xref: /freebsd/crypto/openssh/configure.ac (revision a35f04fba2ebb8f86d4cbdc710c89a094572b08e)
1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
2# $FreeBSD$
3#
4# Copyright (c) 1999-2004 Damien Miller
5#
6# Permission to use, copy, modify, and distribute this software for any
7# purpose with or without fee is hereby granted, provided that the above
8# copyright notice and this permission notice appear in all copies.
9#
10# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
19AC_REVISION($Revision: 1.583 $)
20AC_CONFIG_SRCDIR([ssh.c])
21AC_LANG([C])
22
23AC_CONFIG_HEADER([config.h])
24AC_PROG_CC
25AC_CANONICAL_HOST
26AC_C_BIGENDIAN
27
28# Checks for programs.
29AC_PROG_AWK
30AC_PROG_CPP
31AC_PROG_RANLIB
32AC_PROG_INSTALL
33AC_PROG_EGREP
34AC_CHECK_TOOLS([AR], [ar])
35AC_PATH_PROG([CAT], [cat])
36AC_PATH_PROG([KILL], [kill])
37AC_PATH_PROGS([PERL], [perl5 perl])
38AC_PATH_PROG([SED], [sed])
39AC_SUBST([PERL])
40AC_PATH_PROG([ENT], [ent])
41AC_SUBST([ENT])
42AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
43AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
44AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
45AC_PATH_PROG([SH], [sh])
46AC_PATH_PROG([GROFF], [groff])
47AC_PATH_PROG([NROFF], [nroff])
48AC_PATH_PROG([MANDOC], [mandoc])
49AC_SUBST([TEST_SHELL], [sh])
50
51dnl select manpage formatter
52if test "x$MANDOC" != "x" ; then
53	MANFMT="$MANDOC"
54elif test "x$NROFF" != "x" ; then
55	MANFMT="$NROFF -mandoc"
56elif test "x$GROFF" != "x" ; then
57	MANFMT="$GROFF -mandoc -Tascii"
58else
59	AC_MSG_WARN([no manpage formatted found])
60	MANFMT="false"
61fi
62AC_SUBST([MANFMT])
63
64dnl for buildpkg.sh
65AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
66	[/usr/sbin${PATH_SEPARATOR}/etc])
67AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
68	[/usr/sbin${PATH_SEPARATOR}/etc])
69AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
70if test -x /sbin/sh; then
71	AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72else
73	AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
74fi
75
76# System features
77AC_SYS_LARGEFILE
78
79if test -z "$AR" ; then
80	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
81fi
82
83AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
84if test ! -z "$PATH_PASSWD_PROG" ; then
85	AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
86		[Full path of your "passwd" program])
87fi
88
89if test -z "$LD" ; then
90	LD=$CC
91fi
92AC_SUBST([LD])
93
94AC_C_INLINE
95
96AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
97AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
98	#include <sys/types.h>
99	#include <sys/param.h>
100	#include <dev/systrace.h>
101])
102AC_CHECK_DECL([RLIMIT_NPROC],
103    [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
104	#include <sys/types.h>
105	#include <sys/resource.h>
106])
107AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
108	#include <sys/types.h>
109	#include <linux/prctl.h>
110])
111
112openssl=yes
113ssh1=no
114COMMENT_OUT_RSA1="#no ssh1#"
115AC_ARG_WITH([openssl],
116	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
117	[  if test "x$withval" = "xno" ; then
118		openssl=no
119		ssh1=no
120	   fi
121	]
122)
123AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
124if test "x$openssl" = "xyes" ; then
125	AC_MSG_RESULT([yes])
126	AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
127else
128	AC_MSG_RESULT([no])
129fi
130
131AC_ARG_WITH([ssh1],
132	[  --with-ssh1             Enable support for SSH protocol 1],
133	[
134		if test "x$withval" = "xyes" ; then
135			if test "x$openssl" = "xno" ; then
136				AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
137			fi
138			ssh1=yes
139			COMMENT_OUT_RSA1=""
140		elif test "x$withval" = "xno" ; then
141			ssh1=no
142		else
143			AC_MSG_ERROR([unknown --with-ssh1 argument])
144		fi
145	]
146)
147AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
148if test "x$ssh1" = "xyes" ; then
149	AC_MSG_RESULT([yes])
150	AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
151	AC_SUBST([COMMENT_OUT_RSA1])
152else
153	AC_MSG_RESULT([no])
154fi
155
156use_stack_protector=1
157use_toolchain_hardening=1
158AC_ARG_WITH([stackprotect],
159    [  --without-stackprotect  Don't use compiler's stack protection], [
160    if test "x$withval" = "xno"; then
161	use_stack_protector=0
162    fi ])
163AC_ARG_WITH([hardening],
164    [  --without-hardening     Don't use toolchain hardening flags], [
165    if test "x$withval" = "xno"; then
166	use_toolchain_hardening=0
167    fi ])
168
169# We use -Werror for the tests only so that we catch warnings like "this is
170# on by default" for things like -fPIE.
171AC_MSG_CHECKING([if $CC supports -Werror])
172saved_CFLAGS="$CFLAGS"
173CFLAGS="$CFLAGS -Werror"
174AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
175	[ AC_MSG_RESULT([yes])
176	  WERROR="-Werror"],
177	[ AC_MSG_RESULT([no])
178	  WERROR="" ]
179)
180CFLAGS="$saved_CFLAGS"
181
182if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
183	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
184	OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
185	OSSH_CHECK_CFLAG_COMPILE([-Wall])
186	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
187	OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
188	OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
189	OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
190	OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
191	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
192	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
193	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
194	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
195    if test "x$use_toolchain_hardening" = "x1"; then
196	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
197	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
198	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
199	# NB. -ftrapv expects certain support functions to be present in
200	# the compiler library (libgcc or similar) to detect integer operations
201	# that can overflow. We must check that the result of enabling it
202	# actually links. The test program compiled/linked includes a number
203	# of integer operations that should exercise this.
204	OSSH_CHECK_CFLAG_LINK([-ftrapv])
205    fi
206	AC_MSG_CHECKING([gcc version])
207	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
208	case $GCC_VER in
209		1.*) no_attrib_nonnull=1 ;;
210		2.8* | 2.9*)
211		     no_attrib_nonnull=1
212		     ;;
213		2.*) no_attrib_nonnull=1 ;;
214		*) ;;
215	esac
216	AC_MSG_RESULT([$GCC_VER])
217
218	AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
219	saved_CFLAGS="$CFLAGS"
220	CFLAGS="$CFLAGS -fno-builtin-memset"
221	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
222			[[ char b[10]; memset(b, 0, sizeof(b)); ]])],
223		[ AC_MSG_RESULT([yes]) ],
224		[ AC_MSG_RESULT([no])
225		  CFLAGS="$saved_CFLAGS" ]
226	)
227
228	# -fstack-protector-all doesn't always work for some GCC versions
229	# and/or platforms, so we test if we can.  If it's not supported
230	# on a given platform gcc will emit a warning so we use -Werror.
231	if test "x$use_stack_protector" = "x1"; then
232	    for t in -fstack-protector-strong -fstack-protector-all \
233		    -fstack-protector; do
234		AC_MSG_CHECKING([if $CC supports $t])
235		saved_CFLAGS="$CFLAGS"
236		saved_LDFLAGS="$LDFLAGS"
237		CFLAGS="$CFLAGS $t -Werror"
238		LDFLAGS="$LDFLAGS $t -Werror"
239		AC_LINK_IFELSE(
240			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
241			[[
242	char x[256];
243	snprintf(x, sizeof(x), "XXX");
244			 ]])],
245		    [ AC_MSG_RESULT([yes])
246		      CFLAGS="$saved_CFLAGS $t"
247		      LDFLAGS="$saved_LDFLAGS $t"
248		      AC_MSG_CHECKING([if $t works])
249		      AC_RUN_IFELSE(
250			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
251			[[
252	char x[256];
253	snprintf(x, sizeof(x), "XXX");
254			]])],
255			[ AC_MSG_RESULT([yes])
256			  break ],
257			[ AC_MSG_RESULT([no]) ],
258			[ AC_MSG_WARN([cross compiling: cannot test])
259			  break ]
260		      )
261		    ],
262		    [ AC_MSG_RESULT([no]) ]
263		)
264		CFLAGS="$saved_CFLAGS"
265		LDFLAGS="$saved_LDFLAGS"
266	    done
267	fi
268
269	if test -z "$have_llong_max"; then
270		# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
271		unset ac_cv_have_decl_LLONG_MAX
272		saved_CFLAGS="$CFLAGS"
273		CFLAGS="$CFLAGS -std=gnu99"
274		AC_CHECK_DECL([LLONG_MAX],
275		    [have_llong_max=1],
276		    [CFLAGS="$saved_CFLAGS"],
277		    [#include <limits.h>]
278		)
279	fi
280fi
281
282AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
283AC_COMPILE_IFELSE(
284    [AC_LANG_PROGRAM([[
285#include <stdlib.h>
286__attribute__((__unused__)) static void foo(void){return;}]],
287    [[ exit(0); ]])],
288    [ AC_MSG_RESULT([yes]) ],
289    [ AC_MSG_RESULT([no])
290      AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
291	 [compiler does not accept __attribute__ on return types]) ]
292)
293
294if test "x$no_attrib_nonnull" != "x1" ; then
295	AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
296fi
297
298AC_ARG_WITH([rpath],
299	[  --without-rpath         Disable auto-added -R linker paths],
300	[
301		if test "x$withval" = "xno" ; then
302			need_dash_r=""
303		fi
304		if test "x$withval" = "xyes" ; then
305			need_dash_r=1
306		fi
307	]
308)
309
310# Allow user to specify flags
311AC_ARG_WITH([cflags],
312	[  --with-cflags           Specify additional flags to pass to compiler],
313	[
314		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
315		    test "x${withval}" != "xyes"; then
316			CFLAGS="$CFLAGS $withval"
317		fi
318	]
319)
320AC_ARG_WITH([cppflags],
321	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
322	[
323		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
324		    test "x${withval}" != "xyes"; then
325			CPPFLAGS="$CPPFLAGS $withval"
326		fi
327	]
328)
329AC_ARG_WITH([ldflags],
330	[  --with-ldflags          Specify additional flags to pass to linker],
331	[
332		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
333		    test "x${withval}" != "xyes"; then
334			LDFLAGS="$LDFLAGS $withval"
335		fi
336	]
337)
338AC_ARG_WITH([libs],
339	[  --with-libs             Specify additional libraries to link with],
340	[
341		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
342		    test "x${withval}" != "xyes"; then
343			LIBS="$LIBS $withval"
344		fi
345	]
346)
347AC_ARG_WITH([Werror],
348	[  --with-Werror           Build main code with -Werror],
349	[
350		if test -n "$withval"  &&  test "x$withval" != "xno"; then
351			werror_flags="-Werror"
352			if test "x${withval}" != "xyes"; then
353				werror_flags="$withval"
354			fi
355		fi
356	]
357)
358
359AC_CHECK_HEADERS([ \
360	blf.h \
361	bstring.h \
362	crypt.h \
363	crypto/sha2.h \
364	dirent.h \
365	endian.h \
366	elf.h \
367	err.h \
368	features.h \
369	fcntl.h \
370	floatingpoint.h \
371	getopt.h \
372	glob.h \
373	ia.h \
374	iaf.h \
375	inttypes.h \
376	langinfo.h \
377	limits.h \
378	locale.h \
379	login.h \
380	maillock.h \
381	ndir.h \
382	net/if_tun.h \
383	netdb.h \
384	netgroup.h \
385	pam/pam_appl.h \
386	paths.h \
387	poll.h \
388	pty.h \
389	readpassphrase.h \
390	rpc/types.h \
391	security/pam_appl.h \
392	sha2.h \
393	shadow.h \
394	stddef.h \
395	stdint.h \
396	string.h \
397	strings.h \
398	sys/audit.h \
399	sys/bitypes.h \
400	sys/bsdtty.h \
401	sys/cdefs.h \
402	sys/dir.h \
403	sys/mman.h \
404	sys/ndir.h \
405	sys/poll.h \
406	sys/prctl.h \
407	sys/pstat.h \
408	sys/ptrace.h \
409	sys/select.h \
410	sys/stat.h \
411	sys/stream.h \
412	sys/stropts.h \
413	sys/strtio.h \
414	sys/statvfs.h \
415	sys/sysmacros.h \
416	sys/time.h \
417	sys/timers.h \
418	time.h \
419	tmpdir.h \
420	ttyent.h \
421	ucred.h \
422	unistd.h \
423	usersec.h \
424	util.h \
425	utime.h \
426	utmp.h \
427	utmpx.h \
428	vis.h \
429	wchar.h \
430])
431
432# sys/capsicum.h requires sys/types.h
433AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
434#ifdef HAVE_SYS_TYPES_H
435# include <sys/types.h>
436#endif
437])
438
439# lastlog.h requires sys/time.h to be included first on Solaris
440AC_CHECK_HEADERS([lastlog.h], [], [], [
441#ifdef HAVE_SYS_TIME_H
442# include <sys/time.h>
443#endif
444])
445
446# sys/ptms.h requires sys/stream.h to be included first on Solaris
447AC_CHECK_HEADERS([sys/ptms.h], [], [], [
448#ifdef HAVE_SYS_STREAM_H
449# include <sys/stream.h>
450#endif
451])
452
453# login_cap.h requires sys/types.h on NetBSD
454AC_CHECK_HEADERS([login_cap.h], [], [], [
455#include <sys/types.h>
456])
457
458# older BSDs need sys/param.h before sys/mount.h
459AC_CHECK_HEADERS([sys/mount.h], [], [], [
460#include <sys/param.h>
461])
462
463# Android requires sys/socket.h to be included before sys/un.h
464AC_CHECK_HEADERS([sys/un.h], [], [], [
465#include <sys/types.h>
466#include <sys/socket.h>
467])
468
469# Messages for features tested for in target-specific section
470SIA_MSG="no"
471SPC_MSG="no"
472SP_MSG="no"
473SPP_MSG="no"
474
475# Support for Solaris/Illumos privileges (this test is used by both
476# the --with-solaris-privs option and --with-sandbox=solaris).
477SOLARIS_PRIVS="no"
478
479# Check for some target-specific stuff
480case "$host" in
481*-*-aix*)
482	# Some versions of VAC won't allow macro redefinitions at
483	# -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
484	# particularly with older versions of vac or xlc.
485	# It also throws errors about null macro argments, but these are
486	# not fatal.
487	AC_MSG_CHECKING([if compiler allows macro redefinitions])
488	AC_COMPILE_IFELSE(
489	    [AC_LANG_PROGRAM([[
490#define testmacro foo
491#define testmacro bar]],
492	    [[ exit(0); ]])],
493	    [ AC_MSG_RESULT([yes]) ],
494	    [ AC_MSG_RESULT([no])
495	      CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
496	      LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
497	      CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
498	      CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
499	    ]
500	)
501
502	AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
503	if (test -z "$blibpath"); then
504		blibpath="/usr/lib:/lib"
505	fi
506	saved_LDFLAGS="$LDFLAGS"
507	if test "$GCC" = "yes"; then
508		flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
509	else
510		flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
511	fi
512	for tryflags in $flags ;do
513		if (test -z "$blibflags"); then
514			LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
515			AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
516			[blibflags=$tryflags], [])
517		fi
518	done
519	if (test -z "$blibflags"); then
520		AC_MSG_RESULT([not found])
521		AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
522	else
523		AC_MSG_RESULT([$blibflags])
524	fi
525	LDFLAGS="$saved_LDFLAGS"
526	dnl Check for authenticate.  Might be in libs.a on older AIXes
527	AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
528		[Define if you want to enable AIX4's authenticate function])],
529		[AC_CHECK_LIB([s], [authenticate],
530			[ AC_DEFINE([WITH_AIXAUTHENTICATE])
531				LIBS="$LIBS -ls"
532			])
533		])
534	dnl Check for various auth function declarations in headers.
535	AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
536	    passwdexpired, setauthdb], , , [#include <usersec.h>])
537	dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
538	AC_CHECK_DECLS([loginfailed],
539	    [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
540	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
541		[[ (void)loginfailed("user","host","tty",0); ]])],
542		[AC_MSG_RESULT([yes])
543		AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
544			[Define if your AIX loginfailed() function
545			takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
546	    ])],
547	    [],
548	    [#include <usersec.h>]
549	)
550	AC_CHECK_FUNCS([getgrset setauthdb])
551	AC_CHECK_DECL([F_CLOSEM],
552	    AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
553	    [],
554	    [ #include <limits.h>
555	      #include <fcntl.h> ]
556	)
557	check_for_aix_broken_getaddrinfo=1
558	AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
559	AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
560	    [Define if your platform breaks doing a seteuid before a setuid])
561	AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
562	AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
563	dnl AIX handles lastlog as part of its login message
564	AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
565	AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
566		[Some systems need a utmpx entry for /bin/login to work])
567	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
568		[Define to a Set Process Title type if your system is
569		supported by bsd-setproctitle.c])
570	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
571	    [AIX 5.2 and 5.3 (and presumably newer) require this])
572	AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
573	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
574	;;
575*-*-android*)
576	AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
577	AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
578	;;
579*-*-cygwin*)
580	check_for_libcrypt_later=1
581	LIBS="$LIBS /usr/lib/textreadmode.o"
582	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
583	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
584	AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
585		[Define to disable UID restoration test])
586	AC_DEFINE([DISABLE_SHADOW], [1],
587		[Define if you want to disable shadow passwords])
588	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
589		[Define if X11 doesn't support AF_UNIX sockets on that system])
590	AC_DEFINE([DISABLE_FD_PASSING], [1],
591		[Define if your platform needs to skip post auth
592		file descriptor passing])
593	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
594	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
595	# Cygwin defines optargs, optargs as declspec(dllimport) for historical
596	# reasons which cause compile warnings, so we disable those warnings.
