xref: /freebsd/crypto/openssh/configure.ac (revision 78ae60b447ebf420dd5cebfec30480866fd5cef4)
1#
2# Copyright (c) 1999-2004 Damien Miller
3#
4# Permission to use, copy, modify, and distribute this software for any
5# purpose with or without fee is hereby granted, provided that the above
6# copyright notice and this permission notice appear in all copies.
7#
8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15
16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17AC_CONFIG_MACRO_DIR([m4])
18AC_CONFIG_SRCDIR([ssh.c])
19
20# Check for stale configure as early as possible.
21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do
22	if test "$i" -nt "$srcdir/configure"; then
23		AC_MSG_ERROR([$i newer than configure, run autoreconf])
24	fi
25done
26
27AC_LANG([C])
28
29AC_CONFIG_HEADERS([config.h])
30AC_PROG_CC([cc gcc clang])
31
32# XXX relax this after reimplementing logit() etc.
33AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
35int f(int a, int b, int c) { return a + b + c; }
36#define F(a, ...) f(a, __VA_ARGS__)
37]], [[return F(1, 2, -3);]])],
38	[ AC_MSG_RESULT([yes]) ],
39	[ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
40)
41
42AC_CANONICAL_HOST
43AC_C_BIGENDIAN
44
45# Checks for programs.
46AC_PROG_AWK
47AC_PROG_CPP
48AC_PROG_RANLIB
49AC_PROG_INSTALL
50AC_PROG_EGREP
51AC_PROG_MKDIR_P
52AC_CHECK_TOOLS([AR], [ar])
53AC_PATH_PROG([CAT], [cat])
54AC_PATH_PROG([KILL], [kill])
55AC_PATH_PROG([SED], [sed])
56AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
58AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
59AC_PATH_PROG([SH], [bash])
60AC_PATH_PROG([SH], [ksh])
61AC_PATH_PROG([SH], [sh])
62AC_PATH_PROG([GROFF], [groff])
63AC_PATH_PROG([NROFF], [nroff awf])
64AC_PATH_PROG([MANDOC], [mandoc])
65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
66AC_SUBST([TEST_SHELL], [sh])
67
68dnl select manpage formatter to be used to build "cat" format pages.
69if test "x$MANDOC" != "x" ; then
70	MANFMT="$MANDOC"
71elif test "x$NROFF" != "x" ; then
72	MANFMT="$NROFF -mandoc"
73elif test "x$GROFF" != "x" ; then
74	MANFMT="$GROFF -mandoc -Tascii"
75else
76	AC_MSG_WARN([no manpage formatter found])
77	MANFMT="false"
78fi
79AC_SUBST([MANFMT])
80
81dnl for buildpkg.sh
82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
83	[/usr/sbin${PATH_SEPARATOR}/etc])
84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
85	[/usr/sbin${PATH_SEPARATOR}/etc])
86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
87if test -x /sbin/sh; then
88	AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
89else
90	AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
91fi
92
93# System features
94AC_SYS_LARGEFILE
95
96if test -z "$AR" ; then
97	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
98fi
99
100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
101if test ! -z "$PATH_PASSWD_PROG" ; then
102	AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
103		[Full path of your "passwd" program])
104fi
105
106dnl Since autoconf doesn't support it very well,  we no longer allow users to
107dnl override LD, however keeping the hook here for now in case there's a use
108dnl use case we overlooked and someone needs to re-enable it.  Unless a good
109dnl reason is found we'll be removing this in future.
110LD="$CC"
111AC_SUBST([LD])
112
113AC_C_INLINE
114
115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
118	#include <sys/types.h>
119	#include <sys/param.h>
120	#include <dev/systrace.h>
121])
122AC_CHECK_DECL([RLIMIT_NPROC],
123    [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
124	#include <sys/types.h>
125	#include <sys/resource.h>
126])
127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
128	#include <sys/types.h>
129	#include <linux/prctl.h>
130])
131
132openssl=yes
133openssl_bin=openssl
134AC_ARG_WITH([openssl],
135	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
136	[  if test "x$withval" = "xno" ; then
137		openssl=no
138		openssl_bin=""
139	   fi
140	]
141)
142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
143if test "x$openssl" = "xyes" ; then
144	AC_MSG_RESULT([yes])
145	AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
146else
147	AC_MSG_RESULT([no])
148fi
149
150use_stack_protector=1
151use_toolchain_hardening=1
152AC_ARG_WITH([stackprotect],
153    [  --without-stackprotect  Don't use compiler's stack protection], [
154    if test "x$withval" = "xno"; then
155	use_stack_protector=0
156    fi ])
157AC_ARG_WITH([hardening],
158    [  --without-hardening     Don't use toolchain hardening flags], [
159    if test "x$withval" = "xno"; then
160	use_toolchain_hardening=0
161    fi ])
162
163# We use -Werror for the tests only so that we catch warnings like "this is
164# on by default" for things like -fPIE.
165AC_MSG_CHECKING([if $CC supports -Werror])
166saved_CFLAGS="$CFLAGS"
167CFLAGS="$CFLAGS -Werror"
168AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
169	[ AC_MSG_RESULT([yes])
170	  WERROR="-Werror"],
171	[ AC_MSG_RESULT([no])
172	  WERROR="" ]
173)
174CFLAGS="$saved_CFLAGS"
175
176if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
177	AC_MSG_CHECKING([gcc version])
178	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
179	case "$GCC_VER" in
180		1.*) no_attrib_nonnull=1 ;;
181		2.8* | 2.9*)
182		     no_attrib_nonnull=1
183		     ;;
184		2.*) no_attrib_nonnull=1 ;;
185		*) ;;
186	esac
187	AC_MSG_RESULT([$GCC_VER])
188
189	AC_MSG_CHECKING([clang version])
190	ver="`$CC -v 2>&1`"
191	if echo "$ver" | grep "Apple" >/dev/null; then
192		CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \
193		    $SED 's/.*clang version //g' | $AWK '{print $1}'`
194	else
195		CLANG_VER=`echo "$ver" | grep 'clang version' | \
196		    $SED 's/.*clang version //g' | $AWK '{print $1}'`
197	fi
198	AC_MSG_RESULT([$CLANG_VER])
199
200	OSSH_CHECK_CFLAG_COMPILE([-pipe])
201	OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
202	OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
203	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
204	OSSH_CHECK_CFLAG_COMPILE([-Wall])
205	OSSH_CHECK_CFLAG_COMPILE([-Wextra])
206	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
207	OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
208	OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
209	OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
210	OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
211	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
212	OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
213	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
214	OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
215	OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
216	OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
217	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
218    if test "x$use_toolchain_hardening" = "x1"; then
219	OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
220	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
221	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
222	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
223	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
224	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
225	# NB. -ftrapv expects certain support functions to be present in
226	# the compiler library (libgcc or similar) to detect integer operations
227	# that can overflow. We must check that the result of enabling it
228	# actually links. The test program compiled/linked includes a number
229	# of integer operations that should exercise this.
230	OSSH_CHECK_CFLAG_LINK([-ftrapv])
231	# clang 15 seems to have a bug in -fzero-call-used-regs=all.  See
232	# https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and
233	# https://github.com/llvm/llvm-project/issues/59242
234	# clang 17 has a different bug that causes an ICE when using this
235	# flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629)
236	case "$CLANG_VER" in
237	apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
238	17*)	;;
239	*)	OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;;
240	esac
241	OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
242    fi
243
244	AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
245	saved_CFLAGS="$CFLAGS"
246	CFLAGS="$CFLAGS -fno-builtin-memset"
247	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
248			[[ char b[10]; memset(b, 0, sizeof(b)); ]])],
249		[ AC_MSG_RESULT([yes]) ],
250		[ AC_MSG_RESULT([no])
251		  CFLAGS="$saved_CFLAGS" ]
252	)
253
254	# -fstack-protector-all doesn't always work for some GCC versions
255	# and/or platforms, so we test if we can.  If it's not supported
256	# on a given platform gcc will emit a warning so we use -Werror.
257	if test "x$use_stack_protector" = "x1"; then
258	    for t in -fstack-protector-strong -fstack-protector-all \
259		    -fstack-protector; do
260		AC_MSG_CHECKING([if $CC supports $t])
261		saved_CFLAGS="$CFLAGS"
262		saved_LDFLAGS="$LDFLAGS"
263		CFLAGS="$CFLAGS $t -Werror"
264		LDFLAGS="$LDFLAGS $t -Werror"
265		AC_LINK_IFELSE(
266			[AC_LANG_PROGRAM([[
267	#include <stdio.h>
268	int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
269			 ]],
270			[[
271	char x[256];
272	snprintf(x, sizeof(x), "XXX%d", func(1));
273			 ]])],
274		    [ AC_MSG_RESULT([yes])
275		      CFLAGS="$saved_CFLAGS $t"
276		      LDFLAGS="$saved_LDFLAGS $t"
277		      AC_MSG_CHECKING([if $t works])
278		      AC_RUN_IFELSE(
279			[AC_LANG_PROGRAM([[
280	#include <stdio.h>
281	int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
282			]],
283			[[
284	char x[256];
285	snprintf(x, sizeof(x), "XXX%d", func(1));
286			]])],
287			[ AC_MSG_RESULT([yes])
288			  break ],
289			[ AC_MSG_RESULT([no]) ],
290			[ AC_MSG_WARN([cross compiling: cannot test])
291			  break ]
292		      )
293		    ],
294		    [ AC_MSG_RESULT([no]) ]
295		)
296		CFLAGS="$saved_CFLAGS"
297		LDFLAGS="$saved_LDFLAGS"
298	    done
299	fi
300
301	if test -z "$have_llong_max"; then
302		# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
303		unset ac_cv_have_decl_LLONG_MAX
304		saved_CFLAGS="$CFLAGS"
305		CFLAGS="$CFLAGS -std=gnu99"
306		AC_CHECK_DECL([LLONG_MAX],
307		    [have_llong_max=1],
308		    [CFLAGS="$saved_CFLAGS"],
309		    [#include <limits.h>]
310		)
311	fi
312fi
313
314AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
315AC_COMPILE_IFELSE(
316    [AC_LANG_PROGRAM([[
317#include <stdlib.h>
318__attribute__((__unused__)) static void foo(void){return;}]],
319    [[ exit(0); ]])],
320    [ AC_MSG_RESULT([yes]) ],
321    [ AC_MSG_RESULT([no])
322      AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
323	 [compiler does not accept __attribute__ on return types]) ]
324)
325
326AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
327AC_COMPILE_IFELSE(
328    [AC_LANG_PROGRAM([[
329#include <stdlib.h>
330typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
331    [[ exit(0); ]])],
332    [ AC_MSG_RESULT([yes]) ],
333    [ AC_MSG_RESULT([no])
334      AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
335	 [compiler does not accept __attribute__ on prototype args]) ]
336)
337
338AC_MSG_CHECKING([if compiler supports variable length arrays])
339AC_COMPILE_IFELSE(
340    [AC_LANG_PROGRAM([[#include <stdlib.h>]],
341    [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
342    [ AC_MSG_RESULT([yes])
343      AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
344	 [compiler supports variable length arrays]) ],
345    [ AC_MSG_RESULT([no]) ]
346)
347
348AC_MSG_CHECKING([if compiler accepts variable declarations after code])
349AC_COMPILE_IFELSE(
350    [AC_LANG_PROGRAM([[#include <stdlib.h>]],
351    [[ int a; a = 1; int b = 1; exit(a-b); ]])],
352    [ AC_MSG_RESULT([yes])
353      AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
354	 [compiler variable declarations after code]) ],
355    [ AC_MSG_RESULT([no]) ]
356)
357
358if test "x$no_attrib_nonnull" != "x1" ; then
359	AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
360fi
361
362AC_ARG_WITH([rpath],
363	[  --without-rpath         Disable auto-added -R linker paths],
364	[
365		if test "x$withval" = "xno" ; then
366			rpath_opt=""
367		elif test "x$withval" = "xyes" ; then
368			rpath_opt="-R"
369		else
370			rpath_opt="$withval"
371		fi
372	]
373)
374
375# Allow user to specify flags
376AC_ARG_WITH([cflags],
377	[  --with-cflags           Specify additional flags to pass to compiler],
378	[
379		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
380		    test "x${withval}" != "xyes"; then
381			CFLAGS="$CFLAGS $withval"
382		fi
383	]
384)
385
386AC_ARG_WITH([cflags-after],
387	[  --with-cflags-after     Specify additional flags to pass to compiler after configure],
388	[
389		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
390		    test "x${withval}" != "xyes"; then
391			CFLAGS_AFTER="$withval"
392		fi
393	]
394)
395AC_ARG_WITH([cppflags],
396	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
397	[
398		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
399		    test "x${withval}" != "xyes"; then
400			CPPFLAGS="$CPPFLAGS $withval"
401		fi
402	]
403)
404AC_ARG_WITH([ldflags],
405	[  --with-ldflags          Specify additional flags to pass to linker],
406	[
407		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
408		    test "x${withval}" != "xyes"; then
409			LDFLAGS="$LDFLAGS $withval"
410		fi
411	]
412)
413AC_ARG_WITH([ldflags-after],
414	[  --with-ldflags-after    Specify additional flags to pass to linker after configure],
415	[
416		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
417		    test "x${withval}" != "xyes"; then
418			LDFLAGS_AFTER="$withval"
419		fi
420	]
421)
422AC_ARG_WITH([libs],
423	[  --with-libs             Specify additional libraries to link with],
424	[
425		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
426		    test "x${withval}" != "xyes"; then
427			LIBS="$LIBS $withval"
428		fi
429	]
430)
431AC_ARG_WITH([Werror],
432	[  --with-Werror           Build main code with -Werror],
433	[
434		if test -n "$withval"  &&  test "x$withval" != "xno"; then
435			werror_flags="-Werror"
436			if test "x${withval}" != "xyes"; then
437				werror_flags="$withval"
438			fi
439		fi
440	]
441)
442
443dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
444dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order.  If we
445dnl haven't detected it, recheck.
446if test "x$ac_cv_header_sys_stat_h" != "xyes"; then
447	unset ac_cv_header_sys_stat_h
448	AC_CHECK_HEADERS([sys/stat.h])
449fi
450
451AC_CHECK_HEADERS([ \
452	blf.h \
453	bstring.h \
454	crypt.h \
455	crypto/sha2.h \
456	dirent.h \
457	endian.h \
458	elf.h \
459	err.h \
460	features.h \
461	fcntl.h \
462	floatingpoint.h \
463	fnmatch.h \
464	getopt.h \
465	glob.h \
466	ia.h \
467	iaf.h \
468	ifaddrs.h \
469	inttypes.h \
470	langinfo.h \
471	limits.h \
472	locale.h \
473	login.h \
474	maillock.h \
475	ndir.h \
476	net/if_tun.h \
477	netdb.h \
478	netgroup.h \
479	pam/pam_appl.h \
480	paths.h \
481	poll.h \
482	pty.h \
483	readpassphrase.h \
484	rpc/types.h \
485	security/pam_appl.h \
486	sha2.h \
487	shadow.h \
488	stddef.h \
489	stdint.h \
490	string.h \
491	strings.h \
492	sys/bitypes.h \
493	sys/byteorder.h \
494	sys/bsdtty.h \
495	sys/cdefs.h \
496	sys/dir.h \
497	sys/file.h \
498	sys/mman.h \
499	sys/label.h \
500	sys/ndir.h \
501	sys/param.h \
502	sys/poll.h \
503	sys/prctl.h \
504	sys/procctl.h \
505	sys/pstat.h \
506	sys/ptrace.h \
507	sys/random.h \
508	sys/select.h \
509	sys/stream.h \
510	sys/stropts.h \
511	sys/strtio.h \
512	sys/statvfs.h \
513	sys/sysmacros.h \
514	sys/time.h \
515	sys/timers.h \
516	sys/vfs.h \
517	time.h \
518	tmpdir.h \
519	ttyent.h \
520	ucred.h \
521	unistd.h \
522	usersec.h \
523	util.h \
524	utime.h \
525	utmp.h \
526	utmpx.h \
527	vis.h \
528	wchar.h \
529])
530
531# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
532# to be included first.
533AC_CHECK_HEADERS([sys/audit.h], [], [], [
534#ifdef HAVE_SYS_TIME_H
535# include <sys/time.h>
536#endif
537#ifdef HAVE_SYS_TYPES_H
538# include <sys/types.h>
539#endif
540#ifdef HAVE_SYS_LABEL_H
541# include <sys/label.h>
542#endif
543])
544
545# sys/capsicum.h requires sys/types.h
546AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [
547#ifdef HAVE_SYS_TYPES_H
548# include <sys/types.h>
549#endif
550])
551
552AC_MSG_CHECKING([for caph_cache_tzdata])
553AC_LINK_IFELSE(
554    [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]],
555	[[caph_cache_tzdata();]])],
556    [
557	AC_MSG_RESULT([yes])
558	AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1],
559	    [Define if you have caph_cache_tzdata])
560    ],
561    [ AC_MSG_RESULT([no]) ]
562)
563
564# net/route.h requires sys/socket.h and sys/types.h.
565# sys/sysctl.h also requires sys/param.h
566AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
567#ifdef HAVE_SYS_TYPES_H
568# include <sys/types.h>
569#endif
570#include <sys/param.h>
571#include <sys/socket.h>
572])
573
574# lastlog.h requires sys/time.h to be included first on Solaris
575AC_CHECK_HEADERS([lastlog.h], [], [], [
576#ifdef HAVE_SYS_TIME_H
577# include <sys/time.h>
578#endif
579])
580
581# sys/ptms.h requires sys/stream.h to be included first on Solaris
582AC_CHECK_HEADERS([sys/ptms.h], [], [], [
583#ifdef HAVE_SYS_STREAM_H
584# include <sys/stream.h>
585#endif
586])
587
588# login_cap.h requires sys/types.h on NetBSD
589AC_CHECK_HEADERS([login_cap.h], [], [], [
590#include <sys/types.h>
591])
592
593# older BSDs need sys/param.h before sys/mount.h
594AC_CHECK_HEADERS([sys/mount.h], [], [], [
595#include <sys/param.h>
596])
597
598# Android requires sys/socket.h to be included before sys/un.h
599AC_CHECK_HEADERS([sys/un.h], [], [], [
600#include <sys/types.h>
601#include <sys/socket.h>
602])
603
604# Messages for features tested for in target-specific section
605SIA_MSG="no"
606SPC_MSG="no"
607SP_MSG="no"
608SPP_MSG="no"
609
610# Support for Solaris/Illumos privileges (this test is used by both
611# the --with-solaris-privs option and --with-sandbox=solaris).
612SOLARIS_PRIVS="no"
613
614# Check for some target-specific stuff
615case "$host" in
616*-*-aix*)
617	# Some versions of VAC won't allow macro redefinitions at
618	# -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
619	# particularly with older versions of vac or xlc.
620	# It also throws errors about null macro arguments, but these are
621	# not fatal.
622	AC_MSG_CHECKING([if compiler allows macro redefinitions])
623	AC_COMPILE_IFELSE(
624	    [AC_LANG_PROGRAM([[
625#define testmacro foo
626#define testmacro bar]],
627	    [[ exit(0); ]])],
628	    [ AC_MSG_RESULT([yes]) ],
629	    [ AC_MSG_RESULT([no])
630	      CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
631	      CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
632	      CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
633	    ]
634	)
635
636	AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
637	if (test -z "$blibpath"); then
638		blibpath="/usr/lib:/lib"
639	fi
640	saved_LDFLAGS="$LDFLAGS"
641	if test "$GCC" = "yes"; then
642		flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
643	else
644		flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
645	fi
646	for tryflags in $flags ;do
647		if (test -z "$blibflags"); then
648			LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
649			AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
650			[blibflags=$tryflags], [])
651		fi
652	done
653	if (test -z "$blibflags"); then
654		AC_MSG_RESULT([not found])
655		AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
656	else
657		AC_MSG_RESULT([$blibflags])
658	fi
659	LDFLAGS="$saved_LDFLAGS"
660	dnl Check for authenticate.  Might be in libs.a on older AIXes
661	AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
662		[Define if you want to enable AIX4's authenticate function])],
663		[AC_CHECK_LIB([s], [authenticate],
664			[ AC_DEFINE([WITH_AIXAUTHENTICATE])
665				LIBS="$LIBS -ls"
666			])
667		])
668	dnl Check for various auth function declarations in headers.
669	AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
670	    passwdexpired, setauthdb], , , [#include <usersec.h>])
671	dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
672	AC_CHECK_DECLS([loginfailed],
673	    [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
674	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
675		[[ (void)loginfailed("user","host","tty",0); ]])],
676		[AC_MSG_RESULT([yes])
677		AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
678			[Define if your AIX loginfailed() function
679			takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
680	    ])],
681	    [],
682	    [#include <usersec.h>]
683	)
684	AC_CHECK_FUNCS([getgrset setauthdb])
685	AC_CHECK_DECL([F_CLOSEM],
686	    AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
687	    [],
688	    [ #include <limits.h>
689	      #include <fcntl.h> ]
690	)
691	check_for_aix_broken_getaddrinfo=1
692	AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
693	    [Define if your platform breaks doing a seteuid before a setuid])
694	AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
695	AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
696	dnl AIX handles lastlog as part of its login message
697	AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
698	AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
699		[Some systems need a utmpx entry for /bin/login to work])
700	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
701		[Define to a Set Process Title type if your system is
702		supported by bsd-setproctitle.c])
703	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
704	    [AIX 5.2 and 5.3 (and presumably newer) require this])
705	AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
706	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
707	AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
708	AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
709	;;
710*-*-android*)
711	AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
712	AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
713	;;
714*-*-cygwin*)
715	LIBS="$LIBS /usr/lib/textreadmode.o"
716	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
717	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
718	AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
719		[Define to disable UID restoration test])
720	AC_DEFINE([DISABLE_SHADOW], [1],
721		[Define if you want to disable shadow passwords])
722	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
723		[Define if X11 doesn't support AF_UNIX sockets on that system])
724	AC_DEFINE([DISABLE_FD_PASSING], [1],
725		[Define if your platform needs to skip post auth
726		file descriptor passing])
727	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
728	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
729	# Cygwin defines optargs, optargs as declspec(dllimport) for historical
730	# reasons which cause compile warnings, so we disable those warnings.
