1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18AC_REVISION($Revision: 1.583 $)
19AC_CONFIG_SRCDIR([ssh.c])
20AC_LANG([C])
21
22AC_CONFIG_HEADER([config.h])
23AC_PROG_CC
24AC_CANONICAL_HOST
25AC_C_BIGENDIAN
26
27# Checks for programs.
28AC_PROG_AWK
29AC_PROG_CPP
30AC_PROG_RANLIB
31AC_PROG_INSTALL
32AC_PROG_EGREP
33AC_CHECK_TOOLS([AR], [ar])
34AC_PATH_PROG([CAT], [cat])
35AC_PATH_PROG([KILL], [kill])
36AC_PATH_PROGS([PERL], [perl5 perl])
37AC_PATH_PROG([SED], [sed])
38AC_SUBST([PERL])
39AC_PATH_PROG([ENT], [ent])
40AC_SUBST([ENT])
41AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44AC_PATH_PROG([SH], [sh])
45AC_PATH_PROG([GROFF], [groff])
46AC_PATH_PROG([NROFF], [nroff])
47AC_PATH_PROG([MANDOC], [mandoc])
48AC_SUBST([TEST_SHELL], [sh])
49
50dnl select manpage formatter
51if test "x$MANDOC" != "x" ; then
52	MANFMT="$MANDOC"
53elif test "x$NROFF" != "x" ; then
54	MANFMT="$NROFF -mandoc"
55elif test "x$GROFF" != "x" ; then
56	MANFMT="$GROFF -mandoc -Tascii"
57else
58	AC_MSG_WARN([no manpage formatted found])
59	MANFMT="false"
60fi
61AC_SUBST([MANFMT])
62
63dnl for buildpkg.sh
64AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65	[/usr/sbin${PATH_SEPARATOR}/etc])
66AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67	[/usr/sbin${PATH_SEPARATOR}/etc])
68AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69if test -x /sbin/sh; then
70	AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
71else
72	AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
73fi
74
75# System features
76AC_SYS_LARGEFILE
77
78if test -z "$AR" ; then
79	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
80fi
81
82AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
83if test ! -z "$PATH_PASSWD_PROG" ; then
84	AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
85		[Full path of your "passwd" program])
86fi
87
88if test -z "$LD" ; then
89	LD=$CC
90fi
91AC_SUBST([LD])
92
93AC_C_INLINE
94
95AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
96AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
97	#include <sys/types.h>
98	#include <sys/param.h>
99	#include <dev/systrace.h>
100])
101AC_CHECK_DECL([RLIMIT_NPROC],
102    [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
103	#include <sys/types.h>
104	#include <sys/resource.h>
105])
106AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
107	#include <sys/types.h>
108	#include <linux/prctl.h>
109])
110
111openssl=yes
112ssh1=no
113COMMENT_OUT_RSA1="#no ssh1#"
114AC_ARG_WITH([openssl],
115	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
116	[  if test "x$withval" = "xno" ; then
117		openssl=no
118		ssh1=no
119	   fi
120	]
121)
122AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
123if test "x$openssl" = "xyes" ; then
124	AC_MSG_RESULT([yes])
125	AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
126else
127	AC_MSG_RESULT([no])
128fi
129
130AC_ARG_WITH([ssh1],
131	[  --with-ssh1             Enable support for SSH protocol 1],
132	[
133		if test "x$withval" = "xyes" ; then
134			if test "x$openssl" = "xno" ; then
135				AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
136			fi
137			ssh1=yes
138			COMMENT_OUT_RSA1=""
139		elif test "x$withval" = "xno" ; then
140			ssh1=no
141		else
142			AC_MSG_ERROR([unknown --with-ssh1 argument])
143		fi
144	]
145)
146AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
147if test "x$ssh1" = "xyes" ; then
148	AC_MSG_RESULT([yes])
149	AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
150	AC_SUBST([COMMENT_OUT_RSA1])
151else
152	AC_MSG_RESULT([no])
153fi
154
155use_stack_protector=1
156use_toolchain_hardening=1
157AC_ARG_WITH([stackprotect],
158    [  --without-stackprotect  Don't use compiler's stack protection], [
159    if test "x$withval" = "xno"; then
160	use_stack_protector=0
161    fi ])
162AC_ARG_WITH([hardening],
163    [  --without-hardening     Don't use toolchain hardening flags], [
164    if test "x$withval" = "xno"; then
165	use_toolchain_hardening=0
166    fi ])
167
168# We use -Werror for the tests only so that we catch warnings like "this is
169# on by default" for things like -fPIE.