597	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
598	;;
599*-*-dgux*)
600	AC_DEFINE([IP_TOS_IS_BROKEN], [1],
601		[Define if your system choked on IP TOS setting])
602	AC_DEFINE([SETEUID_BREAKS_SETUID])
603	AC_DEFINE([BROKEN_SETREUID])
604	AC_DEFINE([BROKEN_SETREGID])
605	;;
606*-*-darwin*)
607	use_pie=auto
608	AC_MSG_CHECKING([if we have working getaddrinfo])
609	AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
610main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
611		exit(0);
612	else
613		exit(1);
614}
615			]])],
616	[AC_MSG_RESULT([working])],
617	[AC_MSG_RESULT([buggy])
618	AC_DEFINE([BROKEN_GETADDRINFO], [1],
619		[getaddrinfo is broken (if present)])
620	],
621	[AC_MSG_RESULT([assume it is working])])
622	AC_DEFINE([SETEUID_BREAKS_SETUID])
623	AC_DEFINE([BROKEN_SETREUID])
624	AC_DEFINE([BROKEN_SETREGID])
625	AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
626	AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
627		[Define if your resolver libs need this for getrrsetbyname])
628	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
629	AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
630	    [Use tunnel device compatibility to OpenBSD])
631	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
632	    [Prepend the address family to IP tunnel traffic])
633	m4_pattern_allow([AU_IPv])
634	AC_CHECK_DECL([AU_IPv4], [],
635	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
636	    [#include <bsm/audit.h>]
637	AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
638	    [Define if pututxline updates lastlog too])
639	)
640	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
641		[Define to a Set Process Title type if your system is
642		supported by bsd-setproctitle.c])
643	AC_CHECK_FUNCS([sandbox_init])
644	AC_CHECK_HEADERS([sandbox.h])
645	AC_CHECK_LIB([sandbox], [sandbox_apply], [
646	    SSHDLIBS="$SSHDLIBS -lsandbox"
647	])
648	;;
649*-*-dragonfly*)
650	SSHDLIBS="$SSHDLIBS -lcrypt"
651	TEST_MALLOC_OPTIONS="AFGJPRX"
652	;;
653*-*-haiku*)
654	LIBS="$LIBS -lbsd "
655	AC_CHECK_LIB([network], [socket])
656	AC_DEFINE([HAVE_U_INT64_T])
657	MANTYPE=man
658	;;
659*-*-hpux*)
660	# first we define all of the options common to all HP-UX releases
661	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
662	IPADDR_IN_DISPLAY=yes
663	AC_DEFINE([USE_PIPES])
664	AC_DEFINE([LOGIN_NEEDS_UTMPX])
665	AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
666		[String used in /etc/passwd to denote locked account])
667	AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
668	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
669	maildir="/var/mail"
670	LIBS="$LIBS -lsec"
671	AC_CHECK_LIB([xnet], [t_error], ,
672	    [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
673
674	# next, we define all of the options specific to major releases
675	case "$host" in
676	*-*-hpux10*)
677		if test -z "$GCC"; then
678			CFLAGS="$CFLAGS -Ae"
679		fi
680		;;
681	*-*-hpux11*)
682		AC_DEFINE([PAM_SUN_CODEBASE], [1],
683			[Define if you are using Solaris-derived PAM which
684			passes pam_messages to the conversation function
685			with an extra level of indirection])
686		AC_DEFINE([DISABLE_UTMP], [1],
687			[Define if you don't want to use utmp])
688		AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
689		check_for_hpux_broken_getaddrinfo=1
690		check_for_conflicting_getspnam=1
691		;;
692	esac
693
694	# lastly, we define options specific to minor releases
695	case "$host" in
696	*-*-hpux10.26)
697		AC_DEFINE([HAVE_SECUREWARE], [1],
698			[Define if you have SecureWare-based
699			protected password database])
700		disable_ptmx_check=yes
701		LIBS="$LIBS -lsecpw"
702		;;
703	esac
704	;;
705*-*-irix5*)
706	PATH="$PATH:/usr/etc"
707	AC_DEFINE([BROKEN_INET_NTOA], [1],
708		[Define if you system's inet_ntoa is busted
709		(e.g. Irix gcc issue)])
710	AC_DEFINE([SETEUID_BREAKS_SETUID])
711	AC_DEFINE([BROKEN_SETREUID])
712	AC_DEFINE([BROKEN_SETREGID])
713	AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
714		[Define if you shouldn't strip 'tty' from your
715		ttyname in [uw]tmp])
716	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
717	;;
718*-*-irix6*)
719	PATH="$PATH:/usr/etc"
720	AC_DEFINE([WITH_IRIX_ARRAY], [1],
721		[Define if you have/want arrays
722		(cluster-wide session managment, not C arrays)])
723	AC_DEFINE([WITH_IRIX_PROJECT], [1],
724		[Define if you want IRIX project management])
725	AC_DEFINE([WITH_IRIX_AUDIT], [1],
726		[Define if you want IRIX audit trails])
727	AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
728		[Define if you want IRIX kernel jobs])])
729	AC_DEFINE([BROKEN_INET_NTOA])
730	AC_DEFINE([SETEUID_BREAKS_SETUID])
731	AC_DEFINE([BROKEN_SETREUID])
732	AC_DEFINE([BROKEN_SETREGID])
733	AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
734	AC_DEFINE([WITH_ABBREV_NO_TTY])
735	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
736	;;
737*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
738	check_for_libcrypt_later=1
739	AC_DEFINE([PAM_TTY_KLUDGE])
740	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
741	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
742	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
743	AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
744	;;
745*-*-linux*)
746	no_dev_ptmx=1
747	use_pie=auto
748	check_for_libcrypt_later=1
749	check_for_openpty_ctty_bug=1
750	AC_DEFINE([PAM_TTY_KLUDGE], [1],
751		[Work around problematic Linux PAM modules handling of PAM_TTY])
752	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
753		[String used in /etc/passwd to denote locked account])
754	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
755	AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
756		[Define to whatever link() returns for "not supported"
757		if it doesn't return EOPNOTSUPP.])
758	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
759	AC_DEFINE([USE_BTMP])
760	AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
761	inet6_default_4in6=yes
762	case `uname -r` in
763	1.*|2.0.*)
764		AC_DEFINE([BROKEN_CMSG_TYPE], [1],
765			[Define if cmsg_type is not passed correctly])
766		;;
767	esac
768	# tun(4) forwarding compat code
769	AC_CHECK_HEADERS([linux/if_tun.h])
770	if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
771		AC_DEFINE([SSH_TUN_LINUX], [1],
772		    [Open tunnel devices the Linux tun/tap way])
773		AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
774		    [Use tunnel device compatibility to OpenBSD])
775		AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
776		    [Prepend the address family to IP tunnel traffic])
777	fi
778	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
779	    [], [#include <linux/types.h>])
780	AC_MSG_CHECKING([for seccomp architecture])
781	seccomp_audit_arch=
782	case "$host" in
783	x86_64-*)
784		seccomp_audit_arch=AUDIT_ARCH_X86_64
785		;;
786	i*86-*)
787		seccomp_audit_arch=AUDIT_ARCH_I386
788		;;
789	arm*-*)
790		seccomp_audit_arch=AUDIT_ARCH_ARM
791		;;
792	aarch64*-*)
793		seccomp_audit_arch=AUDIT_ARCH_AARCH64
794		;;
795	s390x-*)
796		seccomp_audit_arch=AUDIT_ARCH_S390X
797		;;
798	s390-*)
799		seccomp_audit_arch=AUDIT_ARCH_S390
800		;;
801	powerpc64-*)
802		seccomp_audit_arch=AUDIT_ARCH_PPC64
803		;;
804	powerpc64le-*)
805		seccomp_audit_arch=AUDIT_ARCH_PPC64LE
806		;;
807	mips-*)
808		seccomp_audit_arch=AUDIT_ARCH_MIPS
809		;;
810	mipsel-*)
811		seccomp_audit_arch=AUDIT_ARCH_MIPSEL
812		;;
813	mips64-*)
814		seccomp_audit_arch=AUDIT_ARCH_MIPS64
815		;;
816	mips64el-*)
817		seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
818		;;
819	esac
820	if test "x$seccomp_audit_arch" != "x" ; then
821		AC_MSG_RESULT(["$seccomp_audit_arch"])
822		AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
823		    [Specify the system call convention in use])
824	else
825		AC_MSG_RESULT([architecture not supported])
826	fi
827	;;
828mips-sony-bsd|mips-sony-newsos4)
829	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
830	SONY=1
831	;;
832*-*-netbsd*)
833	check_for_libcrypt_before=1
834	if test "x$withval" != "xno" ; then
835		need_dash_r=1
836	fi
837	CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
838	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
839	AC_CHECK_HEADER([net/if_tap.h], ,
840	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
841	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
842	    [Prepend the address family to IP tunnel traffic])
843	TEST_MALLOC_OPTIONS="AJRX"
844	AC_DEFINE([BROKEN_READ_COMPARISON], [1],
845	    [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
846	;;
847*-*-freebsd*)
848	check_for_libcrypt_later=1
849	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
850	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
851	AC_CHECK_HEADER([net/if_tap.h], ,
852	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
853	AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
854	TEST_MALLOC_OPTIONS="AJRX"
855	# Preauth crypto occasionally uses file descriptors for crypto offload
856	# and will crash if they cannot be opened.
857	AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
858	    [define if setrlimit RLIMIT_NOFILE breaks things])
859	;;
860*-*-bsdi*)
861	AC_DEFINE([SETEUID_BREAKS_SETUID])
862	AC_DEFINE([BROKEN_SETREUID])
863	AC_DEFINE([BROKEN_SETREGID])
864	;;
865*-next-*)
866	conf_lastlog_location="/usr/adm/lastlog"
867	conf_utmp_location=/etc/utmp
868	conf_wtmp_location=/usr/adm/wtmp
869	maildir=/usr/spool/mail
870	AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
871	AC_DEFINE([BROKEN_REALPATH])
872	AC_DEFINE([USE_PIPES])
873	AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
874	;;
875*-*-openbsd*)
876	use_pie=auto
877	AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
878	AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
879	AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
880	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
881	    [syslog_r function is safe to use in in a signal handler])
882	TEST_MALLOC_OPTIONS="AFGJPRX"
883	;;
884*-*-solaris*)
885	if test "x$withval" != "xno" ; then
886		need_dash_r=1
887	fi
888	AC_DEFINE([PAM_SUN_CODEBASE])
889	AC_DEFINE([LOGIN_NEEDS_UTMPX])
890	AC_DEFINE([PAM_TTY_KLUDGE])
891	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
892		[Define if pam_chauthtok wants real uid set
893		to the unpriv'ed user])
894	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
895	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
896	AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
897		[Define if sshd somehow reacquires a controlling TTY
898		after setsid()])
899	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
900		in case the name is longer than 8 chars])
901	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
902	external_path_file=/etc/default/login
903	# hardwire lastlog location (can't detect it on some versions)
904	conf_lastlog_location="/var/adm/lastlog"
905	AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
906	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
907	if test "$sol2ver" -ge 8; then
908		AC_MSG_RESULT([yes])
909		AC_DEFINE([DISABLE_UTMP])
910		AC_DEFINE([DISABLE_WTMP], [1],
911			[Define if you don't want to use wtmp])
912	else
913		AC_MSG_RESULT([no])
914	fi
915	AC_CHECK_FUNCS([setpflags])
916	AC_CHECK_FUNCS([setppriv])
917	AC_CHECK_FUNCS([priv_basicset])
918	AC_CHECK_HEADERS([priv.h])
919	AC_ARG_WITH([solaris-contracts],
920		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
921		[
922		AC_CHECK_LIB([contract], [ct_tmpl_activate],
923			[ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
924				[Define if you have Solaris process contracts])
925			  LIBS="$LIBS -lcontract"
926			  SPC_MSG="yes" ], )
927		],
928	)
929	AC_ARG_WITH([solaris-projects],
930		[  --with-solaris-projects Enable Solaris projects (experimental)],
931		[
932		AC_CHECK_LIB([project], [setproject],
933			[ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
934				[Define if you have Solaris projects])
935			LIBS="$LIBS -lproject"
936			SP_MSG="yes" ], )
937		],
938	)
939	AC_ARG_WITH([solaris-privs],
940		[  --with-solaris-privs    Enable Solaris/Illumos privileges (experimental)],
941		[
942		AC_MSG_CHECKING([for Solaris/Illumos privilege support])
943		if test "x$ac_cv_func_setppriv" = "xyes" -a \
944			"x$ac_cv_header_priv_h" = "xyes" ; then
945			SOLARIS_PRIVS=yes
946			AC_MSG_RESULT([found])
947			AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
948				[Define to disable UID restoration test])
949			AC_DEFINE([USE_SOLARIS_PRIVS], [1],
950				[Define if you have Solaris privileges])
951			SPP_MSG="yes"
952		else
953			AC_MSG_RESULT([not found])
954			AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
955		fi
956		],
957	)
958	TEST_SHELL=$SHELL	# let configure find us a capable shell
959	;;
960*-*-sunos4*)
961	CPPFLAGS="$CPPFLAGS -DSUNOS4"
962	AC_CHECK_FUNCS([getpwanam])
963	AC_DEFINE([PAM_SUN_CODEBASE])
964	conf_utmp_location=/etc/utmp
965	conf_wtmp_location=/var/adm/wtmp
966	conf_lastlog_location=/var/adm/lastlog
967	AC_DEFINE([USE_PIPES])
968	;;
969*-ncr-sysv*)
970	LIBS="$LIBS -lc89"
971	AC_DEFINE([USE_PIPES])
972	AC_DEFINE([SSHD_ACQUIRES_CTTY])
973	AC_DEFINE([SETEUID_BREAKS_SETUID])
974	AC_DEFINE([BROKEN_SETREUID])
975	AC_DEFINE([BROKEN_SETREGID])
976	;;
977*-sni-sysv*)
978	# /usr/ucblib MUST NOT be searched on ReliantUNIX
979	AC_CHECK_LIB([dl], [dlsym], ,)
980	# -lresolv needs to be at the end of LIBS or DNS lookups break
981	AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
982	IPADDR_IN_DISPLAY=yes
983	AC_DEFINE([USE_PIPES])
984	AC_DEFINE([IP_TOS_IS_BROKEN])
985	AC_DEFINE([SETEUID_BREAKS_SETUID])
986	AC_DEFINE([BROKEN_SETREUID])
987	AC_DEFINE([BROKEN_SETREGID])
988	AC_DEFINE([SSHD_ACQUIRES_CTTY])
989	external_path_file=/etc/default/login
990	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
991	# Attention: always take care to bind libsocket and libnsl before libc,
992	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
993	;;
994# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
995*-*-sysv4.2*)
996	AC_DEFINE([USE_PIPES])
997	AC_DEFINE([SETEUID_BREAKS_SETUID])
998	AC_DEFINE([BROKEN_SETREUID])
999	AC_DEFINE([BROKEN_SETREGID])
1000	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1001	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1002	TEST_SHELL=$SHELL	# let configure find us a capable shell
1003	;;
1004# UnixWare 7.x, OpenUNIX 8
1005*-*-sysv5*)
1006	CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1007	AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1008	AC_DEFINE([USE_PIPES])
1009	AC_DEFINE([SETEUID_BREAKS_SETUID])
1010	AC_DEFINE([BROKEN_GETADDRINFO])
1011	AC_DEFINE([BROKEN_SETREUID])
1012	AC_DEFINE([BROKEN_SETREGID])
1013	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1014	TEST_SHELL=$SHELL	# let configure find us a capable shell
1015	case "$host" in
1016	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
1017		maildir=/var/spool/mail
1018		AC_DEFINE([BROKEN_LIBIAF], [1],
1019			[ia_uinfo routines not supported by OS yet])
1020		AC_DEFINE([BROKEN_UPDWTMPX])
1021		AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1022			AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1023			AC_DEFINE([HAVE_SECUREWARE])
1024			AC_DEFINE([DISABLE_SHADOW])
1025			], , )
1026		;;
1027	*)	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1028		check_for_libcrypt_later=1
1029		;;
1030	esac
1031	;;
1032*-*-sysv*)
1033	;;
1034# SCO UNIX and OEM versions of SCO UNIX
1035*-*-sco3.2v4*)
1036	AC_MSG_ERROR("This Platform is no longer supported.")
1037	;;
1038# SCO OpenServer 5.x
1039*-*-sco3.2v5*)
1040	if test -z "$GCC"; then
1041		CFLAGS="$CFLAGS -belf"
1042	fi
1043	LIBS="$LIBS -lprot -lx -ltinfo -lm"
1044	no_dev_ptmx=1
1045	AC_DEFINE([USE_PIPES])
1046	AC_DEFINE([HAVE_SECUREWARE])
1047	AC_DEFINE([DISABLE_SHADOW])
1048	AC_DEFINE([DISABLE_FD_PASSING])
1049	AC_DEFINE([SETEUID_BREAKS_SETUID])
1050	AC_DEFINE([BROKEN_GETADDRINFO])
1051	AC_DEFINE([BROKEN_SETREUID])
1052	AC_DEFINE([BROKEN_SETREGID])
1053	AC_DEFINE([WITH_ABBREV_NO_TTY])
1054	AC_DEFINE([BROKEN_UPDWTMPX])
1055	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1056	AC_CHECK_FUNCS([getluid setluid])
1057	MANTYPE=man
1058	TEST_SHELL=$SHELL	# let configure find us a capable shell
1059	SKIP_DISABLE_LASTLOG_DEFINE=yes
1060	;;
1061*-*-unicosmk*)
1062	AC_DEFINE([NO_SSH_LASTLOG], [1],
1063		[Define if you don't want to use lastlog in session.c])
1064	AC_DEFINE([SETEUID_BREAKS_SETUID])
1065	AC_DEFINE([BROKEN_SETREUID])
1066	AC_DEFINE([BROKEN_SETREGID])
1067	AC_DEFINE([USE_PIPES])
1068	AC_DEFINE([DISABLE_FD_PASSING])
1069	LDFLAGS="$LDFLAGS"
1070	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1071	MANTYPE=cat
1072	;;
1073*-*-unicosmp*)
1074	AC_DEFINE([SETEUID_BREAKS_SETUID])
1075	AC_DEFINE([BROKEN_SETREUID])
1076	AC_DEFINE([BROKEN_SETREGID])
1077	AC_DEFINE([WITH_ABBREV_NO_TTY])
1078	AC_DEFINE([USE_PIPES])
1079	AC_DEFINE([DISABLE_FD_PASSING])
1080	LDFLAGS="$LDFLAGS"
1081	LIBS="$LIBS -lgen -lacid -ldb"
1082	MANTYPE=cat
1083	;;
1084*-*-unicos*)
1085	AC_DEFINE([SETEUID_BREAKS_SETUID])
1086	AC_DEFINE([BROKEN_SETREUID])
1087	AC_DEFINE([BROKEN_SETREGID])
1088	AC_DEFINE([USE_PIPES])
1089	AC_DEFINE([DISABLE_FD_PASSING])
1090	AC_DEFINE([NO_SSH_LASTLOG])
1091	LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1092	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1093	MANTYPE=cat
1094	;;
1095*-dec-osf*)
1096	AC_MSG_CHECKING([for Digital Unix SIA])
1097	no_osfsia=""
1098	AC_ARG_WITH([osfsia],
1099		[  --with-osfsia           Enable Digital Unix SIA],
1100		[
1101			if test "x$withval" = "xno" ; then
1102				AC_MSG_RESULT([disabled])
1103				no_osfsia=1
1104			fi
1105		],
1106	)
1107	if test -z "$no_osfsia" ; then
1108		if test -f /etc/sia/matrix.conf; then
1109			AC_MSG_RESULT([yes])
1110			AC_DEFINE([HAVE_OSF_SIA], [1],
1111				[Define if you have Digital Unix Security
1112				Integration Architecture])
1113			AC_DEFINE([DISABLE_LOGIN], [1],
1114				[Define if you don't want to use your
1115				system's login() call])
1116			AC_DEFINE([DISABLE_FD_PASSING])
1117			LIBS="$LIBS -lsecurity -ldb -lm -laud"
1118			SIA_MSG="yes"
1119		else
1120			AC_MSG_RESULT([no])
1121			AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1122			  [String used in /etc/passwd to denote locked account])
1123		fi
1124	fi
1125	AC_DEFINE([BROKEN_GETADDRINFO])
1126	AC_DEFINE([SETEUID_BREAKS_SETUID])
1127	AC_DEFINE([BROKEN_SETREUID])
1128	AC_DEFINE([BROKEN_SETREGID])
1129	AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1130	;;
1131
1132*-*-nto-qnx*)
1133	AC_DEFINE([USE_PIPES])
1134	AC_DEFINE([NO_X11_UNIX_SOCKETS])
1135	AC_DEFINE([DISABLE_LASTLOG])
1136	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1137	AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1138	enable_etc_default_login=no	# has incompatible /etc/default/login
1139	case "$host" in
1140	*-*-nto-qnx6*)
1141		AC_DEFINE([DISABLE_FD_PASSING])
1142		;;
1143	esac
1144	;;
1145
1146*-*-ultrix*)
1147	AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1148	AC_DEFINE([NEED_SETPGRP])
1149	AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1150	;;
1151
1152*-*-lynxos)
1153	CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1154	AC_DEFINE([BROKEN_SETVBUF], [1],
1155	    [LynxOS has broken setvbuf() implementation])
1156	;;
1157esac
1158
1159AC_MSG_CHECKING([compiler and flags for sanity])
1160AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1161	[	AC_MSG_RESULT([yes]) ],
1162	[
1163		AC_MSG_RESULT([no])
1164		AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1165	],
1166	[	AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1167)
1168
1169dnl Checks for header files.
1170# Checks for libraries.
1171AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1172
1173dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1174AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1175	AC_CHECK_LIB([gen], [dirname], [
1176		AC_CACHE_CHECK([for broken dirname],
1177			ac_cv_have_broken_dirname, [
1178			save_LIBS="$LIBS"
1179			LIBS="$LIBS -lgen"
1180			AC_RUN_IFELSE(
1181				[AC_LANG_SOURCE([[
1182#include <libgen.h>
1183#include <string.h>
1184
1185int main(int argc, char **argv) {
1186    char *s, buf[32];
1187
1188    strncpy(buf,"/etc", 32);
1189    s = dirname(buf);
1190    if (!s || strncmp(s, "/", 32) != 0) {
1191	exit(1);
1192    } else {
1193	exit(0);
1194    }
1195}
1196				]])],
1197				[ ac_cv_have_broken_dirname="no" ],
1198				[ ac_cv_have_broken_dirname="yes" ],
1199				[ ac_cv_have_broken_dirname="no" ],
1200			)
1201			LIBS="$save_LIBS"
1202		])
1203		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1204			LIBS="$LIBS -lgen"
1205			AC_DEFINE([HAVE_DIRNAME])
1206			AC_CHECK_HEADERS([libgen.h])
1207		fi
1208	])
1209])
1210
1211AC_CHECK_FUNC([getspnam], ,
1212	[AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1213AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1214	[Define if you have the basename function.])])
