xref: /freebsd/crypto/openssh/configure.ac (revision edf8578117e8844e02c0121147f45e4609b30680)
1#
2# Copyright (c) 1999-2004 Damien Miller
3#
4# Permission to use, copy, modify, and distribute this software for any
5# purpose with or without fee is hereby granted, provided that the above
6# copyright notice and this permission notice appear in all copies.
7#
8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15
16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17AC_CONFIG_MACRO_DIR([m4])
18AC_CONFIG_SRCDIR([ssh.c])
19
20# Check for stale configure as early as possible.
21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do
22	if test "$i" -nt "$srcdir/configure"; then
23		AC_MSG_ERROR([$i newer than configure, run autoreconf])
24	fi
25done
26
27AC_LANG([C])
28
29AC_CONFIG_HEADERS([config.h])
30AC_PROG_CC([cc gcc clang])
31
32# XXX relax this after reimplementing logit() etc.
33AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
35int f(int a, int b, int c) { return a + b + c; }
36#define F(a, ...) f(a, __VA_ARGS__)
37]], [[return F(1, 2, -3);]])],
38	[ AC_MSG_RESULT([yes]) ],
39	[ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
40)
41
42AC_CANONICAL_HOST
43AC_C_BIGENDIAN
44
45# Checks for programs.
46AC_PROG_AWK
47AC_PROG_CPP
48AC_PROG_RANLIB
49AC_PROG_INSTALL
50AC_PROG_EGREP
51AC_PROG_MKDIR_P
52AC_CHECK_TOOLS([AR], [ar])
53AC_PATH_PROG([CAT], [cat])
54AC_PATH_PROG([KILL], [kill])
55AC_PATH_PROG([SED], [sed])
56AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
58AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
59AC_PATH_PROG([SH], [bash])
60AC_PATH_PROG([SH], [ksh])
61AC_PATH_PROG([SH], [sh])
62AC_PATH_PROG([GROFF], [groff])
63AC_PATH_PROG([NROFF], [nroff awf])
64AC_PATH_PROG([MANDOC], [mandoc])
65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
66AC_SUBST([TEST_SHELL], [sh])
67
68dnl select manpage formatter to be used to build "cat" format pages.
69if test "x$MANDOC" != "x" ; then
70	MANFMT="$MANDOC"
71elif test "x$NROFF" != "x" ; then
72	MANFMT="$NROFF -mandoc"
73elif test "x$GROFF" != "x" ; then
74	MANFMT="$GROFF -mandoc -Tascii"
75else
76	AC_MSG_WARN([no manpage formatter found])
77	MANFMT="false"
78fi
79AC_SUBST([MANFMT])
80
81dnl for buildpkg.sh
82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
83	[/usr/sbin${PATH_SEPARATOR}/etc])
84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
85	[/usr/sbin${PATH_SEPARATOR}/etc])
86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
87if test -x /sbin/sh; then
88	AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
89else
90	AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
91fi
92
93# System features
94AC_SYS_LARGEFILE
95
96if test -z "$AR" ; then
97	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
98fi
99
100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
101if test ! -z "$PATH_PASSWD_PROG" ; then
102	AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
103		[Full path of your "passwd" program])
104fi
105
106dnl Since autoconf doesn't support it very well,  we no longer allow users to
107dnl override LD, however keeping the hook here for now in case there's a use
108dnl use case we overlooked and someone needs to re-enable it.  Unless a good
109dnl reason is found we'll be removing this in future.
110LD="$CC"
111AC_SUBST([LD])
112
113AC_C_INLINE
114
115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
118	#include <sys/types.h>
119	#include <sys/param.h>
120	#include <dev/systrace.h>
121])
122AC_CHECK_DECL([RLIMIT_NPROC],
123    [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
124	#include <sys/types.h>
125	#include <sys/resource.h>
126])
127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
128	#include <sys/types.h>
129	#include <linux/prctl.h>
130])
131
132openssl=yes
133openssl_bin=openssl
134AC_ARG_WITH([openssl],
135	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
136	[  if test "x$withval" = "xno" ; then
137		openssl=no
138		openssl_bin=""
139	   fi
140	]
141)
142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
143if test "x$openssl" = "xyes" ; then
144	AC_MSG_RESULT([yes])
145	AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
146else
147	AC_MSG_RESULT([no])
148fi
149
150use_stack_protector=1
151use_toolchain_hardening=1
152AC_ARG_WITH([stackprotect],
153    [  --without-stackprotect  Don't use compiler's stack protection], [
154    if test "x$withval" = "xno"; then
155	use_stack_protector=0
156    fi ])
157AC_ARG_WITH([hardening],
158    [  --without-hardening     Don't use toolchain hardening flags], [
159    if test "x$withval" = "xno"; then
160	use_toolchain_hardening=0
161    fi ])
162
163# We use -Werror for the tests only so that we catch warnings like "this is
164# on by default" for things like -fPIE.
165AC_MSG_CHECKING([if $CC supports -Werror])
166saved_CFLAGS="$CFLAGS"
167CFLAGS="$CFLAGS -Werror"
168AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
169	[ AC_MSG_RESULT([yes])
170	  WERROR="-Werror"],
171	[ AC_MSG_RESULT([no])
172	  WERROR="" ]
173)
174CFLAGS="$saved_CFLAGS"
175
176if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
177	AC_MSG_CHECKING([gcc version])
178	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
179	case "$GCC_VER" in
180		1.*) no_attrib_nonnull=1 ;;
181		2.8* | 2.9*)
182		     no_attrib_nonnull=1
183		     ;;
184		2.*) no_attrib_nonnull=1 ;;
185		*) ;;
186	esac
187	AC_MSG_RESULT([$GCC_VER])
188
189	AC_MSG_CHECKING([clang version])
190	ver="`$CC -v 2>&1`"
191	if echo "$ver" | grep "Apple" >/dev/null; then
192		CLANG_VER="apple-`echo "$ver" | \
193		    awk '/Apple LLVM/ {print $4"-"$5}'`"
194	else
195		CLANG_VER=`echo "$ver" | $AWK '/clang version /{print $3}'`
196	fi
197	AC_MSG_RESULT([$CLANG_VER])
198
199	OSSH_CHECK_CFLAG_COMPILE([-pipe])
200	OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
201	OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
202	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
203	OSSH_CHECK_CFLAG_COMPILE([-Wall])
204	OSSH_CHECK_CFLAG_COMPILE([-Wextra])
205	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
206	OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
207	OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
208	OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
209	OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
210	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
211	OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
212	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
213	OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
214	OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
215	OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
216	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
217    if test "x$use_toolchain_hardening" = "x1"; then
218	OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
219	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
220	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
221	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
222	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
223	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
224	# NB. -ftrapv expects certain support functions to be present in
225	# the compiler library (libgcc or similar) to detect integer operations
226	# that can overflow. We must check that the result of enabling it
227	# actually links. The test program compiled/linked includes a number
228	# of integer operations that should exercise this.
229	OSSH_CHECK_CFLAG_LINK([-ftrapv])
230	# clang 15 seems to have a bug in -fzero-call-used-regs=all.  See
231	# https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and
232	# https://github.com/llvm/llvm-project/issues/59242
233	case "$CLANG_VER" in
234	15.*|apple*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;;
235	*)    OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;;
236	esac
237	OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
238    fi
239
240	AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
241	saved_CFLAGS="$CFLAGS"
242	CFLAGS="$CFLAGS -fno-builtin-memset"
243	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
244			[[ char b[10]; memset(b, 0, sizeof(b)); ]])],
245		[ AC_MSG_RESULT([yes]) ],
246		[ AC_MSG_RESULT([no])
247		  CFLAGS="$saved_CFLAGS" ]
248	)
249
250	# -fstack-protector-all doesn't always work for some GCC versions
251	# and/or platforms, so we test if we can.  If it's not supported
252	# on a given platform gcc will emit a warning so we use -Werror.
253	if test "x$use_stack_protector" = "x1"; then
254	    for t in -fstack-protector-strong -fstack-protector-all \
255		    -fstack-protector; do
256		AC_MSG_CHECKING([if $CC supports $t])
257		saved_CFLAGS="$CFLAGS"
258		saved_LDFLAGS="$LDFLAGS"
259		CFLAGS="$CFLAGS $t -Werror"
260		LDFLAGS="$LDFLAGS $t -Werror"
261		AC_LINK_IFELSE(
262			[AC_LANG_PROGRAM([[
263	#include <stdio.h>
264	int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
265			 ]],
266			[[
267	char x[256];
268	snprintf(x, sizeof(x), "XXX%d", func(1));
269			 ]])],
270		    [ AC_MSG_RESULT([yes])
271		      CFLAGS="$saved_CFLAGS $t"
272		      LDFLAGS="$saved_LDFLAGS $t"
273		      AC_MSG_CHECKING([if $t works])
274		      AC_RUN_IFELSE(
275			[AC_LANG_PROGRAM([[
276	#include <stdio.h>
277	int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
278			]],
279			[[
280	char x[256];
281	snprintf(x, sizeof(x), "XXX%d", func(1));
282			]])],
283			[ AC_MSG_RESULT([yes])
284			  break ],
285			[ AC_MSG_RESULT([no]) ],
286			[ AC_MSG_WARN([cross compiling: cannot test])
287			  break ]
288		      )
289		    ],
290		    [ AC_MSG_RESULT([no]) ]
291		)
292		CFLAGS="$saved_CFLAGS"
293		LDFLAGS="$saved_LDFLAGS"
294	    done
295	fi
296
297	if test -z "$have_llong_max"; then
298		# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
299		unset ac_cv_have_decl_LLONG_MAX
300		saved_CFLAGS="$CFLAGS"
301		CFLAGS="$CFLAGS -std=gnu99"
302		AC_CHECK_DECL([LLONG_MAX],
303		    [have_llong_max=1],
304		    [CFLAGS="$saved_CFLAGS"],
305		    [#include <limits.h>]
306		)
307	fi
308fi
309
310AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
311AC_COMPILE_IFELSE(
312    [AC_LANG_PROGRAM([[
313#include <stdlib.h>
314__attribute__((__unused__)) static void foo(void){return;}]],
315    [[ exit(0); ]])],
316    [ AC_MSG_RESULT([yes]) ],
317    [ AC_MSG_RESULT([no])
318      AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
319	 [compiler does not accept __attribute__ on return types]) ]
320)
321
322AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
323AC_COMPILE_IFELSE(
324    [AC_LANG_PROGRAM([[
325#include <stdlib.h>
326typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
327    [[ exit(0); ]])],
328    [ AC_MSG_RESULT([yes]) ],
329    [ AC_MSG_RESULT([no])
330      AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
331	 [compiler does not accept __attribute__ on prototype args]) ]
332)
333
334AC_MSG_CHECKING([if compiler supports variable length arrays])
335AC_COMPILE_IFELSE(
336    [AC_LANG_PROGRAM([[#include <stdlib.h>]],
337    [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
338    [ AC_MSG_RESULT([yes])
339      AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
340	 [compiler supports variable length arrays]) ],
341    [ AC_MSG_RESULT([no]) ]
342)
343
344AC_MSG_CHECKING([if compiler accepts variable declarations after code])
345AC_COMPILE_IFELSE(
346    [AC_LANG_PROGRAM([[#include <stdlib.h>]],
347    [[ int a; a = 1; int b = 1; exit(a-b); ]])],
348    [ AC_MSG_RESULT([yes])
349      AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
350	 [compiler variable declarations after code]) ],
351    [ AC_MSG_RESULT([no]) ]
352)
353
354if test "x$no_attrib_nonnull" != "x1" ; then
355	AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
356fi
357
358AC_ARG_WITH([rpath],
359	[  --without-rpath         Disable auto-added -R linker paths],
360	[
361		if test "x$withval" = "xno" ; then
362			rpath_opt=""
363		elif test "x$withval" = "xyes" ; then
364			rpath_opt="-R"
365		else
366			rpath_opt="$withval"
367		fi
368	]
369)
370
371# Allow user to specify flags
372AC_ARG_WITH([cflags],
373	[  --with-cflags           Specify additional flags to pass to compiler],
374	[
375		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
376		    test "x${withval}" != "xyes"; then
377			CFLAGS="$CFLAGS $withval"
378		fi
379	]
380)
381
382AC_ARG_WITH([cflags-after],
383	[  --with-cflags-after     Specify additional flags to pass to compiler after configure],
384	[
385		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
386		    test "x${withval}" != "xyes"; then
387			CFLAGS_AFTER="$withval"
388		fi
389	]
390)
391AC_ARG_WITH([cppflags],
392	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
393	[
394		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
395		    test "x${withval}" != "xyes"; then
396			CPPFLAGS="$CPPFLAGS $withval"
397		fi
398	]
399)
400AC_ARG_WITH([ldflags],
401	[  --with-ldflags          Specify additional flags to pass to linker],
402	[
403		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
404		    test "x${withval}" != "xyes"; then
405			LDFLAGS="$LDFLAGS $withval"
406		fi
407	]
408)
409AC_ARG_WITH([ldflags-after],
410	[  --with-ldflags-after    Specify additional flags to pass to linker after configure],
411	[
412		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
413		    test "x${withval}" != "xyes"; then
414			LDFLAGS_AFTER="$withval"
415		fi
416	]
417)
418AC_ARG_WITH([libs],
419	[  --with-libs             Specify additional libraries to link with],
420	[
421		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
422		    test "x${withval}" != "xyes"; then
423			LIBS="$LIBS $withval"
424		fi
425	]
426)
427AC_ARG_WITH([Werror],
428	[  --with-Werror           Build main code with -Werror],
429	[
430		if test -n "$withval"  &&  test "x$withval" != "xno"; then
431			werror_flags="-Werror"
432			if test "x${withval}" != "xyes"; then
433				werror_flags="$withval"
434			fi
435		fi
436	]
437)
438
439dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
440dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order.  If we
441dnl haven't detected it, recheck.
442if test "x$ac_cv_header_sys_stat_h" != "xyes"; then
443	unset ac_cv_header_sys_stat_h
444	AC_CHECK_HEADERS([sys/stat.h])
445fi
446
447AC_CHECK_HEADERS([ \
448	blf.h \
449	bstring.h \
450	crypt.h \
451	crypto/sha2.h \
452	dirent.h \
453	endian.h \
454	elf.h \
455	err.h \
456	features.h \
457	fcntl.h \
458	floatingpoint.h \
459	fnmatch.h \
460	getopt.h \
461	glob.h \
462	ia.h \
463	iaf.h \
464	ifaddrs.h \
465	inttypes.h \
466	langinfo.h \
467	limits.h \
468	locale.h \
469	login.h \
470	maillock.h \
471	ndir.h \
472	net/if_tun.h \
473	netdb.h \
474	netgroup.h \
475	pam/pam_appl.h \
476	paths.h \
477	poll.h \
478	pty.h \
479	readpassphrase.h \
480	rpc/types.h \
481	security/pam_appl.h \
482	sha2.h \
483	shadow.h \
484	stddef.h \
485	stdint.h \
486	string.h \
487	strings.h \
488	sys/bitypes.h \
489	sys/byteorder.h \
490	sys/bsdtty.h \
491	sys/cdefs.h \
492	sys/dir.h \
493	sys/file.h \
494	sys/mman.h \
495	sys/label.h \
496	sys/ndir.h \
497	sys/param.h \
498	sys/poll.h \
499	sys/prctl.h \
500	sys/procctl.h \
501	sys/pstat.h \
502	sys/ptrace.h \
503	sys/random.h \
504	sys/select.h \
505	sys/stream.h \
506	sys/stropts.h \
507	sys/strtio.h \
508	sys/statvfs.h \
509	sys/sysmacros.h \
510	sys/time.h \
511	sys/timers.h \
512	sys/vfs.h \
513	time.h \
514	tmpdir.h \
515	ttyent.h \
516	ucred.h \
517	unistd.h \
518	usersec.h \
519	util.h \
520	utime.h \
521	utmp.h \
522	utmpx.h \
523	vis.h \
524	wchar.h \
525])
526
527# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
528# to be included first.
529AC_CHECK_HEADERS([sys/audit.h], [], [], [
530#ifdef HAVE_SYS_TIME_H
531# include <sys/time.h>
532#endif
533#ifdef HAVE_SYS_TYPES_H
534# include <sys/types.h>
535#endif
536#ifdef HAVE_SYS_LABEL_H
537# include <sys/label.h>
538#endif
539])
540
541# sys/capsicum.h requires sys/types.h
542AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [
543#ifdef HAVE_SYS_TYPES_H
544# include <sys/types.h>
545#endif
546])
547
548AC_MSG_CHECKING([for caph_cache_tzdata])
549AC_LINK_IFELSE(
550    [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]],
551	[[caph_cache_tzdata();]])],
552    [
553	AC_MSG_RESULT([yes])
554	AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1],
555	    [Define if you have caph_cache_tzdata])
556    ],
557    [ AC_MSG_RESULT([no]) ]
558)
559
560# net/route.h requires sys/socket.h and sys/types.h.
561# sys/sysctl.h also requires sys/param.h
562AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
563#ifdef HAVE_SYS_TYPES_H
564# include <sys/types.h>
565#endif
566#include <sys/param.h>
567#include <sys/socket.h>
568])
569
570# lastlog.h requires sys/time.h to be included first on Solaris
571AC_CHECK_HEADERS([lastlog.h], [], [], [
572#ifdef HAVE_SYS_TIME_H
573# include <sys/time.h>
574#endif
575])
576
577# sys/ptms.h requires sys/stream.h to be included first on Solaris
578AC_CHECK_HEADERS([sys/ptms.h], [], [], [
579#ifdef HAVE_SYS_STREAM_H
580# include <sys/stream.h>
581#endif
582])
583
584# login_cap.h requires sys/types.h on NetBSD
585AC_CHECK_HEADERS([login_cap.h], [], [], [
586#include <sys/types.h>
587])
588
589# older BSDs need sys/param.h before sys/mount.h
590AC_CHECK_HEADERS([sys/mount.h], [], [], [
591#include <sys/param.h>
592])
593
594# Android requires sys/socket.h to be included before sys/un.h
595AC_CHECK_HEADERS([sys/un.h], [], [], [
596#include <sys/types.h>
597#include <sys/socket.h>
598])
599
600# Messages for features tested for in target-specific section
601SIA_MSG="no"
602SPC_MSG="no"
603SP_MSG="no"
604SPP_MSG="no"
605
606# Support for Solaris/Illumos privileges (this test is used by both
607# the --with-solaris-privs option and --with-sandbox=solaris).
608SOLARIS_PRIVS="no"
609
610# Check for some target-specific stuff
611case "$host" in
612*-*-aix*)
613	# Some versions of VAC won't allow macro redefinitions at
614	# -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
615	# particularly with older versions of vac or xlc.
616	# It also throws errors about null macro arguments, but these are
617	# not fatal.
618	AC_MSG_CHECKING([if compiler allows macro redefinitions])
619	AC_COMPILE_IFELSE(
620	    [AC_LANG_PROGRAM([[
621#define testmacro foo
622#define testmacro bar]],
623	    [[ exit(0); ]])],
624	    [ AC_MSG_RESULT([yes]) ],
625	    [ AC_MSG_RESULT([no])
626	      CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
627	      CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
628	      CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
629	    ]
630	)
631
632	AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
633	if (test -z "$blibpath"); then
634		blibpath="/usr/lib:/lib"
635	fi
636	saved_LDFLAGS="$LDFLAGS"
637	if test "$GCC" = "yes"; then
638		flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
639	else
640		flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
641	fi
642	for tryflags in $flags ;do
643		if (test -z "$blibflags"); then
644			LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
645			AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
646			[blibflags=$tryflags], [])
647		fi
648	done
649	if (test -z "$blibflags"); then
650		AC_MSG_RESULT([not found])
651		AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
652	else
653		AC_MSG_RESULT([$blibflags])
654	fi
655	LDFLAGS="$saved_LDFLAGS"
656	dnl Check for authenticate.  Might be in libs.a on older AIXes
657	AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
658		[Define if you want to enable AIX4's authenticate function])],
659		[AC_CHECK_LIB([s], [authenticate],
660			[ AC_DEFINE([WITH_AIXAUTHENTICATE])
661				LIBS="$LIBS -ls"
662			])
663		])
664	dnl Check for various auth function declarations in headers.
665	AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
666	    passwdexpired, setauthdb], , , [#include <usersec.h>])
667	dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
668	AC_CHECK_DECLS([loginfailed],
669	    [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
670	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
671		[[ (void)loginfailed("user","host","tty",0); ]])],
672		[AC_MSG_RESULT([yes])
673		AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
674			[Define if your AIX loginfailed() function
675			takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
676	    ])],
677	    [],
678	    [#include <usersec.h>]
679	)
680	AC_CHECK_FUNCS([getgrset setauthdb])
681	AC_CHECK_DECL([F_CLOSEM],
682	    AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
683	    [],
684	    [ #include <limits.h>
685	      #include <fcntl.h> ]
686	)
687	check_for_aix_broken_getaddrinfo=1
688	AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
689	    [Define if your platform breaks doing a seteuid before a setuid])
690	AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
691	AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
692	dnl AIX handles lastlog as part of its login message
693	AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
694	AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
695		[Some systems need a utmpx entry for /bin/login to work])
696	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
697		[Define to a Set Process Title type if your system is
698		supported by bsd-setproctitle.c])
699	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
700	    [AIX 5.2 and 5.3 (and presumably newer) require this])
701	AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
702	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
703	AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
704	AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
705	;;
706*-*-android*)
707	AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
708	AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
709	;;
710*-*-cygwin*)
711	LIBS="$LIBS /usr/lib/textreadmode.o"
712	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
713	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
714	AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
715		[Define to disable UID restoration test])
716	AC_DEFINE([DISABLE_SHADOW], [1],
717		[Define if you want to disable shadow passwords])
718	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
719		[Define if X11 doesn't support AF_UNIX sockets on that system])
720	AC_DEFINE([DISABLE_FD_PASSING], [1],
721		[Define if your platform needs to skip post auth
722		file descriptor passing])
723	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
724	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
725	# Cygwin defines optargs, optargs as declspec(dllimport) for historical
726	# reasons which cause compile warnings, so we disable those warnings.