170AC_MSG_CHECKING([if $CC supports -Werror])
171saved_CFLAGS="$CFLAGS"
172CFLAGS="$CFLAGS -Werror"
173AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
174	[ AC_MSG_RESULT([yes])
175	  WERROR="-Werror"],
176	[ AC_MSG_RESULT([no])
177	  WERROR="" ]
178)
179CFLAGS="$saved_CFLAGS"
180
181if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
182	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
183	OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
184	OSSH_CHECK_CFLAG_COMPILE([-Wall])
185	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
186	OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
187	OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
188	OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
189	OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
190	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
191	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
192	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
193	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
194    if test "x$use_toolchain_hardening" = "x1"; then
195	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
196	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
197	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
198	# NB. -ftrapv expects certain support functions to be present in
199	# the compiler library (libgcc or similar) to detect integer operations
200	# that can overflow. We must check that the result of enabling it
201	# actually links. The test program compiled/linked includes a number
202	# of integer operations that should exercise this.
203	OSSH_CHECK_CFLAG_LINK([-ftrapv])
204    fi
205	AC_MSG_CHECKING([gcc version])
206	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
207	case $GCC_VER in
208		1.*) no_attrib_nonnull=1 ;;
209		2.8* | 2.9*)
210		     no_attrib_nonnull=1
211		     ;;
212		2.*) no_attrib_nonnull=1 ;;
213		*) ;;
214	esac
215	AC_MSG_RESULT([$GCC_VER])
216
217	AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
218	saved_CFLAGS="$CFLAGS"
219	CFLAGS="$CFLAGS -fno-builtin-memset"
220	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
221			[[ char b[10]; memset(b, 0, sizeof(b)); ]])],
222		[ AC_MSG_RESULT([yes]) ],
223		[ AC_MSG_RESULT([no])
224		  CFLAGS="$saved_CFLAGS" ]
225	)
226
227	# -fstack-protector-all doesn't always work for some GCC versions
228	# and/or platforms, so we test if we can.  If it's not supported
229	# on a given platform gcc will emit a warning so we use -Werror.
230	if test "x$use_stack_protector" = "x1"; then
231	    for t in -fstack-protector-strong -fstack-protector-all \
232		    -fstack-protector; do
233		AC_MSG_CHECKING([if $CC supports $t])
234		saved_CFLAGS="$CFLAGS"
235		saved_LDFLAGS="$LDFLAGS"
236		CFLAGS="$CFLAGS $t -Werror"
237		LDFLAGS="$LDFLAGS $t -Werror"
238		AC_LINK_IFELSE(
239			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
240			[[
241	char x[256];
242	snprintf(x, sizeof(x), "XXX");
243			 ]])],
244		    [ AC_MSG_RESULT([yes])
245		      CFLAGS="$saved_CFLAGS $t"
246		      LDFLAGS="$saved_LDFLAGS $t"
247		      AC_MSG_CHECKING([if $t works])
248		      AC_RUN_IFELSE(
249			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
250			[[
251	char x[256];
252	snprintf(x, sizeof(x), "XXX");
253			]])],
254			[ AC_MSG_RESULT([yes])
255			  break ],
256			[ AC_MSG_RESULT([no]) ],
257			[ AC_MSG_WARN([cross compiling: cannot test])
258			  break ]
259		      )
260		    ],
261		    [ AC_MSG_RESULT([no]) ]
262		)
263		CFLAGS="$saved_CFLAGS"
264		LDFLAGS="$saved_LDFLAGS"
265	    done
266	fi
267
268	if test -z "$have_llong_max"; then
269		# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
270		unset ac_cv_have_decl_LLONG_MAX
271		saved_CFLAGS="$CFLAGS"
272		CFLAGS="$CFLAGS -std=gnu99"
273		AC_CHECK_DECL([LLONG_MAX],
274		    [have_llong_max=1],
275		    [CFLAGS="$saved_CFLAGS"],
276		    [#include <limits.h>]
277		)
278	fi
279fi
280
281AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
282AC_COMPILE_IFELSE(
283    [AC_LANG_PROGRAM([[
284#include <stdlib.h>
285__attribute__((__unused__)) static void foo(void){return;}]],
286    [[ exit(0); ]])],
287    [ AC_MSG_RESULT([yes]) ],
