xref: /freebsd/crypto/openssh/configure.ac (revision 6ef6ba9950260f42b47499d17874d00ca9290955)
1# $Id: configure.ac,v 1.536 2013/08/04 11:48:41 dtucker Exp $
2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18AC_REVISION($Revision: 1.536 $)
19AC_CONFIG_SRCDIR([ssh.c])
20AC_LANG([C])
21
22AC_CONFIG_HEADER([config.h])
23AC_PROG_CC
24AC_CANONICAL_HOST
25AC_C_BIGENDIAN
26
27# Checks for programs.
28AC_PROG_AWK
29AC_PROG_CPP
30AC_PROG_RANLIB
31AC_PROG_INSTALL
32AC_PROG_EGREP
33AC_PATH_PROG([AR], [ar])
34AC_PATH_PROG([CAT], [cat])
35AC_PATH_PROG([KILL], [kill])
36AC_PATH_PROGS([PERL], [perl5 perl])
37AC_PATH_PROG([SED], [sed])
38AC_SUBST([PERL])
39AC_PATH_PROG([ENT], [ent])
40AC_SUBST([ENT])
41AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44AC_PATH_PROG([SH], [sh])
45AC_PATH_PROG([GROFF], [groff])
46AC_PATH_PROG([NROFF], [nroff])
47AC_PATH_PROG([MANDOC], [mandoc])
48AC_SUBST([TEST_SHELL], [sh])
49
50dnl select manpage formatter
51if test "x$MANDOC" != "x" ; then
52	MANFMT="$MANDOC"
53elif test "x$NROFF" != "x" ; then
54	MANFMT="$NROFF -mandoc"
55elif test "x$GROFF" != "x" ; then
56	MANFMT="$GROFF -mandoc -Tascii"
57else
58	AC_MSG_WARN([no manpage formatted found])
59	MANFMT="false"
60fi
61AC_SUBST([MANFMT])
62
63dnl for buildpkg.sh
64AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65	[/usr/sbin${PATH_SEPARATOR}/etc])
66AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67	[/usr/sbin${PATH_SEPARATOR}/etc])
68AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69if test -x /sbin/sh; then
70	AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
71else
72	AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
73fi
74
75# System features
76AC_SYS_LARGEFILE
77
78if test -z "$AR" ; then
79	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
80fi
81
82# Use LOGIN_PROGRAM from environment if possible
83if test ! -z "$LOGIN_PROGRAM" ; then
84	AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
85		[If your header files don't define LOGIN_PROGRAM,
86		then use this (detected) from environment and PATH])
87else
88	# Search for login
89	AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
90	if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
91		AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
92	fi
93fi
94
95AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
96if test ! -z "$PATH_PASSWD_PROG" ; then
97	AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
98		[Full path of your "passwd" program])
99fi
100
101if test -z "$LD" ; then
102	LD=$CC
103fi
104AC_SUBST([LD])
105
106AC_C_INLINE
107
108AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
109AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
110	#include <sys/types.h>
111	#include <sys/param.h>
112	#include <dev/systrace.h>
113])
114AC_CHECK_DECL([RLIMIT_NPROC],
115    [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
116	#include <sys/types.h>
117	#include <sys/resource.h>
118])
119AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
120	#include <sys/types.h>
121	#include <linux/prctl.h>
122])
123use_stack_protector=1
124AC_ARG_WITH([stackprotect],
125    [  --without-stackprotect  Don't use compiler's stack protection], [
126    if test "x$withval" = "xno"; then
127	use_stack_protector=0
128    fi ])
129
130
131if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
132	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments -Werror],
133	    [-Qunused-arguments])
134	OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option -Werror],
135	    [-Wno-unknown-warning-option])
136	OSSH_CHECK_CFLAG_COMPILE([-Wall])
137	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
138	OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
139	OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
140	OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
141	OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
142	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
143	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
144	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
145	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
146	AC_MSG_CHECKING([gcc version])
147	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
148	case $GCC_VER in
149		1.*) no_attrib_nonnull=1 ;;
150		2.8* | 2.9*)
151		     no_attrib_nonnull=1
152		     ;;
153		2.*) no_attrib_nonnull=1 ;;
154		*) ;;
155	esac
156	AC_MSG_RESULT([$GCC_VER])
157
158	AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
159	saved_CFLAGS="$CFLAGS"
160	CFLAGS="$CFLAGS -fno-builtin-memset"
161	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
162			[[ char b[10]; memset(b, 0, sizeof(b)); ]])],
163		[ AC_MSG_RESULT([yes]) ],
164		[ AC_MSG_RESULT([no])
165		  CFLAGS="$saved_CFLAGS" ]
166	)
167
168	# -fstack-protector-all doesn't always work for some GCC versions
169	# and/or platforms, so we test if we can.  If it's not supported
170	# on a given platform gcc will emit a warning so we use -Werror.
171	if test "x$use_stack_protector" = "x1"; then
172	    for t in -fstack-protector-all -fstack-protector; do
173		AC_MSG_CHECKING([if $CC supports $t])
174		saved_CFLAGS="$CFLAGS"
175		saved_LDFLAGS="$LDFLAGS"
176		CFLAGS="$CFLAGS $t -Werror"
177		LDFLAGS="$LDFLAGS $t -Werror"
178		AC_LINK_IFELSE(
179			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
180			[[
181	char x[256];
182	snprintf(x, sizeof(x), "XXX");
183			 ]])],
184		    [ AC_MSG_RESULT([yes])
185		      CFLAGS="$saved_CFLAGS $t"
186		      LDFLAGS="$saved_LDFLAGS $t"
187		      AC_MSG_CHECKING([if $t works])
188		      AC_RUN_IFELSE(
189			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
190			[[
191	char x[256];
192	snprintf(x, sizeof(x), "XXX");
193			]])],
194			[ AC_MSG_RESULT([yes])
195			  break ],
196			[ AC_MSG_RESULT([no]) ],
197			[ AC_MSG_WARN([cross compiling: cannot test])
198			  break ]
199		      )
200		    ],
201		    [ AC_MSG_RESULT([no]) ]
202		)
203		CFLAGS="$saved_CFLAGS"
204		LDFLAGS="$saved_LDFLAGS"
205	    done
206	fi
207
208	if test -z "$have_llong_max"; then
209		# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
210		unset ac_cv_have_decl_LLONG_MAX
211		saved_CFLAGS="$CFLAGS"
212		CFLAGS="$CFLAGS -std=gnu99"
213		AC_CHECK_DECL([LLONG_MAX],
214		    [have_llong_max=1],
215		    [CFLAGS="$saved_CFLAGS"],
216		    [#include <limits.h>]
217		)
218	fi
219fi
220
221AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
222AC_COMPILE_IFELSE(
223    [AC_LANG_PROGRAM([[
224#include <stdlib.h>
225__attribute__((__unused__)) static void foo(void){return;}]],
226    [[ exit(0); ]])],
227    [ AC_MSG_RESULT([yes]) ],
228    [ AC_MSG_RESULT([no])
229      AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
230	 [compiler does not accept __attribute__ on return types]) ]
231)
232
233if test "x$no_attrib_nonnull" != "x1" ; then
234	AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
235fi
236
237AC_ARG_WITH([rpath],
238	[  --without-rpath         Disable auto-added -R linker paths],
239	[
240		if test "x$withval" = "xno" ; then
241			need_dash_r=""
242		fi
243		if test "x$withval" = "xyes" ; then
244			need_dash_r=1
245		fi
246	]
247)
248
249# Allow user to specify flags
250AC_ARG_WITH([cflags],
251	[  --with-cflags           Specify additional flags to pass to compiler],
252	[
253		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
254		    test "x${withval}" != "xyes"; then
255			CFLAGS="$CFLAGS $withval"
256		fi
257	]
258)
259AC_ARG_WITH([cppflags],
260	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
261	[
262		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
263		    test "x${withval}" != "xyes"; then
264			CPPFLAGS="$CPPFLAGS $withval"
265		fi
266	]
267)
268AC_ARG_WITH([ldflags],
269	[  --with-ldflags          Specify additional flags to pass to linker],
270	[
271		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
272		    test "x${withval}" != "xyes"; then
273			LDFLAGS="$LDFLAGS $withval"
274		fi
275	]
276)
277AC_ARG_WITH([libs],
278	[  --with-libs             Specify additional libraries to link with],
279	[
280		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
281		    test "x${withval}" != "xyes"; then
282			LIBS="$LIBS $withval"
283		fi
284	]
285)
286AC_ARG_WITH([Werror],
287	[  --with-Werror           Build main code with -Werror],
288	[
289		if test -n "$withval"  &&  test "x$withval" != "xno"; then
290			werror_flags="-Werror"
291			if test "x${withval}" != "xyes"; then
292				werror_flags="$withval"
293			fi
294		fi
295	]
296)
297
298AC_CHECK_HEADERS([ \
299	bstring.h \
300	crypt.h \
301	crypto/sha2.h \
302	dirent.h \
303	endian.h \
304	elf.h \
305	features.h \
306	fcntl.h \
307	floatingpoint.h \
308	getopt.h \
309	glob.h \
310	ia.h \
311	iaf.h \
312	limits.h \
313	locale.h \
314	login.h \
315	maillock.h \
316	ndir.h \
317	net/if_tun.h \
318	netdb.h \
319	netgroup.h \
320	pam/pam_appl.h \
321	paths.h \
322	poll.h \
323	pty.h \
324	readpassphrase.h \
325	rpc/types.h \
326	security/pam_appl.h \
327	sha2.h \
328	shadow.h \
329	stddef.h \
330	stdint.h \
331	string.h \
332	strings.h \
333	sys/audit.h \
334	sys/bitypes.h \
335	sys/bsdtty.h \
336	sys/cdefs.h \
337	sys/dir.h \
338	sys/mman.h \
339	sys/ndir.h \
340	sys/poll.h \
341	sys/prctl.h \
342	sys/pstat.h \
343	sys/select.h \
344	sys/stat.h \
345	sys/stream.h \
346	sys/stropts.h \
347	sys/strtio.h \
348	sys/statvfs.h \
349	sys/sysmacros.h \
350	sys/time.h \
351	sys/timers.h \
352	time.h \
353	tmpdir.h \
354	ttyent.h \
355	ucred.h \
356	unistd.h \
357	usersec.h \
358	util.h \
359	utime.h \
360	utmp.h \
361	utmpx.h \
362	vis.h \
363])
364
365# lastlog.h requires sys/time.h to be included first on Solaris
366AC_CHECK_HEADERS([lastlog.h], [], [], [
367#ifdef HAVE_SYS_TIME_H
368# include <sys/time.h>
369#endif
370])
371
372# sys/ptms.h requires sys/stream.h to be included first on Solaris
373AC_CHECK_HEADERS([sys/ptms.h], [], [], [
374#ifdef HAVE_SYS_STREAM_H
375# include <sys/stream.h>
376#endif
377])
378
379# login_cap.h requires sys/types.h on NetBSD
380AC_CHECK_HEADERS([login_cap.h], [], [], [
381#include <sys/types.h>
382])
383
384# older BSDs need sys/param.h before sys/mount.h
385AC_CHECK_HEADERS([sys/mount.h], [], [], [
386#include <sys/param.h>
387])
388
389# Android requires sys/socket.h to be included before sys/un.h
390AC_CHECK_HEADERS([sys/un.h], [], [], [
391#include <sys/types.h>
392#include <sys/socket.h>
393])
394
395# Messages for features tested for in target-specific section
396SIA_MSG="no"
397SPC_MSG="no"
398SP_MSG="no"
399
400# Check for some target-specific stuff
401case "$host" in
402*-*-aix*)
403	# Some versions of VAC won't allow macro redefinitions at
404	# -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
405	# particularly with older versions of vac or xlc.
406	# It also throws errors about null macro argments, but these are
407	# not fatal.
408	AC_MSG_CHECKING([if compiler allows macro redefinitions])
409	AC_COMPILE_IFELSE(
410	    [AC_LANG_PROGRAM([[
411#define testmacro foo
412#define testmacro bar]],
413	    [[ exit(0); ]])],
414	    [ AC_MSG_RESULT([yes]) ],
415	    [ AC_MSG_RESULT([no])
416	      CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
417	      LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
418	      CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
419	      CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
420	    ]
421	)
422
423	AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
424	if (test -z "$blibpath"); then
425		blibpath="/usr/lib:/lib"
426	fi
427	saved_LDFLAGS="$LDFLAGS"
428	if test "$GCC" = "yes"; then
429		flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
430	else
431		flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
432	fi
433	for tryflags in $flags ;do
434		if (test -z "$blibflags"); then
435			LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
436			AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
437			[blibflags=$tryflags], [])
438		fi
439	done
440	if (test -z "$blibflags"); then
441		AC_MSG_RESULT([not found])
442		AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
443	else
444		AC_MSG_RESULT([$blibflags])
445	fi
446	LDFLAGS="$saved_LDFLAGS"
447	dnl Check for authenticate.  Might be in libs.a on older AIXes
448	AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
449		[Define if you want to enable AIX4's authenticate function])],
450		[AC_CHECK_LIB([s], [authenticate],
451			[ AC_DEFINE([WITH_AIXAUTHENTICATE])
452				LIBS="$LIBS -ls"
453			])
454		])
455	dnl Check for various auth function declarations in headers.
456	AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
457	    passwdexpired, setauthdb], , , [#include <usersec.h>])
458	dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
459	AC_CHECK_DECLS([loginfailed],
460	    [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
461	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
462		[[ (void)loginfailed("user","host","tty",0); ]])],
463		[AC_MSG_RESULT([yes])
464		AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
465			[Define if your AIX loginfailed() function
466			takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
467	    ])],
468	    [],
469	    [#include <usersec.h>]
470	)
471	AC_CHECK_FUNCS([getgrset setauthdb])
472	AC_CHECK_DECL([F_CLOSEM],
473	    AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
474	    [],
475	    [ #include <limits.h>
476	      #include <fcntl.h> ]
477	)
478	check_for_aix_broken_getaddrinfo=1
479	AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
480	AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
481	    [Define if your platform breaks doing a seteuid before a setuid])
482	AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
483	AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
484	dnl AIX handles lastlog as part of its login message
485	AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
486	AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
487		[Some systems need a utmpx entry for /bin/login to work])
488	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
489		[Define to a Set Process Title type if your system is
490		supported by bsd-setproctitle.c])
491	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
492	    [AIX 5.2 and 5.3 (and presumably newer) require this])
493	AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
494	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
495	;;
496*-*-android*)
497	AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
498	AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
499	;;
500*-*-cygwin*)
501	check_for_libcrypt_later=1
502	LIBS="$LIBS /usr/lib/textreadmode.o"
503	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
504	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
505	AC_DEFINE([DISABLE_SHADOW], [1],
506		[Define if you want to disable shadow passwords])
507	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
508		[Define if X11 doesn't support AF_UNIX sockets on that system])
509	AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
510		[Define if the concept of ports only accessible to
511		superusers isn't known])
512	AC_DEFINE([DISABLE_FD_PASSING], [1],
513		[Define if your platform needs to skip post auth
514		file descriptor passing])
515	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
516	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
517	;;
518*-*-dgux*)
519	AC_DEFINE([IP_TOS_IS_BROKEN], [1],
520		[Define if your system choked on IP TOS setting])
521	AC_DEFINE([SETEUID_BREAKS_SETUID])
522	AC_DEFINE([BROKEN_SETREUID])
523	AC_DEFINE([BROKEN_SETREGID])
524	;;
525*-*-darwin*)
526	AC_MSG_CHECKING([if we have working getaddrinfo])
527	AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
528main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
529		exit(0);
530	else
531		exit(1);
532}
533			]])],
534	[AC_MSG_RESULT([working])],
535	[AC_MSG_RESULT([buggy])
536	AC_DEFINE([BROKEN_GETADDRINFO], [1],
537		[getaddrinfo is broken (if present)])
538	],
539	[AC_MSG_RESULT([assume it is working])])
540	AC_DEFINE([SETEUID_BREAKS_SETUID])
541	AC_DEFINE([BROKEN_SETREUID])
542	AC_DEFINE([BROKEN_SETREGID])
543	AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
544	AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
545		[Define if your resolver libs need this for getrrsetbyname])
546	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
547	AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
548	    [Use tunnel device compatibility to OpenBSD])
549	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
550	    [Prepend the address family to IP tunnel traffic])
551	m4_pattern_allow([AU_IPv])
552	AC_CHECK_DECL([AU_IPv4], [],
553	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
554	    [#include <bsm/audit.h>]
555	AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
556	    [Define if pututxline updates lastlog too])
557	)
558	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
559		[Define to a Set Process Title type if your system is
560		supported by bsd-setproctitle.c])
561	AC_CHECK_FUNCS([sandbox_init])
562	AC_CHECK_HEADERS([sandbox.h])
563	;;
564*-*-dragonfly*)
565	SSHDLIBS="$SSHDLIBS -lcrypt"
566	;;
567*-*-haiku*)
568    LIBS="$LIBS -lbsd "
569    AC_CHECK_LIB([network], [socket])
570    AC_DEFINE([HAVE_U_INT64_T])
571    MANTYPE=man
572    ;;
573*-*-hpux*)
574	# first we define all of the options common to all HP-UX releases
575	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
576	IPADDR_IN_DISPLAY=yes
577	AC_DEFINE([USE_PIPES])
578	AC_DEFINE([LOGIN_NO_ENDOPT], [1],
579	    [Define if your login program cannot handle end of options ("--")])
580	AC_DEFINE([LOGIN_NEEDS_UTMPX])
581	AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
582		[String used in /etc/passwd to denote locked account])
583	AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
584	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
585	maildir="/var/mail"
586	LIBS="$LIBS -lsec"
587	AC_CHECK_LIB([xnet], [t_error], ,
588	    [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
589
590	# next, we define all of the options specific to major releases
591	case "$host" in
592	*-*-hpux10*)
593		if test -z "$GCC"; then
594			CFLAGS="$CFLAGS -Ae"
595		fi
596		;;
597	*-*-hpux11*)
598		AC_DEFINE([PAM_SUN_CODEBASE], [1],
599			[Define if you are using Solaris-derived PAM which
600			passes pam_messages to the conversation function
601			with an extra level of indirection])
602		AC_DEFINE([DISABLE_UTMP], [1],
603			[Define if you don't want to use utmp])
604		AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
605		check_for_hpux_broken_getaddrinfo=1
606		check_for_conflicting_getspnam=1
607		;;
608	esac
609
610	# lastly, we define options specific to minor releases
611	case "$host" in
612	*-*-hpux10.26)
613		AC_DEFINE([HAVE_SECUREWARE], [1],
614			[Define if you have SecureWare-based
615			protected password database])
616		disable_ptmx_check=yes
617		LIBS="$LIBS -lsecpw"
618		;;
619	esac
620	;;
621*-*-irix5*)
622	PATH="$PATH:/usr/etc"
623	AC_DEFINE([BROKEN_INET_NTOA], [1],
624		[Define if you system's inet_ntoa is busted
625		(e.g. Irix gcc issue)])
626	AC_DEFINE([SETEUID_BREAKS_SETUID])
627	AC_DEFINE([BROKEN_SETREUID])
628	AC_DEFINE([BROKEN_SETREGID])
629	AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
630		[Define if you shouldn't strip 'tty' from your
631		ttyname in [uw]tmp])
632	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
633	;;
634*-*-irix6*)
635	PATH="$PATH:/usr/etc"
636	AC_DEFINE([WITH_IRIX_ARRAY], [1],
637		[Define if you have/want arrays
638		(cluster-wide session managment, not C arrays)])
639	AC_DEFINE([WITH_IRIX_PROJECT], [1],
640		[Define if you want IRIX project management])
641	AC_DEFINE([WITH_IRIX_AUDIT], [1],
642		[Define if you want IRIX audit trails])
643	AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
644		[Define if you want IRIX kernel jobs])])
645	AC_DEFINE([BROKEN_INET_NTOA])
646	AC_DEFINE([SETEUID_BREAKS_SETUID])
647	AC_DEFINE([BROKEN_SETREUID])
648	AC_DEFINE([BROKEN_SETREGID])
649	AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
650	AC_DEFINE([WITH_ABBREV_NO_TTY])
651	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
652	;;
653*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
654	check_for_libcrypt_later=1
655	AC_DEFINE([PAM_TTY_KLUDGE])
656	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
657	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
658	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
659	AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
660	;;
661*-*-linux*)
662	no_dev_ptmx=1
663	check_for_libcrypt_later=1
664	check_for_openpty_ctty_bug=1
665	AC_DEFINE([PAM_TTY_KLUDGE], [1],
666		[Work around problematic Linux PAM modules handling of PAM_TTY])
667	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
668		[String used in /etc/passwd to denote locked account])
669	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
670	AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
671		[Define to whatever link() returns for "not supported"
672		if it doesn't return EOPNOTSUPP.])