727	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
728	;;
729*-*-dgux*)
730	AC_DEFINE([IP_TOS_IS_BROKEN], [1],
731		[Define if your system choked on IP TOS setting])
732	AC_DEFINE([SETEUID_BREAKS_SETUID])
733	AC_DEFINE([BROKEN_SETREUID])
734	AC_DEFINE([BROKEN_SETREGID])
735	;;
736*-*-darwin*)
737	use_pie=auto
738	AC_MSG_CHECKING([if we have working getaddrinfo])
739	AC_RUN_IFELSE([AC_LANG_SOURCE([[
740#include <mach-o/dyld.h>
741#include <stdlib.h>
742int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
743		exit(0);
744	else
745		exit(1);
746}
747			]])],
748	[AC_MSG_RESULT([working])],
749	[AC_MSG_RESULT([buggy])
750	AC_DEFINE([BROKEN_GETADDRINFO], [1],
751		[getaddrinfo is broken (if present)])
752	],
753	[AC_MSG_RESULT([assume it is working])])
754	AC_DEFINE([SETEUID_BREAKS_SETUID])
755	AC_DEFINE([BROKEN_SETREUID])
756	AC_DEFINE([BROKEN_SETREGID])
757	AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
758	AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
759		[Define if your resolver libs need this for getrrsetbyname])
760	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
761	AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
762	    [Use tunnel device compatibility to OpenBSD])
763	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
764	    [Prepend the address family to IP tunnel traffic])
765	m4_pattern_allow([AU_IPv])
766	AC_CHECK_DECL([AU_IPv4], [],
767	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
768	    [#include <bsm/audit.h>]
769	AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
770	    [Define if pututxline updates lastlog too])
771	)
772	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
773		[Define to a Set Process Title type if your system is
774		supported by bsd-setproctitle.c])
775	AC_CHECK_FUNCS([sandbox_init])
776	AC_CHECK_HEADERS([sandbox.h])
777	AC_CHECK_LIB([sandbox], [sandbox_apply], [
778	    SSHDLIBS="$SSHDLIBS -lsandbox"
779	])
780	# proc_pidinfo()-based closefrom() replacement.
781	AC_CHECK_HEADERS([libproc.h])
782	AC_CHECK_FUNCS([proc_pidinfo])
783	# poll(2) is broken for character-special devices (at least).
784	# cf. Apple bug 3710161 (not public, but searchable)
785	AC_DEFINE([BROKEN_POLL], [1],
786	    [System poll(2) implementation is broken])
787	;;
788*-*-dragonfly*)
789	SSHDLIBS="$SSHDLIBS"
790	TEST_MALLOC_OPTIONS="AFGJPRX"
791	;;
792*-*-haiku*)
793	LIBS="$LIBS -lbsd "
794	CFLAGS="$CFLAGS -D_BSD_SOURCE"
795	AC_CHECK_LIB([network], [socket])
796	AC_DEFINE([HAVE_U_INT64_T])
797	AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
798	MANTYPE=man
799	;;
800*-*-hpux*)
801	# first we define all of the options common to all HP-UX releases
802	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
803	IPADDR_IN_DISPLAY=yes
804	AC_DEFINE([USE_PIPES])
805	AC_DEFINE([LOGIN_NEEDS_UTMPX])
806	AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
807		[String used in /etc/passwd to denote locked account])
808	AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
809	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
810	maildir="/var/mail"
811	LIBS="$LIBS -lsec"
812	AC_CHECK_LIB([xnet], [t_error], ,
813	    [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
814
815	# next, we define all of the options specific to major releases
816	case "$host" in
817	*-*-hpux10*)
818		if test -z "$GCC"; then
819			CFLAGS="$CFLAGS -Ae"
820		fi
821		AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect])
822		;;
823	*-*-hpux11*)
824		AC_DEFINE([PAM_SUN_CODEBASE], [1],
825			[Define if you are using Solaris-derived PAM which
826			passes pam_messages to the conversation function
827			with an extra level of indirection])
828		AC_DEFINE([DISABLE_UTMP], [1],
829			[Define if you don't want to use utmp])
830		AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
831		check_for_hpux_broken_getaddrinfo=1
832		check_for_conflicting_getspnam=1
833		;;
834	esac
835
836	# lastly, we define options specific to minor releases
837	case "$host" in
838	*-*-hpux10.26)
839		AC_DEFINE([HAVE_SECUREWARE], [1],
840			[Define if you have SecureWare-based
841			protected password database])
842		disable_ptmx_check=yes
843		LIBS="$LIBS -lsecpw"
844		;;
845	esac
846	;;
847*-*-irix5*)
848	PATH="$PATH:/usr/etc"
849	AC_DEFINE([BROKEN_INET_NTOA], [1],
850		[Define if you system's inet_ntoa is busted
851		(e.g. Irix gcc issue)])
852	AC_DEFINE([SETEUID_BREAKS_SETUID])
853	AC_DEFINE([BROKEN_SETREUID])
854	AC_DEFINE([BROKEN_SETREGID])
855	AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
856		[Define if you shouldn't strip 'tty' from your
857		ttyname in [uw]tmp])
858	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
859	;;
860*-*-irix6*)
861	PATH="$PATH:/usr/etc"
862	AC_DEFINE([WITH_IRIX_ARRAY], [1],
863		[Define if you have/want arrays
864		(cluster-wide session management, not C arrays)])
865	AC_DEFINE([WITH_IRIX_PROJECT], [1],
866		[Define if you want IRIX project management])
867	AC_DEFINE([WITH_IRIX_AUDIT], [1],
868		[Define if you want IRIX audit trails])
869	AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
870		[Define if you want IRIX kernel jobs])])
871	AC_DEFINE([BROKEN_INET_NTOA])
872	AC_DEFINE([SETEUID_BREAKS_SETUID])
873	AC_DEFINE([BROKEN_SETREUID])
874	AC_DEFINE([BROKEN_SETREGID])
875	AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
876	AC_DEFINE([WITH_ABBREV_NO_TTY])
877	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
878	;;
879*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
880	AC_DEFINE([PAM_TTY_KLUDGE])
881	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
882	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
883	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
884	AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
885	;;
886*-*-linux*)
887	no_dev_ptmx=1
888	use_pie=auto
889	check_for_openpty_ctty_bug=1
890	dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
891	dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
892	dnl _GNU_SOURCE is needed for setres*id prototypes.
893	CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
894	AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
895	AC_DEFINE([PAM_TTY_KLUDGE], [1],
896		[Work around problematic Linux PAM modules handling of PAM_TTY])
897	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
898		[String used in /etc/passwd to denote locked account])
899	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
900	AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
901		[Define to whatever link() returns for "not supported"
902		if it doesn't return EOPNOTSUPP.])
903	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
904	AC_DEFINE([USE_BTMP])
905	AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
906	inet6_default_4in6=yes
907	case `uname -r` in
908	1.*|2.0.*)
909		AC_DEFINE([BROKEN_CMSG_TYPE], [1],
910			[Define if cmsg_type is not passed correctly])
911		;;
912	esac
913	# tun(4) forwarding compat code
914	AC_CHECK_HEADERS([linux/if_tun.h])
915	if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
916		AC_DEFINE([SSH_TUN_LINUX], [1],
917		    [Open tunnel devices the Linux tun/tap way])
918		AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
919		    [Use tunnel device compatibility to OpenBSD])
920		AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
921		    [Prepend the address family to IP tunnel traffic])
922	fi
923	AC_CHECK_HEADER([linux/if.h],
924	    AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
925		[Support routing domains using Linux VRF]), [], [
926#ifdef HAVE_SYS_TYPES_H
927# include <sys/types.h>
928#endif
929	    ])
930	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
931	    [], [#include <linux/types.h>])
932	# Obtain MIPS ABI
933	case "$host" in
934	mips*)
935		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
936#if _MIPS_SIM != _ABIO32
937#error
938#endif
939			]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
940#if _MIPS_SIM != _ABIN32
941#error
942#endif
943				]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
944#if _MIPS_SIM != _ABI64
945#error
946#endif
947					]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
948				])
949			])
950		])
951		;;
952	esac
953	AC_MSG_CHECKING([for seccomp architecture])
954	seccomp_audit_arch=
955	case "$host" in
956	x86_64-*)
957		seccomp_audit_arch=AUDIT_ARCH_X86_64
958		;;
959	i*86-*)
960		seccomp_audit_arch=AUDIT_ARCH_I386
961		;;
962	arm*-*)
963		seccomp_audit_arch=AUDIT_ARCH_ARM
964		;;
965	aarch64*-*)
966		seccomp_audit_arch=AUDIT_ARCH_AARCH64
967		;;
968	s390x-*)
969		seccomp_audit_arch=AUDIT_ARCH_S390X
970		;;
971	s390-*)
972		seccomp_audit_arch=AUDIT_ARCH_S390
973		;;
974	powerpc-*)
975		seccomp_audit_arch=AUDIT_ARCH_PPC
976		;;
977	powerpc64-*)
978		seccomp_audit_arch=AUDIT_ARCH_PPC64
979		;;
980	powerpc64le-*)
981		seccomp_audit_arch=AUDIT_ARCH_PPC64LE
982		;;
983	mips-*)
984		seccomp_audit_arch=AUDIT_ARCH_MIPS
985		;;
986	mipsel-*)
987		seccomp_audit_arch=AUDIT_ARCH_MIPSEL
988		;;
989	mips64-*)
990		case "$mips_abi" in
991		"n32")
992			seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
993			;;
994		"n64")
995			seccomp_audit_arch=AUDIT_ARCH_MIPS64
996			;;
997		esac
998		;;
999	mips64el-*)
1000		case "$mips_abi" in
1001		"n32")
1002			seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
1003			;;
1004		"n64")
1005			seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
1006			;;
1007		esac
1008		;;
1009	riscv64-*)
1010		seccomp_audit_arch=AUDIT_ARCH_RISCV64
1011		;;
1012	esac
1013	if test "x$seccomp_audit_arch" != "x" ; then
1014		AC_MSG_RESULT(["$seccomp_audit_arch"])
1015		AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
1016		    [Specify the system call convention in use])
1017	else
1018		AC_MSG_RESULT([architecture not supported])
1019	fi
1020	;;
1021*-*-minix)
1022	AC_DEFINE([SETEUID_BREAKS_SETUID])
1023	# poll(2) seems to choke on /dev/null; "Bad file descriptor"
1024	AC_DEFINE([BROKEN_POLL], [1],
1025	    [System poll(2) implementation is broken])
1026	;;
1027mips-sony-bsd|mips-sony-newsos4)
1028	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
1029	SONY=1
1030	;;
1031*-*-netbsd*)
1032	if test "x$withval" != "xno" ; then
1033		rpath_opt="-R"
1034	fi
1035	CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1036	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1037	AC_CHECK_HEADER([net/if_tap.h], ,
1038	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1039	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
1040	    [Prepend the address family to IP tunnel traffic])
1041	TEST_MALLOC_OPTIONS="AJRX"
1042	AC_DEFINE([BROKEN_READ_COMPARISON], [1],
1043	    [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
1044	;;
1045*-*-freebsd*)
1046	SKIP_DISABLE_LASTLOG_DEFINE=yes
1047	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
1048	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1049	AC_CHECK_HEADER([net/if_tap.h], ,
1050	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1051	AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
1052	TEST_MALLOC_OPTIONS="AJRX"
1053	# Preauth crypto occasionally uses file descriptors for crypto offload
1054	# and will crash if they cannot be opened.
1055	AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
1056	    [define if setrlimit RLIMIT_NOFILE breaks things])
1057	case "$host" in
1058	*-*-freebsd9.*|*-*-freebsd10.*)
1059		# Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1060		disable_capsicum=yes
1061	esac
1062	;;
1063*-*-bsdi*)
1064	AC_DEFINE([SETEUID_BREAKS_SETUID])
1065	AC_DEFINE([BROKEN_SETREUID])
1066	AC_DEFINE([BROKEN_SETREGID])
1067	;;
1068*-next-*)
1069	conf_lastlog_location="/usr/adm/lastlog"
1070	conf_utmp_location=/etc/utmp
1071	conf_wtmp_location=/usr/adm/wtmp
1072	maildir=/usr/spool/mail
1073	AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
1074	AC_DEFINE([USE_PIPES])
1075	AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
1076	;;
1077*-*-openbsd*)
1078	use_pie=auto
1079	AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
1080	AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
1081	AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
1082	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
1083	    [syslog_r function is safe to use in in a signal handler])
1084	TEST_MALLOC_OPTIONS="AFGJPRX"
1085	;;
1086*-*-solaris*)
1087	if test "x$withval" != "xno" ; then
1088		rpath_opt="-R"
1089	fi
1090	AC_DEFINE([PAM_SUN_CODEBASE])
1091	AC_DEFINE([LOGIN_NEEDS_UTMPX])
1092	AC_DEFINE([PAM_TTY_KLUDGE])
1093	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
1094		[Define if pam_chauthtok wants real uid set
1095		to the unpriv'ed user])
1096	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1097	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
1098	AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
1099		[Define if sshd somehow reacquires a controlling TTY
1100		after setsid()])
1101	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
1102		in case the name is longer than 8 chars])
1103	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
1104	external_path_file=/etc/default/login
1105	# hardwire lastlog location (can't detect it on some versions)
1106	conf_lastlog_location="/var/adm/lastlog"
1107	AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
1108	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1109	if test "$sol2ver" -ge 8; then
1110		AC_MSG_RESULT([yes])
1111		AC_DEFINE([DISABLE_UTMP])
1112		AC_DEFINE([DISABLE_WTMP], [1],
1113			[Define if you don't want to use wtmp])
1114	else
1115		AC_MSG_RESULT([no])
1116	fi
1117	AC_CHECK_FUNCS([setpflags])
1118	AC_CHECK_FUNCS([setppriv])
1119	AC_CHECK_FUNCS([priv_basicset])
1120	AC_CHECK_HEADERS([priv.h])
1121	AC_ARG_WITH([solaris-contracts],
1122		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
1123		[
1124		AC_CHECK_LIB([contract], [ct_tmpl_activate],
1125			[ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1126				[Define if you have Solaris process contracts])
1127			  LIBS="$LIBS -lcontract"
1128			  SPC_MSG="yes" ], )
1129		],
1130	)
1131	AC_ARG_WITH([solaris-projects],
1132		[  --with-solaris-projects Enable Solaris projects (experimental)],
1133		[
1134		AC_CHECK_LIB([project], [setproject],
1135			[ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1136				[Define if you have Solaris projects])
1137			LIBS="$LIBS -lproject"
1138			SP_MSG="yes" ], )
1139		],
1140	)
1141	AC_ARG_WITH([solaris-privs],
1142		[  --with-solaris-privs    Enable Solaris/Illumos privileges (experimental)],
1143		[
1144		AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1145		if test "x$ac_cv_func_setppriv" = "xyes" -a \
1146			"x$ac_cv_header_priv_h" = "xyes" ; then
1147			SOLARIS_PRIVS=yes
1148			AC_MSG_RESULT([found])
1149			AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1150				[Define to disable UID restoration test])
1151			AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1152				[Define if you have Solaris privileges])
1153			SPP_MSG="yes"
1154		else
1155			AC_MSG_RESULT([not found])
1156			AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1157		fi
1158		],
1159	)
1160	TEST_SHELL=$SHELL	# let configure find us a capable shell
1161	;;
1162*-*-sunos4*)
1163	CPPFLAGS="$CPPFLAGS -DSUNOS4"
1164	AC_CHECK_FUNCS([getpwanam])
1165	AC_DEFINE([PAM_SUN_CODEBASE])
1166	conf_utmp_location=/etc/utmp
1167	conf_wtmp_location=/var/adm/wtmp
1168	conf_lastlog_location=/var/adm/lastlog
1169	AC_DEFINE([USE_PIPES])
1170	AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1171	;;
1172*-ncr-sysv*)
1173	LIBS="$LIBS -lc89"
1174	AC_DEFINE([USE_PIPES])
1175	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1176	AC_DEFINE([SETEUID_BREAKS_SETUID])
1177	AC_DEFINE([BROKEN_SETREUID])
1178	AC_DEFINE([BROKEN_SETREGID])
1179	;;
1180*-sni-sysv*)
1181	# /usr/ucblib MUST NOT be searched on ReliantUNIX
1182	AC_CHECK_LIB([dl], [dlsym], ,)
1183	# -lresolv needs to be at the end of LIBS or DNS lookups break
1184	AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1185	IPADDR_IN_DISPLAY=yes
1186	AC_DEFINE([USE_PIPES])
1187	AC_DEFINE([IP_TOS_IS_BROKEN])
1188	AC_DEFINE([SETEUID_BREAKS_SETUID])
1189	AC_DEFINE([BROKEN_SETREUID])
1190	AC_DEFINE([BROKEN_SETREGID])
1191	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1192	external_path_file=/etc/default/login
1193	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1194	# Attention: always take care to bind libsocket and libnsl before libc,
1195	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1196	;;
1197# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1198*-*-sysv4.2*)
1199	AC_DEFINE([USE_PIPES])
1200	AC_DEFINE([SETEUID_BREAKS_SETUID])
1201	AC_DEFINE([BROKEN_SETREUID])
1202	AC_DEFINE([BROKEN_SETREGID])
1203	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1204	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1205	TEST_SHELL=$SHELL	# let configure find us a capable shell
1206	;;
1207# UnixWare 7.x, OpenUNIX 8
1208*-*-sysv5*)
1209	CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1210	AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1211	AC_DEFINE([USE_PIPES])
1212	AC_DEFINE([SETEUID_BREAKS_SETUID])
1213	AC_DEFINE([BROKEN_GETADDRINFO])
1214	AC_DEFINE([BROKEN_SETREUID])
1215	AC_DEFINE([BROKEN_SETREGID])
1216	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1217	AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1218	TEST_SHELL=$SHELL	# let configure find us a capable shell
1219	case "$host" in
1220	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
1221		maildir=/var/spool/mail
1222		AC_DEFINE([BROKEN_UPDWTMPX])
1223		AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1224			AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1225			], , )
1226		;;
1227	*)	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1228		;;
1229	esac
1230	;;
1231*-*-sysv*)
1232	;;
1233# SCO UNIX and OEM versions of SCO UNIX
1234*-*-sco3.2v4*)
1235	AC_MSG_ERROR("This Platform is no longer supported.")
1236	;;
1237# SCO OpenServer 5.x
1238*-*-sco3.2v5*)
1239	if test -z "$GCC"; then
1240		CFLAGS="$CFLAGS -belf"
1241	fi
1242	LIBS="$LIBS -lprot -lx -ltinfo -lm"
1243	no_dev_ptmx=1
1244	AC_DEFINE([USE_PIPES])
1245	AC_DEFINE([HAVE_SECUREWARE])
1246	AC_DEFINE([DISABLE_SHADOW])
1247	AC_DEFINE([DISABLE_FD_PASSING])
1248	AC_DEFINE([SETEUID_BREAKS_SETUID])
1249	AC_DEFINE([BROKEN_GETADDRINFO])
1250	AC_DEFINE([BROKEN_SETREUID])
1251	AC_DEFINE([BROKEN_SETREGID])
1252	AC_DEFINE([WITH_ABBREV_NO_TTY])
1253	AC_DEFINE([BROKEN_UPDWTMPX])
1254	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1255	AC_CHECK_FUNCS([getluid setluid])
1256	MANTYPE=man
1257	TEST_SHELL=$SHELL	# let configure find us a capable shell
1258	SKIP_DISABLE_LASTLOG_DEFINE=yes
1259	;;
1260*-dec-osf*)
1261	AC_MSG_CHECKING([for Digital Unix SIA])
1262	no_osfsia=""
1263	AC_ARG_WITH([osfsia],
1264		[  --with-osfsia           Enable Digital Unix SIA],
1265		[
1266			if test "x$withval" = "xno" ; then
1267				AC_MSG_RESULT([disabled])
1268				no_osfsia=1
1269			fi
1270		],
1271	)
1272	if test -z "$no_osfsia" ; then
1273		if test -f /etc/sia/matrix.conf; then
1274			AC_MSG_RESULT([yes])
1275			AC_DEFINE([HAVE_OSF_SIA], [1],
1276				[Define if you have Digital Unix Security
1277				Integration Architecture])
1278			AC_DEFINE([DISABLE_LOGIN], [1],
1279				[Define if you don't want to use your
1280				system's login() call])
1281			AC_DEFINE([DISABLE_FD_PASSING])
1282			LIBS="$LIBS -lsecurity -ldb -lm -laud"
1283			SIA_MSG="yes"
1284		else
1285			AC_MSG_RESULT([no])
1286			AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1287			  [String used in /etc/passwd to denote locked account])
1288		fi
1289	fi
1290	AC_DEFINE([BROKEN_GETADDRINFO])
1291	AC_DEFINE([SETEUID_BREAKS_SETUID])
1292	AC_DEFINE([BROKEN_SETREUID])
1293	AC_DEFINE([BROKEN_SETREGID])
1294	AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1295	;;
1296
1297*-*-nto-qnx*)
1298	AC_DEFINE([USE_PIPES])
1299	AC_DEFINE([NO_X11_UNIX_SOCKETS])
1300	AC_DEFINE([DISABLE_LASTLOG])
1301	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1302	AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1303	enable_etc_default_login=no	# has incompatible /etc/default/login
1304	case "$host" in
1305	*-*-nto-qnx6*)
1306		AC_DEFINE([DISABLE_FD_PASSING])
1307		;;
1308	esac
1309	;;
1310
1311*-*-ultrix*)
1312	AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1313	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1314	AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1315	AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1316	# DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1317	# don't get a controlling tty.
1318	AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1319	# On Ultrix some headers are not protected against multiple includes,
1320	# so we create wrappers and put it where the compiler will find it.
1321	AC_MSG_WARN([creating compat wrappers for headers])
1322	mkdir -p netinet
1323	for header in netinet/ip.h netdb.h resolv.h; do
1324		name=`echo $header | tr 'a-z/.' 'A-Z__'`
1325		cat >$header <<EOD
1326#ifndef _SSH_COMPAT_${name}
1327#define _SSH_COMPAT_${name}
1328#include "/usr/include/${header}"
1329#endif
1330EOD
1331	done
1332	;;
1333
1334*-*-lynxos)
1335	CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1336	AC_DEFINE([BROKEN_SETVBUF], [1],
1337	    [LynxOS has broken setvbuf() implementation])
1338	;;
1339esac
1340
1341AC_MSG_CHECKING([compiler and flags for sanity])
1342AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
1343	[	AC_MSG_RESULT([yes]) ],
1344	[
1345		AC_MSG_RESULT([no])
1346		AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1347	],
1348	[	AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1349)
1350
1351dnl Checks for header files.
1352# Checks for libraries.