288    [ AC_MSG_RESULT([no])
289      AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
290	 [compiler does not accept __attribute__ on return types]) ]
291)
292
293if test "x$no_attrib_nonnull" != "x1" ; then
294	AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
295fi
296
297AC_ARG_WITH([rpath],
298	[  --without-rpath         Disable auto-added -R linker paths],
299	[
300		if test "x$withval" = "xno" ; then
301			need_dash_r=""
302		fi
303		if test "x$withval" = "xyes" ; then
304			need_dash_r=1
305		fi
306	]
307)
308
309# Allow user to specify flags
310AC_ARG_WITH([cflags],
311	[  --with-cflags           Specify additional flags to pass to compiler],
312	[
313		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
314		    test "x${withval}" != "xyes"; then
315			CFLAGS="$CFLAGS $withval"
316		fi
317	]
318)
319AC_ARG_WITH([cppflags],
320	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
321	[
322		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
323		    test "x${withval}" != "xyes"; then
324			CPPFLAGS="$CPPFLAGS $withval"
325		fi
326	]
327)
328AC_ARG_WITH([ldflags],
329	[  --with-ldflags          Specify additional flags to pass to linker],
330	[
331		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
332		    test "x${withval}" != "xyes"; then
333			LDFLAGS="$LDFLAGS $withval"
334		fi
335	]
336)
337AC_ARG_WITH([libs],
338	[  --with-libs             Specify additional libraries to link with],
339	[
340		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
341		    test "x${withval}" != "xyes"; then
342			LIBS="$LIBS $withval"
343		fi
344	]
345)
346AC_ARG_WITH([Werror],
347	[  --with-Werror           Build main code with -Werror],
348	[
349		if test -n "$withval"  &&  test "x$withval" != "xno"; then
350			werror_flags="-Werror"
351			if test "x${withval}" != "xyes"; then
352				werror_flags="$withval"
353			fi
354		fi
355	]
356)
357
358AC_CHECK_HEADERS([ \
359	blf.h \
360	bstring.h \
361	crypt.h \
362	crypto/sha2.h \
363	dirent.h \
364	endian.h \
365	elf.h \
366	err.h \
367	features.h \
368	fcntl.h \
369	floatingpoint.h \
370	getopt.h \
371	glob.h \
372	ia.h \
373	iaf.h \
374	inttypes.h \
375	langinfo.h \
376	limits.h \
377	locale.h \
378	login.h \
379	maillock.h \
380	ndir.h \
381	net/if_tun.h \
382	netdb.h \
383	netgroup.h \
384	pam/pam_appl.h \
385	paths.h \
386	poll.h \
387	pty.h \
388	readpassphrase.h \
389	rpc/types.h \
390	security/pam_appl.h \
391	sha2.h \
392	shadow.h \
393	stddef.h \
394	stdint.h \
395	string.h \
396	strings.h \
397	sys/audit.h \
398	sys/bitypes.h \
399	sys/bsdtty.h \
400	sys/capability.h \
401	sys/cdefs.h \
402	sys/dir.h \
403	sys/mman.h \
404	sys/ndir.h \
405	sys/poll.h \
406	sys/prctl.h \
407	sys/pstat.h \
408	sys/ptrace.h \
409	sys/select.h \
410	sys/stat.h \
411	sys/stream.h \
412	sys/stropts.h \
413	sys/strtio.h \
414	sys/statvfs.h \
415	sys/sysmacros.h \
416	sys/time.h \
417	sys/timers.h \
418	time.h \
419	tmpdir.h \
420	ttyent.h \
421	ucred.h \
422	unistd.h \
423	usersec.h \
424	util.h \
425	utime.h \
426	utmp.h \
427	utmpx.h \
428	vis.h \
429	wchar.h \
430])
431
432# lastlog.h requires sys/time.h to be included first on Solaris
433AC_CHECK_HEADERS([lastlog.h], [], [], [
434#ifdef HAVE_SYS_TIME_H
435# include <sys/time.h>
436#endif
437])
438
439# sys/ptms.h requires sys/stream.h to be included first on Solaris
440AC_CHECK_HEADERS([sys/ptms.h], [], [], [
441#ifdef HAVE_SYS_STREAM_H
442# include <sys/stream.h>
443#endif
444])
445
446# login_cap.h requires sys/types.h on NetBSD
447AC_CHECK_HEADERS([login_cap.h], [], [], [
448#include <sys/types.h>
449])
450
451# older BSDs need sys/param.h before sys/mount.h
452AC_CHECK_HEADERS([sys/mount.h], [], [], [
453#include <sys/param.h>
454])
455
456# Android requires sys/socket.h to be included before sys/un.h
457AC_CHECK_HEADERS([sys/un.h], [], [], [
458#include <sys/types.h>
459#include <sys/socket.h>
460])
461
462# Messages for features tested for in target-specific section
463SIA_MSG="no"
464SPC_MSG="no"
465SP_MSG="no"
466SPP_MSG="no"
467
468# Support for Solaris/Illumos privileges (this test is used by both
469# the --with-solaris-privs option and --with-sandbox=solaris).