1215
1216dnl zlib is required
1217AC_ARG_WITH([zlib],
1218	[  --with-zlib=PATH        Use zlib in PATH],
1219	[ if test "x$withval" = "xno" ; then
1220		AC_MSG_ERROR([*** zlib is required ***])
1221	  elif test "x$withval" != "xyes"; then
1222		if test -d "$withval/lib"; then
1223			if test -n "${need_dash_r}"; then
1224				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1225			else
1226				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1227			fi
1228		else
1229			if test -n "${need_dash_r}"; then
1230				LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1231			else
1232				LDFLAGS="-L${withval} ${LDFLAGS}"
1233			fi
1234		fi
1235		if test -d "$withval/include"; then
1236			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1237		else
1238			CPPFLAGS="-I${withval} ${CPPFLAGS}"
1239		fi
1240	fi ]
1241)
1242
1243AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1244AC_CHECK_LIB([z], [deflate], ,
1245	[
1246		saved_CPPFLAGS="$CPPFLAGS"
1247		saved_LDFLAGS="$LDFLAGS"
1248		save_LIBS="$LIBS"
1249		dnl Check default zlib install dir
1250		if test -n "${need_dash_r}"; then
1251			LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1252		else
1253			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1254		fi
1255		CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1256		LIBS="$LIBS -lz"
1257		AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1258			[
1259				AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1260			]
1261		)
1262	]
1263)
1264
1265AC_ARG_WITH([zlib-version-check],
1266	[  --without-zlib-version-check Disable zlib version check],
1267	[  if test "x$withval" = "xno" ; then
1268		zlib_check_nonfatal=1
1269	   fi
1270	]
1271)
1272
1273AC_MSG_CHECKING([for possibly buggy zlib])
1274AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1275#include <stdio.h>
1276#include <stdlib.h>
1277#include <zlib.h>
1278	]],
1279	[[
1280	int a=0, b=0, c=0, d=0, n, v;
1281	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1282	if (n != 3 && n != 4)
1283		exit(1);
1284	v = a*1000000 + b*10000 + c*100 + d;
1285	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1286
1287	/* 1.1.4 is OK */
1288	if (a == 1 && b == 1 && c >= 4)
1289		exit(0);
1290
1291	/* 1.2.3 and up are OK */
1292	if (v >= 1020300)
1293		exit(0);
1294
1295	exit(2);
1296	]])],
1297	AC_MSG_RESULT([no]),
1298	[ AC_MSG_RESULT([yes])
1299	  if test -z "$zlib_check_nonfatal" ; then
1300		AC_MSG_ERROR([*** zlib too old - check config.log ***
1301Your reported zlib version has known security problems.  It's possible your
1302vendor has fixed these problems without changing the version number.  If you
1303are sure this is the case, you can disable the check by running
1304"./configure --without-zlib-version-check".
1305If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1306See http://www.gzip.org/zlib/ for details.])
1307	  else
1308		AC_MSG_WARN([zlib version may have security problems])
1309	  fi
1310	],
1311	[	AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1312)
1313
1314dnl UnixWare 2.x
1315AC_CHECK_FUNC([strcasecmp],
1316	[], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1317)
1318AC_CHECK_FUNCS([utimes],
1319	[], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1320					LIBS="$LIBS -lc89"]) ]
1321)
1322
1323dnl    Checks for libutil functions
1324AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1325AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1326AC_SEARCH_LIBS([scan_scaled], [util bsd])
1327AC_SEARCH_LIBS([login], [util bsd])
1328AC_SEARCH_LIBS([logout], [util bsd])
1329AC_SEARCH_LIBS([logwtmp], [util bsd])
1330AC_SEARCH_LIBS([openpty], [util bsd])
1331AC_SEARCH_LIBS([updwtmp], [util bsd])
1332AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1333
1334# On some platforms, inet_ntop and gethostbyname may be found in libresolv
1335# or libnsl.
1336AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1337AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1338
1339AC_FUNC_STRFTIME
1340
1341# Check for ALTDIRFUNC glob() extension
1342AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1343AC_EGREP_CPP([FOUNDIT],
1344	[
1345		#include <glob.h>
1346		#ifdef GLOB_ALTDIRFUNC
1347		FOUNDIT
1348		#endif
1349	],
1350	[
1351		AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1352			[Define if your system glob() function has
1353			the GLOB_ALTDIRFUNC extension])
1354		AC_MSG_RESULT([yes])
1355	],
1356	[
1357		AC_MSG_RESULT([no])
1358	]
1359)
1360
1361# Check for g.gl_matchc glob() extension
1362AC_MSG_CHECKING([for gl_matchc field in glob_t])
1363AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1364	[[ glob_t g; g.gl_matchc = 1; ]])],
1365	[
1366		AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1367			[Define if your system glob() function has
1368			gl_matchc options in glob_t])
1369		AC_MSG_RESULT([yes])
1370	], [
1371		AC_MSG_RESULT([no])
1372])
1373
1374# Check for g.gl_statv glob() extension
1375AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1376AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1377#ifndef GLOB_KEEPSTAT
1378#error "glob does not support GLOB_KEEPSTAT extension"
1379#endif
1380glob_t g;
1381g.gl_statv = NULL;
1382]])],
1383	[
1384		AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1385			[Define if your system glob() function has
1386			gl_statv options in glob_t])
1387		AC_MSG_RESULT([yes])
1388	], [
1389		AC_MSG_RESULT([no])
1390
1391])
1392
1393AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1394
1395AC_CHECK_DECL([VIS_ALL], ,
1396    AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1397
1398AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1399AC_RUN_IFELSE(
1400	[AC_LANG_PROGRAM([[
1401#include <sys/types.h>
1402#include <dirent.h>]],
1403	[[
1404	struct dirent d;
1405	exit(sizeof(d.d_name)<=sizeof(char));
1406	]])],
1407	[AC_MSG_RESULT([yes])],
1408	[
1409		AC_MSG_RESULT([no])
1410		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1411			[Define if your struct dirent expects you to
1412			allocate extra space for d_name])
1413	],
1414	[
1415		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1416		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1417	]
1418)
1419
1420AC_MSG_CHECKING([for /proc/pid/fd directory])
1421if test -d "/proc/$$/fd" ; then
1422	AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1423	AC_MSG_RESULT([yes])
1424else
1425	AC_MSG_RESULT([no])
1426fi
1427
1428# Check whether user wants S/Key support
1429SKEY_MSG="no"
1430AC_ARG_WITH([skey],
1431	[  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
1432	[
1433		if test "x$withval" != "xno" ; then
1434
1435			if test "x$withval" != "xyes" ; then
1436				CPPFLAGS="$CPPFLAGS -I${withval}/include"
1437				LDFLAGS="$LDFLAGS -L${withval}/lib"
1438			fi
1439
1440			AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1441			LIBS="-lskey $LIBS"
1442			SKEY_MSG="yes"
1443
1444			AC_MSG_CHECKING([for s/key support])
1445			AC_LINK_IFELSE(
1446				[AC_LANG_PROGRAM([[
1447#include <stdio.h>
1448#include <skey.h>
1449				]], [[
1450	char *ff = skey_keyinfo(""); ff="";
1451	exit(0);
1452				]])],
1453				[AC_MSG_RESULT([yes])],
1454				[
1455					AC_MSG_RESULT([no])
1456					AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1457				])
1458			AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1459			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1460#include <stdio.h>
1461#include <skey.h>
1462				]], [[
1463	(void)skeychallenge(NULL,"name","",0);
1464				]])],
1465			[
1466				AC_MSG_RESULT([yes])
1467				AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1468					[Define if your skeychallenge()
1469					function takes 4 arguments (NetBSD)])],
1470			[
1471				AC_MSG_RESULT([no])
1472			])
1473		fi
1474	]
1475)
1476
1477# Check whether user wants TCP wrappers support
1478TCPW_MSG="no"
1479AC_ARG_WITH([tcp-wrappers],
1480	[  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1481	[
1482		if test "x$withval" != "xno" ; then
1483			saved_LIBS="$LIBS"
1484			saved_LDFLAGS="$LDFLAGS"
1485			saved_CPPFLAGS="$CPPFLAGS"
1486			if test -n "${withval}" && \
1487			    test "x${withval}" != "xyes"; then
1488				if test -d "${withval}/lib"; then
1489					if test -n "${need_dash_r}"; then
1490						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1491					else
1492						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1493					fi
1494				else
1495					if test -n "${need_dash_r}"; then
1496						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1497					else
1498						LDFLAGS="-L${withval} ${LDFLAGS}"
1499					fi
1500				fi
1501				if test -d "${withval}/include"; then
1502					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1503				else
1504					CPPFLAGS="-I${withval} ${CPPFLAGS}"
1505				fi
1506			fi
1507			LIBS="-lwrap $LIBS"
1508			AC_MSG_CHECKING([for libwrap])
1509			AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1510#include <sys/types.h>
1511#include <sys/socket.h>
1512#include <netinet/in.h>
1513#include <tcpd.h>
1514int deny_severity = 0, allow_severity = 0;
1515				]], [[
1516	hosts_access(0);
1517				]])], [
1518					AC_MSG_RESULT([yes])
1519					AC_DEFINE([LIBWRAP], [1],
1520						[Define if you want
1521						TCP Wrappers support])
1522					SSHDLIBS="$SSHDLIBS -lwrap"
1523					TCPW_MSG="yes"
1524				], [
1525					AC_MSG_ERROR([*** libwrap missing])
1526
1527			])
1528			LIBS="$saved_LIBS"
1529		fi
1530	]
1531)
1532
1533# Check whether user wants to use ldns
1534LDNS_MSG="no"
1535AC_ARG_WITH(ldns,
1536	[  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
1537    [
1538        if test "x$withval" != "xno" ; then
1539
1540			if test "x$withval" != "xyes" ; then
1541				CPPFLAGS="$CPPFLAGS -I${withval}/include"
1542				LDFLAGS="$LDFLAGS -L${withval}/lib"
1543			fi
1544
1545            AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1546            LIBS="-lldns $LIBS"
1547            LDNS_MSG="yes"
1548
1549            AC_MSG_CHECKING([for ldns support])
1550            AC_LINK_IFELSE(
1551                [AC_LANG_SOURCE([[
1552#include <stdio.h>
1553#include <stdlib.h>
1554#include <stdint.h>
1555#include <ldns/ldns.h>
1556int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1557                                ]])
1558                ],
1559				[AC_MSG_RESULT(yes)],
1560				[
1561					AC_MSG_RESULT(no)
1562					AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1563				])
1564        fi
1565    ]
1566)
1567
1568# Check whether user wants libedit support
1569LIBEDIT_MSG="no"
1570AC_ARG_WITH([libedit],
1571	[  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1572	[ if test "x$withval" != "xno" ; then
1573		if test "x$withval" = "xyes" ; then
1574			AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1575			if test "x$PKGCONFIG" != "xno"; then
1576				AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1577				if "$PKGCONFIG" libedit; then
1578					AC_MSG_RESULT([yes])
1579					use_pkgconfig_for_libedit=yes
1580				else
1581					AC_MSG_RESULT([no])
1582				fi
1583			fi
1584		else
1585			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1586			if test -n "${need_dash_r}"; then
1587				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1588			else
1589				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1590			fi
1591		fi
1592		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1593			LIBEDIT=`$PKGCONFIG --libs libedit`
1594			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1595		else
1596			LIBEDIT="-ledit -lcurses"
1597		fi
1598		OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1599		AC_CHECK_LIB([edit], [el_init],
1600			[ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1601			  LIBEDIT_MSG="yes"
1602			  AC_SUBST([LIBEDIT])
1603			],
1604			[ AC_MSG_ERROR([libedit not found]) ],
1605			[ $OTHERLIBS ]
1606		)
1607		AC_MSG_CHECKING([if libedit version is compatible])
1608		AC_COMPILE_IFELSE(
1609		    [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1610		    [[
1611	int i = H_SETSIZE;
1612	el_init("", NULL, NULL, NULL);
1613	exit(0);
1614		    ]])],
1615		    [ AC_MSG_RESULT([yes]) ],
1616		    [ AC_MSG_RESULT([no])
1617		      AC_MSG_ERROR([libedit version is not compatible]) ]
1618		)
1619	fi ]
1620)
1621
1622AUDIT_MODULE=none
1623AC_ARG_WITH([audit],
1624	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
1625	[
1626	  AC_MSG_CHECKING([for supported audit module])
1627	  case "$withval" in
1628	  bsm)
1629		AC_MSG_RESULT([bsm])
1630		AUDIT_MODULE=bsm
1631		dnl    Checks for headers, libs and functions
1632		AC_CHECK_HEADERS([bsm/audit.h], [],
1633		    [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1634		    [
1635#ifdef HAVE_TIME_H
1636# include <time.h>
1637#endif
1638		    ]
1639)
1640		AC_CHECK_LIB([bsm], [getaudit], [],
1641		    [AC_MSG_ERROR([BSM enabled and required library not found])])
1642		AC_CHECK_FUNCS([getaudit], [],
1643		    [AC_MSG_ERROR([BSM enabled and required function not found])])
1644		# These are optional
1645		AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1646		AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1647		if test "$sol2ver" -ge 11; then
1648			SSHDLIBS="$SSHDLIBS -lscf"
1649			AC_DEFINE([BROKEN_BSM_API], [1],
1650				[The system has incomplete BSM API])
1651		fi
1652		;;
1653	  linux)
1654		AC_MSG_RESULT([linux])
1655		AUDIT_MODULE=linux
1656		dnl    Checks for headers, libs and functions
1657		AC_CHECK_HEADERS([libaudit.h])
1658		SSHDLIBS="$SSHDLIBS -laudit"
1659		AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1660		;;
1661	  debug)
1662		AUDIT_MODULE=debug
1663		AC_MSG_RESULT([debug])
1664		AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1665		;;
1666	  no)
1667		AC_MSG_RESULT([no])
1668		;;
1669	  *)
1670		AC_MSG_ERROR([Unknown audit module $withval])
1671		;;
1672	esac ]
1673)
1674
1675AC_ARG_WITH([pie],
1676    [  --with-pie              Build Position Independent Executables if possible], [
1677	if test "x$withval" = "xno"; then
1678		use_pie=no
1679	fi
1680	if test "x$withval" = "xyes"; then
1681		use_pie=yes
1682	fi
1683    ]
1684)
1685if test "x$use_pie" = "x"; then
1686	use_pie=no
1687fi
1688if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1689	# Turn off automatic PIE when toolchain hardening is off.
1690	use_pie=no
1691fi
1692if test "x$use_pie" = "xauto"; then
1693	# Automatic PIE requires gcc >= 4.x
1694	AC_MSG_CHECKING([for gcc >= 4.x])
1695	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1696#if !defined(__GNUC__) || __GNUC__ < 4
1697#error gcc is too old
1698#endif
1699]])],
1700	[ AC_MSG_RESULT([yes]) ],
1701	[ AC_MSG_RESULT([no])
1702	  use_pie=no ]
1703)
1704fi
1705if test "x$use_pie" != "xno"; then
1706	SAVED_CFLAGS="$CFLAGS"
1707	SAVED_LDFLAGS="$LDFLAGS"
1708	OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1709	OSSH_CHECK_LDFLAG_LINK([-pie])
1710	# We use both -fPIE and -pie or neither.
1711	AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1712	if echo "x $CFLAGS"  | grep ' -fPIE' >/dev/null 2>&1 && \
1713	   echo "x $LDFLAGS" | grep ' -pie'  >/dev/null 2>&1 ; then
1714		AC_MSG_RESULT([yes])
1715	else
1716		AC_MSG_RESULT([no])
1717		CFLAGS="$SAVED_CFLAGS"
1718		LDFLAGS="$SAVED_LDFLAGS"
1719	fi
1720fi
1721
1722dnl    Checks for library functions. Please keep in alphabetical order
1723AC_CHECK_FUNCS([ \
1724	Blowfish_initstate \
1725	Blowfish_expandstate \
1726	Blowfish_expand0state \
1727	Blowfish_stream2word \
1728	asprintf \
1729	b64_ntop \
1730	__b64_ntop \
1731	b64_pton \
1732	__b64_pton \
1733	bcopy \
1734	bcrypt_pbkdf \
1735	bindresvport_sa \
1736	blf_enc \
1737	cap_rights_limit \
1738	clock \
1739	closefrom \
1740	dirfd \
1741	endgrent \
1742	err \
1743	errx \
1744	explicit_bzero \
1745	fchmod \
1746	fchown \
1747	freeaddrinfo \
1748	fstatfs \
1749	fstatvfs \
1750	futimes \
1751	getaddrinfo \
1752	getcwd \
1753	getgrouplist \
1754	getnameinfo \
1755	getopt \
1756	getpeereid \
1757	getpeerucred \
1758	getpgid \
1759	getpgrp \
1760	_getpty \
1761	getrlimit \
1762	getttyent \
1763	glob \
1764	group_from_gid \
1765	inet_aton \
1766	inet_ntoa \
1767	inet_ntop \
1768	innetgr \
1769	login_getcapbool \
1770	md5_crypt \
1771	memmove \
1772	memset_s \
1773	mkdtemp \
1774	ngetaddrinfo \
1775	nsleep \
1776	ogetaddrinfo \
1777	openlog_r \
1778	pledge \
1779	poll \
1780	prctl \
1781	pstat \
1782	readpassphrase \
1783	reallocarray \
1784	recvmsg \
1785	rresvport_af \
1786	sendmsg \
1787	setdtablesize \
1788	setegid \
1789	setenv \
1790	seteuid \
1791	setgroupent \
1792	setgroups \
1793	setlinebuf \
1794	setlogin \
1795	setpassent\
1796	setpcred \
1797	setproctitle \
1798	setregid \
1799	setreuid \
1800	setrlimit \
1801	setsid \
1802	setvbuf \
1803	sigaction \
1804	sigvec \
1805	snprintf \
1806	socketpair \
1807	statfs \
1808	statvfs \
1809	strcasestr \
1810	strdup \
1811	strerror \
1812	strlcat \
1813	strlcpy \
1814	strmode \
1815	strnlen \
1816	strnvis \
1817	strptime \
1818	strtonum \
1819	strtoll \
1820	strtoul \
1821	strtoull \
1822	swap32 \
1823	sysconf \
1824	tcgetpgrp \
1825	timingsafe_bcmp \
1826	truncate \
1827	unsetenv \
1828	updwtmpx \
1829	user_from_uid \
1830	usleep \
1831	vasprintf \
1832	vsnprintf \
1833	waitpid \
1834	warn \
1835])
1836
1837dnl Wide character support.  Linux man page says it needs _XOPEN_SOURCE.
1838saved_CFLAGS="$CFLAGS"
1839CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
1840AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1841CFLAGS="$saved_CFLAGS"
1842
1843TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
1844AC_MSG_CHECKING([for utf8 locale support])
1845AC_RUN_IFELSE(
1846	[AC_LANG_PROGRAM([[
1847#include <locale.h>
1848#include <stdlib.h>
1849	]], [[
1850	char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
1851	if (loc != NULL)
1852		exit(0);
1853	exit(1);
1854	]])],
1855	AC_MSG_RESULT(yes),
1856	[AC_MSG_RESULT(no)
1857	 TEST_SSH_UTF8=no],
1858	AC_MSG_WARN([cross compiling: assuming yes])
1859)
1860
1861AC_LINK_IFELSE(
1862        [AC_LANG_PROGRAM(
1863           [[ #include <ctype.h> ]],
1864           [[ return (isblank('a')); ]])],
1865	[AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1866])
1867
1868disable_pkcs11=
1869AC_ARG_ENABLE([pkcs11],
1870	[  --disable-pkcs11        disable PKCS#11 support code [no]],
1871	[
1872		if test "x$enableval" = "xno" ; then
1873			disable_pkcs11=1
1874		fi
1875	]
1876)
1877
1878# PKCS11 depends on OpenSSL.