1353AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1354
1355dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1356AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1357	AC_CHECK_LIB([gen], [dirname], [
1358		AC_CACHE_CHECK([for broken dirname],
1359			ac_cv_have_broken_dirname, [
1360			save_LIBS="$LIBS"
1361			LIBS="$LIBS -lgen"
1362			AC_RUN_IFELSE(
1363				[AC_LANG_SOURCE([[
1364#include <libgen.h>
1365#include <string.h>
1366#include <stdlib.h>
1367
1368int main(int argc, char **argv) {
1369    char *s, buf[32];
1370
1371    strncpy(buf,"/etc", 32);
1372    s = dirname(buf);
1373    if (!s || strncmp(s, "/", 32) != 0) {
1374	exit(1);
1375    } else {
1376	exit(0);
1377    }
1378}
1379				]])],
1380				[ ac_cv_have_broken_dirname="no" ],
1381				[ ac_cv_have_broken_dirname="yes" ],
1382				[ ac_cv_have_broken_dirname="no" ],
1383			)
1384			LIBS="$save_LIBS"
1385		])
1386		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1387			LIBS="$LIBS -lgen"
1388			AC_DEFINE([HAVE_DIRNAME])
1389			AC_CHECK_HEADERS([libgen.h])
1390		fi
1391	])
1392])
1393
1394AC_CHECK_FUNC([getspnam], ,
1395	[AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1396AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1397	[Define if you have the basename function.])])
1398
1399dnl zlib defaults to enabled
1400zlib=yes
1401AC_ARG_WITH([zlib],
1402	[  --with-zlib=PATH        Use zlib in PATH],
1403	[ if test "x$withval" = "xno" ; then
1404		zlib=no
1405	  elif test "x$withval" != "xyes"; then
1406		if test -d "$withval/lib"; then
1407			if test -n "${rpath_opt}"; then
1408				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1409			else
1410				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1411			fi
1412		else
1413			if test -n "${rpath_opt}"; then
1414				LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1415			else
1416				LDFLAGS="-L${withval} ${LDFLAGS}"
1417			fi
1418		fi
1419		if test -d "$withval/include"; then
1420			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1421		else
1422			CPPFLAGS="-I${withval} ${CPPFLAGS}"
1423		fi
1424	fi ]
1425)
1426
1427# These libraries are needed for anything that links in the channel code.
1428CHANNELLIBS=""
1429AC_MSG_CHECKING([for zlib])
1430if test "x${zlib}" = "xno"; then
1431	AC_MSG_RESULT([no])
1432else
1433    saved_LIBS="$LIBS"
1434    CHANNELLIBS="$CHANNELLIBS -lz"
1435    AC_MSG_RESULT([yes])
1436    AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1437    AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1438    AC_CHECK_LIB([z], [deflate], [],
1439	[
1440		saved_CPPFLAGS="$CPPFLAGS"
1441		saved_LDFLAGS="$LDFLAGS"
1442		dnl Check default zlib install dir
1443		if test -n "${rpath_opt}"; then
1444			LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1445		else
1446			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1447		fi
1448		CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1449		AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1450			[
1451				AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1452			]
1453		)
1454	]
1455    )
1456
1457    AC_ARG_WITH([zlib-version-check],
1458	[  --without-zlib-version-check Disable zlib version check],
1459	[  if test "x$withval" = "xno" ; then
1460		zlib_check_nonfatal=1
1461	   fi
1462	]
1463    )
1464
1465    AC_MSG_CHECKING([for possibly buggy zlib])
1466    AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1467#include <stdio.h>
1468#include <stdlib.h>
1469#include <zlib.h>
1470	]],
1471	[[
1472	int a=0, b=0, c=0, d=0, n, v;
1473	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1474	if (n < 1)
1475		exit(1);
1476	v = a*1000000 + b*10000 + c*100 + d;
1477	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1478
1479	/* 1.1.4 is OK */
1480	if (a == 1 && b == 1 && c >= 4)
1481		exit(0);
1482
1483	/* 1.2.3 and up are OK */
1484	if (v >= 1020300)
1485		exit(0);
1486
1487	exit(2);
1488	]])],
1489	AC_MSG_RESULT([no]),
1490	[ AC_MSG_RESULT([yes])
1491	  if test -z "$zlib_check_nonfatal" ; then
1492		AC_MSG_ERROR([*** zlib too old - check config.log ***
1493Your reported zlib version has known security problems.  It's possible your
1494vendor has fixed these problems without changing the version number.  If you
1495are sure this is the case, you can disable the check by running
1496"./configure --without-zlib-version-check".
1497If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1498See http://www.gzip.org/zlib/ for details.])
1499	  else
1500		AC_MSG_WARN([zlib version may have security problems])
1501	  fi
1502	],
1503	[	AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1504    )
1505    LIBS="$saved_LIBS"
1506fi
1507
1508dnl UnixWare 2.x
1509AC_CHECK_FUNC([strcasecmp],
1510	[], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1511)
1512AC_CHECK_FUNCS([utimes],
1513	[], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1514					LIBS="$LIBS -lc89"]) ]
1515)
1516
1517dnl    Checks for libutil functions
1518AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1519AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1520AC_SEARCH_LIBS([scan_scaled], [util bsd])
1521AC_SEARCH_LIBS([login], [util bsd])
1522AC_SEARCH_LIBS([logout], [util bsd])
1523AC_SEARCH_LIBS([logwtmp], [util bsd])
1524AC_SEARCH_LIBS([openpty], [util bsd])
1525AC_SEARCH_LIBS([updwtmp], [util bsd])
1526AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1527
1528# On some platforms, inet_ntop and gethostbyname may be found in libresolv
1529# or libnsl.
1530AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1531AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1532
1533# Some Linux distribtions ship the BSD libc hashing functions in
1534# separate libraries.
1535AC_SEARCH_LIBS([SHA256Update], [md bsd])
1536
1537# "Particular Function Checks"
1538# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1539AC_FUNC_STRFTIME
1540AC_FUNC_MALLOC
1541AC_FUNC_REALLOC
1542# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1543AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1544AC_RUN_IFELSE(
1545	[AC_LANG_PROGRAM(
1546		[[ #include <stdlib.h> ]],
1547		[[ void *p = calloc(0, 1); exit(p == NULL); ]]
1548	)],
1549	[ func_calloc_0_nonnull=yes ],
1550	[ func_calloc_0_nonnull=no ],
1551	[ AC_MSG_WARN([cross compiling: assuming same as malloc])
1552	  func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1553)
1554AC_MSG_RESULT([$func_calloc_0_nonnull])
1555
1556if test "x$func_calloc_0_nonnull" = "xyes"; then
1557	AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1558else
1559	AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1560	AC_DEFINE(calloc, rpl_calloc,
1561	    [Define to rpl_calloc if the replacement function should be used.])
1562fi
1563
1564# Check for ALTDIRFUNC glob() extension
1565AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1566AC_EGREP_CPP([FOUNDIT],
1567	[
1568		#include <glob.h>
1569		#ifdef GLOB_ALTDIRFUNC
1570		FOUNDIT
1571		#endif
1572	],
1573	[
1574		AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1575			[Define if your system glob() function has
1576			the GLOB_ALTDIRFUNC extension])
1577		AC_MSG_RESULT([yes])
1578	],
1579	[
1580		AC_MSG_RESULT([no])
1581	]
1582)
1583
1584# Check for g.gl_matchc glob() extension
1585AC_MSG_CHECKING([for gl_matchc field in glob_t])
1586AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1587	[[ glob_t g; g.gl_matchc = 1; ]])],
1588	[
1589		AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1590			[Define if your system glob() function has
1591			gl_matchc options in glob_t])
1592		AC_MSG_RESULT([yes])
1593	], [
1594		AC_MSG_RESULT([no])
1595])
1596
1597# Check for g.gl_statv glob() extension
1598AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1599AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1600#ifndef GLOB_KEEPSTAT
1601#error "glob does not support GLOB_KEEPSTAT extension"
1602#endif
1603glob_t g;
1604g.gl_statv = NULL;
1605]])],
1606	[
1607		AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1608			[Define if your system glob() function has
1609			gl_statv options in glob_t])
1610		AC_MSG_RESULT([yes])
1611	], [
1612		AC_MSG_RESULT([no])
1613
1614])
1615
1616AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1617
1618AC_CHECK_DECL([VIS_ALL], ,
1619    AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1620
1621AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1622AC_RUN_IFELSE(
1623	[AC_LANG_PROGRAM([[
1624#include <sys/types.h>
1625#include <dirent.h>
1626#include <stdlib.h>
1627	]],
1628	[[
1629	struct dirent d;
1630	exit(sizeof(d.d_name)<=sizeof(char));
1631	]])],
1632	[AC_MSG_RESULT([yes])],
1633	[
1634		AC_MSG_RESULT([no])
1635		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1636			[Define if your struct dirent expects you to
1637			allocate extra space for d_name])
1638	],
1639	[
1640		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1641		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1642	]
1643)
1644
1645AC_MSG_CHECKING([for /proc/pid/fd directory])
1646if test -d "/proc/$$/fd" ; then
1647	AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1648	AC_MSG_RESULT([yes])
1649else
1650	AC_MSG_RESULT([no])
1651fi
1652
1653# Check whether user wants TCP wrappers support
1654TCPW_MSG="no"
1655AC_ARG_WITH([tcp-wrappers],
1656	[  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1657	[
1658		if test "x$withval" != "xno" ; then
1659			saved_LIBS="$LIBS"
1660			saved_LDFLAGS="$LDFLAGS"
1661			saved_CPPFLAGS="$CPPFLAGS"
1662			if test -n "${withval}" && \
1663			    test "x${withval}" != "xyes"; then
1664				if test -d "${withval}/lib"; then
1665					if test -n "${need_dash_r}"; then
1666						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1667					else
1668						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1669					fi
1670				else
1671					if test -n "${need_dash_r}"; then
1672						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1673					else
1674						LDFLAGS="-L${withval} ${LDFLAGS}"
1675					fi
1676				fi
1677				if test -d "${withval}/include"; then
1678					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1679				else
1680					CPPFLAGS="-I${withval} ${CPPFLAGS}"
1681				fi
1682			fi
1683			LIBS="-lwrap $LIBS"
1684			AC_MSG_CHECKING([for libwrap])
1685			AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1686#include <sys/types.h>
1687#include <sys/socket.h>
1688#include <netinet/in.h>
1689#include <tcpd.h>
1690int deny_severity = 0, allow_severity = 0;
1691				]], [[
1692	hosts_access(0);
1693				]])], [
1694					AC_MSG_RESULT([yes])
1695					AC_DEFINE([LIBWRAP], [1],
1696						[Define if you want
1697						TCP Wrappers support])
1698					SSHDLIBS="$SSHDLIBS -lwrap"
1699					TCPW_MSG="yes"
1700				], [
1701					AC_MSG_ERROR([*** libwrap missing])
1702			])
1703			LIBS="$saved_LIBS"
1704		fi
1705	]
1706)
1707
1708# Check whether user wants to use ldns
1709LDNS_MSG="no"
1710AC_ARG_WITH(ldns,
1711	[  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
1712	[
1713	ldns=""
1714	if test "x$withval" = "xyes" ; then
1715		AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1716		if test "x$LDNSCONFIG" = "xno"; then
1717			LIBS="-lldns $LIBS"
1718			ldns=yes
1719		else
1720			LIBS="$LIBS `$LDNSCONFIG --libs`"
1721			CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1722			ldns=yes
1723		fi
1724	elif test "x$withval" != "xno" ; then
1725			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1726			LDFLAGS="$LDFLAGS -L${withval}/lib"
1727			LIBS="-lldns $LIBS"
1728			ldns=yes
1729	fi
1730
1731	# Verify that it works.
1732	if test "x$ldns" = "xyes" ; then
1733		AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1734		LDNS_MSG="yes"
1735		AC_MSG_CHECKING([for ldns support])
1736		AC_LINK_IFELSE(
1737			[AC_LANG_SOURCE([[
1738#include <stdio.h>
1739#include <stdlib.h>
1740#ifdef HAVE_STDINT_H
1741# include <stdint.h>
1742#endif
1743#include <ldns/ldns.h>
1744int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1745			]])
1746		],
1747			[AC_MSG_RESULT(yes)],
1748				[
1749					AC_MSG_RESULT(no)
1750					AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1751				])
1752	fi
1753])
1754
1755# Check whether user wants libedit support
1756LIBEDIT_MSG="no"
1757AC_ARG_WITH([libedit],
1758	[  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1759	[ if test "x$withval" != "xno" ; then
1760		if test "x$withval" = "xyes" ; then
1761			if test "x$PKGCONFIG" != "xno"; then
1762				AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1763				if "$PKGCONFIG" libedit; then
1764					AC_MSG_RESULT([yes])
1765					use_pkgconfig_for_libedit=yes
1766				else
1767					AC_MSG_RESULT([no])
1768				fi
1769			fi
1770		else
1771			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1772			if test -n "${rpath_opt}"; then
1773				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1774			else
1775				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1776			fi
1777		fi
1778		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1779			LIBEDIT=`$PKGCONFIG --libs libedit`
1780			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1781		else
1782			LIBEDIT="-ledit -lcurses"
1783		fi
1784		OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1785		AC_CHECK_LIB([edit], [el_init],
1786			[ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1787			  LIBEDIT_MSG="yes"
1788			  AC_SUBST([LIBEDIT])
1789			],
1790			[ AC_MSG_ERROR([libedit not found]) ],
1791			[ $OTHERLIBS ]
1792		)
1793		AC_MSG_CHECKING([if libedit version is compatible])
1794		AC_COMPILE_IFELSE(
1795		    [AC_LANG_PROGRAM([[
1796#include <histedit.h>
1797#include <stdlib.h>
1798		    ]],
1799		    [[
1800	int i = H_SETSIZE;
1801	el_init("", NULL, NULL, NULL);
1802	exit(0);
1803		    ]])],
1804		    [ AC_MSG_RESULT([yes]) ],
1805		    [ AC_MSG_RESULT([no])
1806		      AC_MSG_ERROR([libedit version is not compatible]) ]
1807		)
1808	fi ]
1809)
1810
1811AUDIT_MODULE=none
1812AC_ARG_WITH([audit],
1813	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
1814	[
1815	  AC_MSG_CHECKING([for supported audit module])
1816	  case "$withval" in
1817	  bsm)
1818		AC_MSG_RESULT([bsm])
1819		AUDIT_MODULE=bsm
1820		dnl    Checks for headers, libs and functions
1821		AC_CHECK_HEADERS([bsm/audit.h], [],
1822		    [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1823		    [
1824#ifdef HAVE_TIME_H
1825# include <time.h>
1826#endif
1827		    ]
1828)
1829		AC_CHECK_LIB([bsm], [getaudit], [],
1830		    [AC_MSG_ERROR([BSM enabled and required library not found])])
1831		AC_CHECK_FUNCS([getaudit], [],
1832		    [AC_MSG_ERROR([BSM enabled and required function not found])])
1833		# These are optional
1834		AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1835		AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1836		if test "$sol2ver" -ge 11; then
1837			SSHDLIBS="$SSHDLIBS -lscf"
1838			AC_DEFINE([BROKEN_BSM_API], [1],
1839				[The system has incomplete BSM API])
1840		fi
1841		;;
1842	  linux)
1843		AC_MSG_RESULT([linux])
1844		AUDIT_MODULE=linux
1845		dnl    Checks for headers, libs and functions
1846		AC_CHECK_HEADERS([libaudit.h])
1847		SSHDLIBS="$SSHDLIBS -laudit"
1848		AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1849		;;
1850	  debug)
1851		AUDIT_MODULE=debug
1852		AC_MSG_RESULT([debug])
1853		AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1854		;;
1855	  no)
1856		AC_MSG_RESULT([no])
1857		;;
1858	  *)
1859		AC_MSG_ERROR([Unknown audit module $withval])
1860		;;
1861	esac ]
1862)
1863
1864AC_ARG_WITH([pie],
1865    [  --with-pie              Build Position Independent Executables if possible], [
1866	if test "x$withval" = "xno"; then
1867		use_pie=no
1868	fi
1869	if test "x$withval" = "xyes"; then
1870		use_pie=yes
1871	fi
1872    ]
1873)
1874if test "x$use_pie" = "x"; then
1875	use_pie=no
1876fi
1877if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1878	# Turn off automatic PIE when toolchain hardening is off.
1879	use_pie=no
1880fi
1881if test "x$use_pie" = "xauto"; then
1882	# Automatic PIE requires gcc >= 4.x
1883	AC_MSG_CHECKING([for gcc >= 4.x])
1884	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1885#if !defined(__GNUC__) || __GNUC__ < 4
1886#error gcc is too old
1887#endif
1888]])],
1889	[ AC_MSG_RESULT([yes]) ],
1890	[ AC_MSG_RESULT([no])
1891	  use_pie=no ]
1892)
1893fi
1894if test "x$use_pie" != "xno"; then
1895	SAVED_CFLAGS="$CFLAGS"
1896	SAVED_LDFLAGS="$LDFLAGS"
1897	OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1898	OSSH_CHECK_LDFLAG_LINK([-pie])
1899	# We use both -fPIE and -pie or neither.
1900	AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1901	if echo "x $CFLAGS"  | grep ' -fPIE' >/dev/null 2>&1 && \
1902	   echo "x $LDFLAGS" | grep ' -pie'  >/dev/null 2>&1 ; then
1903		AC_MSG_RESULT([yes])
1904	else
1905		AC_MSG_RESULT([no])
1906		CFLAGS="$SAVED_CFLAGS"
1907		LDFLAGS="$SAVED_LDFLAGS"
1908	fi
1909fi
1910
1911AC_MSG_CHECKING([whether -fPIC is accepted])
1912SAVED_CFLAGS="$CFLAGS"
1913CFLAGS="$CFLAGS -fPIC"
1914AC_COMPILE_IFELSE(
1915	[AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1916   [AC_MSG_RESULT([yes])
1917    PICFLAG="-fPIC"; ],
1918   [AC_MSG_RESULT([no])
1919    PICFLAG=""; ])
1920CFLAGS="$SAVED_CFLAGS"
1921AC_SUBST([PICFLAG])
1922
1923dnl    Checks for library functions. Please keep in alphabetical order
1924AC_CHECK_FUNCS([ \
1925	auth_hostok \
1926	auth_timeok \
1927	Blowfish_initstate \
1928	Blowfish_expandstate \
1929	Blowfish_expand0state \
1930	Blowfish_stream2word \
1931	SHA256Update \
1932	SHA384Update \
1933	SHA512Update \
1934	asprintf \
1935	b64_ntop \
1936	__b64_ntop \
1937	b64_pton \
1938	__b64_pton \
1939	bcopy \
1940	bcrypt_pbkdf \
1941	bindresvport_sa \
1942	blf_enc \
1943	bzero \
1944	cap_rights_limit \
1945	clock \
1946	closefrom \
1947	close_range \
1948	dirfd \
1949	endgrent \
1950	err \
1951	errx \
1952	explicit_bzero \
1953	explicit_memset \
1954	fchmod \
1955	fchmodat \
1956	fchown \
1957	fchownat \
1958	flock \
1959	fnmatch \
1960	freeaddrinfo \
1961	freezero \
1962	fstatfs \
1963	fstatvfs \
1964	futimes \
1965	getaddrinfo \
1966	getcwd \
1967	getentropy \
1968	getgrouplist \
1969	getline \
1970	getnameinfo \
1971	getopt \
1972	getpagesize \
1973	getpeereid \
1974	getpeerucred \
1975	getpgid \
1976	_getpty \
1977	getrlimit \
1978	getrandom \
1979	getsid \
1980	getttyent \
1981	glob \
1982	group_from_gid \
1983	inet_aton \
1984	inet_ntoa \
1985	inet_ntop \
1986	innetgr \
1987	killpg \
1988	llabs \
1989	localtime_r \
1990	login_getcapbool \
1991	login_getpwclass \
1992	memmem \
1993	memmove \
1994	memset_s \
1995	mkdtemp \
1996	ngetaddrinfo \
1997	nsleep \
1998	ogetaddrinfo \
1999	openlog_r \
2000	pledge \
2001	poll \
2002	ppoll \
2003	prctl \
2004	procctl \
2005	pselect \
2006	pstat \
2007	raise \
2008	readpassphrase \
2009	reallocarray \
2010	realpath \
2011	recvmsg \
2012	recallocarray \
2013	rresvport_af \
2014	sendmsg \
2015	setdtablesize \
2016	setegid \
2017	setenv \
2018	seteuid \
2019	setgroupent \
2020	setgroups \
2021	setlinebuf \
2022	setlogin \
2023	setpassent\
2024	setpcred \
2025	setproctitle \
2026	setregid \
2027	setreuid \
2028	setrlimit \
2029	setsid \
2030	setvbuf \
2031	sigaction \
2032	sigvec \
2033	snprintf \
2034	socketpair \
2035	statfs \
2036	statvfs \
2037	strcasestr \
2038	strdup \
2039	strerror \
2040	strlcat \
2041	strlcpy \
2042	strmode \
2043	strndup \
2044	strnlen \
2045	strnvis \
2046	strptime \
2047	strsignal \
2048	strtonum \
2049	strtoll \
2050	strtoul \
2051	strtoull \
2052	swap32 \
2053	sysconf \
2054	tcgetpgrp \
2055	timegm \
2056	timingsafe_bcmp \
2057	truncate \
2058	unsetenv \
2059	updwtmpx \
2060	utimensat \
2061	user_from_uid \
2062	usleep \
2063	vasprintf \
2064	vsnprintf \
2065	waitpid \
2066	warn \
2067])
2068
2069AC_CHECK_DECLS([bzero, memmem])
2070
2071dnl Wide character support.