673	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
674	AC_DEFINE([USE_BTMP])
675	AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
676	inet6_default_4in6=yes
677	case `uname -r` in
678	1.*|2.0.*)
679		AC_DEFINE([BROKEN_CMSG_TYPE], [1],
680			[Define if cmsg_type is not passed correctly])
681		;;
682	esac
683	# tun(4) forwarding compat code
684	AC_CHECK_HEADERS([linux/if_tun.h])
685	if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
686		AC_DEFINE([SSH_TUN_LINUX], [1],
687		    [Open tunnel devices the Linux tun/tap way])
688		AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
689		    [Use tunnel device compatibility to OpenBSD])
690		AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
691		    [Prepend the address family to IP tunnel traffic])
692	fi
693	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
694	    [], [#include <linux/types.h>])
695	AC_CHECK_FUNCS([prctl])
696	AC_MSG_CHECKING([for seccomp architecture])
697	seccomp_audit_arch=
698	case "$host" in
699	x86_64-*)
700		seccomp_audit_arch=AUDIT_ARCH_X86_64
701		;;
702	i*86-*)
703		seccomp_audit_arch=AUDIT_ARCH_I386
704		;;
705        arm*-*)
706		seccomp_audit_arch=AUDIT_ARCH_ARM
707                ;;
708	esac
709	if test "x$seccomp_audit_arch" != "x" ; then
710		AC_MSG_RESULT(["$seccomp_audit_arch"])
711                AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
712                    [Specify the system call convention in use])
713	else
714		AC_MSG_RESULT([architecture not supported])
715	fi
716	;;
717mips-sony-bsd|mips-sony-newsos4)
718	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
719	SONY=1
720	;;
721*-*-netbsd*)
722	check_for_libcrypt_before=1
723	if test "x$withval" != "xno" ; then
724		need_dash_r=1
725	fi
726	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
727	AC_CHECK_HEADER([net/if_tap.h], ,
728	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
729	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
730	    [Prepend the address family to IP tunnel traffic])
731	;;
732*-*-freebsd*)
733	check_for_libcrypt_later=1
734	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
735	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
736	AC_CHECK_HEADER([net/if_tap.h], ,
737	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
738	AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
739	AC_DEFINE([BROKEN_STRNVIS], [1], [FreeBSD strnvis does not do what we need])
740	;;
741*-*-bsdi*)
742	AC_DEFINE([SETEUID_BREAKS_SETUID])
743	AC_DEFINE([BROKEN_SETREUID])
744	AC_DEFINE([BROKEN_SETREGID])
745	;;
746*-next-*)
747	conf_lastlog_location="/usr/adm/lastlog"
748	conf_utmp_location=/etc/utmp
749	conf_wtmp_location=/usr/adm/wtmp
750	maildir=/usr/spool/mail
751	AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
752	AC_DEFINE([BROKEN_REALPATH])
753	AC_DEFINE([USE_PIPES])
754	AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
755	;;
756*-*-openbsd*)
757	AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
758	AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
759	AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
760	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
761	    [syslog_r function is safe to use in in a signal handler])
762	;;
763*-*-solaris*)
764	if test "x$withval" != "xno" ; then
765		need_dash_r=1
766	fi
767	AC_DEFINE([PAM_SUN_CODEBASE])
768	AC_DEFINE([LOGIN_NEEDS_UTMPX])
769	AC_DEFINE([LOGIN_NEEDS_TERM], [1],
770		[Some versions of /bin/login need the TERM supplied
771		on the commandline])
772	AC_DEFINE([PAM_TTY_KLUDGE])
773	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
774		[Define if pam_chauthtok wants real uid set
775		to the unpriv'ed user])
776	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
777	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
778	AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
779		[Define if sshd somehow reacquires a controlling TTY
780		after setsid()])
781	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
782		in case the name is longer than 8 chars])
783	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
784	external_path_file=/etc/default/login
785	# hardwire lastlog location (can't detect it on some versions)
786	conf_lastlog_location="/var/adm/lastlog"
787	AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
788	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
789	if test "$sol2ver" -ge 8; then
790		AC_MSG_RESULT([yes])
791		AC_DEFINE([DISABLE_UTMP])
792		AC_DEFINE([DISABLE_WTMP], [1],
793			[Define if you don't want to use wtmp])
794	else
795		AC_MSG_RESULT([no])
796	fi
797	AC_ARG_WITH([solaris-contracts],
798		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
799		[
800		AC_CHECK_LIB([contract], [ct_tmpl_activate],
801			[ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
802				[Define if you have Solaris process contracts])
803			  SSHDLIBS="$SSHDLIBS -lcontract"
804			  SPC_MSG="yes" ], )
805		],
806	)
807	AC_ARG_WITH([solaris-projects],
808		[  --with-solaris-projects Enable Solaris projects (experimental)],
809		[
810		AC_CHECK_LIB([project], [setproject],
811			[ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
812				[Define if you have Solaris projects])
813			SSHDLIBS="$SSHDLIBS -lproject"
814			SP_MSG="yes" ], )
815		],
816	)
817	TEST_SHELL=$SHELL	# let configure find us a capable shell
818	;;
819*-*-sunos4*)
820	CPPFLAGS="$CPPFLAGS -DSUNOS4"
821	AC_CHECK_FUNCS([getpwanam])
822	AC_DEFINE([PAM_SUN_CODEBASE])
823	conf_utmp_location=/etc/utmp
824	conf_wtmp_location=/var/adm/wtmp
825	conf_lastlog_location=/var/adm/lastlog
826	AC_DEFINE([USE_PIPES])
827	;;
828*-ncr-sysv*)
829	LIBS="$LIBS -lc89"
830	AC_DEFINE([USE_PIPES])
831	AC_DEFINE([SSHD_ACQUIRES_CTTY])
832	AC_DEFINE([SETEUID_BREAKS_SETUID])
833	AC_DEFINE([BROKEN_SETREUID])
834	AC_DEFINE([BROKEN_SETREGID])
835	;;
836*-sni-sysv*)
837	# /usr/ucblib MUST NOT be searched on ReliantUNIX
838	AC_CHECK_LIB([dl], [dlsym], ,)
839	# -lresolv needs to be at the end of LIBS or DNS lookups break
840	AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
841	IPADDR_IN_DISPLAY=yes
842	AC_DEFINE([USE_PIPES])
843	AC_DEFINE([IP_TOS_IS_BROKEN])
844	AC_DEFINE([SETEUID_BREAKS_SETUID])
845	AC_DEFINE([BROKEN_SETREUID])
846	AC_DEFINE([BROKEN_SETREGID])
847	AC_DEFINE([SSHD_ACQUIRES_CTTY])
848	external_path_file=/etc/default/login
849	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
850	# Attention: always take care to bind libsocket and libnsl before libc,
851	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
852	;;
853# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
854*-*-sysv4.2*)
855	AC_DEFINE([USE_PIPES])
856	AC_DEFINE([SETEUID_BREAKS_SETUID])
857	AC_DEFINE([BROKEN_SETREUID])
858	AC_DEFINE([BROKEN_SETREGID])
859	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
860	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
861	TEST_SHELL=$SHELL	# let configure find us a capable shell
862	;;
863# UnixWare 7.x, OpenUNIX 8
864*-*-sysv5*)
865	CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
866	AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
867	AC_DEFINE([USE_PIPES])
868	AC_DEFINE([SETEUID_BREAKS_SETUID])
869	AC_DEFINE([BROKEN_GETADDRINFO])
870	AC_DEFINE([BROKEN_SETREUID])
871	AC_DEFINE([BROKEN_SETREGID])
872	AC_DEFINE([PASSWD_NEEDS_USERNAME])
873	TEST_SHELL=$SHELL	# let configure find us a capable shell
874	case "$host" in
875	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
876		maildir=/var/spool/mail
877		AC_DEFINE([BROKEN_LIBIAF], [1],
878			[ia_uinfo routines not supported by OS yet])
879		AC_DEFINE([BROKEN_UPDWTMPX])
880		AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
881			AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
882			AC_DEFINE([HAVE_SECUREWARE])
883			AC_DEFINE([DISABLE_SHADOW])
884			], , )
885		;;
886	*)	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
887		check_for_libcrypt_later=1
888		;;
889	esac
890	;;
891*-*-sysv*)
892	;;
893# SCO UNIX and OEM versions of SCO UNIX
894*-*-sco3.2v4*)
895	AC_MSG_ERROR("This Platform is no longer supported.")
896	;;
897# SCO OpenServer 5.x
898*-*-sco3.2v5*)
899	if test -z "$GCC"; then
900		CFLAGS="$CFLAGS -belf"
901	fi
902	LIBS="$LIBS -lprot -lx -ltinfo -lm"
903	no_dev_ptmx=1
904	AC_DEFINE([USE_PIPES])
905	AC_DEFINE([HAVE_SECUREWARE])
906	AC_DEFINE([DISABLE_SHADOW])
907	AC_DEFINE([DISABLE_FD_PASSING])
908	AC_DEFINE([SETEUID_BREAKS_SETUID])
909	AC_DEFINE([BROKEN_GETADDRINFO])
910	AC_DEFINE([BROKEN_SETREUID])
911	AC_DEFINE([BROKEN_SETREGID])
912	AC_DEFINE([WITH_ABBREV_NO_TTY])
913	AC_DEFINE([BROKEN_UPDWTMPX])
914	AC_DEFINE([PASSWD_NEEDS_USERNAME])
915	AC_CHECK_FUNCS([getluid setluid])
916	MANTYPE=man
917	TEST_SHELL=$SHELL	# let configure find us a capable shell
918	SKIP_DISABLE_LASTLOG_DEFINE=yes
919	;;
920*-*-unicosmk*)
921	AC_DEFINE([NO_SSH_LASTLOG], [1],
922		[Define if you don't want to use lastlog in session.c])
923	AC_DEFINE([SETEUID_BREAKS_SETUID])
924	AC_DEFINE([BROKEN_SETREUID])
925	AC_DEFINE([BROKEN_SETREGID])
926	AC_DEFINE([USE_PIPES])
927	AC_DEFINE([DISABLE_FD_PASSING])
928	LDFLAGS="$LDFLAGS"
929	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
930	MANTYPE=cat
931	;;
932*-*-unicosmp*)
933	AC_DEFINE([SETEUID_BREAKS_SETUID])
934	AC_DEFINE([BROKEN_SETREUID])
935	AC_DEFINE([BROKEN_SETREGID])
936	AC_DEFINE([WITH_ABBREV_NO_TTY])
937	AC_DEFINE([USE_PIPES])
938	AC_DEFINE([DISABLE_FD_PASSING])
939	LDFLAGS="$LDFLAGS"
940	LIBS="$LIBS -lgen -lacid -ldb"
941	MANTYPE=cat
942	;;
943*-*-unicos*)
944	AC_DEFINE([SETEUID_BREAKS_SETUID])
945	AC_DEFINE([BROKEN_SETREUID])
946	AC_DEFINE([BROKEN_SETREGID])
947	AC_DEFINE([USE_PIPES])
948	AC_DEFINE([DISABLE_FD_PASSING])
949	AC_DEFINE([NO_SSH_LASTLOG])
950	LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
951	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
952	MANTYPE=cat
953	;;
954*-dec-osf*)
955	AC_MSG_CHECKING([for Digital Unix SIA])
956	no_osfsia=""
957	AC_ARG_WITH([osfsia],
958		[  --with-osfsia           Enable Digital Unix SIA],
959		[
960			if test "x$withval" = "xno" ; then
961				AC_MSG_RESULT([disabled])
962				no_osfsia=1
963			fi
964		],
965	)
966	if test -z "$no_osfsia" ; then
967		if test -f /etc/sia/matrix.conf; then
968			AC_MSG_RESULT([yes])
969			AC_DEFINE([HAVE_OSF_SIA], [1],
970				[Define if you have Digital Unix Security
971				Integration Architecture])
972			AC_DEFINE([DISABLE_LOGIN], [1],
973				[Define if you don't want to use your
974				system's login() call])
975			AC_DEFINE([DISABLE_FD_PASSING])
976			LIBS="$LIBS -lsecurity -ldb -lm -laud"
977			SIA_MSG="yes"
978		else
979			AC_MSG_RESULT([no])
980			AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
981			  [String used in /etc/passwd to denote locked account])
982		fi
983	fi
984	AC_DEFINE([BROKEN_GETADDRINFO])
985	AC_DEFINE([SETEUID_BREAKS_SETUID])
986	AC_DEFINE([BROKEN_SETREUID])
987	AC_DEFINE([BROKEN_SETREGID])
988	AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
989	;;
990
991*-*-nto-qnx*)
992	AC_DEFINE([USE_PIPES])
993	AC_DEFINE([NO_X11_UNIX_SOCKETS])
994	AC_DEFINE([DISABLE_LASTLOG])
995	AC_DEFINE([SSHD_ACQUIRES_CTTY])
996	AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
997	enable_etc_default_login=no	# has incompatible /etc/default/login
998	case "$host" in
999	*-*-nto-qnx6*)
1000		AC_DEFINE([DISABLE_FD_PASSING])
1001		;;
1002	esac
1003	;;
1004
1005*-*-ultrix*)
1006	AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1007	AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1008	AC_DEFINE([NEED_SETPGRP])
1009	AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1010	;;
1011
1012*-*-lynxos)
1013        CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1014        AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1015        ;;
1016esac
1017
1018AC_MSG_CHECKING([compiler and flags for sanity])
1019AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1020	[	AC_MSG_RESULT([yes]) ],
1021	[
1022		AC_MSG_RESULT([no])
1023		AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1024	],
1025	[	AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1026)
1027
1028dnl Checks for header files.
1029# Checks for libraries.
1030AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
1031AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1032
1033dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1034AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1035	AC_CHECK_LIB([gen], [dirname], [
1036		AC_CACHE_CHECK([for broken dirname],
1037			ac_cv_have_broken_dirname, [
1038			save_LIBS="$LIBS"
1039			LIBS="$LIBS -lgen"
1040			AC_RUN_IFELSE(
1041				[AC_LANG_SOURCE([[
1042#include <libgen.h>
1043#include <string.h>
1044
1045int main(int argc, char **argv) {
1046    char *s, buf[32];
1047
1048    strncpy(buf,"/etc", 32);
1049    s = dirname(buf);
1050    if (!s || strncmp(s, "/", 32) != 0) {
1051	exit(1);
1052    } else {
1053	exit(0);
1054    }
1055}
1056				]])],
1057				[ ac_cv_have_broken_dirname="no" ],
1058				[ ac_cv_have_broken_dirname="yes" ],
1059				[ ac_cv_have_broken_dirname="no" ],
1060			)
1061			LIBS="$save_LIBS"
1062		])
1063		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1064			LIBS="$LIBS -lgen"
1065			AC_DEFINE([HAVE_DIRNAME])
1066			AC_CHECK_HEADERS([libgen.h])
1067		fi
1068	])
1069])
1070
1071AC_CHECK_FUNC([getspnam], ,
1072	[AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1073AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1074	[Define if you have the basename function.])])