470SOLARIS_PRIVS="no"
471
472# Check for some target-specific stuff
473case "$host" in
474*-*-aix*)
475	# Some versions of VAC won't allow macro redefinitions at
476	# -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
477	# particularly with older versions of vac or xlc.
478	# It also throws errors about null macro argments, but these are
479	# not fatal.
480	AC_MSG_CHECKING([if compiler allows macro redefinitions])
481	AC_COMPILE_IFELSE(
482	    [AC_LANG_PROGRAM([[
483#define testmacro foo
484#define testmacro bar]],
485	    [[ exit(0); ]])],
486	    [ AC_MSG_RESULT([yes]) ],
487	    [ AC_MSG_RESULT([no])
488	      CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
489	      LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
490	      CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
491	      CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
492	    ]
493	)
494
495	AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
496	if (test -z "$blibpath"); then
497		blibpath="/usr/lib:/lib"
498	fi
499	saved_LDFLAGS="$LDFLAGS"
500	if test "$GCC" = "yes"; then
501		flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
502	else
503		flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
504	fi
505	for tryflags in $flags ;do
506		if (test -z "$blibflags"); then
507			LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
508			AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
509			[blibflags=$tryflags], [])
510		fi
511	done
512	if (test -z "$blibflags"); then
513		AC_MSG_RESULT([not found])
514		AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
515	else
516		AC_MSG_RESULT([$blibflags])
517	fi
518	LDFLAGS="$saved_LDFLAGS"
519	dnl Check for authenticate.  Might be in libs.a on older AIXes
520	AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
521		[Define if you want to enable AIX4's authenticate function])],
522		[AC_CHECK_LIB([s], [authenticate],
523			[ AC_DEFINE([WITH_AIXAUTHENTICATE])
524				LIBS="$LIBS -ls"
525			])
526		])
527	dnl Check for various auth function declarations in headers.
528	AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
529	    passwdexpired, setauthdb], , , [#include <usersec.h>])
530	dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
531	AC_CHECK_DECLS([loginfailed],
532	    [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
533	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
534		[[ (void)loginfailed("user","host","tty",0); ]])],
535		[AC_MSG_RESULT([yes])
536		AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
537			[Define if your AIX loginfailed() function
538			takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
539	    ])],
540	    [],
541	    [#include <usersec.h>]
542	)
543	AC_CHECK_FUNCS([getgrset setauthdb])
544	AC_CHECK_DECL([F_CLOSEM],
545	    AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
546	    [],
547	    [ #include <limits.h>
548	      #include <fcntl.h> ]
549	)
550	check_for_aix_broken_getaddrinfo=1
551	AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
552	AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
553	    [Define if your platform breaks doing a seteuid before a setuid])
554	AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
555	AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
556	dnl AIX handles lastlog as part of its login message
557	AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
558	AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
559		[Some systems need a utmpx entry for /bin/login to work])
560	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
561		[Define to a Set Process Title type if your system is
562		supported by bsd-setproctitle.c])
563	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
564	    [AIX 5.2 and 5.3 (and presumably newer) require this])
565	AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
566	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
567	;;
568*-*-android*)
569	AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
570	AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
571	;;
572*-*-cygwin*)
573	check_for_libcrypt_later=1
574	LIBS="$LIBS /usr/lib/textreadmode.o"
575	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
576	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
577	AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
578		[Define to disable UID restoration test])
579	AC_DEFINE([DISABLE_SHADOW], [1],
580		[Define if you want to disable shadow passwords])
581	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
582		[Define if X11 doesn't support AF_UNIX sockets on that system])
583	AC_DEFINE([DISABLE_FD_PASSING], [1],
584		[Define if your platform needs to skip post auth
585		file descriptor passing])
586	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
587	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
588	# Cygwin defines optargs, optargs as declspec(dllimport) for historical
589	# reasons which cause compile warnings, so we disable those warnings.