2072AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
2073
2074TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
2075AC_MSG_CHECKING([for utf8 locale support])
2076AC_RUN_IFELSE(
2077	[AC_LANG_PROGRAM([[
2078#include <locale.h>
2079#include <stdlib.h>
2080	]], [[
2081	char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2082	if (loc != NULL)
2083		exit(0);
2084	exit(1);
2085	]])],
2086	AC_MSG_RESULT(yes),
2087	[AC_MSG_RESULT(no)
2088	 TEST_SSH_UTF8=no],
2089	AC_MSG_WARN([cross compiling: assuming yes])
2090)
2091
2092AC_LINK_IFELSE(
2093        [AC_LANG_PROGRAM(
2094           [[ #include <ctype.h> ]],
2095           [[ return (isblank('a')); ]])],
2096	[AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
2097])
2098
2099disable_pkcs11=
2100AC_ARG_ENABLE([pkcs11],
2101	[  --disable-pkcs11        disable PKCS#11 support code [no]],
2102	[
2103		if test "x$enableval" = "xno" ; then
2104			disable_pkcs11=1
2105		fi
2106	]
2107)
2108
2109disable_sk=
2110AC_ARG_ENABLE([security-key],
2111	[  --disable-security-key  disable U2F/FIDO support code [no]],
2112	[
2113		if test "x$enableval" = "xno" ; then
2114			disable_sk=1
2115		fi
2116	]
2117)
2118enable_sk_internal=
2119AC_ARG_WITH([security-key-builtin],
2120	[  --with-security-key-builtin include builtin U2F/FIDO support],
2121	[ enable_sk_internal=$withval ]
2122)
2123
2124AC_SEARCH_LIBS([dlopen], [dl])
2125AC_CHECK_FUNCS([dlopen])
2126AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
2127
2128# IRIX has a const char return value for gai_strerror()
2129AC_CHECK_FUNCS([gai_strerror], [
2130	AC_DEFINE([HAVE_GAI_STRERROR])
2131	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2132#include <sys/types.h>
2133#include <sys/socket.h>
2134#include <netdb.h>
2135
2136const char *gai_strerror(int);
2137			]], [[
2138	char *str;
2139	str = gai_strerror(0);
2140			]])], [
2141		AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
2142		[Define if gai_strerror() returns const char *])], [])])
2143
2144AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
2145	[Some systems put nanosleep outside of libc])])
2146
2147AC_SEARCH_LIBS([clock_gettime], [rt],
2148	[AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
2149
2150dnl check if we need -D_REENTRANT for localtime_r declaration.
2151AC_CHECK_DECL([localtime_r], [],
2152	[ saved_CPPFLAGS="$CPPFLAGS"
2153	  CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2154	  unset ac_cv_have_decl_localtime_r
2155	  AC_CHECK_DECL([localtime_r], [],
2156		[ CPPFLAGS="$saved_CPPFLAGS" ],
2157		[ #include <time.h> ]
2158	  )
2159	],
2160	[ #include <time.h> ]
2161)
2162
2163dnl Make sure prototypes are defined for these before using them.
2164AC_CHECK_DECL([strsep],
2165	[AC_CHECK_FUNCS([strsep])],
2166	[],
2167	[
2168#ifdef HAVE_STRING_H
2169# include <string.h>
2170#endif
2171	])
2172
2173dnl tcsendbreak might be a macro
2174AC_CHECK_DECL([tcsendbreak],
2175	[AC_DEFINE([HAVE_TCSENDBREAK])],
2176	[AC_CHECK_FUNCS([tcsendbreak])],
2177	[#include <termios.h>]
2178)
2179
2180AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2181
2182AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
2183	[
2184#include <sys/types.h>
2185#include <sys/socket.h>
2186#include <unistd.h>
2187	])
2188
2189AC_CHECK_DECLS([O_NONBLOCK], , ,
2190	[
2191#include <sys/types.h>
2192#ifdef HAVE_SYS_STAT_H
2193# include <sys/stat.h>
2194#endif
2195#ifdef HAVE_FCNTL_H
2196# include <fcntl.h>
2197#endif
2198	])
2199
2200AC_CHECK_DECLS([ftruncate, getentropy], , ,
2201	[
2202#include <sys/types.h>
2203#include <unistd.h>
2204	])
2205
2206AC_CHECK_DECLS([readv, writev], , , [
2207#include <sys/types.h>
2208#include <sys/uio.h>
2209#include <unistd.h>
2210	])
2211
2212AC_CHECK_DECLS([MAXSYMLINKS], , , [
2213#include <sys/param.h>
2214	])
2215
2216AC_CHECK_DECLS([offsetof], , , [
2217#include <stddef.h>
2218	])
2219
2220# extra bits for select(2)
2221AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2222#include <sys/param.h>
2223#include <sys/types.h>
2224#ifdef HAVE_SYS_SYSMACROS_H
2225#include <sys/sysmacros.h>
2226#endif
2227#ifdef HAVE_SYS_SELECT_H
2228#include <sys/select.h>
2229#endif
2230#ifdef HAVE_SYS_TIME_H
2231#include <sys/time.h>
2232#endif
2233#ifdef HAVE_UNISTD_H
2234#include <unistd.h>
2235#endif
2236	]])
2237AC_CHECK_TYPES([fd_mask], [], [], [[
2238#include <sys/param.h>
2239#include <sys/types.h>
2240#ifdef HAVE_SYS_SELECT_H
2241#include <sys/select.h>
2242#endif
2243#ifdef HAVE_SYS_TIME_H
2244#include <sys/time.h>
2245#endif
2246#ifdef HAVE_UNISTD_H
2247#include <unistd.h>
2248#endif
2249	]])
2250
2251AC_CHECK_FUNCS([setresuid], [
2252	dnl Some platorms have setresuid that isn't implemented, test for this
2253	AC_MSG_CHECKING([if setresuid seems to work])
2254	AC_RUN_IFELSE(
2255		[AC_LANG_PROGRAM([[
2256#include <errno.h>
2257#include <stdlib.h>
2258#include <unistd.h>
2259		]], [[
2260	errno=0;
2261	setresuid(0,0,0);
2262	if (errno==ENOSYS)
2263		exit(1);
2264	else
2265		exit(0);
2266		]])],
2267		[AC_MSG_RESULT([yes])],
2268		[AC_DEFINE([BROKEN_SETRESUID], [1],
2269			[Define if your setresuid() is broken])
2270		 AC_MSG_RESULT([not implemented])],
2271		[AC_MSG_WARN([cross compiling: not checking setresuid])]
2272	)
2273])
2274
2275AC_CHECK_FUNCS([setresgid], [
2276	dnl Some platorms have setresgid that isn't implemented, test for this
2277	AC_MSG_CHECKING([if setresgid seems to work])
2278	AC_RUN_IFELSE(
2279		[AC_LANG_PROGRAM([[
2280#include <errno.h>
2281#include <stdlib.h>
2282#include <unistd.h>
2283		]], [[
2284	errno=0;
2285	setresgid(0,0,0);
2286	if (errno==ENOSYS)
2287		exit(1);
2288	else
2289		exit(0);
2290		]])],
2291		[AC_MSG_RESULT([yes])],
2292		[AC_DEFINE([BROKEN_SETRESGID], [1],
2293			[Define if your setresgid() is broken])
2294		 AC_MSG_RESULT([not implemented])],
2295		[AC_MSG_WARN([cross compiling: not checking setresuid])]
2296	)
2297])
2298
2299AC_MSG_CHECKING([for working fflush(NULL)])
2300AC_RUN_IFELSE(
2301	[AC_LANG_PROGRAM([[
2302#include <stdio.h>
2303#include <stdlib.h>
2304	]],
2305	[[fflush(NULL); exit(0);]])],
2306	AC_MSG_RESULT([yes]),
2307	[AC_MSG_RESULT([no])
2308	 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2309	    [define if fflush(NULL) does not work])],
2310	AC_MSG_WARN([cross compiling: assuming working])
2311)
2312
2313dnl    Checks for time functions
2314AC_CHECK_FUNCS([gettimeofday time])
2315dnl    Checks for utmp functions
2316AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2317AC_CHECK_FUNCS([utmpname])
2318dnl    Checks for utmpx functions
2319AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2320AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2321dnl    Checks for lastlog functions
2322AC_CHECK_FUNCS([getlastlogxbyname])
2323
2324AC_CHECK_FUNC([daemon],
2325	[AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2326	[AC_CHECK_LIB([bsd], [daemon],
2327		[LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2328)
2329
2330AC_CHECK_FUNC([getpagesize],
2331	[AC_DEFINE([HAVE_GETPAGESIZE], [1],
2332		[Define if your libraries define getpagesize()])],
2333	[AC_CHECK_LIB([ucb], [getpagesize],
2334		[LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2335)
2336
2337# Check for broken snprintf
2338if test "x$ac_cv_func_snprintf" = "xyes" ; then
2339	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2340	AC_RUN_IFELSE(
2341		[AC_LANG_PROGRAM([[
2342#include <stdio.h>
2343#include <stdlib.h>
2344		]],
2345		[[
2346	char b[5];
2347	snprintf(b,5,"123456789");
2348	exit(b[4]!='\0');
2349		]])],
2350		[AC_MSG_RESULT([yes])],
2351		[
2352			AC_MSG_RESULT([no])
2353			AC_DEFINE([BROKEN_SNPRINTF], [1],
2354				[Define if your snprintf is busted])
2355			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2356		],
2357		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2358	)
2359fi
2360
2361if test "x$ac_cv_func_snprintf" = "xyes" ; then
2362	AC_MSG_CHECKING([whether snprintf understands %zu])
2363	AC_RUN_IFELSE(
2364		[AC_LANG_PROGRAM([[
2365#include <sys/types.h>
2366#include <stdio.h>
2367#include <stdlib.h>
2368#include <string.h>
2369		]],
2370		[[
2371	size_t a = 1, b = 2;
2372	char z[128];
2373	snprintf(z, sizeof z, "%zu%zu", a, b);
2374	exit(strcmp(z, "12"));
2375		]])],
2376		[AC_MSG_RESULT([yes])],
2377		[
2378			AC_MSG_RESULT([no])
2379			AC_DEFINE([BROKEN_SNPRINTF], [1],
2380				[snprintf does not understand %zu])
2381		],
2382		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2383	)
2384fi
2385
2386# We depend on vsnprintf returning the right thing on overflow: the
2387# number of characters it tried to create (as per SUSv3)
2388if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2389	AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2390	AC_RUN_IFELSE(
2391		[AC_LANG_PROGRAM([[
2392#include <sys/types.h>
2393#include <stdio.h>
2394#include <stdarg.h>
2395
2396int x_snprintf(char *str, size_t count, const char *fmt, ...)
2397{
2398	size_t ret;
2399	va_list ap;
2400
2401	va_start(ap, fmt);
2402	ret = vsnprintf(str, count, fmt, ap);
2403	va_end(ap);
2404	return ret;
2405}
2406		]], [[
2407char x[1];
2408if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2409	return 1;
2410if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2411	return 1;
2412return 0;
2413		]])],
2414		[AC_MSG_RESULT([yes])],
2415		[
2416			AC_MSG_RESULT([no])
2417			AC_DEFINE([BROKEN_SNPRINTF], [1],
2418				[Define if your snprintf is busted])
2419			AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2420		],
2421		[ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2422	)
2423fi
2424
2425# On systems where [v]snprintf is broken, but is declared in stdio,
2426# check that the fmt argument is const char * or just char *.
2427# This is only useful for when BROKEN_SNPRINTF
2428AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2429AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2430#include <stdio.h>
2431int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2432		]], [[
2433	snprintf(0, 0, 0);
2434		]])],
2435   [AC_MSG_RESULT([yes])
2436    AC_DEFINE([SNPRINTF_CONST], [const],
2437              [Define as const if snprintf() can declare const char *fmt])],
2438   [AC_MSG_RESULT([no])
2439    AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2440
2441# Check for missing getpeereid (or equiv) support
2442NO_PEERCHECK=""
2443if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2444	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2445	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2446#include <sys/types.h>
2447#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2448		[ AC_MSG_RESULT([yes])
2449		  AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2450		], [AC_MSG_RESULT([no])
2451		NO_PEERCHECK=1
2452        ])
2453fi
2454
2455dnl make sure that openpty does not reacquire controlling terminal
2456if test ! -z "$check_for_openpty_ctty_bug"; then
2457	AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2458	AC_RUN_IFELSE(
2459		[AC_LANG_PROGRAM([[
2460#include <stdio.h>
2461#include <stdlib.h>
2462#include <unistd.h>
2463#ifdef HAVE_PTY_H
2464# include <pty.h>
2465#endif
2466#include <sys/fcntl.h>
2467#include <sys/types.h>
2468#include <sys/wait.h>
2469		]], [[
2470	pid_t pid;
2471	int fd, ptyfd, ttyfd, status;
2472
2473	pid = fork();
2474	if (pid < 0) {		/* failed */
2475		exit(1);
2476	} else if (pid > 0) {	/* parent */
2477		waitpid(pid, &status, 0);
2478		if (WIFEXITED(status))
2479			exit(WEXITSTATUS(status));
2480		else
2481			exit(2);
2482	} else {		/* child */
2483		close(0); close(1); close(2);
2484		setsid();
2485		openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2486		fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2487		if (fd >= 0)
2488			exit(3);	/* Acquired ctty: broken */
2489		else
2490			exit(0);	/* Did not acquire ctty: OK */
2491	}
2492		]])],
2493		[
2494			AC_MSG_RESULT([yes])
2495		],
2496		[
2497			AC_MSG_RESULT([no])
2498			AC_DEFINE([SSHD_ACQUIRES_CTTY])
2499		],
2500		[
2501			AC_MSG_RESULT([cross-compiling, assuming yes])
2502		]
2503	)
2504fi
2505
2506if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2507    test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2508	AC_MSG_CHECKING([if getaddrinfo seems to work])
2509	AC_RUN_IFELSE(
2510		[AC_LANG_PROGRAM([[
2511#include <stdio.h>
2512#include <stdlib.h>
2513#include <sys/socket.h>
2514#include <netdb.h>
2515#include <errno.h>
2516#include <netinet/in.h>
2517
2518#define TEST_PORT "2222"
2519		]], [[
2520	int err, sock;
2521	struct addrinfo *gai_ai, *ai, hints;
2522	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2523
2524	memset(&hints, 0, sizeof(hints));
2525	hints.ai_family = PF_UNSPEC;
2526	hints.ai_socktype = SOCK_STREAM;
2527	hints.ai_flags = AI_PASSIVE;
2528
2529	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2530	if (err != 0) {
2531		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2532		exit(1);
2533	}
2534
2535	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2536		if (ai->ai_family != AF_INET6)
2537			continue;
2538
2539		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2540		    sizeof(ntop), strport, sizeof(strport),
2541		    NI_NUMERICHOST|NI_NUMERICSERV);
2542
2543		if (err != 0) {
2544			if (err == EAI_SYSTEM)
2545				perror("getnameinfo EAI_SYSTEM");
2546			else
2547				fprintf(stderr, "getnameinfo failed: %s\n",
2548				    gai_strerror(err));
2549			exit(2);
2550		}
2551
2552		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2553		if (sock < 0)
2554			perror("socket");
2555		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2556			if (errno == EBADF)
2557				exit(3);
2558		}
2559	}
2560	exit(0);
2561		]])],
2562		[
2563			AC_MSG_RESULT([yes])
2564		],
2565		[
2566			AC_MSG_RESULT([no])
2567			AC_DEFINE([BROKEN_GETADDRINFO])
2568		],
2569		[
2570			AC_MSG_RESULT([cross-compiling, assuming yes])
2571		]
2572	)
2573fi
2574
2575if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2576    test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2577	AC_MSG_CHECKING([if getaddrinfo seems to work])
2578	AC_RUN_IFELSE(
2579		[AC_LANG_PROGRAM([[
2580#include <stdio.h>
2581#include <stdlib.h>
2582#include <sys/socket.h>
2583#include <netdb.h>
2584#include <errno.h>
2585#include <netinet/in.h>
2586
2587#define TEST_PORT "2222"
2588		]], [[
2589	int err, sock;
2590	struct addrinfo *gai_ai, *ai, hints;
2591	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2592
2593	memset(&hints, 0, sizeof(hints));
2594	hints.ai_family = PF_UNSPEC;
2595	hints.ai_socktype = SOCK_STREAM;
2596	hints.ai_flags = AI_PASSIVE;
2597
2598	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2599	if (err != 0) {
2600		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2601		exit(1);
2602	}
2603
2604	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2605		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2606			continue;
2607
2608		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2609		    sizeof(ntop), strport, sizeof(strport),
2610		    NI_NUMERICHOST|NI_NUMERICSERV);
2611
2612		if (ai->ai_family == AF_INET && err != 0) {
2613			perror("getnameinfo");
2614			exit(2);
2615		}
2616	}
2617	exit(0);
2618		]])],
2619		[
2620			AC_MSG_RESULT([yes])
2621			AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2622				[Define if you have a getaddrinfo that fails
2623				for the all-zeros IPv6 address])
2624		],
2625		[
2626			AC_MSG_RESULT([no])
2627			AC_DEFINE([BROKEN_GETADDRINFO])
2628		],
2629		[
2630			AC_MSG_RESULT([cross-compiling, assuming no])
2631		]
2632	)
2633fi
2634
2635if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2636	AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2637	    [#include <sys/types.h>
2638	     #include <sys/socket.h>
2639	     #include <netdb.h>])
2640fi
2641
2642if test "x$check_for_conflicting_getspnam" = "x1"; then
2643	AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2644	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2645#include <shadow.h>
2646#include <stdlib.h>
2647		]],
2648		[[ exit(0); ]])],
2649		[
2650			AC_MSG_RESULT([no])
2651		],
2652		[
2653			AC_MSG_RESULT([yes])
2654			AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2655			    [Conflicting defs for getspnam])
2656		]
2657	)
2658fi
2659
2660dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2661dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2662dnl for over ten years). Despite this incompatibility being reported during
2663dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2664dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2665dnl implementation.  Try to detect this mess, and assume the only safe option
2666dnl if we're cross compiling.
2667dnl
2668dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2669dnl NetBSD: 2012,  strnvis(char *dst, size_t dlen, const char *src, int flag);
2670if test "x$ac_cv_func_strnvis" = "xyes"; then
2671	AC_MSG_CHECKING([for working strnvis])
2672	AC_RUN_IFELSE(
2673		[AC_LANG_PROGRAM([[
2674#include <signal.h>
2675#include <stdlib.h>
2676#include <string.h>
2677#include <unistd.h>
2678#include <vis.h>
2679static void sighandler(int sig) { _exit(1); }
2680		]], [[
2681	char dst[16];
2682
2683	signal(SIGSEGV, sighandler);
2684	if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2685		exit(0);
2686	exit(1)
2687		]])],
2688		[AC_MSG_RESULT([yes])],
2689		[AC_MSG_RESULT([no])
2690		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2691		[AC_MSG_WARN([cross compiling: assuming broken])
2692		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2693	)
2694fi
2695
2696AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
2697AC_RUN_IFELSE(
2698	[AC_LANG_PROGRAM([[
2699#ifdef HAVE_SYS_SELECT
2700# include <sys/select.h>
2701#endif
2702#include <sys/types.h>
2703#include <sys/time.h>
2704#include <stdlib.h>
2705#include <signal.h>
2706#include <unistd.h>
2707static void sighandler(int sig) { }
2708		]], [[
2709	int r;
2710	pid_t pid;
2711	struct sigaction sa;
2712
2713	sa.sa_handler = sighandler;
2714	sa.sa_flags = SA_RESTART;
2715	(void)sigaction(SIGTERM, &sa, NULL);
2716	if ((pid = fork()) == 0) { /* child */
2717		pid = getppid();
2718		sleep(1);
2719		kill(pid, SIGTERM);
2720		sleep(1);
2721		if (getppid() == pid) /* if parent did not exit, shoot it */
2722			kill(pid, SIGKILL);
2723		exit(0);
2724	} else { /* parent */
2725		r = select(0, NULL, NULL, NULL, NULL);
2726	}
2727	exit(r == -1 ? 0 : 1);
2728	]])],
2729	[AC_MSG_RESULT([yes])],
2730	[AC_MSG_RESULT([no])
2731	 AC_DEFINE([NO_SA_RESTART], [1],
2732	    [SA_RESTARTed signals do no interrupt select])],
2733	[AC_MSG_WARN([cross compiling: assuming yes])]
2734)
2735
2736AC_CHECK_FUNCS([getpgrp],[
2737	AC_MSG_CHECKING([if getpgrp accepts zero args])
2738	AC_COMPILE_IFELSE(
2739		[AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2740		[ AC_MSG_RESULT([yes])
2741		  AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2742		[ AC_MSG_RESULT([no])
2743		  AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2744	)
2745])
2746
2747# Search for OpenSSL
2748saved_CPPFLAGS="$CPPFLAGS"
2749saved_LDFLAGS="$LDFLAGS"
2750openssl_bin_PATH="$PATH"
2751AC_ARG_WITH([ssl-dir],
2752	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
2753	[
2754		if test "x$openssl" = "xno" ; then
2755			AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2756		fi
2757		if test "x$withval" != "xno" ; then
2758			case "$withval" in
2759				# Relative paths
2760				./*|../*)	withval="`pwd`/$withval"
2761			esac
2762			if test -d "$withval/lib"; then
2763				libcrypto_path="${withval}/lib"
2764			elif test -d "$withval/lib64"; then
2765				libcrypto_path="$withval/lib64"
2766			else
2767				# Built but not installed
2768				libcrypto_path="${withval}"
2769			fi
2770			if test -n "${rpath_opt}"; then
2771				LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2772			else
2773				LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2774			fi
2775			if test -d "$withval/include"; then
2776				CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2777			else
2778				CPPFLAGS="-I${withval} ${CPPFLAGS}"
2779			fi
2780			openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
2781		fi
2782	]
2783)
2784AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH])
2785AC_SUBST(OPENSSL_BIN, [${openssl_bin}])
2786
2787AC_ARG_WITH([openssl-header-check],
2788	[  --without-openssl-header-check Disable OpenSSL version consistency check],
2789	[
2790		if test "x$withval" = "xno" ; then
2791			openssl_check_nonfatal=1
2792		fi
2793	]
2794)
2795
2796openssl_engine=no
2797AC_ARG_WITH([ssl-engine],
2798	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
2799	[
2800		if test "x$withval" != "xno" ; then
2801			if test "x$openssl" = "xno" ; then
2802				AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2803			fi
2804			openssl_engine=yes
2805		fi
2806	]
2807)
2808
2809nocrypto_saved_LIBS="$LIBS"
2810if test "x$openssl" = "xyes" ; then
2811	LIBS="-lcrypto $LIBS"
2812	CHANNELLIBS="-lcrypto $CHANNELLIBS"
2813	AC_TRY_LINK_FUNC([RAND_add], ,
2814	    [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
2815	AC_CHECK_HEADER([openssl/opensslv.h], ,
2816	    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2817
2818	# Determine OpenSSL header version
2819	AC_MSG_CHECKING([OpenSSL header version])
2820	AC_RUN_IFELSE(
2821		[AC_LANG_PROGRAM([[
2822	#include <stdlib.h>
2823	#include <stdio.h>
2824	#include <string.h>
2825	#include <openssl/opensslv.h>
2826	#define DATA "conftest.sslincver"
2827		]], [[
2828		FILE *fd;
2829		int rc;
2830
2831		fd = fopen(DATA,"w");
2832		if(fd == NULL)
2833			exit(1);
2834
2835		if ((rc = fprintf(fd, "%08lx (%s)\n",
2836		    (unsigned long)OPENSSL_VERSION_NUMBER,
2837		     OPENSSL_VERSION_TEXT)) < 0)
2838			exit(1);
2839
2840		exit(0);
2841		]])],
2842		[
2843			ssl_header_ver=`cat conftest.sslincver`
2844			AC_MSG_RESULT([$ssl_header_ver])
2845		],
2846		[
2847			AC_MSG_RESULT([not found])
2848			AC_MSG_ERROR([OpenSSL version header not found.])
2849		],
2850		[
2851			AC_MSG_WARN([cross compiling: not checking])
2852		]
2853	)
2854
2855	# Determining OpenSSL library version is version dependent.