1075
1076dnl zlib is required
1077AC_ARG_WITH([zlib],
1078	[  --with-zlib=PATH        Use zlib in PATH],
1079	[ if test "x$withval" = "xno" ; then
1080		AC_MSG_ERROR([*** zlib is required ***])
1081	  elif test "x$withval" != "xyes"; then
1082		if test -d "$withval/lib"; then
1083			if test -n "${need_dash_r}"; then
1084				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1085			else
1086				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1087			fi
1088		else
1089			if test -n "${need_dash_r}"; then
1090				LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1091			else
1092				LDFLAGS="-L${withval} ${LDFLAGS}"
1093			fi
1094		fi
1095		if test -d "$withval/include"; then
1096			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1097		else
1098			CPPFLAGS="-I${withval} ${CPPFLAGS}"
1099		fi
1100	fi ]
1101)
1102
1103AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1104AC_CHECK_LIB([z], [deflate], ,
1105	[
1106		saved_CPPFLAGS="$CPPFLAGS"
1107		saved_LDFLAGS="$LDFLAGS"
1108		save_LIBS="$LIBS"
1109		dnl Check default zlib install dir
1110		if test -n "${need_dash_r}"; then
1111			LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1112		else
1113			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1114		fi
1115		CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1116		LIBS="$LIBS -lz"
1117		AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1118			[
1119				AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1120			]
1121		)
1122	]
1123)
1124
1125AC_ARG_WITH([zlib-version-check],
1126	[  --without-zlib-version-check Disable zlib version check],
1127	[  if test "x$withval" = "xno" ; then
1128		zlib_check_nonfatal=1
1129	   fi
1130	]
1131)
1132
1133AC_MSG_CHECKING([for possibly buggy zlib])
1134AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1135#include <stdio.h>
1136#include <stdlib.h>
1137#include <zlib.h>
1138	]],
1139	[[
1140	int a=0, b=0, c=0, d=0, n, v;
1141	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1142	if (n != 3 && n != 4)
1143		exit(1);
1144	v = a*1000000 + b*10000 + c*100 + d;
1145	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1146
1147	/* 1.1.4 is OK */
1148	if (a == 1 && b == 1 && c >= 4)
1149		exit(0);
1150
1151	/* 1.2.3 and up are OK */
1152	if (v >= 1020300)
1153		exit(0);
1154
1155	exit(2);
1156	]])],
1157	AC_MSG_RESULT([no]),
1158	[ AC_MSG_RESULT([yes])
1159	  if test -z "$zlib_check_nonfatal" ; then
1160		AC_MSG_ERROR([*** zlib too old - check config.log ***
1161Your reported zlib version has known security problems.  It's possible your
1162vendor has fixed these problems without changing the version number.  If you
1163are sure this is the case, you can disable the check by running
1164"./configure --without-zlib-version-check".
1165If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1166See http://www.gzip.org/zlib/ for details.])
1167	  else
1168		AC_MSG_WARN([zlib version may have security problems])
1169	  fi
1170	],
1171	[	AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1172)
1173
1174dnl UnixWare 2.x
1175AC_CHECK_FUNC([strcasecmp],
1176	[], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1177)
1178AC_CHECK_FUNCS([utimes],
1179	[], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1180					LIBS="$LIBS -lc89"]) ]
1181)
1182
1183dnl    Checks for libutil functions
1184AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1185AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1186AC_SEARCH_LIBS([scan_scaled], [util bsd])
1187AC_SEARCH_LIBS([login], [util bsd])
1188AC_SEARCH_LIBS([logout], [util bsd])
1189AC_SEARCH_LIBS([logwtmp], [util bsd])
1190AC_SEARCH_LIBS([openpty], [util bsd])
1191AC_SEARCH_LIBS([updwtmp], [util bsd])
1192AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1193
1194AC_FUNC_STRFTIME
1195
1196# Check for ALTDIRFUNC glob() extension
1197AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1198AC_EGREP_CPP([FOUNDIT],
1199	[
1200		#include <glob.h>
1201		#ifdef GLOB_ALTDIRFUNC
1202		FOUNDIT
1203		#endif
1204	],
1205	[
1206		AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1207			[Define if your system glob() function has
1208			the GLOB_ALTDIRFUNC extension])
1209		AC_MSG_RESULT([yes])
1210	],
1211	[
1212		AC_MSG_RESULT([no])
1213	]
1214)
1215
1216# Check for g.gl_matchc glob() extension
1217AC_MSG_CHECKING([for gl_matchc field in glob_t])
1218AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1219	[[ glob_t g; g.gl_matchc = 1; ]])],
1220	[
1221		AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1222			[Define if your system glob() function has
1223			gl_matchc options in glob_t])
1224		AC_MSG_RESULT([yes])
1225	], [
1226		AC_MSG_RESULT([no])
1227])
1228
1229# Check for g.gl_statv glob() extension
1230AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1231AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1232#ifndef GLOB_KEEPSTAT
1233#error "glob does not support GLOB_KEEPSTAT extension"
1234#endif
1235glob_t g;
1236g.gl_statv = NULL;
1237]])],
1238	[
1239		AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1240			[Define if your system glob() function has
1241			gl_statv options in glob_t])
1242		AC_MSG_RESULT([yes])
1243	], [
1244		AC_MSG_RESULT([no])
1245
1246])
1247
1248AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1249
1250AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1251AC_RUN_IFELSE(
1252	[AC_LANG_PROGRAM([[
1253#include <sys/types.h>
1254#include <dirent.h>]],
1255	[[
1256	struct dirent d;
1257	exit(sizeof(d.d_name)<=sizeof(char));
1258	]])],
1259	[AC_MSG_RESULT([yes])],
1260	[
1261		AC_MSG_RESULT([no])
1262		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1263			[Define if your struct dirent expects you to
1264			allocate extra space for d_name])
1265	],
1266	[
1267		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1268		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1269	]
1270)
1271
1272AC_MSG_CHECKING([for /proc/pid/fd directory])
1273if test -d "/proc/$$/fd" ; then
1274	AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1275	AC_MSG_RESULT([yes])
1276else
1277	AC_MSG_RESULT([no])
1278fi
1279
1280# Check whether user wants S/Key support
1281SKEY_MSG="no"
1282AC_ARG_WITH([skey],
1283	[  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
1284	[
1285		if test "x$withval" != "xno" ; then
1286
1287			if test "x$withval" != "xyes" ; then
1288				CPPFLAGS="$CPPFLAGS -I${withval}/include"
1289				LDFLAGS="$LDFLAGS -L${withval}/lib"
1290			fi
1291
1292			AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1293			LIBS="-lskey $LIBS"
1294			SKEY_MSG="yes"
1295
1296			AC_MSG_CHECKING([for s/key support])
1297			AC_LINK_IFELSE(
1298				[AC_LANG_PROGRAM([[
1299#include <stdio.h>
1300#include <skey.h>
1301				]], [[
1302	char *ff = skey_keyinfo(""); ff="";
1303	exit(0);
1304				]])],
1305				[AC_MSG_RESULT([yes])],
1306				[
1307					AC_MSG_RESULT([no])
1308					AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1309				])
1310                 	AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1311			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1312#include <stdio.h>
1313#include <skey.h>
1314				]], [[
1315	(void)skeychallenge(NULL,"name","",0);
1316				]])],
1317			[
1318				AC_MSG_RESULT([yes])
1319				AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1320					[Define if your skeychallenge()
1321					function takes 4 arguments (NetBSD)])],
1322			[
1323				AC_MSG_RESULT([no])
1324			])
1325		fi
1326	]
1327)
1328
1329# Check whether user wants TCP wrappers support
1330TCPW_MSG="no"
1331AC_ARG_WITH([tcp-wrappers],
1332	[  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1333	[
1334		if test "x$withval" != "xno" ; then
1335			saved_LIBS="$LIBS"
1336			saved_LDFLAGS="$LDFLAGS"
1337			saved_CPPFLAGS="$CPPFLAGS"
1338			if test -n "${withval}" && \
1339			    test "x${withval}" != "xyes"; then
1340				if test -d "${withval}/lib"; then
1341					if test -n "${need_dash_r}"; then
1342						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1343					else
1344						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1345					fi
1346				else
1347					if test -n "${need_dash_r}"; then
1348						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1349					else
1350						LDFLAGS="-L${withval} ${LDFLAGS}"
1351					fi
1352				fi
1353				if test -d "${withval}/include"; then
1354					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1355				else
1356					CPPFLAGS="-I${withval} ${CPPFLAGS}"
1357				fi
1358			fi
1359			LIBS="-lwrap $LIBS"
1360			AC_MSG_CHECKING([for libwrap])
1361			AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1362#include <sys/types.h>
1363#include <sys/socket.h>
1364#include <netinet/in.h>
1365#include <tcpd.h>
1366int deny_severity = 0, allow_severity = 0;
1367				]], [[
1368	hosts_access(0);
1369				]])], [
1370					AC_MSG_RESULT([yes])
1371					AC_DEFINE([LIBWRAP], [1],
1372						[Define if you want
1373						TCP Wrappers support])
1374					SSHDLIBS="$SSHDLIBS -lwrap"
1375					TCPW_MSG="yes"
1376				], [
1377					AC_MSG_ERROR([*** libwrap missing])
1378
1379			])
1380			LIBS="$saved_LIBS"
1381		fi
1382	]
1383)
1384
1385# Check whether user wants to use ldns
1386LDNS_MSG="no"
1387AC_ARG_WITH(ldns,
1388	[  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
1389    [
1390        if test "x$withval" != "xno" ; then
1391
1392			if test "x$withval" != "xyes" ; then
1393				CPPFLAGS="$CPPFLAGS -I${withval}/include"
1394				LDFLAGS="$LDFLAGS -L${withval}/lib"
1395			fi
1396
1397            AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1398            LIBS="-lldns $LIBS"
1399            LDNS_MSG="yes"
1400
1401            AC_MSG_CHECKING([for ldns support])
1402            AC_LINK_IFELSE(
1403                [AC_LANG_SOURCE([[
1404#include <stdio.h>
1405#include <stdlib.h>
1406#include <stdint.h>
1407#include <ldns/ldns.h>
1408int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1409                                ]])
1410                ],
1411				[AC_MSG_RESULT(yes)],
1412				[
1413					AC_MSG_RESULT(no)
1414					AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1415				])
1416        fi
1417    ]
1418)
1419
1420# Check whether user wants libedit support
1421LIBEDIT_MSG="no"
1422AC_ARG_WITH([libedit],
1423	[  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1424	[ if test "x$withval" != "xno" ; then
1425		if test "x$withval" = "xyes" ; then
1426			AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1427			if test "x$PKGCONFIG" != "xno"; then
1428				AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1429			 	if "$PKGCONFIG" libedit; then
1430					AC_MSG_RESULT([yes])
1431					use_pkgconfig_for_libedit=yes
1432				else
1433					AC_MSG_RESULT([no])
1434				fi
1435			fi
1436		else
1437			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1438			if test -n "${need_dash_r}"; then
1439				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1440			else
1441				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1442			fi
1443		fi
1444		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1445			LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1446			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1447		else
1448			LIBEDIT="-ledit -lcurses"
1449		fi
1450		OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1451		AC_CHECK_LIB([edit], [el_init],
1452			[ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1453			  LIBEDIT_MSG="yes"
1454			  AC_SUBST([LIBEDIT])
1455			],
1456			[ AC_MSG_ERROR([libedit not found]) ],
1457			[ $OTHERLIBS ]
1458		)
1459		AC_MSG_CHECKING([if libedit version is compatible])
1460		AC_COMPILE_IFELSE(
1461		    [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1462		    [[
1463	int i = H_SETSIZE;
1464	el_init("", NULL, NULL, NULL);
1465	exit(0);
1466		    ]])],
1467		    [ AC_MSG_RESULT([yes]) ],
1468		    [ AC_MSG_RESULT([no])
1469		      AC_MSG_ERROR([libedit version is not compatible]) ]
1470		)
1471	fi ]
1472)
1473
1474AUDIT_MODULE=none
1475AC_ARG_WITH([audit],
1476	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
1477	[
1478	  AC_MSG_CHECKING([for supported audit module])
1479	  case "$withval" in
1480	  bsm)
1481		AC_MSG_RESULT([bsm])
1482		AUDIT_MODULE=bsm
1483		dnl    Checks for headers, libs and functions
1484		AC_CHECK_HEADERS([bsm/audit.h], [],
1485		    [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1486		    [
1487#ifdef HAVE_TIME_H
1488# include <time.h>
1489#endif
1490		    ]
1491)
1492		AC_CHECK_LIB([bsm], [getaudit], [],
1493		    [AC_MSG_ERROR([BSM enabled and required library not found])])
1494		AC_CHECK_FUNCS([getaudit], [],
1495		    [AC_MSG_ERROR([BSM enabled and required function not found])])
1496		# These are optional
1497		AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1498		AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1499		if test "$sol2ver" -eq 11; then
1500		   	SSHDLIBS="$SSHDLIBS -lscf"
1501                   	AC_DEFINE([BROKEN_BSM_API], [1],
1502		        	  [The system has incomplete BSM API])
1503		fi
1504		;;
1505	  linux)
1506		AC_MSG_RESULT([linux])
1507		AUDIT_MODULE=linux
1508		dnl    Checks for headers, libs and functions
1509		AC_CHECK_HEADERS([libaudit.h])
1510		SSHDLIBS="$SSHDLIBS -laudit"
1511		AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1512		;;
1513	  debug)
1514		AUDIT_MODULE=debug
1515		AC_MSG_RESULT([debug])
1516		AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1517		;;
1518	  no)
1519		AC_MSG_RESULT([no])
1520		;;
1521	  *)
1522		AC_MSG_ERROR([Unknown audit module $withval])
1523		;;
1524	esac ]
1525)
1526
1527dnl    Checks for library functions. Please keep in alphabetical order
1528AC_CHECK_FUNCS([ \
1529	arc4random \
1530	arc4random_buf \
1531	arc4random_uniform \
1532	asprintf \
1533	b64_ntop \
1534	__b64_ntop \
1535	b64_pton \
1536	__b64_pton \
1537	bcopy \
1538	bindresvport_sa \
1539	clock \
1540	closefrom \
1541	dirfd \
1542	endgrent \
1543	fchmod \
1544	fchown \
1545	freeaddrinfo \
1546	fstatvfs \
1547	futimes \
1548	getaddrinfo \
1549	getcwd \
1550	getgrouplist \
1551	getnameinfo \
1552	getopt \
1553	getpeereid \
1554	getpeerucred \
1555	getpgid \
1556	getpgrp \
1557	_getpty \
1558	getrlimit \
1559	getttyent \
1560	glob \
1561	group_from_gid \
1562	inet_aton \
1563	inet_ntoa \
1564	inet_ntop \
1565	innetgr \
1566	login_getcapbool \
1567	mblen \
1568	md5_crypt \
1569	memmove \
1570	mkdtemp \
1571	mmap \
1572	ngetaddrinfo \
1573	nsleep \
1574	ogetaddrinfo \
1575	openlog_r \
1576	poll \
1577	prctl \
1578	pstat \
1579	readpassphrase \
1580	realpath \
1581	recvmsg \
1582	rresvport_af \
1583	sendmsg \
1584	setdtablesize \
1585	setegid \
1586	setenv \
1587	seteuid \
1588	setgroupent \
1589	setgroups \
1590	setlinebuf \
1591	setlogin \
1592	setpassent\
1593	setpcred \
1594	setproctitle \
1595	setregid \
1596	setreuid \
1597	setrlimit \
1598	setsid \
1599	setvbuf \
1600	sigaction \
1601	sigvec \
1602	snprintf \
1603	socketpair \
1604	statfs \
1605	statvfs \
1606	strdup \
1607	strerror \
1608	strlcat \
1609	strlcpy \
1610	strmode \
1611	strnlen \
1612	strnvis \
1613	strptime \
1614	strtonum \
1615	strtoll \
1616	strtoul \
1617	strtoull \
1618	swap32 \
1619	sysconf \
1620	tcgetpgrp \
1621	timingsafe_bcmp \
1622	truncate \
1623	unsetenv \
1624	updwtmpx \
1625	user_from_uid \
1626	usleep \
1627	vasprintf \
1628	vhangup \
1629	vsnprintf \
1630	waitpid \
1631])
1632
1633AC_LINK_IFELSE(
1634        [AC_LANG_PROGRAM(
1635           [[ #include <ctype.h> ]],
1636           [[ return (isblank('a')); ]])],
1637	[AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1638])
1639
1640# PKCS#11 support requires dlopen() and co
1641AC_SEARCH_LIBS([dlopen], [dl],
1642    [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1643)
1644
1645# IRIX has a const char return value for gai_strerror()
1646AC_CHECK_FUNCS([gai_strerror], [
1647	AC_DEFINE([HAVE_GAI_STRERROR])
1648	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1649#include <sys/types.h>
1650#include <sys/socket.h>
1651#include <netdb.h>
1652
1653const char *gai_strerror(int);
1654			]], [[
1655	char *str;
1656	str = gai_strerror(0);
1657			]])], [
1658		AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1659		[Define if gai_strerror() returns const char *])], [])])
1660
1661AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1662	[Some systems put nanosleep outside of libc])])
1663
1664AC_SEARCH_LIBS([clock_gettime], [rt],
1665	[AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1666
1667dnl Make sure prototypes are defined for these before using them.
