denote locked account])
678	AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
679	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
680	maildir="/var/mail"
681	LIBS="$LIBS -lsec"
682	AC_CHECK_LIB([xnet], [t_error], ,
683	    [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
684
685	# next, we define all of the options specific to major releases
686	case "$host" in
687	*-*-hpux10*)
688		if test -z "$GCC"; then
689			CFLAGS="$CFLAGS -Ae"
690		fi
691		;;
692	*-*-hpux11*)
693		AC_DEFINE([PAM_SUN_CODEBASE], [1],
694			[Define if you are using Solaris-derived PAM which
695			passes pam_messages to the conversation function
696			with an extra level of indirection])
697		AC_DEFINE([DISABLE_UTMP], [1],
698			[Define if you don't want to use utmp])
699		AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
700		check_for_hpux_broken_getaddrinfo=1
701		check_for_conflicting_getspnam=1
702		;;
703	esac
704
705	# lastly, we define options specific to minor releases
706	case "$host" in
707	*-*-hpux10.26)
708		AC_DEFINE([HAVE_SECUREWARE], [1],
709			[Define if you have SecureWare-based
710			protected password database])
711		disable_ptmx_check=yes
712		LIBS="$LIBS -lsecpw"
713		;;
714	esac
715	;;
716*-*-irix5*)
717	PATH="$PATH:/usr/etc"
718	AC_DEFINE([BROKEN_INET_NTOA], [1],
719		[Define if you system's inet_ntoa is busted
720		(e.g. Irix gcc issue)])
721	AC_DEFINE([SETEUID_BREAKS_SETUID])
722	AC_DEFINE([BROKEN_SETREUID])
723	AC_DEFINE([BROKEN_SETREGID])
724	AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
725		[Define if you shouldn't strip 'tty' from your
726		ttyname in [uw]tmp])
727	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
728	;;
729*-*-irix6*)
730	PATH="$PATH:/usr/etc"
731	AC_DEFINE([WITH_IRIX_ARRAY], [1],
732		[Define if you have/want arrays
733		(cluster-wide session managment, not C arrays)])
734	AC_DEFINE([WITH_IRIX_PROJECT], [1],
735		[Define if you want IRIX project management])
736	AC_DEFINE([WITH_IRIX_AUDIT], [1],
737		[Define if you want IRIX audit trails])
738	AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
739		[Define if you want IRIX kernel jobs])])
740	AC_DEFINE([BROKEN_INET_NTOA])
741	AC_DEFINE([SETEUID_BREAKS_SETUID])
742	AC_DEFINE([BROKEN_SETREUID])
743	AC_DEFINE([BROKEN_SETREGID])
744	AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
745	AC_DEFINE([WITH_ABBREV_NO_TTY])
746	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
747	;;
748*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
749	check_for_libcrypt_later=1
750	AC_DEFINE([PAM_TTY_KLUDGE])
751	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
752	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
753	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
754	AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
755	;;
756*-*-linux*)
757	no_dev_ptmx=1
758	use_pie=auto
759	check_for_libcrypt_later=1
760	check_for_openpty_ctty_bug=1
761	AC_DEFINE([PAM_TTY_KLUDGE], [1],
762		[Work around problematic Linux PAM modules handling of PAM_TTY])
763	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
764		[String used in /etc/passwd to denote locked account])
765	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
766	AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
767		[Define to whatever link() returns for "not supported"
768		if it doesn't return EOPNOTSUPP.])
769	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
770	AC_DEFINE([USE_BTMP])
771	AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
772	inet6_default_4in6=yes
773	case `uname -r` in
774	1.*|2.0.*)
775		AC_DEFINE([BROKEN_CMSG_TYPE], [1],
776			[Define if cmsg_type is not passed correctly])
777		;;
778	esac
779	# tun(4) forwarding compat code
780	AC_CHECK_HEADERS([linux/if_tun.h])
781	if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
782		AC_DEFINE([SSH_TUN_LINUX], [1],
783		    [Open tunnel devices the Linux tun/tap way])
784		AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
785		    [Use tunnel device compatibility to OpenBSD])
786		AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
787		    [Prepend the address family to IP tunnel traffic])
788	fi
789	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
790	    [], [#include <linux/types.h>])
791	AC_CHECK_FUNCS([prctl])
792	AC_MSG_CHECKING([for seccomp architecture])
793	seccomp_audit_arch=
794	case "$host" in
795	x86_64-*)
796		seccomp_audit_arch=AUDIT_ARCH_X86_64
797		;;
798	i*86-*)
799		seccomp_audit_arch=AUDIT_ARCH_I386
800		;;
801	arm*-*)
802		seccomp_audit_arch=AUDIT_ARCH_ARM
803		;;
804	aarch64*-*)
805		seccomp_audit_arch=AUDIT_ARCH_AARCH64
806		;;
807	esac
808	if test "x$seccomp_audit_arch" != "x" ; then
809		AC_MSG_RESULT(["$seccomp_audit_arch"])
810		AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
811		    [Specify the system call convention in use])
812	else
813		AC_MSG_RESULT([architecture not supported])
814	fi
815	;;
816mips-sony-bsd|mips-sony-newsos4)
817	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
818	SONY=1
819	;;
820*-*-netbsd*)
821	check_for_libcrypt_before=1
822	if test "x$withval" != "xno" ; then
823		need_dash_r=1
824	fi
825	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
826	AC_CHECK_HEADER([net/if_tap.h], ,
827	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
828	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
829	    [Prepend the address family to IP tunnel traffic])
830	TEST_MALLOC_OPTIONS="AJRX"
831	AC_DEFINE([BROKEN_STRNVIS], [1],
832	    [NetBSD strnvis argument order is swapped compared to OpenBSD])
833	AC_DEFINE([BROKEN_READ_COMPARISON], [1],
834	    [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
835	;;
836*-*-freebsd*)
837	check_for_libcrypt_later=1
838	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
839	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
840	AC_CHECK_HEADER([net/if_tap.h], ,
841	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
842	AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
843	AC_DEFINE([BROKEN_STRNVIS], [1],
844	    [FreeBSD strnvis argument order is swapped compared to OpenBSD])
845	TEST_MALLOC_OPTIONS="AJRX"
846	# Preauth crypto occasionally uses file descriptors for crypto offload
847	# and will crash if they cannot be opened.
848	AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
849	    [define if setrlimit RLIMIT_NOFILE breaks things])
850	;;
851*-*-bsdi*)
852	AC_DEFINE([SETEUID_BREAKS_SETUID])
853	AC_DEFINE([BROKEN_SETREUID])
854	AC_DEFINE([BROKEN_SETREGID])
855	;;
856*-next-*)
857	conf_lastlog_location="/usr/adm/lastlog"
858	conf_utmp_location=/etc/utmp
859	conf_wtmp_location=/usr/adm/wtmp
860	maildir=/usr/spool/mail
861	AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
862	AC_DEFINE([BROKEN_REALPATH])
863	AC_DEFINE([USE_PIPES])
864	AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
865	;;
866*-*-openbsd*)
867	use_pie=auto
868	AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
869	AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
870	AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
871	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
872	    [syslog_r function is safe to use in in a signal handler])
873	TEST_MALLOC_OPTIONS="AFGJPRX"
874	;;
875*-*-solaris*)
876	if test "x$withval" != "xno" ; then
877		need_dash_r=1
878	fi
879	AC_DEFINE([PAM_SUN_CODEBASE])
880	AC_DEFINE([LOGIN_NEEDS_UTMPX])
881	AC_DEFINE([LOGIN_NEEDS_TERM], [1],
882		[Some versions of /bin/login need the TERM supplied
883		on the commandline])
884	AC_DEFINE([PAM_TTY_KLUDGE])
885	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
886		[Define if pam_chauthtok wants real uid set
887		to the unpriv'ed user])
888	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
889	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
890	AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
891		[Define if sshd somehow reacquires a controlling TTY
892		after setsid()])
893	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
894		in case the name is longer than 8 chars])
895	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
896	external_path_file=/etc/default/login
897	# hardwire lastlog location (can't detect it on some versions)
898	conf_lastlog_location="/var/adm/lastlog"
899	AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
900	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
901	if test "$sol2ver" -ge 8; then
902		AC_MSG_RESULT([yes])
903		AC_DEFINE([DISABLE_UTMP])
904		AC_DEFINE([DISABLE_WTMP], [1],
905			[Define if you don't want to use wtmp])
906	else
907		AC_MSG_RESULT([no])
908	fi
909	AC_CHECK_FUNCS([setppriv])
910	AC_CHECK_FUNCS([priv_basicset])
911	AC_CHECK_HEADERS([priv.h])
912	AC_ARG_WITH([solaris-contracts],
913		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
914		[
915		AC_CHECK_LIB([contract], [ct_tmpl_activate],
916			[ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
917				[Define if you have Solaris process contracts])
918			  LIBS="$LIBS -lcontract"
919			  SPC_MSG="yes" ], )
920		],
921	)
922	AC_ARG_WITH([solaris-projects],
923		[  --with-solaris-projects Enable Solaris projects (experimental)],
924		[
925		AC_CHECK_LIB([project], [setproject],
926			[ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
927				[Define if you have Solaris projects])
928			LIBS="$LIBS -lproject"
929			SP_MSG="yes" ], )
930		],
931	)
932	AC_ARG_WITH([solaris-privs],
933		[  --with-solaris-privs    Enable Solaris/Illumos privileges (experimental)],
934		[
935		AC_MSG_CHECKING([for Solaris/Illumos privilege support])
936		if test "x$ac_cv_func_setppriv" = "xyes" -a \
937			"x$ac_cv_header_priv_h" = "xyes" ; then
938			SOLARIS_PRIVS=yes
939			AC_MSG_RESULT([found])
940			AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
941				[Define to disable UID restoration test])
942			AC_DEFINE([USE_SOLARIS_PRIVS], [1],
943				[Define if you have Solaris privileges])
944			SPP_MSG="yes"
945		else
946			AC_MSG_RESULT([not found])
947			AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
948		fi
949		],
950	)
951	TEST_SHELL=$SHELL	# let configure find us a capable shell
952	;;
953*-*-sunos4*)
954	CPPFLAGS="$CPPFLAGS -DSUNOS4"
955	AC_CHECK_FUNCS([getpwanam])
956	AC_DEFINE([PAM_SUN_CODEBASE])
957	conf_utmp_location=/etc/utmp
958	conf_wtmp_location=/var/adm/wtmp
959	conf_lastlog_location=/var/adm/lastlog
960	AC_DEFINE([USE_PIPES])
961	;;
962*-ncr-sysv*)
963	LIBS="$LIBS -lc89"
964	AC_DEFINE([USE_PIPES])
965	AC_DEFINE([SSHD_ACQUIRES_CTTY])
966	AC_DEFINE([SETEUID_BREAKS_SETUID])
967	AC_DEFINE([BROKEN_SETREUID])
968	AC_DEFINE([BROKEN_SETREGID])
969	;;
970*-sni-sysv*)
971	# /usr/ucblib MUST NOT be searched on ReliantUNIX
972	AC_CHECK_LIB([dl], [dlsym], ,)
973	# -lresolv needs to be at the end of LIBS or DNS lookups break
974	AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
975	IPADDR_IN_DISPLAY=yes
976	AC_DEFINE([USE_PIPES])
977	AC_DEFINE([IP_TOS_IS_BROKEN])
978	AC_DEFINE([SETEUID_BREAKS_SETUID])
979	AC_DEFINE([BROKEN_SETREUID])
980	AC_DEFINE([BROKEN_SETREGID])
981	AC_DEFINE([SSHD_ACQUIRES_CTTY])
982	external_path_file=/etc/default/login
983	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
984	# Attention: always take care to bind libsocket and libnsl before libc,
985	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
986	;;
987# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
988*-*-sysv4.2*)
989	AC_DEFINE([USE_PIPES])
990	AC_DEFINE([SETEUID_BREAKS_SETUID])
991	AC_DEFINE([BROKEN_SETREUID])
992	AC_DEFINE([BROKEN_SETREGID])
993	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
994	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
995	TEST_SHELL=$SHELL	# let configure find us a capable shell
996	;;
997# UnixWare 7.x, OpenUNIX 8
998*-*-sysv5*)
999	CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1000	AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1001	AC_DEFINE([USE_PIPES])
1002	AC_DEFINE([SETEUID_BREAKS_SETUID])
1003	AC_DEFINE([BROKEN_GETADDRINFO])
1004	AC_DEFINE([BROKEN_SETREUID])
1005	AC_DEFINE([BROKEN_SETREGID])
1006	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1007	TEST_SHELL=$SHELL	# let configure find us a capable shell
1008	case "$host" in
1009	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
1010		maildir=/var/spool/mail
1011		AC_DEFINE([BROKEN_LIBIAF], [1],
1012			[ia_uinfo routines not supported by OS yet])
1013		AC_DEFINE([BROKEN_UPDWTMPX])
1014		AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1015			AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1016			AC_DEFINE([HAVE_SECUREWARE])
1017			AC_DEFINE([DISABLE_SHADOW])
1018			], , )
1019		;;
1020	*)	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1021		check_for_libcrypt_later=1
1022		;;
1023	esac
1024	;;
1025*-*-sysv*)
1026	;;
1027# SCO UNIX and OEM versions of SCO UNIX
1028*-*-sco3.2v4*)
1029	AC_MSG_ERROR("This Platform is no longer supported.")
1030	;;
1031# SCO OpenServer 5.x
1032*-*-sco3.2v5*)
1033	if test -z "$GCC"; then
1034		CFLAGS="$CFLAGS -belf"
1035	fi
1036	LIBS="$LIBS -lprot -lx -ltinfo -lm"
1037	no_dev_ptmx=1
1038	AC_DEFINE([USE_PIPES])
1039	AC_DEFINE([HAVE_SECUREWARE])
1040	AC_DEFINE([DISABLE_SHADOW])
1041	AC_DEFINE([DISABLE_FD_PASSING])
1042	AC_DEFINE([SETEUID_BREAKS_SETUID])
1043	AC_DEFINE([BROKEN_GETADDRINFO])
1044	AC_DEFINE([BROKEN_SETREUID])
1045	AC_DEFINE([BROKEN_SETREGID])
1046	AC_DEFINE([WITH_ABBREV_NO_TTY])
1047	AC_DEFINE([BROKEN_UPDWTMPX])
1048	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1049	AC_CHECK_FUNCS([getluid setluid])
1050	MANTYPE=man
1051	TEST_SHELL=$SHELL	# let configure find us a capable shell
1052	SKIP_DISABLE_LASTLOG_DEFINE=yes
1053	;;
1054*-*-unicosmk*)
1055	AC_DEFINE([NO_SSH_LASTLOG], [1],
1056		[Define if you don't want to use lastlog in session.c])
1057	AC_DEFINE([SETEUID_BREAKS_SETUID])
1058	AC_DEFINE([BROKEN_SETREUID])
1059	AC_DEFINE([BROKEN_SETREGID])
1060	AC_DEFINE([USE_PIPES])
1061	AC_DEFINE([DISABLE_FD_PASSING])
1062	LDFLAGS="$LDFLAGS"
1063	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1064	MANTYPE=cat
1065	;;
1066*-*-unicosmp*)
1067	AC_DEFINE([SETEUID_BREAKS_SETUID])
1068	AC_DEFINE([BROKEN_SETREUID])
1069	AC_DEFINE([BROKEN_SETREGID])
1070	AC_DEFINE([WITH_ABBREV_NO_TTY])
1071	AC_DEFINE([USE_PIPES])
1072	AC_DEFINE([DISABLE_FD_PASSING])
1073	LDFLAGS="$LDFLAGS"
1074	LIBS="$LIBS -lgen -lacid -ldb"
1075	MANTYPE=cat
1076	;;
1077*-*-unicos*)
1078	AC_DEFINE([SETEUID_BREAKS_SETUID])
1079	AC_DEFINE([BROKEN_SETREUID])
1080	AC_DEFINE([BROKEN_SETREGID])
1081	AC_DEFINE([USE_PIPES])
1082	AC_DEFINE([DISABLE_FD_PASSING])
1083	AC_DEFINE([NO_SSH_LASTLOG])
1084	LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1085	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1086	MANTYPE=cat
1087	;;
1088*-dec-osf*)
1089	AC_MSG_CHECKING([for Digital Unix SIA])
1090	no_osfsia=""
1091	AC_ARG_WITH([osfsia],
1092		[  --with-osfsia           Enable Digital Unix SIA],
1093		[
1094			if test "x$withval" = "xno" ; then
1095				AC_MSG_RESULT([disabled])
1096				no_osfsia=1
1097			fi
1098		],
1099	)
1100	if test -z "$no_osfsia" ; then
1101		if test -f /etc/sia/matrix.conf; then
1102			AC_MSG_RESULT([yes])
1103			AC_DEFINE([HAVE_OSF_SIA], [1],
1104				[Define if you have Digital Unix Security
1105				Integration Architecture])
1106			AC_DEFINE([DISABLE_LOGIN], [1],
1107				[Define if you don't want to use your
1108				system's login() call])
1109			AC_DEFINE([DISABLE_FD_PASSING])
1110			LIBS="$LIBS -lsecurity -ldb -lm -laud"
1111			SIA_MSG="yes"
1112		else
1113			AC_MSG_RESULT([no])
1114			AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1115			  [String used in /etc/passwd to denote locked account])
1116		fi
1117	fi
1118	AC_DEFINE([BROKEN_GETADDRINFO])
1119	AC_DEFINE([SETEUID_BREAKS_SETUID])
1120	AC_DEFINE([BROKEN_SETREUID])
1121	AC_DEFINE([BROKEN_SETREGID])
1122	AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1123	;;
1124
1125*-*-nto-qnx*)
1126	AC_DEFINE([USE_PIPES])
1127	AC_DEFINE([NO_X11_UNIX_SOCKETS])
1128	AC_DEFINE([DISABLE_LASTLOG])
1129	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1130	AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1131	enable_etc_default_login=no	# has incompatible /etc/default/login
1132	case "$host" in
1133	*-*-nto-qnx6*)
1134		AC_DEFINE([DISABLE_FD_PASSING])
1135		;;
1136	esac
1137	;;
1138
1139*-*-ultrix*)
1140	AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1141	AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1142	AC_DEFINE([NEED_SETPGRP])
1143	AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1144	;;
1145
1146*-*-lynxos)
1147        CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1148        AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1149        ;;
1150esac
1151
1152AC_MSG_CHECKING([compiler and flags for sanity])
1153AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1154	[	AC_MSG_RESULT([yes]) ],
1155	[
1156		AC_MSG_RESULT([no])
1157		AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1158	],
1159	[	AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1160)
1161
1162dnl Checks for header files.