2856	AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
2857
2858	# Determine OpenSSL library version
2859	AC_MSG_CHECKING([OpenSSL library version])
2860	AC_RUN_IFELSE(
2861		[AC_LANG_PROGRAM([[
2862	#include <stdio.h>
2863	#include <stdlib.h>
2864	#include <string.h>
2865	#include <openssl/opensslv.h>
2866	#include <openssl/crypto.h>
2867	#define DATA "conftest.ssllibver"
2868		]], [[
2869		FILE *f;
2870		/* We need these legacy bits to warn for old libcrypto */
2871		#ifndef OPENSSL_VERSION
2872		# define OPENSSL_VERSION SSLEAY_VERSION
2873		#endif
2874		#ifndef HAVE_OPENSSL_VERSION
2875		# define OpenSSL_version       SSLeay_version
2876		#endif
2877		#ifndef HAVE_OPENSSL_VERSION_NUM
2878		# define OpenSSL_version_num   SSLeay
2879		#endif
2880		if ((f = fopen(DATA, "w")) == NULL)
2881			exit(1);
2882		if (fprintf(f, "%08lx (%s)",
2883		    (unsigned long)OpenSSL_version_num(),
2884		    OpenSSL_version(OPENSSL_VERSION)) < 0)
2885			exit(1);
2886#ifdef LIBRESSL_VERSION_NUMBER
2887		if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
2888			exit(1);
2889#endif
2890		if (fputc('\n', f) == EOF || fclose(f) == EOF)
2891			exit(1);
2892		exit(0);
2893		]])],
2894		[
2895			sslver=`cat conftest.ssllibver`
2896			ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
2897			# Check version is supported.
2898			case "$sslver" in
2899			100*|10100*) # 1.0.x, 1.1.0x
2900				AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
2901				;;
2902			101*)   ;; # 1.1.x
2903			200*)   # LibreSSL
2904				lver=`echo "$sslver" | sed 's/.*libressl-//'`
2905				case "$lver" in
2906				2*|300*) # 2.x, 3.0.0
2907					AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
2908					;;
2909				*) ;;	# Assume all other versions are good.
2910				esac
2911				;;
2912			300*)
2913				# OpenSSL 3; we use the 1.1x API
2914				CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2915				;;
2916			301*|302*)
2917				# OpenSSL development branch; request 1.1x API
2918				CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2919				;;
2920		        *)
2921				AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
2922		                ;;
2923			esac
2924			AC_MSG_RESULT([$ssl_showver])
2925		],
2926		[
2927			AC_MSG_RESULT([not found])
2928			AC_MSG_ERROR([OpenSSL library not found.])
2929		],
2930		[
2931			AC_MSG_WARN([cross compiling: not checking])
2932		]
2933	)
2934
2935	case "$host" in
2936	x86_64-*)
2937		case "$sslver" in
2938		3000004*)
2939			AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2940			;;
2941		esac
2942	esac
2943
2944	# Sanity check OpenSSL headers
2945	AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2946	AC_RUN_IFELSE(
2947		[AC_LANG_PROGRAM([[
2948	#include <stdlib.h>
2949	#include <string.h>
2950	#include <openssl/opensslv.h>
2951	#include <openssl/crypto.h>
2952		]], [[
2953		exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2954		]])],
2955		[
2956			AC_MSG_RESULT([yes])
2957		],
2958		[
2959			AC_MSG_RESULT([no])
2960			if test "x$openssl_check_nonfatal" = "x"; then
2961				AC_MSG_ERROR([Your OpenSSL headers do not match your
2962	library. Check config.log for details.
2963	If you are sure your installation is consistent, you can disable the check
2964	by running "./configure --without-openssl-header-check".
2965	Also see contrib/findssl.sh for help identifying header/library mismatches.
2966	])
2967			else
2968				AC_MSG_WARN([Your OpenSSL headers do not match your
2969	library. Check config.log for details.
2970	Also see contrib/findssl.sh for help identifying header/library mismatches.])
2971			fi
2972		],
2973		[
2974			AC_MSG_WARN([cross compiling: not checking])
2975		]
2976	)
2977
2978	AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2979	AC_LINK_IFELSE(
2980		[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2981		[[ ERR_load_crypto_strings(); ]])],
2982		[
2983			AC_MSG_RESULT([yes])
2984		],
2985		[
2986			AC_MSG_RESULT([no])
2987			LIBS="$LIBS -ldl"
2988			AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2989			AC_LINK_IFELSE(
2990				[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2991				[[ ERR_load_crypto_strings(); ]])],
2992				[
2993					AC_MSG_RESULT([yes])
2994					CHANNELLIBS="$CHANNELLIBS -ldl"
2995				],
2996				[
2997					AC_MSG_RESULT([no])
2998				]
2999			)
3000		]
3001	)
3002
3003	AC_CHECK_FUNCS([ \
3004		BN_is_prime_ex \
3005		DES_crypt \
3006		DSA_generate_parameters_ex \
3007		EVP_DigestFinal_ex \
3008		EVP_DigestInit_ex \
3009		EVP_MD_CTX_cleanup \
3010		EVP_MD_CTX_copy_ex \
3011		EVP_MD_CTX_init \
3012		HMAC_CTX_init \
3013		RSA_generate_key_ex \
3014		RSA_get_default_method \
3015	])
3016
3017	# OpenSSL_add_all_algorithms may be a macro.
3018	AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
3019	    AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
3020	    AC_CHECK_DECL(OpenSSL_add_all_algorithms,
3021		AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
3022		[[#include <openssl/evp.h>]]
3023	    )
3024	)
3025
3026	# LibreSSL/OpenSSL API differences
3027	AC_CHECK_FUNCS([ \
3028		EVP_CIPHER_CTX_iv \
3029		EVP_CIPHER_CTX_iv_noconst \
3030		EVP_CIPHER_CTX_get_iv \
3031		EVP_CIPHER_CTX_get_updated_iv \
3032		EVP_CIPHER_CTX_set_iv \
3033	])
3034
3035	if test "x$openssl_engine" = "xyes" ; then
3036		AC_MSG_CHECKING([for OpenSSL ENGINE support])
3037		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3038	#include <openssl/engine.h>
3039			]], [[
3040				ENGINE_load_builtin_engines();
3041				ENGINE_register_all_complete();
3042			]])],
3043			[ AC_MSG_RESULT([yes])
3044			  AC_DEFINE([USE_OPENSSL_ENGINE], [1],
3045			     [Enable OpenSSL engine support])
3046			], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
3047		])
3048	fi
3049
3050	# Check for OpenSSL without EVP_aes_{192,256}_cbc
3051	AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3052	AC_LINK_IFELSE(
3053		[AC_LANG_PROGRAM([[
3054	#include <stdlib.h>
3055	#include <string.h>
3056	#include <openssl/evp.h>
3057		]], [[
3058		exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
3059		]])],
3060		[
3061			AC_MSG_RESULT([no])
3062		],
3063		[
3064			AC_MSG_RESULT([yes])
3065			AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
3066			    [libcrypto is missing AES 192 and 256 bit functions])
3067		]
3068	)
3069
3070	AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
3071	AC_LINK_IFELSE(
3072		[AC_LANG_PROGRAM([[
3073	#include <stdlib.h>
3074	#include <string.h>
3075	#include <openssl/evp.h>
3076		]], [[
3077		if(EVP_DigestUpdate(NULL, NULL,0))
3078			exit(0);
3079		]])],
3080		[
3081			AC_MSG_RESULT([yes])
3082		],
3083		[
3084			AC_MSG_RESULT([no])
3085			AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
3086			    [Define if EVP_DigestUpdate returns void])
3087		]
3088	)
3089
3090	# Check for various EVP support in OpenSSL
3091	AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
3092
3093	# Check complete ECC support in OpenSSL
3094	AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3095	AC_LINK_IFELSE(
3096		[AC_LANG_PROGRAM([[
3097	#include <openssl/ec.h>
3098	#include <openssl/ecdh.h>
3099	#include <openssl/ecdsa.h>
3100	#include <openssl/evp.h>
3101	#include <openssl/objects.h>
3102	#include <openssl/opensslv.h>
3103		]], [[
3104		EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3105		const EVP_MD *m = EVP_sha256(); /* We need this too */
3106		]])],
3107		[ AC_MSG_RESULT([yes])
3108		  enable_nistp256=1 ],
3109		[ AC_MSG_RESULT([no]) ]
3110	)
3111
3112	AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3113	AC_LINK_IFELSE(
3114		[AC_LANG_PROGRAM([[
3115	#include <openssl/ec.h>
3116	#include <openssl/ecdh.h>
3117	#include <openssl/ecdsa.h>
3118	#include <openssl/evp.h>
3119	#include <openssl/objects.h>
3120	#include <openssl/opensslv.h>
3121		]], [[
3122		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3123		const EVP_MD *m = EVP_sha384(); /* We need this too */
3124		]])],
3125		[ AC_MSG_RESULT([yes])
3126		  enable_nistp384=1 ],
3127		[ AC_MSG_RESULT([no]) ]
3128	)
3129
3130	AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3131	AC_LINK_IFELSE(
3132		[AC_LANG_PROGRAM([[
3133	#include <openssl/ec.h>
3134	#include <openssl/ecdh.h>
3135	#include <openssl/ecdsa.h>
3136	#include <openssl/evp.h>
3137	#include <openssl/objects.h>
3138	#include <openssl/opensslv.h>
3139		]], [[
3140		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3141		const EVP_MD *m = EVP_sha512(); /* We need this too */
3142		]])],
3143		[ AC_MSG_RESULT([yes])
3144		  AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3145		  AC_RUN_IFELSE(
3146			[AC_LANG_PROGRAM([[
3147	#include <stdlib.h>
3148	#include <openssl/ec.h>
3149	#include <openssl/ecdh.h>
3150	#include <openssl/ecdsa.h>
3151	#include <openssl/evp.h>
3152	#include <openssl/objects.h>
3153	#include <openssl/opensslv.h>
3154			]],[[
3155			EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3156			const EVP_MD *m = EVP_sha512(); /* We need this too */
3157			exit(e == NULL || m == NULL);
3158			]])],
3159			[ AC_MSG_RESULT([yes])
3160			  enable_nistp521=1 ],
3161			[ AC_MSG_RESULT([no]) ],
3162			[ AC_MSG_WARN([cross-compiling: assuming yes])
3163			  enable_nistp521=1 ]
3164		  )],
3165		AC_MSG_RESULT([no])
3166	)
3167
3168	if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3169	    test x$enable_nistp521 = x1; then
3170		AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3171		AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3172		openssl_ecc=yes
3173	else
3174		openssl_ecc=no
3175	fi
3176	if test x$enable_nistp256 = x1; then
3177		AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3178		    [libcrypto has NID_X9_62_prime256v1])
3179	else
3180		unsupported_algorithms="$unsupported_algorithms \
3181			ecdsa-sha2-nistp256 \
3182			ecdh-sha2-nistp256 \
3183			ecdsa-sha2-nistp256-cert-v01@openssh.com"
3184	fi
3185	if test x$enable_nistp384 = x1; then
3186		AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3187	else
3188		unsupported_algorithms="$unsupported_algorithms \
3189			ecdsa-sha2-nistp384 \
3190			ecdh-sha2-nistp384 \
3191			ecdsa-sha2-nistp384-cert-v01@openssh.com"
3192	fi
3193	if test x$enable_nistp521 = x1; then
3194		AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3195	else
3196		unsupported_algorithms="$unsupported_algorithms \
3197			ecdh-sha2-nistp521 \
3198			ecdsa-sha2-nistp521 \
3199			ecdsa-sha2-nistp521-cert-v01@openssh.com"
3200	fi
3201fi
3202
3203# PKCS11/U2F depend on OpenSSL and dlopen().
3204enable_pkcs11=yes
3205enable_sk=yes
3206if test "x$openssl" != "xyes" ; then
3207	enable_pkcs11="disabled; missing libcrypto"
3208fi
3209if test "x$ac_cv_func_dlopen" != "xyes" ; then
3210	enable_pkcs11="disabled; missing dlopen(3)"
3211	enable_sk="disabled; missing dlopen(3)"
3212fi
3213if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3214	enable_pkcs11="disabled; missing RTLD_NOW"
3215	enable_sk="disabled; missing RTLD_NOW"
3216fi
3217if test ! -z "$disable_pkcs11" ; then
3218	enable_pkcs11="disabled by user"
3219fi
3220if test ! -z "$disable_sk" ; then
3221	enable_sk="disabled by user"
3222fi
3223
3224AC_MSG_CHECKING([whether to enable PKCS11])
3225if test "x$enable_pkcs11" = "xyes" ; then
3226	AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3227fi
3228AC_MSG_RESULT([$enable_pkcs11])
3229
3230AC_MSG_CHECKING([whether to enable U2F])
3231if test "x$enable_sk" = "xyes" ; then
3232	AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3233	AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3234else
3235	# Do not try to build sk-dummy library.
3236	AC_SUBST(SK_DUMMY_LIBRARY, [""])
3237fi
3238AC_MSG_RESULT([$enable_sk])
3239
3240# Now check for built-in security key support.
3241if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3242	use_pkgconfig_for_libfido2=
3243	if test "x$PKGCONFIG" != "xno"; then
3244		AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3245		if "$PKGCONFIG" libfido2; then
3246			AC_MSG_RESULT([yes])
3247			use_pkgconfig_for_libfido2=yes
3248		else
3249			AC_MSG_RESULT([no])
3250		fi
3251	fi
3252	if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3253		LIBFIDO2=`$PKGCONFIG --libs libfido2`
3254		CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3255	else
3256		LIBFIDO2="-lprivatefido2 -lprivatecbor"
3257	fi
3258	OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3259	fido2_error=
3260	AC_CHECK_LIB([privatefido2], [fido_init],
3261		[ ],
3262		[ fido2_error="missing/unusable libfido2" ],
3263		[ $OTHERLIBS ]
3264	)
3265	AC_CHECK_HEADER([fido.h], [],
3266		[ fido2_error="missing fido.h from libfido2" ])
3267	AC_CHECK_HEADER([fido/credman.h], [],
3268		[ fido2_error="missing fido/credman.h from libfido2" ],
3269		[ #include <fido.h> ]
3270	)
3271	AC_MSG_CHECKING([for usable libfido2 installation])
3272	if test ! -z "$fido2_error" ; then
3273		AC_MSG_RESULT([$fido2_error])
3274		if test "x$enable_sk_internal" = "xyes" ; then
3275			AC_MSG_ERROR([No usable libfido2 library/headers found])
3276		fi
3277		LIBFIDO2=""
3278	else
3279		AC_MSG_RESULT([yes])
3280		AC_SUBST([LIBFIDO2])
3281		AC_DEFINE([ENABLE_SK_INTERNAL], [],
3282		    [Enable for built-in U2F/FIDO support])
3283		enable_sk="built-in"
3284		saved_LIBS="$LIBS"
3285		LIBS="$LIBFIDO2 $LIBS"
3286		AC_CHECK_FUNCS([ \
3287			fido_assert_set_clientdata \
3288			fido_cred_prot \
3289			fido_cred_set_prot \
3290			fido_cred_set_clientdata \
3291			fido_dev_get_touch_begin \
3292			fido_dev_get_touch_status \
3293			fido_dev_supports_cred_prot \
3294			fido_dev_is_winhello \
3295		])
3296		LIBS="$saved_LIBS"
3297	fi
3298fi
3299
3300AC_CHECK_FUNCS([ \
3301	arc4random \
3302	arc4random_buf \
3303	arc4random_stir \
3304	arc4random_uniform \
3305])
3306### Configure cryptographic random number support
3307
3308# Check whether OpenSSL seeds itself
3309if test "x$openssl" = "xyes" ; then
3310	AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3311	AC_RUN_IFELSE(
3312		[AC_LANG_PROGRAM([[
3313	#include <stdlib.h>
3314	#include <string.h>
3315	#include <openssl/rand.h>
3316		]], [[
3317		exit(RAND_status() == 1 ? 0 : 1);
3318		]])],
3319		[
3320			OPENSSL_SEEDS_ITSELF=yes
3321			AC_MSG_RESULT([yes])
3322		],
3323		[
3324			AC_MSG_RESULT([no])
3325		],
3326		[
3327			AC_MSG_WARN([cross compiling: assuming yes])
3328			# This is safe, since we will fatal() at runtime if
3329			# OpenSSL is not seeded correctly.
3330			OPENSSL_SEEDS_ITSELF=yes
3331		]
3332	)
3333fi
3334
3335# PRNGD TCP socket
3336AC_ARG_WITH([prngd-port],
3337	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
3338	[
3339		case "$withval" in
3340		no)
3341			withval=""
3342			;;
3343		[[0-9]]*)
3344			;;
3345		*)
3346			AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3347			;;
3348		esac
3349		if test ! -z "$withval" ; then
3350			PRNGD_PORT="$withval"
3351			AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3352				[Port number of PRNGD/EGD random number socket])
3353		fi
3354	]
3355)
3356
3357# PRNGD Unix domain socket
3358AC_ARG_WITH([prngd-socket],
3359	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3360	[
3361		case "$withval" in
3362		yes)
3363			withval="/var/run/egd-pool"
3364			;;
3365		no)
3366			withval=""
3367			;;
3368		/*)
3369			;;
3370		*)
3371			AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3372			;;
3373		esac
3374
3375		if test ! -z "$withval" ; then
3376			if test ! -z "$PRNGD_PORT" ; then
3377				AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3378			fi
3379			if test ! -r "$withval" ; then
3380				AC_MSG_WARN([Entropy socket is not readable])
3381			fi
3382			PRNGD_SOCKET="$withval"
3383			AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3384				[Location of PRNGD/EGD random number socket])
3385		fi
3386	],
3387	[
3388		# Check for existing socket only if we don't have a random device already
3389		if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3390			AC_MSG_CHECKING([for PRNGD/EGD socket])
3391			# Insert other locations here
3392			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3393				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3394					PRNGD_SOCKET="$sock"
3395					AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3396					break;
3397				fi
3398			done
3399			if test ! -z "$PRNGD_SOCKET" ; then
3400				AC_MSG_RESULT([$PRNGD_SOCKET])
3401			else
3402				AC_MSG_RESULT([not found])
3403			fi
3404		fi
3405	]
3406)
3407
3408# Which randomness source do we use?
3409if test ! -z "$PRNGD_PORT" ; then
3410	RAND_MSG="PRNGd port $PRNGD_PORT"
3411elif test ! -z "$PRNGD_SOCKET" ; then
3412	RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3413elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3414	AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3415		[Define if you want the OpenSSL internally seeded PRNG only])
3416	RAND_MSG="OpenSSL internal ONLY"
3417elif test "x$openssl" = "xno" ; then
3418	AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3419else
3420	AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3421fi
3422LIBS="$nocrypto_saved_LIBS"
3423
3424saved_LIBS="$LIBS"
3425AC_CHECK_LIB([iaf], [ia_openinfo], [
3426	LIBS="$LIBS -liaf"
3427	AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3428				AC_DEFINE([HAVE_LIBIAF], [1],
3429			[Define if system has libiaf that supports set_id])
3430				])
3431])
3432LIBS="$saved_LIBS"
3433
3434# Check for crypt() in libcrypt.  If we have it, we only need it for sshd.
3435saved_LIBS="$LIBS"
3436AC_CHECK_LIB([crypt], [crypt], [
3437	LIBS="-lcrypt $LIBS"
3438	SSHDLIBS="-lcrypt $SSHDLIBS"
3439])
3440AC_CHECK_FUNCS([crypt])
3441LIBS="$saved_LIBS"
3442
3443# Check for PAM libs
3444PAM_MSG="no"
3445AC_ARG_WITH([pam],
3446	[  --with-pam              Enable PAM support ],
3447	[
3448		if test "x$withval" != "xno" ; then
3449			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3450			   test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3451				AC_MSG_ERROR([PAM headers not found])
3452			fi
3453
3454			saved_LIBS="$LIBS"
3455			AC_CHECK_LIB([dl], [dlopen], , )
3456			AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3457			AC_CHECK_FUNCS([pam_getenvlist])
3458			AC_CHECK_FUNCS([pam_putenv])
3459			LIBS="$saved_LIBS"
3460
3461			PAM_MSG="yes"
3462
3463			SSHDLIBS="$SSHDLIBS -lpam"
3464			AC_DEFINE([USE_PAM], [1],
3465				[Define if you want to enable PAM support])
3466
3467			if test $ac_cv_lib_dl_dlopen = yes; then
3468				case "$LIBS" in
3469				*-ldl*)
3470					# libdl already in LIBS
3471					;;
3472				*)
3473					SSHDLIBS="$SSHDLIBS -ldl"
3474					;;
3475				esac
3476			fi
3477		fi
3478	]
3479)
3480
3481AC_ARG_WITH([pam-service],
3482	[  --with-pam-service=name Specify PAM service name ],
3483	[
3484		if test "x$withval" != "xno" && \
3485		   test "x$withval" != "xyes" ; then
3486			AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3487				["$withval"], [sshd PAM service name])
3488		fi
3489	]
3490)
3491
3492# Check for older PAM
3493if test "x$PAM_MSG" = "xyes" ; then
3494	# Check PAM strerror arguments (old PAM)
3495	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3496	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3497#include <stdlib.h>
3498#if defined(HAVE_SECURITY_PAM_APPL_H)
3499#include <security/pam_appl.h>
3500#elif defined (HAVE_PAM_PAM_APPL_H)
3501#include <pam/pam_appl.h>
3502#endif
3503		]], [[
3504(void)pam_strerror((pam_handle_t *)NULL, -1);
3505		]])], [AC_MSG_RESULT([no])], [
3506			AC_DEFINE([HAVE_OLD_PAM], [1],
3507				[Define if you have an old version of PAM
3508				which takes only one argument to pam_strerror])
3509			AC_MSG_RESULT([yes])
3510			PAM_MSG="yes (old library)"
3511
3512	])
3513fi
3514
3515case "$host" in
3516*-*-cygwin*)
3517	SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3518	;;
3519*)
3520	SSH_PRIVSEP_USER=sshd
3521	;;
3522esac
3523AC_ARG_WITH([privsep-user],
3524	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
3525	[
3526		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3527		    test "x${withval}" != "xyes"; then
3528			SSH_PRIVSEP_USER=$withval
3529		fi
3530	]
3531)
3532if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3533	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3534		[Cygwin function to fetch non-privileged user for privilege separation])
3535else
3536	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3537		[non-privileged user for privilege separation])
3538fi
3539AC_SUBST([SSH_PRIVSEP_USER])
3540
3541if test "x$have_linux_no_new_privs" = "x1" ; then
3542AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3543	#include <sys/types.h>
3544	#include <linux/seccomp.h>
3545])
3546fi
3547if test "x$have_seccomp_filter" = "x1" ; then
3548AC_MSG_CHECKING([kernel for seccomp_filter support])
3549AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3550		#include <errno.h>
3551		#include <elf.h>
3552		#include <linux/audit.h>
3553		#include <linux/seccomp.h>
3554		#include <stdlib.h>
3555		#include <sys/prctl.h>
3556	]],
3557	[[ int i = $seccomp_audit_arch;
3558	   errno = 0;
3559	   prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3560	   exit(errno == EFAULT ? 0 : 1); ]])],
3561	[ AC_MSG_RESULT([yes]) ], [
3562		AC_MSG_RESULT([no])
3563		# Disable seccomp filter as a target
3564		have_seccomp_filter=0
3565	]
3566)
3567fi
3568
3569AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
3570#include <sys/types.h>
3571#ifdef HAVE_POLL_H
3572#include <poll.h>
3573#endif
3574#ifdef HAVE_SYS_POLL_H
3575#include <sys/poll.h>
3576#endif
3577]])
3578
3579AC_CHECK_TYPES([nfds_t], , , [
3580#include <sys/types.h>
3581#ifdef HAVE_POLL_H
3582#include <poll.h>
3583#endif
3584#ifdef HAVE_SYS_POLL_H
3585#include <sys/poll.h>
3586#endif
3587])
3588
3589# Decide which sandbox style to use
3590sandbox_arg=""
3591AC_ARG_WITH([sandbox],
3592	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3593	[
3594		if test "x$withval" = "xyes" ; then
3595			sandbox_arg=""
3596		else
3597			sandbox_arg="$withval"
3598		fi
3599	]
3600)
3601
3602if test "x$sandbox_arg" != "xno"; then
3603# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
3604# is greater than OPEN_MAX".  On some platforms that includes implementions
3605# of select in userspace on top of poll() so check both work with rlimit
3606# NOFILES so check that both work before enabling the rlimit sandbox.