1668AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1669AC_CHECK_DECL([strsep],
1670	[AC_CHECK_FUNCS([strsep])],
1671	[],
1672	[
1673#ifdef HAVE_STRING_H
1674# include <string.h>
1675#endif
1676	])
1677
1678dnl tcsendbreak might be a macro
1679AC_CHECK_DECL([tcsendbreak],
1680	[AC_DEFINE([HAVE_TCSENDBREAK])],
1681	[AC_CHECK_FUNCS([tcsendbreak])],
1682	[#include <termios.h>]
1683)
1684
1685AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1686
1687AC_CHECK_DECLS([SHUT_RD], , ,
1688	[
1689#include <sys/types.h>
1690#include <sys/socket.h>
1691	])
1692
1693AC_CHECK_DECLS([O_NONBLOCK], , ,
1694	[
1695#include <sys/types.h>
1696#ifdef HAVE_SYS_STAT_H
1697# include <sys/stat.h>
1698#endif
1699#ifdef HAVE_FCNTL_H
1700# include <fcntl.h>
1701#endif
1702	])
1703
1704AC_CHECK_DECLS([writev], , , [
1705#include <sys/types.h>
1706#include <sys/uio.h>
1707#include <unistd.h>
1708	])
1709
1710AC_CHECK_DECLS([MAXSYMLINKS], , , [
1711#include <sys/param.h>
1712	])
1713
1714AC_CHECK_DECLS([offsetof], , , [
1715#include <stddef.h>
1716	])
1717
1718# extra bits for select(2)
1719AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1720#include <sys/param.h>
1721#include <sys/types.h>
1722#ifdef HAVE_SYS_SYSMACROS_H
1723#include <sys/sysmacros.h>
1724#endif
1725#ifdef HAVE_SYS_SELECT_H
1726#include <sys/select.h>
1727#endif
1728#ifdef HAVE_SYS_TIME_H
1729#include <sys/time.h>
1730#endif
1731#ifdef HAVE_UNISTD_H
1732#include <unistd.h>
1733#endif
1734	]])
1735AC_CHECK_TYPES([fd_mask], [], [], [[
1736#include <sys/param.h>
1737#include <sys/types.h>
1738#ifdef HAVE_SYS_SELECT_H
1739#include <sys/select.h>
1740#endif
1741#ifdef HAVE_SYS_TIME_H
1742#include <sys/time.h>
1743#endif
1744#ifdef HAVE_UNISTD_H
1745#include <unistd.h>
1746#endif
1747	]])
1748
1749AC_CHECK_FUNCS([setresuid], [
1750	dnl Some platorms have setresuid that isn't implemented, test for this
1751	AC_MSG_CHECKING([if setresuid seems to work])
1752	AC_RUN_IFELSE(
1753		[AC_LANG_PROGRAM([[
1754#include <stdlib.h>
1755#include <errno.h>
1756		]], [[
1757	errno=0;
1758	setresuid(0,0,0);
1759	if (errno==ENOSYS)
1760		exit(1);
1761	else
1762		exit(0);
1763		]])],
1764		[AC_MSG_RESULT([yes])],
1765		[AC_DEFINE([BROKEN_SETRESUID], [1],
1766			[Define if your setresuid() is broken])
1767		 AC_MSG_RESULT([not implemented])],
1768		[AC_MSG_WARN([cross compiling: not checking setresuid])]
1769	)
1770])
1771
1772AC_CHECK_FUNCS([setresgid], [
1773	dnl Some platorms have setresgid that isn't implemented, test for this
1774	AC_MSG_CHECKING([if setresgid seems to work])
1775	AC_RUN_IFELSE(
1776		[AC_LANG_PROGRAM([[
1777#include <stdlib.h>
1778#include <errno.h>
1779		]], [[
1780	errno=0;
1781	setresgid(0,0,0);
1782	if (errno==ENOSYS)
1783		exit(1);
1784	else
1785		exit(0);
1786		]])],
1787		[AC_MSG_RESULT([yes])],
1788		[AC_DEFINE([BROKEN_SETRESGID], [1],
1789			[Define if your setresgid() is broken])
1790		 AC_MSG_RESULT([not implemented])],
1791		[AC_MSG_WARN([cross compiling: not checking setresuid])]
1792	)
1793])
1794
1795dnl    Checks for time functions
1796AC_CHECK_FUNCS([gettimeofday time])
1797dnl    Checks for utmp functions
1798AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1799AC_CHECK_FUNCS([utmpname])
1800dnl    Checks for utmpx functions
1801AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1802AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1803dnl    Checks for lastlog functions
1804AC_CHECK_FUNCS([getlastlogxbyname])
1805
1806AC_CHECK_FUNC([daemon],
1807	[AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1808	[AC_CHECK_LIB([bsd], [daemon],
1809		[LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1810)
1811
1812AC_CHECK_FUNC([getpagesize],
1813	[AC_DEFINE([HAVE_GETPAGESIZE], [1],
1814		[Define if your libraries define getpagesize()])],
1815	[AC_CHECK_LIB([ucb], [getpagesize],
1816		[LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1817)
1818
1819# Check for broken snprintf
1820if test "x$ac_cv_func_snprintf" = "xyes" ; then
1821	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1822	AC_RUN_IFELSE(
1823		[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1824		[[
1825	char b[5];
1826	snprintf(b,5,"123456789");
1827	exit(b[4]!='\0');
1828		]])],
1829		[AC_MSG_RESULT([yes])],
1830		[
1831			AC_MSG_RESULT([no])
1832			AC_DEFINE([BROKEN_SNPRINTF], [1],
1833				[Define if your snprintf is busted])
1834			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1835		],
1836		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1837	)
1838fi
1839
1840# If we don't have a working asprintf, then we strongly depend on vsnprintf
1841# returning the right thing on overflow: the number of characters it tried to
1842# create (as per SUSv3)
1843if test "x$ac_cv_func_asprintf" != "xyes" && \
1844   test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1845	AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1846	AC_RUN_IFELSE(
1847		[AC_LANG_PROGRAM([[
1848#include <sys/types.h>
1849#include <stdio.h>
1850#include <stdarg.h>
1851
1852int x_snprintf(char *str,size_t count,const char *fmt,...)
1853{
1854	size_t ret; va_list ap;
1855	va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1856	return ret;
1857}
1858		]], [[
1859	char x[1];
1860	exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1861		]])],
1862		[AC_MSG_RESULT([yes])],
1863		[
1864			AC_MSG_RESULT([no])
1865			AC_DEFINE([BROKEN_SNPRINTF], [1],
1866				[Define if your snprintf is busted])
1867			AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1868		],
1869		[ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1870	)
1871fi
1872
1873# On systems where [v]snprintf is broken, but is declared in stdio,
1874# check that the fmt argument is const char * or just char *.
1875# This is only useful for when BROKEN_SNPRINTF
1876AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1877AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1878#include <stdio.h>
1879int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1880		]], [[
1881	snprintf(0, 0, 0);
1882		]])],
1883   [AC_MSG_RESULT([yes])
1884    AC_DEFINE([SNPRINTF_CONST], [const],
1885              [Define as const if snprintf() can declare const char *fmt])],
1886   [AC_MSG_RESULT([no])
1887    AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
1888
1889# Check for missing getpeereid (or equiv) support
1890NO_PEERCHECK=""
1891if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1892	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1893	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1894#include <sys/types.h>
1895#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
1896		[ AC_MSG_RESULT([yes])
1897		  AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
1898		], [AC_MSG_RESULT([no])
1899		NO_PEERCHECK=1
1900        ])
1901fi
1902
1903dnl see whether mkstemp() requires XXXXXX
1904if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1905AC_MSG_CHECKING([for (overly) strict mkstemp])
1906AC_RUN_IFELSE(
1907	[AC_LANG_PROGRAM([[
1908#include <stdlib.h>
1909	]], [[
1910	char template[]="conftest.mkstemp-test";
1911	if (mkstemp(template) == -1)
1912		exit(1);
1913	unlink(template);
1914	exit(0);
1915	]])],
1916	[
1917		AC_MSG_RESULT([no])
1918	],
1919	[
1920		AC_MSG_RESULT([yes])
1921		AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
1922	],
1923	[
1924		AC_MSG_RESULT([yes])
1925		AC_DEFINE([HAVE_STRICT_MKSTEMP])
1926	]
1927)
1928fi
1929
1930dnl make sure that openpty does not reacquire controlling terminal
1931if test ! -z "$check_for_openpty_ctty_bug"; then
1932	AC_MSG_CHECKING([if openpty correctly handles controlling tty])
1933	AC_RUN_IFELSE(
1934		[AC_LANG_PROGRAM([[
1935#include <stdio.h>
1936#include <sys/fcntl.h>
1937#include <sys/types.h>
1938#include <sys/wait.h>
1939		]], [[
1940	pid_t pid;
1941	int fd, ptyfd, ttyfd, status;
1942
1943	pid = fork();
1944	if (pid < 0) {		/* failed */
1945		exit(1);
1946	} else if (pid > 0) {	/* parent */
1947		waitpid(pid, &status, 0);
1948		if (WIFEXITED(status))
1949			exit(WEXITSTATUS(status));
1950		else
1951			exit(2);
1952	} else {		/* child */
1953		close(0); close(1); close(2);
1954		setsid();
1955		openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1956		fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1957		if (fd >= 0)
1958			exit(3);	/* Acquired ctty: broken */
1959		else
1960			exit(0);	/* Did not acquire ctty: OK */
1961	}
1962		]])],
1963		[
1964			AC_MSG_RESULT([yes])
1965		],
1966		[
1967			AC_MSG_RESULT([no])
1968			AC_DEFINE([SSHD_ACQUIRES_CTTY])
1969		],
1970		[
1971			AC_MSG_RESULT([cross-compiling, assuming yes])
1972		]
1973	)
1974fi
1975
1976if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1977    test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1978	AC_MSG_CHECKING([if getaddrinfo seems to work])
1979	AC_RUN_IFELSE(
1980		[AC_LANG_PROGRAM([[
1981#include <stdio.h>
1982#include <sys/socket.h>
1983#include <netdb.h>
1984#include <errno.h>
1985#include <netinet/in.h>
1986
1987#define TEST_PORT "2222"
1988		]], [[
1989	int err, sock;
1990	struct addrinfo *gai_ai, *ai, hints;
1991	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1992
1993	memset(&hints, 0, sizeof(hints));
1994	hints.ai_family = PF_UNSPEC;
1995	hints.ai_socktype = SOCK_STREAM;
1996	hints.ai_flags = AI_PASSIVE;
1997
1998	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1999	if (err != 0) {
2000		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2001		exit(1);
2002	}
2003
2004	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2005		if (ai->ai_family != AF_INET6)
2006			continue;
2007
2008		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2009		    sizeof(ntop), strport, sizeof(strport),
2010		    NI_NUMERICHOST|NI_NUMERICSERV);
2011
2012		if (err != 0) {
2013			if (err == EAI_SYSTEM)
2014				perror("getnameinfo EAI_SYSTEM");
2015			else
2016				fprintf(stderr, "getnameinfo failed: %s\n",
2017				    gai_strerror(err));
2018			exit(2);
2019		}
2020
2021		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2022		if (sock < 0)
2023			perror("socket");
2024		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2025			if (errno == EBADF)
2026				exit(3);
2027		}
2028	}
2029	exit(0);
2030		]])],
2031		[
2032			AC_MSG_RESULT([yes])
2033		],
2034		[
2035			AC_MSG_RESULT([no])
2036			AC_DEFINE([BROKEN_GETADDRINFO])
2037		],
2038		[
2039			AC_MSG_RESULT([cross-compiling, assuming yes])
2040		]
2041	)
2042fi
2043
2044if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2045    test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2046	AC_MSG_CHECKING([if getaddrinfo seems to work])
2047	AC_RUN_IFELSE(
2048		[AC_LANG_PROGRAM([[
2049#include <stdio.h>
2050#include <sys/socket.h>
2051#include <netdb.h>
2052#include <errno.h>
2053#include <netinet/in.h>
2054
2055#define TEST_PORT "2222"
2056		]], [[
2057	int err, sock;
2058	struct addrinfo *gai_ai, *ai, hints;
2059	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2060
2061	memset(&hints, 0, sizeof(hints));
2062	hints.ai_family = PF_UNSPEC;
2063	hints.ai_socktype = SOCK_STREAM;
2064	hints.ai_flags = AI_PASSIVE;
2065
2066	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2067	if (err != 0) {
2068		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2069		exit(1);
2070	}
2071
2072	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2073		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2074			continue;
2075
2076		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2077		    sizeof(ntop), strport, sizeof(strport),
2078		    NI_NUMERICHOST|NI_NUMERICSERV);
2079
2080		if (ai->ai_family == AF_INET && err != 0) {
2081			perror("getnameinfo");
2082			exit(2);
2083		}
2084	}
2085	exit(0);
2086		]])],
2087		[
2088			AC_MSG_RESULT([yes])
2089			AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2090				[Define if you have a getaddrinfo that fails
2091				for the all-zeros IPv6 address])
2092		],
2093		[
2094			AC_MSG_RESULT([no])
2095			AC_DEFINE([BROKEN_GETADDRINFO])
2096		],
2097		[
2098			AC_MSG_RESULT([cross-compiling, assuming no])
2099		]
2100	)
2101fi
2102
2103if test "x$check_for_conflicting_getspnam" = "x1"; then
2104	AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2105	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2106		[[ exit(0); ]])],
2107		[
2108			AC_MSG_RESULT([no])
2109		],
2110		[
2111			AC_MSG_RESULT([yes])
2112			AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2113			    [Conflicting defs for getspnam])
2114		]
2115	)
2116fi
2117
2118AC_FUNC_GETPGRP
2119
2120# Search for OpenSSL
2121saved_CPPFLAGS="$CPPFLAGS"
2122saved_LDFLAGS="$LDFLAGS"
2123AC_ARG_WITH([ssl-dir],
2124	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
2125	[
2126		if test "x$withval" != "xno" ; then
2127			case "$withval" in
2128				# Relative paths
2129				./*|../*)	withval="`pwd`/$withval"
2130			esac
2131			if test -d "$withval/lib"; then
2132				if test -n "${need_dash_r}"; then
2133					LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2134				else
2135					LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2136				fi
2137			elif test -d "$withval/lib64"; then
2138				if test -n "${need_dash_r}"; then
2139					LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2140				else
2141					LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2142				fi
2143			else
2144				if test -n "${need_dash_r}"; then
2145					LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2146				else
2147					LDFLAGS="-L${withval} ${LDFLAGS}"
2148				fi
2149			fi
2150			if test -d "$withval/include"; then
2151				CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2152			else
2153				CPPFLAGS="-I${withval} ${CPPFLAGS}"
2154			fi
2155		fi
2156	]
2157)
2158LIBS="-lcrypto $LIBS"
2159AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2160	[Define if your ssl headers are included
2161	with #include <openssl/header.h>])],
2162	[
2163		dnl Check default openssl install dir
2164		if test -n "${need_dash_r}"; then
2165			LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2166		else
2167			LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2168		fi
2169		CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2170		AC_CHECK_HEADER([openssl/opensslv.h], ,
2171		    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2172		AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2173			[
2174				AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2175			]
2176		)
2177	]
2178)
2179
2180# Determine OpenSSL header version
2181AC_MSG_CHECKING([OpenSSL header version])
2182AC_RUN_IFELSE(
2183	[AC_LANG_PROGRAM([[
2184#include <stdio.h>
2185#include <string.h>
2186#include <openssl/opensslv.h>
2187#define DATA "conftest.sslincver"
2188	]], [[
2189	FILE *fd;
2190	int rc;
2191
2192	fd = fopen(DATA,"w");
2193	if(fd == NULL)
2194		exit(1);
2195
2196	if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2197		exit(1);
2198
2199	exit(0);
2200	]])],
2201	[
2202		ssl_header_ver=`cat conftest.sslincver`
2203		AC_MSG_RESULT([$ssl_header_ver])
2204	],
2205	[
2206		AC_MSG_RESULT([not found])
2207		AC_MSG_ERROR([OpenSSL version header not found.])
2208	],
2209	[
2210		AC_MSG_WARN([cross compiling: not checking])
2211	]
2212)
2213
2214# Determine OpenSSL library version
2215AC_MSG_CHECKING([OpenSSL library version])
2216AC_RUN_IFELSE(
2217	[AC_LANG_PROGRAM([[
2218#include <stdio.h>
2219#include <string.h>
2220#include <openssl/opensslv.h>
2221#include <openssl/crypto.h>
2222#define DATA "conftest.ssllibver"
2223	]], [[
2224	FILE *fd;
2225	int rc;
2226
2227	fd = fopen(DATA,"w");
2228	if(fd == NULL)
2229		exit(1);
2230
2231	if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2232		exit(1);
2233
2234	exit(0);
2235	]])],
2236	[
2237		ssl_library_ver=`cat conftest.ssllibver`
2238		AC_MSG_RESULT([$ssl_library_ver])
2239	],
2240	[
2241		AC_MSG_RESULT([not found])
2242		AC_MSG_ERROR([OpenSSL library not found.])
2243	],
2244	[
2245		AC_MSG_WARN([cross compiling: not checking])
2246	]
2247)
2248
2249AC_ARG_WITH([openssl-header-check],
2250	[  --without-openssl-header-check Disable OpenSSL version consistency check],
2251	[  if test "x$withval" = "xno" ; then
2252		openssl_check_nonfatal=1
2253	   fi
2254	]
2255)
2256
2257# Sanity check OpenSSL headers
2258AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2259AC_RUN_IFELSE(
2260	[AC_LANG_PROGRAM([[
2261#include <string.h>
2262#include <openssl/opensslv.h>
2263	]], [[
2264	exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2265	]])],
2266	[
2267		AC_MSG_RESULT([yes])
2268	],
2269	[
2270		AC_MSG_RESULT([no])
2271		if test "x$openssl_check_nonfatal" = "x"; then
2272			AC_MSG_ERROR([Your OpenSSL headers do not match your
2273library. Check config.log for details.
2274If you are sure your installation is consistent, you can disable the check
2275by running "./configure --without-openssl-header-check".
2276Also see contrib/findssl.sh for help identifying header/library mismatches.
2277])
2278		else
2279			AC_MSG_WARN([Your OpenSSL headers do not match your
2280library. Check config.log for details.
2281Also see contrib/findssl.sh for help identifying header/library mismatches.])