1163# Checks for libraries.
1164AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1165
1166dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1167AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1168	AC_CHECK_LIB([gen], [dirname], [
1169		AC_CACHE_CHECK([for broken dirname],
1170			ac_cv_have_broken_dirname, [
1171			save_LIBS="$LIBS"
1172			LIBS="$LIBS -lgen"
1173			AC_RUN_IFELSE(
1174				[AC_LANG_SOURCE([[
1175#include <libgen.h>
1176#include <string.h>
1177
1178int main(int argc, char **argv) {
1179    char *s, buf[32];
1180
1181    strncpy(buf,"/etc", 32);
1182    s = dirname(buf);
1183    if (!s || strncmp(s, "/", 32) != 0) {
1184	exit(1);
1185    } else {
1186	exit(0);
1187    }
1188}
1189				]])],
1190				[ ac_cv_have_broken_dirname="no" ],
1191				[ ac_cv_have_broken_dirname="yes" ],
1192				[ ac_cv_have_broken_dirname="no" ],
1193			)
1194			LIBS="$save_LIBS"
1195		])
1196		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1197			LIBS="$LIBS -lgen"
1198			AC_DEFINE([HAVE_DIRNAME])
1199			AC_CHECK_HEADERS([libgen.h])
1200		fi
1201	])
1202])
1203
1204AC_CHECK_FUNC([getspnam], ,
1205	[AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1206AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1207	[Define if you have the basename function.])])
1208
1209dnl zlib is required
1210AC_ARG_WITH([zlib],
1211	[  --with-zlib=PATH        Use zlib in PATH],
1212	[ if test "x$withval" = "xno" ; then
1213		AC_MSG_ERROR([*** zlib is required ***])
1214	  elif test "x$withval" != "xyes"; then
1215		if test -d "$withval/lib"; then
1216			if test -n "${need_dash_r}"; then
1217				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1218			else
1219				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1220			fi
1221		else
1222			if test -n "${need_dash_r}"; then
1223				LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1224			else
1225				LDFLAGS="-L${withval} ${LDFLAGS}"
1226			fi
1227		fi
1228		if test -d "$withval/include"; then
1229			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1230		else
1231			CPPFLAGS="-I${withval} ${CPPFLAGS}"
1232		fi
1233	fi ]
1234)
1235
1236AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1237AC_CHECK_LIB([z], [deflate], ,
1238	[
1239		saved_CPPFLAGS="$CPPFLAGS"
1240		saved_LDFLAGS="$LDFLAGS"
1241		save_LIBS="$LIBS"
1242		dnl Check default zlib install dir
1243		if test -n "${need_dash_r}"; then
1244			LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1245		else
1246			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1247		fi
1248		CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1249		LIBS="$LIBS -lz"
1250		AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1251			[
1252				AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1253			]
1254		)
1255	]
1256)
1257
1258AC_ARG_WITH([zlib-version-check],
1259	[  --without-zlib-version-check Disable zlib version check],
1260	[  if test "x$withval" = "xno" ; then
1261		zlib_check_nonfatal=1
1262	   fi
1263	]
1264)
1265
1266AC_MSG_CHECKING([for possibly buggy zlib])
1267AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1268#include <stdio.h>
1269#include <stdlib.h>
1270#include <zlib.h>
1271	]],
1272	[[
1273	int a=0, b=0, c=0, d=0, n, v;
1274	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1275	if (n != 3 && n != 4)
1276		exit(1);
1277	v = a*1000000 + b*10000 + c*100 + d;
1278	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1279
1280	/* 1.1.4 is OK */
1281	if (a == 1 && b == 1 && c >= 4)
1282		exit(0);
1283
1284	/* 1.2.3 and up are OK */
1285	if (v >= 1020300)
1286		exit(0);
1287
1288	exit(2);
1289	]])],
1290	AC_MSG_RESULT([no]),
1291	[ AC_MSG_RESULT([yes])
1292	  if test -z "$zlib_check_nonfatal" ; then
1293		AC_MSG_ERROR([*** zlib too old - check config.log ***
1294Your reported zlib version has known security problems.  It's possible your
1295vendor has fixed these problems without changing the version number.  If you
1296are sure this is the case, you can disable the check by running
1297"./configure --without-zlib-version-check".
1298If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1299See http://www.gzip.org/zlib/ for details.])
1300	  else
1301		AC_MSG_WARN([zlib version may have security problems])
1302	  fi
1303	],
1304	[	AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1305)
1306
1307dnl UnixWare 2.x
1308AC_CHECK_FUNC([strcasecmp],
1309	[], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1310)
1311AC_CHECK_FUNCS([utimes],
1312	[], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1313					LIBS="$LIBS -lc89"]) ]
1314)
1315
1316dnl    Checks for libutil functions
1317AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1318AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1319AC_SEARCH_LIBS([scan_scaled], [util bsd])
1320AC_SEARCH_LIBS([login], [util bsd])
1321AC_SEARCH_LIBS([logout], [util bsd])
1322AC_SEARCH_LIBS([logwtmp], [util bsd])
1323AC_SEARCH_LIBS([openpty], [util bsd])
1324AC_SEARCH_LIBS([updwtmp], [util bsd])
1325AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1326
1327# On some platforms, inet_ntop and gethostbyname may be found in libresolv
1328# or libnsl.
1329AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1330AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1331
1332AC_FUNC_STRFTIME
1333
1334# Check for ALTDIRFUNC glob() extension
1335AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1336AC_EGREP_CPP([FOUNDIT],
1337	[
1338		#include <glob.h>
1339		#ifdef GLOB_ALTDIRFUNC
1340		FOUNDIT
1341		#endif
1342	],
1343	[
1344		AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1345			[Define if your system glob() function has
1346			the GLOB_ALTDIRFUNC extension])
1347		AC_MSG_RESULT([yes])
1348	],
1349	[
1350		AC_MSG_RESULT([no])
1351	]
1352)
1353
1354# Check for g.gl_matchc glob() extension
1355AC_MSG_CHECKING([for gl_matchc field in glob_t])
1356AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1357	[[ glob_t g; g.gl_matchc = 1; ]])],
1358	[
1359		AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1360			[Define if your system glob() function has
1361			gl_matchc options in glob_t])
1362		AC_MSG_RESULT([yes])
1363	], [
1364		AC_MSG_RESULT([no])
1365])
1366
1367# Check for g.gl_statv glob() extension
1368AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1369AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1370#ifndef GLOB_KEEPSTAT
1371#error "glob does not support GLOB_KEEPSTAT extension"
1372#endif
1373glob_t g;
1374g.gl_statv = NULL;
1375]])],
1376	[
1377		AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1378			[Define if your system glob() function has
1379			gl_statv options in glob_t])
1380		AC_MSG_RESULT([yes])
1381	], [
1382		AC_MSG_RESULT([no])
1383
1384])
1385
1386AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1387
1388AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1389AC_RUN_IFELSE(
1390	[AC_LANG_PROGRAM([[
1391#include <sys/types.h>
1392#include <dirent.h>]],
1393	[[
1394	struct dirent d;
1395	exit(sizeof(d.d_name)<=sizeof(char));
1396	]])],
1397	[AC_MSG_RESULT([yes])],
1398	[
1399		AC_MSG_RESULT([no])
1400		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1401			[Define if your struct dirent expects you to
1402			allocate extra space for d_name])
1403	],
1404	[
1405		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1406		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1407	]
1408)
1409
1410AC_MSG_CHECKING([for /proc/pid/fd directory])
1411if test -d "/proc/$$/fd" ; then
1412	AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1413	AC_MSG_RESULT([yes])
1414else
1415	AC_MSG_RESULT([no])
1416fi
1417
1418# Check whether user wants S/Key support
1419SKEY_MSG="no"
1420AC_ARG_WITH([skey],
1421	[  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
1422	[
1423		if test "x$withval" != "xno" ; then
1424
1425			if test "x$withval" != "xyes" ; then
1426				CPPFLAGS="$CPPFLAGS -I${withval}/include"
1427				LDFLAGS="$LDFLAGS -L${withval}/lib"
1428			fi
1429
1430			AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1431			LIBS="-lskey $LIBS"
1432			SKEY_MSG="yes"
1433
1434			AC_MSG_CHECKING([for s/key support])
1435			AC_LINK_IFELSE(
1436				[AC_LANG_PROGRAM([[
1437#include <stdio.h>
1438#include <skey.h>
1439				]], [[
1440	char *ff = skey_keyinfo(""); ff="";
1441	exit(0);
1442				]])],
1443				[AC_MSG_RESULT([yes])],
1444				[
1445					AC_MSG_RESULT([no])
1446					AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1447				])
1448                 	AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1449			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1450#include <stdio.h>
1451#include <skey.h>
1452				]], [[
1453	(void)skeychallenge(NULL,"name","",0);
1454				]])],
1455			[
1456				AC_MSG_RESULT([yes])
1457				AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1458					[Define if your skeychallenge()
1459					function takes 4 arguments (NetBSD)])],
1460			[
1461				AC_MSG_RESULT([no])
1462			])
1463		fi
1464	]
1465)
1466
1467# Check whether user wants TCP wrappers support
1468TCPW_MSG="no"
1469AC_ARG_WITH([tcp-wrappers],
1470	[  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1471	[
1472		if test "x$withval" != "xno" ; then
1473			saved_LIBS="$LIBS"
1474			saved_LDFLAGS="$LDFLAGS"
1475			saved_CPPFLAGS="$CPPFLAGS"
1476			if test -n "${withval}" && \
1477			    test "x${withval}" != "xyes"; then
1478				if test -d "${withval}/lib"; then
1479					if test -n "${need_dash_r}"; then
1480						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1481					else
1482						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1483					fi
1484				else
1485					if test -n "${need_dash_r}"; then
1486						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1487					else
1488						LDFLAGS="-L${withval} ${LDFLAGS}"
1489					fi
1490				fi
1491				if test -d "${withval}/include"; then
1492					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1493				else
1494					CPPFLAGS="-I${withval} ${CPPFLAGS}"
1495				fi
1496			fi
1497			LIBS="-lwrap $LIBS"
1498			AC_MSG_CHECKING([for libwrap])
1499			AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1500#include <sys/types.h>
1501#include <sys/socket.h>
1502#include <netinet/in.h>
1503#include <tcpd.h>
1504int deny_severity = 0, allow_severity = 0;
1505				]], [[
1506	hosts_access(0);
1507				]])], [
1508					AC_MSG_RESULT([yes])
1509					AC_DEFINE([LIBWRAP], [1],
1510						[Define if you want
1511						TCP Wrappers support])
1512					SSHDLIBS="$SSHDLIBS -lwrap"
1513					TCPW_MSG="yes"
1514				], [
1515					AC_MSG_ERROR([*** libwrap missing])
1516
1517			])
1518			LIBS="$saved_LIBS"
1519		fi
1520	]
1521)
1522
1523# Check whether user wants to use ldns
1524LDNS_MSG="no"
1525AC_ARG_WITH(ldns,
1526	[  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
1527    [
1528        if test "x$withval" != "xno" ; then
1529
1530			if test "x$withval" != "xyes" ; then
1531				CPPFLAGS="$CPPFLAGS -I${withval}/include"
1532				LDFLAGS="$LDFLAGS -L${withval}/lib"
1533			fi
1534
1535            AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1536            LIBS="-lldns $LIBS"
1537            LDNS_MSG="yes"
1538
1539            AC_MSG_CHECKING([for ldns support])
1540            AC_LINK_IFELSE(
1541                [AC_LANG_SOURCE([[
1542#include <stdio.h>
1543#include <stdlib.h>
1544#include <stdint.h>
1545#include <ldns/ldns.h>
1546int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1547                                ]])
1548                ],
1549				[AC_MSG_RESULT(yes)],
1550				[
1551					AC_MSG_RESULT(no)
1552					AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1553				])
1554        fi
1555    ]
1556)
1557
1558# Check whether user wants libedit support
1559LIBEDIT_MSG="no"
1560AC_ARG_WITH([libedit],
1561	[  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1562	[ if test "x$withval" != "xno" ; then
1563		if test "x$withval" = "xyes" ; then
1564			AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1565			if test "x$PKGCONFIG" != "xno"; then
1566				AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1567			 	if "$PKGCONFIG" libedit; then
1568					AC_MSG_RESULT([yes])
1569					use_pkgconfig_for_libedit=yes
1570				else
1571					AC_MSG_RESULT([no])
1572				fi
1573			fi
1574		else
1575			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1576			if test -n "${need_dash_r}"; then
1577				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1578			else
1579				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1580			fi
1581		fi
1582		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1583			LIBEDIT=`$PKGCONFIG --libs libedit`
1584			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1585		else
1586			LIBEDIT="-ledit -lcurses"
1587		fi
1588		OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1589		AC_CHECK_LIB([edit], [el_init],
1590			[ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1591			  LIBEDIT_MSG="yes"
1592			  AC_SUBST([LIBEDIT])
1593			],
1594			[ AC_MSG_ERROR([libedit not found]) ],
1595			[ $OTHERLIBS ]
1596		)
1597		AC_MSG_CHECKING([if libedit version is compatible])
1598		AC_COMPILE_IFELSE(
1599		    [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1600		    [[
1601	int i = H_SETSIZE;
1602	el_init("", NULL, NULL, NULL);
1603	exit(0);
1604		    ]])],
1605		    [ AC_MSG_RESULT([yes]) ],
1606		    [ AC_MSG_RESULT([no])
1607		      AC_MSG_ERROR([libedit version is not compatible]) ]
1608		)
1609	fi ]
1610)
1611
1612AUDIT_MODULE=none
1613AC_ARG_WITH([audit],
1614	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
1615	[
1616	  AC_MSG_CHECKING([for supported audit module])
1617	  case "$withval" in
1618	  bsm)
1619		AC_MSG_RESULT([bsm])
1620		AUDIT_MODULE=bsm
1621		dnl    Checks for headers, libs and functions
1622		AC_CHECK_HEADERS([bsm/audit.h], [],
1623		    [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1624		    [
1625#ifdef HAVE_TIME_H
1626# include <time.h>
1627#endif
1628		    ]
1629)
1630		AC_CHECK_LIB([bsm], [getaudit], [],
1631		    [AC_MSG_ERROR([BSM enabled and required library not found])])
1632		AC_CHECK_FUNCS([getaudit], [],
1633		    [AC_MSG_ERROR([BSM enabled and required function not found])])
1634		# These are optional
1635		AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1636		AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1637		if test "$sol2ver" -ge 11; then
1638		   	SSHDLIBS="$SSHDLIBS -lscf"
1639                   	AC_DEFINE([BROKEN_BSM_API], [1],
1640		        	  [The system has incomplete BSM API])
1641		fi
1642		;;
1643	  linux)
1644		AC_MSG_RESULT([linux])
1645		AUDIT_MODULE=linux
1646		dnl    Checks for headers, libs and functions
1647		AC_CHECK_HEADERS([libaudit.h])
1648		SSHDLIBS="$SSHDLIBS -laudit"
1649		AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1650		;;
1651	  debug)
1652		AUDIT_MODULE=debug
1653		AC_MSG_RESULT([debug])
1654		AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1655		;;
1656	  no)
1657		AC_MSG_RESULT([no])
1658		;;
1659	  *)
1660		AC_MSG_ERROR([Unknown audit module $withval])
1661		;;
1662	esac ]
1663)
1664
1665AC_ARG_WITH([pie],
1666    [  --with-pie              Build Position Independent Executables if possible], [
1667	if test "x$withval" = "xno"; then
1668		use_pie=no
1669	fi
1670	if test "x$withval" = "xyes"; then
1671		use_pie=yes
1672	fi
1673    ]
1674)
1675if test "x$use_pie" = "x"; then
1676	use_pie=no
1677fi
1678if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1679	# Turn off automatic PIE when toolchain hardening is off.