731	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
732	;;
733*-*-dgux*)
734	AC_DEFINE([IP_TOS_IS_BROKEN], [1],
735		[Define if your system choked on IP TOS setting])
736	AC_DEFINE([SETEUID_BREAKS_SETUID])
737	AC_DEFINE([BROKEN_SETREUID])
738	AC_DEFINE([BROKEN_SETREGID])
739	;;
740*-*-darwin*)
741	use_pie=auto
742	AC_MSG_CHECKING([if we have working getaddrinfo])
743	AC_RUN_IFELSE([AC_LANG_SOURCE([[
744#include <mach-o/dyld.h>
745#include <stdlib.h>
746int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
747		exit(0);
748	else
749		exit(1);
750}
751			]])],
752	[AC_MSG_RESULT([working])],
753	[AC_MSG_RESULT([buggy])
754	AC_DEFINE([BROKEN_GETADDRINFO], [1],
755		[getaddrinfo is broken (if present)])
756	],
757	[AC_MSG_RESULT([assume it is working])])
758	AC_DEFINE([SETEUID_BREAKS_SETUID])
759	AC_DEFINE([BROKEN_SETREUID])
760	AC_DEFINE([BROKEN_SETREGID])
761	AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
762	AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
763		[Define if your resolver libs need this for getrrsetbyname])
764	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
765	AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
766	    [Use tunnel device compatibility to OpenBSD])
767	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
768	    [Prepend the address family to IP tunnel traffic])
769	m4_pattern_allow([AU_IPv])
770	AC_CHECK_DECL([AU_IPv4], [],
771	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
772	    [#include <bsm/audit.h>]
773	AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
774	    [Define if pututxline updates lastlog too])
775	)
776	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
777		[Define to a Set Process Title type if your system is
778		supported by bsd-setproctitle.c])
779	AC_CHECK_FUNCS([sandbox_init])
780	AC_CHECK_HEADERS([sandbox.h])
781	AC_CHECK_LIB([sandbox], [sandbox_apply], [
782	    SSHDLIBS="$SSHDLIBS -lsandbox"
783	])
784	# proc_pidinfo()-based closefrom() replacement.
785	AC_CHECK_HEADERS([libproc.h])
786	AC_CHECK_FUNCS([proc_pidinfo])
787	# poll(2) is broken for character-special devices (at least).
788	# cf. Apple bug 3710161 (not public, but searchable)
789	AC_DEFINE([BROKEN_POLL], [1],
790	    [System poll(2) implementation is broken])
791	;;
792*-*-dragonfly*)
793	SSHDLIBS="$SSHDLIBS"
794	TEST_MALLOC_OPTIONS="AFGJPRX"
795	;;
796*-*-haiku*)
797	LIBS="$LIBS -lbsd "
798	CFLAGS="$CFLAGS -D_BSD_SOURCE"
799	AC_CHECK_LIB([network], [socket])
800	AC_DEFINE([HAVE_U_INT64_T])
801	AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
802	MANTYPE=man
803	;;
804*-*-hpux*)
805	# first we define all of the options common to all HP-UX releases
806	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
807	IPADDR_IN_DISPLAY=yes
808	AC_DEFINE([USE_PIPES])
809	AC_DEFINE([LOGIN_NEEDS_UTMPX])
810	AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
811		[String used in /etc/passwd to denote locked account])
812	AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
813	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
814	maildir="/var/mail"
815	LIBS="$LIBS -lsec"
816	AC_CHECK_LIB([xnet], [t_error], ,
817	    [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
818
819	# next, we define all of the options specific to major releases
820	case "$host" in
821	*-*-hpux10*)
822		if test -z "$GCC"; then
823			CFLAGS="$CFLAGS -Ae"
824		fi
825		AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect])
826		;;
827	*-*-hpux11*)
828		AC_DEFINE([PAM_SUN_CODEBASE], [1],
829			[Define if you are using Solaris-derived PAM which
830			passes pam_messages to the conversation function
831			with an extra level of indirection])
832		AC_DEFINE([DISABLE_UTMP], [1],
833			[Define if you don't want to use utmp])
834		AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
835		check_for_hpux_broken_getaddrinfo=1
836		check_for_conflicting_getspnam=1
837		;;
838	esac
839
840	# lastly, we define options specific to minor releases
841	case "$host" in
842	*-*-hpux10.26)
843		AC_DEFINE([HAVE_SECUREWARE], [1],
844			[Define if you have SecureWare-based
845			protected password database])
846		disable_ptmx_check=yes
847		LIBS="$LIBS -lsecpw"
848		;;
849	esac
850	;;
851*-*-irix5*)
852	PATH="$PATH:/usr/etc"
853	AC_DEFINE([BROKEN_INET_NTOA], [1],
854		[Define if you system's inet_ntoa is busted
855		(e.g. Irix gcc issue)])
856	AC_DEFINE([SETEUID_BREAKS_SETUID])
857	AC_DEFINE([BROKEN_SETREUID])
858	AC_DEFINE([BROKEN_SETREGID])
859	AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
860		[Define if you shouldn't strip 'tty' from your
861		ttyname in [uw]tmp])
862	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
863	;;
864*-*-irix6*)
865	PATH="$PATH:/usr/etc"
866	AC_DEFINE([WITH_IRIX_ARRAY], [1],
867		[Define if you have/want arrays
868		(cluster-wide session management, not C arrays)])
869	AC_DEFINE([WITH_IRIX_PROJECT], [1],
870		[Define if you want IRIX project management])
871	AC_DEFINE([WITH_IRIX_AUDIT], [1],
872		[Define if you want IRIX audit trails])
873	AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
874		[Define if you want IRIX kernel jobs])])
875	AC_DEFINE([BROKEN_INET_NTOA])
876	AC_DEFINE([SETEUID_BREAKS_SETUID])
877	AC_DEFINE([BROKEN_SETREUID])
878	AC_DEFINE([BROKEN_SETREGID])
879	AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
880	AC_DEFINE([WITH_ABBREV_NO_TTY])
881	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
882	;;
883*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
884	AC_DEFINE([PAM_TTY_KLUDGE])
885	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
886	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
887	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
888	AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
889	;;
890*-*-linux*)
891	no_dev_ptmx=1
892	use_pie=auto
893	check_for_openpty_ctty_bug=1
894	dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
895	dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
896	dnl _GNU_SOURCE is needed for setres*id prototypes.
897	CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
898	AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
899	AC_DEFINE([PAM_TTY_KLUDGE], [1],
900		[Work around problematic Linux PAM modules handling of PAM_TTY])
901	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
902		[String used in /etc/passwd to denote locked account])
903	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
904	AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
905		[Define to whatever link() returns for "not supported"
906		if it doesn't return EOPNOTSUPP.])
907	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
908	AC_DEFINE([USE_BTMP])
909	AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
910	inet6_default_4in6=yes
911	case `uname -r` in
912	1.*|2.0.*)
913		AC_DEFINE([BROKEN_CMSG_TYPE], [1],
914			[Define if cmsg_type is not passed correctly])
915		;;
916	esac
917	# tun(4) forwarding compat code
918	AC_CHECK_HEADERS([linux/if_tun.h])
919	if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
920		AC_DEFINE([SSH_TUN_LINUX], [1],
921		    [Open tunnel devices the Linux tun/tap way])
922		AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
923		    [Use tunnel device compatibility to OpenBSD])
924		AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
925		    [Prepend the address family to IP tunnel traffic])
926	fi
927	AC_CHECK_HEADER([linux/if.h],
928	    AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
929		[Support routing domains using Linux VRF]), [], [
930#ifdef HAVE_SYS_TYPES_H
931# include <sys/types.h>
932#endif
933	    ])
934	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
935	    [], [#include <linux/types.h>])
936	# Obtain MIPS ABI
937	case "$host" in
938	mips*)
939		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
940#if _MIPS_SIM != _ABIO32
941#error
942#endif
943			]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
944#if _MIPS_SIM != _ABIN32
945#error
946#endif
947				]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
948#if _MIPS_SIM != _ABI64
949#error
950#endif
951					]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
952				])
953			])
954		])
955		;;
956	esac
957	AC_MSG_CHECKING([for seccomp architecture])
958	seccomp_audit_arch=
959	case "$host" in
960	x86_64-*)
961		seccomp_audit_arch=AUDIT_ARCH_X86_64
962		;;
963	i*86-*)
964		seccomp_audit_arch=AUDIT_ARCH_I386
965		;;
966	arm*-*)
967		seccomp_audit_arch=AUDIT_ARCH_ARM
968		;;
969	aarch64*-*)
970		seccomp_audit_arch=AUDIT_ARCH_AARCH64
971		;;
972	s390x-*)
973		seccomp_audit_arch=AUDIT_ARCH_S390X
974		;;
975	s390-*)
976		seccomp_audit_arch=AUDIT_ARCH_S390
977		;;
978	powerpc-*)
979		seccomp_audit_arch=AUDIT_ARCH_PPC
980		;;
981	powerpc64-*)
982		seccomp_audit_arch=AUDIT_ARCH_PPC64
983		;;
984	powerpc64le-*)
985		seccomp_audit_arch=AUDIT_ARCH_PPC64LE
986		;;
987	mips-*)
988		seccomp_audit_arch=AUDIT_ARCH_MIPS
989		;;
990	mipsel-*)
991		seccomp_audit_arch=AUDIT_ARCH_MIPSEL
992		;;
993	mips64-*)
994		case "$mips_abi" in
995		"n32")
996			seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
997			;;
998		"n64")
999			seccomp_audit_arch=AUDIT_ARCH_MIPS64
1000			;;
1001		esac
1002		;;
1003	mips64el-*)
1004		case "$mips_abi" in
1005		"n32")
1006			seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
1007			;;
1008		"n64")
1009			seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
1010			;;
1011		esac
1012		;;
1013	riscv64-*)
1014		seccomp_audit_arch=AUDIT_ARCH_RISCV64
1015		;;
1016	esac
1017	if test "x$seccomp_audit_arch" != "x" ; then
1018		AC_MSG_RESULT(["$seccomp_audit_arch"])
1019		AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
1020		    [Specify the system call convention in use])
1021	else
1022		AC_MSG_RESULT([architecture not supported])
1023	fi
1024	;;
1025*-*-minix)
1026	AC_DEFINE([SETEUID_BREAKS_SETUID])
1027	# poll(2) seems to choke on /dev/null; "Bad file descriptor"
1028	AC_DEFINE([BROKEN_POLL], [1],
1029	    [System poll(2) implementation is broken])
1030	;;
1031mips-sony-bsd|mips-sony-newsos4)
1032	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
1033	SONY=1
1034	;;
1035*-*-netbsd*)
1036	if test "x$withval" != "xno" ; then
1037		rpath_opt="-R"
1038	fi
1039	CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1040	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1041	AC_CHECK_HEADER([net/if_tap.h], ,
1042	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1043	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
1044	    [Prepend the address family to IP tunnel traffic])
1045	TEST_MALLOC_OPTIONS="AJRX"
1046	AC_DEFINE([BROKEN_READ_COMPARISON], [1],
1047	    [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
1048	;;
1049*-*-freebsd*)
1050	SKIP_DISABLE_LASTLOG_DEFINE=yes
1051	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
1052	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1053	AC_CHECK_HEADER([net/if_tap.h], ,
1054	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1055	AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
1056	TEST_MALLOC_OPTIONS="AJRX"
1057	# Preauth crypto occasionally uses file descriptors for crypto offload
1058	# and will crash if they cannot be opened.
1059	AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
1060	    [define if setrlimit RLIMIT_NOFILE breaks things])
1061	case "$host" in
1062	*-*-freebsd9.*|*-*-freebsd10.*)
1063		# Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1064		disable_capsicum=yes
1065	esac
1066	;;
1067*-*-bsdi*)
1068	AC_DEFINE([SETEUID_BREAKS_SETUID])
1069	AC_DEFINE([BROKEN_SETREUID])
1070	AC_DEFINE([BROKEN_SETREGID])
1071	;;
1072*-next-*)
1073	conf_lastlog_location="/usr/adm/lastlog"
1074	conf_utmp_location=/etc/utmp
1075	conf_wtmp_location=/usr/adm/wtmp
1076	maildir=/usr/spool/mail
1077	AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
1078	AC_DEFINE([USE_PIPES])
1079	AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
1080	;;
1081*-*-openbsd*)
1082	use_pie=auto
1083	AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
1084	AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
1085	AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
1086	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
1087	    [syslog_r function is safe to use in in a signal handler])
1088	TEST_MALLOC_OPTIONS="AFGJPRX"
1089	;;
1090*-*-solaris*)
1091	if test "x$withval" != "xno" ; then
1092		rpath_opt="-R"
1093	fi
1094	AC_DEFINE([PAM_SUN_CODEBASE])
1095	AC_DEFINE([LOGIN_NEEDS_UTMPX])
1096	AC_DEFINE([PAM_TTY_KLUDGE])
1097	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
1098		[Define if pam_chauthtok wants real uid set
1099		to the unpriv'ed user])
1100	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1101	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
1102	AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
1103		[Define if sshd somehow reacquires a controlling TTY
1104		after setsid()])
1105	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
1106		in case the name is longer than 8 chars])
1107	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
1108	external_path_file=/etc/default/login
1109	# hardwire lastlog location (can't detect it on some versions)
1110	conf_lastlog_location="/var/adm/lastlog"
1111	AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
1112	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1113	if test "$sol2ver" -ge 8; then
1114		AC_MSG_RESULT([yes])
1115		AC_DEFINE([DISABLE_UTMP])
1116		AC_DEFINE([DISABLE_WTMP], [1],
1117			[Define if you don't want to use wtmp])
1118	else
1119		AC_MSG_RESULT([no])
1120	fi
1121	AC_CHECK_FUNCS([setpflags])
1122	AC_CHECK_FUNCS([setppriv])
1123	AC_CHECK_FUNCS([priv_basicset])
1124	AC_CHECK_HEADERS([priv.h])
1125	AC_ARG_WITH([solaris-contracts],
1126		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
1127		[
1128		AC_CHECK_LIB([contract], [ct_tmpl_activate],
1129			[ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1130				[Define if you have Solaris process contracts])
1131			  LIBS="$LIBS -lcontract"
1132			  SPC_MSG="yes" ], )
1133		],
1134	)
1135	AC_ARG_WITH([solaris-projects],
1136		[  --with-solaris-projects Enable Solaris projects (experimental)],
1137		[
1138		AC_CHECK_LIB([project], [setproject],
1139			[ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1140				[Define if you have Solaris projects])
1141			LIBS="$LIBS -lproject"
1142			SP_MSG="yes" ], )
1143		],
1144	)
1145	AC_ARG_WITH([solaris-privs],
1146		[  --with-solaris-privs    Enable Solaris/Illumos privileges (experimental)],
1147		[
1148		AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1149		if test "x$ac_cv_func_setppriv" = "xyes" -a \
1150			"x$ac_cv_header_priv_h" = "xyes" ; then
1151			SOLARIS_PRIVS=yes
1152			AC_MSG_RESULT([found])
1153			AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1154				[Define to disable UID restoration test])
1155			AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1156				[Define if you have Solaris privileges])
1157			SPP_MSG="yes"
1158		else
1159			AC_MSG_RESULT([not found])
1160			AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1161		fi
1162		],
1163	)
1164	TEST_SHELL=$SHELL	# let configure find us a capable shell
1165	;;
1166*-*-sunos4*)
1167	CPPFLAGS="$CPPFLAGS -DSUNOS4"
1168	AC_CHECK_FUNCS([getpwanam])
1169	AC_DEFINE([PAM_SUN_CODEBASE])
1170	conf_utmp_location=/etc/utmp
1171	conf_wtmp_location=/var/adm/wtmp
1172	conf_lastlog_location=/var/adm/lastlog
1173	AC_DEFINE([USE_PIPES])
1174	AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1175	;;
1176*-ncr-sysv*)
1177	LIBS="$LIBS -lc89"
1178	AC_DEFINE([USE_PIPES])
1179	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1180	AC_DEFINE([SETEUID_BREAKS_SETUID])
1181	AC_DEFINE([BROKEN_SETREUID])
1182	AC_DEFINE([BROKEN_SETREGID])
1183	;;
1184*-sni-sysv*)
1185	# /usr/ucblib MUST NOT be searched on ReliantUNIX
1186	AC_CHECK_LIB([dl], [dlsym], ,)
1187	# -lresolv needs to be at the end of LIBS or DNS lookups break
1188	AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1189	IPADDR_IN_DISPLAY=yes
1190	AC_DEFINE([USE_PIPES])
1191	AC_DEFINE([IP_TOS_IS_BROKEN])
1192	AC_DEFINE([SETEUID_BREAKS_SETUID])
1193	AC_DEFINE([BROKEN_SETREUID])
1194	AC_DEFINE([BROKEN_SETREGID])
1195	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1196	external_path_file=/etc/default/login
1197	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1198	# Attention: always take care to bind libsocket and libnsl before libc,
1199	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1200	;;
1201# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1202*-*-sysv4.2*)
1203	AC_DEFINE([USE_PIPES])
1204	AC_DEFINE([SETEUID_BREAKS_SETUID])
1205	AC_DEFINE([BROKEN_SETREUID])
1206	AC_DEFINE([BROKEN_SETREGID])
1207	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1208	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1209	TEST_SHELL=$SHELL	# let configure find us a capable shell
1210	;;
1211# UnixWare 7.x, OpenUNIX 8
1212*-*-sysv5*)
1213	CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1214	AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1215	AC_DEFINE([USE_PIPES])
1216	AC_DEFINE([SETEUID_BREAKS_SETUID])
1217	AC_DEFINE([BROKEN_GETADDRINFO])
1218	AC_DEFINE([BROKEN_SETREUID])
1219	AC_DEFINE([BROKEN_SETREGID])
1220	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1221	AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1222	TEST_SHELL=$SHELL	# let configure find us a capable shell
1223	case "$host" in
1224	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
1225		maildir=/var/spool/mail
1226		AC_DEFINE([BROKEN_UPDWTMPX])
1227		AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1228			AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1229			], , )
1230		;;
1231	*)	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1232		;;
1233	esac
1234	;;
1235*-*-sysv*)
1236	;;
1237# SCO UNIX and OEM versions of SCO UNIX
1238*-*-sco3.2v4*)
1239	AC_MSG_ERROR("This Platform is no longer supported.")
1240	;;
1241# SCO OpenServer 5.x
1242*-*-sco3.2v5*)
1243	if test -z "$GCC"; then
1244		CFLAGS="$CFLAGS -belf"
1245	fi
1246	LIBS="$LIBS -lprot -lx -ltinfo -lm"
1247	no_dev_ptmx=1
1248	AC_DEFINE([USE_PIPES])
1249	AC_DEFINE([HAVE_SECUREWARE])
1250	AC_DEFINE([DISABLE_SHADOW])
1251	AC_DEFINE([DISABLE_FD_PASSING])
1252	AC_DEFINE([SETEUID_BREAKS_SETUID])
1253	AC_DEFINE([BROKEN_GETADDRINFO])
1254	AC_DEFINE([BROKEN_SETREUID])
1255	AC_DEFINE([BROKEN_SETREGID])
1256	AC_DEFINE([WITH_ABBREV_NO_TTY])
1257	AC_DEFINE([BROKEN_UPDWTMPX])
1258	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1259	AC_CHECK_FUNCS([getluid setluid])
1260	MANTYPE=man
1261	TEST_SHELL=$SHELL	# let configure find us a capable shell
1262	SKIP_DISABLE_LASTLOG_DEFINE=yes
1263	;;
1264*-dec-osf*)
1265	AC_MSG_CHECKING([for Digital Unix SIA])
1266	no_osfsia=""
1267	AC_ARG_WITH([osfsia],
1268		[  --with-osfsia           Enable Digital Unix SIA],
1269		[
1270			if test "x$withval" = "xno" ; then
1271				AC_MSG_RESULT([disabled])
1272				no_osfsia=1
1273			fi
1274		],
1275	)
1276	if test -z "$no_osfsia" ; then
1277		if test -f /etc/sia/matrix.conf; then
1278			AC_MSG_RESULT([yes])
1279			AC_DEFINE([HAVE_OSF_SIA], [1],
1280				[Define if you have Digital Unix Security
1281				Integration Architecture])
1282			AC_DEFINE([DISABLE_LOGIN], [1],
1283				[Define if you don't want to use your
1284				system's login() call])
1285			AC_DEFINE([DISABLE_FD_PASSING])
1286			LIBS="$LIBS -lsecurity -ldb -lm -laud"
1287			SIA_MSG="yes"
1288		else
1289			AC_MSG_RESULT([no])
1290			AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1291			  [String used in /etc/passwd to denote locked account])
1292		fi
1293	fi
1294	AC_DEFINE([BROKEN_GETADDRINFO])
1295	AC_DEFINE([SETEUID_BREAKS_SETUID])
1296	AC_DEFINE([BROKEN_SETREUID])
1297	AC_DEFINE([BROKEN_SETREGID])
1298	AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1299	;;
1300
1301*-*-nto-qnx*)
1302	AC_DEFINE([USE_PIPES])
1303	AC_DEFINE([NO_X11_UNIX_SOCKETS])
1304	AC_DEFINE([DISABLE_LASTLOG])
1305	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1306	AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1307	enable_etc_default_login=no	# has incompatible /etc/default/login
1308	case "$host" in
1309	*-*-nto-qnx6*)
1310		AC_DEFINE([DISABLE_FD_PASSING])
1311		;;
1312	esac
1313	;;
1314
1315*-*-ultrix*)
1316	AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1317	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1318	AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1319	AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1320	# DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1321	# don't get a controlling tty.
1322	AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1323	# On Ultrix some headers are not protected against multiple includes,
1324	# so we create wrappers and put it where the compiler will find it.
1325	AC_MSG_WARN([creating compat wrappers for headers])
1326	mkdir -p netinet
1327	for header in netinet/ip.h netdb.h resolv.h; do
1328		name=`echo $header | tr 'a-z/.' 'A-Z__'`
1329		cat >$header <<EOD
1330#ifndef _SSH_COMPAT_${name}
1331#define _SSH_COMPAT_${name}
1332#include "/usr/include/${header}"
1333#endif
1334EOD
1335	done
1336	;;
1337
1338*-*-lynxos)
1339	CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1340	AC_DEFINE([BROKEN_SETVBUF], [1],
1341	    [LynxOS has broken setvbuf() implementation])
1342	;;
1343esac
1344
1345AC_MSG_CHECKING([compiler and flags for sanity])
1346AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
1347	[	AC_MSG_RESULT([yes]) ],
1348	[
1349		AC_MSG_RESULT([no])
1350		AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1351	],
1352	[	AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1353)
1354
1355dnl Checks for header files.
1356# Checks for libraries.