3607    AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
3608    AC_RUN_IFELSE(
3609	[AC_LANG_PROGRAM([[
3610#include <sys/types.h>
3611#ifdef HAVE_SYS_TIME_H
3612# include <sys/time.h>
3613#endif
3614#include <sys/resource.h>
3615#ifdef HAVE_SYS_SELECT_H
3616# include <sys/select.h>
3617#endif
3618#ifdef HAVE_POLL_H
3619# include <poll.h>
3620#elif HAVE_SYS_POLL_H
3621# include <sys/poll.h>
3622#endif
3623#include <errno.h>
3624#include <fcntl.h>
3625#include <stdlib.h>
3626	]],[[
3627	struct rlimit rl_zero;
3628	int fd, r;
3629	fd_set fds;
3630	struct timeval tv;
3631#ifdef HAVE_POLL
3632	struct pollfd pfd;
3633#endif
3634
3635	fd = open("/dev/null", O_RDONLY);
3636	FD_ZERO(&fds);
3637	FD_SET(fd, &fds);
3638	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3639	setrlimit(RLIMIT_FSIZE, &rl_zero);
3640	setrlimit(RLIMIT_NOFILE, &rl_zero);
3641	tv.tv_sec = 1;
3642	tv.tv_usec = 0;
3643	r = select(fd+1, &fds, NULL, NULL, &tv);
3644	if (r == -1)
3645		exit(1);
3646#ifdef HAVE_POLL
3647	pfd.fd = fd;
3648	pfd.events = POLLIN;
3649	r = poll(&pfd, 1, 1);
3650	if (r == -1)
3651		exit(2);
3652#endif
3653	exit(0);
3654	]])],
3655	[AC_MSG_RESULT([yes])
3656	 select_works_with_rlimit=yes],
3657	[AC_MSG_RESULT([no])
3658	 select_works_with_rlimit=no],
3659	[AC_MSG_WARN([cross compiling: assuming no])
3660	 select_works_with_rlimit=no]
3661    )
3662
3663    AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3664    AC_RUN_IFELSE(
3665	[AC_LANG_PROGRAM([[
3666#include <sys/types.h>
3667#ifdef HAVE_SYS_TIME_H
3668# include <sys/time.h>
3669#endif
3670#include <sys/resource.h>
3671#include <errno.h>
3672#include <stdlib.h>
3673	]],[[
3674	struct rlimit rl_zero;
3675	int r;
3676
3677	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3678	r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3679	exit (r == -1 ? 1 : 0);
3680	]])],
3681	[AC_MSG_RESULT([yes])
3682	 rlimit_nofile_zero_works=yes],
3683	[AC_MSG_RESULT([no])
3684	 rlimit_nofile_zero_works=no],
3685	[AC_MSG_WARN([cross compiling: assuming yes])
3686	 rlimit_nofile_zero_works=yes]
3687    )
3688
3689    AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3690    AC_RUN_IFELSE(
3691	[AC_LANG_PROGRAM([[
3692#include <sys/types.h>
3693#include <sys/resource.h>
3694#include <stdlib.h>
3695	]],[[
3696		struct rlimit rl_zero;
3697
3698		rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3699		exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3700	]])],
3701	[AC_MSG_RESULT([yes])],
3702	[AC_MSG_RESULT([no])
3703	 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3704	    [setrlimit RLIMIT_FSIZE works])],
3705	[AC_MSG_WARN([cross compiling: assuming yes])]
3706    )
3707fi
3708
3709if test "x$sandbox_arg" = "xpledge" || \
3710   ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3711	test "x$ac_cv_func_pledge" != "xyes" && \
3712		AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3713	SANDBOX_STYLE="pledge"
3714	AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3715elif test "x$sandbox_arg" = "xsystrace" || \
3716   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3717	test "x$have_systr_policy_kill" != "x1" && \
3718		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3719	SANDBOX_STYLE="systrace"
3720	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3721elif test "x$sandbox_arg" = "xdarwin" || \
3722     ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3723       test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3724	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3725	     "x$ac_cv_header_sandbox_h" != "xyes" && \
3726		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3727	SANDBOX_STYLE="darwin"
3728	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3729elif test "x$sandbox_arg" = "xseccomp_filter" || \
3730     ( test -z "$sandbox_arg" && \
3731       test "x$have_seccomp_filter" = "x1" && \
3732       test "x$ac_cv_header_elf_h" = "xyes" && \
3733       test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3734       test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3735       test "x$seccomp_audit_arch" != "x" && \
3736       test "x$have_linux_no_new_privs" = "x1" && \
3737       test "x$ac_cv_func_prctl" = "xyes" ) ; then
3738	test "x$seccomp_audit_arch" = "x" && \
3739		AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3740	test "x$have_linux_no_new_privs" != "x1" && \
3741		AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3742	test "x$have_seccomp_filter" != "x1" && \
3743		AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3744	test "x$ac_cv_func_prctl" != "xyes" && \
3745		AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3746	SANDBOX_STYLE="seccomp_filter"
3747	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3748elif test "x$sandbox_arg" = "xcapsicum" || \
3749     ( test -z "$sandbox_arg" && \
3750       test "x$disable_capsicum" != "xyes" && \
3751       test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3752       test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3753       test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3754		AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3755       test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3756		AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3757       SANDBOX_STYLE="capsicum"
3758       AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3759elif test "x$sandbox_arg" = "xrlimit" || \
3760     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3761       test "x$select_works_with_rlimit" = "xyes" && \
3762       test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3763	test "x$ac_cv_func_setrlimit" != "xyes" && \
3764		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3765	test "x$select_works_with_rlimit" != "xyes" && \
3766		AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3767	SANDBOX_STYLE="rlimit"
3768	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3769elif test "x$sandbox_arg" = "xsolaris" || \
3770   ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3771	SANDBOX_STYLE="solaris"
3772	AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3773elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3774     test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3775	SANDBOX_STYLE="none"
3776	AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3777else
3778	AC_MSG_ERROR([unsupported --with-sandbox])
3779fi
3780
3781# Cheap hack to ensure NEWS-OS libraries are arranged right.
3782if test ! -z "$SONY" ; then
3783  LIBS="$LIBS -liberty";
3784fi
3785
3786# Check for long long datatypes
3787AC_CHECK_TYPES([long long, unsigned long long, long double])
3788
3789# Check datatype sizes
3790AC_CHECK_SIZEOF([short int])
3791AC_CHECK_SIZEOF([int])
3792AC_CHECK_SIZEOF([long int])
3793AC_CHECK_SIZEOF([long long int])
3794AC_CHECK_SIZEOF([time_t], [], [[
3795    #include <sys/types.h>
3796    #ifdef HAVE_SYS_TIME_H
3797    # include <sys/time.h>
3798    #endif
3799    #ifdef HAVE_TIME_H
3800    # include <time.h>
3801    #endif
3802	]]
3803)
3804
3805# Sanity check long long for some platforms (AIX)
3806if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3807	ac_cv_sizeof_long_long_int=0
3808fi
3809
3810# compute LLONG_MIN and LLONG_MAX if we don't know them.
3811if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3812	AC_MSG_CHECKING([for max value of long long])
3813	AC_RUN_IFELSE(
3814		[AC_LANG_PROGRAM([[
3815#include <stdio.h>
3816#include <stdlib.h>
3817/* Why is this so damn hard? */
3818#ifdef __GNUC__
3819# undef __GNUC__
3820#endif
3821#define __USE_ISOC99
3822#include <limits.h>
3823#define DATA "conftest.llminmax"
3824#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3825
3826/*
3827 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3828 * we do this the hard way.
3829 */
3830static int
3831fprint_ll(FILE *f, long long n)
3832{
3833	unsigned int i;
3834	int l[sizeof(long long) * 8];
3835
3836	if (n < 0)
3837		if (fprintf(f, "-") < 0)
3838			return -1;
3839	for (i = 0; n != 0; i++) {
3840		l[i] = my_abs(n % 10);
3841		n /= 10;
3842	}
3843	do {
3844		if (fprintf(f, "%d", l[--i]) < 0)
3845			return -1;
3846	} while (i != 0);
3847	if (fprintf(f, " ") < 0)
3848		return -1;
3849	return 0;
3850}
3851		]], [[
3852	FILE *f;
3853	long long i, llmin, llmax = 0;
3854
3855	if((f = fopen(DATA,"w")) == NULL)
3856		exit(1);
3857
3858#if defined(LLONG_MIN) && defined(LLONG_MAX)
3859	fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3860	llmin = LLONG_MIN;
3861	llmax = LLONG_MAX;
3862#else
3863	fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
3864	/* This will work on one's complement and two's complement */
3865	for (i = 1; i > llmax; i <<= 1, i++)
3866		llmax = i;
3867	llmin = llmax + 1LL;	/* wrap */
3868#endif
3869
3870	/* Sanity check */
3871	if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3872	    || llmax - 1 > llmax || llmin == llmax || llmin == 0
3873	    || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3874		fprintf(f, "unknown unknown\n");
3875		exit(2);
3876	}
3877
3878	if (fprint_ll(f, llmin) < 0)
3879		exit(3);
3880	if (fprint_ll(f, llmax) < 0)
3881		exit(4);
3882	if (fclose(f) < 0)
3883		exit(5);
3884	exit(0);
3885		]])],
3886		[
3887			llong_min=`$AWK '{print $1}' conftest.llminmax`
3888			llong_max=`$AWK '{print $2}' conftest.llminmax`
3889
3890			AC_MSG_RESULT([$llong_max])
3891			AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3892			    [max value of long long calculated by configure])
3893			AC_MSG_CHECKING([for min value of long long])
3894			AC_MSG_RESULT([$llong_min])
3895			AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3896			    [min value of long long calculated by configure])
3897		],
3898		[
3899			AC_MSG_RESULT([not found])
3900		],
3901		[
3902			AC_MSG_WARN([cross compiling: not checking])
3903		]
3904	)
3905fi
3906
3907AC_CHECK_DECLS([UINT32_MAX], , , [[
3908#ifdef HAVE_SYS_LIMITS_H
3909# include <sys/limits.h>
3910#endif
3911#ifdef HAVE_LIMITS_H
3912# include <limits.h>
3913#endif
3914#ifdef HAVE_STDINT_H
3915# include <stdint.h>
3916#endif
3917]])
3918
3919# More checks for data types
3920AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3921	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3922	[[ u_int a; a = 1;]])],
3923	[ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3924	])
3925])
3926if test "x$ac_cv_have_u_int" = "xyes" ; then
3927	AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3928	have_u_int=1
3929fi
3930
3931AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3932	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3933	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3934	[ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3935	])
3936])
3937if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3938	AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3939	have_intxx_t=1
3940fi
3941
3942if (test -z "$have_intxx_t" && \
3943	   test "x$ac_cv_header_stdint_h" = "xyes")
3944then
3945    AC_MSG_CHECKING([for intXX_t types in stdint.h])
3946	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3947	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3948		[
3949			AC_DEFINE([HAVE_INTXX_T])
3950			AC_MSG_RESULT([yes])
3951		], [ AC_MSG_RESULT([no])
3952	])
3953fi
3954
3955AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3956	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3957#include <sys/types.h>
3958#ifdef HAVE_STDINT_H
3959# include <stdint.h>
3960#endif
3961#include <sys/socket.h>
3962#ifdef HAVE_SYS_BITYPES_H
3963# include <sys/bitypes.h>
3964#endif
3965		]], [[
3966int64_t a; a = 1;
3967		]])],
3968	[ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3969	])
3970])
3971if test "x$ac_cv_have_int64_t" = "xyes" ; then
3972	AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3973fi
3974
3975AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3976	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3977	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3978	[ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3979	])
3980])
3981if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3982	AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3983	have_u_intxx_t=1
3984fi
3985
3986if test -z "$have_u_intxx_t" ; then
3987    AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3988	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3989	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3990		[
3991			AC_DEFINE([HAVE_U_INTXX_T])
3992			AC_MSG_RESULT([yes])
3993		], [ AC_MSG_RESULT([no])
3994	])
3995fi
3996
3997AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3998	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3999	[[ u_int64_t a; a = 1;]])],
4000	[ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
4001	])
4002])
4003if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
4004	AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
4005	have_u_int64_t=1
4006fi
4007
4008if (test -z "$have_u_int64_t" && \
4009	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4010then
4011    AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
4012	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
4013	[[ u_int64_t a; a = 1]])],
4014		[
4015			AC_DEFINE([HAVE_U_INT64_T])
4016			AC_MSG_RESULT([yes])
4017		], [ AC_MSG_RESULT([no])
4018	])
4019fi
4020
4021if test -z "$have_u_intxx_t" ; then
4022	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
4023		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4024#include <sys/types.h>
4025			]], [[
4026	uint8_t a;
4027	uint16_t b;
4028	uint32_t c;
4029	a = b = c = 1;
4030			]])],
4031		[ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
4032		])
4033	])
4034	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
4035		AC_DEFINE([HAVE_UINTXX_T], [1],
4036			[define if you have uintxx_t data type])
4037	fi
4038fi
4039
4040if (test -z "$have_uintxx_t" && \
4041	   test "x$ac_cv_header_stdint_h" = "xyes")
4042then
4043    AC_MSG_CHECKING([for uintXX_t types in stdint.h])
4044	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
4045	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4046		[
4047			AC_DEFINE([HAVE_UINTXX_T])
4048			AC_MSG_RESULT([yes])
4049		], [ AC_MSG_RESULT([no])
4050	])
4051fi
4052
4053if (test -z "$have_uintxx_t" && \
4054	   test "x$ac_cv_header_inttypes_h" = "xyes")
4055then
4056    AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
4057	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
4058	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4059		[
4060			AC_DEFINE([HAVE_UINTXX_T])
4061			AC_MSG_RESULT([yes])
4062		], [ AC_MSG_RESULT([no])
4063	])
4064fi
4065
4066if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4067	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4068then
4069	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
4070	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4071#include <sys/bitypes.h>
4072		]], [[
4073			int8_t a; int16_t b; int32_t c;
4074			u_int8_t e; u_int16_t f; u_int32_t g;
4075			a = b = c = e = f = g = 1;
4076		]])],
4077		[
4078			AC_DEFINE([HAVE_U_INTXX_T])
4079			AC_DEFINE([HAVE_INTXX_T])
4080			AC_MSG_RESULT([yes])
4081		], [AC_MSG_RESULT([no])
4082	])
4083fi
4084
4085
4086AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
4087	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4088	[[ u_char foo; foo = 125; ]])],
4089	[ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
4090	])
4091])
4092if test "x$ac_cv_have_u_char" = "xyes" ; then
4093	AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
4094fi
4095
4096AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
4097#include <sys/types.h>
4098#ifdef HAVE_STDINT_H
4099# include <stdint.h>
4100#endif
4101])
4102
4103TYPE_SOCKLEN_T
4104
4105AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
4106AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
4107#include <sys/types.h>
4108#ifdef HAVE_SYS_BITYPES_H
4109#include <sys/bitypes.h>
4110#endif
4111#ifdef HAVE_SYS_STATFS_H
4112#include <sys/statfs.h>
4113#endif
4114#ifdef HAVE_SYS_STATVFS_H
4115#include <sys/statvfs.h>
4116#endif
4117])
4118
4119AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
4120#include <sys/param.h>
4121#include <sys/types.h>
4122#ifdef HAVE_SYS_BITYPES_H
4123#include <sys/bitypes.h>
4124#endif
4125#ifdef HAVE_SYS_STATFS_H
4126#include <sys/statfs.h>
4127#endif
4128#ifdef HAVE_SYS_STATVFS_H
4129#include <sys/statvfs.h>
4130#endif
4131#ifdef HAVE_SYS_VFS_H
4132#include <sys/vfs.h>
4133#endif
4134#ifdef HAVE_SYS_MOUNT_H
4135#include <sys/mount.h>
4136#endif
4137]])
4138
4139
4140AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
4141[#include <sys/types.h>
4142#include <netinet/in.h>])
4143
4144AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
4145	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4146	[[ size_t foo; foo = 1235; ]])],
4147	[ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
4148	])
4149])
4150if test "x$ac_cv_have_size_t" = "xyes" ; then
4151	AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
4152fi
4153
4154AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
4155	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4156	[[ ssize_t foo; foo = 1235; ]])],
4157	[ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
4158	])
4159])
4160if test "x$ac_cv_have_ssize_t" = "xyes" ; then
4161	AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
4162fi
4163
4164AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
4165	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
4166	[[ clock_t foo; foo = 1235; ]])],
4167	[ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
4168	])
4169])
4170if test "x$ac_cv_have_clock_t" = "xyes" ; then
4171	AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
4172fi
4173
4174AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
4175	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4176#include <sys/types.h>
4177#include <sys/socket.h>
4178		]], [[ sa_family_t foo; foo = 1235; ]])],
4179	[ ac_cv_have_sa_family_t="yes" ],
4180	[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4181#include <sys/types.h>
4182#include <sys/socket.h>
4183#include <netinet/in.h>
4184		]], [[ sa_family_t foo; foo = 1235; ]])],
4185		[ ac_cv_have_sa_family_t="yes" ],
4186		[ ac_cv_have_sa_family_t="no" ]
4187	)
4188	])
4189])
4190if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
4191	AC_DEFINE([HAVE_SA_FAMILY_T], [1],
4192		[define if you have sa_family_t data type])
4193fi
4194
4195AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
4196	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4197	[[ pid_t foo; foo = 1235; ]])],
4198	[ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
4199	])
4200])
4201if test "x$ac_cv_have_pid_t" = "xyes" ; then
4202	AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
4203fi
4204
4205AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
4206	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4207	[[ mode_t foo; foo = 1235; ]])],
4208	[ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
4209	])
4210])
4211if test "x$ac_cv_have_mode_t" = "xyes" ; then
4212	AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
4213fi
4214
4215
4216AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
4217	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4218#include <sys/types.h>
4219#include <sys/socket.h>
4220		]], [[ struct sockaddr_storage s; ]])],
4221	[ ac_cv_have_struct_sockaddr_storage="yes" ],
4222	[ ac_cv_have_struct_sockaddr_storage="no"
4223	])
4224])
4225if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
4226	AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
4227		[define if you have struct sockaddr_storage data type])
4228fi
4229
4230AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
4231	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4232#include <sys/types.h>
4233#include <netinet/in.h>
4234		]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
4235	[ ac_cv_have_struct_sockaddr_in6="yes" ],
4236	[ ac_cv_have_struct_sockaddr_in6="no"
4237	])
4238])
4239if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
4240	AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
4241		[define if you have struct sockaddr_in6 data type])
4242fi
4243
4244AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4245	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4246#include <sys/types.h>
4247#include <netinet/in.h>
4248		]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4249	[ ac_cv_have_struct_in6_addr="yes" ],
4250	[ ac_cv_have_struct_in6_addr="no"
4251	])
4252])
4253if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4254	AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4255		[define if you have struct in6_addr data type])
4256
4257dnl Now check for sin6_scope_id
4258	AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4259		[
4260#ifdef HAVE_SYS_TYPES_H
4261#include <sys/types.h>
4262#endif
4263#include <netinet/in.h>
4264		])
4265fi
4266
4267AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4268	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4269#include <sys/types.h>
4270#include <sys/socket.h>
4271#include <netdb.h>
4272		]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4273	[ ac_cv_have_struct_addrinfo="yes" ],
4274	[ ac_cv_have_struct_addrinfo="no"
4275	])
4276])
4277if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4278	AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4279		[define if you have struct addrinfo data type])
4280fi
4281
4282AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4283	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4284	[[ struct timeval tv; tv.tv_sec = 1;]])],
4285	[ ac_cv_have_struct_timeval="yes" ],
4286	[ ac_cv_have_struct_timeval="no"
4287	])
4288])
4289if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4290	AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4291	have_struct_timeval=1
4292fi
4293
4294AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4295	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4296    #ifdef HAVE_SYS_TIME_H
4297    # include <sys/time.h>
4298    #endif
4299    #ifdef HAVE_TIME_H
4300    # include <time.h>
4301    #endif
4302	]],
4303	[[ struct timespec ts; ts.tv_sec = 1;]])],
4304	[ ac_cv_have_struct_timespec="yes" ],
4305	[ ac_cv_have_struct_timespec="no"
4306	])
4307])
4308if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4309	AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4310	have_struct_timespec=1
4311fi
4312
4313# We need int64_t or else certain parts of the compile will fail.