2282		fi
2283	],
2284	[
2285		AC_MSG_WARN([cross compiling: not checking])
2286	]
2287)
2288
2289AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2290AC_LINK_IFELSE(
2291	[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2292	[[ SSLeay_add_all_algorithms(); ]])],
2293	[
2294		AC_MSG_RESULT([yes])
2295	],
2296	[
2297		AC_MSG_RESULT([no])
2298		saved_LIBS="$LIBS"
2299		LIBS="$LIBS -ldl"
2300		AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2301		AC_LINK_IFELSE(
2302			[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2303			[[ SSLeay_add_all_algorithms(); ]])],
2304			[
2305				AC_MSG_RESULT([yes])
2306			],
2307			[
2308				AC_MSG_RESULT([no])
2309				LIBS="$saved_LIBS"
2310			]
2311		)
2312	]
2313)
2314
2315AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init])
2316
2317AC_ARG_WITH([ssl-engine],
2318	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
2319	[ if test "x$withval" != "xno" ; then
2320		AC_MSG_CHECKING([for OpenSSL ENGINE support])
2321		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2322#include <openssl/engine.h>
2323			]], [[
2324	ENGINE_load_builtin_engines();
2325	ENGINE_register_all_complete();
2326			]])],
2327			[ AC_MSG_RESULT([yes])
2328			  AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2329			     [Enable OpenSSL engine support])
2330			], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2331		])
2332	  fi ]
2333)
2334
2335# Check for OpenSSL without EVP_aes_{192,256}_cbc
2336AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2337AC_LINK_IFELSE(
2338	[AC_LANG_PROGRAM([[
2339#include <string.h>
2340#include <openssl/evp.h>
2341	]], [[
2342	exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2343	]])],
2344	[
2345		AC_MSG_RESULT([no])
2346	],
2347	[
2348		AC_MSG_RESULT([yes])
2349		AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2350		    [libcrypto is missing AES 192 and 256 bit functions])
2351	]
2352)
2353
2354# Check for OpenSSL with EVP_aes_*ctr
2355AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2356AC_LINK_IFELSE(
2357	[AC_LANG_PROGRAM([[
2358#include <string.h>
2359#include <openssl/evp.h>
2360	]], [[
2361	exit(EVP_aes_128_ctr() == NULL ||
2362	    EVP_aes_192_cbc() == NULL ||
2363	    EVP_aes_256_cbc() == NULL);
2364	]])],
2365	[
2366		AC_MSG_RESULT([yes])
2367		AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2368		    [libcrypto has EVP AES CTR])
2369	],
2370	[
2371		AC_MSG_RESULT([no])
2372	]
2373)
2374
2375# Check for OpenSSL with EVP_aes_*gcm
2376AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2377AC_LINK_IFELSE(
2378	[AC_LANG_PROGRAM([[
2379#include <string.h>
2380#include <openssl/evp.h>
2381	]], [[
2382	exit(EVP_aes_128_gcm() == NULL ||
2383	    EVP_aes_256_gcm() == NULL ||
2384	    EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2385	    EVP_CTRL_GCM_IV_GEN == 0 ||
2386	    EVP_CTRL_GCM_SET_TAG == 0 ||
2387	    EVP_CTRL_GCM_GET_TAG == 0 ||
2388	    EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2389	]])],
2390	[
2391		AC_MSG_RESULT([yes])
2392		AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2393		    [libcrypto has EVP AES GCM])
2394	],
2395	[
2396		AC_MSG_RESULT([no])
2397		unsupported_algorithms="$unsupported_cipers \
2398		   aes128-gcm@openssh.com aes256-gcm@openssh.com"
2399	]
2400)
2401
2402AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2403	[AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2404	    [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2405
2406AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2407AC_LINK_IFELSE(
2408	[AC_LANG_PROGRAM([[
2409#include <string.h>
2410#include <openssl/evp.h>
2411	]], [[
2412	if(EVP_DigestUpdate(NULL, NULL,0))
2413		exit(0);
2414	]])],
2415	[
2416		AC_MSG_RESULT([yes])
2417	],
2418	[
2419		AC_MSG_RESULT([no])
2420		AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2421		    [Define if EVP_DigestUpdate returns void])
2422	]
2423)
2424
2425# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2426# because the system crypt() is more featureful.
2427if test "x$check_for_libcrypt_before" = "x1"; then
2428	AC_CHECK_LIB([crypt], [crypt])
2429fi
2430
2431# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2432# version in OpenSSL.
2433if test "x$check_for_libcrypt_later" = "x1"; then
2434	AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2435fi
2436AC_CHECK_FUNCS([crypt DES_crypt])
2437
2438# Search for SHA256 support in libc and/or OpenSSL
2439AC_CHECK_FUNCS([SHA256_Update EVP_sha256],
2440    [TEST_SSH_SHA256=yes],
2441    [TEST_SSH_SHA256=no
2442     unsupported_algorithms="$unsupported_algorithms \
2443	hmac-sha2-256 hmac-sha2-512 \
2444	diffie-hellman-group-exchange-sha256 \
2445	hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
2446     ]
2447)
2448AC_SUBST([TEST_SSH_SHA256])
2449
2450# Check complete ECC support in OpenSSL
2451AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2452AC_LINK_IFELSE(
2453	[AC_LANG_PROGRAM([[
2454#include <openssl/ec.h>
2455#include <openssl/ecdh.h>
2456#include <openssl/ecdsa.h>
2457#include <openssl/evp.h>
2458#include <openssl/objects.h>
2459#include <openssl/opensslv.h>
2460#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2461# error "OpenSSL < 0.9.8g has unreliable ECC code"
2462#endif
2463	]], [[
2464	EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2465	const EVP_MD *m = EVP_sha512(); /* We need this too */
2466	]])],
2467	[
2468		AC_MSG_RESULT([yes])
2469		AC_DEFINE([OPENSSL_HAS_ECC], [1],
2470		    [libcrypto includes complete ECC support])
2471		TEST_SSH_ECC=yes
2472		COMMENT_OUT_ECC=""
2473	],
2474	[
2475		AC_MSG_RESULT([no])
2476		TEST_SSH_ECC=no
2477		COMMENT_OUT_ECC="#no ecc#"
2478     		unsupported_algorithms="$unsupported_algorithms \
2479		    ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
2480		    ecdsa-sha2-nistp256-cert-v01@openssh.com \
2481		    ecdsa-sha2-nistp384-cert-v01@openssh.com \
2482		    ecdsa-sha2-nistp521-cert-v01@openssh.com \
2483		    ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521"
2484	]
2485)
2486AC_SUBST([TEST_SSH_ECC])
2487AC_SUBST([COMMENT_OUT_ECC])
2488
2489saved_LIBS="$LIBS"
2490AC_CHECK_LIB([iaf], [ia_openinfo], [
2491	LIBS="$LIBS -liaf"
2492	AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2493				AC_DEFINE([HAVE_LIBIAF], [1],
2494        		[Define if system has libiaf that supports set_id])
2495				])
2496])
2497LIBS="$saved_LIBS"
2498
2499### Configure cryptographic random number support
2500
2501# Check wheter OpenSSL seeds itself
2502AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2503AC_RUN_IFELSE(
2504	[AC_LANG_PROGRAM([[
2505#include <string.h>
2506#include <openssl/rand.h>
2507	]], [[
2508	exit(RAND_status() == 1 ? 0 : 1);
2509	]])],
2510	[
2511		OPENSSL_SEEDS_ITSELF=yes
2512		AC_MSG_RESULT([yes])
2513	],
2514	[
2515		AC_MSG_RESULT([no])
2516	],
2517	[
2518		AC_MSG_WARN([cross compiling: assuming yes])
2519		# This is safe, since we will fatal() at runtime if
2520		# OpenSSL is not seeded correctly.
2521		OPENSSL_SEEDS_ITSELF=yes
2522	]
2523)
2524
2525# PRNGD TCP socket
2526AC_ARG_WITH([prngd-port],
2527	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
2528	[
2529		case "$withval" in
2530		no)
2531			withval=""
2532			;;
2533		[[0-9]]*)
2534			;;
2535		*)
2536			AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2537			;;
2538		esac
2539		if test ! -z "$withval" ; then
2540			PRNGD_PORT="$withval"
2541			AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2542				[Port number of PRNGD/EGD random number socket])
2543		fi
2544	]
2545)
2546
2547# PRNGD Unix domain socket
2548AC_ARG_WITH([prngd-socket],
2549	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2550	[
2551		case "$withval" in
2552		yes)
2553			withval="/var/run/egd-pool"
2554			;;
2555		no)
2556			withval=""
2557			;;
2558		/*)
2559			;;
2560		*)
2561			AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2562			;;
2563		esac
2564
2565		if test ! -z "$withval" ; then
2566			if test ! -z "$PRNGD_PORT" ; then
2567				AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2568			fi
2569			if test ! -r "$withval" ; then
2570				AC_MSG_WARN([Entropy socket is not readable])
2571			fi
2572			PRNGD_SOCKET="$withval"
2573			AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2574				[Location of PRNGD/EGD random number socket])
2575		fi
2576	],
2577	[
2578		# Check for existing socket only if we don't have a random device already
2579		if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2580			AC_MSG_CHECKING([for PRNGD/EGD socket])
2581			# Insert other locations here
2582			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2583				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2584					PRNGD_SOCKET="$sock"
2585					AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2586					break;
2587				fi
2588			done
2589			if test ! -z "$PRNGD_SOCKET" ; then
2590				AC_MSG_RESULT([$PRNGD_SOCKET])
2591			else
2592				AC_MSG_RESULT([not found])
2593			fi
2594		fi
2595	]
2596)
2597
2598# Which randomness source do we use?
2599if test ! -z "$PRNGD_PORT" ; then
2600	RAND_MSG="PRNGd port $PRNGD_PORT"
2601elif test ! -z "$PRNGD_SOCKET" ; then
2602	RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2603elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2604	AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2605		[Define if you want OpenSSL's internally seeded PRNG only])
2606	RAND_MSG="OpenSSL internal ONLY"
2607else
2608	AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2609fi
2610
2611# Check for PAM libs
2612PAM_MSG="no"
2613AC_ARG_WITH([pam],
2614	[  --with-pam              Enable PAM support ],
2615	[
2616		if test "x$withval" != "xno" ; then
2617			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2618			   test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2619				AC_MSG_ERROR([PAM headers not found])
2620			fi
2621
2622			saved_LIBS="$LIBS"
2623			AC_CHECK_LIB([dl], [dlopen], , )
2624			AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2625			AC_CHECK_FUNCS([pam_getenvlist])
2626			AC_CHECK_FUNCS([pam_putenv])
2627			LIBS="$saved_LIBS"
2628
2629			PAM_MSG="yes"
2630
2631			SSHDLIBS="$SSHDLIBS -lpam"
2632			AC_DEFINE([USE_PAM], [1],
2633				[Define if you want to enable PAM support])
2634
2635			if test $ac_cv_lib_dl_dlopen = yes; then
2636				case "$LIBS" in
2637				*-ldl*)
2638					# libdl already in LIBS
2639					;;
2640				*)
2641					SSHDLIBS="$SSHDLIBS -ldl"
2642					;;
2643				esac
2644			fi
2645		fi
2646	]
2647)
2648
2649# Check for older PAM
2650if test "x$PAM_MSG" = "xyes" ; then
2651	# Check PAM strerror arguments (old PAM)
2652	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2653	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2654#include <stdlib.h>
2655#if defined(HAVE_SECURITY_PAM_APPL_H)
2656#include <security/pam_appl.h>
2657#elif defined (HAVE_PAM_PAM_APPL_H)
2658#include <pam/pam_appl.h>
2659#endif
2660		]], [[
2661(void)pam_strerror((pam_handle_t *)NULL, -1);
2662		]])], [AC_MSG_RESULT([no])], [
2663			AC_DEFINE([HAVE_OLD_PAM], [1],
2664				[Define if you have an old version of PAM
2665				which takes only one argument to pam_strerror])
2666			AC_MSG_RESULT([yes])
2667			PAM_MSG="yes (old library)"
2668
2669	])
2670fi
2671
2672SSH_PRIVSEP_USER=sshd
2673AC_ARG_WITH([privsep-user],
2674	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
2675	[
2676		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2677		    test "x${withval}" != "xyes"; then
2678			SSH_PRIVSEP_USER=$withval
2679		fi
2680	]
2681)
2682AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2683	[non-privileged user for privilege separation])
2684AC_SUBST([SSH_PRIVSEP_USER])
2685
2686if test "x$have_linux_no_new_privs" = "x1" ; then
2687AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
2688	#include <sys/types.h>
2689	#include <linux/seccomp.h>
2690])
2691fi
2692if test "x$have_seccomp_filter" = "x1" ; then
2693AC_MSG_CHECKING([kernel for seccomp_filter support])
2694AC_LINK_IFELSE([AC_LANG_PROGRAM([[
2695		#include <errno.h>
2696		#include <elf.h>
2697		#include <linux/audit.h>
2698		#include <linux/seccomp.h>
2699		#include <stdlib.h>
2700		#include <sys/prctl.h>
2701	]],
2702	[[ int i = $seccomp_audit_arch;
2703	   errno = 0;
2704	   prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
2705	   exit(errno == EFAULT ? 0 : 1); ]])],
2706	[ AC_MSG_RESULT([yes]) ], [
2707		AC_MSG_RESULT([no])
2708		# Disable seccomp filter as a target
2709		have_seccomp_filter=0
2710	]
2711)
2712fi
2713
2714# Decide which sandbox style to use
2715sandbox_arg=""
2716AC_ARG_WITH([sandbox],
2717	[  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)],
2718	[
2719		if test "x$withval" = "xyes" ; then
2720			sandbox_arg=""
2721		else
2722			sandbox_arg="$withval"
2723		fi
2724	]
2725)
2726
2727# Some platforms (seems to be the ones that have a kernel poll(2)-type
2728# function with which they implement select(2)) use an extra file descriptor
2729# when calling select(2), which means we can't use the rlimit sandbox.
2730AC_MSG_CHECKING([if select works with descriptor rlimit])
2731AC_RUN_IFELSE(
2732	[AC_LANG_PROGRAM([[
2733#include <sys/types.h>
2734#ifdef HAVE_SYS_TIME_H
2735# include <sys/time.h>
2736#endif
2737#include <sys/resource.h>
2738#ifdef HAVE_SYS_SELECT_H
2739# include <sys/select.h>
2740#endif
2741#include <errno.h>
2742#include <fcntl.h>
2743#include <stdlib.h>
2744	]],[[
2745	struct rlimit rl_zero;
2746	int fd, r;
2747	fd_set fds;
2748	struct timeval tv;
2749
2750	fd = open("/dev/null", O_RDONLY);
2751	FD_ZERO(&fds);
2752	FD_SET(fd, &fds);
2753	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2754	setrlimit(RLIMIT_FSIZE, &rl_zero);
2755	setrlimit(RLIMIT_NOFILE, &rl_zero);
2756	tv.tv_sec = 1;
2757	tv.tv_usec = 0;
2758	r = select(fd+1, &fds, NULL, NULL, &tv);
2759	exit (r == -1 ? 1 : 0);
2760	]])],
2761	[AC_MSG_RESULT([yes])
2762	 select_works_with_rlimit=yes],
2763	[AC_MSG_RESULT([no])
2764	 select_works_with_rlimit=no],
2765	[AC_MSG_WARN([cross compiling: assuming yes])]
2766)
2767
2768AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
2769AC_RUN_IFELSE(
2770	[AC_LANG_PROGRAM([[
2771#include <sys/types.h>
2772#ifdef HAVE_SYS_TIME_H
2773# include <sys/time.h>
2774#endif
2775#include <sys/resource.h>
2776#include <errno.h>
2777#include <stdlib.h>
2778	]],[[
2779	struct rlimit rl_zero;
2780	int fd, r;
2781	fd_set fds;
2782
2783	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2784	r = setrlimit(RLIMIT_NOFILE, &rl_zero);
2785	exit (r == -1 ? 1 : 0);
2786	]])],
2787	[AC_MSG_RESULT([yes])
2788	 rlimit_nofile_zero_works=yes],
2789	[AC_MSG_RESULT([no])
2790	 rlimit_nofile_zero_works=no],
2791	[AC_MSG_WARN([cross compiling: assuming yes])]
2792)
2793
2794AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
2795AC_RUN_IFELSE(
2796	[AC_LANG_PROGRAM([[
2797#include <sys/types.h>
2798#include <sys/resource.h>
2799#include <stdlib.h>
2800	]],[[
2801		struct rlimit rl_zero;
2802
2803		rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2804		exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
2805	]])],
2806	[AC_MSG_RESULT([yes])],
2807	[AC_MSG_RESULT([no])
2808	 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
2809	    [setrlimit RLIMIT_FSIZE works])],
2810	[AC_MSG_WARN([cross compiling: assuming yes])]
2811)
2812
2813if test "x$sandbox_arg" = "xsystrace" || \
2814   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
2815	test "x$have_systr_policy_kill" != "x1" && \
2816		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
2817	SANDBOX_STYLE="systrace"
2818	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
2819elif test "x$sandbox_arg" = "xdarwin" || \
2820     ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
2821       test "x$ac_cv_header_sandbox_h" = "xyes") ; then
2822	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
2823	     "x$ac_cv_header_sandbox_h" != "xyes" && \
2824		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
2825	SANDBOX_STYLE="darwin"
2826	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
2827elif test "x$sandbox_arg" = "xseccomp_filter" || \
2828     ( test -z "$sandbox_arg" && \
2829       test "x$have_seccomp_filter" = "x1" && \
2830       test "x$ac_cv_header_elf_h" = "xyes" && \
2831       test "x$ac_cv_header_linux_audit_h" = "xyes" && \
2832       test "x$ac_cv_header_linux_filter_h" = "xyes" && \
2833       test "x$seccomp_audit_arch" != "x" && \
2834       test "x$have_linux_no_new_privs" = "x1" && \
2835       test "x$ac_cv_func_prctl" = "xyes" ) ; then
2836	test "x$seccomp_audit_arch" = "x" && \
2837		AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
2838	test "x$have_linux_no_new_privs" != "x1" && \
2839		AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
2840	test "x$have_seccomp_filter" != "x1" && \
2841		AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
2842	test "x$ac_cv_func_prctl" != "xyes" && \
2843		AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
2844	SANDBOX_STYLE="seccomp_filter"
2845	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
2846elif test "x$sandbox_arg" = "xrlimit" || \
2847     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
2848       test "x$select_works_with_rlimit" = "xyes" && \
2849       test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
2850	test "x$ac_cv_func_setrlimit" != "xyes" && \
2851		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
2852	test "x$select_works_with_rlimit" != "xyes" && \
2853		AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
2854	SANDBOX_STYLE="rlimit"
2855	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
2856elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
2857     test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
2858	SANDBOX_STYLE="none"
2859	AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
2860else
2861	AC_MSG_ERROR([unsupported --with-sandbox])
2862fi
2863
2864# Cheap hack to ensure NEWS-OS libraries are arranged right.