1357AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1358
1359dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1360AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1361	AC_CHECK_LIB([gen], [dirname], [
1362		AC_CACHE_CHECK([for broken dirname],
1363			ac_cv_have_broken_dirname, [
1364			save_LIBS="$LIBS"
1365			LIBS="$LIBS -lgen"
1366			AC_RUN_IFELSE(
1367				[AC_LANG_SOURCE([[
1368#include <libgen.h>
1369#include <string.h>
1370#include <stdlib.h>
1371
1372int main(int argc, char **argv) {
1373    char *s, buf[32];
1374
1375    strncpy(buf,"/etc", 32);
1376    s = dirname(buf);
1377    if (!s || strncmp(s, "/", 32) != 0) {
1378	exit(1);
1379    } else {
1380	exit(0);
1381    }
1382}
1383				]])],
1384				[ ac_cv_have_broken_dirname="no" ],
1385				[ ac_cv_have_broken_dirname="yes" ],
1386				[ ac_cv_have_broken_dirname="no" ],
1387			)
1388			LIBS="$save_LIBS"
1389		])
1390		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1391			LIBS="$LIBS -lgen"
1392			AC_DEFINE([HAVE_DIRNAME])
1393			AC_CHECK_HEADERS([libgen.h])
1394		fi
1395	])
1396])
1397
1398AC_CHECK_FUNC([getspnam], ,
1399	[AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1400AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1401	[Define if you have the basename function.])])
1402
1403dnl zlib defaults to enabled
1404zlib=yes
1405AC_ARG_WITH([zlib],
1406	[  --with-zlib=PATH        Use zlib in PATH],
1407	[ if test "x$withval" = "xno" ; then
1408		zlib=no
1409	  elif test "x$withval" != "xyes"; then
1410		if test -d "$withval/lib"; then
1411			if test -n "${rpath_opt}"; then
1412				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1413			else
1414				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1415			fi
1416		else
1417			if test -n "${rpath_opt}"; then
1418				LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1419			else
1420				LDFLAGS="-L${withval} ${LDFLAGS}"
1421			fi
1422		fi
1423		if test -d "$withval/include"; then
1424			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1425		else
1426			CPPFLAGS="-I${withval} ${CPPFLAGS}"
1427		fi
1428	fi ]
1429)
1430
1431# These libraries are needed for anything that links in the channel code.
1432CHANNELLIBS=""
1433AC_MSG_CHECKING([for zlib])
1434if test "x${zlib}" = "xno"; then
1435	AC_MSG_RESULT([no])
1436else
1437    saved_LIBS="$LIBS"
1438    CHANNELLIBS="$CHANNELLIBS -lz"
1439    AC_MSG_RESULT([yes])
1440    AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1441    AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1442    AC_CHECK_LIB([z], [deflate], [],
1443	[
1444		saved_CPPFLAGS="$CPPFLAGS"
1445		saved_LDFLAGS="$LDFLAGS"
1446		dnl Check default zlib install dir
1447		if test -n "${rpath_opt}"; then
1448			LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1449		else
1450			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1451		fi
1452		CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1453		AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1454			[
1455				AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1456			]
1457		)
1458	]
1459    )
1460
1461    AC_ARG_WITH([zlib-version-check],
1462	[  --without-zlib-version-check Disable zlib version check],
1463	[  if test "x$withval" = "xno" ; then
1464		zlib_check_nonfatal=1
1465	   fi
1466	]
1467    )
1468
1469    AC_MSG_CHECKING([for possibly buggy zlib])
1470    AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1471#include <stdio.h>
1472#include <stdlib.h>
1473#include <zlib.h>
1474	]],
1475	[[
1476	int a=0, b=0, c=0, d=0, n, v;
1477	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1478	if (n < 1)
1479		exit(1);
1480	v = a*1000000 + b*10000 + c*100 + d;
1481	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1482
1483	/* 1.1.4 is OK */
1484	if (a == 1 && b == 1 && c >= 4)
1485		exit(0);
1486
1487	/* 1.2.3 and up are OK */
1488	if (v >= 1020300)
1489		exit(0);
1490
1491	exit(2);
1492	]])],
1493	AC_MSG_RESULT([no]),
1494	[ AC_MSG_RESULT([yes])
1495	  if test -z "$zlib_check_nonfatal" ; then
1496		AC_MSG_ERROR([*** zlib too old - check config.log ***
1497Your reported zlib version has known security problems.  It's possible your
1498vendor has fixed these problems without changing the version number.  If you
1499are sure this is the case, you can disable the check by running
1500"./configure --without-zlib-version-check".
1501If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1502See http://www.gzip.org/zlib/ for details.])
1503	  else
1504		AC_MSG_WARN([zlib version may have security problems])
1505	  fi
1506	],
1507	[	AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1508    )
1509    LIBS="$saved_LIBS"
1510fi
1511
1512dnl UnixWare 2.x
1513AC_CHECK_FUNC([strcasecmp],
1514	[], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1515)
1516AC_CHECK_FUNCS([utimes],
1517	[], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1518					LIBS="$LIBS -lc89"]) ]
1519)
1520
1521dnl    Checks for libutil functions
1522AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1523AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1524AC_SEARCH_LIBS([scan_scaled], [util bsd])
1525AC_SEARCH_LIBS([login], [util bsd])
1526AC_SEARCH_LIBS([logout], [util bsd])
1527AC_SEARCH_LIBS([logwtmp], [util bsd])
1528AC_SEARCH_LIBS([openpty], [util bsd])
1529AC_SEARCH_LIBS([updwtmp], [util bsd])
1530AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1531
1532# On some platforms, inet_ntop and gethostbyname may be found in libresolv
1533# or libnsl.
1534AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1535AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1536
1537# Some Linux distribtions ship the BSD libc hashing functions in
1538# separate libraries.
1539AC_SEARCH_LIBS([SHA256Update], [md bsd])
1540
1541# "Particular Function Checks"
1542# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1543AC_FUNC_STRFTIME
1544AC_FUNC_MALLOC
1545AC_FUNC_REALLOC
1546# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1547AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1548AC_RUN_IFELSE(
1549	[AC_LANG_PROGRAM(
1550		[[ #include <stdlib.h> ]],
1551		[[ void *p = calloc(0, 1); exit(p == NULL); ]]
1552	)],
1553	[ func_calloc_0_nonnull=yes ],
1554	[ func_calloc_0_nonnull=no ],
1555	[ AC_MSG_WARN([cross compiling: assuming same as malloc])
1556	  func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1557)
1558AC_MSG_RESULT([$func_calloc_0_nonnull])
1559
1560if test "x$func_calloc_0_nonnull" = "xyes"; then
1561	AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1562else
1563	AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1564	AC_DEFINE(calloc, rpl_calloc,
1565	    [Define to rpl_calloc if the replacement function should be used.])
1566fi
1567
1568# Check for ALTDIRFUNC glob() extension
1569AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1570AC_EGREP_CPP([FOUNDIT],
1571	[
1572		#include <glob.h>
1573		#ifdef GLOB_ALTDIRFUNC
1574		FOUNDIT
1575		#endif
1576	],
1577	[
1578		AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1579			[Define if your system glob() function has
1580			the GLOB_ALTDIRFUNC extension])
1581		AC_MSG_RESULT([yes])
1582	],
1583	[
1584		AC_MSG_RESULT([no])
1585	]
1586)
1587
1588# Check for g.gl_matchc glob() extension
1589AC_MSG_CHECKING([for gl_matchc field in glob_t])
1590AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1591	[[ glob_t g; g.gl_matchc = 1; ]])],
1592	[
1593		AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1594			[Define if your system glob() function has
1595			gl_matchc options in glob_t])
1596		AC_MSG_RESULT([yes])
1597	], [
1598		AC_MSG_RESULT([no])
1599])
1600
1601# Check for g.gl_statv glob() extension
1602AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1603AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1604#ifndef GLOB_KEEPSTAT
1605#error "glob does not support GLOB_KEEPSTAT extension"
1606#endif
1607glob_t g;
1608g.gl_statv = NULL;
1609]])],
1610	[
1611		AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1612			[Define if your system glob() function has
1613			gl_statv options in glob_t])
1614		AC_MSG_RESULT([yes])
1615	], [
1616		AC_MSG_RESULT([no])
1617
1618])
1619
1620AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1621
1622AC_CHECK_DECL([VIS_ALL], ,
1623    AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1624
1625AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1626AC_RUN_IFELSE(
1627	[AC_LANG_PROGRAM([[
1628#include <sys/types.h>
1629#include <dirent.h>
1630#include <stdlib.h>
1631	]],
1632	[[
1633	struct dirent d;
1634	exit(sizeof(d.d_name)<=sizeof(char));
1635	]])],
1636	[AC_MSG_RESULT([yes])],
1637	[
1638		AC_MSG_RESULT([no])
1639		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1640			[Define if your struct dirent expects you to
1641			allocate extra space for d_name])
1642	],
1643	[
1644		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1645		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1646	]
1647)
1648
1649AC_MSG_CHECKING([for /proc/pid/fd directory])
1650if test -d "/proc/$$/fd" ; then
1651	AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1652	AC_MSG_RESULT([yes])
1653else
1654	AC_MSG_RESULT([no])
1655fi
1656
1657# Check whether user wants TCP wrappers support
1658TCPW_MSG="no"
1659AC_ARG_WITH([tcp-wrappers],
1660	[  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1661	[
1662		if test "x$withval" != "xno" ; then
1663			saved_LIBS="$LIBS"
1664			saved_LDFLAGS="$LDFLAGS"
1665			saved_CPPFLAGS="$CPPFLAGS"
1666			if test -n "${withval}" && \
1667			    test "x${withval}" != "xyes"; then
1668				if test -d "${withval}/lib"; then
1669					if test -n "${need_dash_r}"; then
1670						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1671					else
1672						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1673					fi
1674				else
1675					if test -n "${need_dash_r}"; then
1676						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1677					else
1678						LDFLAGS="-L${withval} ${LDFLAGS}"
1679					fi
1680				fi
1681				if test -d "${withval}/include"; then
1682					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1683				else
1684					CPPFLAGS="-I${withval} ${CPPFLAGS}"
1685				fi
1686			fi
1687			LIBS="-lwrap $LIBS"
1688			AC_MSG_CHECKING([for libwrap])
1689			AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1690#include <sys/types.h>
1691#include <sys/socket.h>
1692#include <netinet/in.h>
1693#include <tcpd.h>
1694int deny_severity = 0, allow_severity = 0;
1695				]], [[
1696	hosts_access(0);
1697				]])], [
1698					AC_MSG_RESULT([yes])
1699					AC_DEFINE([LIBWRAP], [1],
1700						[Define if you want
1701						TCP Wrappers support])
1702					SSHDLIBS="$SSHDLIBS -lwrap"
1703					TCPW_MSG="yes"
1704				], [
1705					AC_MSG_ERROR([*** libwrap missing])
1706			])
1707			LIBS="$saved_LIBS"
1708		fi
1709	]
1710)
1711
1712# Check whether user wants to use ldns
1713LDNS_MSG="no"
1714AC_ARG_WITH(ldns,
1715	[  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
1716	[
1717	ldns=""
1718	if test "x$withval" = "xyes" ; then
1719		AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1720		if test "x$LDNSCONFIG" = "xno"; then
1721			LIBS="-lldns $LIBS"
1722			ldns=yes
1723		else
1724			LIBS="$LIBS `$LDNSCONFIG --libs`"
1725			CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1726			ldns=yes
1727		fi
1728	elif test "x$withval" != "xno" ; then
1729			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1730			LDFLAGS="$LDFLAGS -L${withval}/lib"
1731			LIBS="-lldns $LIBS"
1732			ldns=yes
1733	fi
1734
1735	# Verify that it works.
1736	if test "x$ldns" = "xyes" ; then
1737		AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1738		LDNS_MSG="yes"
1739		AC_MSG_CHECKING([for ldns support])
1740		AC_LINK_IFELSE(
1741			[AC_LANG_SOURCE([[
1742#include <stdio.h>
1743#include <stdlib.h>
1744#ifdef HAVE_STDINT_H
1745# include <stdint.h>
1746#endif
1747#include <ldns/ldns.h>
1748int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1749			]])
1750		],
1751			[AC_MSG_RESULT(yes)],
1752				[
1753					AC_MSG_RESULT(no)
1754					AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1755				])
1756	fi
1757])
1758
1759# Check whether user wants libedit support
1760LIBEDIT_MSG="no"
1761AC_ARG_WITH([libedit],
1762	[  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1763	[ if test "x$withval" != "xno" ; then
1764		if test "x$withval" = "xyes" ; then
1765			if test "x$PKGCONFIG" != "xno"; then
1766				AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1767				if "$PKGCONFIG" libedit; then
1768					AC_MSG_RESULT([yes])
1769					use_pkgconfig_for_libedit=yes
1770				else
1771					AC_MSG_RESULT([no])
1772				fi
1773			fi
1774		else
1775			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1776			if test -n "${rpath_opt}"; then
1777				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1778			else
1779				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1780			fi
1781		fi
1782		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1783			LIBEDIT=`$PKGCONFIG --libs libedit`
1784			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1785		else
1786			LIBEDIT="-ledit -lcurses"
1787		fi
1788		OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1789		AC_CHECK_LIB([edit], [el_init],
1790			[ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1791			  LIBEDIT_MSG="yes"
1792			  AC_SUBST([LIBEDIT])
1793			],
1794			[ AC_MSG_ERROR([libedit not found]) ],
1795			[ $OTHERLIBS ]
1796		)
1797		AC_MSG_CHECKING([if libedit version is compatible])
1798		AC_COMPILE_IFELSE(
1799		    [AC_LANG_PROGRAM([[
1800#include <histedit.h>
1801#include <stdlib.h>
1802		    ]],
1803		    [[
1804	int i = H_SETSIZE;
1805	el_init("", NULL, NULL, NULL);
1806	exit(0);
1807		    ]])],
1808		    [ AC_MSG_RESULT([yes]) ],
1809		    [ AC_MSG_RESULT([no])
1810		      AC_MSG_ERROR([libedit version is not compatible]) ]
1811		)
1812	fi ]
1813)
1814
1815AUDIT_MODULE=none
1816AC_ARG_WITH([audit],
1817	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
1818	[
1819	  AC_MSG_CHECKING([for supported audit module])
1820	  case "$withval" in
1821	  bsm)
1822		AC_MSG_RESULT([bsm])
1823		AUDIT_MODULE=bsm
1824		dnl    Checks for headers, libs and functions
1825		AC_CHECK_HEADERS([bsm/audit.h], [],
1826		    [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1827		    [
1828#ifdef HAVE_TIME_H
1829# include <time.h>
1830#endif
1831		    ]
1832)
1833		AC_CHECK_LIB([bsm], [getaudit], [],
1834		    [AC_MSG_ERROR([BSM enabled and required library not found])])
1835		AC_CHECK_FUNCS([getaudit], [],
1836		    [AC_MSG_ERROR([BSM enabled and required function not found])])
1837		# These are optional
1838		AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1839		AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1840		if test "$sol2ver" -ge 11; then
1841			SSHDLIBS="$SSHDLIBS -lscf"
1842			AC_DEFINE([BROKEN_BSM_API], [1],
1843				[The system has incomplete BSM API])
1844		fi
1845		;;
1846	  linux)
1847		AC_MSG_RESULT([linux])
1848		AUDIT_MODULE=linux
1849		dnl    Checks for headers, libs and functions
1850		AC_CHECK_HEADERS([libaudit.h])
1851		SSHDLIBS="$SSHDLIBS -laudit"
1852		AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1853		;;
1854	  debug)
1855		AUDIT_MODULE=debug
1856		AC_MSG_RESULT([debug])
1857		AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1858		;;
1859	  no)
1860		AC_MSG_RESULT([no])
1861		;;
1862	  *)
1863		AC_MSG_ERROR([Unknown audit module $withval])
1864		;;
1865	esac ]
1866)
1867
1868AC_ARG_WITH([pie],
1869    [  --with-pie              Build Position Independent Executables if possible], [
1870	if test "x$withval" = "xno"; then
1871		use_pie=no
1872	fi
1873	if test "x$withval" = "xyes"; then
1874		use_pie=yes
1875	fi
1876    ]
1877)
1878if test "x$use_pie" = "x"; then
1879	use_pie=no
1880fi
1881if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1882	# Turn off automatic PIE when toolchain hardening is off.
1883	use_pie=no
1884fi
1885if test "x$use_pie" = "xauto"; then
1886	# Automatic PIE requires gcc >= 4.x
1887	AC_MSG_CHECKING([for gcc >= 4.x])
1888	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1889#if !defined(__GNUC__) || __GNUC__ < 4
1890#error gcc is too old
1891#endif
1892]])],
1893	[ AC_MSG_RESULT([yes]) ],
1894	[ AC_MSG_RESULT([no])
1895	  use_pie=no ]
1896)
1897fi
1898if test "x$use_pie" != "xno"; then
1899	SAVED_CFLAGS="$CFLAGS"
1900	SAVED_LDFLAGS="$LDFLAGS"
1901	OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1902	OSSH_CHECK_LDFLAG_LINK([-pie])
1903	# We use both -fPIE and -pie or neither.
1904	AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1905	if echo "x $CFLAGS"  | grep ' -fPIE' >/dev/null 2>&1 && \
1906	   echo "x $LDFLAGS" | grep ' -pie'  >/dev/null 2>&1 ; then
1907		AC_MSG_RESULT([yes])
1908	else
1909		AC_MSG_RESULT([no])
1910		CFLAGS="$SAVED_CFLAGS"
1911		LDFLAGS="$SAVED_LDFLAGS"
1912	fi
1913fi
1914
1915AC_MSG_CHECKING([whether -fPIC is accepted])
1916SAVED_CFLAGS="$CFLAGS"
1917CFLAGS="$CFLAGS -fPIC"
1918AC_COMPILE_IFELSE(
1919	[AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1920   [AC_MSG_RESULT([yes])
1921    PICFLAG="-fPIC"; ],
1922   [AC_MSG_RESULT([no])
1923    PICFLAG=""; ])
1924CFLAGS="$SAVED_CFLAGS"
1925AC_SUBST([PICFLAG])
1926
1927dnl    Checks for library functions. Please keep in alphabetical order
1928AC_CHECK_FUNCS([ \
1929	auth_hostok \
1930	auth_timeok \
1931	Blowfish_initstate \
1932	Blowfish_expandstate \
1933	Blowfish_expand0state \
1934	Blowfish_stream2word \
1935	SHA256Update \
1936	SHA384Update \
1937	SHA512Update \
1938	asprintf \
1939	b64_ntop \
1940	__b64_ntop \
1941	b64_pton \
1942	__b64_pton \
1943	bcopy \
1944	bcrypt_pbkdf \
1945	bindresvport_sa \
1946	blf_enc \
1947	bzero \
1948	cap_rights_limit \
1949	clock \
1950	closefrom \
1951	close_range \
1952	dirfd \
1953	endgrent \
1954	err \
1955	errx \
1956	explicit_bzero \
1957	explicit_memset \
1958	fchmod \
1959	fchmodat \
1960	fchown \
1961	fchownat \
1962	flock \
1963	fnmatch \
1964	freeaddrinfo \
1965	freezero \
1966	fstatfs \
1967	fstatvfs \
1968	futimes \
1969	getaddrinfo \
1970	getcwd \
1971	getentropy \
1972	getgrouplist \
1973	getline \
1974	getnameinfo \
1975	getopt \
1976	getpagesize \
1977	getpeereid \
1978	getpeerucred \
1979	getpgid \
1980	_getpty \
1981	getrlimit \
1982	getrandom \
1983	getsid \
1984	getttyent \
1985	glob \
1986	group_from_gid \
1987	inet_aton \
1988	inet_ntoa \
1989	inet_ntop \
1990	innetgr \
1991	killpg \
1992	llabs \
1993	localtime_r \
1994	login_getcapbool \
1995	login_getpwclass \
1996	memmem \
1997	memmove \
1998	memset_s \
1999	mkdtemp \
2000	ngetaddrinfo \
2001	nsleep \
2002	ogetaddrinfo \
2003	openlog_r \
2004	pledge \
2005	poll \
2006	ppoll \
2007	prctl \
2008	procctl \
2009	pselect \
2010	pstat \
2011	raise \
2012	readpassphrase \
2013	reallocarray \
2014	realpath \
2015	recvmsg \
2016	recallocarray \
2017	rresvport_af \
2018	sendmsg \
2019	setdtablesize \
2020	setegid \
2021	setenv \
2022	seteuid \
2023	setgroupent \
2024	setgroups \
2025	setlinebuf \
2026	setlogin \
2027	setpassent\
2028	setpcred \
2029	setproctitle \
2030	setregid \
2031	setreuid \
2032	setrlimit \
2033	setsid \
2034	setvbuf \
2035	sigaction \
2036	sigvec \
2037	snprintf \
2038	socketpair \
2039	statfs \
2040	statvfs \
2041	strcasestr \
2042	strdup \
2043	strerror \
2044	strlcat \
2045	strlcpy \
2046	strmode \
2047	strndup \
2048	strnlen \
2049	strnvis \
2050	strptime \
2051	strsignal \
2052	strtonum \
2053	strtoll \
2054	strtoul \
2055	strtoull \
2056	swap32 \
2057	sysconf \
2058	tcgetpgrp \
2059	timegm \
2060	timingsafe_bcmp \
2061	truncate \
2062	unsetenv \
2063	updwtmpx \
2064	utimensat \
2065	user_from_uid \
2066	usleep \
2067	vasprintf \
2068	vsnprintf \
2069	waitpid \
2070	warn \
2071])
2072
2073AC_CHECK_DECLS([bzero, memmem])
2074
2075dnl Wide character support.
2076AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
2077
2078TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
2079AC_MSG_CHECKING([for utf8 locale support])
2080AC_RUN_IFELSE(
2081	[AC_LANG_PROGRAM([[
2082#include <locale.h>
2083#include <stdlib.h>
2084	]], [[
2085	char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2086	if (loc != NULL)
2087		exit(0);
2088	exit(1);
2089	]])],
2090	AC_MSG_RESULT(yes),
2091	[AC_MSG_RESULT(no)
2092	 TEST_SSH_UTF8=no],
2093	AC_MSG_WARN([cross compiling: assuming yes])
2094)
2095
2096AC_LINK_IFELSE(
2097        [AC_LANG_PROGRAM(
2098           [[ #include <ctype.h> ]],
2099           [[ return (isblank('a')); ]])],
2100	[AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
2101])
2102
2103disable_pkcs11=
2104AC_ARG_ENABLE([pkcs11],
2105	[  --disable-pkcs11        disable PKCS#11 support code [no]],
2106	[
2107		if test "x$enableval" = "xno" ; then
2108			disable_pkcs11=1
2109		fi
2110	]
2111)
2112
2113disable_sk=
2114AC_ARG_ENABLE([security-key],
2115	[  --disable-security-key  disable U2F/FIDO support code [no]],
2116	[
2117		if test "x$enableval" = "xno" ; then
2118			disable_sk=1
2119		fi
2120	]
2121)
2122enable_sk_internal=
2123AC_ARG_WITH([security-key-builtin],
2124	[  --with-security-key-builtin include builtin U2F/FIDO support],
2125	[ enable_sk_internal=$withval ]
2126)
2127
2128AC_SEARCH_LIBS([dlopen], [dl])
2129AC_CHECK_FUNCS([dlopen])
2130AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
2131
2132# IRIX has a const char return value for gai_strerror()
2133AC_CHECK_FUNCS([gai_strerror], [
2134	AC_DEFINE([HAVE_GAI_STRERROR])
2135	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2136#include <sys/types.h>
2137#include <sys/socket.h>
2138#include <netdb.h>
2139
2140const char *gai_strerror(int);
2141			]], [[
2142	char *str;
2143	str = gai_strerror(0);
2144			]])], [
2145		AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
2146		[Define if gai_strerror() returns const char *])], [])])
2147
2148AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
2149	[Some systems put nanosleep outside of libc])])
2150
2151AC_SEARCH_LIBS([clock_gettime], [rt],
2152	[AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
2153
2154dnl check if we need -D_REENTRANT for localtime_r declaration.