590	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
591	;;
592*-*-dgux*)
593	AC_DEFINE([IP_TOS_IS_BROKEN], [1],
594		[Define if your system choked on IP TOS setting])
595	AC_DEFINE([SETEUID_BREAKS_SETUID])
596	AC_DEFINE([BROKEN_SETREUID])
597	AC_DEFINE([BROKEN_SETREGID])
598	;;
599*-*-darwin*)
600	use_pie=auto
601	AC_MSG_CHECKING([if we have working getaddrinfo])
602	AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
603main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
604		exit(0);
605	else
606		exit(1);
607}
608			]])],
609	[AC_MSG_RESULT([working])],
610	[AC_MSG_RESULT([buggy])
611	AC_DEFINE([BROKEN_GETADDRINFO], [1],
612		[getaddrinfo is broken (if present)])
613	],
614	[AC_MSG_RESULT([assume it is working])])
615	AC_DEFINE([SETEUID_BREAKS_SETUID])
616	AC_DEFINE([BROKEN_SETREUID])
617	AC_DEFINE([BROKEN_SETREGID])
618	AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
619	AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
620		[Define if your resolver libs need this for getrrsetbyname])
621	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
622	AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
623	    [Use tunnel device compatibility to OpenBSD])
624	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
625	    [Prepend the address family to IP tunnel traffic])
626	m4_pattern_allow([AU_IPv])
627	AC_CHECK_DECL([AU_IPv4], [],
628	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
629	    [#include <bsm/audit.h>]
630	AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
631	    [Define if pututxline updates lastlog too])
632	)
633	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
634		[Define to a Set Process Title type if your system is
635		supported by bsd-setproctitle.c])
636	AC_CHECK_FUNCS([sandbox_init])
637	AC_CHECK_HEADERS([sandbox.h])
638	AC_CHECK_LIB([sandbox], [sandbox_apply], [
639	    SSHDLIBS="$SSHDLIBS -lsandbox"
640	])
641	;;
642*-*-dragonfly*)
643	SSHDLIBS="$SSHDLIBS -lcrypt"
644	TEST_MALLOC_OPTIONS="AFGJPRX"
645	;;
646*-*-haiku*)
647	LIBS="$LIBS -lbsd "
648	AC_CHECK_LIB([network], [socket])
649	AC_DEFINE([HAVE_U_INT64_T])
650	MANTYPE=man
651	;;
652*-*-hpux*)
653	# first we define all of the options common to all HP-UX releases
654	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
655	IPADDR_IN_DISPLAY=yes
656	AC_DEFINE([USE_PIPES])
657	AC_DEFINE([LOGIN_NEEDS_UTMPX])
658	AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
659		[String used in /etc/passwd to denote locked account])
660	AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
661	AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
662	maildir="/var/mail"
663	LIBS="$LIBS -lsec"
664	AC_CHECK_LIB([xnet], [t_error], ,
665	    [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
666
667	# next, we define all of the options specific to major releases
668	case "$host" in
669	*-*-hpux10*)
670		if test -z "$GCC"; then
671			CFLAGS="$CFLAGS -Ae"
672		fi
673		;;
674	*-*-hpux11*)
675		AC_DEFINE([PAM_SUN_CODEBASE], [1],
676			[Define if you are using Solaris-derived PAM which
677			passes pam_messages to the conversation function
678			with an extra level of indirection])
679		AC_DEFINE([DISABLE_UTMP], [1],
680			[Define if you don't want to use utmp])
681		AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
682		check_for_hpux_broken_getaddrinfo=1
683		check_for_conflicting_getspnam=1
684		;;
685	esac
686
687	# lastly, we define options specific to minor releases
688	case "$host" in
689	*-*-hpux10.26)
690		AC_DEFINE([HAVE_SECUREWARE], [1],
691			[Define if you have SecureWare-based
692			protected password database])
693		disable_ptmx_check=yes
694		LIBS="$LIBS -lsecpw"
695		;;
696	esac
697	;;
698*-*-irix5*)
699	PATH="$PATH:/usr/etc"
700	AC_DEFINE([BROKEN_INET_NTOA], [1],
701		[Define if you system's inet_ntoa is busted
702		(e.g. Irix gcc issue)])
703	AC_DEFINE([SETEUID_BREAKS_SETUID])
704	AC_DEFINE([BROKEN_SETREUID])
705	AC_DEFINE([BROKEN_SETREGID])
706	AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
707		[Define if you shouldn't strip 'tty' from your
708		ttyname in [uw]tmp])
709	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
710	;;
711*-*-irix6*)
712	PATH="$PATH:/usr/etc"
713	AC_DEFINE([WITH_IRIX_ARRAY], [1],
714		[Define if you have/want arrays
715		(cluster-wide session managment, not C arrays)])
716	AC_DEFINE([WITH_IRIX_PROJECT], [1],
717		[Define if you want IRIX project management])
718	AC_DEFINE([WITH_IRIX_AUDIT], [1],
719		[Define if you want IRIX audit trails])
720	AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
721		[Define if you want IRIX kernel jobs])])