1680	use_pie=no
1681fi
1682if test "x$use_pie" = "xauto"; then
1683	# Automatic PIE requires gcc >= 4.x
1684	AC_MSG_CHECKING([for gcc >= 4.x])
1685	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1686#if !defined(__GNUC__) || __GNUC__ < 4
1687#error gcc is too old
1688#endif
1689]])],
1690	[ AC_MSG_RESULT([yes]) ],
1691	[ AC_MSG_RESULT([no])
1692	  use_pie=no ]
1693)
1694fi
1695if test "x$use_pie" != "xno"; then
1696	SAVED_CFLAGS="$CFLAGS"
1697	SAVED_LDFLAGS="$LDFLAGS"
1698	OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1699	OSSH_CHECK_LDFLAG_LINK([-pie])
1700	# We use both -fPIE and -pie or neither.
1701	AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1702	if echo "x $CFLAGS"  | grep ' -fPIE' >/dev/null 2>&1 && \
1703	   echo "x $LDFLAGS" | grep ' -pie'  >/dev/null 2>&1 ; then
1704		AC_MSG_RESULT([yes])
1705	else
1706		AC_MSG_RESULT([no])
1707		CFLAGS="$SAVED_CFLAGS"
1708		LDFLAGS="$SAVED_LDFLAGS"
1709	fi
1710fi
1711
1712dnl    Checks for library functions. Please keep in alphabetical order
1713AC_CHECK_FUNCS([ \
1714	Blowfish_initstate \
1715	Blowfish_expandstate \
1716	Blowfish_expand0state \
1717	Blowfish_stream2word \
1718	asprintf \
1719	b64_ntop \
1720	__b64_ntop \
1721	b64_pton \
1722	__b64_pton \
1723	bcopy \
1724	bcrypt_pbkdf \
1725	bindresvport_sa \
1726	blf_enc \
1727	cap_rights_limit \
1728	clock \
1729	closefrom \
1730	dirfd \
1731	endgrent \
1732	explicit_bzero \
1733	fchmod \
1734	fchown \
1735	freeaddrinfo \
1736	fstatfs \
1737	fstatvfs \
1738	futimes \
1739	getaddrinfo \
1740	getcwd \
1741	getgrouplist \
1742	getnameinfo \
1743	getopt \
1744	getpeereid \
1745	getpeerucred \
1746	getpgid \
1747	getpgrp \
1748	_getpty \
1749	getrlimit \
1750	getttyent \
1751	glob \
1752	group_from_gid \
1753	inet_aton \
1754	inet_ntoa \
1755	inet_ntop \
1756	innetgr \
1757	login_getcapbool \
1758	mblen \
1759	md5_crypt \
1760	memmove \
1761	memset_s \
1762	mkdtemp \
1763	mmap \
1764	ngetaddrinfo \
1765	nsleep \
1766	ogetaddrinfo \
1767	openlog_r \
1768	pledge \
1769	poll \
1770	prctl \
1771	pstat \
1772	readpassphrase \
1773	reallocarray \
1774	recvmsg \
1775	rresvport_af \
1776	sendmsg \
1777	setdtablesize \
1778	setegid \
1779	setenv \
1780	seteuid \
1781	setgroupent \
1782	setgroups \
1783	setlinebuf \
1784	setlogin \
1785	setpassent\
1786	setpcred \
1787	setproctitle \
1788	setregid \
1789	setreuid \
1790	setrlimit \
1791	setsid \
1792	setvbuf \
1793	sigaction \
1794	sigvec \
1795	snprintf \
1796	socketpair \
1797	statfs \
1798	statvfs \
1799	strdup \
1800	strerror \
1801	strlcat \
1802	strlcpy \
1803	strmode \
1804	strnlen \
1805	strnvis \
1806	strptime \
1807	strtonum \
1808	strtoll \
1809	strtoul \
1810	strtoull \
1811	swap32 \
1812	sysconf \
1813	tcgetpgrp \
1814	timingsafe_bcmp \
1815	truncate \
1816	unsetenv \
1817	updwtmpx \
1818	user_from_uid \
1819	usleep \
1820	vasprintf \
1821	vsnprintf \
1822	waitpid \
1823])
1824
1825AC_LINK_IFELSE(
1826        [AC_LANG_PROGRAM(
1827           [[ #include <ctype.h> ]],
1828           [[ return (isblank('a')); ]])],
1829	[AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1830])
1831
1832# PKCS11 depends on OpenSSL.
1833if test "x$openssl" = "xyes" ; then
1834	# PKCS#11 support requires dlopen() and co
1835	AC_SEARCH_LIBS([dlopen], [dl],
1836	    [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1837	)
1838fi
1839
1840# IRIX has a const char return value for gai_strerror()
1841AC_CHECK_FUNCS([gai_strerror], [
1842	AC_DEFINE([HAVE_GAI_STRERROR])
1843	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1844#include <sys/types.h>
1845#include <sys/socket.h>
1846#include <netdb.h>
1847
1848const char *gai_strerror(int);
1849			]], [[
1850	char *str;
1851	str = gai_strerror(0);
1852			]])], [
1853		AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1854		[Define if gai_strerror() returns const char *])], [])])
1855
1856AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1857	[Some systems put nanosleep outside of libc])])
1858
1859AC_SEARCH_LIBS([clock_gettime], [rt],
1860	[AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1861
1862dnl Make sure prototypes are defined for these before using them.
1863AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1864AC_CHECK_DECL([strsep],
1865	[AC_CHECK_FUNCS([strsep])],
1866	[],
1867	[
1868#ifdef HAVE_STRING_H
1869# include <string.h>
1870#endif
1871	])
1872
1873dnl tcsendbreak might be a macro
1874AC_CHECK_DECL([tcsendbreak],
1875	[AC_DEFINE([HAVE_TCSENDBREAK])],
1876	[AC_CHECK_FUNCS([tcsendbreak])],
1877	[#include <termios.h>]
1878)
1879
1880AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1881
1882AC_CHECK_DECLS([SHUT_RD], , ,
1883	[
1884#include <sys/types.h>
1885#include <sys/socket.h>
1886	])
1887
1888AC_CHECK_DECLS([O_NONBLOCK], , ,
1889	[
1890#include <sys/types.h>
1891#ifdef HAVE_SYS_STAT_H
1892# include <sys/stat.h>
1893#endif
1894#ifdef HAVE_FCNTL_H
1895# include <fcntl.h>
1896#endif
1897	])
1898
1899AC_CHECK_DECLS([writev], , , [
1900#include <sys/types.h>
1901#include <sys/uio.h>
1902#include <unistd.h>
1903	])
1904
1905AC_CHECK_DECLS([MAXSYMLINKS], , , [
1906#include <sys/param.h>
1907	])
1908
1909AC_CHECK_DECLS([offsetof], , , [
1910#include <stddef.h>
1911	])
1912
1913# extra bits for select(2)
1914AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1915#include <sys/param.h>
1916#include <sys/types.h>
1917#ifdef HAVE_SYS_SYSMACROS_H
1918#include <sys/sysmacros.h>
1919#endif
1920#ifdef HAVE_SYS_SELECT_H
1921#include <sys/select.h>
1922#endif
1923#ifdef HAVE_SYS_TIME_H
1924#include <sys/time.h>
1925#endif
1926#ifdef HAVE_UNISTD_H
1927#include <unistd.h>
1928#endif
1929	]])
1930AC_CHECK_TYPES([fd_mask], [], [], [[
1931#include <sys/param.h>
1932#include <sys/types.h>
1933#ifdef HAVE_SYS_SELECT_H
1934#include <sys/select.h>
1935#endif
1936#ifdef HAVE_SYS_TIME_H
1937#include <sys/time.h>
1938#endif
1939#ifdef HAVE_UNISTD_H
1940#include <unistd.h>
1941#endif
1942	]])
1943
1944AC_CHECK_FUNCS([setresuid], [
1945	dnl Some platorms have setresuid that isn't implemented, test for this
1946	AC_MSG_CHECKING([if setresuid seems to work])
1947	AC_RUN_IFELSE(
1948		[AC_LANG_PROGRAM([[
1949#include <stdlib.h>
1950#include <errno.h>
1951		]], [[
1952	errno=0;
1953	setresuid(0,0,0);
1954	if (errno==ENOSYS)
1955		exit(1);
1956	else
1957		exit(0);
1958		]])],
1959		[AC_MSG_RESULT([yes])],
1960		[AC_DEFINE([BROKEN_SETRESUID], [1],
1961			[Define if your setresuid() is broken])
1962		 AC_MSG_RESULT([not implemented])],
1963		[AC_MSG_WARN([cross compiling: not checking setresuid])]
1964	)
1965])
1966
1967AC_CHECK_FUNCS([setresgid], [
1968	dnl Some platorms have setresgid that isn't implemented, test for this
1969	AC_MSG_CHECKING([if setresgid seems to work])
1970	AC_RUN_IFELSE(
1971		[AC_LANG_PROGRAM([[
1972#include <stdlib.h>
1973#include <errno.h>
1974		]], [[
1975	errno=0;
1976	setresgid(0,0,0);
1977	if (errno==ENOSYS)
1978		exit(1);
1979	else
1980		exit(0);
1981		]])],
1982		[AC_MSG_RESULT([yes])],
1983		[AC_DEFINE([BROKEN_SETRESGID], [1],
1984			[Define if your setresgid() is broken])
1985		 AC_MSG_RESULT([not implemented])],
1986		[AC_MSG_WARN([cross compiling: not checking setresuid])]
1987	)
1988])
1989
1990AC_CHECK_FUNCS([realpath], [
1991	dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
1992	dnl path name", however some implementations of realpath (and some
1993	dnl versions of the POSIX spec) do not work on non-existent files,
1994	dnl so we use the OpenBSD implementation on those platforms.
1995	AC_MSG_CHECKING([if realpath works with non-existent files])
1996	AC_RUN_IFELSE(
1997		[AC_LANG_PROGRAM([[
1998#include <limits.h>
1999#include <stdlib.h>
2000#include <errno.h>
2001		]], [[
2002		char buf[PATH_MAX];
2003		if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
2004			if (errno == ENOENT)
2005				exit(1);
2006		exit(0);
2007		]])],
2008		[AC_MSG_RESULT([yes])],
2009		[AC_DEFINE([BROKEN_REALPATH], [1],
2010			[realpath does not work with nonexistent files])
2011		 AC_MSG_RESULT([no])],
2012		[AC_MSG_WARN([cross compiling: assuming working])]
2013	)
2014])
2015
2016dnl    Checks for time functions
2017AC_CHECK_FUNCS([gettimeofday time])
2018dnl    Checks for utmp functions
2019AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2020AC_CHECK_FUNCS([utmpname])
2021dnl    Checks for utmpx functions
2022AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2023AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2024dnl    Checks for lastlog functions
2025AC_CHECK_FUNCS([getlastlogxbyname])
2026
2027AC_CHECK_FUNC([daemon],
2028	[AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2029	[AC_CHECK_LIB([bsd], [daemon],
2030		[LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2031)
2032
2033AC_CHECK_FUNC([getpagesize],
2034	[AC_DEFINE([HAVE_GETPAGESIZE], [1],
2035		[Define if your libraries define getpagesize()])],
2036	[AC_CHECK_LIB([ucb], [getpagesize],
2037		[LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2038)
2039
2040# Check for broken snprintf
2041if test "x$ac_cv_func_snprintf" = "xyes" ; then
2042	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2043	AC_RUN_IFELSE(
2044		[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2045		[[
2046	char b[5];
2047	snprintf(b,5,"123456789");
2048	exit(b[4]!='\0');
2049		]])],
2050		[AC_MSG_RESULT([yes])],
2051		[
2052			AC_MSG_RESULT([no])
2053			AC_DEFINE([BROKEN_SNPRINTF], [1],
2054				[Define if your snprintf is busted])
2055			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2056		],
2057		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2058	)
2059fi
2060
2061# We depend on vsnprintf returning the right thing on overflow: the
2062# number of characters it tried to create (as per SUSv3)
2063if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2064	AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2065	AC_RUN_IFELSE(
2066		[AC_LANG_PROGRAM([[
2067#include <sys/types.h>
2068#include <stdio.h>
2069#include <stdarg.h>
2070
2071int x_snprintf(char *str, size_t count, const char *fmt, ...)
2072{
2073	size_t ret;
2074	va_list ap;
2075
2076	va_start(ap, fmt);
2077	ret = vsnprintf(str, count, fmt, ap);
2078	va_end(ap);
2079	return ret;
2080}
2081		]], [[
2082char x[1];
2083if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2084	return 1;
2085if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2086	return 1;
2087return 0;
2088		]])],
2089		[AC_MSG_RESULT([yes])],
2090		[
2091			AC_MSG_RESULT([no])
2092			AC_DEFINE([BROKEN_SNPRINTF], [1],
2093				[Define if your snprintf is busted])
2094			AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2095		],
2096		[ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2097	)
2098fi
2099
2100# On systems where [v]snprintf is broken, but is declared in stdio,
2101# check that the fmt argument is const char * or just char *.