2155AC_CHECK_DECL([localtime_r], [],
2156	[ saved_CPPFLAGS="$CPPFLAGS"
2157	  CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2158	  unset ac_cv_have_decl_localtime_r
2159	  AC_CHECK_DECL([localtime_r], [],
2160		[ CPPFLAGS="$saved_CPPFLAGS" ],
2161		[ #include <time.h> ]
2162	  )
2163	],
2164	[ #include <time.h> ]
2165)
2166
2167dnl Make sure prototypes are defined for these before using them.
2168AC_CHECK_DECL([strsep],
2169	[AC_CHECK_FUNCS([strsep])],
2170	[],
2171	[
2172#ifdef HAVE_STRING_H
2173# include <string.h>
2174#endif
2175	])
2176
2177dnl tcsendbreak might be a macro
2178AC_CHECK_DECL([tcsendbreak],
2179	[AC_DEFINE([HAVE_TCSENDBREAK])],
2180	[AC_CHECK_FUNCS([tcsendbreak])],
2181	[#include <termios.h>]
2182)
2183
2184AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2185
2186AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
2187	[
2188#include <sys/types.h>
2189#include <sys/socket.h>
2190#include <unistd.h>
2191	])
2192
2193AC_CHECK_DECLS([O_NONBLOCK], , ,
2194	[
2195#include <sys/types.h>
2196#ifdef HAVE_SYS_STAT_H
2197# include <sys/stat.h>
2198#endif
2199#ifdef HAVE_FCNTL_H
2200# include <fcntl.h>
2201#endif
2202	])
2203
2204AC_CHECK_DECLS([ftruncate, getentropy], , ,
2205	[
2206#include <sys/types.h>
2207#include <unistd.h>
2208	])
2209
2210AC_CHECK_DECLS([readv, writev], , , [
2211#include <sys/types.h>
2212#include <sys/uio.h>
2213#include <unistd.h>
2214	])
2215
2216AC_CHECK_DECLS([MAXSYMLINKS], , , [
2217#include <sys/param.h>
2218	])
2219
2220AC_CHECK_DECLS([offsetof], , , [
2221#include <stddef.h>
2222	])
2223
2224# extra bits for select(2)
2225AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2226#include <sys/param.h>
2227#include <sys/types.h>
2228#ifdef HAVE_SYS_SYSMACROS_H
2229#include <sys/sysmacros.h>
2230#endif
2231#ifdef HAVE_SYS_SELECT_H
2232#include <sys/select.h>
2233#endif
2234#ifdef HAVE_SYS_TIME_H
2235#include <sys/time.h>
2236#endif
2237#ifdef HAVE_UNISTD_H
2238#include <unistd.h>
2239#endif
2240	]])
2241AC_CHECK_TYPES([fd_mask], [], [], [[
2242#include <sys/param.h>
2243#include <sys/types.h>
2244#ifdef HAVE_SYS_SELECT_H
2245#include <sys/select.h>
2246#endif
2247#ifdef HAVE_SYS_TIME_H
2248#include <sys/time.h>
2249#endif
2250#ifdef HAVE_UNISTD_H
2251#include <unistd.h>
2252#endif
2253	]])
2254
2255AC_CHECK_FUNCS([setresuid], [
2256	dnl Some platorms have setresuid that isn't implemented, test for this
2257	AC_MSG_CHECKING([if setresuid seems to work])
2258	AC_RUN_IFELSE(
2259		[AC_LANG_PROGRAM([[
2260#include <errno.h>
2261#include <stdlib.h>
2262#include <unistd.h>
2263		]], [[
2264	errno=0;
2265	setresuid(0,0,0);
2266	if (errno==ENOSYS)
2267		exit(1);
2268	else
2269		exit(0);
2270		]])],
2271		[AC_MSG_RESULT([yes])],
2272		[AC_DEFINE([BROKEN_SETRESUID], [1],
2273			[Define if your setresuid() is broken])
2274		 AC_MSG_RESULT([not implemented])],
2275		[AC_MSG_WARN([cross compiling: not checking setresuid])]
2276	)
2277])
2278
2279AC_CHECK_FUNCS([setresgid], [
2280	dnl Some platorms have setresgid that isn't implemented, test for this
2281	AC_MSG_CHECKING([if setresgid seems to work])
2282	AC_RUN_IFELSE(
2283		[AC_LANG_PROGRAM([[
2284#include <errno.h>
2285#include <stdlib.h>
2286#include <unistd.h>
2287		]], [[
2288	errno=0;
2289	setresgid(0,0,0);
2290	if (errno==ENOSYS)
2291		exit(1);
2292	else
2293		exit(0);
2294		]])],
2295		[AC_MSG_RESULT([yes])],
2296		[AC_DEFINE([BROKEN_SETRESGID], [1],
2297			[Define if your setresgid() is broken])
2298		 AC_MSG_RESULT([not implemented])],
2299		[AC_MSG_WARN([cross compiling: not checking setresuid])]
2300	)
2301])
2302
2303AC_MSG_CHECKING([for working fflush(NULL)])
2304AC_RUN_IFELSE(
2305	[AC_LANG_PROGRAM([[
2306#include <stdio.h>
2307#include <stdlib.h>
2308	]],
2309	[[fflush(NULL); exit(0);]])],
2310	AC_MSG_RESULT([yes]),
2311	[AC_MSG_RESULT([no])
2312	 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2313	    [define if fflush(NULL) does not work])],
2314	AC_MSG_WARN([cross compiling: assuming working])
2315)
2316
2317dnl    Checks for time functions
2318AC_CHECK_FUNCS([gettimeofday time])
2319dnl    Checks for utmp functions
2320AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2321AC_CHECK_FUNCS([utmpname])
2322dnl    Checks for utmpx functions
2323AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2324AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2325dnl    Checks for lastlog functions
2326AC_CHECK_FUNCS([getlastlogxbyname])
2327
2328AC_CHECK_FUNC([daemon],
2329	[AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2330	[AC_CHECK_LIB([bsd], [daemon],
2331		[LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2332)
2333
2334AC_CHECK_FUNC([getpagesize],
2335	[AC_DEFINE([HAVE_GETPAGESIZE], [1],
2336		[Define if your libraries define getpagesize()])],
2337	[AC_CHECK_LIB([ucb], [getpagesize],
2338		[LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2339)
2340
2341# Check for broken snprintf
2342if test "x$ac_cv_func_snprintf" = "xyes" ; then
2343	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2344	AC_RUN_IFELSE(
2345		[AC_LANG_PROGRAM([[
2346#include <stdio.h>
2347#include <stdlib.h>
2348		]],
2349		[[
2350	char b[5];
2351	snprintf(b,5,"123456789");
2352	exit(b[4]!='\0');
2353		]])],
2354		[AC_MSG_RESULT([yes])],
2355		[
2356			AC_MSG_RESULT([no])
2357			AC_DEFINE([BROKEN_SNPRINTF], [1],
2358				[Define if your snprintf is busted])
2359			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2360		],
2361		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2362	)
2363fi
2364
2365if test "x$ac_cv_func_snprintf" = "xyes" ; then
2366	AC_MSG_CHECKING([whether snprintf understands %zu])
2367	AC_RUN_IFELSE(
2368		[AC_LANG_PROGRAM([[
2369#include <sys/types.h>
2370#include <stdio.h>
2371#include <stdlib.h>
2372#include <string.h>
2373		]],
2374		[[
2375	size_t a = 1, b = 2;
2376	char z[128];
2377	snprintf(z, sizeof z, "%zu%zu", a, b);
2378	exit(strcmp(z, "12"));
2379		]])],
2380		[AC_MSG_RESULT([yes])],
2381		[
2382			AC_MSG_RESULT([no])
2383			AC_DEFINE([BROKEN_SNPRINTF], [1],
2384				[snprintf does not understand %zu])
2385		],
2386		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2387	)
2388fi
2389
2390# We depend on vsnprintf returning the right thing on overflow: the
2391# number of characters it tried to create (as per SUSv3)
2392if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2393	AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2394	AC_RUN_IFELSE(
2395		[AC_LANG_PROGRAM([[
2396#include <sys/types.h>
2397#include <stdio.h>
2398#include <stdarg.h>
2399
2400int x_snprintf(char *str, size_t count, const char *fmt, ...)
2401{
2402	size_t ret;
2403	va_list ap;
2404
2405	va_start(ap, fmt);
2406	ret = vsnprintf(str, count, fmt, ap);
2407	va_end(ap);
2408	return ret;
2409}
2410		]], [[
2411char x[1];
2412if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2413	return 1;
2414if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2415	return 1;
2416return 0;
2417		]])],
2418		[AC_MSG_RESULT([yes])],
2419		[
2420			AC_MSG_RESULT([no])
2421			AC_DEFINE([BROKEN_SNPRINTF], [1],
2422				[Define if your snprintf is busted])
2423			AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2424		],
2425		[ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2426	)
2427fi
2428
2429# On systems where [v]snprintf is broken, but is declared in stdio,
2430# check that the fmt argument is const char * or just char *.
2431# This is only useful for when BROKEN_SNPRINTF
2432AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2433AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2434#include <stdio.h>
2435int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2436		]], [[
2437	snprintf(0, 0, 0);
2438		]])],
2439   [AC_MSG_RESULT([yes])
2440    AC_DEFINE([SNPRINTF_CONST], [const],
2441              [Define as const if snprintf() can declare const char *fmt])],
2442   [AC_MSG_RESULT([no])
2443    AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2444
2445# Check for missing getpeereid (or equiv) support
2446NO_PEERCHECK=""
2447if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2448	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2449	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2450#include <sys/types.h>
2451#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2452		[ AC_MSG_RESULT([yes])
2453		  AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2454		], [AC_MSG_RESULT([no])
2455		NO_PEERCHECK=1
2456        ])
2457fi
2458
2459dnl make sure that openpty does not reacquire controlling terminal
2460if test ! -z "$check_for_openpty_ctty_bug"; then
2461	AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2462	AC_RUN_IFELSE(
2463		[AC_LANG_PROGRAM([[
2464#include <stdio.h>
2465#include <stdlib.h>
2466#include <unistd.h>
2467#ifdef HAVE_PTY_H
2468# include <pty.h>
2469#endif
2470#include <sys/fcntl.h>
2471#include <sys/types.h>
2472#include <sys/wait.h>
2473		]], [[
2474	pid_t pid;
2475	int fd, ptyfd, ttyfd, status;
2476
2477	pid = fork();
2478	if (pid < 0) {		/* failed */
2479		exit(1);
2480	} else if (pid > 0) {	/* parent */
2481		waitpid(pid, &status, 0);
2482		if (WIFEXITED(status))
2483			exit(WEXITSTATUS(status));
2484		else
2485			exit(2);
2486	} else {		/* child */
2487		close(0); close(1); close(2);
2488		setsid();
2489		openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2490		fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2491		if (fd >= 0)
2492			exit(3);	/* Acquired ctty: broken */
2493		else
2494			exit(0);	/* Did not acquire ctty: OK */
2495	}
2496		]])],
2497		[
2498			AC_MSG_RESULT([yes])
2499		],
2500		[
2501			AC_MSG_RESULT([no])
2502			AC_DEFINE([SSHD_ACQUIRES_CTTY])
2503		],
2504		[
2505			AC_MSG_RESULT([cross-compiling, assuming yes])
2506		]
2507	)
2508fi
2509
2510if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2511    test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2512	AC_MSG_CHECKING([if getaddrinfo seems to work])
2513	AC_RUN_IFELSE(
2514		[AC_LANG_PROGRAM([[
2515#include <stdio.h>
2516#include <stdlib.h>
2517#include <sys/socket.h>
2518#include <netdb.h>
2519#include <errno.h>
2520#include <netinet/in.h>
2521
2522#define TEST_PORT "2222"
2523		]], [[
2524	int err, sock;
2525	struct addrinfo *gai_ai, *ai, hints;
2526	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2527
2528	memset(&hints, 0, sizeof(hints));
2529	hints.ai_family = PF_UNSPEC;
2530	hints.ai_socktype = SOCK_STREAM;
2531	hints.ai_flags = AI_PASSIVE;
2532
2533	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2534	if (err != 0) {
2535		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2536		exit(1);
2537	}
2538
2539	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2540		if (ai->ai_family != AF_INET6)
2541			continue;
2542
2543		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2544		    sizeof(ntop), strport, sizeof(strport),
2545		    NI_NUMERICHOST|NI_NUMERICSERV);
2546
2547		if (err != 0) {
2548			if (err == EAI_SYSTEM)
2549				perror("getnameinfo EAI_SYSTEM");
2550			else
2551				fprintf(stderr, "getnameinfo failed: %s\n",
2552				    gai_strerror(err));
2553			exit(2);
2554		}
2555
2556		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2557		if (sock < 0)
2558			perror("socket");
2559		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2560			if (errno == EBADF)
2561				exit(3);
2562		}
2563	}
2564	exit(0);
2565		]])],
2566		[
2567			AC_MSG_RESULT([yes])
2568		],
2569		[
2570			AC_MSG_RESULT([no])
2571			AC_DEFINE([BROKEN_GETADDRINFO])
2572		],
2573		[
2574			AC_MSG_RESULT([cross-compiling, assuming yes])
2575		]
2576	)
2577fi
2578
2579if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2580    test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2581	AC_MSG_CHECKING([if getaddrinfo seems to work])
2582	AC_RUN_IFELSE(
2583		[AC_LANG_PROGRAM([[
2584#include <stdio.h>
2585#include <stdlib.h>
2586#include <sys/socket.h>
2587#include <netdb.h>
2588#include <errno.h>
2589#include <netinet/in.h>
2590
2591#define TEST_PORT "2222"
2592		]], [[
2593	int err, sock;
2594	struct addrinfo *gai_ai, *ai, hints;
2595	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2596
2597	memset(&hints, 0, sizeof(hints));
2598	hints.ai_family = PF_UNSPEC;
2599	hints.ai_socktype = SOCK_STREAM;
2600	hints.ai_flags = AI_PASSIVE;
2601
2602	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2603	if (err != 0) {
2604		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2605		exit(1);
2606	}
2607
2608	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2609		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2610			continue;
2611
2612		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2613		    sizeof(ntop), strport, sizeof(strport),
2614		    NI_NUMERICHOST|NI_NUMERICSERV);
2615
2616		if (ai->ai_family == AF_INET && err != 0) {
2617			perror("getnameinfo");
2618			exit(2);
2619		}
2620	}
2621	exit(0);
2622		]])],
2623		[
2624			AC_MSG_RESULT([yes])
2625			AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2626				[Define if you have a getaddrinfo that fails
2627				for the all-zeros IPv6 address])
2628		],
2629		[
2630			AC_MSG_RESULT([no])
2631			AC_DEFINE([BROKEN_GETADDRINFO])
2632		],
2633		[
2634			AC_MSG_RESULT([cross-compiling, assuming no])
2635		]
2636	)
2637fi
2638
2639if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2640	AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2641	    [#include <sys/types.h>
2642	     #include <sys/socket.h>
2643	     #include <netdb.h>])
2644fi
2645
2646if test "x$check_for_conflicting_getspnam" = "x1"; then
2647	AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2648	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2649#include <shadow.h>
2650#include <stdlib.h>
2651		]],
2652		[[ exit(0); ]])],
2653		[
2654			AC_MSG_RESULT([no])
2655		],
2656		[
2657			AC_MSG_RESULT([yes])
2658			AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2659			    [Conflicting defs for getspnam])
2660		]
2661	)
2662fi
2663
2664dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2665dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2666dnl for over ten years). Despite this incompatibility being reported during
2667dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2668dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2669dnl implementation.  Try to detect this mess, and assume the only safe option
2670dnl if we're cross compiling.
2671dnl
2672dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2673dnl NetBSD: 2012,  strnvis(char *dst, size_t dlen, const char *src, int flag);
2674if test "x$ac_cv_func_strnvis" = "xyes"; then
2675	AC_MSG_CHECKING([for working strnvis])
2676	AC_RUN_IFELSE(
2677		[AC_LANG_PROGRAM([[
2678#include <signal.h>
2679#include <stdlib.h>
2680#include <string.h>
2681#include <unistd.h>
2682#include <vis.h>
2683static void sighandler(int sig) { _exit(1); }
2684		]], [[
2685	char dst[16];
2686
2687	signal(SIGSEGV, sighandler);
2688	if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2689		exit(0);
2690	exit(1)
2691		]])],
2692		[AC_MSG_RESULT([yes])],
2693		[AC_MSG_RESULT([no])
2694		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2695		[AC_MSG_WARN([cross compiling: assuming broken])
2696		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2697	)
2698fi
2699
2700AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
2701AC_RUN_IFELSE(
2702	[AC_LANG_PROGRAM([[
2703#ifdef HAVE_SYS_SELECT
2704# include <sys/select.h>
2705#endif
2706#include <sys/types.h>
2707#include <sys/time.h>
2708#include <stdlib.h>
2709#include <signal.h>
2710#include <unistd.h>
2711static void sighandler(int sig) { }
2712		]], [[
2713	int r;
2714	pid_t pid;
2715	struct sigaction sa;
2716
2717	sa.sa_handler = sighandler;
2718	sa.sa_flags = SA_RESTART;
2719	(void)sigaction(SIGTERM, &sa, NULL);
2720	if ((pid = fork()) == 0) { /* child */
2721		pid = getppid();
2722		sleep(1);
2723		kill(pid, SIGTERM);
2724		sleep(1);
2725		if (getppid() == pid) /* if parent did not exit, shoot it */
2726			kill(pid, SIGKILL);
2727		exit(0);
2728	} else { /* parent */
2729		r = select(0, NULL, NULL, NULL, NULL);
2730	}
2731	exit(r == -1 ? 0 : 1);
2732	]])],
2733	[AC_MSG_RESULT([yes])],
2734	[AC_MSG_RESULT([no])
2735	 AC_DEFINE([NO_SA_RESTART], [1],
2736	    [SA_RESTARTed signals do no interrupt select])],
2737	[AC_MSG_WARN([cross compiling: assuming yes])]
2738)
2739
2740AC_CHECK_FUNCS([getpgrp],[
2741	AC_MSG_CHECKING([if getpgrp accepts zero args])
2742	AC_COMPILE_IFELSE(
2743		[AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2744		[ AC_MSG_RESULT([yes])
2745		  AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2746		[ AC_MSG_RESULT([no])
2747		  AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2748	)
2749])
2750
2751# Search for OpenSSL
2752saved_CPPFLAGS="$CPPFLAGS"
2753saved_LDFLAGS="$LDFLAGS"
2754openssl_bin_PATH="$PATH"
2755AC_ARG_WITH([ssl-dir],
2756	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
2757	[
2758		if test "x$openssl" = "xno" ; then
2759			AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2760		fi
2761		if test "x$withval" != "xno" ; then
2762			case "$withval" in
2763				# Relative paths
2764				./*|../*)	withval="`pwd`/$withval"
2765			esac
2766			if test -d "$withval/lib"; then
2767				libcrypto_path="${withval}/lib"
2768			elif test -d "$withval/lib64"; then
2769				libcrypto_path="$withval/lib64"
2770			else
2771				# Built but not installed
2772				libcrypto_path="${withval}"
2773			fi
2774			if test -n "${rpath_opt}"; then
2775				LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2776			else
2777				LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2778			fi
2779			if test -d "$withval/include"; then
2780				CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2781			else
2782				CPPFLAGS="-I${withval} ${CPPFLAGS}"
2783			fi
2784			openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
2785		fi
2786	]
2787)
2788AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH])
2789AC_SUBST(OPENSSL_BIN, [${openssl_bin}])
2790
2791AC_ARG_WITH([openssl-header-check],
2792	[  --without-openssl-header-check Disable OpenSSL version consistency check],
2793	[
2794		if test "x$withval" = "xno" ; then
2795			openssl_check_nonfatal=1
2796		fi
2797	]
2798)
2799
2800openssl_engine=no
2801AC_ARG_WITH([ssl-engine],
2802	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
2803	[
2804		if test "x$withval" != "xno" ; then
2805			if test "x$openssl" = "xno" ; then
2806				AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2807			fi
2808			openssl_engine=yes
2809		fi
2810	]
2811)
2812
2813nocrypto_saved_LIBS="$LIBS"
2814if test "x$openssl" = "xyes" ; then
2815	LIBS="-lcrypto $LIBS"
2816	CHANNELLIBS="-lcrypto $CHANNELLIBS"
2817	AC_TRY_LINK_FUNC([RAND_add], ,
2818	    [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
2819	AC_CHECK_HEADER([openssl/opensslv.h], ,
2820	    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2821
2822	# Determine OpenSSL header version
2823	AC_MSG_CHECKING([OpenSSL header version])
2824	AC_RUN_IFELSE(
2825		[AC_LANG_PROGRAM([[
2826	#include <stdlib.h>
2827	#include <stdio.h>
2828	#include <string.h>
2829	#include <openssl/opensslv.h>
2830	#define DATA "conftest.sslincver"
2831		]], [[
2832		FILE *fd;
2833		int rc;
2834
2835		fd = fopen(DATA,"w");
2836		if(fd == NULL)
2837			exit(1);
2838
2839		if ((rc = fprintf(fd, "%08lx (%s)\n",
2840		    (unsigned long)OPENSSL_VERSION_NUMBER,
2841		     OPENSSL_VERSION_TEXT)) < 0)
2842			exit(1);
2843
2844		exit(0);
2845		]])],
2846		[
2847			ssl_header_ver=`cat conftest.sslincver`
2848			AC_MSG_RESULT([$ssl_header_ver])
2849		],
2850		[
2851			AC_MSG_RESULT([not found])
2852			AC_MSG_ERROR([OpenSSL version header not found.])
2853		],
2854		[
2855			AC_MSG_WARN([cross compiling: not checking])
2856		]
2857	)
2858
2859	# Determining OpenSSL library version is version dependent.