4314if test "x$ac_cv_have_int64_t" = "xno" && \
4315	test "x$ac_cv_sizeof_long_int" != "x8" && \
4316	test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4317	echo "OpenSSH requires int64_t support.  Contact your vendor or install"
4318	echo "an alternative compiler (I.E., GCC) before continuing."
4319	echo ""
4320	exit 1;
4321else
4322dnl test snprintf (broken on SCO w/gcc)
4323	AC_RUN_IFELSE(
4324		[AC_LANG_SOURCE([[
4325#include <stdio.h>
4326#include <stdlib.h>
4327#include <string.h>
4328#ifdef HAVE_SNPRINTF
4329int main(void)
4330{
4331	char buf[50];
4332	char expected_out[50];
4333	int mazsize = 50 ;
4334#if (SIZEOF_LONG_INT == 8)
4335	long int num = 0x7fffffffffffffff;
4336#else
4337	long long num = 0x7fffffffffffffffll;
4338#endif
4339	strcpy(expected_out, "9223372036854775807");
4340	snprintf(buf, mazsize, "%lld", num);
4341	if(strcmp(buf, expected_out) != 0)
4342		exit(1);
4343	exit(0);
4344}
4345#else
4346int main(void) { exit(0); }
4347#endif
4348		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4349		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4350	)
4351fi
4352
4353dnl Checks for structure members
4354OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4355OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4356OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4357OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4358OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4359OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4360OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4361OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4362OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4363OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4364OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4365OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4366OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4367OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4368OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4369OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4370OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4371OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
4372
4373AC_CHECK_MEMBERS([struct stat.st_blksize])
4374AC_CHECK_MEMBERS([struct stat.st_mtim])
4375AC_CHECK_MEMBERS([struct stat.st_mtime])
4376AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4377struct passwd.pw_change, struct passwd.pw_expire],
4378[], [], [[
4379#include <sys/types.h>
4380#include <pwd.h>
4381]])
4382
4383AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4384	[Define if we don't have struct __res_state in resolv.h])],
4385[[
4386#include <stdio.h>
4387#if HAVE_SYS_TYPES_H
4388# include <sys/types.h>
4389#endif
4390#include <netinet/in.h>
4391#include <arpa/nameser.h>
4392#include <resolv.h>
4393]])
4394
4395AC_CHECK_MEMBER([struct sockaddr_in.sin_len],
4396    [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])],
4397    [],
4398    [AC_LANG_SOURCE([[
4399#include <sys/types.h>
4400#include <sys/socket.h>
4401#include <netinet/in.h>
4402    ]])]
4403)
4404
4405AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4406		ac_cv_have_ss_family_in_struct_ss, [
4407	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4408#include <sys/types.h>
4409#include <sys/socket.h>
4410		]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4411	[ ac_cv_have_ss_family_in_struct_ss="yes" ],
4412	[ ac_cv_have_ss_family_in_struct_ss="no" ])
4413])
4414if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4415	AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4416fi
4417
4418AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4419		ac_cv_have___ss_family_in_struct_ss, [
4420	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4421#include <sys/types.h>
4422#include <sys/socket.h>
4423		]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4424	[ ac_cv_have___ss_family_in_struct_ss="yes" ],
4425	[ ac_cv_have___ss_family_in_struct_ss="no"
4426	])
4427])
4428if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4429	AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4430		[Fields in struct sockaddr_storage])
4431fi
4432
4433dnl make sure we're using the real structure members and not defines
4434AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4435		ac_cv_have_accrights_in_msghdr, [
4436	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4437#include <sys/types.h>
4438#include <sys/socket.h>
4439#include <sys/uio.h>
4440#include <stdlib.h>
4441		]], [[
4442#ifdef msg_accrights
4443#error "msg_accrights is a macro"
4444exit(1);
4445#endif
4446struct msghdr m;
4447m.msg_accrights = 0;
4448exit(0);
4449		]])],
4450		[ ac_cv_have_accrights_in_msghdr="yes" ],
4451		[ ac_cv_have_accrights_in_msghdr="no" ]
4452	)
4453])
4454if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4455	AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4456		[Define if your system uses access rights style
4457		file descriptor passing])
4458fi
4459
4460AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4461AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4462#include <sys/param.h>
4463#include <sys/stat.h>
4464#ifdef HAVE_SYS_TIME_H
4465# include <sys/time.h>
4466#endif
4467#ifdef HAVE_SYS_MOUNT_H
4468#include <sys/mount.h>
4469#endif
4470#ifdef HAVE_SYS_STATVFS_H
4471#include <sys/statvfs.h>
4472#endif
4473	]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4474	[ AC_MSG_RESULT([yes]) ],
4475	[ AC_MSG_RESULT([no])
4476
4477	AC_MSG_CHECKING([if fsid_t has member val])
4478	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4479#include <sys/types.h>
4480#include <sys/statvfs.h>
4481	]], [[ fsid_t t; t.val[0] = 0; ]])],
4482	[ AC_MSG_RESULT([yes])
4483	  AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4484	[ AC_MSG_RESULT([no]) ])
4485
4486	AC_MSG_CHECKING([if f_fsid has member __val])
4487	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4488#include <sys/types.h>
4489#include <sys/statvfs.h>
4490	]], [[ fsid_t t; t.__val[0] = 0; ]])],
4491	[ AC_MSG_RESULT([yes])
4492	  AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4493	[ AC_MSG_RESULT([no]) ])
4494])
4495
4496AC_CACHE_CHECK([for msg_control field in struct msghdr],
4497		ac_cv_have_control_in_msghdr, [
4498	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4499#include <sys/types.h>
4500#include <sys/socket.h>
4501#include <sys/uio.h>
4502#include <stdlib.h>
4503		]], [[
4504#ifdef msg_control
4505#error "msg_control is a macro"
4506exit(1);
4507#endif
4508struct msghdr m;
4509m.msg_control = 0;
4510exit(0);
4511		]])],
4512		[ ac_cv_have_control_in_msghdr="yes" ],
4513		[ ac_cv_have_control_in_msghdr="no" ]
4514	)
4515])
4516if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4517	AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4518		[Define if your system uses ancillary data style
4519		file descriptor passing])
4520fi
4521
4522AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4523	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4524		[[ extern char *__progname; printf("%s", __progname); ]])],
4525	[ ac_cv_libc_defines___progname="yes" ],
4526	[ ac_cv_libc_defines___progname="no"
4527	])
4528])
4529if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4530	AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4531fi
4532
4533AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4534	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4535		[[ printf("%s", __FUNCTION__); ]])],
4536	[ ac_cv_cc_implements___FUNCTION__="yes" ],
4537	[ ac_cv_cc_implements___FUNCTION__="no"
4538	])
4539])
4540if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4541	AC_DEFINE([HAVE___FUNCTION__], [1],
4542		[Define if compiler implements __FUNCTION__])
4543fi
4544
4545AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4546	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4547		[[ printf("%s", __func__); ]])],
4548	[ ac_cv_cc_implements___func__="yes" ],
4549	[ ac_cv_cc_implements___func__="no"
4550	])
4551])
4552if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4553	AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4554fi
4555
4556AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4557	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4558#include <stdarg.h>
4559va_list x,y;
4560		]], [[ va_copy(x,y); ]])],
4561	[ ac_cv_have_va_copy="yes" ],
4562	[ ac_cv_have_va_copy="no"
4563	])
4564])
4565if test "x$ac_cv_have_va_copy" = "xyes" ; then
4566	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4567fi
4568
4569AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4570	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4571#include <stdarg.h>
4572va_list x,y;
4573		]], [[ __va_copy(x,y); ]])],
4574	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4575	])
4576])
4577if test "x$ac_cv_have___va_copy" = "xyes" ; then
4578	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4579fi
4580
4581AC_CACHE_CHECK([whether getopt has optreset support],
4582		ac_cv_have_getopt_optreset, [
4583	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4584		[[ extern int optreset; optreset = 0; ]])],
4585	[ ac_cv_have_getopt_optreset="yes" ],
4586	[ ac_cv_have_getopt_optreset="no"
4587	])
4588])
4589if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4590	AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4591		[Define if your getopt(3) defines and uses optreset])
4592fi
4593
4594AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4595	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4596[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4597	[ ac_cv_libc_defines_sys_errlist="yes" ],
4598	[ ac_cv_libc_defines_sys_errlist="no"
4599	])
4600])
4601if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4602	AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4603		[Define if your system defines sys_errlist[]])
4604fi
4605
4606
4607AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4608	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4609[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4610	[ ac_cv_libc_defines_sys_nerr="yes" ],
4611	[ ac_cv_libc_defines_sys_nerr="no"
4612	])
4613])
4614if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4615	AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4616fi
4617
4618# Check libraries needed by DNS fingerprint support
4619AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4620	[AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4621		[Define if getrrsetbyname() exists])],
4622	[
4623		# Needed by our getrrsetbyname()
4624		AC_SEARCH_LIBS([res_query], [resolv])
4625		AC_SEARCH_LIBS([dn_expand], [resolv])
4626		AC_MSG_CHECKING([if res_query will link])
4627		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4628#include <sys/types.h>
4629#include <netinet/in.h>
4630#include <arpa/nameser.h>
4631#include <netdb.h>
4632#include <resolv.h>
4633				]], [[
4634	res_query (0, 0, 0, 0, 0);
4635				]])],
4636		    AC_MSG_RESULT([yes]),
4637		   [AC_MSG_RESULT([no])
4638		    saved_LIBS="$LIBS"
4639		    LIBS="$LIBS -lresolv"
4640		    AC_MSG_CHECKING([for res_query in -lresolv])
4641		    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4642#include <sys/types.h>
4643#include <netinet/in.h>
4644#include <arpa/nameser.h>
4645#include <netdb.h>
4646#include <resolv.h>
4647				]], [[
4648	res_query (0, 0, 0, 0, 0);
4649				]])],
4650			[AC_MSG_RESULT([yes])],
4651			[LIBS="$saved_LIBS"
4652			 AC_MSG_RESULT([no])])
4653		    ])
4654		AC_CHECK_FUNCS([_getshort _getlong])
4655		AC_CHECK_DECLS([_getshort, _getlong], , ,
4656		    [#include <sys/types.h>
4657		    #include <arpa/nameser.h>])
4658		AC_CHECK_MEMBER([HEADER.ad],
4659			[AC_DEFINE([HAVE_HEADER_AD], [1],
4660			    [Define if HEADER.ad exists in arpa/nameser.h])], ,
4661			[#include <arpa/nameser.h>])
4662	])
4663
4664AC_MSG_CHECKING([if struct __res_state _res is an extern])
4665AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4666#include <stdio.h>
4667#if HAVE_SYS_TYPES_H
4668# include <sys/types.h>
4669#endif
4670#include <netinet/in.h>
4671#include <arpa/nameser.h>
4672#include <resolv.h>
4673extern struct __res_state _res;
4674		]], [[
4675struct __res_state *volatile p = &_res;  /* force resolution of _res */
4676return 0;
4677		]],)],
4678		[AC_MSG_RESULT([yes])
4679		 AC_DEFINE([HAVE__RES_EXTERN], [1],
4680		    [Define if you have struct __res_state _res as an extern])
4681		],
4682		[ AC_MSG_RESULT([no]) ]
4683)
4684
4685# Check whether user wants SELinux support
4686SELINUX_MSG="no"
4687LIBSELINUX=""
4688AC_ARG_WITH([selinux],
4689	[  --with-selinux          Enable SELinux support],
4690	[ if test "x$withval" != "xno" ; then
4691		save_LIBS="$LIBS"
4692		AC_DEFINE([WITH_SELINUX], [1],
4693			[Define if you want SELinux support.])
4694		SELINUX_MSG="yes"
4695		AC_CHECK_HEADER([selinux/selinux.h], ,
4696			AC_MSG_ERROR([SELinux support requires selinux.h header]))
4697		AC_CHECK_LIB([selinux], [setexeccon],
4698			[ LIBSELINUX="-lselinux"
4699			  LIBS="$LIBS -lselinux"
4700			],
4701			AC_MSG_ERROR([SELinux support requires libselinux library]))
4702		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4703		LIBS="$save_LIBS $LIBSELINUX"
4704	fi ]
4705)
4706AC_SUBST([SSHDLIBS])
4707
4708# Check whether user wants Kerberos 5 support
4709KRB5_MSG="no"
4710AC_ARG_WITH([kerberos5],
4711	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
4712	[ if test "x$withval" != "xno" ; then
4713		if test "x$withval" = "xyes" ; then
4714			KRB5ROOT="/usr/local"
4715		else
4716			KRB5ROOT=${withval}
4717		fi
4718
4719		AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4720		KRB5_MSG="yes"
4721
4722		use_pkgconfig_for_krb5=
4723		if test "x$PKGCONFIG" != "xno"; then
4724			AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
4725			if "$PKGCONFIG" krb5; then
4726				AC_MSG_RESULT([yes])
4727				use_pkgconfig_for_krb5=yes
4728			else
4729				AC_MSG_RESULT([no])
4730			fi
4731		fi
4732		if test "x$use_pkgconfig_for_krb5" = "xyes"; then
4733			K5CFLAGS=`$PKGCONFIG --cflags krb5`
4734			K5LIBS=`$PKGCONFIG --libs krb5`
4735			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4736
4737			AC_MSG_CHECKING([for gssapi support])
4738			if "$PKGCONFIG" krb5-gssapi; then
4739				AC_MSG_RESULT([yes])
4740				AC_DEFINE([GSSAPI], [1],
4741					[Define this if you want GSSAPI
4742					support in the version 2 protocol])
4743				GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4744				GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4745				CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4746			else
4747				AC_MSG_RESULT([no])
4748			fi
4749			AC_MSG_CHECKING([whether we are using Heimdal])
4750			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4751				]], [[ char *tmp = heimdal_version; ]])],
4752				[ AC_MSG_RESULT([yes])
4753				AC_DEFINE([HEIMDAL], [1],
4754				[Define this if you are using the Heimdal
4755				version of Kerberos V5]) ],
4756				[AC_MSG_RESULT([no])
4757			])
4758		else
4759			AC_PATH_TOOL([KRB5CONF], [krb5-config],
4760				     [$KRB5ROOT/bin/krb5-config],
4761				     [$KRB5ROOT/bin:$PATH])
4762			if test -x $KRB5CONF ; then
4763				K5CFLAGS="`$KRB5CONF --cflags`"
4764				K5LIBS="`$KRB5CONF --libs`"
4765				CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4766
4767				AC_MSG_CHECKING([for gssapi support])
4768				if $KRB5CONF | grep gssapi >/dev/null ; then
4769					AC_MSG_RESULT([yes])
4770					AC_DEFINE([GSSAPI], [1],
4771						[Define this if you want GSSAPI
4772						support in the version 2 protocol])
4773					GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4774					GSSLIBS="`$KRB5CONF --libs gssapi`"
4775					CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4776				else
4777					AC_MSG_RESULT([no])
4778				fi
4779				AC_MSG_CHECKING([whether we are using Heimdal])
4780				AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4781					]], [[ char *tmp = heimdal_version; ]])],
4782					[ AC_MSG_RESULT([yes])
4783					AC_DEFINE([HEIMDAL], [1],
4784					[Define this if you are using the Heimdal
4785					version of Kerberos V5]) ],
4786					[AC_MSG_RESULT([no])
4787				])
4788			else
4789				CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4790				LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4791				AC_MSG_CHECKING([whether we are using Heimdal])
4792				AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4793					]], [[ char *tmp = heimdal_version; ]])],
4794						[ AC_MSG_RESULT([yes])
4795						 AC_DEFINE([HEIMDAL])
4796						 K5LIBS="-lkrb5"
4797						 K5LIBS="$K5LIBS -lcom_err -lasn1"
4798						 AC_CHECK_LIB([roken], [net_write],
4799						   [K5LIBS="$K5LIBS -lroken"])
4800						 AC_CHECK_LIB([des], [des_cbc_encrypt],
4801						   [K5LIBS="$K5LIBS -ldes"])
4802					       ], [ AC_MSG_RESULT([no])
4803						 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4804				])
4805				AC_SEARCH_LIBS([dn_expand], [resolv])
4806
4807				AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4808					[ AC_DEFINE([GSSAPI])
4809					  GSSLIBS="-lgssapi_krb5" ],
4810					[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4811						[ AC_DEFINE([GSSAPI])
4812						  GSSLIBS="-lgssapi" ],
4813						[ AC_CHECK_LIB([gss], [gss_init_sec_context],
4814							[ AC_DEFINE([GSSAPI])
4815							  GSSLIBS="-lgss" ],
4816							AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4817						])
4818					])
4819
4820				AC_CHECK_HEADER([gssapi.h], ,
4821					[ unset ac_cv_header_gssapi_h
4822					  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4823					  AC_CHECK_HEADERS([gssapi.h], ,
4824						AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4825					  )
4826					]
4827				)
4828
4829				oldCPP="$CPPFLAGS"
4830				CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4831				AC_CHECK_HEADER([gssapi_krb5.h], ,
4832						[ CPPFLAGS="$oldCPP" ])
4833
4834			fi
4835		fi
4836		if test -n "${rpath_opt}" ; then
4837			LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
4838		fi
4839		if test ! -z "$blibpath" ; then
4840			blibpath="$blibpath:${KRB5ROOT}/lib"
4841		fi
4842
4843		AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4844		AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4845		AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4846
4847		AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4848			[Define this if you want to use libkafs' AFS support])])
4849
4850		AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4851#ifdef HAVE_GSSAPI_H
4852# include <gssapi.h>
4853#elif defined(HAVE_GSSAPI_GSSAPI_H)
4854# include <gssapi/gssapi.h>
4855#endif
4856
4857#ifdef HAVE_GSSAPI_GENERIC_H
4858# include <gssapi_generic.h>
4859#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4860# include <gssapi/gssapi_generic.h>
4861#endif
4862		]])
4863		saved_LIBS="$LIBS"
4864		LIBS="$LIBS $K5LIBS"
4865		AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4866		LIBS="$saved_LIBS"
4867
4868	fi
4869	]
4870)
4871AC_SUBST([GSSLIBS])
4872AC_SUBST([K5LIBS])
4873AC_SUBST([CHANNELLIBS])
4874
4875# Looking for programs, paths and files
4876
4877PRIVSEP_PATH=/var/empty
4878AC_ARG_WITH([privsep-path],
4879	[  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4880	[
4881		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4882		    test "x${withval}" != "xyes"; then
4883			PRIVSEP_PATH=$withval
4884		fi
4885	]
4886)
4887AC_SUBST([PRIVSEP_PATH])
4888
4889AC_ARG_WITH([xauth],
4890	[  --with-xauth=PATH       Specify path to xauth program ],
4891	[
4892		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4893		    test "x${withval}" != "xyes"; then
4894			xauth_path=$withval
4895		fi
4896	],
4897	[
4898		TestPath="$PATH"
4899		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4900		TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4901		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4902		TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4903		AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4904		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4905			xauth_path="/usr/openwin/bin/xauth"
4906		fi
4907	]
4908)
4909
4910STRIP_OPT=-s
4911AC_ARG_ENABLE([strip],
4912	[  --disable-strip         Disable calling strip(1) on install],
4913	[
4914		if test "x$enableval" = "xno" ; then
4915			STRIP_OPT=
4916		fi
4917	]
4918)
4919AC_SUBST([STRIP_OPT])
4920
4921if test -z "$xauth_path" ; then
4922	XAUTH_PATH="undefined"
4923	AC_SUBST([XAUTH_PATH])
4924else
4925	AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4926		[Define if xauth is found in your path])
4927	XAUTH_PATH=$xauth_path
4928	AC_SUBST([XAUTH_PATH])
4929fi
4930
4931dnl # --with-maildir=/path/to/mail gets top priority.
4932dnl # if maildir is set in the platform case statement above we use that.
4933dnl # Otherwise we run a program to get the dir from system headers.
4934dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4935dnl # If we find _PATH_MAILDIR we do nothing because that is what
4936dnl # session.c expects anyway. Otherwise we set to the value found
4937dnl # stripping any trailing slash. If for some strage reason our program
4938dnl # does not find what it needs, we default to /var/spool/mail.