2865if test ! -z "$SONY" ; then
2866  LIBS="$LIBS -liberty";
2867fi
2868
2869# Check for  long long datatypes
2870AC_CHECK_TYPES([long long, unsigned long long, long double])
2871
2872# Check datatype sizes
2873AC_CHECK_SIZEOF([short int], [2])
2874AC_CHECK_SIZEOF([int], [4])
2875AC_CHECK_SIZEOF([long int], [4])
2876AC_CHECK_SIZEOF([long long int], [8])
2877
2878# Sanity check long long for some platforms (AIX)
2879if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2880	ac_cv_sizeof_long_long_int=0
2881fi
2882
2883# compute LLONG_MIN and LLONG_MAX if we don't know them.
2884if test -z "$have_llong_max"; then
2885	AC_MSG_CHECKING([for max value of long long])
2886	AC_RUN_IFELSE(
2887		[AC_LANG_PROGRAM([[
2888#include <stdio.h>
2889/* Why is this so damn hard? */
2890#ifdef __GNUC__
2891# undef __GNUC__
2892#endif
2893#define __USE_ISOC99
2894#include <limits.h>
2895#define DATA "conftest.llminmax"
2896#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2897
2898/*
2899 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2900 * we do this the hard way.
2901 */
2902static int
2903fprint_ll(FILE *f, long long n)
2904{
2905	unsigned int i;
2906	int l[sizeof(long long) * 8];
2907
2908	if (n < 0)
2909		if (fprintf(f, "-") < 0)
2910			return -1;
2911	for (i = 0; n != 0; i++) {
2912		l[i] = my_abs(n % 10);
2913		n /= 10;
2914	}
2915	do {
2916		if (fprintf(f, "%d", l[--i]) < 0)
2917			return -1;
2918	} while (i != 0);
2919	if (fprintf(f, " ") < 0)
2920		return -1;
2921	return 0;
2922}
2923		]], [[
2924	FILE *f;
2925	long long i, llmin, llmax = 0;
2926
2927	if((f = fopen(DATA,"w")) == NULL)
2928		exit(1);
2929
2930#if defined(LLONG_MIN) && defined(LLONG_MAX)
2931	fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2932	llmin = LLONG_MIN;
2933	llmax = LLONG_MAX;
2934#else
2935	fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
2936	/* This will work on one's complement and two's complement */
2937	for (i = 1; i > llmax; i <<= 1, i++)
2938		llmax = i;
2939	llmin = llmax + 1LL;	/* wrap */
2940#endif
2941
2942	/* Sanity check */
2943	if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2944	    || llmax - 1 > llmax || llmin == llmax || llmin == 0
2945	    || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2946		fprintf(f, "unknown unknown\n");
2947		exit(2);
2948	}
2949
2950	if (fprint_ll(f, llmin) < 0)
2951		exit(3);
2952	if (fprint_ll(f, llmax) < 0)
2953		exit(4);
2954	if (fclose(f) < 0)
2955		exit(5);
2956	exit(0);
2957		]])],
2958		[
2959			llong_min=`$AWK '{print $1}' conftest.llminmax`
2960			llong_max=`$AWK '{print $2}' conftest.llminmax`
2961
2962			AC_MSG_RESULT([$llong_max])
2963			AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
2964			    [max value of long long calculated by configure])
2965			AC_MSG_CHECKING([for min value of long long])
2966			AC_MSG_RESULT([$llong_min])
2967			AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
2968			    [min value of long long calculated by configure])
2969		],
2970		[
2971			AC_MSG_RESULT([not found])
2972		],
2973		[
2974			AC_MSG_WARN([cross compiling: not checking])
2975		]
2976	)
2977fi
2978
2979
2980# More checks for data types
2981AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2982	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2983	[[ u_int a; a = 1;]])],
2984	[ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
2985	])
2986])
2987if test "x$ac_cv_have_u_int" = "xyes" ; then
2988	AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
2989	have_u_int=1
2990fi
2991
2992AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2993	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2994	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2995	[ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
2996	])
2997])
2998if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2999	AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3000	have_intxx_t=1
3001fi
3002
3003if (test -z "$have_intxx_t" && \
3004	   test "x$ac_cv_header_stdint_h" = "xyes")
3005then
3006    AC_MSG_CHECKING([for intXX_t types in stdint.h])
3007	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3008	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3009		[
3010			AC_DEFINE([HAVE_INTXX_T])
3011			AC_MSG_RESULT([yes])
3012		], [ AC_MSG_RESULT([no])
3013	])
3014fi
3015
3016AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3017	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3018#include <sys/types.h>
3019#ifdef HAVE_STDINT_H
3020# include <stdint.h>
3021#endif
3022#include <sys/socket.h>
3023#ifdef HAVE_SYS_BITYPES_H
3024# include <sys/bitypes.h>
3025#endif
3026		]], [[
3027int64_t a; a = 1;
3028		]])],
3029	[ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3030	])
3031])
3032if test "x$ac_cv_have_int64_t" = "xyes" ; then
3033	AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3034fi
3035
3036AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3037	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3038	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3039	[ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3040	])
3041])
3042if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3043	AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3044	have_u_intxx_t=1
3045fi
3046
3047if test -z "$have_u_intxx_t" ; then
3048    AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3049	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3050	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3051		[
3052			AC_DEFINE([HAVE_U_INTXX_T])
3053			AC_MSG_RESULT([yes])
3054		], [ AC_MSG_RESULT([no])
3055	])
3056fi
3057
3058AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3059	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3060	[[ u_int64_t a; a = 1;]])],
3061	[ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3062	])
3063])
3064if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3065	AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3066	have_u_int64_t=1
3067fi
3068
3069if test -z "$have_u_int64_t" ; then
3070    AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3071	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3072	[[ u_int64_t a; a = 1]])],
3073		[
3074			AC_DEFINE([HAVE_U_INT64_T])
3075			AC_MSG_RESULT([yes])
3076		], [ AC_MSG_RESULT([no])
3077	])
3078fi
3079
3080if test -z "$have_u_intxx_t" ; then
3081	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3082		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3083#include <sys/types.h>
3084			]], [[
3085	uint8_t a;
3086	uint16_t b;
3087	uint32_t c;
3088	a = b = c = 1;
3089			]])],
3090		[ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3091		])
3092	])
3093	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3094		AC_DEFINE([HAVE_UINTXX_T], [1],
3095			[define if you have uintxx_t data type])
3096	fi
3097fi
3098
3099if test -z "$have_uintxx_t" ; then
3100    AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3101	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3102	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3103		[
3104			AC_DEFINE([HAVE_UINTXX_T])
3105			AC_MSG_RESULT([yes])
3106		], [ AC_MSG_RESULT([no])
3107	])
3108fi
3109
3110if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3111	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3112then
3113	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3114	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3115#include <sys/bitypes.h>
3116		]], [[
3117			int8_t a; int16_t b; int32_t c;
3118			u_int8_t e; u_int16_t f; u_int32_t g;
3119			a = b = c = e = f = g = 1;
3120		]])],
3121		[
3122			AC_DEFINE([HAVE_U_INTXX_T])
3123			AC_DEFINE([HAVE_INTXX_T])
3124			AC_MSG_RESULT([yes])
3125		], [AC_MSG_RESULT([no])
3126	])
3127fi
3128
3129
3130AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3131	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3132	[[ u_char foo; foo = 125; ]])],
3133	[ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3134	])
3135])
3136if test "x$ac_cv_have_u_char" = "xyes" ; then
3137	AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3138fi
3139
3140TYPE_SOCKLEN_T
3141
3142AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3143AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3144#include <sys/types.h>
3145#ifdef HAVE_SYS_BITYPES_H
3146#include <sys/bitypes.h>
3147#endif
3148#ifdef HAVE_SYS_STATFS_H
3149#include <sys/statfs.h>
3150#endif
3151#ifdef HAVE_SYS_STATVFS_H
3152#include <sys/statvfs.h>
3153#endif
3154])
3155
3156AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3157[#include <sys/types.h>
3158#include <netinet/in.h>])
3159
3160AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3161	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3162	[[ size_t foo; foo = 1235; ]])],
3163	[ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3164	])
3165])
3166if test "x$ac_cv_have_size_t" = "xyes" ; then
3167	AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3168fi
3169
3170AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3171	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3172	[[ ssize_t foo; foo = 1235; ]])],
3173	[ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3174	])
3175])
3176if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3177	AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3178fi
3179
3180AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3181	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3182	[[ clock_t foo; foo = 1235; ]])],
3183	[ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3184	])
3185])
3186if test "x$ac_cv_have_clock_t" = "xyes" ; then
3187	AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3188fi
3189
3190AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3191	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3192#include <sys/types.h>
3193#include <sys/socket.h>
3194		]], [[ sa_family_t foo; foo = 1235; ]])],
3195	[ ac_cv_have_sa_family_t="yes" ],
3196	[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3197#include <sys/types.h>
3198#include <sys/socket.h>
3199#include <netinet/in.h>
3200		]], [[ sa_family_t foo; foo = 1235; ]])],
3201		[ ac_cv_have_sa_family_t="yes" ],
3202		[ ac_cv_have_sa_family_t="no" ]
3203	)
3204	])
3205])
3206if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3207	AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3208		[define if you have sa_family_t data type])
3209fi
3210
3211AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3212	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3213	[[ pid_t foo; foo = 1235; ]])],
3214	[ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3215	])
3216])
3217if test "x$ac_cv_have_pid_t" = "xyes" ; then
3218	AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3219fi
3220
3221AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3222	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3223	[[ mode_t foo; foo = 1235; ]])],
3224	[ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3225	])
3226])
3227if test "x$ac_cv_have_mode_t" = "xyes" ; then
3228	AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3229fi
3230
3231
3232AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3233	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3234#include <sys/types.h>
3235#include <sys/socket.h>
3236		]], [[ struct sockaddr_storage s; ]])],
3237	[ ac_cv_have_struct_sockaddr_storage="yes" ],
3238	[ ac_cv_have_struct_sockaddr_storage="no"
3239	])
3240])
3241if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3242	AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3243		[define if you have struct sockaddr_storage data type])
3244fi
3245
3246AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3247	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3248#include <sys/types.h>
3249#include <netinet/in.h>
3250		]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3251	[ ac_cv_have_struct_sockaddr_in6="yes" ],
3252	[ ac_cv_have_struct_sockaddr_in6="no"
3253	])
3254])
3255if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3256	AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3257		[define if you have struct sockaddr_in6 data type])
3258fi
3259
3260AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3261	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3262#include <sys/types.h>
3263#include <netinet/in.h>
3264		]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3265	[ ac_cv_have_struct_in6_addr="yes" ],
3266	[ ac_cv_have_struct_in6_addr="no"
3267	])
3268])
3269if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3270	AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3271		[define if you have struct in6_addr data type])
3272
3273dnl Now check for sin6_scope_id
3274	AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3275		[
3276#ifdef HAVE_SYS_TYPES_H
3277#include <sys/types.h>
3278#endif
3279#include <netinet/in.h>
3280		])
3281fi
3282
3283AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3284	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3285#include <sys/types.h>
3286#include <sys/socket.h>
3287#include <netdb.h>
3288		]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3289	[ ac_cv_have_struct_addrinfo="yes" ],
3290	[ ac_cv_have_struct_addrinfo="no"
3291	])
3292])
3293if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3294	AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3295		[define if you have struct addrinfo data type])
3296fi
3297
3298AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3299	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3300	[[ struct timeval tv; tv.tv_sec = 1;]])],
3301	[ ac_cv_have_struct_timeval="yes" ],
3302	[ ac_cv_have_struct_timeval="no"
3303	])
3304])
3305if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3306	AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3307	have_struct_timeval=1
3308fi
3309
3310AC_CHECK_TYPES([struct timespec])
3311
3312# We need int64_t or else certian parts of the compile will fail.
3313if test "x$ac_cv_have_int64_t" = "xno" && \
3314	test "x$ac_cv_sizeof_long_int" != "x8" && \
3315	test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3316	echo "OpenSSH requires int64_t support.  Contact your vendor or install"
3317	echo "an alternative compiler (I.E., GCC) before continuing."
3318	echo ""
3319	exit 1;
3320else
3321dnl test snprintf (broken on SCO w/gcc)
3322	AC_RUN_IFELSE(
3323		[AC_LANG_SOURCE([[
3324#include <stdio.h>
3325#include <string.h>
3326#ifdef HAVE_SNPRINTF
3327main()
3328{
3329	char buf[50];
3330	char expected_out[50];
3331	int mazsize = 50 ;
3332#if (SIZEOF_LONG_INT == 8)
3333	long int num = 0x7fffffffffffffff;
3334#else
3335	long long num = 0x7fffffffffffffffll;
3336#endif
3337	strcpy(expected_out, "9223372036854775807");
3338	snprintf(buf, mazsize, "%lld", num);
3339	if(strcmp(buf, expected_out) != 0)
3340		exit(1);
3341	exit(0);
3342}
3343#else
3344main() { exit(0); }
3345#endif
3346		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3347		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3348	)
3349fi
3350
3351dnl Checks for structure members
3352OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3353OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3354OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3355OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3356OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3357OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3358OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3359OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3360OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3361OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3362OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3363OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3364OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3365OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3366OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3367OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3368OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3369
3370AC_CHECK_MEMBERS([struct stat.st_blksize])
3371AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3372struct passwd.pw_change, struct passwd.pw_expire],
3373[], [], [[
3374#include <sys/types.h>
3375#include <pwd.h>
3376]])
3377
3378AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3379	[Define if we don't have struct __res_state in resolv.h])],
3380[[
3381#include <stdio.h>
3382#if HAVE_SYS_TYPES_H
3383# include <sys/types.h>
3384#endif
3385#include <netinet/in.h>
3386#include <arpa/nameser.h>
3387#include <resolv.h>
3388]])
3389
3390AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3391		ac_cv_have_ss_family_in_struct_ss, [
3392	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3393#include <sys/types.h>
3394#include <sys/socket.h>
3395		]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3396	[ ac_cv_have_ss_family_in_struct_ss="yes" ],
3397	[ ac_cv_have_ss_family_in_struct_ss="no" ])
3398])
3399if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3400	AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3401fi
3402
3403AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3404		ac_cv_have___ss_family_in_struct_ss, [
3405	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3406#include <sys/types.h>
3407#include <sys/socket.h>
3408		]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3409	[ ac_cv_have___ss_family_in_struct_ss="yes" ],
3410	[ ac_cv_have___ss_family_in_struct_ss="no"
3411	])
3412])
3413if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3414	AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3415		[Fields in struct sockaddr_storage])
3416fi
3417
3418dnl make sure we're using the real structure members and not defines
3419AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3420		ac_cv_have_accrights_in_msghdr, [
3421	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3422#include <sys/types.h>
3423#include <sys/socket.h>
3424#include <sys/uio.h>
3425		]], [[
3426#ifdef msg_accrights
3427#error "msg_accrights is a macro"
3428exit(1);
3429#endif
3430struct msghdr m;
3431m.msg_accrights = 0;
3432exit(0);
3433		]])],
3434		[ ac_cv_have_accrights_in_msghdr="yes" ],
3435		[ ac_cv_have_accrights_in_msghdr="no" ]
3436	)
3437])
3438if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3439	AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3440		[Define if your system uses access rights style
3441		file descriptor passing])
3442fi
3443
3444AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3445AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3446#include <sys/param.h>
3447#include <sys/stat.h>
3448#ifdef HAVE_SYS_TIME_H
3449# include <sys/time.h>
3450#endif
3451#ifdef HAVE_SYS_MOUNT_H
3452#include <sys/mount.h>
3453#endif
3454#ifdef HAVE_SYS_STATVFS_H
3455#include <sys/statvfs.h>
3456#endif
3457	]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3458	[ AC_MSG_RESULT([yes]) ],
3459	[ AC_MSG_RESULT([no])
3460
3461	AC_MSG_CHECKING([if fsid_t has member val])
3462	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3463#include <sys/types.h>
3464#include <sys/statvfs.h>
3465	]], [[ fsid_t t; t.val[0] = 0; ]])],
3466	[ AC_MSG_RESULT([yes])
3467	  AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3468	[ AC_MSG_RESULT([no]) ])
3469
3470	AC_MSG_CHECKING([if f_fsid has member __val])
3471	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3472#include <sys/types.h>
3473#include <sys/statvfs.h>
3474	]], [[ fsid_t t; t.__val[0] = 0; ]])],
3475	[ AC_MSG_RESULT([yes])
3476	  AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3477	[ AC_MSG_RESULT([no]) ])
3478])
3479
3480AC_CACHE_CHECK([for msg_control field in struct msghdr],
3481		ac_cv_have_control_in_msghdr, [
3482	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3483#include <sys/types.h>
3484#include <sys/socket.h>
3485#include <sys/uio.h>
3486		]], [[
3487#ifdef msg_control
3488#error "msg_control is a macro"
3489exit(1);
3490#endif
3491struct msghdr m;
3492m.msg_control = 0;
3493exit(0);
3494		]])],
3495		[ ac_cv_have_control_in_msghdr="yes" ],
3496		[ ac_cv_have_control_in_msghdr="no" ]
3497	)
3498])
3499if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3500	AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3501		[Define if your system uses ancillary data style
3502		file descriptor passing])
3503fi
3504
3505AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3506	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3507		[[ extern char *__progname; printf("%s", __progname); ]])],
3508	[ ac_cv_libc_defines___progname="yes" ],
3509	[ ac_cv_libc_defines___progname="no"
3510	])
3511])
3512if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3513	AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3514fi
3515
3516AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3517	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3518		[[ printf("%s", __FUNCTION__); ]])],
3519	[ ac_cv_cc_implements___FUNCTION__="yes" ],
3520	[ ac_cv_cc_implements___FUNCTION__="no"
3521	])
3522])
3523if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3524	AC_DEFINE([HAVE___FUNCTION__], [1],
3525		[Define if compiler implements __FUNCTION__])
3526fi
3527
3528AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3529	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3530		[[ printf("%s", __func__); ]])],
3531	[ ac_cv_cc_implements___func__="yes" ],
3532	[ ac_cv_cc_implements___func__="no"
3533	])
3534])
3535if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3536	AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3537fi
3538
3539AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3540	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3541#include <stdarg.h>
3542va_list x,y;
3543		]], [[ va_copy(x,y); ]])],
3544	[ ac_cv_have_va_copy="yes" ],
3545	[ ac_cv_have_va_copy="no"
3546	])
3547])
3548if test "x$ac_cv_have_va_copy" = "xyes" ; then
3549	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3550fi
3551
3552AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3553	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3554#include <stdarg.h>
3555va_list x,y;
3556		]], [[ __va_copy(x,y); ]])],
3557	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3558	])
3559])
3560if test "x$ac_cv_have___va_copy" = "xyes" ; then
3561	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3562fi
3563
3564AC_CACHE_CHECK([whether getopt has optreset support],
3565		ac_cv_have_getopt_optreset, [
3566	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3567		[[ extern int optreset; optreset = 0; ]])],
3568	[ ac_cv_have_getopt_optreset="yes" ],
3569	[ ac_cv_have_getopt_optreset="no"
3570	])
3571])
3572if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3573	AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3574		[Define if your getopt(3) defines and uses optreset])
3575fi
3576
3577AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3578	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3579[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3580	[ ac_cv_libc_defines_sys_errlist="yes" ],
3581	[ ac_cv_libc_defines_sys_errlist="no"
3582	])
3583])
3584if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3585	AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3586		[Define if your system defines sys_errlist[]])
3587fi
3588
3589
3590AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3591	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3592[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3593	[ ac_cv_libc_defines_sys_nerr="yes" ],
3594	[ ac_cv_libc_defines_sys_nerr="no"
3595	])
3596])
3597if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3598	AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3599fi
3600
3601# Check libraries needed by DNS fingerprint support
3602AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3603	[AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3604		[Define if getrrsetbyname() exists])],
3605	[
3606		# Needed by our getrrsetbyname()
3607		AC_SEARCH_LIBS([res_query], [resolv])
3608		AC_SEARCH_LIBS([dn_expand], [resolv])
3609		AC_MSG_CHECKING([if res_query will link])
3610		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3611#include <sys/types.h>
3612#include <netinet/in.h>
3613#include <arpa/nameser.h>
3614#include <netdb.h>
3615#include <resolv.h>
3616				]], [[
3617	res_query (0, 0, 0, 0, 0);
3618				]])],
3619		    AC_MSG_RESULT([yes]),
3620		   [AC_MSG_RESULT([no])
3621		    saved_LIBS="$LIBS"
3622		    LIBS="$LIBS -lresolv"
3623		    AC_MSG_CHECKING([for res_query in -lresolv])
3624		    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3625#include <sys/types.h>
3626#include <netinet/in.h>
3627#include <arpa/nameser.h>
3628#include <netdb.h>
3629#include <resolv.h>
3630				]], [[
3631	res_query (0, 0, 0, 0, 0);
3632				]])],
3633			[AC_MSG_RESULT([yes])],
3634			[LIBS="$saved_LIBS"
3635			 AC_MSG_RESULT([no])])
3636		    ])
3637		AC_CHECK_FUNCS([_getshort _getlong])
3638		AC_CHECK_DECLS([_getshort, _getlong], , ,
3639		    [#include <sys/types.h>
3640		    #include <arpa/nameser.h>])
3641		AC_CHECK_MEMBER([HEADER.ad],
3642			[AC_DEFINE([HAVE_HEADER_AD], [1],
3643			    [Define if HEADER.ad exists in arpa/nameser.h])], ,
3644			[#include <arpa/nameser.h>])
3645	])
3646
3647AC_MSG_CHECKING([if struct __res_state _res is an extern])
3648AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3649#include <stdio.h>
3650#if HAVE_SYS_TYPES_H
3651# include <sys/types.h>
3652#endif
3653#include <netinet/in.h>
3654#include <arpa/nameser.h>
3655#include <resolv.h>
3656extern struct __res_state _res;
3657		]], [[ ]])],
3658		[AC_MSG_RESULT([yes])
3659		 AC_DEFINE([HAVE__RES_EXTERN], [1],
3660		    [Define if you have struct __res_state _res as an extern])
3661		],
3662		[ AC_MSG_RESULT([no]) ]
3663)
3664
3665# Check whether user wants SELinux support
3666SELINUX_MSG="no"
3667LIBSELINUX=""
3668AC_ARG_WITH([selinux],
3669	[  --with-selinux          Enable SELinux support],
3670	[ if test "x$withval" != "xno" ; then
3671		save_LIBS="$LIBS"
3672		AC_DEFINE([WITH_SELINUX], [1],
3673			[Define if you want SELinux support.])