2102# This is only useful for when BROKEN_SNPRINTF
2103AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2104AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2105#include <stdio.h>
2106int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2107		]], [[
2108	snprintf(0, 0, 0);
2109		]])],
2110   [AC_MSG_RESULT([yes])
2111    AC_DEFINE([SNPRINTF_CONST], [const],
2112              [Define as const if snprintf() can declare const char *fmt])],
2113   [AC_MSG_RESULT([no])
2114    AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2115
2116# Check for missing getpeereid (or equiv) support
2117NO_PEERCHECK=""
2118if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2119	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2120	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2121#include <sys/types.h>
2122#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2123		[ AC_MSG_RESULT([yes])
2124		  AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2125		], [AC_MSG_RESULT([no])
2126		NO_PEERCHECK=1
2127        ])
2128fi
2129
2130dnl see whether mkstemp() requires XXXXXX
2131if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2132AC_MSG_CHECKING([for (overly) strict mkstemp])
2133AC_RUN_IFELSE(
2134	[AC_LANG_PROGRAM([[
2135#include <stdlib.h>
2136	]], [[
2137	char template[]="conftest.mkstemp-test";
2138	if (mkstemp(template) == -1)
2139		exit(1);
2140	unlink(template);
2141	exit(0);
2142	]])],
2143	[
2144		AC_MSG_RESULT([no])
2145	],
2146	[
2147		AC_MSG_RESULT([yes])
2148		AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2149	],
2150	[
2151		AC_MSG_RESULT([yes])
2152		AC_DEFINE([HAVE_STRICT_MKSTEMP])
2153	]
2154)
2155fi
2156
2157dnl make sure that openpty does not reacquire controlling terminal
2158if test ! -z "$check_for_openpty_ctty_bug"; then
2159	AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2160	AC_RUN_IFELSE(
2161		[AC_LANG_PROGRAM([[
2162#include <stdio.h>
2163#include <sys/fcntl.h>
2164#include <sys/types.h>
2165#include <sys/wait.h>
2166		]], [[
2167	pid_t pid;
2168	int fd, ptyfd, ttyfd, status;
2169
2170	pid = fork();
2171	if (pid < 0) {		/* failed */
2172		exit(1);
2173	} else if (pid > 0) {	/* parent */
2174		waitpid(pid, &status, 0);
2175		if (WIFEXITED(status))
2176			exit(WEXITSTATUS(status));
2177		else
2178			exit(2);
2179	} else {		/* child */
2180		close(0); close(1); close(2);
2181		setsid();
2182		openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2183		fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2184		if (fd >= 0)
2185			exit(3);	/* Acquired ctty: broken */
2186		else
2187			exit(0);	/* Did not acquire ctty: OK */
2188	}
2189		]])],
2190		[
2191			AC_MSG_RESULT([yes])
2192		],
2193		[
2194			AC_MSG_RESULT([no])
2195			AC_DEFINE([SSHD_ACQUIRES_CTTY])
2196		],
2197		[
2198			AC_MSG_RESULT([cross-compiling, assuming yes])
2199		]
2200	)
2201fi
2202
2203if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2204    test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2205	AC_MSG_CHECKING([if getaddrinfo seems to work])
2206	AC_RUN_IFELSE(
2207		[AC_LANG_PROGRAM([[
2208#include <stdio.h>
2209#include <sys/socket.h>
2210#include <netdb.h>
2211#include <errno.h>
2212#include <netinet/in.h>
2213
2214#define TEST_PORT "2222"
2215		]], [[
2216	int err, sock;
2217	struct addrinfo *gai_ai, *ai, hints;
2218	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2219
2220	memset(&hints, 0, sizeof(hints));
2221	hints.ai_family = PF_UNSPEC;
2222	hints.ai_socktype = SOCK_STREAM;
2223	hints.ai_flags = AI_PASSIVE;
2224
2225	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2226	if (err != 0) {
2227		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2228		exit(1);
2229	}
2230
2231	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2232		if (ai->ai_family != AF_INET6)
2233			continue;
2234
2235		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2236		    sizeof(ntop), strport, sizeof(strport),
2237		    NI_NUMERICHOST|NI_NUMERICSERV);
2238
2239		if (err != 0) {
2240			if (err == EAI_SYSTEM)
2241				perror("getnameinfo EAI_SYSTEM");
2242			else
2243				fprintf(stderr, "getnameinfo failed: %s\n",
2244				    gai_strerror(err));
2245			exit(2);
2246		}
2247
2248		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2249		if (sock < 0)
2250			perror("socket");
2251		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2252			if (errno == EBADF)
2253				exit(3);
2254		}
2255	}
2256	exit(0);
2257		]])],
2258		[
2259			AC_MSG_RESULT([yes])
2260		],
2261		[
2262			AC_MSG_RESULT([no])
2263			AC_DEFINE([BROKEN_GETADDRINFO])
2264		],
2265		[
2266			AC_MSG_RESULT([cross-compiling, assuming yes])
2267		]
2268	)
2269fi
2270
2271if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2272    test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2273	AC_MSG_CHECKING([if getaddrinfo seems to work])
2274	AC_RUN_IFELSE(
2275		[AC_LANG_PROGRAM([[
2276#include <stdio.h>
2277#include <sys/socket.h>
2278#include <netdb.h>
2279#include <errno.h>
2280#include <netinet/in.h>
2281
2282#define TEST_PORT "2222"
2283		]], [[
2284	int err, sock;
2285	struct addrinfo *gai_ai, *ai, hints;
2286	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2287
2288	memset(&hints, 0, sizeof(hints));
2289	hints.ai_family = PF_UNSPEC;
2290	hints.ai_socktype = SOCK_STREAM;
2291	hints.ai_flags = AI_PASSIVE;
2292
2293	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2294	if (err != 0) {
2295		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2296		exit(1);
2297	}
2298
2299	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2300		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2301			continue;
2302
2303		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2304		    sizeof(ntop), strport, sizeof(strport),
2305		    NI_NUMERICHOST|NI_NUMERICSERV);
2306
2307		if (ai->ai_family == AF_INET && err != 0) {
2308			perror("getnameinfo");
2309			exit(2);
2310		}
2311	}
2312	exit(0);
2313		]])],
2314		[
2315			AC_MSG_RESULT([yes])
2316			AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2317				[Define if you have a getaddrinfo that fails
2318				for the all-zeros IPv6 address])
2319		],
2320		[
2321			AC_MSG_RESULT([no])
2322			AC_DEFINE([BROKEN_GETADDRINFO])
2323		],
2324		[
2325			AC_MSG_RESULT([cross-compiling, assuming no])
2326		]
2327	)
2328fi
2329
2330if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2331	AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2332	    [#include <sys/types.h>
2333	     #include <sys/socket.h>
2334	     #include <netdb.h>])
2335fi
2336
2337if test "x$check_for_conflicting_getspnam" = "x1"; then
2338	AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2339	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2340		[[ exit(0); ]])],
2341		[
2342			AC_MSG_RESULT([no])
2343		],
2344		[
2345			AC_MSG_RESULT([yes])
2346			AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2347			    [Conflicting defs for getspnam])
2348		]
2349	)
2350fi
2351
2352AC_FUNC_GETPGRP
2353
2354# Search for OpenSSL
2355saved_CPPFLAGS="$CPPFLAGS"
2356saved_LDFLAGS="$LDFLAGS"
2357AC_ARG_WITH([ssl-dir],
2358	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
2359	[
2360		if test "x$openssl" = "xno" ; then
2361			AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2362		fi
2363		if test "x$withval" != "xno" ; then
2364			case "$withval" in
2365				# Relative paths
2366				./*|../*)	withval="`pwd`/$withval"
2367			esac
2368			if test -d "$withval/lib"; then
2369				if test -n "${need_dash_r}"; then
2370					LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2371				else
2372					LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2373				fi
2374			elif test -d "$withval/lib64"; then
2375				if test -n "${need_dash_r}"; then
2376					LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2377				else
2378					LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2379				fi
2380			else
2381				if test -n "${need_dash_r}"; then
2382					LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2383				else
2384					LDFLAGS="-L${withval} ${LDFLAGS}"
2385				fi
2386			fi
2387			if test -d "$withval/include"; then
2388				CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2389			else
2390				CPPFLAGS="-I${withval} ${CPPFLAGS}"
2391			fi
2392		fi
2393	]
2394)
2395
2396AC_ARG_WITH([openssl-header-check],
2397	[  --without-openssl-header-check Disable OpenSSL version consistency check],
2398	[
2399		if test "x$withval" = "xno" ; then
2400			openssl_check_nonfatal=1
2401		fi
2402	]
2403)
2404
2405openssl_engine=no
2406AC_ARG_WITH([ssl-engine],
2407	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
2408	[
2409		if test "x$withval" != "xno" ; then
2410			if test "x$openssl" = "xno" ; then
2411				AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2412			fi
2413			openssl_engine=yes
2414		fi
2415	]
2416)
2417
2418if test "x$openssl" = "xyes" ; then
2419	LIBS="-lcrypto $LIBS"
2420	AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2421		[Define if your ssl headers are included
2422		with #include <openssl/header.h>])],
2423		[
2424			dnl Check default openssl install dir
2425			if test -n "${need_dash_r}"; then
2426				LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2427			else
2428				LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2429			fi
2430			CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2431			AC_CHECK_HEADER([openssl/opensslv.h], ,
2432			    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2433			AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2434				[
2435					AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2436				]
2437			)
2438		]
2439	)
2440
2441	# Determine OpenSSL header version
2442	AC_MSG_CHECKING([OpenSSL header version])
2443	AC_RUN_IFELSE(
2444		[AC_LANG_PROGRAM([[
2445	#include <stdlib.h>
2446	#include <stdio.h>
2447	#include <string.h>
2448	#include <openssl/opensslv.h>
2449	#define DATA "conftest.sslincver"
2450		]], [[
2451		FILE *fd;
2452		int rc;
2453
2454		fd = fopen(DATA,"w");
2455		if(fd == NULL)
2456			exit(1);
2457
2458		if ((rc = fprintf(fd ,"%08lx (%s)\n",
2459		    (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2460			exit(1);
2461
2462		exit(0);
2463		]])],
2464		[
2465			ssl_header_ver=`cat conftest.sslincver`
2466			AC_MSG_RESULT([$ssl_header_ver])
2467		],
2468		[
2469			AC_MSG_RESULT([not found])
2470			AC_MSG_ERROR([OpenSSL version header not found.])
2471		],
2472		[
2473			AC_MSG_WARN([cross compiling: not checking])
2474		]
2475	)
2476
2477	# Determine OpenSSL library version
2478	AC_MSG_CHECKING([OpenSSL library version])
2479	AC_RUN_IFELSE(
2480		[AC_LANG_PROGRAM([[
2481	#include <stdio.h>
2482	#include <string.h>
2483	#include <openssl/opensslv.h>
2484	#include <openssl/crypto.h>
2485	#define DATA "conftest.ssllibver"
2486		]], [[
2487		FILE *fd;
2488		int rc;
2489
2490		fd = fopen(DATA,"w");
2491		if(fd == NULL)
2492			exit(1);
2493
2494		if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(),
2495		    SSLeay_version(SSLEAY_VERSION))) <0)
2496			exit(1);
2497
2498		exit(0);
2499		]])],
2500		[
2501			ssl_library_ver=`cat conftest.ssllibver`
2502			# Check version is supported.
2503			case "$ssl_library_ver" in
2504				0090[[0-7]]*|009080[[0-5]]*)
2505					AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")])
2506			                ;;
2507			        *) ;;
2508			esac
2509			AC_MSG_RESULT([$ssl_library_ver])
2510		],
2511		[
2512			AC_MSG_RESULT([not found])
2513			AC_MSG_ERROR([OpenSSL library not found.])
2514		],
2515		[
2516			AC_MSG_WARN([cross compiling: not checking])
2517		]
2518	)
2519
2520	# Sanity check OpenSSL headers
2521	AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2522	AC_RUN_IFELSE(
2523		[AC_LANG_PROGRAM([[
2524	#include <string.h>
2525	#include <openssl/opensslv.h>
2526	#include <openssl/crypto.h>
2527		]], [[
2528		exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2529		]])],
2530		[
2531			AC_MSG_RESULT([yes])
2532		],
2533		[
2534			AC_MSG_RESULT([no])
2535			if test "x$openssl_check_nonfatal" = "x"; then
2536				AC_MSG_ERROR([Your OpenSSL headers do not match your
2537	library. Check config.log for details.
2538	If you are sure your installation is consistent, you can disable the check
2539	by running "./configure --without-openssl-header-check".
2540	Also see contrib/findssl.sh for help identifying header/library mismatches.
2541	])
2542			else
2543				AC_MSG_WARN([Your OpenSSL headers do not match your
2544	library. Check config.log for details.
2545	Also see contrib/findssl.sh for help identifying header/library mismatches.])
2546			fi
2547		],
2548		[
2549			AC_MSG_WARN([cross compiling: not checking])
2550		]
2551	)
2552
2553	AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2554	AC_LINK_IFELSE(
2555		[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2556		[[ SSLeay_add_all_algorithms(); ]])],
2557		[
2558			AC_MSG_RESULT([yes])
2559		],
2560		[
2561			AC_MSG_RESULT([no])
2562			saved_LIBS="$LIBS"
2563			LIBS="$LIBS -ldl"
2564			AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2565			AC_LINK_IFELSE(
2566				[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2567				[[ SSLeay_add_all_algorithms(); ]])],
2568				[
2569					AC_MSG_RESULT([yes])
2570				],
2571				[
2572					AC_MSG_RESULT([no])
2573					LIBS="$saved_LIBS"
2574				]
2575			)
2576		]
2577	)
2578
2579	AC_CHECK_FUNCS([ \
2580		BN_is_prime_ex \
2581		DSA_generate_parameters_ex \
2582		EVP_DigestInit_ex \
2583		EVP_DigestFinal_ex \
2584		EVP_MD_CTX_init \
2585		EVP_MD_CTX_cleanup \
2586		EVP_MD_CTX_copy_ex \
2587		HMAC_CTX_init \
2588		RSA_generate_key_ex \
2589		RSA_get_default_method \
2590	])
2591
2592	if test "x$openssl_engine" = "xyes" ; then
2593		AC_MSG_CHECKING([for OpenSSL ENGINE support])
2594		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2595	#include <openssl/engine.h>
2596			]], [[
2597				ENGINE_load_builtin_engines();
2598				ENGINE_register_all_complete();
2599			]])],
2600			[ AC_MSG_RESULT([yes])
2601			  AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2602			     [Enable OpenSSL engine support])
2603			], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2604		])
2605	fi
2606
2607	# Check for OpenSSL without EVP_aes_{192,256}_cbc
2608	AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2609	AC_LINK_IFELSE(
2610		[AC_LANG_PROGRAM([[
2611	#include <string.h>
2612	#include <openssl/evp.h>
2613		]], [[
2614		exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2615		]])],
2616		[
2617			AC_MSG_RESULT([no])
2618		],
2619		[
2620			AC_MSG_RESULT([yes])
2621			AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2622			    [libcrypto is missing AES 192 and 256 bit functions])
2623		]
2624	)
2625
2626	# Check for OpenSSL with EVP_aes_*ctr
2627	AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2628	AC_LINK_IFELSE(
2629		[AC_LANG_PROGRAM([[
2630	#include <string.h>
2631	#include <openssl/evp.h>
2632		]], [[
2633		exit(EVP_aes_128_ctr() == NULL ||
2634		    EVP_aes_192_cbc() == NULL ||
2635		    EVP_aes_256_cbc() == NULL);
2636		]])],
2637		[
2638			AC_MSG_RESULT([yes])
2639			AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2640			    [libcrypto has EVP AES CTR])
2641		],
2642		[
2643			AC_MSG_RESULT([no])
2644		]
2645	)
2646
2647	# Check for OpenSSL with EVP_aes_*gcm
2648	AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2649	AC_LINK_IFELSE(
2650		[AC_LANG_PROGRAM([[
2651	#include <string.h>
2652	#include <openssl/evp.h>
2653		]], [[
2654		exit(EVP_aes_128_gcm() == NULL ||
2655		    EVP_aes_256_gcm() == NULL ||
2656		    EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2657		    EVP_CTRL_GCM_IV_GEN == 0 ||
2658		    EVP_CTRL_GCM_SET_TAG == 0 ||
2659		    EVP_CTRL_GCM_GET_TAG == 0 ||
2660		    EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2661		]])],
2662		[
2663			AC_MSG_RESULT([yes])
2664			AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2665			    [libcrypto has EVP AES GCM])
2666		],
2667		[
2668			AC_MSG_RESULT([no])
2669			unsupported_algorithms="$unsupported_cipers \
2670			   aes128-gcm@openssh.com aes256-gcm@openssh.com"
2671		]
2672	)
2673
2674	AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2675		[AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2676		    [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2677
2678	AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2679	AC_LINK_IFELSE(
2680		[AC_LANG_PROGRAM([[
2681	#include <string.h>
2682	#include <openssl/evp.h>
2683		]], [[
2684		if(EVP_DigestUpdate(NULL, NULL,0))
2685			exit(0);
2686		]])],
2687		[
2688			AC_MSG_RESULT([yes])
2689		],
2690		[
2691			AC_MSG_RESULT([no])
2692			AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2693			    [Define if EVP_DigestUpdate returns void])
2694		]
2695	)
2696
2697	# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2698	# because the system crypt() is more featureful.
2699	if test "x$check_for_libcrypt_before" = "x1"; then
2700		AC_CHECK_LIB([crypt], [crypt])
2701	fi
2702
2703	# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2704	# version in OpenSSL.
2705	if test "x$check_for_libcrypt_later" = "x1"; then
2706		AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2707	fi
2708	AC_CHECK_FUNCS([crypt DES_crypt])
2709
2710	# Search for SHA256 support in libc and/or OpenSSL
2711	AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2712	    [unsupported_algorithms="$unsupported_algorithms \
2713		hmac-sha2-256 hmac-sha2-512 \
2714		diffie-hellman-group-exchange-sha256 \
2715		hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
2716	     ]
2717	)
2718	# Search for RIPE-MD support in OpenSSL
2719	AC_CHECK_FUNCS([EVP_ripemd160], ,
2720	    [unsupported_algorithms="$unsupported_algorithms \
2721		hmac-ripemd160
2722		hmac-ripemd160@openssh.com
2723		hmac-ripemd160-etm@openssh.com"
2724	     ]
2725	)
2726
2727	# Check complete ECC support in OpenSSL
2728	AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2729	AC_LINK_IFELSE(
2730		[AC_LANG_PROGRAM([[
2731	#include <openssl/ec.h>
2732	#include <openssl/ecdh.h>
2733	#include <openssl/ecdsa.h>
2734	#include <openssl/evp.h>
2735	#include <openssl/objects.h>
2736	#include <openssl/opensslv.h>
2737	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2738	# error "OpenSSL < 0.9.8g has unreliable ECC code"
2739	#endif
2740		]], [[
2741		EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2742		const EVP_MD *m = EVP_sha256(); /* We need this too */
2743		]])],
2744		[ AC_MSG_RESULT([yes])
2745		  enable_nistp256=1 ],
2746		[ AC_MSG_RESULT([no]) ]
2747	)
2748
2749	AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2750	AC_LINK_IFELSE(
2751		[AC_LANG_PROGRAM([[
2752	#include <openssl/ec.h>
2753	#include <openssl/ecdh.h>
2754	#include <openssl/ecdsa.h>
2755	#include <openssl/evp.h>
2756	#include <openssl/objects.h>
2757	#include <openssl/opensslv.h>
2758	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2759	# error "OpenSSL < 0.9.8g has unreliable ECC code"
2760	#endif
2761		]], [[
2762		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2763		const EVP_MD *m = EVP_sha384(); /* We need this too */
2764		]])],
2765		[ AC_MSG_RESULT([yes])
2766		  enable_nistp384=1 ],
2767		[ AC_MSG_RESULT([no]) ]
2768	)
2769
2770	AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2771	AC_LINK_IFELSE(
2772		[AC_LANG_PROGRAM([[
2773	#include <openssl/ec.h>
2774	#include <openssl/ecdh.h>
2775	#include <openssl/ecdsa.h>
2776	#include <openssl/evp.h>
2777	#include <openssl/objects.h>
2778	#include <openssl/opensslv.h>
2779	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2780	# error "OpenSSL < 0.9.8g has unreliable ECC code"
2781	#endif
2782		]], [[
2783		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2784		const EVP_MD *m = EVP_sha512(); /* We need this too */
2785		]])],
2786		[ AC_MSG_RESULT([yes])
2787		  AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2788		  AC_RUN_IFELSE(
2789			[AC_LANG_PROGRAM([[
2790	#include <openssl/ec.h>
2791	#include <openssl/ecdh.h>
2792	#include <openssl/ecdsa.h>
2793	#include <openssl/evp.h>
2794	#include <openssl/objects.h>
2795	#include <openssl/opensslv.h>
2796			]],[[
2797			EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2798			const EVP_MD *m = EVP_sha512(); /* We need this too */
2799			exit(e == NULL || m == NULL);
2800			]])],
2801			[ AC_MSG_RESULT([yes])
2802			  enable_nistp521=1 ],
2803			[ AC_MSG_RESULT([no]) ],
2804			[ AC_MSG_WARN([cross-compiling: assuming yes])
2805			  enable_nistp521=1 ]
2806		  )],
2807		AC_MSG_RESULT([no])
2808	)
2809
2810	COMMENT_OUT_ECC="#no ecc#"
2811	TEST_SSH_ECC=no
2812
2813	if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2814	    test x$enable_nistp521 = x1; then
2815		AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2816	fi
2817	if test x$enable_nistp256 = x1; then
2818		AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2819		    [libcrypto has NID_X9_62_prime256v1])
2820		TEST_SSH_ECC=yes
2821		COMMENT_OUT_ECC=""
2822	else
2823		unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \
2824		    ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2825	fi
2826	if test x$enable_nistp384 = x1; then
2827		AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2828		TEST_SSH_ECC=yes
2829		COMMENT_OUT_ECC=""
2830	else
2831		unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \
2832		    ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2833	fi
2834	if test x$enable_nistp521 = x1; then
2835		AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2836		TEST_SSH_ECC=yes
2837		COMMENT_OUT_ECC=""
2838	else
2839		unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \
2840		    ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2841	fi
2842
2843	AC_SUBST([TEST_SSH_ECC])
2844	AC_SUBST([COMMENT_OUT_ECC])
2845else
2846	AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2847	AC_CHECK_FUNCS([crypt])
2848fi
2849
2850AC_CHECK_FUNCS([ \
2851	arc4random \
2852	arc4random_buf \
2853	arc4random_stir \
2854	arc4random_uniform \
2855])
2856
2857saved_LIBS="$LIBS"
2858AC_CHECK_LIB([iaf], [ia_openinfo], [
2859	LIBS="$LIBS -liaf"
2860	AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2861				AC_DEFINE([HAVE_LIBIAF], [1],
2862        		[Define if system has libiaf that supports set_id])
2863				])
2864])
2865LIBS="$saved_LIBS"
2866
2867### Configure cryptographic random number support
2868
2869# Check wheter OpenSSL seeds itself
2870if test "x$openssl" = "xyes" ; then
2871	AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2872	AC_RUN_IFELSE(
2873		[AC_LANG_PROGRAM([[
2874	#include <string.h>
2875	#include <openssl/rand.h>
2876		]], [[
2877		exit(RAND_status() == 1 ? 0 : 1);
2878		]])],
2879		[
2880			OPENSSL_SEEDS_ITSELF=yes
2881			AC_MSG_RESULT([yes])
2882		],
2883		[
2884			AC_MSG_RESULT([no])
2885		],
2886		[
2887			AC_MSG_WARN([cross compiling: assuming yes])
2888			# This is safe, since we will fatal() at runtime if
2889			# OpenSSL is not seeded correctly.