1879if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
1880	# PKCS#11 support requires dlopen() and co
1881	AC_SEARCH_LIBS([dlopen], [dl],
1882	    [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1883	)
1884fi
1885
1886# IRIX has a const char return value for gai_strerror()
1887AC_CHECK_FUNCS([gai_strerror], [
1888	AC_DEFINE([HAVE_GAI_STRERROR])
1889	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1890#include <sys/types.h>
1891#include <sys/socket.h>
1892#include <netdb.h>
1893
1894const char *gai_strerror(int);
1895			]], [[
1896	char *str;
1897	str = gai_strerror(0);
1898			]])], [
1899		AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1900		[Define if gai_strerror() returns const char *])], [])])
1901
1902AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1903	[Some systems put nanosleep outside of libc])])
1904
1905AC_SEARCH_LIBS([clock_gettime], [rt],
1906	[AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1907
1908dnl Make sure prototypes are defined for these before using them.
1909AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1910AC_CHECK_DECL([strsep],
1911	[AC_CHECK_FUNCS([strsep])],
1912	[],
1913	[
1914#ifdef HAVE_STRING_H
1915# include <string.h>
1916#endif
1917	])
1918
1919dnl tcsendbreak might be a macro
1920AC_CHECK_DECL([tcsendbreak],
1921	[AC_DEFINE([HAVE_TCSENDBREAK])],
1922	[AC_CHECK_FUNCS([tcsendbreak])],
1923	[#include <termios.h>]
1924)
1925
1926AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1927
1928AC_CHECK_DECLS([SHUT_RD], , ,
1929	[
1930#include <sys/types.h>
1931#include <sys/socket.h>
1932	])
1933
1934AC_CHECK_DECLS([O_NONBLOCK], , ,
1935	[
1936#include <sys/types.h>
1937#ifdef HAVE_SYS_STAT_H
1938# include <sys/stat.h>
1939#endif
1940#ifdef HAVE_FCNTL_H
1941# include <fcntl.h>
1942#endif
1943	])
1944
1945AC_CHECK_DECLS([writev], , , [
1946#include <sys/types.h>
1947#include <sys/uio.h>
1948#include <unistd.h>
1949	])
1950
1951AC_CHECK_DECLS([MAXSYMLINKS], , , [
1952#include <sys/param.h>
1953	])
1954
1955AC_CHECK_DECLS([offsetof], , , [
1956#include <stddef.h>
1957	])
1958
1959# extra bits for select(2)
1960AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1961#include <sys/param.h>
1962#include <sys/types.h>
1963#ifdef HAVE_SYS_SYSMACROS_H
1964#include <sys/sysmacros.h>
1965#endif
1966#ifdef HAVE_SYS_SELECT_H
1967#include <sys/select.h>
1968#endif
1969#ifdef HAVE_SYS_TIME_H
1970#include <sys/time.h>
1971#endif
1972#ifdef HAVE_UNISTD_H
1973#include <unistd.h>
1974#endif
1975	]])
1976AC_CHECK_TYPES([fd_mask], [], [], [[
1977#include <sys/param.h>
1978#include <sys/types.h>
1979#ifdef HAVE_SYS_SELECT_H
1980#include <sys/select.h>
1981#endif
1982#ifdef HAVE_SYS_TIME_H
1983#include <sys/time.h>
1984#endif
1985#ifdef HAVE_UNISTD_H
1986#include <unistd.h>
1987#endif
1988	]])
1989
1990AC_CHECK_FUNCS([setresuid], [
1991	dnl Some platorms have setresuid that isn't implemented, test for this
1992	AC_MSG_CHECKING([if setresuid seems to work])
1993	AC_RUN_IFELSE(
1994		[AC_LANG_PROGRAM([[
1995#include <stdlib.h>
1996#include <errno.h>
1997		]], [[
1998	errno=0;
1999	setresuid(0,0,0);
2000	if (errno==ENOSYS)
2001		exit(1);
2002	else
2003		exit(0);
2004		]])],
2005		[AC_MSG_RESULT([yes])],
2006		[AC_DEFINE([BROKEN_SETRESUID], [1],
2007			[Define if your setresuid() is broken])
2008		 AC_MSG_RESULT([not implemented])],
2009		[AC_MSG_WARN([cross compiling: not checking setresuid])]
2010	)
2011])
2012
2013AC_CHECK_FUNCS([setresgid], [
2014	dnl Some platorms have setresgid that isn't implemented, test for this
2015	AC_MSG_CHECKING([if setresgid seems to work])
2016	AC_RUN_IFELSE(
2017		[AC_LANG_PROGRAM([[
2018#include <stdlib.h>
2019#include <errno.h>
2020		]], [[
2021	errno=0;
2022	setresgid(0,0,0);
2023	if (errno==ENOSYS)
2024		exit(1);
2025	else
2026		exit(0);
2027		]])],
2028		[AC_MSG_RESULT([yes])],
2029		[AC_DEFINE([BROKEN_SETRESGID], [1],
2030			[Define if your setresgid() is broken])
2031		 AC_MSG_RESULT([not implemented])],
2032		[AC_MSG_WARN([cross compiling: not checking setresuid])]
2033	)
2034])
2035
2036AC_CHECK_FUNCS([realpath], [
2037	dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
2038	dnl path name", however some implementations of realpath (and some
2039	dnl versions of the POSIX spec) do not work on non-existent files,
2040	dnl so we use the OpenBSD implementation on those platforms.
2041	AC_MSG_CHECKING([if realpath works with non-existent files])
2042	AC_RUN_IFELSE(
2043		[AC_LANG_PROGRAM([[
2044#include <limits.h>
2045#include <stdlib.h>
2046#include <errno.h>
2047		]], [[
2048		char buf[PATH_MAX];
2049		if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
2050			if (errno == ENOENT)
2051				exit(1);
2052		exit(0);
2053		]])],
2054		[AC_MSG_RESULT([yes])],
2055		[AC_DEFINE([BROKEN_REALPATH], [1],
2056			[realpath does not work with nonexistent files])
2057		 AC_MSG_RESULT([no])],
2058		[AC_MSG_WARN([cross compiling: assuming working])]
2059	)
2060])
2061
2062dnl    Checks for time functions
2063AC_CHECK_FUNCS([gettimeofday time])
2064dnl    Checks for utmp functions
2065AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2066AC_CHECK_FUNCS([utmpname])
2067dnl    Checks for utmpx functions
2068AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2069AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2070dnl    Checks for lastlog functions
2071AC_CHECK_FUNCS([getlastlogxbyname])
2072
2073AC_CHECK_FUNC([daemon],
2074	[AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2075	[AC_CHECK_LIB([bsd], [daemon],
2076		[LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2077)
2078
2079AC_CHECK_FUNC([getpagesize],
2080	[AC_DEFINE([HAVE_GETPAGESIZE], [1],
2081		[Define if your libraries define getpagesize()])],
2082	[AC_CHECK_LIB([ucb], [getpagesize],
2083		[LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2084)
2085
2086# Check for broken snprintf
2087if test "x$ac_cv_func_snprintf" = "xyes" ; then
2088	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2089	AC_RUN_IFELSE(
2090		[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2091		[[
2092	char b[5];
2093	snprintf(b,5,"123456789");
2094	exit(b[4]!='\0');
2095		]])],
2096		[AC_MSG_RESULT([yes])],
2097		[
2098			AC_MSG_RESULT([no])
2099			AC_DEFINE([BROKEN_SNPRINTF], [1],
2100				[Define if your snprintf is busted])
2101			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2102		],
2103		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2104	)
2105fi
2106
2107# We depend on vsnprintf returning the right thing on overflow: the
2108# number of characters it tried to create (as per SUSv3)
2109if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2110	AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2111	AC_RUN_IFELSE(
2112		[AC_LANG_PROGRAM([[
2113#include <sys/types.h>
2114#include <stdio.h>
2115#include <stdarg.h>
2116
2117int x_snprintf(char *str, size_t count, const char *fmt, ...)
2118{
2119	size_t ret;
2120	va_list ap;
2121
2122	va_start(ap, fmt);
2123	ret = vsnprintf(str, count, fmt, ap);
2124	va_end(ap);
2125	return ret;
2126}
2127		]], [[
2128char x[1];
2129if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2130	return 1;
2131if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2132	return 1;
2133return 0;
2134		]])],
2135		[AC_MSG_RESULT([yes])],
2136		[
2137			AC_MSG_RESULT([no])
2138			AC_DEFINE([BROKEN_SNPRINTF], [1],
2139				[Define if your snprintf is busted])
2140			AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2141		],
2142		[ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2143	)
2144fi
2145
2146# On systems where [v]snprintf is broken, but is declared in stdio,
2147# check that the fmt argument is const char * or just char *.
2148# This is only useful for when BROKEN_SNPRINTF
2149AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2150AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2151#include <stdio.h>
2152int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2153		]], [[
2154	snprintf(0, 0, 0);
2155		]])],
2156   [AC_MSG_RESULT([yes])
2157    AC_DEFINE([SNPRINTF_CONST], [const],
2158              [Define as const if snprintf() can declare const char *fmt])],
2159   [AC_MSG_RESULT([no])
2160    AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2161
2162# Check for missing getpeereid (or equiv) support
2163NO_PEERCHECK=""
2164if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2165	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2166	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2167#include <sys/types.h>
2168#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2169		[ AC_MSG_RESULT([yes])
2170		  AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2171		], [AC_MSG_RESULT([no])
2172		NO_PEERCHECK=1
2173        ])
2174fi
2175
2176dnl see whether mkstemp() requires XXXXXX
2177if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2178AC_MSG_CHECKING([for (overly) strict mkstemp])
2179AC_RUN_IFELSE(
2180	[AC_LANG_PROGRAM([[
2181#include <stdlib.h>
2182	]], [[
2183	char template[]="conftest.mkstemp-test";
2184	if (mkstemp(template) == -1)
2185		exit(1);
2186	unlink(template);
2187	exit(0);
2188	]])],
2189	[
2190		AC_MSG_RESULT([no])
2191	],
2192	[
2193		AC_MSG_RESULT([yes])
2194		AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2195	],
2196	[
2197		AC_MSG_RESULT([yes])
2198		AC_DEFINE([HAVE_STRICT_MKSTEMP])
2199	]
2200)
2201fi
2202
2203dnl make sure that openpty does not reacquire controlling terminal
2204if test ! -z "$check_for_openpty_ctty_bug"; then
2205	AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2206	AC_RUN_IFELSE(
2207		[AC_LANG_PROGRAM([[
2208#include <stdio.h>
2209#include <sys/fcntl.h>
2210#include <sys/types.h>
2211#include <sys/wait.h>
2212		]], [[
2213	pid_t pid;
2214	int fd, ptyfd, ttyfd, status;
2215
2216	pid = fork();
2217	if (pid < 0) {		/* failed */
2218		exit(1);
2219	} else if (pid > 0) {	/* parent */
2220		waitpid(pid, &status, 0);
2221		if (WIFEXITED(status))
2222			exit(WEXITSTATUS(status));
2223		else
2224			exit(2);
2225	} else {		/* child */
2226		close(0); close(1); close(2);
2227		setsid();
2228		openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2229		fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2230		if (fd >= 0)
2231			exit(3);	/* Acquired ctty: broken */
2232		else
2233			exit(0);	/* Did not acquire ctty: OK */
2234	}
2235		]])],
2236		[
2237			AC_MSG_RESULT([yes])
2238		],
2239		[
2240			AC_MSG_RESULT([no])
2241			AC_DEFINE([SSHD_ACQUIRES_CTTY])
2242		],
2243		[
2244			AC_MSG_RESULT([cross-compiling, assuming yes])
2245		]
2246	)
2247fi
2248
2249if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2250    test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2251	AC_MSG_CHECKING([if getaddrinfo seems to work])
2252	AC_RUN_IFELSE(
2253		[AC_LANG_PROGRAM([[
2254#include <stdio.h>
2255#include <sys/socket.h>
2256#include <netdb.h>
2257#include <errno.h>
2258#include <netinet/in.h>
2259
2260#define TEST_PORT "2222"
2261		]], [[
2262	int err, sock;
2263	struct addrinfo *gai_ai, *ai, hints;
2264	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2265
2266	memset(&hints, 0, sizeof(hints));
2267	hints.ai_family = PF_UNSPEC;
2268	hints.ai_socktype = SOCK_STREAM;
2269	hints.ai_flags = AI_PASSIVE;
2270
2271	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2272	if (err != 0) {
2273		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2274		exit(1);
2275	}
2276
2277	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2278		if (ai->ai_family != AF_INET6)
2279			continue;
2280
2281		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2282		    sizeof(ntop), strport, sizeof(strport),
2283		    NI_NUMERICHOST|NI_NUMERICSERV);
2284
2285		if (err != 0) {
2286			if (err == EAI_SYSTEM)
2287				perror("getnameinfo EAI_SYSTEM");
2288			else
2289				fprintf(stderr, "getnameinfo failed: %s\n",
2290				    gai_strerror(err));
2291			exit(2);
2292		}
2293
2294		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2295		if (sock < 0)
2296			perror("socket");
2297		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2298			if (errno == EBADF)
2299				exit(3);
2300		}
2301	}
2302	exit(0);
2303		]])],
2304		[
2305			AC_MSG_RESULT([yes])
2306		],
2307		[
2308			AC_MSG_RESULT([no])
2309			AC_DEFINE([BROKEN_GETADDRINFO])
2310		],
2311		[
2312			AC_MSG_RESULT([cross-compiling, assuming yes])
2313		]
2314	)
2315fi
2316
2317if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2318    test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2319	AC_MSG_CHECKING([if getaddrinfo seems to work])
2320	AC_RUN_IFELSE(
2321		[AC_LANG_PROGRAM([[
2322#include <stdio.h>
2323#include <sys/socket.h>
2324#include <netdb.h>
2325#include <errno.h>
2326#include <netinet/in.h>
2327
2328#define TEST_PORT "2222"
2329		]], [[
2330	int err, sock;
2331	struct addrinfo *gai_ai, *ai, hints;
2332	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2333
2334	memset(&hints, 0, sizeof(hints));
2335	hints.ai_family = PF_UNSPEC;
2336	hints.ai_socktype = SOCK_STREAM;
2337	hints.ai_flags = AI_PASSIVE;
2338
2339	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2340	if (err != 0) {
2341		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2342		exit(1);
2343	}
2344
2345	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2346		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2347			continue;
2348
2349		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2350		    sizeof(ntop), strport, sizeof(strport),
2351		    NI_NUMERICHOST|NI_NUMERICSERV);
2352
2353		if (ai->ai_family == AF_INET && err != 0) {
2354			perror("getnameinfo");
2355			exit(2);
2356		}
2357	}
2358	exit(0);
2359		]])],
2360		[
2361			AC_MSG_RESULT([yes])
2362			AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2363				[Define if you have a getaddrinfo that fails
2364				for the all-zeros IPv6 address])
2365		],
2366		[
2367			AC_MSG_RESULT([no])
2368			AC_DEFINE([BROKEN_GETADDRINFO])
2369		],
2370		[
2371			AC_MSG_RESULT([cross-compiling, assuming no])
2372		]
2373	)
2374fi
2375
2376if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2377	AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2378	    [#include <sys/types.h>
2379	     #include <sys/socket.h>
2380	     #include <netdb.h>])
2381fi
2382
2383if test "x$check_for_conflicting_getspnam" = "x1"; then
2384	AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2385	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2386		[[ exit(0); ]])],
2387		[
2388			AC_MSG_RESULT([no])
2389		],
2390		[
2391			AC_MSG_RESULT([yes])
2392			AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2393			    [Conflicting defs for getspnam])
2394		]
2395	)
2396fi
2397
2398dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2399dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2400dnl for over ten years). Despite this incompatibility being reported during
2401dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2402dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2403dnl implementation.  Try to detect this mess, and assume the only safe option
2404dnl if we're cross compiling.
2405dnl
2406dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2407dnl NetBSD: 2012,  strnvis(char *dst, size_t dlen, const char *src, int flag);
2408if test "x$ac_cv_func_strnvis" = "xyes"; then
2409	AC_MSG_CHECKING([for working strnvis])
2410	AC_RUN_IFELSE(
2411		[AC_LANG_PROGRAM([[
2412#include <signal.h>
2413#include <stdlib.h>
2414#include <string.h>
2415#include <vis.h>
2416static void sighandler(int sig) { _exit(1); }
2417		]], [[
2418	char dst[16];
2419
2420	signal(SIGSEGV, sighandler);
2421	if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2422		exit(0);
2423	exit(1)
2424		]])],
2425		[AC_MSG_RESULT([yes])],
2426		[AC_MSG_RESULT([no])
2427		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2428		[AC_MSG_WARN([cross compiling: assuming broken])
2429		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2430	)
2431fi
2432
2433AC_FUNC_GETPGRP
2434
2435# Search for OpenSSL
2436saved_CPPFLAGS="$CPPFLAGS"
2437saved_LDFLAGS="$LDFLAGS"
2438AC_ARG_WITH([ssl-dir],
2439	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
2440	[
2441		if test "x$openssl" = "xno" ; then
2442			AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2443		fi
2444		if test "x$withval" != "xno" ; then
2445			case "$withval" in
2446				# Relative paths
2447				./*|../*)	withval="`pwd`/$withval"
2448			esac
2449			if test -d "$withval/lib"; then
2450				if test -n "${need_dash_r}"; then
2451					LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2452				else
2453					LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2454				fi
2455			elif test -d "$withval/lib64"; then
2456				if test -n "${need_dash_r}"; then
2457					LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2458				else
2459					LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2460				fi
2461			else
2462				if test -n "${need_dash_r}"; then
2463					LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2464				else
2465					LDFLAGS="-L${withval} ${LDFLAGS}"
2466				fi
2467			fi
2468			if test -d "$withval/include"; then
2469				CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2470			else
2471				CPPFLAGS="-I${withval} ${CPPFLAGS}"
2472			fi
2473		fi
2474	]
2475)
2476
2477AC_ARG_WITH([openssl-header-check],
2478	[  --without-openssl-header-check Disable OpenSSL version consistency check],
2479	[
2480		if test "x$withval" = "xno" ; then
2481			openssl_check_nonfatal=1
2482		fi
2483	]
2484)
2485
2486openssl_engine=no
2487AC_ARG_WITH([ssl-engine],
2488	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
2489	[
2490		if test "x$withval" != "xno" ; then
2491			if test "x$openssl" = "xno" ; then
2492				AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2493			fi
2494			openssl_engine=yes
2495		fi
2496	]
2497)
2498
2499if test "x$openssl" = "xyes" ; then
2500	LIBS="-lcrypto $LIBS"
2501	AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2502		[Define if your ssl headers are included
2503		with #include <openssl/header.h>])],
2504		[
2505			dnl Check default openssl install dir
2506			if test -n "${need_dash_r}"; then
2507				LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2508			else
2509				LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2510			fi
2511			CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2512			AC_CHECK_HEADER([openssl/opensslv.h], ,
2513			    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2514			AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2515				[
2516					AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2517				]
2518			)
2519		]
2520	)
2521
2522	# Determine OpenSSL header version
2523	AC_MSG_CHECKING([OpenSSL header version])
2524	AC_RUN_IFELSE(
2525		[AC_LANG_PROGRAM([[
2526	#include <stdlib.h>
2527	#include <stdio.h>
2528	#include <string.h>
2529	#include <openssl/opensslv.h>
2530	#define DATA "conftest.sslincver"
2531		]], [[
2532		FILE *fd;
2533		int rc;
2534
2535		fd = fopen(DATA,"w");
2536		if(fd == NULL)
2537			exit(1);
2538
2539		if ((rc = fprintf(fd, "%08lx (%s)\n",
2540		    (unsigned long)OPENSSL_VERSION_NUMBER,
2541		     OPENSSL_VERSION_TEXT)) < 0)
2542			exit(1);
2543
2544		exit(0);
2545		]])],
2546		[
2547			ssl_header_ver=`cat conftest.sslincver`
2548			AC_MSG_RESULT([$ssl_header_ver])
2549		],
2550		[
2551			AC_MSG_RESULT([not found])
2552			AC_MSG_ERROR([OpenSSL version header not found.])
2553		],
2554		[
2555			AC_MSG_WARN([cross compiling: not checking])
2556		]
2557	)
2558
2559	# Determine OpenSSL library version
2560	AC_MSG_CHECKING([OpenSSL library version])
2561	AC_RUN_IFELSE(
2562		[AC_LANG_PROGRAM([[
2563	#include <stdio.h>
2564	#include <string.h>
2565	#include <openssl/opensslv.h>
2566	#include <openssl/crypto.h>
2567	#define DATA "conftest.ssllibver"
2568		]], [[
2569		FILE *fd;
2570		int rc;
2571
2572		fd = fopen(DATA,"w");
2573		if(fd == NULL)
2574			exit(1);
2575
2576		if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
2577		    SSLeay_version(SSLEAY_VERSION))) < 0)
2578			exit(1);
2579
2580		exit(0);
2581		]])],
2582		[
2583			ssl_library_ver=`cat conftest.ssllibver`
2584			# Check version is supported.