722	AC_DEFINE([BROKEN_INET_NTOA])
723	AC_DEFINE([SETEUID_BREAKS_SETUID])
724	AC_DEFINE([BROKEN_SETREUID])
725	AC_DEFINE([BROKEN_SETREGID])
726	AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
727	AC_DEFINE([WITH_ABBREV_NO_TTY])
728	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
729	;;
730*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
731	check_for_libcrypt_later=1
732	AC_DEFINE([PAM_TTY_KLUDGE])
733	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
734	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
735	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
736	AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
737	;;
738*-*-linux*)
739	no_dev_ptmx=1
740	use_pie=auto
741	check_for_libcrypt_later=1
742	check_for_openpty_ctty_bug=1
743	dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
744	dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
745	CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
746	AC_DEFINE([PAM_TTY_KLUDGE], [1],
747		[Work around problematic Linux PAM modules handling of PAM_TTY])
748	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
749		[String used in /etc/passwd to denote locked account])
750	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
751	AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
752		[Define to whatever link() returns for "not supported"
753		if it doesn't return EOPNOTSUPP.])
754	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
755	AC_DEFINE([USE_BTMP])
756	AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
757	inet6_default_4in6=yes
758	case `uname -r` in
759	1.*|2.0.*)
760		AC_DEFINE([BROKEN_CMSG_TYPE], [1],
761			[Define if cmsg_type is not passed correctly])
762		;;
763	esac
764	# tun(4) forwarding compat code
765	AC_CHECK_HEADERS([linux/if_tun.h])
766	if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
767		AC_DEFINE([SSH_TUN_LINUX], [1],
768		    [Open tunnel devices the Linux tun/tap way])
769		AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
770		    [Use tunnel device compatibility to OpenBSD])
771		AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
772		    [Prepend the address family to IP tunnel traffic])
773	fi
774	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
775	    [], [#include <linux/types.h>])
776	AC_MSG_CHECKING([for seccomp architecture])
777	seccomp_audit_arch=
778	case "$host" in
779	x86_64-*)
780		seccomp_audit_arch=AUDIT_ARCH_X86_64
781		;;
782	i*86-*)
783		seccomp_audit_arch=AUDIT_ARCH_I386
784		;;
785	arm*-*)
786		seccomp_audit_arch=AUDIT_ARCH_ARM
787		;;
788	aarch64*-*)
789		seccomp_audit_arch=AUDIT_ARCH_AARCH64
790		;;
791	s390x-*)
792		seccomp_audit_arch=AUDIT_ARCH_S390X
793		;;
794	s390-*)
795		seccomp_audit_arch=AUDIT_ARCH_S390
796		;;
797	powerpc64-*)
798		seccomp_audit_arch=AUDIT_ARCH_PPC64
799		;;
800	powerpc64le-*)
801		seccomp_audit_arch=AUDIT_ARCH_PPC64LE
802		;;
803	mips-*)
804		seccomp_audit_arch=AUDIT_ARCH_MIPS
805		;;
806	mipsel-*)
807		seccomp_audit_arch=AUDIT_ARCH_MIPSEL
808		;;
809	mips64-*)
810		seccomp_audit_arch=AUDIT_ARCH_MIPS64
811		;;
812	mips64el-*)
813		seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
814		;;
815	esac
816	if test "x$seccomp_audit_arch" != "x" ; then
817		AC_MSG_RESULT(["$seccomp_audit_arch"])
818		AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
819		    [Specify the system call convention in use])
820	else
821		AC_MSG_RESULT([architecture not supported])
822	fi
823	;;
824mips-sony-bsd|mips-sony-newsos4)
825	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
826	SONY=1
827	;;
828*-*-netbsd*)
829	check_for_libcrypt_before=1
830	if test "x$withval" != "xno" ; then
831		need_dash_r=1
832	fi
833	CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
834	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
835	AC_CHECK_HEADER([net/if_tap.h], ,
836	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
837	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
838	    [Prepend the address family to IP tunnel traffic])
839	TEST_MALLOC_OPTIONS="AJRX"
840	AC_DEFINE([BROKEN_READ_COMPARISON], [1],
841	    [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
842	;;
843*-*-freebsd*)
844	check_for_libcrypt_later=1
845	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
846	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
847	AC_CHECK_HEADER([net/if_tap.h], ,
848	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
849	AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
850	TEST_MALLOC_OPTIONS="AJRX"
851	# Preauth crypto occasionally uses file descriptors for crypto offload
852	# and will crash if they cannot be opened.