4939# Check for mail directory
4940AC_ARG_WITH([maildir],
4941    [  --with-maildir=/path/to/mail    Specify your system mail directory],
4942    [
4943	if test "X$withval" != X  &&  test "x$withval" != xno  &&  \
4944	    test "x${withval}" != xyes; then
4945		AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4946            [Set this to your mail directory if you do not have _PATH_MAILDIR])
4947	    fi
4948     ],[
4949	if test "X$maildir" != "X"; then
4950	    AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4951	else
4952	    AC_MSG_CHECKING([Discovering system mail directory])
4953	    AC_RUN_IFELSE(
4954		[AC_LANG_PROGRAM([[
4955#include <stdio.h>
4956#include <stdlib.h>
4957#include <string.h>
4958#ifdef HAVE_PATHS_H
4959#include <paths.h>
4960#endif
4961#ifdef HAVE_MAILLOCK_H
4962#include <maillock.h>
4963#endif
4964#define DATA "conftest.maildir"
4965	]], [[
4966	FILE *fd;
4967	int rc;
4968
4969	fd = fopen(DATA,"w");
4970	if(fd == NULL)
4971		exit(1);
4972
4973#if defined (_PATH_MAILDIR)
4974	if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4975		exit(1);
4976#elif defined (MAILDIR)
4977	if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4978		exit(1);
4979#elif defined (_PATH_MAIL)
4980	if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4981		exit(1);
4982#else
4983	exit (2);
4984#endif
4985
4986	exit(0);
4987		]])],
4988		[
4989		    maildir_what=`awk -F: '{print $1}' conftest.maildir`
4990		    maildir=`awk -F: '{print $2}' conftest.maildir \
4991			| sed 's|/$||'`
4992		    AC_MSG_RESULT([Using: $maildir from $maildir_what])
4993		    if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4994			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4995		    fi
4996		],
4997		[
4998		    if test "X$ac_status" = "X2";then
4999# our test program didn't find it. Default to /var/spool/mail
5000			AC_MSG_RESULT([Using: default value of /var/spool/mail])
5001			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
5002		     else
5003			AC_MSG_RESULT([*** not found ***])
5004		     fi
5005		],
5006		[
5007			AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5008		]
5009	    )
5010	fi
5011    ]
5012) # maildir
5013
5014if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5015	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5016	disable_ptmx_check=yes
5017fi
5018if test -z "$no_dev_ptmx" ; then
5019	if test "x$disable_ptmx_check" != "xyes" ; then
5020		AC_CHECK_FILE(["/dev/ptmx"],
5021			[
5022				AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
5023					[Define if you have /dev/ptmx])
5024				have_dev_ptmx=1
5025			]
5026		)
5027	fi
5028fi
5029
5030if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5031	AC_CHECK_FILE(["/dev/ptc"],
5032		[
5033			AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
5034				[Define if you have /dev/ptc])
5035			have_dev_ptc=1
5036		]
5037	)
5038else
5039	AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5040fi
5041
5042# Options from here on. Some of these are preset by platform above
5043AC_ARG_WITH([mantype],
5044	[  --with-mantype=man|cat|doc  Set man page type],
5045	[
5046		case "$withval" in
5047		man|cat|doc)
5048			MANTYPE=$withval
5049			;;
5050		*)
5051			AC_MSG_ERROR([invalid man type: $withval])
5052			;;
5053		esac
5054	]
5055)
5056if test -z "$MANTYPE"; then
5057	if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5058		MANTYPE=doc
5059	elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5060		MANTYPE=doc
5061	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5062		MANTYPE=man
5063	else
5064		MANTYPE=cat
5065	fi
5066fi
5067AC_SUBST([MANTYPE])
5068if test "$MANTYPE" = "doc"; then
5069	mansubdir=man;
5070else
5071	mansubdir=$MANTYPE;
5072fi
5073AC_SUBST([mansubdir])
5074
5075# Whether to disable shadow password support
5076AC_ARG_WITH([shadow],
5077	[  --without-shadow        Disable shadow password support],
5078	[
5079		if test "x$withval" = "xno" ; then
5080			AC_DEFINE([DISABLE_SHADOW])
5081			disable_shadow=yes
5082		fi
5083	]
5084)
5085
5086if test -z "$disable_shadow" ; then
5087	AC_MSG_CHECKING([if the systems has expire shadow information])
5088	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5089#include <sys/types.h>
5090#include <shadow.h>
5091struct spwd sp;
5092		]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
5093		[ sp_expire_available=yes ], [
5094	])
5095
5096	if test "x$sp_expire_available" = "xyes" ; then
5097		AC_MSG_RESULT([yes])
5098		AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
5099		    [Define if you want to use shadow password expire field])
5100	else
5101		AC_MSG_RESULT([no])
5102	fi
5103fi
5104
5105# Use ip address instead of hostname in $DISPLAY
5106if test ! -z "$IPADDR_IN_DISPLAY" ; then
5107	DISPLAY_HACK_MSG="yes"
5108	AC_DEFINE([IPADDR_IN_DISPLAY], [1],
5109		[Define if you need to use IP address
5110		instead of hostname in $DISPLAY])
5111else
5112	DISPLAY_HACK_MSG="no"
5113	AC_ARG_WITH([ipaddr-display],
5114		[  --with-ipaddr-display   Use ip address instead of hostname in $DISPLAY],
5115		[
5116			if test "x$withval" != "xno" ; then
5117				AC_DEFINE([IPADDR_IN_DISPLAY])
5118				DISPLAY_HACK_MSG="yes"
5119			fi
5120		]
5121	)
5122fi
5123
5124# check for /etc/default/login and use it if present.
5125AC_ARG_ENABLE([etc-default-login],
5126	[  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5127	[ if test "x$enableval" = "xno"; then
5128		AC_MSG_NOTICE([/etc/default/login handling disabled])
5129		etc_default_login=no
5130	  else
5131		etc_default_login=yes
5132	  fi ],
5133	[ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5134	  then
5135		AC_MSG_WARN([cross compiling: not checking /etc/default/login])
5136		etc_default_login=no
5137	  else
5138		etc_default_login=yes
5139	  fi ]
5140)
5141
5142if test "x$etc_default_login" != "xno"; then
5143	AC_CHECK_FILE(["/etc/default/login"],
5144	    [ external_path_file=/etc/default/login ])
5145	if test "x$external_path_file" = "x/etc/default/login"; then
5146		AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
5147			[Define if your system has /etc/default/login])
5148	fi
5149fi
5150
5151dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5152if test $ac_cv_func_login_getcapbool = "yes" && \
5153	test $ac_cv_header_login_cap_h = "yes" ; then
5154	external_path_file=/etc/login.conf
5155fi
5156
5157# Whether to mess with the default path
5158SERVER_PATH_MSG="(default)"
5159AC_ARG_WITH([default-path],
5160	[  --with-default-path=    Specify default $PATH environment for server],
5161	[
5162		if test "x$external_path_file" = "x/etc/login.conf" ; then
5163			AC_MSG_WARN([
5164--with-default-path=PATH has no effect on this system.
5165Edit /etc/login.conf instead.])
5166		elif test "x$withval" != "xno" ; then
5167			if test ! -z "$external_path_file" ; then
5168				AC_MSG_WARN([
5169--with-default-path=PATH will only be used if PATH is not defined in
5170$external_path_file .])
5171			fi
5172			user_path="$withval"
5173			SERVER_PATH_MSG="$withval"
5174		fi
5175	],
5176	[ if test "x$external_path_file" = "x/etc/login.conf" ; then
5177		AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
5178	else
5179		if test ! -z "$external_path_file" ; then
5180			AC_MSG_WARN([
5181If PATH is defined in $external_path_file, ensure the path to scp is included,
5182otherwise scp will not work.])
5183		fi
5184		AC_RUN_IFELSE(
5185			[AC_LANG_PROGRAM([[
5186/* find out what STDPATH is */
5187#include <stdio.h>
5188#include <stdlib.h>
5189#ifdef HAVE_PATHS_H
5190# include <paths.h>
5191#endif
5192#ifndef _PATH_STDPATH
5193# ifdef _PATH_USERPATH	/* Irix */
5194#  define _PATH_STDPATH _PATH_USERPATH
5195# else
5196#  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
5197# endif
5198#endif
5199#include <sys/types.h>
5200#include <sys/stat.h>
5201#include <fcntl.h>
5202#define DATA "conftest.stdpath"
5203			]], [[
5204	FILE *fd;
5205	int rc;
5206
5207	fd = fopen(DATA,"w");
5208	if(fd == NULL)
5209		exit(1);
5210
5211	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
5212		exit(1);
5213
5214	exit(0);
5215		]])],
5216		[ user_path=`cat conftest.stdpath` ],
5217		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
5218		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
5219	)
5220# make sure $bindir is in USER_PATH so scp will work
5221		t_bindir="${bindir}"
5222		while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5223			t_bindir=`eval echo ${t_bindir}`
5224			case $t_bindir in
5225				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
5226			esac
5227			case $t_bindir in
5228				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
5229			esac
5230		done
5231		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
5232		if test $? -ne 0  ; then
5233			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
5234			if test $? -ne 0  ; then
5235				user_path=$user_path:$t_bindir
5236				AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
5237			fi
5238		fi
5239	fi ]
5240)
5241if test "x$external_path_file" != "x/etc/login.conf" ; then
5242	AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
5243	AC_SUBST([user_path])
5244fi
5245
5246# Set superuser path separately to user path
5247AC_ARG_WITH([superuser-path],
5248	[  --with-superuser-path=  Specify different path for super-user],
5249	[
5250		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
5251		    test "x${withval}" != "xyes"; then
5252			AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
5253				[Define if you want a different $PATH
5254				for the superuser])
5255			superuser_path=$withval
5256		fi
5257	]
5258)
5259
5260
5261AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5262IPV4_IN6_HACK_MSG="no"
5263AC_ARG_WITH(4in6,
5264	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
5265	[
5266		if test "x$withval" != "xno" ; then
5267			AC_MSG_RESULT([yes])
5268			AC_DEFINE([IPV4_IN_IPV6], [1],
5269				[Detect IPv4 in IPv6 mapped addresses
5270				and treat as IPv4])
5271			IPV4_IN6_HACK_MSG="yes"
5272		else
5273			AC_MSG_RESULT([no])
5274		fi
5275	], [
5276		if test "x$inet6_default_4in6" = "xyes"; then
5277			AC_MSG_RESULT([yes (default)])
5278			AC_DEFINE([IPV4_IN_IPV6])
5279			IPV4_IN6_HACK_MSG="yes"
5280		else
5281			AC_MSG_RESULT([no (default)])
5282		fi
5283	]
5284)
5285
5286# Whether to enable BSD auth support
5287BSD_AUTH_MSG=no
5288AC_ARG_WITH([bsd-auth],
5289	[  --with-bsd-auth         Enable BSD auth support],
5290	[
5291		if test "x$withval" != "xno" ; then
5292			AC_DEFINE([BSD_AUTH], [1],
5293				[Define if you have BSD auth support])
5294			BSD_AUTH_MSG=yes
5295		fi
5296	]
5297)
5298
5299# Where to place sshd.pid
5300piddir=/var/run
5301# make sure the directory exists
5302if test ! -d $piddir ; then
5303	piddir=`eval echo ${sysconfdir}`
5304	case $piddir in
5305		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5306	esac
5307fi
5308
5309AC_ARG_WITH([pid-dir],
5310	[  --with-pid-dir=PATH     Specify location of sshd.pid file],
5311	[
5312		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
5313		    test "x${withval}" != "xyes"; then
5314			piddir=$withval
5315			if test ! -d $piddir ; then
5316			AC_MSG_WARN([** no $piddir directory on this system **])
5317			fi
5318		fi
5319	]
5320)
5321
5322AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5323	[Specify location of ssh.pid])
5324AC_SUBST([piddir])
5325
5326dnl allow user to disable some login recording features
5327AC_ARG_ENABLE([lastlog],
5328	[  --disable-lastlog       disable use of lastlog even if detected [no]],
5329	[
5330		if test "x$enableval" = "xno" ; then
5331			AC_DEFINE([DISABLE_LASTLOG])
5332		fi
5333	]
5334)
5335AC_ARG_ENABLE([utmp],
5336	[  --disable-utmp          disable use of utmp even if detected [no]],
5337	[
5338		if test "x$enableval" = "xno" ; then
5339			AC_DEFINE([DISABLE_UTMP])
5340		fi
5341	]
5342)
5343AC_ARG_ENABLE([utmpx],
5344	[  --disable-utmpx         disable use of utmpx even if detected [no]],
5345	[
5346		if test "x$enableval" = "xno" ; then
5347			AC_DEFINE([DISABLE_UTMPX], [1],
5348				[Define if you don't want to use utmpx])
5349		fi
5350	]
5351)
5352AC_ARG_ENABLE([wtmp],
5353	[  --disable-wtmp          disable use of wtmp even if detected [no]],
5354	[
5355		if test "x$enableval" = "xno" ; then
5356			AC_DEFINE([DISABLE_WTMP])
5357		fi
5358	]
5359)
5360AC_ARG_ENABLE([wtmpx],
5361	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
5362	[
5363		if test "x$enableval" = "xno" ; then
5364			AC_DEFINE([DISABLE_WTMPX], [1],
5365				[Define if you don't want to use wtmpx])
5366		fi
5367	]
5368)
5369AC_ARG_ENABLE([libutil],
5370	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
5371	[
5372		if test "x$enableval" = "xno" ; then
5373			AC_DEFINE([DISABLE_LOGIN])
5374		fi
5375	]
5376)
5377AC_ARG_ENABLE([pututline],
5378	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
5379	[
5380		if test "x$enableval" = "xno" ; then
5381			AC_DEFINE([DISABLE_PUTUTLINE], [1],
5382				[Define if you don't want to use pututline()
5383				etc. to write [uw]tmp])
5384		fi
5385	]
5386)
5387AC_ARG_ENABLE([pututxline],
5388	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
5389	[
5390		if test "x$enableval" = "xno" ; then
5391			AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5392				[Define if you don't want to use pututxline()
5393				etc. to write [uw]tmpx])
5394		fi
5395	]
5396)
5397AC_ARG_WITH([lastlog],
5398  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5399	[
5400		if test "x$withval" = "xno" ; then
5401			AC_DEFINE([DISABLE_LASTLOG])
5402		elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
5403			conf_lastlog_location=$withval
5404		fi
5405	]
5406)
5407
5408dnl lastlog, [uw]tmpx? detection
5409dnl  NOTE: set the paths in the platform section to avoid the
5410dnl   need for command-line parameters
5411dnl lastlog and [uw]tmp are subject to a file search if all else fails
5412
5413dnl lastlog detection
5414dnl  NOTE: the code itself will detect if lastlog is a directory
5415AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5416AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5417#include <sys/types.h>
5418#include <utmp.h>
5419#ifdef HAVE_LASTLOG_H
5420#  include <lastlog.h>
5421#endif
5422#ifdef HAVE_PATHS_H
5423#  include <paths.h>
5424#endif
5425#ifdef HAVE_LOGIN_H
5426# include <login.h>
5427#endif
5428	]], [[ char *lastlog = LASTLOG_FILE; ]])],
5429		[ AC_MSG_RESULT([yes]) ],
5430		[
5431		AC_MSG_RESULT([no])
5432		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5433		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5434#include <sys/types.h>
5435#include <utmp.h>
5436#ifdef HAVE_LASTLOG_H
5437#  include <lastlog.h>
5438#endif
5439#ifdef HAVE_PATHS_H
5440#  include <paths.h>
5441#endif
5442		]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5443		[ AC_MSG_RESULT([yes]) ],
5444		[
5445			AC_MSG_RESULT([no])
5446			system_lastlog_path=no
5447		])
5448])
5449
5450if test -z "$conf_lastlog_location"; then
5451	if test x"$system_lastlog_path" = x"no" ; then
5452		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5453				if (test -d "$f" || test -f "$f") ; then
5454					conf_lastlog_location=$f
5455				fi
5456		done
5457		if test -z "$conf_lastlog_location"; then
5458			AC_MSG_WARN([** Cannot find lastlog **])
5459			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5460		fi
5461	fi
5462fi
5463
5464if test -n "$conf_lastlog_location"; then
5465	AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5466		[Define if you want to specify the path to your lastlog file])
5467fi
5468
5469dnl utmp detection
5470AC_MSG_CHECKING([if your system defines UTMP_FILE])
5471AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5472#include <sys/types.h>
5473#include <utmp.h>
5474#ifdef HAVE_PATHS_H
5475#  include <paths.h>
5476#endif
5477	]], [[ char *utmp = UTMP_FILE; ]])],
5478	[ AC_MSG_RESULT([yes]) ],
5479	[ AC_MSG_RESULT([no])
5480	  system_utmp_path=no
5481])
5482if test -z "$conf_utmp_location"; then
5483	if test x"$system_utmp_path" = x"no" ; then
5484		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5485			if test -f $f ; then
5486				conf_utmp_location=$f
5487			fi
5488		done
5489		if test -z "$conf_utmp_location"; then
5490			AC_DEFINE([DISABLE_UTMP])
5491		fi
5492	fi
5493fi
5494if test -n "$conf_utmp_location"; then
5495	AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5496		[Define if you want to specify the path to your utmp file])
5497fi
5498
5499dnl wtmp detection
5500AC_MSG_CHECKING([if your system defines WTMP_FILE])
5501AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5502#include <sys/types.h>
5503#include <utmp.h>
5504#ifdef HAVE_PATHS_H
5505#  include <paths.h>
5506#endif
5507	]], [[ char *wtmp = WTMP_FILE; ]])],
5508	[ AC_MSG_RESULT([yes]) ],
5509	[ AC_MSG_RESULT([no])
5510	  system_wtmp_path=no
5511])
5512if test -z "$conf_wtmp_location"; then
5513	if test x"$system_wtmp_path" = x"no" ; then
5514		for f in /usr/adm/wtmp /var/log/wtmp; do
5515			if test -f $f ; then
5516				conf_wtmp_location=$f
5517			fi
5518		done
5519		if test -z "$conf_wtmp_location"; then
5520			AC_DEFINE([DISABLE_WTMP])
5521		fi
5522	fi
5523fi
5524if test -n "$conf_wtmp_location"; then
5525	AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5526		[Define if you want to specify the path to your wtmp file])
5527fi
5528
5529dnl wtmpx detection
5530AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5531AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5532#include <sys/types.h>
5533#include <utmp.h>
5534#ifdef HAVE_UTMPX_H
5535#include <utmpx.h>
5536#endif
5537#ifdef HAVE_PATHS_H
5538#  include <paths.h>
5539#endif
5540	]], [[ char *wtmpx = WTMPX_FILE; ]])],
5541	[ AC_MSG_RESULT([yes]) ],
5542	[ AC_MSG_RESULT([no])
5543	  system_wtmpx_path=no
5544])
5545if test -z "$conf_wtmpx_location"; then
5546	if test x"$system_wtmpx_path" = x"no" ; then
5547		AC_DEFINE([DISABLE_WTMPX])
5548	fi
5549else
5550	AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5551		[Define if you want to specify the path to your wtmpx file])
5552fi
5553
5554
5555if test ! -z "$blibpath" ; then
5556	LDFLAGS="$LDFLAGS $blibflags$blibpath"
5557	AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5558fi
5559
5560AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5561    if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5562	AC_DEFINE([DISABLE_LASTLOG])
5563    fi
5564	], [
5565#ifdef HAVE_SYS_TYPES_H
5566#include <sys/types.h>
5567#endif
5568#ifdef HAVE_UTMP_H
5569#include <utmp.h>
5570#endif
5571#ifdef HAVE_UTMPX_H
5572#include <utmpx.h>
5573#endif
5574#ifdef HAVE_LASTLOG_H
5575#include <lastlog.h>
5576#endif
5577	])
5578
5579AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5580	AC_DEFINE([DISABLE_UTMP])
5581	AC_DEFINE([DISABLE_WTMP])
5582	], [
5583#ifdef HAVE_SYS_TYPES_H
5584#include <sys/types.h>
5585#endif
5586#ifdef HAVE_UTMP_H
5587#include <utmp.h>
5588#endif
5589#ifdef HAVE_UTMPX_H
5590#include <utmpx.h>
5591#endif
5592#ifdef HAVE_LASTLOG_H
5593#include <lastlog.h>
5594#endif
5595	])
5596
5597dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5598dnl Add now.
5599CFLAGS="$CFLAGS $werror_flags"
5600
5601if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5602	TEST_SSH_IPV6=no
5603else
5604	TEST_SSH_IPV6=yes
5605fi
5606AC_CHECK_DECL([BROKEN_GETADDRINFO],  [TEST_SSH_IPV6=no])
5607AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5608AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5609AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5610AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5611AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5612
5613CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5614LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5615
5616# Make a copy of CFLAGS/LDFLAGS without PIE options.
5617LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5618CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5619AC_SUBST([LDFLAGS_NOPIE])
5620AC_SUBST([CFLAGS_NOPIE])
5621
5622AC_EXEEXT
5623AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5624	openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5625	survey.sh])
5626AC_OUTPUT
5627
5628# Print summary of options
5629
5630# Someone please show me a better way :)
5631A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5632B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5633C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5634D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5635E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5636F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5637G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5638H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5639I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5640J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5641
5642echo ""
5643echo "OpenSSH has been configured with the following options:"
5644echo "                     User binaries: $B"
5645echo "                   System binaries: $C"
5646echo "               Configuration files: $D"
5647echo "                   Askpass program: $E"
5648echo "                      Manual pages: $F"
5649echo "                          PID file: $G"
5650echo "  Privilege separation chroot path: $H"
5651if test "x$external_path_file" = "x/etc/login.conf" ; then
5652echo "   At runtime, sshd will use the path defined in $external_path_file"
5653echo "   Make sure the path to scp is present, otherwise scp will not work"
5654else
5655echo "            sshd default user PATH: $I"
5656	if test ! -z "$external_path_file"; then
5657echo "   (If PATH is set in $external_path_file it will be used instead. If"
5658echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
5659	fi
5660fi
5661if test ! -z "$superuser_path" ; then
5662echo "          sshd superuser user PATH: $J"
5663fi
5664echo "                    Manpage format: $MANTYPE"
5665echo "                       PAM support: $PAM_MSG"
5666echo "                   OSF SIA support: $SIA_MSG"
5667echo "                 KerberosV support: $KRB5_MSG"
5668echo "                   SELinux support: $SELINUX_MSG"
5669echo "              TCP Wrappers support: $TCPW_MSG"
5670echo "                   libedit support: $LIBEDIT_MSG"
5671echo "                   libldns support: $LDNS_MSG"
5672echo "  Solaris process contract support: $SPC_MSG"
5673echo "           Solaris project support: $SP_MSG"
5674echo "         Solaris privilege support: $SPP_MSG"
5675echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5676echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5677echo "                  BSD Auth support: $BSD_AUTH_MSG"
5678echo "              Random number source: $RAND_MSG"
5679echo "             Privsep sandbox style: $SANDBOX_STYLE"
5680echo "                   PKCS#11 support: $enable_pkcs11"
5681echo "                  U2F/FIDO support: $enable_sk"
5682
5683echo ""
5684
5685echo "              Host: ${host}"
5686echo "          Compiler: ${CC}"
5687echo "    Compiler flags: ${CFLAGS}"
5688echo "Preprocessor flags: ${CPPFLAGS}"
5689echo "      Linker flags: ${LDFLAGS}"
5690echo "         Libraries: ${LIBS}"
5691if test ! -z "${CHANNELLIBS}"; then
5692echo "     +for channels: ${CHANNELLIBS}"
5693fi
5694if test ! -z "${LIBFIDO2}"; then
5695echo "        +for FIDO2: ${LIBFIDO2}"
5696fi
5697if test ! -z "${SSHDLIBS}"; then
5698echo "         +for sshd: ${SSHDLIBS}"
5699fi
5700
5701echo ""
5702
5703if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5704	echo "SVR4 style packages are supported with \"make package\""
5705	echo ""
5706fi
5707
5708if test "x$PAM_MSG" = "xyes" ; then
5709	echo "PAM is enabled. You may need to install a PAM control file "
5710	echo "for sshd, otherwise password authentication may fail. "
5711	echo "Example PAM control files can be found in the contrib/ "
5712	echo "subdirectory"
5713	echo ""
5714fi
5715
5716if test ! -z "$NO_PEERCHECK" ; then
5717	echo "WARNING: the operating system that you are using does not"
5718	echo "appear to support getpeereid(), getpeerucred() or the"
5719	echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5720	echo "enforce security checks to prevent unauthorised connections to"
5721	echo "ssh-agent. Their absence increases the risk that a malicious"
5722	echo "user can connect to your agent."
5723	echo ""
5724fi
5725
5726if test "$AUDIT_MODULE" = "bsm" ; then
5727	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5728	echo "See the Solaris section in README.platform for details."
5729fi
5730