2585			case "$ssl_library_ver" in
2586				0090[[0-7]]*|009080[[0-5]]*)
2587					AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")])
2588			                ;;
2589			        *) ;;
2590			esac
2591			AC_MSG_RESULT([$ssl_library_ver])
2592		],
2593		[
2594			AC_MSG_RESULT([not found])
2595			AC_MSG_ERROR([OpenSSL library not found.])
2596		],
2597		[
2598			AC_MSG_WARN([cross compiling: not checking])
2599		]
2600	)
2601
2602	# Sanity check OpenSSL headers
2603	AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2604	AC_RUN_IFELSE(
2605		[AC_LANG_PROGRAM([[
2606	#include <string.h>
2607	#include <openssl/opensslv.h>
2608	#include <openssl/crypto.h>
2609		]], [[
2610		exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2611		]])],
2612		[
2613			AC_MSG_RESULT([yes])
2614		],
2615		[
2616			AC_MSG_RESULT([no])
2617			if test "x$openssl_check_nonfatal" = "x"; then
2618				AC_MSG_ERROR([Your OpenSSL headers do not match your
2619	library. Check config.log for details.
2620	If you are sure your installation is consistent, you can disable the check
2621	by running "./configure --without-openssl-header-check".
2622	Also see contrib/findssl.sh for help identifying header/library mismatches.
2623	])
2624			else
2625				AC_MSG_WARN([Your OpenSSL headers do not match your
2626	library. Check config.log for details.
2627	Also see contrib/findssl.sh for help identifying header/library mismatches.])
2628			fi
2629		],
2630		[
2631			AC_MSG_WARN([cross compiling: not checking])
2632		]
2633	)
2634
2635	AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2636	AC_LINK_IFELSE(
2637		[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2638		[[ SSLeay_add_all_algorithms(); ]])],
2639		[
2640			AC_MSG_RESULT([yes])
2641		],
2642		[
2643			AC_MSG_RESULT([no])
2644			saved_LIBS="$LIBS"
2645			LIBS="$LIBS -ldl"
2646			AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2647			AC_LINK_IFELSE(
2648				[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2649				[[ SSLeay_add_all_algorithms(); ]])],
2650				[
2651					AC_MSG_RESULT([yes])
2652				],
2653				[
2654					AC_MSG_RESULT([no])
2655					LIBS="$saved_LIBS"
2656				]
2657			)
2658		]
2659	)
2660
2661	AC_CHECK_FUNCS([ \
2662		BN_is_prime_ex \
2663		DSA_generate_parameters_ex \
2664		EVP_DigestInit_ex \
2665		EVP_DigestFinal_ex \
2666		EVP_MD_CTX_init \
2667		EVP_MD_CTX_cleanup \
2668		EVP_MD_CTX_copy_ex \
2669		HMAC_CTX_init \
2670		RSA_generate_key_ex \
2671		RSA_get_default_method \
2672	])
2673
2674	if test "x$openssl_engine" = "xyes" ; then
2675		AC_MSG_CHECKING([for OpenSSL ENGINE support])
2676		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2677	#include <openssl/engine.h>
2678			]], [[
2679				ENGINE_load_builtin_engines();
2680				ENGINE_register_all_complete();
2681			]])],
2682			[ AC_MSG_RESULT([yes])
2683			  AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2684			     [Enable OpenSSL engine support])
2685			], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2686		])
2687	fi
2688
2689	# Check for OpenSSL without EVP_aes_{192,256}_cbc
2690	AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2691	AC_LINK_IFELSE(
2692		[AC_LANG_PROGRAM([[
2693	#include <string.h>
2694	#include <openssl/evp.h>
2695		]], [[
2696		exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2697		]])],
2698		[
2699			AC_MSG_RESULT([no])
2700		],
2701		[
2702			AC_MSG_RESULT([yes])
2703			AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2704			    [libcrypto is missing AES 192 and 256 bit functions])
2705		]
2706	)
2707
2708	# Check for OpenSSL with EVP_aes_*ctr
2709	AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2710	AC_LINK_IFELSE(
2711		[AC_LANG_PROGRAM([[
2712	#include <string.h>
2713	#include <openssl/evp.h>
2714		]], [[
2715		exit(EVP_aes_128_ctr() == NULL ||
2716		    EVP_aes_192_cbc() == NULL ||
2717		    EVP_aes_256_cbc() == NULL);
2718		]])],
2719		[
2720			AC_MSG_RESULT([yes])
2721			AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2722			    [libcrypto has EVP AES CTR])
2723		],
2724		[
2725			AC_MSG_RESULT([no])
2726		]
2727	)
2728
2729	# Check for OpenSSL with EVP_aes_*gcm
2730	AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2731	AC_LINK_IFELSE(
2732		[AC_LANG_PROGRAM([[
2733	#include <string.h>
2734	#include <openssl/evp.h>
2735		]], [[
2736		exit(EVP_aes_128_gcm() == NULL ||
2737		    EVP_aes_256_gcm() == NULL ||
2738		    EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2739		    EVP_CTRL_GCM_IV_GEN == 0 ||
2740		    EVP_CTRL_GCM_SET_TAG == 0 ||
2741		    EVP_CTRL_GCM_GET_TAG == 0 ||
2742		    EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2743		]])],
2744		[
2745			AC_MSG_RESULT([yes])
2746			AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2747			    [libcrypto has EVP AES GCM])
2748		],
2749		[
2750			AC_MSG_RESULT([no])
2751			unsupported_algorithms="$unsupported_cipers \
2752			   aes128-gcm@openssh.com \
2753			   aes256-gcm@openssh.com"
2754		]
2755	)
2756
2757	AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2758		[AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2759		    [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2760
2761	AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2762	AC_LINK_IFELSE(
2763		[AC_LANG_PROGRAM([[
2764	#include <string.h>
2765	#include <openssl/evp.h>
2766		]], [[
2767		if(EVP_DigestUpdate(NULL, NULL,0))
2768			exit(0);
2769		]])],
2770		[
2771			AC_MSG_RESULT([yes])
2772		],
2773		[
2774			AC_MSG_RESULT([no])
2775			AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2776			    [Define if EVP_DigestUpdate returns void])
2777		]
2778	)
2779
2780	# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2781	# because the system crypt() is more featureful.
2782	if test "x$check_for_libcrypt_before" = "x1"; then
2783		AC_CHECK_LIB([crypt], [crypt])
2784	fi
2785
2786	# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2787	# version in OpenSSL.
2788	if test "x$check_for_libcrypt_later" = "x1"; then
2789		AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2790	fi
2791	AC_CHECK_FUNCS([crypt DES_crypt])
2792
2793	# Search for SHA256 support in libc and/or OpenSSL
2794	AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2795	    [unsupported_algorithms="$unsupported_algorithms \
2796		hmac-sha2-256 \
2797		hmac-sha2-512 \
2798		diffie-hellman-group-exchange-sha256 \
2799		hmac-sha2-256-etm@openssh.com \
2800		hmac-sha2-512-etm@openssh.com"
2801	     ]
2802	)
2803	# Search for RIPE-MD support in OpenSSL
2804	AC_CHECK_FUNCS([EVP_ripemd160], ,
2805	    [unsupported_algorithms="$unsupported_algorithms \
2806		hmac-ripemd160 \
2807		hmac-ripemd160@openssh.com \
2808		hmac-ripemd160-etm@openssh.com"
2809	     ]
2810	)
2811
2812	# Check complete ECC support in OpenSSL
2813	AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2814	AC_LINK_IFELSE(
2815		[AC_LANG_PROGRAM([[
2816	#include <openssl/ec.h>
2817	#include <openssl/ecdh.h>
2818	#include <openssl/ecdsa.h>
2819	#include <openssl/evp.h>
2820	#include <openssl/objects.h>
2821	#include <openssl/opensslv.h>
2822	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2823	# error "OpenSSL < 0.9.8g has unreliable ECC code"
2824	#endif
2825		]], [[
2826		EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2827		const EVP_MD *m = EVP_sha256(); /* We need this too */
2828		]])],
2829		[ AC_MSG_RESULT([yes])
2830		  enable_nistp256=1 ],
2831		[ AC_MSG_RESULT([no]) ]
2832	)
2833
2834	AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2835	AC_LINK_IFELSE(
2836		[AC_LANG_PROGRAM([[
2837	#include <openssl/ec.h>
2838	#include <openssl/ecdh.h>
2839	#include <openssl/ecdsa.h>
2840	#include <openssl/evp.h>
2841	#include <openssl/objects.h>
2842	#include <openssl/opensslv.h>
2843	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2844	# error "OpenSSL < 0.9.8g has unreliable ECC code"
2845	#endif
2846		]], [[
2847		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2848		const EVP_MD *m = EVP_sha384(); /* We need this too */
2849		]])],
2850		[ AC_MSG_RESULT([yes])
2851		  enable_nistp384=1 ],
2852		[ AC_MSG_RESULT([no]) ]
2853	)
2854
2855	AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2856	AC_LINK_IFELSE(
2857		[AC_LANG_PROGRAM([[
2858	#include <openssl/ec.h>
2859	#include <openssl/ecdh.h>
2860	#include <openssl/ecdsa.h>
2861	#include <openssl/evp.h>
2862	#include <openssl/objects.h>
2863	#include <openssl/opensslv.h>
2864	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2865	# error "OpenSSL < 0.9.8g has unreliable ECC code"
2866	#endif
2867		]], [[
2868		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2869		const EVP_MD *m = EVP_sha512(); /* We need this too */
2870		]])],
2871		[ AC_MSG_RESULT([yes])
2872		  AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2873		  AC_RUN_IFELSE(
2874			[AC_LANG_PROGRAM([[
2875	#include <openssl/ec.h>
2876	#include <openssl/ecdh.h>
2877	#include <openssl/ecdsa.h>
2878	#include <openssl/evp.h>
2879	#include <openssl/objects.h>
2880	#include <openssl/opensslv.h>
2881			]],[[
2882			EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2883			const EVP_MD *m = EVP_sha512(); /* We need this too */
2884			exit(e == NULL || m == NULL);
2885			]])],
2886			[ AC_MSG_RESULT([yes])
2887			  enable_nistp521=1 ],
2888			[ AC_MSG_RESULT([no]) ],
2889			[ AC_MSG_WARN([cross-compiling: assuming yes])
2890			  enable_nistp521=1 ]
2891		  )],
2892		AC_MSG_RESULT([no])
2893	)
2894
2895	COMMENT_OUT_ECC="#no ecc#"
2896	TEST_SSH_ECC=no
2897
2898	if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2899	    test x$enable_nistp521 = x1; then
2900		AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2901	fi
2902	if test x$enable_nistp256 = x1; then
2903		AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2904		    [libcrypto has NID_X9_62_prime256v1])
2905		TEST_SSH_ECC=yes
2906		COMMENT_OUT_ECC=""
2907	else
2908		unsupported_algorithms="$unsupported_algorithms \
2909			ecdsa-sha2-nistp256 \
2910			ecdh-sha2-nistp256 \
2911			ecdsa-sha2-nistp256-cert-v01@openssh.com"
2912	fi
2913	if test x$enable_nistp384 = x1; then
2914		AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2915		TEST_SSH_ECC=yes
2916		COMMENT_OUT_ECC=""
2917	else
2918		unsupported_algorithms="$unsupported_algorithms \
2919			ecdsa-sha2-nistp384 \
2920			ecdh-sha2-nistp384 \
2921			ecdsa-sha2-nistp384-cert-v01@openssh.com"
2922	fi
2923	if test x$enable_nistp521 = x1; then
2924		AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2925		TEST_SSH_ECC=yes
2926		COMMENT_OUT_ECC=""
2927	else
2928		unsupported_algorithms="$unsupported_algorithms \
2929			ecdh-sha2-nistp521 \
2930			ecdsa-sha2-nistp521 \
2931			ecdsa-sha2-nistp521-cert-v01@openssh.com"
2932	fi
2933
2934	AC_SUBST([TEST_SSH_ECC])
2935	AC_SUBST([COMMENT_OUT_ECC])
2936else
2937	AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2938	AC_CHECK_FUNCS([crypt])
2939fi
2940
2941AC_CHECK_FUNCS([ \
2942	arc4random \
2943	arc4random_buf \
2944	arc4random_stir \
2945	arc4random_uniform \
2946])
2947
2948saved_LIBS="$LIBS"
2949AC_CHECK_LIB([iaf], [ia_openinfo], [
2950	LIBS="$LIBS -liaf"
2951	AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2952				AC_DEFINE([HAVE_LIBIAF], [1],
2953			[Define if system has libiaf that supports set_id])
2954				])
2955])
2956LIBS="$saved_LIBS"
2957
2958### Configure cryptographic random number support
2959
2960# Check wheter OpenSSL seeds itself
2961if test "x$openssl" = "xyes" ; then
2962	AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2963	AC_RUN_IFELSE(
2964		[AC_LANG_PROGRAM([[
2965	#include <string.h>
2966	#include <openssl/rand.h>
2967		]], [[
2968		exit(RAND_status() == 1 ? 0 : 1);
2969		]])],
2970		[
2971			OPENSSL_SEEDS_ITSELF=yes
2972			AC_MSG_RESULT([yes])
2973		],
2974		[
2975			AC_MSG_RESULT([no])
2976		],
2977		[
2978			AC_MSG_WARN([cross compiling: assuming yes])
2979			# This is safe, since we will fatal() at runtime if
2980			# OpenSSL is not seeded correctly.
2981			OPENSSL_SEEDS_ITSELF=yes
2982		]
2983	)
2984fi
2985
2986# PRNGD TCP socket
2987AC_ARG_WITH([prngd-port],
2988	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
2989	[
2990		case "$withval" in
2991		no)
2992			withval=""
2993			;;
2994		[[0-9]]*)
2995			;;
2996		*)
2997			AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2998			;;
2999		esac
3000		if test ! -z "$withval" ; then
3001			PRNGD_PORT="$withval"
3002			AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3003				[Port number of PRNGD/EGD random number socket])
3004		fi
3005	]
3006)
3007
3008# PRNGD Unix domain socket
3009AC_ARG_WITH([prngd-socket],
3010	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3011	[
3012		case "$withval" in
3013		yes)
3014			withval="/var/run/egd-pool"
3015			;;
3016		no)
3017			withval=""
3018			;;
3019		/*)
3020			;;
3021		*)
3022			AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3023			;;
3024		esac
3025
3026		if test ! -z "$withval" ; then
3027			if test ! -z "$PRNGD_PORT" ; then
3028				AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3029			fi
3030			if test ! -r "$withval" ; then
3031				AC_MSG_WARN([Entropy socket is not readable])
3032			fi
3033			PRNGD_SOCKET="$withval"
3034			AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3035				[Location of PRNGD/EGD random number socket])
3036		fi
3037	],
3038	[
3039		# Check for existing socket only if we don't have a random device already
3040		if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3041			AC_MSG_CHECKING([for PRNGD/EGD socket])
3042			# Insert other locations here
3043			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3044				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3045					PRNGD_SOCKET="$sock"
3046					AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3047					break;
3048				fi
3049			done
3050			if test ! -z "$PRNGD_SOCKET" ; then
3051				AC_MSG_RESULT([$PRNGD_SOCKET])
3052			else
3053				AC_MSG_RESULT([not found])
3054			fi
3055		fi
3056	]
3057)
3058
3059# Which randomness source do we use?
3060if test ! -z "$PRNGD_PORT" ; then
3061	RAND_MSG="PRNGd port $PRNGD_PORT"
3062elif test ! -z "$PRNGD_SOCKET" ; then
3063	RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3064elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3065	AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3066		[Define if you want the OpenSSL internally seeded PRNG only])
3067	RAND_MSG="OpenSSL internal ONLY"
3068elif test "x$openssl" = "xno" ; then
3069	AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3070else
3071	AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3072fi
3073
3074# Check for PAM libs
3075PAM_MSG="no"
3076AC_ARG_WITH([pam],
3077	[  --with-pam              Enable PAM support ],
3078	[
3079		if test "x$withval" != "xno" ; then
3080			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3081			   test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3082				AC_MSG_ERROR([PAM headers not found])
3083			fi
3084
3085			saved_LIBS="$LIBS"
3086			AC_CHECK_LIB([dl], [dlopen], , )
3087			AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3088			AC_CHECK_FUNCS([pam_getenvlist])
3089			AC_CHECK_FUNCS([pam_putenv])
3090			LIBS="$saved_LIBS"
3091
3092			PAM_MSG="yes"
3093
3094			SSHDLIBS="$SSHDLIBS -lpam"
3095			AC_DEFINE([USE_PAM], [1],
3096				[Define if you want to enable PAM support])
3097
3098			if test $ac_cv_lib_dl_dlopen = yes; then
3099				case "$LIBS" in
3100				*-ldl*)
3101					# libdl already in LIBS
3102					;;
3103				*)
3104					SSHDLIBS="$SSHDLIBS -ldl"
3105					;;
3106				esac
3107			fi
3108		fi
3109	]
3110)
3111
3112AC_ARG_WITH([pam-service],
3113	[  --with-pam-service=name Specify PAM service name ],
3114	[
3115		if test "x$withval" != "xno" && \
3116		   test "x$withval" != "xyes" ; then
3117			AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3118				["$withval"], [sshd PAM service name])
3119		fi
3120	]
3121)
3122
3123# Check for older PAM
3124if test "x$PAM_MSG" = "xyes" ; then
3125	# Check PAM strerror arguments (old PAM)
3126	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3127	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3128#include <stdlib.h>
3129#if defined(HAVE_SECURITY_PAM_APPL_H)
3130#include <security/pam_appl.h>
3131#elif defined (HAVE_PAM_PAM_APPL_H)
3132#include <pam/pam_appl.h>
3133#endif
3134		]], [[
3135(void)pam_strerror((pam_handle_t *)NULL, -1);
3136		]])], [AC_MSG_RESULT([no])], [
3137			AC_DEFINE([HAVE_OLD_PAM], [1],
3138				[Define if you have an old version of PAM
3139				which takes only one argument to pam_strerror])
3140			AC_MSG_RESULT([yes])
3141			PAM_MSG="yes (old library)"
3142
3143	])
3144fi
3145
3146case "$host" in
3147*-*-cygwin*)
3148	SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3149	;;
3150*)
3151	SSH_PRIVSEP_USER=sshd
3152	;;
3153esac
3154AC_ARG_WITH([privsep-user],
3155	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
3156	[
3157		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3158		    test "x${withval}" != "xyes"; then
3159			SSH_PRIVSEP_USER=$withval
3160		fi
3161	]
3162)
3163if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3164	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3165		[Cygwin function to fetch non-privileged user for privilege separation])
3166else
3167	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3168		[non-privileged user for privilege separation])
3169fi
3170AC_SUBST([SSH_PRIVSEP_USER])
3171
3172if test "x$have_linux_no_new_privs" = "x1" ; then
3173AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3174	#include <sys/types.h>
3175	#include <linux/seccomp.h>
3176])
3177fi
3178if test "x$have_seccomp_filter" = "x1" ; then
3179AC_MSG_CHECKING([kernel for seccomp_filter support])
3180AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3181		#include <errno.h>
3182		#include <elf.h>
3183		#include <linux/audit.h>
3184		#include <linux/seccomp.h>
3185		#include <stdlib.h>
3186		#include <sys/prctl.h>
3187	]],
3188	[[ int i = $seccomp_audit_arch;
3189	   errno = 0;
3190	   prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3191	   exit(errno == EFAULT ? 0 : 1); ]])],
3192	[ AC_MSG_RESULT([yes]) ], [
3193		AC_MSG_RESULT([no])
3194		# Disable seccomp filter as a target
3195		have_seccomp_filter=0
3196	]
3197)
3198fi
3199
3200# Decide which sandbox style to use
3201sandbox_arg=""
3202AC_ARG_WITH([sandbox],
3203	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3204	[
3205		if test "x$withval" = "xyes" ; then
3206			sandbox_arg=""
3207		else
3208			sandbox_arg="$withval"
3209		fi
3210	]
3211)
3212
3213# Some platforms (seems to be the ones that have a kernel poll(2)-type
3214# function with which they implement select(2)) use an extra file descriptor
3215# when calling select(2), which means we can't use the rlimit sandbox.