2860	AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
2861
2862	# Determine OpenSSL library version
2863	AC_MSG_CHECKING([OpenSSL library version])
2864	AC_RUN_IFELSE(
2865		[AC_LANG_PROGRAM([[
2866	#include <stdio.h>
2867	#include <stdlib.h>
2868	#include <string.h>
2869	#include <openssl/opensslv.h>
2870	#include <openssl/crypto.h>
2871	#define DATA "conftest.ssllibver"
2872		]], [[
2873		FILE *f;
2874		/* We need these legacy bits to warn for old libcrypto */
2875		#ifndef OPENSSL_VERSION
2876		# define OPENSSL_VERSION SSLEAY_VERSION
2877		#endif
2878		#ifndef HAVE_OPENSSL_VERSION
2879		# define OpenSSL_version       SSLeay_version
2880		#endif
2881		#ifndef HAVE_OPENSSL_VERSION_NUM
2882		# define OpenSSL_version_num   SSLeay
2883		#endif
2884		if ((f = fopen(DATA, "w")) == NULL)
2885			exit(1);
2886		if (fprintf(f, "%08lx (%s)",
2887		    (unsigned long)OpenSSL_version_num(),
2888		    OpenSSL_version(OPENSSL_VERSION)) < 0)
2889			exit(1);
2890#ifdef LIBRESSL_VERSION_NUMBER
2891		if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
2892			exit(1);
2893#endif
2894		if (fputc('\n', f) == EOF || fclose(f) == EOF)
2895			exit(1);
2896		exit(0);
2897		]])],
2898		[
2899			sslver=`cat conftest.ssllibver`
2900			ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
2901			# Check version is supported.
2902			case "$sslver" in
2903			100*|10100*) # 1.0.x, 1.1.0x
2904				AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
2905				;;
2906			101*)   ;; # 1.1.x
2907			200*)   # LibreSSL
2908				lver=`echo "$sslver" | sed 's/.*libressl-//'`
2909				case "$lver" in
2910				2*|300*) # 2.x, 3.0.0
2911					AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
2912					;;
2913				*) ;;	# Assume all other versions are good.
2914				esac
2915				;;
2916			300*)
2917				# OpenSSL 3; we use the 1.1x API
2918				CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2919				;;
2920			301*|302*|303*)
2921				# OpenSSL development branch; request 1.1x API
2922				CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2923				;;
2924		        *)
2925				AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
2926		                ;;
2927			esac
2928			AC_MSG_RESULT([$ssl_showver])
2929		],
2930		[
2931			AC_MSG_RESULT([not found])
2932			AC_MSG_ERROR([OpenSSL library not found.])
2933		],
2934		[
2935			AC_MSG_WARN([cross compiling: not checking])
2936		]
2937	)
2938
2939	case "$host" in
2940	x86_64-*)
2941		case "$sslver" in
2942		3000004*)
2943			AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2944			;;
2945		esac
2946	esac
2947
2948	# Sanity check OpenSSL headers
2949	AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2950	AC_RUN_IFELSE(
2951		[AC_LANG_PROGRAM([[
2952	#include <stdlib.h>
2953	#include <string.h>
2954	#include <openssl/opensslv.h>
2955	#include <openssl/crypto.h>
2956		]], [[
2957		exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2958		]])],
2959		[
2960			AC_MSG_RESULT([yes])
2961		],
2962		[
2963			AC_MSG_RESULT([no])
2964			if test "x$openssl_check_nonfatal" = "x"; then
2965				AC_MSG_ERROR([Your OpenSSL headers do not match your
2966	library. Check config.log for details.
2967	If you are sure your installation is consistent, you can disable the check
2968	by running "./configure --without-openssl-header-check".
2969	Also see contrib/findssl.sh for help identifying header/library mismatches.
2970	])
2971			else
2972				AC_MSG_WARN([Your OpenSSL headers do not match your
2973	library. Check config.log for details.
2974	Also see contrib/findssl.sh for help identifying header/library mismatches.])
2975			fi
2976		],
2977		[
2978			AC_MSG_WARN([cross compiling: not checking])
2979		]
2980	)
2981
2982	AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2983	AC_LINK_IFELSE(
2984		[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2985		[[ ERR_load_crypto_strings(); ]])],
2986		[
2987			AC_MSG_RESULT([yes])
2988		],
2989		[
2990			AC_MSG_RESULT([no])
2991			LIBS="$LIBS -ldl"
2992			AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2993			AC_LINK_IFELSE(
2994				[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2995				[[ ERR_load_crypto_strings(); ]])],
2996				[
2997					AC_MSG_RESULT([yes])
2998					CHANNELLIBS="$CHANNELLIBS -ldl"
2999				],
3000				[
3001					AC_MSG_RESULT([no])
3002				]
3003			)
3004		]
3005	)
3006
3007	AC_CHECK_FUNCS([ \
3008		BN_is_prime_ex \
3009		DES_crypt \
3010		DSA_generate_parameters_ex \
3011		EVP_DigestFinal_ex \
3012		EVP_DigestInit_ex \
3013		EVP_MD_CTX_cleanup \
3014		EVP_MD_CTX_copy_ex \
3015		EVP_MD_CTX_init \
3016		HMAC_CTX_init \
3017		RSA_generate_key_ex \
3018		RSA_get_default_method \
3019	])
3020
3021	# OpenSSL_add_all_algorithms may be a macro.
3022	AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
3023	    AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
3024	    AC_CHECK_DECL(OpenSSL_add_all_algorithms,
3025		AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
3026		[[#include <openssl/evp.h>]]
3027	    )
3028	)
3029
3030	# LibreSSL/OpenSSL API differences
3031	AC_CHECK_FUNCS([ \
3032		EVP_CIPHER_CTX_iv \
3033		EVP_CIPHER_CTX_iv_noconst \
3034		EVP_CIPHER_CTX_get_iv \
3035		EVP_CIPHER_CTX_get_updated_iv \
3036		EVP_CIPHER_CTX_set_iv \
3037	])
3038
3039	if test "x$openssl_engine" = "xyes" ; then
3040		AC_MSG_CHECKING([for OpenSSL ENGINE support])
3041		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3042	#include <openssl/engine.h>
3043			]], [[
3044				ENGINE_load_builtin_engines();
3045				ENGINE_register_all_complete();
3046			]])],
3047			[ AC_MSG_RESULT([yes])
3048			  AC_DEFINE([USE_OPENSSL_ENGINE], [1],
3049			     [Enable OpenSSL engine support])
3050			], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
3051		])
3052	fi
3053
3054	# Check for OpenSSL without EVP_aes_{192,256}_cbc
3055	AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3056	AC_LINK_IFELSE(
3057		[AC_LANG_PROGRAM([[
3058	#include <stdlib.h>
3059	#include <string.h>
3060	#include <openssl/evp.h>
3061		]], [[
3062		exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
3063		]])],
3064		[
3065			AC_MSG_RESULT([no])
3066		],
3067		[
3068			AC_MSG_RESULT([yes])
3069			AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
3070			    [libcrypto is missing AES 192 and 256 bit functions])
3071		]
3072	)
3073
3074	AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
3075	AC_LINK_IFELSE(
3076		[AC_LANG_PROGRAM([[
3077	#include <stdlib.h>
3078	#include <string.h>
3079	#include <openssl/evp.h>
3080		]], [[
3081		if(EVP_DigestUpdate(NULL, NULL,0))
3082			exit(0);
3083		]])],
3084		[
3085			AC_MSG_RESULT([yes])
3086		],
3087		[
3088			AC_MSG_RESULT([no])
3089			AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
3090			    [Define if EVP_DigestUpdate returns void])
3091		]
3092	)
3093
3094	# Check for various EVP support in OpenSSL
3095	AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
3096
3097	# Check complete ECC support in OpenSSL
3098	AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3099	AC_LINK_IFELSE(
3100		[AC_LANG_PROGRAM([[
3101	#include <openssl/ec.h>
3102	#include <openssl/ecdh.h>
3103	#include <openssl/ecdsa.h>
3104	#include <openssl/evp.h>
3105	#include <openssl/objects.h>
3106	#include <openssl/opensslv.h>
3107		]], [[
3108		EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3109		const EVP_MD *m = EVP_sha256(); /* We need this too */
3110		]])],
3111		[ AC_MSG_RESULT([yes])
3112		  enable_nistp256=1 ],
3113		[ AC_MSG_RESULT([no]) ]
3114	)
3115
3116	AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3117	AC_LINK_IFELSE(
3118		[AC_LANG_PROGRAM([[
3119	#include <openssl/ec.h>
3120	#include <openssl/ecdh.h>
3121	#include <openssl/ecdsa.h>
3122	#include <openssl/evp.h>
3123	#include <openssl/objects.h>
3124	#include <openssl/opensslv.h>
3125		]], [[
3126		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3127		const EVP_MD *m = EVP_sha384(); /* We need this too */
3128		]])],
3129		[ AC_MSG_RESULT([yes])
3130		  enable_nistp384=1 ],
3131		[ AC_MSG_RESULT([no]) ]
3132	)
3133
3134	AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3135	AC_LINK_IFELSE(
3136		[AC_LANG_PROGRAM([[
3137	#include <openssl/ec.h>
3138	#include <openssl/ecdh.h>
3139	#include <openssl/ecdsa.h>
3140	#include <openssl/evp.h>
3141	#include <openssl/objects.h>
3142	#include <openssl/opensslv.h>
3143		]], [[
3144		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3145		const EVP_MD *m = EVP_sha512(); /* We need this too */
3146		]])],
3147		[ AC_MSG_RESULT([yes])
3148		  AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3149		  AC_RUN_IFELSE(
3150			[AC_LANG_PROGRAM([[
3151	#include <stdlib.h>
3152	#include <openssl/ec.h>
3153	#include <openssl/ecdh.h>
3154	#include <openssl/ecdsa.h>
3155	#include <openssl/evp.h>
3156	#include <openssl/objects.h>
3157	#include <openssl/opensslv.h>
3158			]],[[
3159			EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3160			const EVP_MD *m = EVP_sha512(); /* We need this too */
3161			exit(e == NULL || m == NULL);
3162			]])],
3163			[ AC_MSG_RESULT([yes])
3164			  enable_nistp521=1 ],
3165			[ AC_MSG_RESULT([no]) ],
3166			[ AC_MSG_WARN([cross-compiling: assuming yes])
3167			  enable_nistp521=1 ]
3168		  )],
3169		AC_MSG_RESULT([no])
3170	)
3171
3172	if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3173	    test x$enable_nistp521 = x1; then
3174		AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3175		AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3176		openssl_ecc=yes
3177	else
3178		openssl_ecc=no
3179	fi
3180	if test x$enable_nistp256 = x1; then
3181		AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3182		    [libcrypto has NID_X9_62_prime256v1])
3183	else
3184		unsupported_algorithms="$unsupported_algorithms \
3185			ecdsa-sha2-nistp256 \
3186			ecdh-sha2-nistp256 \
3187			ecdsa-sha2-nistp256-cert-v01@openssh.com"
3188	fi
3189	if test x$enable_nistp384 = x1; then
3190		AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3191	else
3192		unsupported_algorithms="$unsupported_algorithms \
3193			ecdsa-sha2-nistp384 \
3194			ecdh-sha2-nistp384 \
3195			ecdsa-sha2-nistp384-cert-v01@openssh.com"
3196	fi
3197	if test x$enable_nistp521 = x1; then
3198		AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3199	else
3200		unsupported_algorithms="$unsupported_algorithms \
3201			ecdh-sha2-nistp521 \
3202			ecdsa-sha2-nistp521 \
3203			ecdsa-sha2-nistp521-cert-v01@openssh.com"
3204	fi
3205
3206	# Check libcrypto ED25519 support
3207	AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key])
3208	AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key])
3209	AC_MSG_CHECKING([whether OpenSSL has ED25519 support])
3210	AC_LINK_IFELSE(
3211		[AC_LANG_PROGRAM([[
3212	#include <string.h>
3213	#include <openssl/evp.h>
3214		]], [[
3215		unsigned char buf[64];
3216		memset(buf, 0, sizeof(buf));
3217		exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519,
3218		    buf, sizeof(buf)) == NULL);
3219		]])],
3220		[
3221			AC_MSG_RESULT([yes])
3222			AC_DEFINE([OPENSSL_HAS_ED25519], [1],
3223			    [libcrypto has ed25519 support])
3224		],
3225		[
3226			AC_MSG_RESULT([no])
3227		]
3228	)
3229fi
3230
3231# PKCS11/U2F depend on OpenSSL and dlopen().
3232enable_pkcs11=yes
3233enable_sk=yes
3234if test "x$openssl" != "xyes" ; then
3235	enable_pkcs11="disabled; missing libcrypto"
3236fi
3237if test "x$ac_cv_func_dlopen" != "xyes" ; then
3238	enable_pkcs11="disabled; missing dlopen(3)"
3239	enable_sk="disabled; missing dlopen(3)"
3240fi
3241if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3242	enable_pkcs11="disabled; missing RTLD_NOW"
3243	enable_sk="disabled; missing RTLD_NOW"
3244fi
3245if test ! -z "$disable_pkcs11" ; then
3246	enable_pkcs11="disabled by user"
3247fi
3248if test ! -z "$disable_sk" ; then
3249	enable_sk="disabled by user"
3250fi
3251
3252AC_MSG_CHECKING([whether to enable PKCS11])
3253if test "x$enable_pkcs11" = "xyes" ; then
3254	AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3255fi
3256AC_MSG_RESULT([$enable_pkcs11])
3257
3258AC_MSG_CHECKING([whether to enable U2F])
3259if test "x$enable_sk" = "xyes" ; then
3260	AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3261	AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3262else
3263	# Do not try to build sk-dummy library.
3264	AC_SUBST(SK_DUMMY_LIBRARY, [""])
3265fi
3266AC_MSG_RESULT([$enable_sk])
3267
3268# Now check for built-in security key support.
3269if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3270	use_pkgconfig_for_libfido2=
3271	if test "x$PKGCONFIG" != "xno"; then
3272		AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3273		if "$PKGCONFIG" libfido2; then
3274			AC_MSG_RESULT([yes])
3275			use_pkgconfig_for_libfido2=yes
3276		else
3277			AC_MSG_RESULT([no])
3278		fi
3279	fi
3280	if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3281		LIBFIDO2=`$PKGCONFIG --libs libfido2`
3282		CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3283	else
3284		LIBFIDO2="-lprivatefido2 -lprivatecbor"
3285	fi
3286	OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3287	fido2_error=
3288	AC_CHECK_LIB([privatefido2], [fido_init],
3289		[ ],
3290		[ fido2_error="missing/unusable libfido2" ],
3291		[ $OTHERLIBS ]
3292	)
3293	AC_CHECK_HEADER([fido.h], [],
3294		[ fido2_error="missing fido.h from libfido2" ])
3295	AC_CHECK_HEADER([fido/credman.h], [],
3296		[ fido2_error="missing fido/credman.h from libfido2" ],
3297		[ #include <fido.h> ]
3298	)
3299	AC_MSG_CHECKING([for usable libfido2 installation])
3300	if test ! -z "$fido2_error" ; then
3301		AC_MSG_RESULT([$fido2_error])
3302		if test "x$enable_sk_internal" = "xyes" ; then
3303			AC_MSG_ERROR([No usable libfido2 library/headers found])
3304		fi
3305		LIBFIDO2=""
3306	else
3307		AC_MSG_RESULT([yes])
3308		AC_SUBST([LIBFIDO2])
3309		AC_DEFINE([ENABLE_SK_INTERNAL], [],
3310		    [Enable for built-in U2F/FIDO support])
3311		enable_sk="built-in"
3312		saved_LIBS="$LIBS"
3313		LIBS="$LIBFIDO2 $LIBS"
3314		AC_CHECK_FUNCS([ \
3315			fido_assert_set_clientdata \
3316			fido_cred_prot \
3317			fido_cred_set_prot \
3318			fido_cred_set_clientdata \
3319			fido_dev_get_touch_begin \
3320			fido_dev_get_touch_status \
3321			fido_dev_supports_cred_prot \
3322			fido_dev_is_winhello \
3323		])
3324		LIBS="$saved_LIBS"
3325	fi
3326fi
3327
3328AC_CHECK_FUNCS([ \
3329	arc4random \
3330	arc4random_buf \
3331	arc4random_stir \
3332	arc4random_uniform \
3333])
3334### Configure cryptographic random number support
3335
3336# Check whether OpenSSL seeds itself
3337if test "x$openssl" = "xyes" ; then
3338	AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3339	AC_RUN_IFELSE(
3340		[AC_LANG_PROGRAM([[
3341	#include <stdlib.h>
3342	#include <string.h>
3343	#include <openssl/rand.h>
3344		]], [[
3345		exit(RAND_status() == 1 ? 0 : 1);
3346		]])],
3347		[
3348			OPENSSL_SEEDS_ITSELF=yes
3349			AC_MSG_RESULT([yes])
3350		],
3351		[
3352			AC_MSG_RESULT([no])
3353		],
3354		[
3355			AC_MSG_WARN([cross compiling: assuming yes])
3356			# This is safe, since we will fatal() at runtime if
3357			# OpenSSL is not seeded correctly.
3358			OPENSSL_SEEDS_ITSELF=yes
3359		]
3360	)
3361fi
3362
3363# PRNGD TCP socket
3364AC_ARG_WITH([prngd-port],
3365	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
3366	[
3367		case "$withval" in
3368		no)
3369			withval=""
3370			;;
3371		[[0-9]]*)
3372			;;
3373		*)
3374			AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3375			;;
3376		esac
3377		if test ! -z "$withval" ; then
3378			PRNGD_PORT="$withval"
3379			AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3380				[Port number of PRNGD/EGD random number socket])
3381		fi
3382	]
3383)
3384
3385# PRNGD Unix domain socket
3386AC_ARG_WITH([prngd-socket],
3387	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3388	[
3389		case "$withval" in
3390		yes)
3391			withval="/var/run/egd-pool"
3392			;;
3393		no)
3394			withval=""
3395			;;
3396		/*)
3397			;;
3398		*)
3399			AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3400			;;
3401		esac
3402
3403		if test ! -z "$withval" ; then
3404			if test ! -z "$PRNGD_PORT" ; then
3405				AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3406			fi
3407			if test ! -r "$withval" ; then
3408				AC_MSG_WARN([Entropy socket is not readable])
3409			fi
3410			PRNGD_SOCKET="$withval"
3411			AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3412				[Location of PRNGD/EGD random number socket])
3413		fi
3414	],
3415	[
3416		# Check for existing socket only if we don't have a random device already
3417		if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3418			AC_MSG_CHECKING([for PRNGD/EGD socket])
3419			# Insert other locations here
3420			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3421				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3422					PRNGD_SOCKET="$sock"
3423					AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3424					break;
3425				fi
3426			done
3427			if test ! -z "$PRNGD_SOCKET" ; then
3428				AC_MSG_RESULT([$PRNGD_SOCKET])
3429			else
3430				AC_MSG_RESULT([not found])
3431			fi
3432		fi
3433	]
3434)
3435
3436# Which randomness source do we use?
3437if test ! -z "$PRNGD_PORT" ; then
3438	RAND_MSG="PRNGd port $PRNGD_PORT"
3439elif test ! -z "$PRNGD_SOCKET" ; then
3440	RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3441elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3442	AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3443		[Define if you want the OpenSSL internally seeded PRNG only])
3444	RAND_MSG="OpenSSL internal ONLY"
3445elif test "x$openssl" = "xno" ; then
3446	AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3447else
3448	AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3449fi
3450LIBS="$nocrypto_saved_LIBS"
3451
3452saved_LIBS="$LIBS"
3453AC_CHECK_LIB([iaf], [ia_openinfo], [
3454	LIBS="$LIBS -liaf"
3455	AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3456				AC_DEFINE([HAVE_LIBIAF], [1],
3457			[Define if system has libiaf that supports set_id])
3458				])
3459])
3460LIBS="$saved_LIBS"
3461
3462# Check for crypt() in libcrypt.  If we have it, we only need it for sshd.
3463saved_LIBS="$LIBS"
3464AC_CHECK_LIB([crypt], [crypt], [
3465	LIBS="-lcrypt $LIBS"
3466	SSHDLIBS="-lcrypt $SSHDLIBS"
3467])
3468AC_CHECK_FUNCS([crypt])
3469LIBS="$saved_LIBS"
3470
3471# Check for PAM libs
3472PAM_MSG="no"
3473AC_ARG_WITH([pam],
3474	[  --with-pam              Enable PAM support ],
3475	[
3476		if test "x$withval" != "xno" ; then
3477			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3478			   test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3479				AC_MSG_ERROR([PAM headers not found])
3480			fi
3481
3482			saved_LIBS="$LIBS"
3483			AC_CHECK_LIB([dl], [dlopen], , )
3484			AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3485			AC_CHECK_FUNCS([pam_getenvlist])
3486			AC_CHECK_FUNCS([pam_putenv])
3487			LIBS="$saved_LIBS"
3488
3489			PAM_MSG="yes"
3490
3491			SSHDLIBS="$SSHDLIBS -lpam"
3492			AC_DEFINE([USE_PAM], [1],
3493				[Define if you want to enable PAM support])
3494
3495			if test $ac_cv_lib_dl_dlopen = yes; then
3496				case "$LIBS" in
3497				*-ldl*)
3498					# libdl already in LIBS
3499					;;
3500				*)
3501					SSHDLIBS="$SSHDLIBS -ldl"
3502					;;
3503				esac
3504			fi
3505		fi
3506	]
3507)
3508
3509AC_ARG_WITH([pam-service],
3510	[  --with-pam-service=name Specify PAM service name ],
3511	[
3512		if test "x$withval" != "xno" && \
3513		   test "x$withval" != "xyes" ; then
3514			AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3515				["$withval"], [sshd PAM service name])
3516		fi
3517	]
3518)
3519
3520# Check for older PAM
3521if test "x$PAM_MSG" = "xyes" ; then
3522	# Check PAM strerror arguments (old PAM)
3523	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3524	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3525#include <stdlib.h>
3526#if defined(HAVE_SECURITY_PAM_APPL_H)
3527#include <security/pam_appl.h>
3528#elif defined (HAVE_PAM_PAM_APPL_H)
3529#include <pam/pam_appl.h>
3530#endif
3531		]], [[
3532(void)pam_strerror((pam_handle_t *)NULL, -1);
3533		]])], [AC_MSG_RESULT([no])], [
3534			AC_DEFINE([HAVE_OLD_PAM], [1],
3535				[Define if you have an old version of PAM
3536				which takes only one argument to pam_strerror])
3537			AC_MSG_RESULT([yes])
3538			PAM_MSG="yes (old library)"
3539
3540	])
3541fi
3542
3543case "$host" in
3544*-*-cygwin*)
3545	SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3546	;;
3547*)
3548	SSH_PRIVSEP_USER=sshd
3549	;;
3550esac
3551AC_ARG_WITH([privsep-user],
3552	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
3553	[
3554		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3555		    test "x${withval}" != "xyes"; then
3556			SSH_PRIVSEP_USER=$withval
3557		fi
3558	]
3559)
3560if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3561	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3562		[Cygwin function to fetch non-privileged user for privilege separation])
3563else
3564	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3565		[non-privileged user for privilege separation])
3566fi
3567AC_SUBST([SSH_PRIVSEP_USER])
3568
3569if test "x$have_linux_no_new_privs" = "x1" ; then
3570AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3571	#include <sys/types.h>
3572	#include <linux/seccomp.h>
3573])
3574fi
3575if test "x$have_seccomp_filter" = "x1" ; then
3576AC_MSG_CHECKING([kernel for seccomp_filter support])
3577AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3578		#include <errno.h>
3579		#include <elf.h>
3580		#include <linux/audit.h>
3581		#include <linux/seccomp.h>
3582		#include <stdlib.h>
3583		#include <sys/prctl.h>
3584	]],
3585	[[ int i = $seccomp_audit_arch;
3586	   errno = 0;
3587	   prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3588	   exit(errno == EFAULT ? 0 : 1); ]])],
3589	[ AC_MSG_RESULT([yes]) ], [
3590		AC_MSG_RESULT([no])
3591		# Disable seccomp filter as a target
3592		have_seccomp_filter=0
3593	]
3594)
3595fi
3596
3597AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
3598#include <sys/types.h>
3599#ifdef HAVE_POLL_H
3600#include <poll.h>
3601#endif
3602#ifdef HAVE_SYS_POLL_H
3603#include <sys/poll.h>
3604#endif
3605]])
3606
3607AC_CHECK_TYPES([nfds_t], , , [
3608#include <sys/types.h>
3609#ifdef HAVE_POLL_H
3610#include <poll.h>
3611#endif
3612#ifdef HAVE_SYS_POLL_H
3613#include <sys/poll.h>
3614#endif
3615])
3616
3617# Decide which sandbox style to use
3618sandbox_arg=""
3619AC_ARG_WITH([sandbox],
3620	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3621	[
3622		if test "x$withval" = "xyes" ; then
3623			sandbox_arg=""
3624		else
3625			sandbox_arg="$withval"
3626		fi
3627	]
3628)
3629
3630if test "x$sandbox_arg" != "xno"; then
3631# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
3632# is greater than OPEN_MAX".  On some platforms that includes implementions
3633# of select in userspace on top of poll() so check both work with rlimit
3634# NOFILES so check that both work before enabling the rlimit sandbox.