2890			OPENSSL_SEEDS_ITSELF=yes
2891		]
2892	)
2893fi
2894
2895# PRNGD TCP socket
2896AC_ARG_WITH([prngd-port],
2897	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
2898	[
2899		case "$withval" in
2900		no)
2901			withval=""
2902			;;
2903		[[0-9]]*)
2904			;;
2905		*)
2906			AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2907			;;
2908		esac
2909		if test ! -z "$withval" ; then
2910			PRNGD_PORT="$withval"
2911			AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2912				[Port number of PRNGD/EGD random number socket])
2913		fi
2914	]
2915)
2916
2917# PRNGD Unix domain socket
2918AC_ARG_WITH([prngd-socket],
2919	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2920	[
2921		case "$withval" in
2922		yes)
2923			withval="/var/run/egd-pool"
2924			;;
2925		no)
2926			withval=""
2927			;;
2928		/*)
2929			;;
2930		*)
2931			AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2932			;;
2933		esac
2934
2935		if test ! -z "$withval" ; then
2936			if test ! -z "$PRNGD_PORT" ; then
2937				AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2938			fi
2939			if test ! -r "$withval" ; then
2940				AC_MSG_WARN([Entropy socket is not readable])
2941			fi
2942			PRNGD_SOCKET="$withval"
2943			AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2944				[Location of PRNGD/EGD random number socket])
2945		fi
2946	],
2947	[
2948		# Check for existing socket only if we don't have a random device already
2949		if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2950			AC_MSG_CHECKING([for PRNGD/EGD socket])
2951			# Insert other locations here
2952			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2953				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2954					PRNGD_SOCKET="$sock"
2955					AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2956					break;
2957				fi
2958			done
2959			if test ! -z "$PRNGD_SOCKET" ; then
2960				AC_MSG_RESULT([$PRNGD_SOCKET])
2961			else
2962				AC_MSG_RESULT([not found])
2963			fi
2964		fi
2965	]
2966)
2967
2968# Which randomness source do we use?
2969if test ! -z "$PRNGD_PORT" ; then
2970	RAND_MSG="PRNGd port $PRNGD_PORT"
2971elif test ! -z "$PRNGD_SOCKET" ; then
2972	RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2973elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2974	AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2975		[Define if you want the OpenSSL internally seeded PRNG only])
2976	RAND_MSG="OpenSSL internal ONLY"
2977elif test "x$openssl" = "xno" ; then
2978	AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
2979else
2980	AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2981fi
2982
2983# Check for PAM libs
2984PAM_MSG="no"
2985AC_ARG_WITH([pam],
2986	[  --with-pam              Enable PAM support ],
2987	[
2988		if test "x$withval" != "xno" ; then
2989			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2990			   test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2991				AC_MSG_ERROR([PAM headers not found])
2992			fi
2993
2994			saved_LIBS="$LIBS"
2995			AC_CHECK_LIB([dl], [dlopen], , )
2996			AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2997			AC_CHECK_FUNCS([pam_getenvlist])
2998			AC_CHECK_FUNCS([pam_putenv])
2999			LIBS="$saved_LIBS"
3000
3001			PAM_MSG="yes"
3002
3003			SSHDLIBS="$SSHDLIBS -lpam"
3004			AC_DEFINE([USE_PAM], [1],
3005				[Define if you want to enable PAM support])
3006
3007			if test $ac_cv_lib_dl_dlopen = yes; then
3008				case "$LIBS" in
3009				*-ldl*)
3010					# libdl already in LIBS
3011					;;
3012				*)
3013					SSHDLIBS="$SSHDLIBS -ldl"
3014					;;
3015				esac
3016			fi
3017		fi
3018	]
3019)
3020
3021# Check for older PAM
3022if test "x$PAM_MSG" = "xyes" ; then
3023	# Check PAM strerror arguments (old PAM)
3024	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3025	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3026#include <stdlib.h>
3027#if defined(HAVE_SECURITY_PAM_APPL_H)
3028#include <security/pam_appl.h>
3029#elif defined (HAVE_PAM_PAM_APPL_H)
3030#include <pam/pam_appl.h>
3031#endif
3032		]], [[
3033(void)pam_strerror((pam_handle_t *)NULL, -1);
3034		]])], [AC_MSG_RESULT([no])], [
3035			AC_DEFINE([HAVE_OLD_PAM], [1],
3036				[Define if you have an old version of PAM
3037				which takes only one argument to pam_strerror])
3038			AC_MSG_RESULT([yes])
3039			PAM_MSG="yes (old library)"
3040
3041	])
3042fi
3043
3044case "$host" in
3045*-*-cygwin*)
3046	SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3047	;;
3048*)
3049	SSH_PRIVSEP_USER=sshd
3050	;;
3051esac
3052AC_ARG_WITH([privsep-user],
3053	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
3054	[
3055		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3056		    test "x${withval}" != "xyes"; then
3057			SSH_PRIVSEP_USER=$withval
3058		fi
3059	]
3060)
3061if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3062	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3063		[Cygwin function to fetch non-privileged user for privilege separation])
3064else
3065	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3066		[non-privileged user for privilege separation])
3067fi
3068AC_SUBST([SSH_PRIVSEP_USER])
3069
3070if test "x$have_linux_no_new_privs" = "x1" ; then
3071AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3072	#include <sys/types.h>
3073	#include <linux/seccomp.h>
3074])
3075fi
3076if test "x$have_seccomp_filter" = "x1" ; then
3077AC_MSG_CHECKING([kernel for seccomp_filter support])
3078AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3079		#include <errno.h>
3080		#include <elf.h>
3081		#include <linux/audit.h>
3082		#include <linux/seccomp.h>
3083		#include <stdlib.h>
3084		#include <sys/prctl.h>
3085	]],
3086	[[ int i = $seccomp_audit_arch;
3087	   errno = 0;
3088	   prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3089	   exit(errno == EFAULT ? 0 : 1); ]])],
3090	[ AC_MSG_RESULT([yes]) ], [
3091		AC_MSG_RESULT([no])
3092		# Disable seccomp filter as a target
3093		have_seccomp_filter=0
3094	]
3095)
3096fi
3097
3098# Decide which sandbox style to use
3099sandbox_arg=""
3100AC_ARG_WITH([sandbox],
3101	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3102	[
3103		if test "x$withval" = "xyes" ; then
3104			sandbox_arg=""
3105		else
3106			sandbox_arg="$withval"
3107		fi
3108	]
3109)
3110
3111# Some platforms (seems to be the ones that have a kernel poll(2)-type
3112# function with which they implement select(2)) use an extra file descriptor
3113# when calling select(2), which means we can't use the rlimit sandbox.
3114AC_MSG_CHECKING([if select works with descriptor rlimit])
3115AC_RUN_IFELSE(
3116	[AC_LANG_PROGRAM([[
3117#include <sys/types.h>
3118#ifdef HAVE_SYS_TIME_H
3119# include <sys/time.h>
3120#endif
3121#include <sys/resource.h>
3122#ifdef HAVE_SYS_SELECT_H
3123# include <sys/select.h>
3124#endif
3125#include <errno.h>
3126#include <fcntl.h>
3127#include <stdlib.h>
3128	]],[[
3129	struct rlimit rl_zero;
3130	int fd, r;
3131	fd_set fds;
3132	struct timeval tv;
3133
3134	fd = open("/dev/null", O_RDONLY);
3135	FD_ZERO(&fds);
3136	FD_SET(fd, &fds);
3137	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3138	setrlimit(RLIMIT_FSIZE, &rl_zero);
3139	setrlimit(RLIMIT_NOFILE, &rl_zero);
3140	tv.tv_sec = 1;
3141	tv.tv_usec = 0;
3142	r = select(fd+1, &fds, NULL, NULL, &tv);
3143	exit (r == -1 ? 1 : 0);
3144	]])],
3145	[AC_MSG_RESULT([yes])
3146	 select_works_with_rlimit=yes],
3147	[AC_MSG_RESULT([no])
3148	 select_works_with_rlimit=no],
3149	[AC_MSG_WARN([cross compiling: assuming yes])]
3150)
3151
3152AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3153AC_RUN_IFELSE(
3154	[AC_LANG_PROGRAM([[
3155#include <sys/types.h>
3156#ifdef HAVE_SYS_TIME_H
3157# include <sys/time.h>
3158#endif
3159#include <sys/resource.h>
3160#include <errno.h>
3161#include <stdlib.h>
3162	]],[[
3163	struct rlimit rl_zero;
3164	int fd, r;
3165	fd_set fds;
3166
3167	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3168	r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3169	exit (r == -1 ? 1 : 0);
3170	]])],
3171	[AC_MSG_RESULT([yes])
3172	 rlimit_nofile_zero_works=yes],
3173	[AC_MSG_RESULT([no])
3174	 rlimit_nofile_zero_works=no],
3175	[AC_MSG_WARN([cross compiling: assuming yes])]
3176)
3177
3178AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3179AC_RUN_IFELSE(
3180	[AC_LANG_PROGRAM([[
3181#include <sys/types.h>
3182#include <sys/resource.h>
3183#include <stdlib.h>
3184	]],[[
3185		struct rlimit rl_zero;
3186
3187		rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3188		exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3189	]])],
3190	[AC_MSG_RESULT([yes])],
3191	[AC_MSG_RESULT([no])
3192	 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3193	    [setrlimit RLIMIT_FSIZE works])],
3194	[AC_MSG_WARN([cross compiling: assuming yes])]
3195)
3196
3197if test "x$sandbox_arg" = "xpledge" || \
3198   ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3199	test "x$ac_cv_func_pledge" != "xyes" && \
3200		AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3201	SANDBOX_STYLE="pledge"
3202	AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3203elif test "x$sandbox_arg" = "xsystrace" || \
3204   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3205	test "x$have_systr_policy_kill" != "x1" && \
3206		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3207	SANDBOX_STYLE="systrace"
3208	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3209elif test "x$sandbox_arg" = "xdarwin" || \
3210     ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3211       test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3212	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3213	     "x$ac_cv_header_sandbox_h" != "xyes" && \
3214		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3215	SANDBOX_STYLE="darwin"
3216	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3217elif test "x$sandbox_arg" = "xseccomp_filter" || \
3218     ( test -z "$sandbox_arg" && \
3219       test "x$have_seccomp_filter" = "x1" && \
3220       test "x$ac_cv_header_elf_h" = "xyes" && \
3221       test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3222       test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3223       test "x$seccomp_audit_arch" != "x" && \
3224       test "x$have_linux_no_new_privs" = "x1" && \
3225       test "x$ac_cv_func_prctl" = "xyes" ) ; then
3226	test "x$seccomp_audit_arch" = "x" && \
3227		AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3228	test "x$have_linux_no_new_privs" != "x1" && \
3229		AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3230	test "x$have_seccomp_filter" != "x1" && \
3231		AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3232	test "x$ac_cv_func_prctl" != "xyes" && \
3233		AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3234	SANDBOX_STYLE="seccomp_filter"
3235	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3236elif test "x$sandbox_arg" = "xcapsicum" || \
3237     ( test -z "$sandbox_arg" && \
3238       test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3239       test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3240       test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3241		AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3242       test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3243		AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3244       SANDBOX_STYLE="capsicum"
3245       AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3246elif test "x$sandbox_arg" = "xrlimit" || \
3247     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3248       test "x$select_works_with_rlimit" = "xyes" && \
3249       test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3250	test "x$ac_cv_func_setrlimit" != "xyes" && \
3251		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3252	test "x$select_works_with_rlimit" != "xyes" && \
3253		AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3254	SANDBOX_STYLE="rlimit"
3255	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3256elif test "x$sandbox_arg" = "xsolaris" || \
3257   ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3258	SANDBOX_STYLE="solaris"
3259	AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3260elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3261     test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3262	SANDBOX_STYLE="none"
3263	AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3264else
3265	AC_MSG_ERROR([unsupported --with-sandbox])
3266fi
3267
3268# Cheap hack to ensure NEWS-OS libraries are arranged right.
3269if test ! -z "$SONY" ; then
3270  LIBS="$LIBS -liberty";
3271fi
3272
3273# Check for  long long datatypes
3274AC_CHECK_TYPES([long long, unsigned long long, long double])
3275
3276# Check datatype sizes
3277AC_CHECK_SIZEOF([short int], [2])
3278AC_CHECK_SIZEOF([int], [4])
3279AC_CHECK_SIZEOF([long int], [4])
3280AC_CHECK_SIZEOF([long long int], [8])
3281
3282# Sanity check long long for some platforms (AIX)
3283if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3284	ac_cv_sizeof_long_long_int=0
3285fi
3286
3287# compute LLONG_MIN and LLONG_MAX if we don't know them.
3288if test -z "$have_llong_max"; then
3289	AC_MSG_CHECKING([for max value of long long])
3290	AC_RUN_IFELSE(
3291		[AC_LANG_PROGRAM([[
3292#include <stdio.h>
3293/* Why is this so damn hard? */
3294#ifdef __GNUC__
3295# undef __GNUC__
3296#endif
3297#define __USE_ISOC99
3298#include <limits.h>
3299#define DATA "conftest.llminmax"
3300#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3301
3302/*
3303 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3304 * we do this the hard way.