3216AC_MSG_CHECKING([if select works with descriptor rlimit])
3217AC_RUN_IFELSE(
3218	[AC_LANG_PROGRAM([[
3219#include <sys/types.h>
3220#ifdef HAVE_SYS_TIME_H
3221# include <sys/time.h>
3222#endif
3223#include <sys/resource.h>
3224#ifdef HAVE_SYS_SELECT_H
3225# include <sys/select.h>
3226#endif
3227#include <errno.h>
3228#include <fcntl.h>
3229#include <stdlib.h>
3230	]],[[
3231	struct rlimit rl_zero;
3232	int fd, r;
3233	fd_set fds;
3234	struct timeval tv;
3235
3236	fd = open("/dev/null", O_RDONLY);
3237	FD_ZERO(&fds);
3238	FD_SET(fd, &fds);
3239	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3240	setrlimit(RLIMIT_FSIZE, &rl_zero);
3241	setrlimit(RLIMIT_NOFILE, &rl_zero);
3242	tv.tv_sec = 1;
3243	tv.tv_usec = 0;
3244	r = select(fd+1, &fds, NULL, NULL, &tv);
3245	exit (r == -1 ? 1 : 0);
3246	]])],
3247	[AC_MSG_RESULT([yes])
3248	 select_works_with_rlimit=yes],
3249	[AC_MSG_RESULT([no])
3250	 select_works_with_rlimit=no],
3251	[AC_MSG_WARN([cross compiling: assuming yes])]
3252)
3253
3254AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3255AC_RUN_IFELSE(
3256	[AC_LANG_PROGRAM([[
3257#include <sys/types.h>
3258#ifdef HAVE_SYS_TIME_H
3259# include <sys/time.h>
3260#endif
3261#include <sys/resource.h>
3262#include <errno.h>
3263#include <stdlib.h>
3264	]],[[
3265	struct rlimit rl_zero;
3266	int fd, r;
3267	fd_set fds;
3268
3269	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3270	r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3271	exit (r == -1 ? 1 : 0);
3272	]])],
3273	[AC_MSG_RESULT([yes])
3274	 rlimit_nofile_zero_works=yes],
3275	[AC_MSG_RESULT([no])
3276	 rlimit_nofile_zero_works=no],
3277	[AC_MSG_WARN([cross compiling: assuming yes])]
3278)
3279
3280AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3281AC_RUN_IFELSE(
3282	[AC_LANG_PROGRAM([[
3283#include <sys/types.h>
3284#include <sys/resource.h>
3285#include <stdlib.h>
3286	]],[[
3287		struct rlimit rl_zero;
3288
3289		rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3290		exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3291	]])],
3292	[AC_MSG_RESULT([yes])],
3293	[AC_MSG_RESULT([no])
3294	 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3295	    [setrlimit RLIMIT_FSIZE works])],
3296	[AC_MSG_WARN([cross compiling: assuming yes])]
3297)
3298
3299if test "x$sandbox_arg" = "xpledge" || \
3300   ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3301	test "x$ac_cv_func_pledge" != "xyes" && \
3302		AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3303	SANDBOX_STYLE="pledge"
3304	AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3305elif test "x$sandbox_arg" = "xsystrace" || \
3306   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3307	test "x$have_systr_policy_kill" != "x1" && \
3308		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3309	SANDBOX_STYLE="systrace"
3310	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3311elif test "x$sandbox_arg" = "xdarwin" || \
3312     ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3313       test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3314	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3315	     "x$ac_cv_header_sandbox_h" != "xyes" && \
3316		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3317	SANDBOX_STYLE="darwin"
3318	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3319elif test "x$sandbox_arg" = "xseccomp_filter" || \
3320     ( test -z "$sandbox_arg" && \
3321       test "x$have_seccomp_filter" = "x1" && \
3322       test "x$ac_cv_header_elf_h" = "xyes" && \
3323       test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3324       test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3325       test "x$seccomp_audit_arch" != "x" && \
3326       test "x$have_linux_no_new_privs" = "x1" && \
3327       test "x$ac_cv_func_prctl" = "xyes" ) ; then
3328	test "x$seccomp_audit_arch" = "x" && \
3329		AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3330	test "x$have_linux_no_new_privs" != "x1" && \
3331		AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3332	test "x$have_seccomp_filter" != "x1" && \
3333		AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3334	test "x$ac_cv_func_prctl" != "xyes" && \
3335		AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3336	SANDBOX_STYLE="seccomp_filter"
3337	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3338elif test "x$sandbox_arg" = "xcapsicum" || \
3339     ( test -z "$sandbox_arg" && \
3340       test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3341       test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3342       test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3343		AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3344       test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3345		AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3346       SANDBOX_STYLE="capsicum"
3347       AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3348elif test "x$sandbox_arg" = "xrlimit" || \
3349     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3350       test "x$select_works_with_rlimit" = "xyes" && \
3351       test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3352	test "x$ac_cv_func_setrlimit" != "xyes" && \
3353		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3354	test "x$select_works_with_rlimit" != "xyes" && \
3355		AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3356	SANDBOX_STYLE="rlimit"
3357	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3358elif test "x$sandbox_arg" = "xsolaris" || \
3359   ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3360	SANDBOX_STYLE="solaris"
3361	AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3362elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3363     test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3364	SANDBOX_STYLE="none"
3365	AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3366else
3367	AC_MSG_ERROR([unsupported --with-sandbox])
3368fi
3369
3370# Cheap hack to ensure NEWS-OS libraries are arranged right.
3371if test ! -z "$SONY" ; then
3372  LIBS="$LIBS -liberty";
3373fi
3374
3375# Check for  long long datatypes
3376AC_CHECK_TYPES([long long, unsigned long long, long double])
3377
3378# Check datatype sizes
3379AC_CHECK_SIZEOF([short int], [2])
3380AC_CHECK_SIZEOF([int], [4])
3381AC_CHECK_SIZEOF([long int], [4])
3382AC_CHECK_SIZEOF([long long int], [8])
3383
3384# Sanity check long long for some platforms (AIX)
3385if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3386	ac_cv_sizeof_long_long_int=0
3387fi
3388
3389# compute LLONG_MIN and LLONG_MAX if we don't know them.
3390if test -z "$have_llong_max"; then
3391	AC_MSG_CHECKING([for max value of long long])
3392	AC_RUN_IFELSE(
3393		[AC_LANG_PROGRAM([[
3394#include <stdio.h>
3395/* Why is this so damn hard? */
3396#ifdef __GNUC__
3397# undef __GNUC__
3398#endif
3399#define __USE_ISOC99
3400#include <limits.h>
3401#define DATA "conftest.llminmax"
3402#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3403
3404/*
3405 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3406 * we do this the hard way.
3407 */
3408static int
3409fprint_ll(FILE *f, long long n)
3410{
3411	unsigned int i;
3412	int l[sizeof(long long) * 8];
3413
3414	if (n < 0)
3415		if (fprintf(f, "-") < 0)
3416			return -1;
3417	for (i = 0; n != 0; i++) {
3418		l[i] = my_abs(n % 10);
3419		n /= 10;
3420	}
3421	do {
3422		if (fprintf(f, "%d", l[--i]) < 0)
3423			return -1;
3424	} while (i != 0);
3425	if (fprintf(f, " ") < 0)
3426		return -1;
3427	return 0;
3428}
3429		]], [[
3430	FILE *f;
3431	long long i, llmin, llmax = 0;
3432
3433	if((f = fopen(DATA,"w")) == NULL)
3434		exit(1);
3435
3436#if defined(LLONG_MIN) && defined(LLONG_MAX)
3437	fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3438	llmin = LLONG_MIN;
3439	llmax = LLONG_MAX;
3440#else
3441	fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
3442	/* This will work on one's complement and two's complement */
3443	for (i = 1; i > llmax; i <<= 1, i++)
3444		llmax = i;
3445	llmin = llmax + 1LL;	/* wrap */
3446#endif
3447
3448	/* Sanity check */
3449	if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3450	    || llmax - 1 > llmax || llmin == llmax || llmin == 0
3451	    || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3452		fprintf(f, "unknown unknown\n");
3453		exit(2);
3454	}
3455
3456	if (fprint_ll(f, llmin) < 0)
3457		exit(3);
3458	if (fprint_ll(f, llmax) < 0)
3459		exit(4);
3460	if (fclose(f) < 0)
3461		exit(5);
3462	exit(0);
3463		]])],
3464		[
3465			llong_min=`$AWK '{print $1}' conftest.llminmax`
3466			llong_max=`$AWK '{print $2}' conftest.llminmax`
3467
3468			AC_MSG_RESULT([$llong_max])
3469			AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3470			    [max value of long long calculated by configure])
3471			AC_MSG_CHECKING([for min value of long long])
3472			AC_MSG_RESULT([$llong_min])
3473			AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3474			    [min value of long long calculated by configure])
3475		],
3476		[
3477			AC_MSG_RESULT([not found])
3478		],
3479		[
3480			AC_MSG_WARN([cross compiling: not checking])
3481		]
3482	)
3483fi
3484
3485
3486# More checks for data types
3487AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3488	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3489	[[ u_int a; a = 1;]])],
3490	[ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3491	])
3492])
3493if test "x$ac_cv_have_u_int" = "xyes" ; then
3494	AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3495	have_u_int=1
3496fi
3497
3498AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3499	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3500	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3501	[ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3502	])
3503])
3504if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3505	AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3506	have_intxx_t=1
3507fi
3508
3509if (test -z "$have_intxx_t" && \
3510	   test "x$ac_cv_header_stdint_h" = "xyes")
3511then
3512    AC_MSG_CHECKING([for intXX_t types in stdint.h])
3513	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3514	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3515		[
3516			AC_DEFINE([HAVE_INTXX_T])
3517			AC_MSG_RESULT([yes])
3518		], [ AC_MSG_RESULT([no])
3519	])
3520fi
3521
3522AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3523	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3524#include <sys/types.h>
3525#ifdef HAVE_STDINT_H
3526# include <stdint.h>
3527#endif
3528#include <sys/socket.h>
3529#ifdef HAVE_SYS_BITYPES_H
3530# include <sys/bitypes.h>
3531#endif
3532		]], [[
3533int64_t a; a = 1;
3534		]])],
3535	[ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3536	])
3537])
3538if test "x$ac_cv_have_int64_t" = "xyes" ; then
3539	AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3540fi
3541
3542AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3543	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3544	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3545	[ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3546	])
3547])
3548if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3549	AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3550	have_u_intxx_t=1
3551fi
3552
3553if test -z "$have_u_intxx_t" ; then
3554    AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3555	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3556	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3557		[
3558			AC_DEFINE([HAVE_U_INTXX_T])
3559			AC_MSG_RESULT([yes])
3560		], [ AC_MSG_RESULT([no])
3561	])
3562fi
3563
3564AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3565	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3566	[[ u_int64_t a; a = 1;]])],
3567	[ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3568	])
3569])
3570if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3571	AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3572	have_u_int64_t=1
3573fi
3574
3575if (test -z "$have_u_int64_t" && \
3576	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3577then
3578    AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3579	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3580	[[ u_int64_t a; a = 1]])],
3581		[
3582			AC_DEFINE([HAVE_U_INT64_T])
3583			AC_MSG_RESULT([yes])
3584		], [ AC_MSG_RESULT([no])
3585	])
3586fi
3587
3588if test -z "$have_u_intxx_t" ; then
3589	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3590		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3591#include <sys/types.h>
3592			]], [[
3593	uint8_t a;
3594	uint16_t b;
3595	uint32_t c;
3596	a = b = c = 1;
3597			]])],
3598		[ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3599		])
3600	])
3601	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3602		AC_DEFINE([HAVE_UINTXX_T], [1],
3603			[define if you have uintxx_t data type])
3604	fi
3605fi
3606
3607if (test -z "$have_uintxx_t" && \
3608	   test "x$ac_cv_header_stdint_h" = "xyes")
3609then
3610    AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3611	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3612	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3613		[
3614			AC_DEFINE([HAVE_UINTXX_T])
3615			AC_MSG_RESULT([yes])
3616		], [ AC_MSG_RESULT([no])
3617	])
3618fi
3619
3620if (test -z "$have_uintxx_t" && \
3621	   test "x$ac_cv_header_inttypes_h" = "xyes")
3622then
3623    AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3624	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3625	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3626		[
3627			AC_DEFINE([HAVE_UINTXX_T])
3628			AC_MSG_RESULT([yes])
3629		], [ AC_MSG_RESULT([no])
3630	])
3631fi
3632
3633if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3634	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3635then
3636	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3637	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3638#include <sys/bitypes.h>
3639		]], [[
3640			int8_t a; int16_t b; int32_t c;
3641			u_int8_t e; u_int16_t f; u_int32_t g;
3642			a = b = c = e = f = g = 1;
3643		]])],
3644		[
3645			AC_DEFINE([HAVE_U_INTXX_T])
3646			AC_DEFINE([HAVE_INTXX_T])
3647			AC_MSG_RESULT([yes])
3648		], [AC_MSG_RESULT([no])
3649	])
3650fi
3651
3652
3653AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3654	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3655	[[ u_char foo; foo = 125; ]])],
3656	[ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3657	])
3658])
3659if test "x$ac_cv_have_u_char" = "xyes" ; then
3660	AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3661fi
3662
3663AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3664#include <sys/types.h>
3665#include <stdint.h>
3666])
3667
3668TYPE_SOCKLEN_T
3669
3670AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3671AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3672#include <sys/types.h>
3673#ifdef HAVE_SYS_BITYPES_H
3674#include <sys/bitypes.h>
3675#endif
3676#ifdef HAVE_SYS_STATFS_H
3677#include <sys/statfs.h>
3678#endif
3679#ifdef HAVE_SYS_STATVFS_H
3680#include <sys/statvfs.h>
3681#endif
3682])
3683
3684AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3685[#include <sys/types.h>
3686#include <netinet/in.h>])
3687
3688AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3689	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3690	[[ size_t foo; foo = 1235; ]])],
3691	[ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3692	])
3693])
3694if test "x$ac_cv_have_size_t" = "xyes" ; then
3695	AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3696fi
3697
3698AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3699	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3700	[[ ssize_t foo; foo = 1235; ]])],
3701	[ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3702	])
3703])
3704if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3705	AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3706fi
3707
3708AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3709	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3710	[[ clock_t foo; foo = 1235; ]])],
3711	[ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3712	])
3713])
3714if test "x$ac_cv_have_clock_t" = "xyes" ; then
3715	AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3716fi
3717
3718AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3719	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3720#include <sys/types.h>
3721#include <sys/socket.h>
3722		]], [[ sa_family_t foo; foo = 1235; ]])],
3723	[ ac_cv_have_sa_family_t="yes" ],
3724	[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3725#include <sys/types.h>
3726#include <sys/socket.h>
3727#include <netinet/in.h>
3728		]], [[ sa_family_t foo; foo = 1235; ]])],
3729		[ ac_cv_have_sa_family_t="yes" ],
3730		[ ac_cv_have_sa_family_t="no" ]
3731	)
3732	])
3733])
3734if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3735	AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3736		[define if you have sa_family_t data type])
3737fi
3738
3739AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3740	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3741	[[ pid_t foo; foo = 1235; ]])],
3742	[ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3743	])
3744])
3745if test "x$ac_cv_have_pid_t" = "xyes" ; then
3746	AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3747fi
3748
3749AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3750	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3751	[[ mode_t foo; foo = 1235; ]])],
3752	[ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3753	])
3754])
3755if test "x$ac_cv_have_mode_t" = "xyes" ; then
3756	AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3757fi
3758
3759
3760AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3761	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3762#include <sys/types.h>
3763#include <sys/socket.h>
3764		]], [[ struct sockaddr_storage s; ]])],
3765	[ ac_cv_have_struct_sockaddr_storage="yes" ],
3766	[ ac_cv_have_struct_sockaddr_storage="no"
3767	])
3768])
3769if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3770	AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3771		[define if you have struct sockaddr_storage data type])
3772fi
3773
3774AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3775	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3776#include <sys/types.h>
3777#include <netinet/in.h>
3778		]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3779	[ ac_cv_have_struct_sockaddr_in6="yes" ],
3780	[ ac_cv_have_struct_sockaddr_in6="no"
3781	])
3782])
3783if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3784	AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3785		[define if you have struct sockaddr_in6 data type])
3786fi
3787
3788AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3789	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3790#include <sys/types.h>
3791#include <netinet/in.h>
3792		]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3793	[ ac_cv_have_struct_in6_addr="yes" ],
3794	[ ac_cv_have_struct_in6_addr="no"
3795	])
3796])
3797if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3798	AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3799		[define if you have struct in6_addr data type])
3800
3801dnl Now check for sin6_scope_id
3802	AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3803		[
3804#ifdef HAVE_SYS_TYPES_H
3805#include <sys/types.h>
3806#endif
3807#include <netinet/in.h>
3808		])
3809fi
3810
3811AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3812	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3813#include <sys/types.h>
3814#include <sys/socket.h>
3815#include <netdb.h>
3816		]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3817	[ ac_cv_have_struct_addrinfo="yes" ],
3818	[ ac_cv_have_struct_addrinfo="no"
3819	])
3820])
3821if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3822	AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3823		[define if you have struct addrinfo data type])
3824fi
3825
3826AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3827	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3828	[[ struct timeval tv; tv.tv_sec = 1;]])],
3829	[ ac_cv_have_struct_timeval="yes" ],
3830	[ ac_cv_have_struct_timeval="no"
3831	])
3832])
3833if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3834	AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3835	have_struct_timeval=1
3836fi
3837
3838AC_CHECK_TYPES([struct timespec])
3839
3840# We need int64_t or else certian parts of the compile will fail.
3841if test "x$ac_cv_have_int64_t" = "xno" && \
3842	test "x$ac_cv_sizeof_long_int" != "x8" && \
3843	test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3844	echo "OpenSSH requires int64_t support.  Contact your vendor or install"
3845	echo "an alternative compiler (I.E., GCC) before continuing."