3635    AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
3636    AC_RUN_IFELSE(
3637	[AC_LANG_PROGRAM([[
3638#include <sys/types.h>
3639#ifdef HAVE_SYS_TIME_H
3640# include <sys/time.h>
3641#endif
3642#include <sys/resource.h>
3643#ifdef HAVE_SYS_SELECT_H
3644# include <sys/select.h>
3645#endif
3646#ifdef HAVE_POLL_H
3647# include <poll.h>
3648#elif HAVE_SYS_POLL_H
3649# include <sys/poll.h>
3650#endif
3651#include <errno.h>
3652#include <fcntl.h>
3653#include <stdlib.h>
3654	]],[[
3655	struct rlimit rl_zero;
3656	int fd, r;
3657	fd_set fds;
3658	struct timeval tv;
3659#ifdef HAVE_POLL
3660	struct pollfd pfd;
3661#endif
3662
3663	fd = open("/dev/null", O_RDONLY);
3664	FD_ZERO(&fds);
3665	FD_SET(fd, &fds);
3666	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3667	setrlimit(RLIMIT_FSIZE, &rl_zero);
3668	setrlimit(RLIMIT_NOFILE, &rl_zero);
3669	tv.tv_sec = 1;
3670	tv.tv_usec = 0;
3671	r = select(fd+1, &fds, NULL, NULL, &tv);
3672	if (r == -1)
3673		exit(1);
3674#ifdef HAVE_POLL
3675	pfd.fd = fd;
3676	pfd.events = POLLIN;
3677	r = poll(&pfd, 1, 1);
3678	if (r == -1)
3679		exit(2);
3680#endif
3681	exit(0);
3682	]])],
3683	[AC_MSG_RESULT([yes])
3684	 select_works_with_rlimit=yes],
3685	[AC_MSG_RESULT([no])
3686	 select_works_with_rlimit=no],
3687	[AC_MSG_WARN([cross compiling: assuming no])
3688	 select_works_with_rlimit=no]
3689    )
3690
3691    AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3692    AC_RUN_IFELSE(
3693	[AC_LANG_PROGRAM([[
3694#include <sys/types.h>
3695#ifdef HAVE_SYS_TIME_H
3696# include <sys/time.h>
3697#endif
3698#include <sys/resource.h>
3699#include <errno.h>
3700#include <stdlib.h>
3701	]],[[
3702	struct rlimit rl_zero;
3703	int r;
3704
3705	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3706	r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3707	exit (r == -1 ? 1 : 0);
3708	]])],
3709	[AC_MSG_RESULT([yes])
3710	 rlimit_nofile_zero_works=yes],
3711	[AC_MSG_RESULT([no])
3712	 rlimit_nofile_zero_works=no],
3713	[AC_MSG_WARN([cross compiling: assuming yes])
3714	 rlimit_nofile_zero_works=yes]
3715    )
3716
3717    AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3718    AC_RUN_IFELSE(
3719	[AC_LANG_PROGRAM([[
3720#include <sys/types.h>
3721#include <sys/resource.h>
3722#include <stdlib.h>
3723	]],[[
3724		struct rlimit rl_zero;
3725
3726		rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3727		exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3728	]])],
3729	[AC_MSG_RESULT([yes])],
3730	[AC_MSG_RESULT([no])
3731	 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3732	    [setrlimit RLIMIT_FSIZE works])],
3733	[AC_MSG_WARN([cross compiling: assuming yes])]
3734    )
3735fi
3736
3737if test "x$sandbox_arg" = "xpledge" || \
3738   ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3739	test "x$ac_cv_func_pledge" != "xyes" && \
3740		AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3741	SANDBOX_STYLE="pledge"
3742	AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3743elif test "x$sandbox_arg" = "xsystrace" || \
3744   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3745	test "x$have_systr_policy_kill" != "x1" && \
3746		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3747	SANDBOX_STYLE="systrace"
3748	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3749elif test "x$sandbox_arg" = "xdarwin" || \
3750     ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3751       test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3752	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3753	     "x$ac_cv_header_sandbox_h" != "xyes" && \
3754		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3755	SANDBOX_STYLE="darwin"
3756	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3757elif test "x$sandbox_arg" = "xseccomp_filter" || \
3758     ( test -z "$sandbox_arg" && \
3759       test "x$have_seccomp_filter" = "x1" && \
3760       test "x$ac_cv_header_elf_h" = "xyes" && \
3761       test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3762       test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3763       test "x$seccomp_audit_arch" != "x" && \
3764       test "x$have_linux_no_new_privs" = "x1" && \
3765       test "x$ac_cv_func_prctl" = "xyes" ) ; then
3766	test "x$seccomp_audit_arch" = "x" && \
3767		AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3768	test "x$have_linux_no_new_privs" != "x1" && \
3769		AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3770	test "x$have_seccomp_filter" != "x1" && \
3771		AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3772	test "x$ac_cv_func_prctl" != "xyes" && \
3773		AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3774	SANDBOX_STYLE="seccomp_filter"
3775	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3776elif test "x$sandbox_arg" = "xcapsicum" || \
3777     ( test -z "$sandbox_arg" && \
3778       test "x$disable_capsicum" != "xyes" && \
3779       test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3780       test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3781       test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3782		AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3783       test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3784		AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3785       SANDBOX_STYLE="capsicum"
3786       AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3787elif test "x$sandbox_arg" = "xrlimit" || \
3788     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3789       test "x$select_works_with_rlimit" = "xyes" && \
3790       test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3791	test "x$ac_cv_func_setrlimit" != "xyes" && \
3792		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3793	test "x$select_works_with_rlimit" != "xyes" && \
3794		AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3795	SANDBOX_STYLE="rlimit"
3796	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3797elif test "x$sandbox_arg" = "xsolaris" || \
3798   ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3799	SANDBOX_STYLE="solaris"
3800	AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3801elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3802     test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3803	SANDBOX_STYLE="none"
3804	AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3805else
3806	AC_MSG_ERROR([unsupported --with-sandbox])
3807fi
3808
3809# Cheap hack to ensure NEWS-OS libraries are arranged right.
3810if test ! -z "$SONY" ; then
3811  LIBS="$LIBS -liberty";
3812fi
3813
3814# Check for long long datatypes
3815AC_CHECK_TYPES([long long, unsigned long long, long double])
3816
3817# Check datatype sizes
3818AC_CHECK_SIZEOF([short int])
3819AC_CHECK_SIZEOF([int])
3820AC_CHECK_SIZEOF([long int])
3821AC_CHECK_SIZEOF([long long int])
3822AC_CHECK_SIZEOF([time_t], [], [[
3823    #include <sys/types.h>
3824    #ifdef HAVE_SYS_TIME_H
3825    # include <sys/time.h>
3826    #endif
3827    #ifdef HAVE_TIME_H
3828    # include <time.h>
3829    #endif
3830	]]
3831)
3832
3833# Sanity check long long for some platforms (AIX)
3834if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3835	ac_cv_sizeof_long_long_int=0
3836fi
3837
3838# compute LLONG_MIN and LLONG_MAX if we don't know them.
3839if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3840	AC_MSG_CHECKING([for max value of long long])
3841	AC_RUN_IFELSE(
3842		[AC_LANG_PROGRAM([[
3843#include <stdio.h>
3844#include <stdlib.h>
3845/* Why is this so damn hard? */
3846#ifdef __GNUC__
3847# undef __GNUC__
3848#endif
3849#define __USE_ISOC99
3850#include <limits.h>
3851#define DATA "conftest.llminmax"
3852#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3853
3854/*
3855 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3856 * we do this the hard way.
3857 */
3858static int
3859fprint_ll(FILE *f, long long n)
3860{
3861	unsigned int i;
3862	int l[sizeof(long long) * 8];
3863
3864	if (n < 0)
3865		if (fprintf(f, "-") < 0)
3866			return -1;
3867	for (i = 0; n != 0; i++) {
3868		l[i] = my_abs(n % 10);
3869		n /= 10;
3870	}
3871	do {
3872		if (fprintf(f, "%d", l[--i]) < 0)
3873			return -1;
3874	} while (i != 0);
3875	if (fprintf(f, " ") < 0)
3876		return -1;
3877	return 0;
3878}
3879		]], [[
3880	FILE *f;
3881	long long i, llmin, llmax = 0;
3882
3883	if((f = fopen(DATA,"w")) == NULL)
3884		exit(1);
3885
3886#if defined(LLONG_MIN) && defined(LLONG_MAX)
3887	fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3888	llmin = LLONG_MIN;
3889	llmax = LLONG_MAX;
3890#else
3891	fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
3892	/* This will work on one's complement and two's complement */
3893	for (i = 1; i > llmax; i <<= 1, i++)
3894		llmax = i;
3895	llmin = llmax + 1LL;	/* wrap */
3896#endif
3897
3898	/* Sanity check */
3899	if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3900	    || llmax - 1 > llmax || llmin == llmax || llmin == 0
3901	    || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3902		fprintf(f, "unknown unknown\n");
3903		exit(2);
3904	}
3905
3906	if (fprint_ll(f, llmin) < 0)
3907		exit(3);
3908	if (fprint_ll(f, llmax) < 0)
3909		exit(4);
3910	if (fclose(f) < 0)
3911		exit(5);
3912	exit(0);
3913		]])],
3914		[
3915			llong_min=`$AWK '{print $1}' conftest.llminmax`
3916			llong_max=`$AWK '{print $2}' conftest.llminmax`
3917
3918			AC_MSG_RESULT([$llong_max])
3919			AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3920			    [max value of long long calculated by configure])
3921			AC_MSG_CHECKING([for min value of long long])
3922			AC_MSG_RESULT([$llong_min])
3923			AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3924			    [min value of long long calculated by configure])
3925		],
3926		[
3927			AC_MSG_RESULT([not found])
3928		],
3929		[
3930			AC_MSG_WARN([cross compiling: not checking])
3931		]
3932	)
3933fi
3934
3935AC_CHECK_DECLS([UINT32_MAX], , , [[
3936#ifdef HAVE_SYS_LIMITS_H
3937# include <sys/limits.h>
3938#endif
3939#ifdef HAVE_LIMITS_H
3940# include <limits.h>
3941#endif
3942#ifdef HAVE_STDINT_H
3943# include <stdint.h>
3944#endif
3945]])
3946
3947# More checks for data types
3948AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3949	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3950	[[ u_int a; a = 1;]])],
3951	[ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3952	])
3953])
3954if test "x$ac_cv_have_u_int" = "xyes" ; then
3955	AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3956	have_u_int=1
3957fi
3958
3959AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3960	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3961	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3962	[ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3963	])
3964])
3965if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3966	AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3967	have_intxx_t=1
3968fi
3969
3970if (test -z "$have_intxx_t" && \
3971	   test "x$ac_cv_header_stdint_h" = "xyes")
3972then
3973    AC_MSG_CHECKING([for intXX_t types in stdint.h])
3974	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3975	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3976		[
3977			AC_DEFINE([HAVE_INTXX_T])
3978			AC_MSG_RESULT([yes])
3979		], [ AC_MSG_RESULT([no])
3980	])
3981fi
3982
3983AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3984	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3985#include <sys/types.h>
3986#ifdef HAVE_STDINT_H
3987# include <stdint.h>
3988#endif
3989#include <sys/socket.h>
3990#ifdef HAVE_SYS_BITYPES_H
3991# include <sys/bitypes.h>
3992#endif
3993		]], [[
3994int64_t a; a = 1;
3995		]])],
3996	[ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3997	])
3998])
3999if test "x$ac_cv_have_int64_t" = "xyes" ; then
4000	AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
4001fi
4002
4003AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
4004	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4005	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
4006	[ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
4007	])
4008])
4009if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
4010	AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
4011	have_u_intxx_t=1
4012fi
4013
4014if test -z "$have_u_intxx_t" ; then
4015    AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
4016	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
4017	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
4018		[
4019			AC_DEFINE([HAVE_U_INTXX_T])
4020			AC_MSG_RESULT([yes])
4021		], [ AC_MSG_RESULT([no])
4022	])
4023fi
4024
4025AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
4026	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4027	[[ u_int64_t a; a = 1;]])],
4028	[ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
4029	])
4030])
4031if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
4032	AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
4033	have_u_int64_t=1
4034fi
4035
4036if (test -z "$have_u_int64_t" && \
4037	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4038then
4039    AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
4040	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
4041	[[ u_int64_t a; a = 1]])],
4042		[
4043			AC_DEFINE([HAVE_U_INT64_T])
4044			AC_MSG_RESULT([yes])
4045		], [ AC_MSG_RESULT([no])
4046	])
4047fi
4048
4049if test -z "$have_u_intxx_t" ; then
4050	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
4051		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4052#include <sys/types.h>
4053			]], [[
4054	uint8_t a;
4055	uint16_t b;
4056	uint32_t c;
4057	a = b = c = 1;
4058			]])],
4059		[ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
4060		])
4061	])
4062	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
4063		AC_DEFINE([HAVE_UINTXX_T], [1],
4064			[define if you have uintxx_t data type])
4065	fi
4066fi
4067
4068if (test -z "$have_uintxx_t" && \
4069	   test "x$ac_cv_header_stdint_h" = "xyes")
4070then
4071    AC_MSG_CHECKING([for uintXX_t types in stdint.h])
4072	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
4073	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4074		[
4075			AC_DEFINE([HAVE_UINTXX_T])
4076			AC_MSG_RESULT([yes])
4077		], [ AC_MSG_RESULT([no])
4078	])
4079fi
4080
4081if (test -z "$have_uintxx_t" && \
4082	   test "x$ac_cv_header_inttypes_h" = "xyes")
4083then
4084    AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
4085	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
4086	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4087		[
4088			AC_DEFINE([HAVE_UINTXX_T])
4089			AC_MSG_RESULT([yes])
4090		], [ AC_MSG_RESULT([no])
4091	])
4092fi
4093
4094if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4095	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4096then
4097	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
4098	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4099#include <sys/bitypes.h>
4100		]], [[
4101			int8_t a; int16_t b; int32_t c;
4102			u_int8_t e; u_int16_t f; u_int32_t g;
4103			a = b = c = e = f = g = 1;
4104		]])],
4105		[
4106			AC_DEFINE([HAVE_U_INTXX_T])
4107			AC_DEFINE([HAVE_INTXX_T])
4108			AC_MSG_RESULT([yes])
4109		], [AC_MSG_RESULT([no])
4110	])
4111fi
4112
4113
4114AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
4115	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4116	[[ u_char foo; foo = 125; ]])],
4117	[ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
4118	])
4119])
4120if test "x$ac_cv_have_u_char" = "xyes" ; then
4121	AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
4122fi
4123
4124AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
4125#include <sys/types.h>
4126#ifdef HAVE_STDINT_H
4127# include <stdint.h>
4128#endif
4129])
4130
4131TYPE_SOCKLEN_T
4132
4133AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
4134AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
4135#include <sys/types.h>
4136#ifdef HAVE_SYS_BITYPES_H
4137#include <sys/bitypes.h>
4138#endif
4139#ifdef HAVE_SYS_STATFS_H
4140#include <sys/statfs.h>
4141#endif
4142#ifdef HAVE_SYS_STATVFS_H
4143#include <sys/statvfs.h>
4144#endif
4145])
4146
4147AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
4148#include <sys/param.h>
4149#include <sys/types.h>
4150#ifdef HAVE_SYS_BITYPES_H
4151#include <sys/bitypes.h>
4152#endif
4153#ifdef HAVE_SYS_STATFS_H
4154#include <sys/statfs.h>
4155#endif
4156#ifdef HAVE_SYS_STATVFS_H
4157#include <sys/statvfs.h>
4158#endif
4159#ifdef HAVE_SYS_VFS_H
4160#include <sys/vfs.h>
4161#endif
4162#ifdef HAVE_SYS_MOUNT_H
4163#include <sys/mount.h>
4164#endif
4165]])
4166
4167
4168AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
4169[#include <sys/types.h>
4170#include <netinet/in.h>])
4171
4172AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
4173	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4174	[[ size_t foo; foo = 1235; ]])],
4175	[ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
4176	])
4177])
4178if test "x$ac_cv_have_size_t" = "xyes" ; then
4179	AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
4180fi
4181
4182AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
4183	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4184	[[ ssize_t foo; foo = 1235; ]])],
4185	[ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
4186	])
4187])
4188if test "x$ac_cv_have_ssize_t" = "xyes" ; then
4189	AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
4190fi
4191
4192AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
4193	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
4194	[[ clock_t foo; foo = 1235; ]])],
4195	[ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
4196	])
4197])
4198if test "x$ac_cv_have_clock_t" = "xyes" ; then
4199	AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
4200fi
4201
4202AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
4203	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4204#include <sys/types.h>
4205#include <sys/socket.h>
4206		]], [[ sa_family_t foo; foo = 1235; ]])],
4207	[ ac_cv_have_sa_family_t="yes" ],
4208	[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4209#include <sys/types.h>
4210#include <sys/socket.h>
4211#include <netinet/in.h>
4212		]], [[ sa_family_t foo; foo = 1235; ]])],
4213		[ ac_cv_have_sa_family_t="yes" ],
4214		[ ac_cv_have_sa_family_t="no" ]
4215	)
4216	])
4217])
4218if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
4219	AC_DEFINE([HAVE_SA_FAMILY_T], [1],
4220		[define if you have sa_family_t data type])
4221fi
4222
4223AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
4224	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4225	[[ pid_t foo; foo = 1235; ]])],
4226	[ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
4227	])
4228])
4229if test "x$ac_cv_have_pid_t" = "xyes" ; then
4230	AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
4231fi
4232
4233AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
4234	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4235	[[ mode_t foo; foo = 1235; ]])],
4236	[ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
4237	])
4238])
4239if test "x$ac_cv_have_mode_t" = "xyes" ; then
4240	AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
4241fi
4242
4243
4244AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
4245	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4246#include <sys/types.h>
4247#include <sys/socket.h>
4248		]], [[ struct sockaddr_storage s; ]])],
4249	[ ac_cv_have_struct_sockaddr_storage="yes" ],
4250	[ ac_cv_have_struct_sockaddr_storage="no"
4251	])
4252])
4253if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
4254	AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
4255		[define if you have struct sockaddr_storage data type])
4256fi
4257
4258AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
4259	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4260#include <sys/types.h>
4261#include <netinet/in.h>
4262		]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
4263	[ ac_cv_have_struct_sockaddr_in6="yes" ],
4264	[ ac_cv_have_struct_sockaddr_in6="no"
4265	])
4266])
4267if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
4268	AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
4269		[define if you have struct sockaddr_in6 data type])
4270fi
4271
4272AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4273	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4274#include <sys/types.h>
4275#include <netinet/in.h>
4276		]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4277	[ ac_cv_have_struct_in6_addr="yes" ],
4278	[ ac_cv_have_struct_in6_addr="no"
4279	])
4280])
4281if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4282	AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4283		[define if you have struct in6_addr data type])
4284
4285dnl Now check for sin6_scope_id
4286	AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4287		[
4288#ifdef HAVE_SYS_TYPES_H
4289#include <sys/types.h>
4290#endif
4291#include <netinet/in.h>
4292		])
4293fi
4294
4295AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4296	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4297#include <sys/types.h>
4298#include <sys/socket.h>
4299#include <netdb.h>
4300		]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4301	[ ac_cv_have_struct_addrinfo="yes" ],
4302	[ ac_cv_have_struct_addrinfo="no"
4303	])
4304])
4305if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4306	AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4307		[define if you have struct addrinfo data type])
4308fi
4309
4310AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4311	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4312	[[ struct timeval tv; tv.tv_sec = 1;]])],
4313	[ ac_cv_have_struct_timeval="yes" ],
4314	[ ac_cv_have_struct_timeval="no"
4315	])
4316])
4317if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4318	AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4319	have_struct_timeval=1
4320fi
4321
4322AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4323	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4324    #ifdef HAVE_SYS_TIME_H
4325    # include <sys/time.h>
4326    #endif
4327    #ifdef HAVE_TIME_H
4328    # include <time.h>
4329    #endif
4330	]],
4331	[[ struct timespec ts; ts.tv_sec = 1;]])],
4332	[ ac_cv_have_struct_timespec="yes" ],
4333	[ ac_cv_have_struct_timespec="no"
4334	])
4335])
4336if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4337	AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4338	have_struct_timespec=1
4339fi
4340
4341# We need int64_t or else certain parts of the compile will fail.