3305 */
3306static int
3307fprint_ll(FILE *f, long long n)
3308{
3309	unsigned int i;
3310	int l[sizeof(long long) * 8];
3311
3312	if (n < 0)
3313		if (fprintf(f, "-") < 0)
3314			return -1;
3315	for (i = 0; n != 0; i++) {
3316		l[i] = my_abs(n % 10);
3317		n /= 10;
3318	}
3319	do {
3320		if (fprintf(f, "%d", l[--i]) < 0)
3321			return -1;
3322	} while (i != 0);
3323	if (fprintf(f, " ") < 0)
3324		return -1;
3325	return 0;
3326}
3327		]], [[
3328	FILE *f;
3329	long long i, llmin, llmax = 0;
3330
3331	if((f = fopen(DATA,"w")) == NULL)
3332		exit(1);
3333
3334#if defined(LLONG_MIN) && defined(LLONG_MAX)
3335	fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3336	llmin = LLONG_MIN;
3337	llmax = LLONG_MAX;
3338#else
3339	fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
3340	/* This will work on one's complement and two's complement */
3341	for (i = 1; i > llmax; i <<= 1, i++)
3342		llmax = i;
3343	llmin = llmax + 1LL;	/* wrap */
3344#endif
3345
3346	/* Sanity check */
3347	if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3348	    || llmax - 1 > llmax || llmin == llmax || llmin == 0
3349	    || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3350		fprintf(f, "unknown unknown\n");
3351		exit(2);
3352	}
3353
3354	if (fprint_ll(f, llmin) < 0)
3355		exit(3);
3356	if (fprint_ll(f, llmax) < 0)
3357		exit(4);
3358	if (fclose(f) < 0)
3359		exit(5);
3360	exit(0);
3361		]])],
3362		[
3363			llong_min=`$AWK '{print $1}' conftest.llminmax`
3364			llong_max=`$AWK '{print $2}' conftest.llminmax`
3365
3366			AC_MSG_RESULT([$llong_max])
3367			AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3368			    [max value of long long calculated by configure])
3369			AC_MSG_CHECKING([for min value of long long])
3370			AC_MSG_RESULT([$llong_min])
3371			AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3372			    [min value of long long calculated by configure])
3373		],
3374		[
3375			AC_MSG_RESULT([not found])
3376		],
3377		[
3378			AC_MSG_WARN([cross compiling: not checking])
3379		]
3380	)
3381fi
3382
3383
3384# More checks for data types
3385AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3386	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3387	[[ u_int a; a = 1;]])],
3388	[ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3389	])
3390])
3391if test "x$ac_cv_have_u_int" = "xyes" ; then
3392	AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3393	have_u_int=1
3394fi
3395
3396AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3397	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3398	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3399	[ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3400	])
3401])
3402if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3403	AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3404	have_intxx_t=1
3405fi
3406
3407if (test -z "$have_intxx_t" && \
3408	   test "x$ac_cv_header_stdint_h" = "xyes")
3409then
3410    AC_MSG_CHECKING([for intXX_t types in stdint.h])
3411	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3412	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3413		[
3414			AC_DEFINE([HAVE_INTXX_T])
3415			AC_MSG_RESULT([yes])
3416		], [ AC_MSG_RESULT([no])
3417	])
3418fi
3419
3420AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3421	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3422#include <sys/types.h>
3423#ifdef HAVE_STDINT_H
3424# include <stdint.h>
3425#endif
3426#include <sys/socket.h>
3427#ifdef HAVE_SYS_BITYPES_H
3428# include <sys/bitypes.h>
3429#endif
3430		]], [[
3431int64_t a; a = 1;
3432		]])],
3433	[ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3434	])
3435])
3436if test "x$ac_cv_have_int64_t" = "xyes" ; then
3437	AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3438fi
3439
3440AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3441	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3442	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3443	[ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3444	])
3445])
3446if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3447	AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3448	have_u_intxx_t=1
3449fi
3450
3451if test -z "$have_u_intxx_t" ; then
3452    AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3453	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3454	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3455		[
3456			AC_DEFINE([HAVE_U_INTXX_T])
3457			AC_MSG_RESULT([yes])
3458		], [ AC_MSG_RESULT([no])
3459	])
3460fi
3461
3462AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3463	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3464	[[ u_int64_t a; a = 1;]])],
3465	[ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3466	])
3467])
3468if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3469	AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3470	have_u_int64_t=1
3471fi
3472
3473if (test -z "$have_u_int64_t" && \
3474	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3475then
3476    AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3477	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3478	[[ u_int64_t a; a = 1]])],
3479		[
3480			AC_DEFINE([HAVE_U_INT64_T])
3481			AC_MSG_RESULT([yes])
3482		], [ AC_MSG_RESULT([no])
3483	])
3484fi
3485
3486if test -z "$have_u_intxx_t" ; then
3487	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3488		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3489#include <sys/types.h>
3490			]], [[
3491	uint8_t a;
3492	uint16_t b;
3493	uint32_t c;
3494	a = b = c = 1;
3495			]])],
3496		[ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3497		])
3498	])
3499	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3500		AC_DEFINE([HAVE_UINTXX_T], [1],
3501			[define if you have uintxx_t data type])
3502	fi
3503fi
3504
3505if (test -z "$have_uintxx_t" && \
3506	   test "x$ac_cv_header_stdint_h" = "xyes")
3507then
3508    AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3509	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3510	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3511		[
3512			AC_DEFINE([HAVE_UINTXX_T])
3513			AC_MSG_RESULT([yes])
3514		], [ AC_MSG_RESULT([no])
3515	])
3516fi
3517
3518if (test -z "$have_uintxx_t" && \
3519	   test "x$ac_cv_header_inttypes_h" = "xyes")
3520then
3521    AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3522	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3523	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3524		[
3525			AC_DEFINE([HAVE_UINTXX_T])
3526			AC_MSG_RESULT([yes])
3527		], [ AC_MSG_RESULT([no])
3528	])
3529fi
3530
3531if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3532	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3533then
3534	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3535	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3536#include <sys/bitypes.h>
3537		]], [[
3538			int8_t a; int16_t b; int32_t c;
3539			u_int8_t e; u_int16_t f; u_int32_t g;
3540			a = b = c = e = f = g = 1;
3541		]])],
3542		[
3543			AC_DEFINE([HAVE_U_INTXX_T])
3544			AC_DEFINE([HAVE_INTXX_T])
3545			AC_MSG_RESULT([yes])
3546		], [AC_MSG_RESULT([no])
3547	])
3548fi
3549
3550
3551AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3552	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3553	[[ u_char foo; foo = 125; ]])],
3554	[ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3555	])
3556])
3557if test "x$ac_cv_have_u_char" = "xyes" ; then
3558	AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3559fi
3560
3561AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3562#include <sys/types.h>
3563#include <stdint.h>
3564])
3565
3566TYPE_SOCKLEN_T
3567
3568AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3569AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3570#include <sys/types.h>
3571#ifdef HAVE_SYS_BITYPES_H
3572#include <sys/bitypes.h>
3573#endif
3574#ifdef HAVE_SYS_STATFS_H
3575#include <sys/statfs.h>
3576#endif
3577#ifdef HAVE_SYS_STATVFS_H
3578#include <sys/statvfs.h>
3579#endif
3580])
3581
3582AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3583[#include <sys/types.h>
3584#include <netinet/in.h>])
3585
3586AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3587	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3588	[[ size_t foo; foo = 1235; ]])],
3589	[ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3590	])
3591])
3592if test "x$ac_cv_have_size_t" = "xyes" ; then
3593	AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3594fi
3595
3596AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3597	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3598	[[ ssize_t foo; foo = 1235; ]])],
3599	[ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3600	])
3601])
3602if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3603	AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3604fi
3605
3606AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3607	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3608	[[ clock_t foo; foo = 1235; ]])],
3609	[ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3610	])
3611])
3612if test "x$ac_cv_have_clock_t" = "xyes" ; then
3613	AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3614fi
3615
3616AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3617	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3618#include <sys/types.h>
3619#include <sys/socket.h>
3620		]], [[ sa_family_t foo; foo = 1235; ]])],
3621	[ ac_cv_have_sa_family_t="yes" ],
3622	[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3623#include <sys/types.h>
3624#include <sys/socket.h>
3625#include <netinet/in.h>
3626		]], [[ sa_family_t foo; foo = 1235; ]])],
3627		[ ac_cv_have_sa_family_t="yes" ],
3628		[ ac_cv_have_sa_family_t="no" ]
3629	)
3630	])
3631])
3632if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3633	AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3634		[define if you have sa_family_t data type])
3635fi
3636
3637AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3638	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3639	[[ pid_t foo; foo = 1235; ]])],
3640	[ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3641	])
3642])
3643if test "x$ac_cv_have_pid_t" = "xyes" ; then
3644	AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3645fi
3646
3647AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3648	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3649	[[ mode_t foo; foo = 1235; ]])],
3650	[ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3651	])
3652])
3653if test "x$ac_cv_have_mode_t" = "xyes" ; then
3654	AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3655fi
3656
3657
3658AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3659	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3660#include <sys/types.h>
3661#include <sys/socket.h>
3662		]], [[ struct sockaddr_storage s; ]])],
3663	[ ac_cv_have_struct_sockaddr_storage="yes" ],
3664	[ ac_cv_have_struct_sockaddr_storage="no"
3665	])
3666])
3667if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3668	AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3669		[define if you have struct sockaddr_storage data type])
3670fi
3671
3672AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3673	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3674#include <sys/types.h>
3675#include <netinet/in.h>
3676		]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3677	[ ac_cv_have_struct_sockaddr_in6="yes" ],
3678	[ ac_cv_have_struct_sockaddr_in6="no"
3679	])
3680])
3681if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3682	AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3683		[define if you have struct sockaddr_in6 data type])
3684fi
3685
3686AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3687	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3688#include <sys/types.h>
3689#include <netinet/in.h>
3690		]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3691	[ ac_cv_have_struct_in6_addr="yes" ],
3692	[ ac_cv_have_struct_in6_addr="no"
3693	])
3694])
3695if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3696	AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3697		[define if you have struct in6_addr data type])
3698
3699dnl Now check for sin6_scope_id
3700	AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3701		[
3702#ifdef HAVE_SYS_TYPES_H
3703#include <sys/types.h>
3704#endif
3705#include <netinet/in.h>
3706		])
3707fi
3708
3709AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3710	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3711#include <sys/types.h>
3712#include <sys/socket.h>
3713#include <netdb.h>
3714		]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3715	[ ac_cv_have_struct_addrinfo="yes" ],
3716	[ ac_cv_have_struct_addrinfo="no"
3717	])
3718])
3719if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3720	AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3721		[define if you have struct addrinfo data type])
3722fi
3723
3724AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3725	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3726	[[ struct timeval tv; tv.tv_sec = 1;]])],
3727	[ ac_cv_have_struct_timeval="yes" ],
3728	[ ac_cv_have_struct_timeval="no"
3729	])
3730])
3731if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3732	AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3733	have_struct_timeval=1
3734fi
3735
3736AC_CHECK_TYPES([struct timespec])
3737
3738# We need int64_t or else certian parts of the compile will fail.
3739if test "x$ac_cv_have_int64_t" = "xno" && \
3740	test "x$ac_cv_sizeof_long_int" != "x8" && \
3741	test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3742	echo "OpenSSH requires int64_t support.  Contact your vendor or install"
3743	echo "an alternative compiler (I.E., GCC) before continuing."
3744	echo ""
3745	exit 1;
3746else
3747dnl test snprintf (broken on SCO w/gcc)
3748	AC_RUN_IFELSE(
3749		[AC_LANG_SOURCE([[
3750#include <stdio.h>
3751#include <string.h>
3752#ifdef HAVE_SNPRINTF
3753main()
3754{
3755	char buf[50];
3756	char expected_out[50];
3757	int mazsize = 50 ;
3758#if (SIZEOF_LONG_INT == 8)
3759	long int num = 0x7fffffffffffffff;
3760#else
3761	long long num = 0x7fffffffffffffffll;
3762#endif
3763	strcpy(expected_out, "9223372036854775807");
3764	snprintf(buf, mazsize, "%lld", num);
3765	if(strcmp(buf, expected_out) != 0)
3766		exit(1);
3767	exit(0);
3768}
3769#else
3770main() { exit(0); }
3771#endif
3772		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3773		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3774	)
3775fi
3776
3777dnl Checks for structure members
3778OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3779OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3780OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3781OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3782OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3783OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3784OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3785OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3786OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3787OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3788OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3789OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3790OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3791OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3792OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3793OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3794OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3795
3796AC_CHECK_MEMBERS([struct stat.st_blksize])
3797AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3798struct passwd.pw_change, struct passwd.pw_expire],
3799[], [], [[
3800#include <sys/types.h>
3801#include <pwd.h>
3802]])
3803
3804AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3805	[Define if we don't have struct __res_state in resolv.h])],
3806[[
3807#include <stdio.h>
3808#if HAVE_SYS_TYPES_H
3809# include <sys/types.h>
3810#endif
3811#include <netinet/in.h>
3812#include <arpa/nameser.h>
3813#include <resolv.h>
3814]])
3815
3816AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3817		ac_cv_have_ss_family_in_struct_ss, [
3818	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3819#include <sys/types.h>
3820#include <sys/socket.h>
3821		]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3822	[ ac_cv_have_ss_family_in_struct_ss="yes" ],
3823	[ ac_cv_have_ss_family_in_struct_ss="no" ])
3824])
3825if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3826	AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3827fi
3828
3829AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3830		ac_cv_have___ss_family_in_struct_ss, [
3831	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3832#include <sys/types.h>
3833#include <sys/socket.h>
3834		]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3835	[ ac_cv_have___ss_family_in_struct_ss="yes" ],
3836	[ ac_cv_have___ss_family_in_struct_ss="no"
3837	])
3838])
3839if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3840	AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3841		[Fields in struct sockaddr_storage])
3842fi
3843
3844dnl make sure we're using the real structure members and not defines
3845AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3846		ac_cv_have_accrights_in_msghdr, [
3847	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3848#include <sys/types.h>
3849#include <sys/socket.h>
3850#include <sys/uio.h>
3851		]], [[
3852#ifdef msg_accrights
3853#error "msg_accrights is a macro"
3854exit(1);
3855#endif
3856struct msghdr m;
3857m.msg_accrights = 0;
3858exit(0);
3859		]])],
3860		[ ac_cv_have_accrights_in_msghdr="yes" ],
3861		[ ac_cv_have_accrights_in_msghdr="no" ]
3862	)
3863])
3864if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3865	AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3866		[Define if your system uses access rights style
3867		file descriptor passing])
3868fi
3869
3870AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3871AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3872#include <sys/param.h>
3873#include <sys/stat.h>
3874#ifdef HAVE_SYS_TIME_H
3875# include <sys/time.h>
3876#endif
3877#ifdef HAVE_SYS_MOUNT_H
3878#include <sys/mount.h>
3879#endif
3880#ifdef HAVE_SYS_STATVFS_H
3881#include <sys/statvfs.h>
3882#endif
3883	]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3884	[ AC_MSG_RESULT([yes]) ],
3885	[ AC_MSG_RESULT([no])
3886
3887	AC_MSG_CHECKING([if fsid_t has member val])
3888	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3889#include <sys/types.h>
3890#include <sys/statvfs.h>
3891	]], [[ fsid_t t; t.val[0] = 0; ]])],
3892	[ AC_MSG_RESULT([yes])
3893	  AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3894	[ AC_MSG_RESULT([no]) ])
3895
3896	AC_MSG_CHECKING([if f_fsid has member __val])
3897	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3898#include <sys/types.h>
3899#include <sys/statvfs.h>
3900	]], [[ fsid_t t; t.__val[0] = 0; ]])],
3901	[ AC_MSG_RESULT([yes])
3902	  AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3903	[ AC_MSG_RESULT([no]) ])
3904])
3905
3906AC_CACHE_CHECK([for msg_control field in struct msghdr],
3907		ac_cv_have_control_in_msghdr, [
3908	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3909#include <sys/types.h>
3910#include <sys/socket.h>
3911#include <sys/uio.h>
3912		]], [[
3913#ifdef msg_control
3914#error "msg_control is a macro"
3915exit(1);
3916#endif
3917struct msghdr m;
3918m.msg_control = 0;
3919exit(0);
3920		]])],
3921		[ ac_cv_have_control_in_msghdr="yes" ],
3922		[ ac_cv_have_control_in_msghdr="no" ]
3923	)
3924])
3925if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3926	AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3927		[Define if your system uses ancillary data style
3928		file descriptor passing])
3929fi
3930
3931AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3932	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3933		[[ extern char *__progname; printf("%s", __progname); ]])],
3934	[ ac_cv_libc_defines___progname="yes" ],
3935	[ ac_cv_libc_defines___progname="no"
3936	])
3937])
3938if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3939	AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3940fi
3941
3942AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3943	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3944		[[ printf("%s", __FUNCTION__); ]])],
3945	[ ac_cv_cc_implements___FUNCTION__="yes" ],
3946	[ ac_cv_cc_implements___FUNCTION__="no"
3947	])
3948])
3949if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3950	AC_DEFINE([HAVE___FUNCTION__], [1],
3951		[Define if compiler implements __FUNCTION__])
3952fi
3953
3954AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3955	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3956		[[ printf("%s", __func__); ]])],
3957	[ ac_cv_cc_implements___func__="yes" ],
3958	[ ac_cv_cc_implements___func__="no"
3959	])
3960])
3961if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3962	AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3963fi
3964
3965AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3966	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3967#include <stdarg.h>
3968va_list x,y;
3969		]], [[ va_copy(x,y); ]])],
3970	[ ac_cv_have_va_copy="yes" ],
3971	[ ac_cv_have_va_copy="no"
3972	])
3973])
3974if test "x$ac_cv_have_va_copy" = "xyes" ; then
3975	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3976fi
3977
3978AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3979	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3980#include <stdarg.h>
3981va_list x,y;
3982		]], [[ __va_copy(x,y); ]])],
3983	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3984	])
3985])
3986if test "x$ac_cv_have___va_copy" = "xyes" ; then
3987	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3988fi
3989
3990AC_CACHE_CHECK([whether getopt has optreset support],
3991		ac_cv_have_getopt_optreset, [
3992	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3993		[[ extern int optreset; optreset = 0; ]])],
3994	[ ac_cv_have_getopt_optreset="yes" ],
3995	[ ac_cv_have_getopt_optreset="no"
3996	])
3997])
3998if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3999	AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4000		[Define if your getopt(3) defines and uses optreset])
4001fi
4002
4003AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4004	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4005[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4006	[ ac_cv_libc_defines_sys_errlist="yes" ],
4007	[ ac_cv_libc_defines_sys_errlist="no"
4008	])
4009])
4010if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4011	AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4012		[Define if your system defines sys_errlist[]])
4013fi
4014
4015
4016AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4017	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4018[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4019	[ ac_cv_libc_defines_sys_nerr="yes" ],
4020	[ ac_cv_libc_defines_sys_nerr="no"
4021	])
4022])
4023if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4024	AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4025fi
4026
4027# Check libraries needed by DNS fingerprint support
4028AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4029	[AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4030		[Define if getrrsetbyname() exists])],
4031	[
4032		# Needed by our getrrsetbyname()
4033		AC_SEARCH_LIBS([res_query], [resolv])
4034		AC_SEARCH_LIBS([dn_expand], [resolv])
4035		AC_MSG_CHECKING([if res_query will link])
4036		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4037#include <sys/types.h>
4038#include <netinet/in.h>
4039#include <arpa/nameser.h>
4040#include <netdb.h>
4041#include <resolv.h>
4042				]], [[
4043	res_query (0, 0, 0, 0, 0);
4044				]])],
4045		    AC_MSG_RESULT([yes]),
4046		   [AC_MSG_RESULT([no])
4047		    saved_LIBS="$LIBS"
4048		    LIBS="$LIBS -lresolv"
4049		    AC_MSG_CHECKING([for res_query in -lresolv])
4050		    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4051#include <sys/types.h>
4052#include <netinet/in.h>
4053#include <arpa/nameser.h>
4054#include <netdb.h>
4055#include <resolv.h>
4056				]], [[
4057	res_query (0, 0, 0, 0, 0);
4058				]])],
4059			[AC_MSG_RESULT([yes])],
4060			[LIBS="$saved_LIBS"
4061			 AC_MSG_RESULT([no])])
4062		    ])
4063		AC_CHECK_FUNCS([_getshort _getlong])
4064		AC_CHECK_DECLS([_getshort, _getlong], , ,
4065		    [#include <sys/types.h>
4066		    #include <arpa/nameser.h>])
4067		AC_CHECK_MEMBER([HEADER.ad],
4068			[AC_DEFINE([HAVE_HEADER_AD], [1],
4069			    [Define if HEADER.ad exists in arpa/nameser.h])], ,
4070			[#include <arpa/nameser.h>])
4071	])
4072
4073AC_MSG_CHECKING([if struct __res_state _res is an extern])
4074AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4075#include <stdio.h>
4076#if HAVE_SYS_TYPES_H
4077# include <sys/types.h>
4078#endif
4079#include <netinet/in.h>
4080#include <arpa/nameser.h>
4081#include <resolv.h>
4082extern struct __res_state _res;
4083		]], [[
4084struct __res_state *volatile p = &_res;  /* force resolution of _res */
4085return 0;
4086		]],)],
4087		[AC_MSG_RESULT([yes])
4088		 AC_DEFINE([HAVE__RES_EXTERN], [1],
4089		    [Define if you have struct __res_state _res as an extern])
4090		],
4091		[ AC_MSG_RESULT([no]) ]
4092)
4093
4094# Check whether user wants SELinux support
4095SELINUX_MSG="no"
4096LIBSELINUX=""
4097AC_ARG_WITH([selinux],
4098	[  --with-selinux          Enable SELinux support],
4099	[ if test "x$withval" != "xno" ; then
4100		save_LIBS="$LIBS"
4101		AC_DEFINE([WITH_SELINUX], [1],
4102			[Define if you want SELinux support.])