3846	echo ""
3847	exit 1;
3848else
3849dnl test snprintf (broken on SCO w/gcc)
3850	AC_RUN_IFELSE(
3851		[AC_LANG_SOURCE([[
3852#include <stdio.h>
3853#include <string.h>
3854#ifdef HAVE_SNPRINTF
3855main()
3856{
3857	char buf[50];
3858	char expected_out[50];
3859	int mazsize = 50 ;
3860#if (SIZEOF_LONG_INT == 8)
3861	long int num = 0x7fffffffffffffff;
3862#else
3863	long long num = 0x7fffffffffffffffll;
3864#endif
3865	strcpy(expected_out, "9223372036854775807");
3866	snprintf(buf, mazsize, "%lld", num);
3867	if(strcmp(buf, expected_out) != 0)
3868		exit(1);
3869	exit(0);
3870}
3871#else
3872main() { exit(0); }
3873#endif
3874		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3875		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3876	)
3877fi
3878
3879dnl Checks for structure members
3880OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3881OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3882OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3883OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3884OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3885OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3886OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3887OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3888OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3889OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3890OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3891OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3892OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3893OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3894OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3895OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3896OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3897
3898AC_CHECK_MEMBERS([struct stat.st_blksize])
3899AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3900struct passwd.pw_change, struct passwd.pw_expire],
3901[], [], [[
3902#include <sys/types.h>
3903#include <pwd.h>
3904]])
3905
3906AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3907	[Define if we don't have struct __res_state in resolv.h])],
3908[[
3909#include <stdio.h>
3910#if HAVE_SYS_TYPES_H
3911# include <sys/types.h>
3912#endif
3913#include <netinet/in.h>
3914#include <arpa/nameser.h>
3915#include <resolv.h>
3916]])
3917
3918AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3919		ac_cv_have_ss_family_in_struct_ss, [
3920	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3921#include <sys/types.h>
3922#include <sys/socket.h>
3923		]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3924	[ ac_cv_have_ss_family_in_struct_ss="yes" ],
3925	[ ac_cv_have_ss_family_in_struct_ss="no" ])
3926])
3927if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3928	AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3929fi
3930
3931AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3932		ac_cv_have___ss_family_in_struct_ss, [
3933	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3934#include <sys/types.h>
3935#include <sys/socket.h>
3936		]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3937	[ ac_cv_have___ss_family_in_struct_ss="yes" ],
3938	[ ac_cv_have___ss_family_in_struct_ss="no"
3939	])
3940])
3941if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3942	AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3943		[Fields in struct sockaddr_storage])
3944fi
3945
3946dnl make sure we're using the real structure members and not defines
3947AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3948		ac_cv_have_accrights_in_msghdr, [
3949	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3950#include <sys/types.h>
3951#include <sys/socket.h>
3952#include <sys/uio.h>
3953		]], [[
3954#ifdef msg_accrights
3955#error "msg_accrights is a macro"
3956exit(1);
3957#endif
3958struct msghdr m;
3959m.msg_accrights = 0;
3960exit(0);
3961		]])],
3962		[ ac_cv_have_accrights_in_msghdr="yes" ],
3963		[ ac_cv_have_accrights_in_msghdr="no" ]
3964	)
3965])
3966if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3967	AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3968		[Define if your system uses access rights style
3969		file descriptor passing])
3970fi
3971
3972AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3973AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3974#include <sys/param.h>
3975#include <sys/stat.h>
3976#ifdef HAVE_SYS_TIME_H
3977# include <sys/time.h>
3978#endif
3979#ifdef HAVE_SYS_MOUNT_H
3980#include <sys/mount.h>
3981#endif
3982#ifdef HAVE_SYS_STATVFS_H
3983#include <sys/statvfs.h>
3984#endif
3985	]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3986	[ AC_MSG_RESULT([yes]) ],
3987	[ AC_MSG_RESULT([no])
3988
3989	AC_MSG_CHECKING([if fsid_t has member val])
3990	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3991#include <sys/types.h>
3992#include <sys/statvfs.h>
3993	]], [[ fsid_t t; t.val[0] = 0; ]])],
3994	[ AC_MSG_RESULT([yes])
3995	  AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3996	[ AC_MSG_RESULT([no]) ])
3997
3998	AC_MSG_CHECKING([if f_fsid has member __val])
3999	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4000#include <sys/types.h>
4001#include <sys/statvfs.h>
4002	]], [[ fsid_t t; t.__val[0] = 0; ]])],
4003	[ AC_MSG_RESULT([yes])
4004	  AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4005	[ AC_MSG_RESULT([no]) ])
4006])
4007
4008AC_CACHE_CHECK([for msg_control field in struct msghdr],
4009		ac_cv_have_control_in_msghdr, [
4010	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4011#include <sys/types.h>
4012#include <sys/socket.h>
4013#include <sys/uio.h>
4014		]], [[
4015#ifdef msg_control
4016#error "msg_control is a macro"
4017exit(1);
4018#endif
4019struct msghdr m;
4020m.msg_control = 0;
4021exit(0);
4022		]])],
4023		[ ac_cv_have_control_in_msghdr="yes" ],
4024		[ ac_cv_have_control_in_msghdr="no" ]
4025	)
4026])
4027if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4028	AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4029		[Define if your system uses ancillary data style
4030		file descriptor passing])
4031fi
4032
4033AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4034	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4035		[[ extern char *__progname; printf("%s", __progname); ]])],
4036	[ ac_cv_libc_defines___progname="yes" ],
4037	[ ac_cv_libc_defines___progname="no"
4038	])
4039])
4040if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4041	AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4042fi
4043
4044AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4045	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4046		[[ printf("%s", __FUNCTION__); ]])],
4047	[ ac_cv_cc_implements___FUNCTION__="yes" ],
4048	[ ac_cv_cc_implements___FUNCTION__="no"
4049	])
4050])
4051if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4052	AC_DEFINE([HAVE___FUNCTION__], [1],
4053		[Define if compiler implements __FUNCTION__])
4054fi
4055
4056AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4057	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4058		[[ printf("%s", __func__); ]])],
4059	[ ac_cv_cc_implements___func__="yes" ],
4060	[ ac_cv_cc_implements___func__="no"
4061	])
4062])
4063if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4064	AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4065fi
4066
4067AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4068	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4069#include <stdarg.h>
4070va_list x,y;
4071		]], [[ va_copy(x,y); ]])],
4072	[ ac_cv_have_va_copy="yes" ],
4073	[ ac_cv_have_va_copy="no"
4074	])
4075])
4076if test "x$ac_cv_have_va_copy" = "xyes" ; then
4077	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4078fi
4079
4080AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4081	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4082#include <stdarg.h>
4083va_list x,y;
4084		]], [[ __va_copy(x,y); ]])],
4085	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4086	])
4087])
4088if test "x$ac_cv_have___va_copy" = "xyes" ; then
4089	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4090fi
4091
4092AC_CACHE_CHECK([whether getopt has optreset support],
4093		ac_cv_have_getopt_optreset, [
4094	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4095		[[ extern int optreset; optreset = 0; ]])],
4096	[ ac_cv_have_getopt_optreset="yes" ],
4097	[ ac_cv_have_getopt_optreset="no"
4098	])
4099])
4100if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4101	AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4102		[Define if your getopt(3) defines and uses optreset])
4103fi
4104
4105AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4106	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4107[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4108	[ ac_cv_libc_defines_sys_errlist="yes" ],
4109	[ ac_cv_libc_defines_sys_errlist="no"
4110	])
4111])
4112if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4113	AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4114		[Define if your system defines sys_errlist[]])
4115fi
4116
4117
4118AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4119	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4120[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4121	[ ac_cv_libc_defines_sys_nerr="yes" ],
4122	[ ac_cv_libc_defines_sys_nerr="no"
4123	])
4124])
4125if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4126	AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4127fi
4128
4129# Check libraries needed by DNS fingerprint support
4130AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4131	[AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4132		[Define if getrrsetbyname() exists])],
4133	[
4134		# Needed by our getrrsetbyname()
4135		AC_SEARCH_LIBS([res_query], [resolv])
4136		AC_SEARCH_LIBS([dn_expand], [resolv])
4137		AC_MSG_CHECKING([if res_query will link])
4138		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4139#include <sys/types.h>
4140#include <netinet/in.h>
4141#include <arpa/nameser.h>
4142#include <netdb.h>
4143#include <resolv.h>
4144				]], [[
4145	res_query (0, 0, 0, 0, 0);
4146				]])],
4147		    AC_MSG_RESULT([yes]),
4148		   [AC_MSG_RESULT([no])
4149		    saved_LIBS="$LIBS"
4150		    LIBS="$LIBS -lresolv"
4151		    AC_MSG_CHECKING([for res_query in -lresolv])
4152		    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4153#include <sys/types.h>
4154#include <netinet/in.h>
4155#include <arpa/nameser.h>
4156#include <netdb.h>
4157#include <resolv.h>
4158				]], [[
4159	res_query (0, 0, 0, 0, 0);
4160				]])],
4161			[AC_MSG_RESULT([yes])],
4162			[LIBS="$saved_LIBS"
4163			 AC_MSG_RESULT([no])])
4164		    ])
4165		AC_CHECK_FUNCS([_getshort _getlong])
4166		AC_CHECK_DECLS([_getshort, _getlong], , ,
4167		    [#include <sys/types.h>
4168		    #include <arpa/nameser.h>])
4169		AC_CHECK_MEMBER([HEADER.ad],
4170			[AC_DEFINE([HAVE_HEADER_AD], [1],
4171			    [Define if HEADER.ad exists in arpa/nameser.h])], ,
4172			[#include <arpa/nameser.h>])
4173	])
4174
4175AC_MSG_CHECKING([if struct __res_state _res is an extern])
4176AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4177#include <stdio.h>
4178#if HAVE_SYS_TYPES_H
4179# include <sys/types.h>
4180#endif
4181#include <netinet/in.h>
4182#include <arpa/nameser.h>
4183#include <resolv.h>
4184extern struct __res_state _res;
4185		]], [[
4186struct __res_state *volatile p = &_res;  /* force resolution of _res */
4187return 0;
4188		]],)],
4189		[AC_MSG_RESULT([yes])
4190		 AC_DEFINE([HAVE__RES_EXTERN], [1],
4191		    [Define if you have struct __res_state _res as an extern])
4192		],
4193		[ AC_MSG_RESULT([no]) ]
4194)
4195
4196# Check whether user wants SELinux support
4197SELINUX_MSG="no"
4198LIBSELINUX=""
4199AC_ARG_WITH([selinux],
4200	[  --with-selinux          Enable SELinux support],
4201	[ if test "x$withval" != "xno" ; then
4202		save_LIBS="$LIBS"
4203		AC_DEFINE([WITH_SELINUX], [1],
4204			[Define if you want SELinux support.])
4205		SELINUX_MSG="yes"
4206		AC_CHECK_HEADER([selinux/selinux.h], ,
4207			AC_MSG_ERROR([SELinux support requires selinux.h header]))
4208		AC_CHECK_LIB([selinux], [setexeccon],
4209			[ LIBSELINUX="-lselinux"
4210			  LIBS="$LIBS -lselinux"
4211			],
4212			AC_MSG_ERROR([SELinux support requires libselinux library]))
4213		SSHLIBS="$SSHLIBS $LIBSELINUX"
4214		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4215		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4216		LIBS="$save_LIBS"
4217	fi ]
4218)
4219AC_SUBST([SSHLIBS])
4220AC_SUBST([SSHDLIBS])
4221
4222# Check whether user wants Kerberos 5 support
4223KRB5_MSG="no"
4224AC_ARG_WITH([kerberos5],
4225	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
4226	[ if test "x$withval" != "xno" ; then
4227		if test "x$withval" = "xyes" ; then
4228			KRB5ROOT="/usr/local"
4229		else
4230			KRB5ROOT=${withval}
4231		fi
4232
4233		AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4234		KRB5_MSG="yes"
4235
4236		AC_PATH_TOOL([KRB5CONF], [krb5-config],
4237			     [$KRB5ROOT/bin/krb5-config],
4238			     [$KRB5ROOT/bin:$PATH])
4239		if test -x $KRB5CONF ; then
4240			K5CFLAGS="`$KRB5CONF --cflags`"
4241			K5LIBS="`$KRB5CONF --libs`"
4242			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4243
4244			AC_MSG_CHECKING([for gssapi support])
4245			if $KRB5CONF | grep gssapi >/dev/null ; then
4246				AC_MSG_RESULT([yes])
4247				AC_DEFINE([GSSAPI], [1],
4248					[Define this if you want GSSAPI
4249					support in the version 2 protocol])
4250				GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4251				GSSLIBS="`$KRB5CONF --libs gssapi`"
4252				CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4253			else
4254				AC_MSG_RESULT([no])
4255			fi
4256			AC_MSG_CHECKING([whether we are using Heimdal])
4257			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4258				]], [[ char *tmp = heimdal_version; ]])],
4259				[ AC_MSG_RESULT([yes])
4260				AC_DEFINE([HEIMDAL], [1],
4261				[Define this if you are using the Heimdal
4262				version of Kerberos V5]) ],
4263				[AC_MSG_RESULT([no])
4264			])
4265		else
4266			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4267			LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4268			AC_MSG_CHECKING([whether we are using Heimdal])
4269			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4270				]], [[ char *tmp = heimdal_version; ]])],
4271					[ AC_MSG_RESULT([yes])
4272					 AC_DEFINE([HEIMDAL])
4273					 K5LIBS="-lkrb5"
4274					 K5LIBS="$K5LIBS -lcom_err -lasn1"
4275					 AC_CHECK_LIB([roken], [net_write],
4276					   [K5LIBS="$K5LIBS -lroken"])
4277					 AC_CHECK_LIB([des], [des_cbc_encrypt],
4278					   [K5LIBS="$K5LIBS -ldes"])
4279				       ], [ AC_MSG_RESULT([no])
4280					 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4281			])
4282			AC_SEARCH_LIBS([dn_expand], [resolv])
4283
4284			AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4285				[ AC_DEFINE([GSSAPI])
4286				  GSSLIBS="-lgssapi_krb5" ],
4287				[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4288					[ AC_DEFINE([GSSAPI])
4289					  GSSLIBS="-lgssapi" ],
4290					[ AC_CHECK_LIB([gss], [gss_init_sec_context],
4291						[ AC_DEFINE([GSSAPI])
4292						  GSSLIBS="-lgss" ],
4293						AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4294					])
4295				])
4296
4297			AC_CHECK_HEADER([gssapi.h], ,
4298				[ unset ac_cv_header_gssapi_h
4299				  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4300				  AC_CHECK_HEADERS([gssapi.h], ,
4301					AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4302				  )
4303				]
4304			)
4305
4306			oldCPP="$CPPFLAGS"
4307			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4308			AC_CHECK_HEADER([gssapi_krb5.h], ,
4309					[ CPPFLAGS="$oldCPP" ])
4310
4311		fi
4312		if test ! -z "$need_dash_r" ; then
4313			LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4314		fi
4315		if test ! -z "$blibpath" ; then
4316			blibpath="$blibpath:${KRB5ROOT}/lib"
4317		fi
4318
4319		AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4320		AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4321		AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4322
4323		AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4324			[Define this if you want to use libkafs' AFS support])])
4325
4326		AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4327#ifdef HAVE_GSSAPI_H
4328# include <gssapi.h>
4329#elif defined(HAVE_GSSAPI_GSSAPI_H)
4330# include <gssapi/gssapi.h>
4331#endif
4332
4333#ifdef HAVE_GSSAPI_GENERIC_H
4334# include <gssapi_generic.h>
4335#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4336# include <gssapi/gssapi_generic.h>
4337#endif
4338		]])
4339		saved_LIBS="$LIBS"
4340		LIBS="$LIBS $K5LIBS"
4341		AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4342		LIBS="$saved_LIBS"
4343
4344	fi
4345	]
4346)
4347AC_SUBST([GSSLIBS])
4348AC_SUBST([K5LIBS])
4349
4350# Looking for programs, paths and files
4351
4352PRIVSEP_PATH=/var/empty
4353AC_ARG_WITH([privsep-path],
4354	[  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4355	[
4356		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4357		    test "x${withval}" != "xyes"; then
4358			PRIVSEP_PATH=$withval
4359		fi
4360	]
4361)
4362AC_SUBST([PRIVSEP_PATH])
4363
4364AC_ARG_WITH([xauth],
4365	[  --with-xauth=PATH       Specify path to xauth program ],
4366	[
4367		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4368		    test "x${withval}" != "xyes"; then
4369			xauth_path=$withval
4370		fi
4371	],
4372	[
4373		TestPath="$PATH"
4374		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4375		TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4376		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4377		TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4378		AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4379		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4380			xauth_path="/usr/openwin/bin/xauth"
4381		fi
4382	]
4383)
4384
4385STRIP_OPT=-s
4386AC_ARG_ENABLE([strip],
4387	[  --disable-strip         Disable calling strip(1) on install],
4388	[
4389		if test "x$enableval" = "xno" ; then
4390			STRIP_OPT=
4391		fi
4392	]
4393)
4394AC_SUBST([STRIP_OPT])
4395
4396if test -z "$xauth_path" ; then
4397	XAUTH_PATH="undefined"
4398	AC_SUBST([XAUTH_PATH])
4399else
4400	AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4401		[Define if xauth is found in your path])
4402	XAUTH_PATH=$xauth_path
4403	AC_SUBST([XAUTH_PATH])
4404fi
4405
4406dnl # --with-maildir=/path/to/mail gets top priority.
4407dnl # if maildir is set in the platform case statement above we use that.
4408dnl # Otherwise we run a program to get the dir from system headers.
4409dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4410dnl # If we find _PATH_MAILDIR we do nothing because that is what
4411dnl # session.c expects anyway. Otherwise we set to the value found
4412dnl # stripping any trailing slash. If for some strage reason our program
4413dnl # does not find what it needs, we default to /var/spool/mail.
4414# Check for mail directory
4415AC_ARG_WITH([maildir],
4416    [  --with-maildir=/path/to/mail    Specify your system mail directory],
4417    [
4418	if test "X$withval" != X  &&  test "x$withval" != xno  &&  \
4419	    test "x${withval}" != xyes; then
4420		AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4421            [Set this to your mail directory if you do not have _PATH_MAILDIR])
4422	    fi
4423     ],[
4424	if test "X$maildir" != "X"; then
4425	    AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4426	else
4427	    AC_MSG_CHECKING([Discovering system mail directory])
4428	    AC_RUN_IFELSE(
4429		[AC_LANG_PROGRAM([[
4430#include <stdio.h>
4431#include <string.h>
4432#ifdef HAVE_PATHS_H
4433#include <paths.h>
4434#endif
4435#ifdef HAVE_MAILLOCK_H
4436#include <maillock.h>
4437#endif
4438#define DATA "conftest.maildir"
4439	]], [[
4440	FILE *fd;
4441	int rc;
4442
4443	fd = fopen(DATA,"w");
4444	if(fd == NULL)
4445		exit(1);
4446
4447#if defined (_PATH_MAILDIR)
4448	if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4449		exit(1);
4450#elif defined (MAILDIR)
4451	if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4452		exit(1);
4453#elif defined (_PATH_MAIL)
4454	if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4455		exit(1);
4456#else
4457	exit (2);
4458#endif
4459
4460	exit(0);
4461		]])],
4462		[
4463		    maildir_what=`awk -F: '{print $1}' conftest.maildir`
4464		    maildir=`awk -F: '{print $2}' conftest.maildir \
4465			| sed 's|/$||'`
4466		    AC_MSG_RESULT([Using: $maildir from $maildir_what])
4467		    if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4468			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4469		    fi
4470		],
4471		[
4472		    if test "X$ac_status" = "X2";then
4473# our test program didn't find it. Default to /var/spool/mail
4474			AC_MSG_RESULT([Using: default value of /var/spool/mail])
4475			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4476		     else
4477			AC_MSG_RESULT([*** not found ***])
4478		     fi
4479		],
4480		[
4481			AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4482		]
4483	    )
4484	fi
4485    ]
4486) # maildir
4487
4488if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4489	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4490	disable_ptmx_check=yes
4491fi
4492if test -z "$no_dev_ptmx" ; then
4493	if test "x$disable_ptmx_check" != "xyes" ; then
4494		AC_CHECK_FILE(["/dev/ptmx"],
4495			[
4496				AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4497					[Define if you have /dev/ptmx])
4498				have_dev_ptmx=1
4499			]
4500		)
4501	fi
4502fi
4503
4504if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4505	AC_CHECK_FILE(["/dev/ptc"],
4506		[
4507			AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4508				[Define if you have /dev/ptc])
4509			have_dev_ptc=1
4510		]
4511	)
4512else
4513	AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4514fi
4515
4516# Options from here on. Some of these are preset by platform above
4517AC_ARG_WITH([mantype],
4518	[  --with-mantype=man|cat|doc  Set man page type],
4519	[
4520		case "$withval" in
4521		man|cat|doc)
4522			MANTYPE=$withval
4523			;;
4524		*)
4525			AC_MSG_ERROR([invalid man type: $withval])
4526			;;
4527		esac
4528	]
4529)
4530if test -z "$MANTYPE"; then
4531	TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4532	AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4533	if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4534		MANTYPE=doc
4535	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4536		MANTYPE=man
4537	else
4538		MANTYPE=cat
4539	fi
4540fi
4541AC_SUBST([MANTYPE])
4542if test "$MANTYPE" = "doc"; then
4543	mansubdir=man;
4544else
4545	mansubdir=$MANTYPE;
4546fi
4547AC_SUBST([mansubdir])
4548
4549# Check whether to enable MD5 passwords
4550MD5_MSG="no"
4551AC_ARG_WITH([md5-passwords],
4552	[  --with-md5-passwords    Enable use of MD5 passwords],
4553	[
4554		if test "x$withval" != "xno" ; then
4555			AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4556				[Define if you want to allow MD5 passwords])
4557			MD5_MSG="yes"
4558		fi
4559	]
4560)
4561
4562# Whether to disable shadow password support
4563AC_ARG_WITH([shadow],
4564	[  --without-shadow        Disable shadow password support],
4565	[
4566		if test "x$withval" = "xno" ; then
4567			AC_DEFINE([DISABLE_SHADOW])
4568			disable_shadow=yes
4569		fi
4570	]
4571)
4572
4573if test -z "$disable_shadow" ; then
4574	AC_MSG_CHECKING([if the systems has expire shadow information])
4575	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4576#include <sys/types.h>
4577#include <shadow.h>
4578struct spwd sp;
4579		]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4580		[ sp_expire_available=yes ], [
4581	])
4582
4583	if test "x$sp_expire_available" = "xyes" ; then
4584		AC_MSG_RESULT([yes])
4585		AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4586		    [Define if you want to use shadow password expire field])
4587	else
4588		AC_MSG_RESULT([no])
4589	fi
4590fi
4591
4592# Use ip address instead of hostname in $DISPLAY
4593if test ! -z "$IPADDR_IN_DISPLAY" ; then
4594	DISPLAY_HACK_MSG="yes"
4595	AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4596		[Define if you need to use IP address
4597		instead of hostname in $DISPLAY])
4598else
4599	DISPLAY_HACK_MSG="no"
4600	AC_ARG_WITH([ipaddr-display],
4601		[  --with-ipaddr-display   Use ip address instead of hostname in $DISPLAY],
4602		[
4603			if test "x$withval" != "xno" ; then
4604				AC_DEFINE([IPADDR_IN_DISPLAY])
4605				DISPLAY_HACK_MSG="yes"
4606			fi
4607		]
4608	)
4609fi
4610
4611# check for /etc/default/login and use it if present.