3674		SELINUX_MSG="yes"
3675		AC_CHECK_HEADER([selinux/selinux.h], ,
3676			AC_MSG_ERROR([SELinux support requires selinux.h header]))
3677		AC_CHECK_LIB([selinux], [setexeccon],
3678			[ LIBSELINUX="-lselinux"
3679			  LIBS="$LIBS -lselinux"
3680			],
3681			AC_MSG_ERROR([SELinux support requires libselinux library]))
3682		SSHLIBS="$SSHLIBS $LIBSELINUX"
3683		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3684		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3685		LIBS="$save_LIBS"
3686	fi ]
3687)
3688AC_SUBST([SSHLIBS])
3689AC_SUBST([SSHDLIBS])
3690
3691# Check whether user wants Kerberos 5 support
3692KRB5_MSG="no"
3693AC_ARG_WITH([kerberos5],
3694	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
3695	[ if test "x$withval" != "xno" ; then
3696		if test "x$withval" = "xyes" ; then
3697			KRB5ROOT="/usr/local"
3698		else
3699			KRB5ROOT=${withval}
3700		fi
3701
3702		AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3703		KRB5_MSG="yes"
3704
3705		AC_PATH_PROG([KRB5CONF], [krb5-config],
3706			     [$KRB5ROOT/bin/krb5-config],
3707			     [$KRB5ROOT/bin:$PATH])
3708		if test -x $KRB5CONF ; then
3709			K5CFLAGS="`$KRB5CONF --cflags`"
3710			K5LIBS="`$KRB5CONF --libs`"
3711			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3712
3713			AC_MSG_CHECKING([for gssapi support])
3714			if $KRB5CONF | grep gssapi >/dev/null ; then
3715				AC_MSG_RESULT([yes])
3716				AC_DEFINE([GSSAPI], [1],
3717					[Define this if you want GSSAPI
3718					support in the version 2 protocol])
3719				GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
3720				GSSLIBS="`$KRB5CONF --libs gssapi`"
3721				CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
3722			else
3723				AC_MSG_RESULT([no])
3724			fi
3725			AC_MSG_CHECKING([whether we are using Heimdal])
3726			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3727				]], [[ char *tmp = heimdal_version; ]])],
3728				[ AC_MSG_RESULT([yes])
3729				AC_DEFINE([HEIMDAL], [1],
3730				[Define this if you are using the Heimdal
3731				version of Kerberos V5]) ],
3732				[AC_MSG_RESULT([no])
3733			])
3734		else
3735			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3736			LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3737			AC_MSG_CHECKING([whether we are using Heimdal])
3738			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3739				]], [[ char *tmp = heimdal_version; ]])],
3740					[ AC_MSG_RESULT([yes])
3741					 AC_DEFINE([HEIMDAL])
3742					 K5LIBS="-lkrb5"
3743					 K5LIBS="$K5LIBS -lcom_err -lasn1"
3744					 AC_CHECK_LIB([roken], [net_write],
3745					   [K5LIBS="$K5LIBS -lroken"])
3746					 AC_CHECK_LIB([des], [des_cbc_encrypt],
3747					   [K5LIBS="$K5LIBS -ldes"])
3748				       ], [ AC_MSG_RESULT([no])
3749					 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3750
3751			])
3752			AC_SEARCH_LIBS([dn_expand], [resolv])
3753
3754			AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3755				[ AC_DEFINE([GSSAPI])
3756				  GSSLIBS="-lgssapi_krb5" ],
3757				[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3758					[ AC_DEFINE([GSSAPI])
3759					  GSSLIBS="-lgssapi" ],
3760					[ AC_CHECK_LIB([gss], [gss_init_sec_context],
3761						[ AC_DEFINE([GSSAPI])
3762						  GSSLIBS="-lgss" ],
3763						AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
3764					])
3765				])
3766
3767			AC_CHECK_HEADER([gssapi.h], ,
3768				[ unset ac_cv_header_gssapi_h
3769				  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3770				  AC_CHECK_HEADERS([gssapi.h], ,
3771					AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3772				  )
3773				]
3774			)
3775
3776			oldCPP="$CPPFLAGS"
3777			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3778			AC_CHECK_HEADER([gssapi_krb5.h], ,
3779					[ CPPFLAGS="$oldCPP" ])
3780
3781		fi
3782		if test ! -z "$need_dash_r" ; then
3783			LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3784		fi
3785		if test ! -z "$blibpath" ; then
3786			blibpath="$blibpath:${KRB5ROOT}/lib"
3787		fi
3788
3789		AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
3790		AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
3791		AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
3792
3793		AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
3794			[Define this if you want to use libkafs' AFS support])])
3795
3796		AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
3797#ifdef HAVE_GSSAPI_H
3798# include <gssapi.h>
3799#elif defined(HAVE_GSSAPI_GSSAPI_H)
3800# include <gssapi/gssapi.h>
3801#endif
3802
3803#ifdef HAVE_GSSAPI_GENERIC_H
3804# include <gssapi_generic.h>
3805#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
3806# include <gssapi/gssapi_generic.h>
3807#endif
3808		]])
3809		saved_LIBS="$LIBS"
3810		LIBS="$LIBS $K5LIBS"
3811		AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
3812		LIBS="$saved_LIBS"
3813
3814	fi
3815	]
3816)
3817AC_SUBST([GSSLIBS])
3818AC_SUBST([K5LIBS])
3819
3820# Looking for programs, paths and files
3821
3822PRIVSEP_PATH=/var/empty
3823AC_ARG_WITH([privsep-path],
3824	[  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3825	[
3826		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3827		    test "x${withval}" != "xyes"; then
3828			PRIVSEP_PATH=$withval
3829		fi
3830	]
3831)
3832AC_SUBST([PRIVSEP_PATH])
3833
3834AC_ARG_WITH([xauth],
3835	[  --with-xauth=PATH       Specify path to xauth program ],
3836	[
3837		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3838		    test "x${withval}" != "xyes"; then
3839			xauth_path=$withval
3840		fi
3841	],
3842	[
3843		TestPath="$PATH"
3844		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3845		TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3846		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3847		TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3848		AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
3849		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3850			xauth_path="/usr/openwin/bin/xauth"
3851		fi
3852	]
3853)
3854
3855STRIP_OPT=-s
3856AC_ARG_ENABLE([strip],
3857	[  --disable-strip         Disable calling strip(1) on install],
3858	[
3859		if test "x$enableval" = "xno" ; then
3860			STRIP_OPT=
3861		fi
3862	]
3863)
3864AC_SUBST([STRIP_OPT])
3865
3866if test -z "$xauth_path" ; then
3867	XAUTH_PATH="undefined"
3868	AC_SUBST([XAUTH_PATH])
3869else
3870	AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
3871		[Define if xauth is found in your path])
3872	XAUTH_PATH=$xauth_path
3873	AC_SUBST([XAUTH_PATH])
3874fi
3875
3876dnl # --with-maildir=/path/to/mail gets top priority.
3877dnl # if maildir is set in the platform case statement above we use that.
3878dnl # Otherwise we run a program to get the dir from system headers.
3879dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
3880dnl # If we find _PATH_MAILDIR we do nothing because that is what
3881dnl # session.c expects anyway. Otherwise we set to the value found
3882dnl # stripping any trailing slash. If for some strage reason our program
3883dnl # does not find what it needs, we default to /var/spool/mail.
3884# Check for mail directory
3885AC_ARG_WITH([maildir],
3886    [  --with-maildir=/path/to/mail    Specify your system mail directory],
3887    [
3888	if test "X$withval" != X  &&  test "x$withval" != xno  &&  \
3889	    test "x${withval}" != xyes; then
3890		AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
3891            [Set this to your mail directory if you do not have _PATH_MAILDIR])
3892	    fi
3893     ],[
3894	if test "X$maildir" != "X"; then
3895	    AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3896	else
3897	    AC_MSG_CHECKING([Discovering system mail directory])
3898	    AC_RUN_IFELSE(
3899		[AC_LANG_PROGRAM([[
3900#include <stdio.h>
3901#include <string.h>
3902#ifdef HAVE_PATHS_H
3903#include <paths.h>
3904#endif
3905#ifdef HAVE_MAILLOCK_H
3906#include <maillock.h>
3907#endif
3908#define DATA "conftest.maildir"
3909	]], [[
3910	FILE *fd;
3911	int rc;
3912
3913	fd = fopen(DATA,"w");
3914	if(fd == NULL)
3915		exit(1);
3916
3917#if defined (_PATH_MAILDIR)
3918	if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
3919		exit(1);
3920#elif defined (MAILDIR)
3921	if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
3922		exit(1);
3923#elif defined (_PATH_MAIL)
3924	if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
3925		exit(1);
3926#else
3927	exit (2);
3928#endif
3929
3930	exit(0);
3931		]])],
3932		[
3933	 	    maildir_what=`awk -F: '{print $1}' conftest.maildir`
3934		    maildir=`awk -F: '{print $2}' conftest.maildir \
3935			| sed 's|/$||'`
3936		    AC_MSG_RESULT([Using: $maildir from $maildir_what])
3937		    if test "x$maildir_what" != "x_PATH_MAILDIR"; then
3938			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3939		    fi
3940		],
3941		[
3942		    if test "X$ac_status" = "X2";then
3943# our test program didn't find it. Default to /var/spool/mail
3944			AC_MSG_RESULT([Using: default value of /var/spool/mail])
3945			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
3946		     else
3947			AC_MSG_RESULT([*** not found ***])
3948		     fi
3949		],
3950		[
3951			AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
3952		]
3953	    )
3954	fi
3955    ]
3956) # maildir
3957
3958if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3959	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3960	disable_ptmx_check=yes
3961fi
3962if test -z "$no_dev_ptmx" ; then
3963	if test "x$disable_ptmx_check" != "xyes" ; then
3964		AC_CHECK_FILE(["/dev/ptmx"],
3965			[
3966				AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
3967					[Define if you have /dev/ptmx])
3968				have_dev_ptmx=1
3969			]
3970		)
3971	fi
3972fi
3973
3974if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3975	AC_CHECK_FILE(["/dev/ptc"],
3976		[
3977			AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
3978				[Define if you have /dev/ptc])
3979			have_dev_ptc=1
3980		]
3981	)
3982else
3983	AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3984fi
3985
3986# Options from here on. Some of these are preset by platform above
3987AC_ARG_WITH([mantype],
3988	[  --with-mantype=man|cat|doc  Set man page type],
3989	[
3990		case "$withval" in
3991		man|cat|doc)
3992			MANTYPE=$withval
3993			;;
3994		*)
3995			AC_MSG_ERROR([invalid man type: $withval])
3996			;;
3997		esac
3998	]
3999)
4000if test -z "$MANTYPE"; then
4001	TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4002	AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4003	if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4004		MANTYPE=doc
4005	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4006		MANTYPE=man
4007	else
4008		MANTYPE=cat
4009	fi
4010fi
4011AC_SUBST([MANTYPE])
4012if test "$MANTYPE" = "doc"; then
4013	mansubdir=man;
4014else
4015	mansubdir=$MANTYPE;
4016fi
4017AC_SUBST([mansubdir])
4018
4019# Check whether to enable MD5 passwords
4020MD5_MSG="no"
4021AC_ARG_WITH([md5-passwords],
4022	[  --with-md5-passwords    Enable use of MD5 passwords],
4023	[
4024		if test "x$withval" != "xno" ; then
4025			AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4026				[Define if you want to allow MD5 passwords])
4027			MD5_MSG="yes"
4028		fi
4029	]
4030)
4031
4032# Whether to disable shadow password support
4033AC_ARG_WITH([shadow],
4034	[  --without-shadow        Disable shadow password support],
4035	[
4036		if test "x$withval" = "xno" ; then
4037			AC_DEFINE([DISABLE_SHADOW])
4038			disable_shadow=yes
4039		fi
4040	]
4041)
4042
4043if test -z "$disable_shadow" ; then
4044	AC_MSG_CHECKING([if the systems has expire shadow information])
4045	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4046#include <sys/types.h>
4047#include <shadow.h>
4048struct spwd sp;
4049		]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4050		[ sp_expire_available=yes ], [
4051	])
4052
4053	if test "x$sp_expire_available" = "xyes" ; then
4054		AC_MSG_RESULT([yes])
4055		AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4056		    [Define if you want to use shadow password expire field])
4057	else
4058		AC_MSG_RESULT([no])
4059	fi
4060fi
4061
4062# Use ip address instead of hostname in $DISPLAY
4063if test ! -z "$IPADDR_IN_DISPLAY" ; then
4064	DISPLAY_HACK_MSG="yes"
4065	AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4066		[Define if you need to use IP address
4067		instead of hostname in $DISPLAY])
4068else
4069	DISPLAY_HACK_MSG="no"
4070	AC_ARG_WITH([ipaddr-display],
4071		[  --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY],
4072		[
4073			if test "x$withval" != "xno" ; then
4074				AC_DEFINE([IPADDR_IN_DISPLAY])
4075				DISPLAY_HACK_MSG="yes"
4076			fi
4077		]
4078	)
4079fi
4080
4081# check for /etc/default/login and use it if present.
4082AC_ARG_ENABLE([etc-default-login],
4083	[  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4084	[ if test "x$enableval" = "xno"; then
4085		AC_MSG_NOTICE([/etc/default/login handling disabled])
4086		etc_default_login=no
4087	  else
4088		etc_default_login=yes
4089	  fi ],
4090	[ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4091	  then
4092		AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4093		etc_default_login=no
4094	  else
4095		etc_default_login=yes
4096	  fi ]
4097)
4098
4099if test "x$etc_default_login" != "xno"; then
4100	AC_CHECK_FILE(["/etc/default/login"],
4101	    [ external_path_file=/etc/default/login ])
4102	if test "x$external_path_file" = "x/etc/default/login"; then
4103		AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4104			[Define if your system has /etc/default/login])
4105	fi
4106fi
4107
4108dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4109if test $ac_cv_func_login_getcapbool = "yes" && \
4110	test $ac_cv_header_login_cap_h = "yes" ; then
4111	external_path_file=/etc/login.conf
4112fi
4113
4114# Whether to mess with the default path
4115SERVER_PATH_MSG="(default)"
4116AC_ARG_WITH([default-path],
4117	[  --with-default-path=    Specify default \$PATH environment for server],
4118	[
4119		if test "x$external_path_file" = "x/etc/login.conf" ; then
4120			AC_MSG_WARN([
4121--with-default-path=PATH has no effect on this system.