4103		SELINUX_MSG="yes"
4104		AC_CHECK_HEADER([selinux/selinux.h], ,
4105			AC_MSG_ERROR([SELinux support requires selinux.h header]))
4106		AC_CHECK_LIB([selinux], [setexeccon],
4107			[ LIBSELINUX="-lselinux"
4108			  LIBS="$LIBS -lselinux"
4109			],
4110			AC_MSG_ERROR([SELinux support requires libselinux library]))
4111		SSHLIBS="$SSHLIBS $LIBSELINUX"
4112		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4113		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4114		LIBS="$save_LIBS"
4115	fi ]
4116)
4117AC_SUBST([SSHLIBS])
4118AC_SUBST([SSHDLIBS])
4119
4120# Check whether user wants Kerberos 5 support
4121KRB5_MSG="no"
4122AC_ARG_WITH([kerberos5],
4123	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
4124	[ if test "x$withval" != "xno" ; then
4125		if test "x$withval" = "xyes" ; then
4126			KRB5ROOT="/usr/local"
4127		else
4128			KRB5ROOT=${withval}
4129		fi
4130
4131		AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4132		KRB5_MSG="yes"
4133
4134		AC_PATH_PROG([KRB5CONF], [krb5-config],
4135			     [$KRB5ROOT/bin/krb5-config],
4136			     [$KRB5ROOT/bin:$PATH])
4137		if test -x $KRB5CONF ; then
4138			K5CFLAGS="`$KRB5CONF --cflags`"
4139			K5LIBS="`$KRB5CONF --libs`"
4140			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4141
4142			AC_MSG_CHECKING([for gssapi support])
4143			if $KRB5CONF | grep gssapi >/dev/null ; then
4144				AC_MSG_RESULT([yes])
4145				AC_DEFINE([GSSAPI], [1],
4146					[Define this if you want GSSAPI
4147					support in the version 2 protocol])
4148				GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4149				GSSLIBS="`$KRB5CONF --libs gssapi`"
4150				CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4151			else
4152				AC_MSG_RESULT([no])
4153			fi
4154			AC_MSG_CHECKING([whether we are using Heimdal])
4155			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4156				]], [[ char *tmp = heimdal_version; ]])],
4157				[ AC_MSG_RESULT([yes])
4158				AC_DEFINE([HEIMDAL], [1],
4159				[Define this if you are using the Heimdal
4160				version of Kerberos V5]) ],
4161				[AC_MSG_RESULT([no])
4162			])
4163		else
4164			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4165			LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4166			AC_MSG_CHECKING([whether we are using Heimdal])
4167			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4168				]], [[ char *tmp = heimdal_version; ]])],
4169					[ AC_MSG_RESULT([yes])
4170					 AC_DEFINE([HEIMDAL])
4171					 K5LIBS="-lkrb5"
4172					 K5LIBS="$K5LIBS -lcom_err -lasn1"
4173					 AC_CHECK_LIB([roken], [net_write],
4174					   [K5LIBS="$K5LIBS -lroken"])
4175					 AC_CHECK_LIB([des], [des_cbc_encrypt],
4176					   [K5LIBS="$K5LIBS -ldes"])
4177				       ], [ AC_MSG_RESULT([no])
4178					 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4179
4180			])
4181			AC_SEARCH_LIBS([dn_expand], [resolv])
4182
4183			AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4184				[ AC_DEFINE([GSSAPI])
4185				  GSSLIBS="-lgssapi_krb5" ],
4186				[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4187					[ AC_DEFINE([GSSAPI])
4188					  GSSLIBS="-lgssapi" ],
4189					[ AC_CHECK_LIB([gss], [gss_init_sec_context],
4190						[ AC_DEFINE([GSSAPI])
4191						  GSSLIBS="-lgss" ],
4192						AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4193					])
4194				])
4195
4196			AC_CHECK_HEADER([gssapi.h], ,
4197				[ unset ac_cv_header_gssapi_h
4198				  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4199				  AC_CHECK_HEADERS([gssapi.h], ,
4200					AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4201				  )
4202				]
4203			)
4204
4205			oldCPP="$CPPFLAGS"
4206			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4207			AC_CHECK_HEADER([gssapi_krb5.h], ,
4208					[ CPPFLAGS="$oldCPP" ])
4209
4210		fi
4211		if test ! -z "$need_dash_r" ; then
4212			LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4213		fi
4214		if test ! -z "$blibpath" ; then
4215			blibpath="$blibpath:${KRB5ROOT}/lib"
4216		fi
4217
4218		AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4219		AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4220		AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4221
4222		AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4223			[Define this if you want to use libkafs' AFS support])])
4224
4225		AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4226#ifdef HAVE_GSSAPI_H
4227# include <gssapi.h>
4228#elif defined(HAVE_GSSAPI_GSSAPI_H)
4229# include <gssapi/gssapi.h>
4230#endif
4231
4232#ifdef HAVE_GSSAPI_GENERIC_H
4233# include <gssapi_generic.h>
4234#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4235# include <gssapi/gssapi_generic.h>
4236#endif
4237		]])
4238		saved_LIBS="$LIBS"
4239		LIBS="$LIBS $K5LIBS"
4240		AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4241		LIBS="$saved_LIBS"
4242
4243	fi
4244	]
4245)
4246AC_SUBST([GSSLIBS])
4247AC_SUBST([K5LIBS])
4248
4249# Looking for programs, paths and files
4250
4251PRIVSEP_PATH=/var/empty
4252AC_ARG_WITH([privsep-path],
4253	[  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4254	[
4255		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4256		    test "x${withval}" != "xyes"; then
4257			PRIVSEP_PATH=$withval
4258		fi
4259	]
4260)
4261AC_SUBST([PRIVSEP_PATH])
4262
4263AC_ARG_WITH([xauth],
4264	[  --with-xauth=PATH       Specify path to xauth program ],
4265	[
4266		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4267		    test "x${withval}" != "xyes"; then
4268			xauth_path=$withval
4269		fi
4270	],
4271	[
4272		TestPath="$PATH"
4273		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4274		TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4275		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4276		TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4277		AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4278		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4279			xauth_path="/usr/openwin/bin/xauth"
4280		fi
4281	]
4282)
4283
4284STRIP_OPT=-s
4285AC_ARG_ENABLE([strip],
4286	[  --disable-strip         Disable calling strip(1) on install],
4287	[
4288		if test "x$enableval" = "xno" ; then
4289			STRIP_OPT=
4290		fi
4291	]
4292)
4293AC_SUBST([STRIP_OPT])
4294
4295if test -z "$xauth_path" ; then
4296	XAUTH_PATH="undefined"
4297	AC_SUBST([XAUTH_PATH])
4298else
4299	AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4300		[Define if xauth is found in your path])
4301	XAUTH_PATH=$xauth_path
4302	AC_SUBST([XAUTH_PATH])
4303fi
4304
4305dnl # --with-maildir=/path/to/mail gets top priority.
4306dnl # if maildir is set in the platform case statement above we use that.
4307dnl # Otherwise we run a program to get the dir from system headers.
4308dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4309dnl # If we find _PATH_MAILDIR we do nothing because that is what
4310dnl # session.c expects anyway. Otherwise we set to the value found
4311dnl # stripping any trailing slash. If for some strage reason our program
4312dnl # does not find what it needs, we default to /var/spool/mail.
4313# Check for mail directory
4314AC_ARG_WITH([maildir],
4315    [  --with-maildir=/path/to/mail    Specify your system mail directory],
4316    [
4317	if test "X$withval" != X  &&  test "x$withval" != xno  &&  \
4318	    test "x${withval}" != xyes; then
4319		AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4320            [Set this to your mail directory if you do not have _PATH_MAILDIR])
4321	    fi
4322     ],[
4323	if test "X$maildir" != "X"; then
4324	    AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4325	else
4326	    AC_MSG_CHECKING([Discovering system mail directory])
4327	    AC_RUN_IFELSE(
4328		[AC_LANG_PROGRAM([[
4329#include <stdio.h>
4330#include <string.h>
4331#ifdef HAVE_PATHS_H
4332#include <paths.h>
4333#endif
4334#ifdef HAVE_MAILLOCK_H
4335#include <maillock.h>
4336#endif
4337#define DATA "conftest.maildir"
4338	]], [[
4339	FILE *fd;
4340	int rc;
4341
4342	fd = fopen(DATA,"w");
4343	if(fd == NULL)
4344		exit(1);
4345
4346#if defined (_PATH_MAILDIR)
4347	if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4348		exit(1);
4349#elif defined (MAILDIR)
4350	if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4351		exit(1);
4352#elif defined (_PATH_MAIL)
4353	if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4354		exit(1);
4355#else
4356	exit (2);
4357#endif
4358
4359	exit(0);
4360		]])],
4361		[
4362	 	    maildir_what=`awk -F: '{print $1}' conftest.maildir`
4363		    maildir=`awk -F: '{print $2}' conftest.maildir \
4364			| sed 's|/$||'`
4365		    AC_MSG_RESULT([Using: $maildir from $maildir_what])
4366		    if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4367			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4368		    fi
4369		],
4370		[
4371		    if test "X$ac_status" = "X2";then
4372# our test program didn't find it. Default to /var/spool/mail
4373			AC_MSG_RESULT([Using: default value of /var/spool/mail])
4374			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4375		     else
4376			AC_MSG_RESULT([*** not found ***])
4377		     fi
4378		],
4379		[
4380			AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4381		]
4382	    )
4383	fi
4384    ]
4385) # maildir
4386
4387if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4388	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4389	disable_ptmx_check=yes
4390fi
4391if test -z "$no_dev_ptmx" ; then
4392	if test "x$disable_ptmx_check" != "xyes" ; then
4393		AC_CHECK_FILE(["/dev/ptmx"],
4394			[
4395				AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4396					[Define if you have /dev/ptmx])
4397				have_dev_ptmx=1
4398			]
4399		)
4400	fi
4401fi
4402
4403if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4404	AC_CHECK_FILE(["/dev/ptc"],
4405		[
4406			AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4407				[Define if you have /dev/ptc])
4408			have_dev_ptc=1
4409		]
4410	)
4411else
4412	AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4413fi
4414
4415# Options from here on. Some of these are preset by platform above
4416AC_ARG_WITH([mantype],
4417	[  --with-mantype=man|cat|doc  Set man page type],
4418	[
4419		case "$withval" in
4420		man|cat|doc)
4421			MANTYPE=$withval
4422			;;
4423		*)
4424			AC_MSG_ERROR([invalid man type: $withval])
4425			;;
4426		esac
4427	]
4428)
4429if test -z "$MANTYPE"; then
4430	TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4431	AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4432	if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4433		MANTYPE=doc
4434	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4435		MANTYPE=man
4436	else
4437		MANTYPE=cat
4438	fi
4439fi
4440AC_SUBST([MANTYPE])
4441if test "$MANTYPE" = "doc"; then
4442	mansubdir=man;
4443else
4444	mansubdir=$MANTYPE;
4445fi
4446AC_SUBST([mansubdir])
4447
4448# Check whether to enable MD5 passwords
4449MD5_MSG="no"
4450AC_ARG_WITH([md5-passwords],
4451	[  --with-md5-passwords    Enable use of MD5 passwords],
4452	[
4453		if test "x$withval" != "xno" ; then
4454			AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4455				[Define if you want to allow MD5 passwords])
4456			MD5_MSG="yes"
4457		fi
4458	]
4459)
4460
4461# Whether to disable shadow password support
4462AC_ARG_WITH([shadow],
4463	[  --without-shadow        Disable shadow password support],
4464	[
4465		if test "x$withval" = "xno" ; then
4466			AC_DEFINE([DISABLE_SHADOW])
4467			disable_shadow=yes
4468		fi
4469	]
4470)
4471
4472if test -z "$disable_shadow" ; then
4473	AC_MSG_CHECKING([if the systems has expire shadow information])
4474	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4475#include <sys/types.h>
4476#include <shadow.h>
4477struct spwd sp;
4478		]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4479		[ sp_expire_available=yes ], [
4480	])
4481
4482	if test "x$sp_expire_available" = "xyes" ; then
4483		AC_MSG_RESULT([yes])
4484		AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4485		    [Define if you want to use shadow password expire field])
4486	else
4487		AC_MSG_RESULT([no])
4488	fi
4489fi
4490
4491# Use ip address instead of hostname in $DISPLAY
4492if test ! -z "$IPADDR_IN_DISPLAY" ; then
4493	DISPLAY_HACK_MSG="yes"
4494	AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4495		[Define if you need to use IP address
4496		instead of hostname in $DISPLAY])
4497else
4498	DISPLAY_HACK_MSG="no"
4499	AC_ARG_WITH([ipaddr-display],
4500		[  --with-ipaddr-display   Use ip address instead of hostname in $DISPLAY],
4501		[
4502			if test "x$withval" != "xno" ; then
4503				AC_DEFINE([IPADDR_IN_DISPLAY])
4504				DISPLAY_HACK_MSG="yes"
4505			fi
4506		]
4507	)
4508fi
4509
4510# check for /etc/default/login and use it if present.
4511AC_ARG_ENABLE([etc-default-login],
4512	[  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4513	[ if test "x$enableval" = "xno"; then
4514		AC_MSG_NOTICE([/etc/default/login handling disabled])
4515		etc_default_login=no
4516	  else
4517		etc_default_login=yes
4518	  fi ],
4519	[ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4520	  then
4521		AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4522		etc_default_login=no
4523	  else
4524		etc_default_login=yes
4525	  fi ]
4526)
4527
4528if test "x$etc_default_login" != "xno"; then
4529	AC_CHECK_FILE(["/etc/default/login"],
4530	    [ external_path_file=/etc/default/login ])
4531	if test "x$external_path_file" = "x/etc/default/login"; then
4532		AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4533			[Define if your system has /etc/default/login])
4534	fi
4535fi
4536
4537dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4538if test $ac_cv_func_login_getcapbool = "yes" && \
4539	test $ac_cv_header_login_cap_h = "yes" ; then
4540	external_path_file=/etc/login.conf
4541fi
4542
4543# Whether to mess with the default path
4544SERVER_PATH_MSG="(default)"
4545AC_ARG_WITH([default-path],
4546	[  --with-default-path=    Specify default $PATH environment for server],
4547	[
4548		if test "x$external_path_file" = "x/etc/login.conf" ; then
4549			AC_MSG_WARN([
4550--with-default-path=PATH has no effect on this system.
4551Edit /etc/login.conf instead.])
4552		elif test "x$withval" != "xno" ; then
4553			if test ! -z "$external_path_file" ; then
4554				AC_MSG_WARN([
4555--with-default-path=PATH will only be used if PATH is not defined in
4556$external_path_file .])