4612AC_ARG_ENABLE([etc-default-login],
4613	[  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4614	[ if test "x$enableval" = "xno"; then
4615		AC_MSG_NOTICE([/etc/default/login handling disabled])
4616		etc_default_login=no
4617	  else
4618		etc_default_login=yes
4619	  fi ],
4620	[ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4621	  then
4622		AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4623		etc_default_login=no
4624	  else
4625		etc_default_login=yes
4626	  fi ]
4627)
4628
4629if test "x$etc_default_login" != "xno"; then
4630	AC_CHECK_FILE(["/etc/default/login"],
4631	    [ external_path_file=/etc/default/login ])
4632	if test "x$external_path_file" = "x/etc/default/login"; then
4633		AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4634			[Define if your system has /etc/default/login])
4635	fi
4636fi
4637
4638dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4639if test $ac_cv_func_login_getcapbool = "yes" && \
4640	test $ac_cv_header_login_cap_h = "yes" ; then
4641	external_path_file=/etc/login.conf
4642fi
4643
4644# Whether to mess with the default path
4645SERVER_PATH_MSG="(default)"
4646AC_ARG_WITH([default-path],
4647	[  --with-default-path=    Specify default $PATH environment for server],
4648	[
4649		if test "x$external_path_file" = "x/etc/login.conf" ; then
4650			AC_MSG_WARN([
4651--with-default-path=PATH has no effect on this system.
4652Edit /etc/login.conf instead.])
4653		elif test "x$withval" != "xno" ; then
4654			if test ! -z "$external_path_file" ; then
4655				AC_MSG_WARN([
4656--with-default-path=PATH will only be used if PATH is not defined in
4657$external_path_file .])
4658			fi
4659			user_path="$withval"
4660			SERVER_PATH_MSG="$withval"
4661		fi
4662	],
4663	[ if test "x$external_path_file" = "x/etc/login.conf" ; then
4664		AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4665	else
4666		if test ! -z "$external_path_file" ; then
4667			AC_MSG_WARN([
4668If PATH is defined in $external_path_file, ensure the path to scp is included,
4669otherwise scp will not work.])
4670		fi
4671		AC_RUN_IFELSE(
4672			[AC_LANG_PROGRAM([[
4673/* find out what STDPATH is */
4674#include <stdio.h>
4675#ifdef HAVE_PATHS_H
4676# include <paths.h>
4677#endif
4678#ifndef _PATH_STDPATH
4679# ifdef _PATH_USERPATH	/* Irix */
4680#  define _PATH_STDPATH _PATH_USERPATH
4681# else
4682#  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4683# endif
4684#endif
4685#include <sys/types.h>
4686#include <sys/stat.h>
4687#include <fcntl.h>
4688#define DATA "conftest.stdpath"
4689			]], [[
4690	FILE *fd;
4691	int rc;
4692
4693	fd = fopen(DATA,"w");
4694	if(fd == NULL)
4695		exit(1);
4696
4697	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4698		exit(1);
4699
4700	exit(0);
4701		]])],
4702		[ user_path=`cat conftest.stdpath` ],
4703		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4704		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4705	)
4706# make sure $bindir is in USER_PATH so scp will work
4707		t_bindir="${bindir}"
4708		while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4709			t_bindir=`eval echo ${t_bindir}`
4710			case $t_bindir in
4711				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4712			esac
4713			case $t_bindir in
4714				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4715			esac
4716		done
4717		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
4718		if test $? -ne 0  ; then
4719			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
4720			if test $? -ne 0  ; then
4721				user_path=$user_path:$t_bindir
4722				AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4723			fi
4724		fi
4725	fi ]
4726)
4727if test "x$external_path_file" != "x/etc/login.conf" ; then
4728	AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4729	AC_SUBST([user_path])
4730fi
4731
4732# Set superuser path separately to user path
4733AC_ARG_WITH([superuser-path],
4734	[  --with-superuser-path=  Specify different path for super-user],
4735	[
4736		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4737		    test "x${withval}" != "xyes"; then
4738			AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4739				[Define if you want a different $PATH
4740				for the superuser])
4741			superuser_path=$withval
4742		fi
4743	]
4744)
4745
4746
4747AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4748IPV4_IN6_HACK_MSG="no"
4749AC_ARG_WITH(4in6,
4750	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
4751	[
4752		if test "x$withval" != "xno" ; then
4753			AC_MSG_RESULT([yes])
4754			AC_DEFINE([IPV4_IN_IPV6], [1],
4755				[Detect IPv4 in IPv6 mapped addresses
4756				and treat as IPv4])
4757			IPV4_IN6_HACK_MSG="yes"
4758		else
4759			AC_MSG_RESULT([no])
4760		fi
4761	], [
4762		if test "x$inet6_default_4in6" = "xyes"; then
4763			AC_MSG_RESULT([yes (default)])
4764			AC_DEFINE([IPV4_IN_IPV6])
4765			IPV4_IN6_HACK_MSG="yes"
4766		else
4767			AC_MSG_RESULT([no (default)])
4768		fi
4769	]
4770)
4771
4772# Whether to enable BSD auth support
4773BSD_AUTH_MSG=no
4774AC_ARG_WITH([bsd-auth],
4775	[  --with-bsd-auth         Enable BSD auth support],
4776	[
4777		if test "x$withval" != "xno" ; then
4778			AC_DEFINE([BSD_AUTH], [1],
4779				[Define if you have BSD auth support])
4780			BSD_AUTH_MSG=yes
4781		fi
4782	]
4783)
4784
4785# Where to place sshd.pid
4786piddir=/var/run
4787# make sure the directory exists
4788if test ! -d $piddir ; then
4789	piddir=`eval echo ${sysconfdir}`
4790	case $piddir in
4791		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4792	esac
4793fi
4794
4795AC_ARG_WITH([pid-dir],
4796	[  --with-pid-dir=PATH     Specify location of ssh.pid file],
4797	[
4798		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4799		    test "x${withval}" != "xyes"; then
4800			piddir=$withval
4801			if test ! -d $piddir ; then
4802			AC_MSG_WARN([** no $piddir directory on this system **])
4803			fi
4804		fi
4805	]
4806)
4807
4808AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4809	[Specify location of ssh.pid])
4810AC_SUBST([piddir])
4811
4812dnl allow user to disable some login recording features
4813AC_ARG_ENABLE([lastlog],
4814	[  --disable-lastlog       disable use of lastlog even if detected [no]],
4815	[
4816		if test "x$enableval" = "xno" ; then
4817			AC_DEFINE([DISABLE_LASTLOG])
4818		fi
4819	]
4820)
4821AC_ARG_ENABLE([utmp],
4822	[  --disable-utmp          disable use of utmp even if detected [no]],
4823	[
4824		if test "x$enableval" = "xno" ; then
4825			AC_DEFINE([DISABLE_UTMP])
4826		fi
4827	]
4828)
4829AC_ARG_ENABLE([utmpx],
4830	[  --disable-utmpx         disable use of utmpx even if detected [no]],
4831	[
4832		if test "x$enableval" = "xno" ; then
4833			AC_DEFINE([DISABLE_UTMPX], [1],
4834				[Define if you don't want to use utmpx])
4835		fi
4836	]
4837)
4838AC_ARG_ENABLE([wtmp],
4839	[  --disable-wtmp          disable use of wtmp even if detected [no]],
4840	[
4841		if test "x$enableval" = "xno" ; then
4842			AC_DEFINE([DISABLE_WTMP])
4843		fi
4844	]
4845)
4846AC_ARG_ENABLE([wtmpx],
4847	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
4848	[
4849		if test "x$enableval" = "xno" ; then
4850			AC_DEFINE([DISABLE_WTMPX], [1],
4851				[Define if you don't want to use wtmpx])
4852		fi
4853	]
4854)
4855AC_ARG_ENABLE([libutil],
4856	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
4857	[
4858		if test "x$enableval" = "xno" ; then
4859			AC_DEFINE([DISABLE_LOGIN])
4860		fi
4861	]
4862)
4863AC_ARG_ENABLE([pututline],
4864	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
4865	[
4866		if test "x$enableval" = "xno" ; then
4867			AC_DEFINE([DISABLE_PUTUTLINE], [1],
4868				[Define if you don't want to use pututline()
4869				etc. to write [uw]tmp])
4870		fi
4871	]
4872)
4873AC_ARG_ENABLE([pututxline],
4874	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
4875	[
4876		if test "x$enableval" = "xno" ; then
4877			AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4878				[Define if you don't want to use pututxline()
4879				etc. to write [uw]tmpx])
4880		fi
4881	]
4882)
4883AC_ARG_WITH([lastlog],
4884  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4885	[
4886		if test "x$withval" = "xno" ; then
4887			AC_DEFINE([DISABLE_LASTLOG])
4888		elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
4889			conf_lastlog_location=$withval
4890		fi
4891	]
4892)
4893
4894dnl lastlog, [uw]tmpx? detection
4895dnl  NOTE: set the paths in the platform section to avoid the
4896dnl   need for command-line parameters
4897dnl lastlog and [uw]tmp are subject to a file search if all else fails
4898
4899dnl lastlog detection
4900dnl  NOTE: the code itself will detect if lastlog is a directory
4901AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4902AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4903#include <sys/types.h>
4904#include <utmp.h>
4905#ifdef HAVE_LASTLOG_H
4906#  include <lastlog.h>
4907#endif
4908#ifdef HAVE_PATHS_H
4909#  include <paths.h>
4910#endif
4911#ifdef HAVE_LOGIN_H
4912# include <login.h>
4913#endif
4914	]], [[ char *lastlog = LASTLOG_FILE; ]])],
4915		[ AC_MSG_RESULT([yes]) ],
4916		[
4917		AC_MSG_RESULT([no])
4918		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4919		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4920#include <sys/types.h>
4921#include <utmp.h>
4922#ifdef HAVE_LASTLOG_H
4923#  include <lastlog.h>
4924#endif
4925#ifdef HAVE_PATHS_H
4926#  include <paths.h>
4927#endif
4928		]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4929		[ AC_MSG_RESULT([yes]) ],
4930		[
4931			AC_MSG_RESULT([no])
4932			system_lastlog_path=no
4933		])
4934])
4935
4936if test -z "$conf_lastlog_location"; then
4937	if test x"$system_lastlog_path" = x"no" ; then
4938		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4939				if (test -d "$f" || test -f "$f") ; then
4940					conf_lastlog_location=$f
4941				fi
4942		done
4943		if test -z "$conf_lastlog_location"; then
4944			AC_MSG_WARN([** Cannot find lastlog **])
4945			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4946		fi
4947	fi
4948fi
4949
4950if test -n "$conf_lastlog_location"; then
4951	AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4952		[Define if you want to specify the path to your lastlog file])
4953fi
4954
4955dnl utmp detection
4956AC_MSG_CHECKING([if your system defines UTMP_FILE])
4957AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4958#include <sys/types.h>
4959#include <utmp.h>
4960#ifdef HAVE_PATHS_H
4961#  include <paths.h>
4962#endif
4963	]], [[ char *utmp = UTMP_FILE; ]])],
4964	[ AC_MSG_RESULT([yes]) ],
4965	[ AC_MSG_RESULT([no])
4966	  system_utmp_path=no
4967])
4968if test -z "$conf_utmp_location"; then
4969	if test x"$system_utmp_path" = x"no" ; then
4970		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4971			if test -f $f ; then
4972				conf_utmp_location=$f
4973			fi
4974		done
4975		if test -z "$conf_utmp_location"; then
4976			AC_DEFINE([DISABLE_UTMP])
4977		fi
4978	fi
4979fi
4980if test -n "$conf_utmp_location"; then
4981	AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4982		[Define if you want to specify the path to your utmp file])
4983fi
4984
4985dnl wtmp detection
4986AC_MSG_CHECKING([if your system defines WTMP_FILE])
4987AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4988#include <sys/types.h>
4989#include <utmp.h>
4990#ifdef HAVE_PATHS_H
4991#  include <paths.h>
4992#endif
4993	]], [[ char *wtmp = WTMP_FILE; ]])],
4994	[ AC_MSG_RESULT([yes]) ],
4995	[ AC_MSG_RESULT([no])
4996	  system_wtmp_path=no
4997])
4998if test -z "$conf_wtmp_location"; then
4999	if test x"$system_wtmp_path" = x"no" ; then
5000		for f in /usr/adm/wtmp /var/log/wtmp; do
5001			if test -f $f ; then
5002				conf_wtmp_location=$f
5003			fi
5004		done
5005		if test -z "$conf_wtmp_location"; then
5006			AC_DEFINE([DISABLE_WTMP])
5007		fi
5008	fi
5009fi
5010if test -n "$conf_wtmp_location"; then
5011	AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5012		[Define if you want to specify the path to your wtmp file])
5013fi
5014
5015dnl wtmpx detection
5016AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5017AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5018#include <sys/types.h>
5019#include <utmp.h>
5020#ifdef HAVE_UTMPX_H
5021#include <utmpx.h>
5022#endif
5023#ifdef HAVE_PATHS_H
5024#  include <paths.h>
5025#endif
5026	]], [[ char *wtmpx = WTMPX_FILE; ]])],
5027	[ AC_MSG_RESULT([yes]) ],
5028	[ AC_MSG_RESULT([no])
5029	  system_wtmpx_path=no
5030])
5031if test -z "$conf_wtmpx_location"; then
5032	if test x"$system_wtmpx_path" = x"no" ; then
5033		AC_DEFINE([DISABLE_WTMPX])
5034	fi
5035else
5036	AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5037		[Define if you want to specify the path to your wtmpx file])
5038fi
5039
5040
5041if test ! -z "$blibpath" ; then
5042	LDFLAGS="$LDFLAGS $blibflags$blibpath"
5043	AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5044fi
5045
5046AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5047    if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5048	AC_DEFINE([DISABLE_LASTLOG])
5049    fi
5050	], [
5051#ifdef HAVE_SYS_TYPES_H
5052#include <sys/types.h>
5053#endif
5054#ifdef HAVE_UTMP_H
5055#include <utmp.h>
5056#endif
5057#ifdef HAVE_UTMPX_H
5058#include <utmpx.h>
5059#endif
5060#ifdef HAVE_LASTLOG_H
5061#include <lastlog.h>
5062#endif
5063	])
5064
5065AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5066	AC_DEFINE([DISABLE_UTMP])
5067	AC_DEFINE([DISABLE_WTMP])
5068	], [
5069#ifdef HAVE_SYS_TYPES_H
5070#include <sys/types.h>
5071#endif
5072#ifdef HAVE_UTMP_H
5073#include <utmp.h>
5074#endif
5075#ifdef HAVE_UTMPX_H
5076#include <utmpx.h>
5077#endif
5078#ifdef HAVE_LASTLOG_H
5079#include <lastlog.h>
5080#endif
5081	])
5082
5083dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5084dnl Add now.
5085CFLAGS="$CFLAGS $werror_flags"
5086
5087if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5088	TEST_SSH_IPV6=no
5089else
5090	TEST_SSH_IPV6=yes
5091fi
5092AC_CHECK_DECL([BROKEN_GETADDRINFO],  [TEST_SSH_IPV6=no])
5093AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5094AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5095AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5096AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5097
5098AC_EXEEXT
5099AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5100	openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5101	survey.sh])
5102AC_OUTPUT
5103
5104# Print summary of options
5105
5106# Someone please show me a better way :)
5107A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5108B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5109C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5110D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5111E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5112F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5113G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5114H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5115I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5116J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5117
5118echo ""
5119echo "OpenSSH has been configured with the following options:"
5120echo "                     User binaries: $B"
5121echo "                   System binaries: $C"
5122echo "               Configuration files: $D"
5123echo "                   Askpass program: $E"
5124echo "                      Manual pages: $F"
5125echo "                          PID file: $G"
5126echo "  Privilege separation chroot path: $H"
5127if test "x$external_path_file" = "x/etc/login.conf" ; then
5128echo "   At runtime, sshd will use the path defined in $external_path_file"
5129echo "   Make sure the path to scp is present, otherwise scp will not work"
5130else
5131echo "            sshd default user PATH: $I"
5132	if test ! -z "$external_path_file"; then
5133echo "   (If PATH is set in $external_path_file it will be used instead. If"
5134echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
5135	fi
5136fi
5137if test ! -z "$superuser_path" ; then
5138echo "          sshd superuser user PATH: $J"
5139fi
5140echo "                    Manpage format: $MANTYPE"
5141echo "                       PAM support: $PAM_MSG"
5142echo "                   OSF SIA support: $SIA_MSG"
5143echo "                 KerberosV support: $KRB5_MSG"
5144echo "                   SELinux support: $SELINUX_MSG"
5145echo "                 Smartcard support: $SCARD_MSG"
5146echo "                     S/KEY support: $SKEY_MSG"
5147echo "              TCP Wrappers support: $TCPW_MSG"
5148echo "              MD5 password support: $MD5_MSG"
5149echo "                   libedit support: $LIBEDIT_MSG"
5150echo "  Solaris process contract support: $SPC_MSG"
5151echo "           Solaris project support: $SP_MSG"
5152echo "         Solaris privilege support: $SPP_MSG"
5153echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5154echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5155echo "                  BSD Auth support: $BSD_AUTH_MSG"
5156echo "              Random number source: $RAND_MSG"
5157echo "             Privsep sandbox style: $SANDBOX_STYLE"
5158
5159echo ""
5160
5161echo "              Host: ${host}"
5162echo "          Compiler: ${CC}"
5163echo "    Compiler flags: ${CFLAGS}"
5164echo "Preprocessor flags: ${CPPFLAGS}"
5165echo "      Linker flags: ${LDFLAGS}"
5166echo "         Libraries: ${LIBS}"
5167if test ! -z "${SSHDLIBS}"; then
5168echo "         +for sshd: ${SSHDLIBS}"
5169fi
5170if test ! -z "${SSHLIBS}"; then
5171echo "          +for ssh: ${SSHLIBS}"
5172fi
5173
5174echo ""
5175
5176if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5177	echo "SVR4 style packages are supported with \"make package\""
5178	echo ""
5179fi
5180
5181if test "x$PAM_MSG" = "xyes" ; then
5182	echo "PAM is enabled. You may need to install a PAM control file "
5183	echo "for sshd, otherwise password authentication may fail. "
5184	echo "Example PAM control files can be found in the contrib/ "
5185	echo "subdirectory"
5186	echo ""
5187fi
5188
5189if test ! -z "$NO_PEERCHECK" ; then
5190	echo "WARNING: the operating system that you are using does not"
5191	echo "appear to support getpeereid(), getpeerucred() or the"
5192	echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5193	echo "enforce security checks to prevent unauthorised connections to"
5194	echo "ssh-agent. Their absence increases the risk that a malicious"
5195	echo "user can connect to your agent."
5196	echo ""
5197fi
5198
5199if test "$AUDIT_MODULE" = "bsm" ; then
5200	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5201	echo "See the Solaris section in README.platform for details."
5202fi
5203