4342if test "x$ac_cv_have_int64_t" = "xno" && \
4343	test "x$ac_cv_sizeof_long_int" != "x8" && \
4344	test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4345	echo "OpenSSH requires int64_t support.  Contact your vendor or install"
4346	echo "an alternative compiler (I.E., GCC) before continuing."
4347	echo ""
4348	exit 1;
4349else
4350dnl test snprintf (broken on SCO w/gcc)
4351	AC_RUN_IFELSE(
4352		[AC_LANG_SOURCE([[
4353#include <stdio.h>
4354#include <stdlib.h>
4355#include <string.h>
4356#ifdef HAVE_SNPRINTF
4357int main(void)
4358{
4359	char buf[50];
4360	char expected_out[50];
4361	int mazsize = 50 ;
4362#if (SIZEOF_LONG_INT == 8)
4363	long int num = 0x7fffffffffffffff;
4364#else
4365	long long num = 0x7fffffffffffffffll;
4366#endif
4367	strcpy(expected_out, "9223372036854775807");
4368	snprintf(buf, mazsize, "%lld", num);
4369	if(strcmp(buf, expected_out) != 0)
4370		exit(1);
4371	exit(0);
4372}
4373#else
4374int main(void) { exit(0); }
4375#endif
4376		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4377		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4378	)
4379fi
4380
4381dnl Checks for structure members
4382OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4383OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4384OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4385OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4386OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4387OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4388OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4389OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4390OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4391OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4392OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4393OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4394OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4395OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4396OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4397OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4398OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4399OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
4400
4401AC_CHECK_MEMBERS([struct stat.st_blksize])
4402AC_CHECK_MEMBERS([struct stat.st_mtim])
4403AC_CHECK_MEMBERS([struct stat.st_mtime])
4404AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4405struct passwd.pw_change, struct passwd.pw_expire],
4406[], [], [[
4407#include <sys/types.h>
4408#include <pwd.h>
4409]])
4410
4411AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4412	[Define if we don't have struct __res_state in resolv.h])],
4413[[
4414#include <stdio.h>
4415#if HAVE_SYS_TYPES_H
4416# include <sys/types.h>
4417#endif
4418#include <netinet/in.h>
4419#include <arpa/nameser.h>
4420#include <resolv.h>
4421]])
4422
4423AC_CHECK_MEMBER([struct sockaddr_in.sin_len],
4424    [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])],
4425    [],
4426    [AC_LANG_SOURCE([[
4427#include <sys/types.h>
4428#include <sys/socket.h>
4429#include <netinet/in.h>
4430    ]])]
4431)
4432
4433AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4434		ac_cv_have_ss_family_in_struct_ss, [
4435	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4436#include <sys/types.h>
4437#include <sys/socket.h>
4438		]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4439	[ ac_cv_have_ss_family_in_struct_ss="yes" ],
4440	[ ac_cv_have_ss_family_in_struct_ss="no" ])
4441])
4442if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4443	AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4444fi
4445
4446AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4447		ac_cv_have___ss_family_in_struct_ss, [
4448	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4449#include <sys/types.h>
4450#include <sys/socket.h>
4451		]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4452	[ ac_cv_have___ss_family_in_struct_ss="yes" ],
4453	[ ac_cv_have___ss_family_in_struct_ss="no"
4454	])
4455])
4456if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4457	AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4458		[Fields in struct sockaddr_storage])
4459fi
4460
4461dnl make sure we're using the real structure members and not defines
4462AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4463		ac_cv_have_accrights_in_msghdr, [
4464	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4465#include <sys/types.h>
4466#include <sys/socket.h>
4467#include <sys/uio.h>
4468#include <stdlib.h>
4469		]], [[
4470#ifdef msg_accrights
4471#error "msg_accrights is a macro"
4472exit(1);
4473#endif
4474struct msghdr m;
4475m.msg_accrights = 0;
4476exit(0);
4477		]])],
4478		[ ac_cv_have_accrights_in_msghdr="yes" ],
4479		[ ac_cv_have_accrights_in_msghdr="no" ]
4480	)
4481])
4482if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4483	AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4484		[Define if your system uses access rights style
4485		file descriptor passing])
4486fi
4487
4488AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4489AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4490#include <sys/param.h>
4491#include <sys/stat.h>
4492#ifdef HAVE_SYS_TIME_H
4493# include <sys/time.h>
4494#endif
4495#ifdef HAVE_SYS_MOUNT_H
4496#include <sys/mount.h>
4497#endif
4498#ifdef HAVE_SYS_STATVFS_H
4499#include <sys/statvfs.h>
4500#endif
4501	]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4502	[ AC_MSG_RESULT([yes]) ],
4503	[ AC_MSG_RESULT([no])
4504
4505	AC_MSG_CHECKING([if fsid_t has member val])
4506	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4507#include <sys/types.h>
4508#include <sys/statvfs.h>
4509	]], [[ fsid_t t; t.val[0] = 0; ]])],
4510	[ AC_MSG_RESULT([yes])
4511	  AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4512	[ AC_MSG_RESULT([no]) ])
4513
4514	AC_MSG_CHECKING([if f_fsid has member __val])
4515	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4516#include <sys/types.h>
4517#include <sys/statvfs.h>
4518	]], [[ fsid_t t; t.__val[0] = 0; ]])],
4519	[ AC_MSG_RESULT([yes])
4520	  AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4521	[ AC_MSG_RESULT([no]) ])
4522])
4523
4524AC_CACHE_CHECK([for msg_control field in struct msghdr],
4525		ac_cv_have_control_in_msghdr, [
4526	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4527#include <sys/types.h>
4528#include <sys/socket.h>
4529#include <sys/uio.h>
4530#include <stdlib.h>
4531		]], [[
4532#ifdef msg_control
4533#error "msg_control is a macro"
4534exit(1);
4535#endif
4536struct msghdr m;
4537m.msg_control = 0;
4538exit(0);
4539		]])],
4540		[ ac_cv_have_control_in_msghdr="yes" ],
4541		[ ac_cv_have_control_in_msghdr="no" ]
4542	)
4543])
4544if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4545	AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4546		[Define if your system uses ancillary data style
4547		file descriptor passing])
4548fi
4549
4550AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4551	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4552		[[ extern char *__progname; printf("%s", __progname); ]])],
4553	[ ac_cv_libc_defines___progname="yes" ],
4554	[ ac_cv_libc_defines___progname="no"
4555	])
4556])
4557if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4558	AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4559fi
4560
4561AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4562	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4563		[[ printf("%s", __FUNCTION__); ]])],
4564	[ ac_cv_cc_implements___FUNCTION__="yes" ],
4565	[ ac_cv_cc_implements___FUNCTION__="no"
4566	])
4567])
4568if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4569	AC_DEFINE([HAVE___FUNCTION__], [1],
4570		[Define if compiler implements __FUNCTION__])
4571fi
4572
4573AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4574	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4575		[[ printf("%s", __func__); ]])],
4576	[ ac_cv_cc_implements___func__="yes" ],
4577	[ ac_cv_cc_implements___func__="no"
4578	])
4579])
4580if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4581	AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4582fi
4583
4584AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4585	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4586#include <stdarg.h>
4587va_list x,y;
4588		]], [[ va_copy(x,y); ]])],
4589	[ ac_cv_have_va_copy="yes" ],
4590	[ ac_cv_have_va_copy="no"
4591	])
4592])
4593if test "x$ac_cv_have_va_copy" = "xyes" ; then
4594	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4595fi
4596
4597AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4598	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4599#include <stdarg.h>
4600va_list x,y;
4601		]], [[ __va_copy(x,y); ]])],
4602	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4603	])
4604])
4605if test "x$ac_cv_have___va_copy" = "xyes" ; then
4606	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4607fi
4608
4609AC_CACHE_CHECK([whether getopt has optreset support],
4610		ac_cv_have_getopt_optreset, [
4611	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4612		[[ extern int optreset; optreset = 0; ]])],
4613	[ ac_cv_have_getopt_optreset="yes" ],
4614	[ ac_cv_have_getopt_optreset="no"
4615	])
4616])
4617if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4618	AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4619		[Define if your getopt(3) defines and uses optreset])
4620fi
4621
4622AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4623	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4624[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4625	[ ac_cv_libc_defines_sys_errlist="yes" ],
4626	[ ac_cv_libc_defines_sys_errlist="no"
4627	])
4628])
4629if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4630	AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4631		[Define if your system defines sys_errlist[]])
4632fi
4633
4634
4635AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4636	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4637[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4638	[ ac_cv_libc_defines_sys_nerr="yes" ],
4639	[ ac_cv_libc_defines_sys_nerr="no"
4640	])
4641])
4642if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4643	AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4644fi
4645
4646# Check libraries needed by DNS fingerprint support
4647AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4648	[AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4649		[Define if getrrsetbyname() exists])],
4650	[
4651		# Needed by our getrrsetbyname()
4652		AC_SEARCH_LIBS([res_query], [resolv])
4653		AC_SEARCH_LIBS([dn_expand], [resolv])
4654		AC_MSG_CHECKING([if res_query will link])
4655		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4656#include <sys/types.h>
4657#include <netinet/in.h>
4658#include <arpa/nameser.h>
4659#include <netdb.h>
4660#include <resolv.h>
4661				]], [[
4662	res_query (0, 0, 0, 0, 0);
4663				]])],
4664		    AC_MSG_RESULT([yes]),
4665		   [AC_MSG_RESULT([no])
4666		    saved_LIBS="$LIBS"
4667		    LIBS="$LIBS -lresolv"
4668		    AC_MSG_CHECKING([for res_query in -lresolv])
4669		    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4670#include <sys/types.h>
4671#include <netinet/in.h>
4672#include <arpa/nameser.h>
4673#include <netdb.h>
4674#include <resolv.h>
4675				]], [[
4676	res_query (0, 0, 0, 0, 0);
4677				]])],
4678			[AC_MSG_RESULT([yes])],
4679			[LIBS="$saved_LIBS"
4680			 AC_MSG_RESULT([no])])
4681		    ])
4682		AC_CHECK_FUNCS([_getshort _getlong])
4683		AC_CHECK_DECLS([_getshort, _getlong], , ,
4684		    [#include <sys/types.h>
4685		    #include <arpa/nameser.h>])
4686		AC_CHECK_MEMBER([HEADER.ad],
4687			[AC_DEFINE([HAVE_HEADER_AD], [1],
4688			    [Define if HEADER.ad exists in arpa/nameser.h])], ,
4689			[#include <arpa/nameser.h>])
4690	])
4691
4692AC_MSG_CHECKING([if struct __res_state _res is an extern])
4693AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4694#include <stdio.h>
4695#if HAVE_SYS_TYPES_H
4696# include <sys/types.h>
4697#endif
4698#include <netinet/in.h>
4699#include <arpa/nameser.h>
4700#include <resolv.h>
4701extern struct __res_state _res;
4702		]], [[
4703struct __res_state *volatile p = &_res;  /* force resolution of _res */
4704return 0;
4705		]],)],
4706		[AC_MSG_RESULT([yes])
4707		 AC_DEFINE([HAVE__RES_EXTERN], [1],
4708		    [Define if you have struct __res_state _res as an extern])
4709		],
4710		[ AC_MSG_RESULT([no]) ]
4711)
4712
4713# Check whether user wants SELinux support
4714SELINUX_MSG="no"
4715LIBSELINUX=""
4716AC_ARG_WITH([selinux],
4717	[  --with-selinux          Enable SELinux support],
4718	[ if test "x$withval" != "xno" ; then
4719		save_LIBS="$LIBS"
4720		AC_DEFINE([WITH_SELINUX], [1],
4721			[Define if you want SELinux support.])
4722		SELINUX_MSG="yes"
4723		AC_CHECK_HEADER([selinux/selinux.h], ,
4724			AC_MSG_ERROR([SELinux support requires selinux.h header]))
4725		AC_CHECK_LIB([selinux], [setexeccon],
4726			[ LIBSELINUX="-lselinux"
4727			  LIBS="$LIBS -lselinux"
4728			],
4729			AC_MSG_ERROR([SELinux support requires libselinux library]))
4730		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4731		LIBS="$save_LIBS $LIBSELINUX"
4732	fi ]
4733)
4734AC_SUBST([SSHDLIBS])
4735
4736# Check whether user wants Kerberos 5 support
4737KRB5_MSG="no"
4738AC_ARG_WITH([kerberos5],
4739	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
4740	[ if test "x$withval" != "xno" ; then
4741		if test "x$withval" = "xyes" ; then
4742			KRB5ROOT="/usr/local"
4743		else
4744			KRB5ROOT=${withval}
4745		fi
4746
4747		AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4748		KRB5_MSG="yes"
4749
4750		use_pkgconfig_for_krb5=
4751		if test "x$PKGCONFIG" != "xno"; then
4752			AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
4753			if "$PKGCONFIG" krb5; then
4754				AC_MSG_RESULT([yes])
4755				use_pkgconfig_for_krb5=yes
4756			else
4757				AC_MSG_RESULT([no])
4758			fi
4759		fi
4760		if test "x$use_pkgconfig_for_krb5" = "xyes"; then
4761			K5CFLAGS=`$PKGCONFIG --cflags krb5`
4762			K5LIBS=`$PKGCONFIG --libs krb5`
4763			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4764
4765			AC_MSG_CHECKING([for gssapi support])
4766			if "$PKGCONFIG" krb5-gssapi; then
4767				AC_MSG_RESULT([yes])
4768				AC_DEFINE([GSSAPI], [1],
4769					[Define this if you want GSSAPI
4770					support in the version 2 protocol])
4771				GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4772				GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4773				CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4774			else
4775				AC_MSG_RESULT([no])
4776			fi
4777			AC_MSG_CHECKING([whether we are using Heimdal])
4778			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4779				]], [[ char *tmp = heimdal_version; ]])],
4780				[ AC_MSG_RESULT([yes])
4781				AC_DEFINE([HEIMDAL], [1],
4782				[Define this if you are using the Heimdal
4783				version of Kerberos V5]) ],
4784				[AC_MSG_RESULT([no])
4785			])
4786		else
4787			AC_PATH_TOOL([KRB5CONF], [krb5-config],
4788				     [$KRB5ROOT/bin/krb5-config],
4789				     [$KRB5ROOT/bin:$PATH])
4790			if test -x $KRB5CONF ; then
4791				K5CFLAGS="`$KRB5CONF --cflags`"
4792				K5LIBS="`$KRB5CONF --libs`"
4793				CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4794
4795				AC_MSG_CHECKING([for gssapi support])
4796				if $KRB5CONF | grep gssapi >/dev/null ; then
4797					AC_MSG_RESULT([yes])
4798					AC_DEFINE([GSSAPI], [1],
4799						[Define this if you want GSSAPI
4800						support in the version 2 protocol])
4801					GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4802					GSSLIBS="`$KRB5CONF --libs gssapi`"
4803					CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4804				else
4805					AC_MSG_RESULT([no])
4806				fi
4807				AC_MSG_CHECKING([whether we are using Heimdal])
4808				AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4809					]], [[ char *tmp = heimdal_version; ]])],
4810					[ AC_MSG_RESULT([yes])
4811					AC_DEFINE([HEIMDAL], [1],
4812					[Define this if you are using the Heimdal
4813					version of Kerberos V5]) ],
4814					[AC_MSG_RESULT([no])
4815				])
4816			else
4817				CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4818				LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4819				AC_MSG_CHECKING([whether we are using Heimdal])
4820				AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4821					]], [[ char *tmp = heimdal_version; ]])],
4822						[ AC_MSG_RESULT([yes])
4823						 AC_DEFINE([HEIMDAL])
4824						 K5LIBS="-lkrb5"
4825						 K5LIBS="$K5LIBS -lcom_err -lasn1"
4826						 AC_CHECK_LIB([roken], [net_write],
4827						   [K5LIBS="$K5LIBS -lroken"])
4828						 AC_CHECK_LIB([des], [des_cbc_encrypt],
4829						   [K5LIBS="$K5LIBS -ldes"])
4830					       ], [ AC_MSG_RESULT([no])
4831						 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4832				])
4833				AC_SEARCH_LIBS([dn_expand], [resolv])
4834
4835				AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4836					[ AC_DEFINE([GSSAPI])
4837					  GSSLIBS="-lgssapi_krb5" ],
4838					[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4839						[ AC_DEFINE([GSSAPI])
4840						  GSSLIBS="-lgssapi" ],
4841						[ AC_CHECK_LIB([gss], [gss_init_sec_context],
4842							[ AC_DEFINE([GSSAPI])
4843							  GSSLIBS="-lgss" ],
4844							AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4845						])
4846					])
4847
4848				AC_CHECK_HEADER([gssapi.h], ,
4849					[ unset ac_cv_header_gssapi_h
4850					  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4851					  AC_CHECK_HEADERS([gssapi.h], ,
4852						AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4853					  )
4854					]
4855				)
4856
4857				oldCPP="$CPPFLAGS"
4858				CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4859				AC_CHECK_HEADER([gssapi_krb5.h], ,
4860						[ CPPFLAGS="$oldCPP" ])
4861
4862			fi
4863		fi
4864		if test -n "${rpath_opt}" ; then
4865			LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
4866		fi
4867		if test ! -z "$blibpath" ; then
4868			blibpath="$blibpath:${KRB5ROOT}/lib"
4869		fi
4870
4871		AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4872		AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4873		AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4874
4875		AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4876			[Define this if you want to use libkafs' AFS support])])
4877
4878		AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4879#ifdef HAVE_GSSAPI_H
4880# include <gssapi.h>
4881#elif defined(HAVE_GSSAPI_GSSAPI_H)
4882# include <gssapi/gssapi.h>
4883#endif
4884
4885#ifdef HAVE_GSSAPI_GENERIC_H
4886# include <gssapi_generic.h>
4887#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4888# include <gssapi/gssapi_generic.h>
4889#endif
4890		]])
4891		saved_LIBS="$LIBS"
4892		LIBS="$LIBS $K5LIBS"
4893		AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4894		LIBS="$saved_LIBS"
4895
4896	fi
4897	]
4898)
4899AC_SUBST([GSSLIBS])
4900AC_SUBST([K5LIBS])
4901AC_SUBST([CHANNELLIBS])
4902
4903# Looking for programs, paths and files
4904
4905PRIVSEP_PATH=/var/empty
4906AC_ARG_WITH([privsep-path],
4907	[  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4908	[
4909		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4910		    test "x${withval}" != "xyes"; then
4911			PRIVSEP_PATH=$withval
4912		fi
4913	]
4914)
4915AC_SUBST([PRIVSEP_PATH])
4916
4917AC_ARG_WITH([xauth],
4918	[  --with-xauth=PATH       Specify path to xauth program ],
4919	[
4920		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4921		    test "x${withval}" != "xyes"; then
4922			xauth_path=$withval
4923		fi
4924	],
4925	[
4926		TestPath="$PATH"
4927		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4928		TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4929		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4930		TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4931		AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4932		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4933			xauth_path="/usr/openwin/bin/xauth"
4934		fi
4935	]
4936)
4937
4938STRIP_OPT=-s
4939AC_ARG_ENABLE([strip],
4940	[  --disable-strip         Disable calling strip(1) on install],
4941	[
4942		if test "x$enableval" = "xno" ; then
4943			STRIP_OPT=
4944		fi
4945	]
4946)
4947AC_SUBST([STRIP_OPT])
4948
4949if test -z "$xauth_path" ; then
4950	XAUTH_PATH="undefined"
4951	AC_SUBST([XAUTH_PATH])
4952else
4953	AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4954		[Define if xauth is found in your path])
4955	XAUTH_PATH=$xauth_path
4956	AC_SUBST([XAUTH_PATH])
4957fi
4958
4959dnl # --with-maildir=/path/to/mail gets top priority.
4960dnl # if maildir is set in the platform case statement above we use that.
4961dnl # Otherwise we run a program to get the dir from system headers.
4962dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4963dnl # If we find _PATH_MAILDIR we do nothing because that is what
4964dnl # session.c expects anyway. Otherwise we set to the value found
4965dnl # stripping any trailing slash. If for some strage reason our program
4966dnl # does not find what it needs, we default to /var/spool/mail.