4122Edit /etc/login.conf instead.])
4123		elif test "x$withval" != "xno" ; then
4124			if test ! -z "$external_path_file" ; then
4125				AC_MSG_WARN([
4126--with-default-path=PATH will only be used if PATH is not defined in
4127$external_path_file .])
4128			fi
4129			user_path="$withval"
4130			SERVER_PATH_MSG="$withval"
4131		fi
4132	],
4133	[ if test "x$external_path_file" = "x/etc/login.conf" ; then
4134		AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4135	else
4136		if test ! -z "$external_path_file" ; then
4137			AC_MSG_WARN([
4138If PATH is defined in $external_path_file, ensure the path to scp is included,
4139otherwise scp will not work.])
4140		fi
4141		AC_RUN_IFELSE(
4142			[AC_LANG_PROGRAM([[
4143/* find out what STDPATH is */
4144#include <stdio.h>
4145#ifdef HAVE_PATHS_H
4146# include <paths.h>
4147#endif
4148#ifndef _PATH_STDPATH
4149# ifdef _PATH_USERPATH	/* Irix */
4150#  define _PATH_STDPATH _PATH_USERPATH
4151# else
4152#  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4153# endif
4154#endif
4155#include <sys/types.h>
4156#include <sys/stat.h>
4157#include <fcntl.h>
4158#define DATA "conftest.stdpath"
4159			]], [[
4160	FILE *fd;
4161	int rc;
4162
4163	fd = fopen(DATA,"w");
4164	if(fd == NULL)
4165		exit(1);
4166
4167	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4168		exit(1);
4169
4170	exit(0);
4171		]])],
4172		[ user_path=`cat conftest.stdpath` ],
4173		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4174		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4175	)
4176# make sure $bindir is in USER_PATH so scp will work
4177		t_bindir="${bindir}"
4178		while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4179			t_bindir=`eval echo ${t_bindir}`
4180			case $t_bindir in
4181				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4182			esac
4183			case $t_bindir in
4184				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4185			esac
4186		done
4187		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
4188		if test $? -ne 0  ; then
4189			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
4190			if test $? -ne 0  ; then
4191				user_path=$user_path:$t_bindir
4192				AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4193			fi
4194		fi
4195	fi ]
4196)
4197if test "x$external_path_file" != "x/etc/login.conf" ; then
4198	AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4199	AC_SUBST([user_path])
4200fi
4201
4202# Set superuser path separately to user path
4203AC_ARG_WITH([superuser-path],
4204	[  --with-superuser-path=  Specify different path for super-user],
4205	[
4206		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4207		    test "x${withval}" != "xyes"; then
4208			AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4209				[Define if you want a different $PATH
4210				for the superuser])
4211			superuser_path=$withval
4212		fi
4213	]
4214)
4215
4216
4217AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4218IPV4_IN6_HACK_MSG="no"
4219AC_ARG_WITH(4in6,
4220	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
4221	[
4222		if test "x$withval" != "xno" ; then
4223			AC_MSG_RESULT([yes])
4224			AC_DEFINE([IPV4_IN_IPV6], [1],
4225				[Detect IPv4 in IPv6 mapped addresses
4226				and treat as IPv4])
4227			IPV4_IN6_HACK_MSG="yes"
4228		else
4229			AC_MSG_RESULT([no])
4230		fi
4231	], [
4232		if test "x$inet6_default_4in6" = "xyes"; then
4233			AC_MSG_RESULT([yes (default)])
4234			AC_DEFINE([IPV4_IN_IPV6])
4235			IPV4_IN6_HACK_MSG="yes"
4236		else
4237			AC_MSG_RESULT([no (default)])
4238		fi
4239	]
4240)
4241
4242# Whether to enable BSD auth support
4243BSD_AUTH_MSG=no
4244AC_ARG_WITH([bsd-auth],
4245	[  --with-bsd-auth         Enable BSD auth support],
4246	[
4247		if test "x$withval" != "xno" ; then
4248			AC_DEFINE([BSD_AUTH], [1],
4249				[Define if you have BSD auth support])
4250			BSD_AUTH_MSG=yes
4251		fi
4252	]
4253)
4254
4255# Where to place sshd.pid
4256piddir=/var/run
4257# make sure the directory exists
4258if test ! -d $piddir ; then
4259	piddir=`eval echo ${sysconfdir}`
4260	case $piddir in
4261		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4262	esac
4263fi
4264
4265AC_ARG_WITH([pid-dir],
4266	[  --with-pid-dir=PATH     Specify location of ssh.pid file],
4267	[
4268		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4269		    test "x${withval}" != "xyes"; then
4270			piddir=$withval
4271			if test ! -d $piddir ; then
4272			AC_MSG_WARN([** no $piddir directory on this system **])
4273			fi
4274		fi
4275	]
4276)
4277
4278AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4279	[Specify location of ssh.pid])
4280AC_SUBST([piddir])
4281
4282dnl allow user to disable some login recording features
4283AC_ARG_ENABLE([lastlog],
4284	[  --disable-lastlog       disable use of lastlog even if detected [no]],
4285	[
4286		if test "x$enableval" = "xno" ; then
4287			AC_DEFINE([DISABLE_LASTLOG])
4288		fi
4289	]
4290)
4291AC_ARG_ENABLE([utmp],
4292	[  --disable-utmp          disable use of utmp even if detected [no]],
4293	[
4294		if test "x$enableval" = "xno" ; then
4295			AC_DEFINE([DISABLE_UTMP])
4296		fi
4297	]
4298)
4299AC_ARG_ENABLE([utmpx],
4300	[  --disable-utmpx         disable use of utmpx even if detected [no]],
4301	[
4302		if test "x$enableval" = "xno" ; then
4303			AC_DEFINE([DISABLE_UTMPX], [1],
4304				[Define if you don't want to use utmpx])
4305		fi
4306	]
4307)
4308AC_ARG_ENABLE([wtmp],
4309	[  --disable-wtmp          disable use of wtmp even if detected [no]],
4310	[
4311		if test "x$enableval" = "xno" ; then
4312			AC_DEFINE([DISABLE_WTMP])
4313		fi
4314	]
4315)
4316AC_ARG_ENABLE([wtmpx],
4317	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
4318	[
4319		if test "x$enableval" = "xno" ; then
4320			AC_DEFINE([DISABLE_WTMPX], [1],
4321				[Define if you don't want to use wtmpx])
4322		fi
4323	]
4324)
4325AC_ARG_ENABLE([libutil],
4326	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
4327	[
4328		if test "x$enableval" = "xno" ; then
4329			AC_DEFINE([DISABLE_LOGIN])
4330		fi
4331	]
4332)
4333AC_ARG_ENABLE([pututline],
4334	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
4335	[
4336		if test "x$enableval" = "xno" ; then
4337			AC_DEFINE([DISABLE_PUTUTLINE], [1],
4338				[Define if you don't want to use pututline()
4339				etc. to write [uw]tmp])
4340		fi
4341	]
4342)
4343AC_ARG_ENABLE([pututxline],
4344	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
4345	[
4346		if test "x$enableval" = "xno" ; then
4347			AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4348				[Define if you don't want to use pututxline()
4349				etc. to write [uw]tmpx])
4350		fi
4351	]
4352)
4353AC_ARG_WITH([lastlog],
4354  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4355	[
4356		if test "x$withval" = "xno" ; then
4357			AC_DEFINE([DISABLE_LASTLOG])
4358		elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
4359			conf_lastlog_location=$withval
4360		fi
4361	]
4362)
4363
4364dnl lastlog, [uw]tmpx? detection
4365dnl  NOTE: set the paths in the platform section to avoid the
4366dnl   need for command-line parameters
4367dnl lastlog and [uw]tmp are subject to a file search if all else fails
4368
4369dnl lastlog detection
4370dnl  NOTE: the code itself will detect if lastlog is a directory
4371AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4372AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4373#include <sys/types.h>
4374#include <utmp.h>
4375#ifdef HAVE_LASTLOG_H
4376#  include <lastlog.h>
4377#endif
4378#ifdef HAVE_PATHS_H
4379#  include <paths.h>
4380#endif
4381#ifdef HAVE_LOGIN_H
4382# include <login.h>
4383#endif
4384	]], [[ char *lastlog = LASTLOG_FILE; ]])],
4385		[ AC_MSG_RESULT([yes]) ],
4386		[
4387		AC_MSG_RESULT([no])
4388		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4389		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4390#include <sys/types.h>
4391#include <utmp.h>
4392#ifdef HAVE_LASTLOG_H
4393#  include <lastlog.h>
4394#endif
4395#ifdef HAVE_PATHS_H
4396#  include <paths.h>
4397#endif
4398		]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4399		[ AC_MSG_RESULT([yes]) ],
4400		[
4401			AC_MSG_RESULT([no])
4402			system_lastlog_path=no
4403		])
4404])
4405
4406if test -z "$conf_lastlog_location"; then
4407	if test x"$system_lastlog_path" = x"no" ; then
4408		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4409				if (test -d "$f" || test -f "$f") ; then
4410					conf_lastlog_location=$f
4411				fi
4412		done
4413		if test -z "$conf_lastlog_location"; then
4414			AC_MSG_WARN([** Cannot find lastlog **])
4415			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4416		fi
4417	fi
4418fi
4419
4420if test -n "$conf_lastlog_location"; then
4421	AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4422		[Define if you want to specify the path to your lastlog file])
4423fi
4424
4425dnl utmp detection
4426AC_MSG_CHECKING([if your system defines UTMP_FILE])
4427AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4428#include <sys/types.h>
4429#include <utmp.h>
4430#ifdef HAVE_PATHS_H
4431#  include <paths.h>
4432#endif
4433	]], [[ char *utmp = UTMP_FILE; ]])],
4434	[ AC_MSG_RESULT([yes]) ],
4435	[ AC_MSG_RESULT([no])
4436	  system_utmp_path=no
4437])
4438if test -z "$conf_utmp_location"; then
4439	if test x"$system_utmp_path" = x"no" ; then
4440		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4441			if test -f $f ; then
4442				conf_utmp_location=$f
4443			fi
4444		done
4445		if test -z "$conf_utmp_location"; then
4446			AC_DEFINE([DISABLE_UTMP])
4447		fi
4448	fi
4449fi
4450if test -n "$conf_utmp_location"; then
4451	AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4452		[Define if you want to specify the path to your utmp file])
4453fi
4454
4455dnl wtmp detection
4456AC_MSG_CHECKING([if your system defines WTMP_FILE])
4457AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4458#include <sys/types.h>
4459#include <utmp.h>
4460#ifdef HAVE_PATHS_H
4461#  include <paths.h>
4462#endif
4463	]], [[ char *wtmp = WTMP_FILE; ]])],
4464	[ AC_MSG_RESULT([yes]) ],
4465	[ AC_MSG_RESULT([no])
4466	  system_wtmp_path=no
4467])
4468if test -z "$conf_wtmp_location"; then
4469	if test x"$system_wtmp_path" = x"no" ; then
4470		for f in /usr/adm/wtmp /var/log/wtmp; do
4471			if test -f $f ; then
4472				conf_wtmp_location=$f
4473			fi
4474		done
4475		if test -z "$conf_wtmp_location"; then
4476			AC_DEFINE([DISABLE_WTMP])
4477		fi
4478	fi
4479fi
4480if test -n "$conf_wtmp_location"; then
4481	AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4482		[Define if you want to specify the path to your wtmp file])
4483fi
4484
4485dnl wtmpx detection
4486AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4487AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4488#include <sys/types.h>
4489#include <utmp.h>
4490#ifdef HAVE_UTMPX_H
4491#include <utmpx.h>
4492#endif
4493#ifdef HAVE_PATHS_H
4494#  include <paths.h>
4495#endif
4496	]], [[ char *wtmpx = WTMPX_FILE; ]])],
4497	[ AC_MSG_RESULT([yes]) ],
4498	[ AC_MSG_RESULT([no])
4499	  system_wtmpx_path=no
4500])
4501if test -z "$conf_wtmpx_location"; then
4502	if test x"$system_wtmpx_path" = x"no" ; then
4503		AC_DEFINE([DISABLE_WTMPX])
4504	fi
4505else
4506	AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4507		[Define if you want to specify the path to your wtmpx file])
4508fi
4509
4510
4511if test ! -z "$blibpath" ; then
4512	LDFLAGS="$LDFLAGS $blibflags$blibpath"
4513	AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4514fi
4515
4516AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4517    if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4518	AC_DEFINE([DISABLE_LASTLOG])
4519    fi
4520	], [
4521#ifdef HAVE_SYS_TYPES_H
4522#include <sys/types.h>
4523#endif
4524#ifdef HAVE_UTMP_H
4525#include <utmp.h>
4526#endif
4527#ifdef HAVE_UTMPX_H
4528#include <utmpx.h>
4529#endif
4530#ifdef HAVE_LASTLOG_H
4531#include <lastlog.h>
4532#endif
4533	])
4534
4535AC_CHECK_MEMBER([struct utmp.ut_line], [], [
4536	AC_DEFINE([DISABLE_UTMP])
4537	AC_DEFINE([DISABLE_WTMP])
4538	], [
4539#ifdef HAVE_SYS_TYPES_H
4540#include <sys/types.h>
4541#endif
4542#ifdef HAVE_UTMP_H
4543#include <utmp.h>
4544#endif
4545#ifdef HAVE_UTMPX_H
4546#include <utmpx.h>
4547#endif
4548#ifdef HAVE_LASTLOG_H
4549#include <lastlog.h>
4550#endif
4551	])
4552
4553dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4554dnl Add now.
4555CFLAGS="$CFLAGS $werror_flags"
4556
4557if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4558	TEST_SSH_IPV6=no
4559else
4560	TEST_SSH_IPV6=yes
4561fi
4562AC_CHECK_DECL([BROKEN_GETADDRINFO],  [TEST_SSH_IPV6=no])
4563AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4564AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
4565
4566AC_EXEEXT
4567AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4568	openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4569	survey.sh])
4570AC_OUTPUT
4571
4572# Print summary of options
4573
4574# Someone please show me a better way :)
4575A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4576B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4577C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4578D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4579E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4580F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4581G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4582H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4583I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4584J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4585
4586echo ""
4587echo "OpenSSH has been configured with the following options:"
4588echo "                     User binaries: $B"
4589echo "                   System binaries: $C"
4590echo "               Configuration files: $D"
4591echo "                   Askpass program: $E"
4592echo "                      Manual pages: $F"
4593echo "                          PID file: $G"
4594echo "  Privilege separation chroot path: $H"
4595if test "x$external_path_file" = "x/etc/login.conf" ; then
4596echo "   At runtime, sshd will use the path defined in $external_path_file"
4597echo "   Make sure the path to scp is present, otherwise scp will not work"
4598else
4599echo "            sshd default user PATH: $I"
4600	if test ! -z "$external_path_file"; then
4601echo "   (If PATH is set in $external_path_file it will be used instead. If"
4602echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
4603	fi
4604fi
4605if test ! -z "$superuser_path" ; then
4606echo "          sshd superuser user PATH: $J"
4607fi
4608echo "                    Manpage format: $MANTYPE"
4609echo "                       PAM support: $PAM_MSG"
4610echo "                   OSF SIA support: $SIA_MSG"
4611echo "                 KerberosV support: $KRB5_MSG"
4612echo "                   SELinux support: $SELINUX_MSG"
4613echo "                 Smartcard support: $SCARD_MSG"
4614echo "                     S/KEY support: $SKEY_MSG"
4615echo "              TCP Wrappers support: $TCPW_MSG"
4616echo "              MD5 password support: $MD5_MSG"
4617echo "                   libedit support: $LIBEDIT_MSG"
4618echo "  Solaris process contract support: $SPC_MSG"
4619echo "           Solaris project support: $SP_MSG"
4620echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4621echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4622echo "                  BSD Auth support: $BSD_AUTH_MSG"
4623echo "              Random number source: $RAND_MSG"
4624echo "             Privsep sandbox style: $SANDBOX_STYLE"
4625
4626echo ""
4627
4628echo "              Host: ${host}"
4629echo "          Compiler: ${CC}"
4630echo "    Compiler flags: ${CFLAGS}"
4631echo "Preprocessor flags: ${CPPFLAGS}"
4632echo "      Linker flags: ${LDFLAGS}"
4633echo "         Libraries: ${LIBS}"
4634if test ! -z "${SSHDLIBS}"; then
4635echo "         +for sshd: ${SSHDLIBS}"
4636fi
4637if test ! -z "${SSHLIBS}"; then
4638echo "          +for ssh: ${SSHLIBS}"
4639fi
4640
4641echo ""
4642
4643if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4644	echo "SVR4 style packages are supported with \"make package\""
4645	echo ""
4646fi
4647
4648if test "x$PAM_MSG" = "xyes" ; then
4649	echo "PAM is enabled. You may need to install a PAM control file "
4650	echo "for sshd, otherwise password authentication may fail. "
4651	echo "Example PAM control files can be found in the contrib/ "
4652	echo "subdirectory"
4653	echo ""
4654fi
4655
4656if test ! -z "$NO_PEERCHECK" ; then
4657	echo "WARNING: the operating system that you are using does not"
4658	echo "appear to support getpeereid(), getpeerucred() or the"
4659	echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4660	echo "enforce security checks to prevent unauthorised connections to"
4661	echo "ssh-agent. Their absence increases the risk that a malicious"
4662	echo "user can connect to your agent."
4663	echo ""
4664fi
4665
4666if test "$AUDIT_MODULE" = "bsm" ; then
4667	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4668	echo "See the Solaris section in README.platform for details."
4669fi
4670