4557			fi
4558			user_path="$withval"
4559			SERVER_PATH_MSG="$withval"
4560		fi
4561	],
4562	[ if test "x$external_path_file" = "x/etc/login.conf" ; then
4563		AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4564	else
4565		if test ! -z "$external_path_file" ; then
4566			AC_MSG_WARN([
4567If PATH is defined in $external_path_file, ensure the path to scp is included,
4568otherwise scp will not work.])
4569		fi
4570		AC_RUN_IFELSE(
4571			[AC_LANG_PROGRAM([[
4572/* find out what STDPATH is */
4573#include <stdio.h>
4574#ifdef HAVE_PATHS_H
4575# include <paths.h>
4576#endif
4577#ifndef _PATH_STDPATH
4578# ifdef _PATH_USERPATH	/* Irix */
4579#  define _PATH_STDPATH _PATH_USERPATH
4580# else
4581#  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4582# endif
4583#endif
4584#include <sys/types.h>
4585#include <sys/stat.h>
4586#include <fcntl.h>
4587#define DATA "conftest.stdpath"
4588			]], [[
4589	FILE *fd;
4590	int rc;
4591
4592	fd = fopen(DATA,"w");
4593	if(fd == NULL)
4594		exit(1);
4595
4596	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4597		exit(1);
4598
4599	exit(0);
4600		]])],
4601		[ user_path=`cat conftest.stdpath` ],
4602		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4603		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4604	)
4605# make sure $bindir is in USER_PATH so scp will work
4606		t_bindir="${bindir}"
4607		while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4608			t_bindir=`eval echo ${t_bindir}`
4609			case $t_bindir in
4610				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4611			esac
4612			case $t_bindir in
4613				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4614			esac
4615		done
4616		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
4617		if test $? -ne 0  ; then
4618			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
4619			if test $? -ne 0  ; then
4620				user_path=$user_path:$t_bindir
4621				AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4622			fi
4623		fi
4624	fi ]
4625)
4626if test "x$external_path_file" != "x/etc/login.conf" ; then
4627	AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4628	AC_SUBST([user_path])
4629fi
4630
4631# Set superuser path separately to user path
4632AC_ARG_WITH([superuser-path],
4633	[  --with-superuser-path=  Specify different path for super-user],
4634	[
4635		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4636		    test "x${withval}" != "xyes"; then
4637			AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4638				[Define if you want a different $PATH
4639				for the superuser])
4640			superuser_path=$withval
4641		fi
4642	]
4643)
4644
4645
4646AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4647IPV4_IN6_HACK_MSG="no"
4648AC_ARG_WITH(4in6,
4649	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
4650	[
4651		if test "x$withval" != "xno" ; then
4652			AC_MSG_RESULT([yes])
4653			AC_DEFINE([IPV4_IN_IPV6], [1],
4654				[Detect IPv4 in IPv6 mapped addresses
4655				and treat as IPv4])
4656			IPV4_IN6_HACK_MSG="yes"
4657		else
4658			AC_MSG_RESULT([no])
4659		fi
4660	], [
4661		if test "x$inet6_default_4in6" = "xyes"; then
4662			AC_MSG_RESULT([yes (default)])
4663			AC_DEFINE([IPV4_IN_IPV6])
4664			IPV4_IN6_HACK_MSG="yes"
4665		else
4666			AC_MSG_RESULT([no (default)])
4667		fi
4668	]
4669)
4670
4671# Whether to enable BSD auth support
4672BSD_AUTH_MSG=no
4673AC_ARG_WITH([bsd-auth],
4674	[  --with-bsd-auth         Enable BSD auth support],
4675	[
4676		if test "x$withval" != "xno" ; then
4677			AC_DEFINE([BSD_AUTH], [1],
4678				[Define if you have BSD auth support])
4679			BSD_AUTH_MSG=yes
4680		fi
4681	]
4682)
4683
4684# Where to place sshd.pid
4685piddir=/var/run
4686# make sure the directory exists
4687if test ! -d $piddir ; then
4688	piddir=`eval echo ${sysconfdir}`
4689	case $piddir in
4690		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4691	esac
4692fi
4693
4694AC_ARG_WITH([pid-dir],
4695	[  --with-pid-dir=PATH     Specify location of ssh.pid file],
4696	[
4697		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4698		    test "x${withval}" != "xyes"; then
4699			piddir=$withval
4700			if test ! -d $piddir ; then
4701			AC_MSG_WARN([** no $piddir directory on this system **])
4702			fi
4703		fi
4704	]
4705)
4706
4707AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4708	[Specify location of ssh.pid])
4709AC_SUBST([piddir])
4710
4711dnl allow user to disable some login recording features
4712AC_ARG_ENABLE([lastlog],
4713	[  --disable-lastlog       disable use of lastlog even if detected [no]],
4714	[
4715		if test "x$enableval" = "xno" ; then
4716			AC_DEFINE([DISABLE_LASTLOG])
4717		fi
4718	]
4719)
4720AC_ARG_ENABLE([utmp],
4721	[  --disable-utmp          disable use of utmp even if detected [no]],
4722	[
4723		if test "x$enableval" = "xno" ; then
4724			AC_DEFINE([DISABLE_UTMP])
4725		fi
4726	]
4727)
4728AC_ARG_ENABLE([utmpx],
4729	[  --disable-utmpx         disable use of utmpx even if detected [no]],
4730	[
4731		if test "x$enableval" = "xno" ; then
4732			AC_DEFINE([DISABLE_UTMPX], [1],
4733				[Define if you don't want to use utmpx])
4734		fi
4735	]
4736)
4737AC_ARG_ENABLE([wtmp],
4738	[  --disable-wtmp          disable use of wtmp even if detected [no]],
4739	[
4740		if test "x$enableval" = "xno" ; then
4741			AC_DEFINE([DISABLE_WTMP])
4742		fi
4743	]
4744)
4745AC_ARG_ENABLE([wtmpx],
4746	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
4747	[
4748		if test "x$enableval" = "xno" ; then
4749			AC_DEFINE([DISABLE_WTMPX], [1],
4750				[Define if you don't want to use wtmpx])
4751		fi
4752	]
4753)
4754AC_ARG_ENABLE([libutil],
4755	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
4756	[
4757		if test "x$enableval" = "xno" ; then
4758			AC_DEFINE([DISABLE_LOGIN])
4759		fi
4760	]
4761)
4762AC_ARG_ENABLE([pututline],
4763	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
4764	[
4765		if test "x$enableval" = "xno" ; then
4766			AC_DEFINE([DISABLE_PUTUTLINE], [1],
4767				[Define if you don't want to use pututline()
4768				etc. to write [uw]tmp])
4769		fi
4770	]
4771)
4772AC_ARG_ENABLE([pututxline],
4773	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
4774	[
4775		if test "x$enableval" = "xno" ; then
4776			AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4777				[Define if you don't want to use pututxline()
4778				etc. to write [uw]tmpx])
4779		fi
4780	]
4781)
4782AC_ARG_WITH([lastlog],
4783  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4784	[
4785		if test "x$withval" = "xno" ; then
4786			AC_DEFINE([DISABLE_LASTLOG])
4787		elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
4788			conf_lastlog_location=$withval
4789		fi
4790	]
4791)
4792
4793dnl lastlog, [uw]tmpx? detection
4794dnl  NOTE: set the paths in the platform section to avoid the
4795dnl   need for command-line parameters
4796dnl lastlog and [uw]tmp are subject to a file search if all else fails
4797
4798dnl lastlog detection
4799dnl  NOTE: the code itself will detect if lastlog is a directory
4800AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4801AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4802#include <sys/types.h>
4803#include <utmp.h>
4804#ifdef HAVE_LASTLOG_H
4805#  include <lastlog.h>
4806#endif
4807#ifdef HAVE_PATHS_H
4808#  include <paths.h>
4809#endif
4810#ifdef HAVE_LOGIN_H
4811# include <login.h>
4812#endif
4813	]], [[ char *lastlog = LASTLOG_FILE; ]])],
4814		[ AC_MSG_RESULT([yes]) ],
4815		[
4816		AC_MSG_RESULT([no])
4817		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4818		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4819#include <sys/types.h>
4820#include <utmp.h>
4821#ifdef HAVE_LASTLOG_H
4822#  include <lastlog.h>
4823#endif
4824#ifdef HAVE_PATHS_H
4825#  include <paths.h>
4826#endif
4827		]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4828		[ AC_MSG_RESULT([yes]) ],
4829		[
4830			AC_MSG_RESULT([no])
4831			system_lastlog_path=no
4832		])
4833])
4834
4835if test -z "$conf_lastlog_location"; then
4836	if test x"$system_lastlog_path" = x"no" ; then
4837		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4838				if (test -d "$f" || test -f "$f") ; then
4839					conf_lastlog_location=$f
4840				fi
4841		done
4842		if test -z "$conf_lastlog_location"; then
4843			AC_MSG_WARN([** Cannot find lastlog **])
4844			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4845		fi
4846	fi
4847fi
4848
4849if test -n "$conf_lastlog_location"; then
4850	AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4851		[Define if you want to specify the path to your lastlog file])
4852fi
4853
4854dnl utmp detection
4855AC_MSG_CHECKING([if your system defines UTMP_FILE])
4856AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4857#include <sys/types.h>
4858#include <utmp.h>
4859#ifdef HAVE_PATHS_H
4860#  include <paths.h>
4861#endif
4862	]], [[ char *utmp = UTMP_FILE; ]])],
4863	[ AC_MSG_RESULT([yes]) ],
4864	[ AC_MSG_RESULT([no])
4865	  system_utmp_path=no
4866])
4867if test -z "$conf_utmp_location"; then
4868	if test x"$system_utmp_path" = x"no" ; then
4869		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4870			if test -f $f ; then
4871				conf_utmp_location=$f
4872			fi
4873		done
4874		if test -z "$conf_utmp_location"; then
4875			AC_DEFINE([DISABLE_UTMP])
4876		fi
4877	fi
4878fi
4879if test -n "$conf_utmp_location"; then
4880	AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4881		[Define if you want to specify the path to your utmp file])
4882fi
4883
4884dnl wtmp detection
4885AC_MSG_CHECKING([if your system defines WTMP_FILE])
4886AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4887#include <sys/types.h>
4888#include <utmp.h>
4889#ifdef HAVE_PATHS_H
4890#  include <paths.h>
4891#endif
4892	]], [[ char *wtmp = WTMP_FILE; ]])],
4893	[ AC_MSG_RESULT([yes]) ],
4894	[ AC_MSG_RESULT([no])
4895	  system_wtmp_path=no
4896])
4897if test -z "$conf_wtmp_location"; then
4898	if test x"$system_wtmp_path" = x"no" ; then
4899		for f in /usr/adm/wtmp /var/log/wtmp; do
4900			if test -f $f ; then
4901				conf_wtmp_location=$f
4902			fi
4903		done
4904		if test -z "$conf_wtmp_location"; then
4905			AC_DEFINE([DISABLE_WTMP])
4906		fi
4907	fi
4908fi
4909if test -n "$conf_wtmp_location"; then
4910	AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4911		[Define if you want to specify the path to your wtmp file])
4912fi
4913
4914dnl wtmpx detection
4915AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4916AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4917#include <sys/types.h>
4918#include <utmp.h>
4919#ifdef HAVE_UTMPX_H
4920#include <utmpx.h>
4921#endif
4922#ifdef HAVE_PATHS_H
4923#  include <paths.h>
4924#endif
4925	]], [[ char *wtmpx = WTMPX_FILE; ]])],
4926	[ AC_MSG_RESULT([yes]) ],
4927	[ AC_MSG_RESULT([no])
4928	  system_wtmpx_path=no
4929])
4930if test -z "$conf_wtmpx_location"; then
4931	if test x"$system_wtmpx_path" = x"no" ; then
4932		AC_DEFINE([DISABLE_WTMPX])
4933	fi
4934else
4935	AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4936		[Define if you want to specify the path to your wtmpx file])
4937fi
4938
4939
4940if test ! -z "$blibpath" ; then
4941	LDFLAGS="$LDFLAGS $blibflags$blibpath"
4942	AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4943fi
4944
4945AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4946    if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4947	AC_DEFINE([DISABLE_LASTLOG])
4948    fi
4949	], [
4950#ifdef HAVE_SYS_TYPES_H
4951#include <sys/types.h>
4952#endif
4953#ifdef HAVE_UTMP_H
4954#include <utmp.h>
4955#endif
4956#ifdef HAVE_UTMPX_H
4957#include <utmpx.h>
4958#endif
4959#ifdef HAVE_LASTLOG_H
4960#include <lastlog.h>
4961#endif
4962	])
4963
4964AC_CHECK_MEMBER([struct utmp.ut_line], [], [
4965	AC_DEFINE([DISABLE_UTMP])
4966	AC_DEFINE([DISABLE_WTMP])
4967	], [
4968#ifdef HAVE_SYS_TYPES_H
4969#include <sys/types.h>
4970#endif
4971#ifdef HAVE_UTMP_H
4972#include <utmp.h>
4973#endif
4974#ifdef HAVE_UTMPX_H
4975#include <utmpx.h>
4976#endif
4977#ifdef HAVE_LASTLOG_H
4978#include <lastlog.h>
4979#endif
4980	])
4981
4982dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4983dnl Add now.
4984CFLAGS="$CFLAGS $werror_flags"
4985
4986if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4987	TEST_SSH_IPV6=no
4988else
4989	TEST_SSH_IPV6=yes
4990fi
4991AC_CHECK_DECL([BROKEN_GETADDRINFO],  [TEST_SSH_IPV6=no])
4992AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4993AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
4994AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
4995
4996AC_EXEEXT
4997AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4998	openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4999	survey.sh])
5000AC_OUTPUT
5001
5002# Print summary of options
5003
5004# Someone please show me a better way :)
5005A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5006B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5007C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5008D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5009E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5010F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5011G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5012H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5013I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5014J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5015
5016echo ""
5017echo "OpenSSH has been configured with the following options:"
5018echo "                     User binaries: $B"
5019echo "                   System binaries: $C"
5020echo "               Configuration files: $D"
5021echo "                   Askpass program: $E"
5022echo "                      Manual pages: $F"
5023echo "                          PID file: $G"
5024echo "  Privilege separation chroot path: $H"
5025if test "x$external_path_file" = "x/etc/login.conf" ; then
5026echo "   At runtime, sshd will use the path defined in $external_path_file"
5027echo "   Make sure the path to scp is present, otherwise scp will not work"
5028else
5029echo "            sshd default user PATH: $I"
5030	if test ! -z "$external_path_file"; then
5031echo "   (If PATH is set in $external_path_file it will be used instead. If"
5032echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
5033	fi
5034fi
5035if test ! -z "$superuser_path" ; then
5036echo "          sshd superuser user PATH: $J"
5037fi
5038echo "                    Manpage format: $MANTYPE"
5039echo "                       PAM support: $PAM_MSG"
5040echo "                   OSF SIA support: $SIA_MSG"
5041echo "                 KerberosV support: $KRB5_MSG"
5042echo "                   SELinux support: $SELINUX_MSG"
5043echo "                 Smartcard support: $SCARD_MSG"
5044echo "                     S/KEY support: $SKEY_MSG"
5045echo "              TCP Wrappers support: $TCPW_MSG"
5046echo "              MD5 password support: $MD5_MSG"
5047echo "                   libedit support: $LIBEDIT_MSG"
5048echo "  Solaris process contract support: $SPC_MSG"
5049echo "           Solaris project support: $SP_MSG"
5050echo "         Solaris privilege support: $SPP_MSG"
5051echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5052echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5053echo "                  BSD Auth support: $BSD_AUTH_MSG"
5054echo "              Random number source: $RAND_MSG"
5055echo "             Privsep sandbox style: $SANDBOX_STYLE"
5056
5057echo ""
5058
5059echo "              Host: ${host}"
5060echo "          Compiler: ${CC}"
5061echo "    Compiler flags: ${CFLAGS}"
5062echo "Preprocessor flags: ${CPPFLAGS}"
5063echo "      Linker flags: ${LDFLAGS}"
5064echo "         Libraries: ${LIBS}"
5065if test ! -z "${SSHDLIBS}"; then
5066echo "         +for sshd: ${SSHDLIBS}"
5067fi
5068if test ! -z "${SSHLIBS}"; then
5069echo "          +for ssh: ${SSHLIBS}"
5070fi
5071
5072echo ""
5073
5074if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5075	echo "SVR4 style packages are supported with \"make package\""
5076	echo ""
5077fi
5078
5079if test "x$PAM_MSG" = "xyes" ; then
5080	echo "PAM is enabled. You may need to install a PAM control file "
5081	echo "for sshd, otherwise password authentication may fail. "
5082	echo "Example PAM control files can be found in the contrib/ "
5083	echo "subdirectory"
5084	echo ""
5085fi
5086
5087if test ! -z "$NO_PEERCHECK" ; then
5088	echo "WARNING: the operating system that you are using does not"
5089	echo "appear to support getpeereid(), getpeerucred() or the"
5090	echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5091	echo "enforce security checks to prevent unauthorised connections to"
5092	echo "ssh-agent. Their absence increases the risk that a malicious"
5093	echo "user can connect to your agent."
5094	echo ""
5095fi
5096
5097if test "$AUDIT_MODULE" = "bsm" ; then
5098	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5099	echo "See the Solaris section in README.platform for details."
5100fi
5101