4967# Check for mail directory
4968AC_ARG_WITH([maildir],
4969    [  --with-maildir=/path/to/mail    Specify your system mail directory],
4970    [
4971	if test "X$withval" != X  &&  test "x$withval" != xno  &&  \
4972	    test "x${withval}" != xyes; then
4973		AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4974            [Set this to your mail directory if you do not have _PATH_MAILDIR])
4975	    fi
4976     ],[
4977	if test "X$maildir" != "X"; then
4978	    AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4979	else
4980	    AC_MSG_CHECKING([Discovering system mail directory])
4981	    AC_RUN_IFELSE(
4982		[AC_LANG_PROGRAM([[
4983#include <stdio.h>
4984#include <stdlib.h>
4985#include <string.h>
4986#ifdef HAVE_PATHS_H
4987#include <paths.h>
4988#endif
4989#ifdef HAVE_MAILLOCK_H
4990#include <maillock.h>
4991#endif
4992#define DATA "conftest.maildir"
4993	]], [[
4994	FILE *fd;
4995	int rc;
4996
4997	fd = fopen(DATA,"w");
4998	if(fd == NULL)
4999		exit(1);
5000
5001#if defined (_PATH_MAILDIR)
5002	if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
5003		exit(1);
5004#elif defined (MAILDIR)
5005	if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
5006		exit(1);
5007#elif defined (_PATH_MAIL)
5008	if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
5009		exit(1);
5010#else
5011	exit (2);
5012#endif
5013
5014	exit(0);
5015		]])],
5016		[
5017		    maildir_what=`awk -F: '{print $1}' conftest.maildir`
5018		    maildir=`awk -F: '{print $2}' conftest.maildir \
5019			| sed 's|/$||'`
5020		    AC_MSG_RESULT([Using: $maildir from $maildir_what])
5021		    if test "x$maildir_what" != "x_PATH_MAILDIR"; then
5022			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
5023		    fi
5024		],
5025		[
5026		    if test "X$ac_status" = "X2";then
5027# our test program didn't find it. Default to /var/spool/mail
5028			AC_MSG_RESULT([Using: default value of /var/spool/mail])
5029			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
5030		     else
5031			AC_MSG_RESULT([*** not found ***])
5032		     fi
5033		],
5034		[
5035			AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5036		]
5037	    )
5038	fi
5039    ]
5040) # maildir
5041
5042if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5043	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5044	disable_ptmx_check=yes
5045fi
5046if test -z "$no_dev_ptmx" ; then
5047	if test "x$disable_ptmx_check" != "xyes" ; then
5048		AC_CHECK_FILE(["/dev/ptmx"],
5049			[
5050				AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
5051					[Define if you have /dev/ptmx])
5052				have_dev_ptmx=1
5053			]
5054		)
5055	fi
5056fi
5057
5058if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5059	AC_CHECK_FILE(["/dev/ptc"],
5060		[
5061			AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
5062				[Define if you have /dev/ptc])
5063			have_dev_ptc=1
5064		]
5065	)
5066else
5067	AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5068fi
5069
5070# Options from here on. Some of these are preset by platform above
5071AC_ARG_WITH([mantype],
5072	[  --with-mantype=man|cat|doc  Set man page type],
5073	[
5074		case "$withval" in
5075		man|cat|doc)
5076			MANTYPE=$withval
5077			;;
5078		*)
5079			AC_MSG_ERROR([invalid man type: $withval])
5080			;;
5081		esac
5082	]
5083)
5084if test -z "$MANTYPE"; then
5085	if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5086		MANTYPE=doc
5087	elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5088		MANTYPE=doc
5089	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5090		MANTYPE=man
5091	else
5092		MANTYPE=cat
5093	fi
5094fi
5095AC_SUBST([MANTYPE])
5096if test "$MANTYPE" = "doc"; then
5097	mansubdir=man;
5098else
5099	mansubdir=$MANTYPE;
5100fi
5101AC_SUBST([mansubdir])
5102
5103# Whether to disable shadow password support
5104AC_ARG_WITH([shadow],
5105	[  --without-shadow        Disable shadow password support],
5106	[
5107		if test "x$withval" = "xno" ; then
5108			AC_DEFINE([DISABLE_SHADOW])
5109			disable_shadow=yes
5110		fi
5111	]
5112)
5113
5114if test -z "$disable_shadow" ; then
5115	AC_MSG_CHECKING([if the systems has expire shadow information])
5116	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5117#include <sys/types.h>
5118#include <shadow.h>
5119struct spwd sp;
5120		]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
5121		[ sp_expire_available=yes ], [
5122	])
5123
5124	if test "x$sp_expire_available" = "xyes" ; then
5125		AC_MSG_RESULT([yes])
5126		AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
5127		    [Define if you want to use shadow password expire field])
5128	else
5129		AC_MSG_RESULT([no])
5130	fi
5131fi
5132
5133# Use ip address instead of hostname in $DISPLAY
5134if test ! -z "$IPADDR_IN_DISPLAY" ; then
5135	DISPLAY_HACK_MSG="yes"
5136	AC_DEFINE([IPADDR_IN_DISPLAY], [1],
5137		[Define if you need to use IP address
5138		instead of hostname in $DISPLAY])
5139else
5140	DISPLAY_HACK_MSG="no"
5141	AC_ARG_WITH([ipaddr-display],
5142		[  --with-ipaddr-display   Use ip address instead of hostname in $DISPLAY],
5143		[
5144			if test "x$withval" != "xno" ; then
5145				AC_DEFINE([IPADDR_IN_DISPLAY])
5146				DISPLAY_HACK_MSG="yes"
5147			fi
5148		]
5149	)
5150fi
5151
5152# check for /etc/default/login and use it if present.
5153AC_ARG_ENABLE([etc-default-login],
5154	[  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5155	[ if test "x$enableval" = "xno"; then
5156		AC_MSG_NOTICE([/etc/default/login handling disabled])
5157		etc_default_login=no
5158	  else
5159		etc_default_login=yes
5160	  fi ],
5161	[ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5162	  then
5163		AC_MSG_WARN([cross compiling: not checking /etc/default/login])
5164		etc_default_login=no
5165	  else
5166		etc_default_login=yes
5167	  fi ]
5168)
5169
5170if test "x$etc_default_login" != "xno"; then
5171	AC_CHECK_FILE(["/etc/default/login"],
5172	    [ external_path_file=/etc/default/login ])
5173	if test "x$external_path_file" = "x/etc/default/login"; then
5174		AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
5175			[Define if your system has /etc/default/login])
5176	fi
5177fi
5178
5179dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5180if test $ac_cv_func_login_getcapbool = "yes" && \
5181	test $ac_cv_header_login_cap_h = "yes" ; then
5182	external_path_file=/etc/login.conf
5183fi
5184
5185# Whether to mess with the default path
5186SERVER_PATH_MSG="(default)"
5187AC_ARG_WITH([default-path],
5188	[  --with-default-path=    Specify default $PATH environment for server],
5189	[
5190		if test "x$external_path_file" = "x/etc/login.conf" ; then
5191			AC_MSG_WARN([
5192--with-default-path=PATH has no effect on this system.
5193Edit /etc/login.conf instead.])
5194		elif test "x$withval" != "xno" ; then
5195			if test ! -z "$external_path_file" ; then
5196				AC_MSG_WARN([
5197--with-default-path=PATH will only be used if PATH is not defined in
5198$external_path_file .])
5199			fi
5200			user_path="$withval"
5201			SERVER_PATH_MSG="$withval"
5202		fi
5203	],
5204	[ if test "x$external_path_file" = "x/etc/login.conf" ; then
5205		AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
5206	else
5207		if test ! -z "$external_path_file" ; then
5208			AC_MSG_WARN([
5209If PATH is defined in $external_path_file, ensure the path to scp is included,
5210otherwise scp will not work.])
5211		fi
5212		AC_RUN_IFELSE(
5213			[AC_LANG_PROGRAM([[
5214/* find out what STDPATH is */
5215#include <stdio.h>
5216#include <stdlib.h>
5217#ifdef HAVE_PATHS_H
5218# include <paths.h>
5219#endif
5220#ifndef _PATH_STDPATH
5221# ifdef _PATH_USERPATH	/* Irix */
5222#  define _PATH_STDPATH _PATH_USERPATH
5223# else
5224#  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
5225# endif
5226#endif
5227#include <sys/types.h>
5228#include <sys/stat.h>
5229#include <fcntl.h>
5230#define DATA "conftest.stdpath"
5231			]], [[
5232	FILE *fd;
5233	int rc;
5234
5235	fd = fopen(DATA,"w");
5236	if(fd == NULL)
5237		exit(1);
5238
5239	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
5240		exit(1);
5241
5242	exit(0);
5243		]])],
5244		[ user_path=`cat conftest.stdpath` ],
5245		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
5246		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
5247	)
5248# make sure $bindir is in USER_PATH so scp will work
5249		t_bindir="${bindir}"
5250		while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5251			t_bindir=`eval echo ${t_bindir}`
5252			case $t_bindir in
5253				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
5254			esac
5255			case $t_bindir in
5256				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
5257			esac
5258		done
5259		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
5260		if test $? -ne 0  ; then
5261			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
5262			if test $? -ne 0  ; then
5263				user_path=$user_path:$t_bindir
5264				AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
5265			fi
5266		fi
5267	fi ]
5268)
5269if test "x$external_path_file" != "x/etc/login.conf" ; then
5270	AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
5271	AC_SUBST([user_path])
5272fi
5273
5274# Set superuser path separately to user path
5275AC_ARG_WITH([superuser-path],
5276	[  --with-superuser-path=  Specify different path for super-user],
5277	[
5278		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
5279		    test "x${withval}" != "xyes"; then
5280			AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
5281				[Define if you want a different $PATH
5282				for the superuser])
5283			superuser_path=$withval
5284		fi
5285	]
5286)
5287
5288
5289AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5290IPV4_IN6_HACK_MSG="no"
5291AC_ARG_WITH(4in6,
5292	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
5293	[
5294		if test "x$withval" != "xno" ; then
5295			AC_MSG_RESULT([yes])
5296			AC_DEFINE([IPV4_IN_IPV6], [1],
5297				[Detect IPv4 in IPv6 mapped addresses
5298				and treat as IPv4])
5299			IPV4_IN6_HACK_MSG="yes"
5300		else
5301			AC_MSG_RESULT([no])
5302		fi
5303	], [
5304		if test "x$inet6_default_4in6" = "xyes"; then
5305			AC_MSG_RESULT([yes (default)])
5306			AC_DEFINE([IPV4_IN_IPV6])
5307			IPV4_IN6_HACK_MSG="yes"
5308		else
5309			AC_MSG_RESULT([no (default)])
5310		fi
5311	]
5312)
5313
5314# Whether to enable BSD auth support
5315BSD_AUTH_MSG=no
5316AC_ARG_WITH([bsd-auth],
5317	[  --with-bsd-auth         Enable BSD auth support],
5318	[
5319		if test "x$withval" != "xno" ; then
5320			AC_DEFINE([BSD_AUTH], [1],
5321				[Define if you have BSD auth support])
5322			BSD_AUTH_MSG=yes
5323		fi
5324	]
5325)
5326
5327# Where to place sshd.pid
5328piddir=/var/run
5329# make sure the directory exists
5330if test ! -d $piddir ; then
5331	piddir=`eval echo ${sysconfdir}`
5332	case $piddir in
5333		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5334	esac
5335fi
5336
5337AC_ARG_WITH([pid-dir],
5338	[  --with-pid-dir=PATH     Specify location of sshd.pid file],
5339	[
5340		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
5341		    test "x${withval}" != "xyes"; then
5342			piddir=$withval
5343			if test ! -d $piddir ; then
5344			AC_MSG_WARN([** no $piddir directory on this system **])
5345			fi
5346		fi
5347	]
5348)
5349
5350AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5351	[Specify location of ssh.pid])
5352AC_SUBST([piddir])
5353
5354dnl allow user to disable some login recording features
5355AC_ARG_ENABLE([lastlog],
5356	[  --disable-lastlog       disable use of lastlog even if detected [no]],
5357	[
5358		if test "x$enableval" = "xno" ; then
5359			AC_DEFINE([DISABLE_LASTLOG])
5360		fi
5361	]
5362)
5363AC_ARG_ENABLE([utmp],
5364	[  --disable-utmp          disable use of utmp even if detected [no]],
5365	[
5366		if test "x$enableval" = "xno" ; then
5367			AC_DEFINE([DISABLE_UTMP])
5368		fi
5369	]
5370)
5371AC_ARG_ENABLE([utmpx],
5372	[  --disable-utmpx         disable use of utmpx even if detected [no]],
5373	[
5374		if test "x$enableval" = "xno" ; then
5375			AC_DEFINE([DISABLE_UTMPX], [1],
5376				[Define if you don't want to use utmpx])
5377		fi
5378	]
5379)
5380AC_ARG_ENABLE([wtmp],
5381	[  --disable-wtmp          disable use of wtmp even if detected [no]],
5382	[
5383		if test "x$enableval" = "xno" ; then
5384			AC_DEFINE([DISABLE_WTMP])
5385		fi
5386	]
5387)
5388AC_ARG_ENABLE([wtmpx],
5389	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
5390	[
5391		if test "x$enableval" = "xno" ; then
5392			AC_DEFINE([DISABLE_WTMPX], [1],
5393				[Define if you don't want to use wtmpx])
5394		fi
5395	]
5396)
5397AC_ARG_ENABLE([libutil],
5398	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
5399	[
5400		if test "x$enableval" = "xno" ; then
5401			AC_DEFINE([DISABLE_LOGIN])
5402		fi
5403	]
5404)
5405AC_ARG_ENABLE([pututline],
5406	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
5407	[
5408		if test "x$enableval" = "xno" ; then
5409			AC_DEFINE([DISABLE_PUTUTLINE], [1],
5410				[Define if you don't want to use pututline()
5411				etc. to write [uw]tmp])
5412		fi
5413	]
5414)
5415AC_ARG_ENABLE([pututxline],
5416	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
5417	[
5418		if test "x$enableval" = "xno" ; then
5419			AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5420				[Define if you don't want to use pututxline()
5421				etc. to write [uw]tmpx])
5422		fi
5423	]
5424)
5425AC_ARG_WITH([lastlog],
5426  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5427	[
5428		if test "x$withval" = "xno" ; then
5429			AC_DEFINE([DISABLE_LASTLOG])
5430		elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
5431			conf_lastlog_location=$withval
5432		fi
5433	]
5434)
5435
5436dnl lastlog, [uw]tmpx? detection
5437dnl  NOTE: set the paths in the platform section to avoid the
5438dnl   need for command-line parameters
5439dnl lastlog and [uw]tmp are subject to a file search if all else fails
5440
5441dnl lastlog detection
5442dnl  NOTE: the code itself will detect if lastlog is a directory
5443AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5444AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5445#include <sys/types.h>
5446#include <utmp.h>
5447#ifdef HAVE_LASTLOG_H
5448#  include <lastlog.h>
5449#endif
5450#ifdef HAVE_PATHS_H
5451#  include <paths.h>
5452#endif
5453#ifdef HAVE_LOGIN_H
5454# include <login.h>
5455#endif
5456	]], [[ char *lastlog = LASTLOG_FILE; ]])],
5457		[ AC_MSG_RESULT([yes]) ],
5458		[
5459		AC_MSG_RESULT([no])
5460		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5461		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5462#include <sys/types.h>
5463#include <utmp.h>
5464#ifdef HAVE_LASTLOG_H
5465#  include <lastlog.h>
5466#endif
5467#ifdef HAVE_PATHS_H
5468#  include <paths.h>
5469#endif
5470		]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5471		[ AC_MSG_RESULT([yes]) ],
5472		[
5473			AC_MSG_RESULT([no])
5474			system_lastlog_path=no
5475		])
5476])
5477
5478if test -z "$conf_lastlog_location"; then
5479	if test x"$system_lastlog_path" = x"no" ; then
5480		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5481				if (test -d "$f" || test -f "$f") ; then
5482					conf_lastlog_location=$f
5483				fi
5484		done
5485		if test -z "$conf_lastlog_location"; then
5486			AC_MSG_WARN([** Cannot find lastlog **])
5487			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5488		fi
5489	fi
5490fi
5491
5492if test -n "$conf_lastlog_location"; then
5493	AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5494		[Define if you want to specify the path to your lastlog file])
5495fi
5496
5497dnl utmp detection
5498AC_MSG_CHECKING([if your system defines UTMP_FILE])
5499AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5500#include <sys/types.h>
5501#include <utmp.h>
5502#ifdef HAVE_PATHS_H
5503#  include <paths.h>
5504#endif
5505	]], [[ char *utmp = UTMP_FILE; ]])],
5506	[ AC_MSG_RESULT([yes]) ],
5507	[ AC_MSG_RESULT([no])
5508	  system_utmp_path=no
5509])
5510if test -z "$conf_utmp_location"; then
5511	if test x"$system_utmp_path" = x"no" ; then
5512		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5513			if test -f $f ; then
5514				conf_utmp_location=$f
5515			fi
5516		done
5517		if test -z "$conf_utmp_location"; then
5518			AC_DEFINE([DISABLE_UTMP])
5519		fi
5520	fi
5521fi
5522if test -n "$conf_utmp_location"; then
5523	AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5524		[Define if you want to specify the path to your utmp file])
5525fi
5526
5527dnl wtmp detection
5528AC_MSG_CHECKING([if your system defines WTMP_FILE])
5529AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5530#include <sys/types.h>
5531#include <utmp.h>
5532#ifdef HAVE_PATHS_H
5533#  include <paths.h>
5534#endif
5535	]], [[ char *wtmp = WTMP_FILE; ]])],
5536	[ AC_MSG_RESULT([yes]) ],
5537	[ AC_MSG_RESULT([no])
5538	  system_wtmp_path=no
5539])
5540if test -z "$conf_wtmp_location"; then
5541	if test x"$system_wtmp_path" = x"no" ; then
5542		for f in /usr/adm/wtmp /var/log/wtmp; do
5543			if test -f $f ; then
5544				conf_wtmp_location=$f
5545			fi
5546		done
5547		if test -z "$conf_wtmp_location"; then
5548			AC_DEFINE([DISABLE_WTMP])
5549		fi
5550	fi
5551fi
5552if test -n "$conf_wtmp_location"; then
5553	AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5554		[Define if you want to specify the path to your wtmp file])
5555fi
5556
5557dnl wtmpx detection
5558AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5559AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5560#include <sys/types.h>
5561#include <utmp.h>
5562#ifdef HAVE_UTMPX_H
5563#include <utmpx.h>
5564#endif
5565#ifdef HAVE_PATHS_H
5566#  include <paths.h>
5567#endif
5568	]], [[ char *wtmpx = WTMPX_FILE; ]])],
5569	[ AC_MSG_RESULT([yes]) ],
5570	[ AC_MSG_RESULT([no])
5571	  system_wtmpx_path=no
5572])
5573if test -z "$conf_wtmpx_location"; then
5574	if test x"$system_wtmpx_path" = x"no" ; then
5575		AC_DEFINE([DISABLE_WTMPX])
5576	fi
5577else
5578	AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5579		[Define if you want to specify the path to your wtmpx file])
5580fi
5581
5582
5583if test ! -z "$blibpath" ; then
5584	LDFLAGS="$LDFLAGS $blibflags$blibpath"
5585	AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5586fi
5587
5588AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5589    if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5590	AC_DEFINE([DISABLE_LASTLOG])
5591    fi
5592	], [
5593#ifdef HAVE_SYS_TYPES_H
5594#include <sys/types.h>
5595#endif
5596#ifdef HAVE_UTMP_H
5597#include <utmp.h>
5598#endif
5599#ifdef HAVE_UTMPX_H
5600#include <utmpx.h>
5601#endif
5602#ifdef HAVE_LASTLOG_H
5603#include <lastlog.h>
5604#endif
5605	])
5606
5607AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5608	AC_DEFINE([DISABLE_UTMP])
5609	AC_DEFINE([DISABLE_WTMP])
5610	], [
5611#ifdef HAVE_SYS_TYPES_H
5612#include <sys/types.h>
5613#endif
5614#ifdef HAVE_UTMP_H
5615#include <utmp.h>
5616#endif
5617#ifdef HAVE_UTMPX_H
5618#include <utmpx.h>
5619#endif
5620#ifdef HAVE_LASTLOG_H
5621#include <lastlog.h>
5622#endif
5623	])
5624
5625dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5626dnl Add now.
5627CFLAGS="$CFLAGS $werror_flags"
5628
5629if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5630	TEST_SSH_IPV6=no
5631else
5632	TEST_SSH_IPV6=yes
5633fi
5634AC_CHECK_DECL([BROKEN_GETADDRINFO],  [TEST_SSH_IPV6=no])
5635AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5636AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5637AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5638AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5639AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5640
5641# Binaries for interop tests.
5642AC_PATH_PROG([PLINK], [plink])
5643AC_PATH_PROG([PUTTYGEN], [puttygen])
5644AC_PATH_PROG([CONCH], [conch])
5645AC_PATH_PROG([DROPBEAR], [dropbear])
5646AC_PATH_PROG([DBCLIENT], [dbclient])
5647AC_PATH_PROG([DROPBEARKEY], [dropbearkey])
5648AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert])
5649
5650CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5651LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5652
5653# Make a copy of CFLAGS/LDFLAGS without PIE options.
5654LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5655CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5656AC_SUBST([LDFLAGS_NOPIE])
5657AC_SUBST([CFLAGS_NOPIE])
5658
5659AC_EXEEXT
5660AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5661	openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5662	survey.sh])
5663AC_OUTPUT
5664
5665# Print summary of options
5666
5667# Someone please show me a better way :)
5668A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5669B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5670C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5671D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5672E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5673F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5674G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5675H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5676I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5677J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5678
5679echo ""
5680echo "OpenSSH has been configured with the following options:"
5681echo "                     User binaries: $B"
5682echo "                   System binaries: $C"
5683echo "               Configuration files: $D"
5684echo "                   Askpass program: $E"
5685echo "                      Manual pages: $F"
5686echo "                          PID file: $G"
5687echo "  Privilege separation chroot path: $H"
5688if test "x$external_path_file" = "x/etc/login.conf" ; then
5689echo "   At runtime, sshd will use the path defined in $external_path_file"
5690echo "   Make sure the path to scp is present, otherwise scp will not work"
5691else
5692echo "            sshd default user PATH: $I"
5693	if test ! -z "$external_path_file"; then
5694echo "   (If PATH is set in $external_path_file it will be used instead. If"
5695echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
5696	fi
5697fi
5698if test ! -z "$superuser_path" ; then
5699echo "          sshd superuser user PATH: $J"
5700fi
5701echo "                    Manpage format: $MANTYPE"
5702echo "                       PAM support: $PAM_MSG"
5703echo "                   OSF SIA support: $SIA_MSG"
5704echo "                 KerberosV support: $KRB5_MSG"
5705echo "                   SELinux support: $SELINUX_MSG"
5706echo "              TCP Wrappers support: $TCPW_MSG"
5707echo "                   libedit support: $LIBEDIT_MSG"
5708echo "                   libldns support: $LDNS_MSG"
5709echo "  Solaris process contract support: $SPC_MSG"
5710echo "           Solaris project support: $SP_MSG"
5711echo "         Solaris privilege support: $SPP_MSG"
5712echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5713echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5714echo "                  BSD Auth support: $BSD_AUTH_MSG"
5715echo "              Random number source: $RAND_MSG"
5716echo "             Privsep sandbox style: $SANDBOX_STYLE"
5717echo "                   PKCS#11 support: $enable_pkcs11"
5718echo "                  U2F/FIDO support: $enable_sk"
5719
5720echo ""
5721
5722echo "              Host: ${host}"
5723echo "          Compiler: ${CC}"
5724echo "    Compiler flags: ${CFLAGS}"
5725echo "Preprocessor flags: ${CPPFLAGS}"
5726echo "      Linker flags: ${LDFLAGS}"
5727echo "         Libraries: ${LIBS}"
5728if test ! -z "${CHANNELLIBS}"; then
5729echo "     +for channels: ${CHANNELLIBS}"
5730fi
5731if test ! -z "${LIBFIDO2}"; then
5732echo "        +for FIDO2: ${LIBFIDO2}"
5733fi
5734if test ! -z "${SSHDLIBS}"; then
5735echo "         +for sshd: ${SSHDLIBS}"
5736fi
5737
5738echo ""
5739
5740if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5741	echo "SVR4 style packages are supported with \"make package\""
5742	echo ""
5743fi
5744
5745if test "x$PAM_MSG" = "xyes" ; then
5746	echo "PAM is enabled. You may need to install a PAM control file "
5747	echo "for sshd, otherwise password authentication may fail. "
5748	echo "Example PAM control files can be found in the contrib/ "
5749	echo "subdirectory"
5750	echo ""
5751fi
5752
5753if test ! -z "$NO_PEERCHECK" ; then
5754	echo "WARNING: the operating system that you are using does not"
5755	echo "appear to support getpeereid(), getpeerucred() or the"
5756	echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5757	echo "enforce security checks to prevent unauthorised connections to"
5758	echo "ssh-agent. Their absence increases the risk that a malicious"
5759	echo "user can connect to your agent."
5760	echo ""
5761fi
5762
5763if test "$AUDIT_MODULE" = "bsm" ; then
5764	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5765	echo "See the Solaris section in README.platform for details."
5766fi
5767