853	AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
854	    [define if setrlimit RLIMIT_NOFILE breaks things])
855	;;
856*-*-bsdi*)
857	AC_DEFINE([SETEUID_BREAKS_SETUID])
858	AC_DEFINE([BROKEN_SETREUID])
859	AC_DEFINE([BROKEN_SETREGID])
860	;;
861*-next-*)
862	conf_lastlog_location="/usr/adm/lastlog"
863	conf_utmp_location=/etc/utmp
864	conf_wtmp_location=/usr/adm/wtmp
865	maildir=/usr/spool/mail
866	AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
867	AC_DEFINE([BROKEN_REALPATH])
868	AC_DEFINE([USE_PIPES])
869	AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
870	;;
871*-*-openbsd*)
872	use_pie=auto
873	AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
874	AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
875	AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
876	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
877	    [syslog_r function is safe to use in in a signal handler])
878	TEST_MALLOC_OPTIONS="AFGJPRX"
879	;;
880*-*-solaris*)
881	if test "x$withval" != "xno" ; then
882		need_dash_r=1
883	fi
884	AC_DEFINE([PAM_SUN_CODEBASE])
885	AC_DEFINE([LOGIN_NEEDS_UTMPX])
886	AC_DEFINE([PAM_TTY_KLUDGE])
887	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
888		[Define if pam_chauthtok wants real uid set
889		to the unpriv'ed user])
890	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
891	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
892	AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
893		[Define if sshd somehow reacquires a controlling TTY
894		after setsid()])
895	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
896		in case the name is longer than 8 chars])
897	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
898	external_path_file=/etc/default/login
899	# hardwire lastlog location (can't detect it on some versions)
900	conf_lastlog_location="/var/adm/lastlog"
901	AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
902	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
903	if test "$sol2ver" -ge 8; then
904		AC_MSG_RESULT([yes])
905		AC_DEFINE([DISABLE_UTMP])
906		AC_DEFINE([DISABLE_WTMP], [1],
907			[Define if you don't want to use wtmp])
908	else
909		AC_MSG_RESULT([no])
910	fi
911	AC_CHECK_FUNCS([setpflags])
912	AC_CHECK_FUNCS([setppriv])
913	AC_CHECK_FUNCS([priv_basicset])
914	AC_CHECK_HEADERS([priv.h])
915	AC_ARG_WITH([solaris-contracts],
916		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
917		[
918		AC_CHECK_LIB([contract], [ct_tmpl_activate],
919			[ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
920				[Define if you have Solaris process contracts])
921			  LIBS="$LIBS -lcontract"
922			  SPC_MSG="yes" ], )
923		],
924	)
925	AC_ARG_WITH([solaris-projects],
926		[  --with-solaris-projects Enable Solaris projects (experimental)],
927		[
928		AC_CHECK_LIB([project], [setproject],
929			[ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
930				[Define if you have Solaris projects])
931			LIBS="$LIBS -lproject"
932			SP_MSG="yes" ], )
933		],
934	)
935	AC_ARG_WITH([solaris-privs],
936		[  --with-solaris-privs    Enable Solaris/Illumos privileges (experimental)],
937		[
938		AC_MSG_CHECKING([for Solaris/Illumos privilege support])
939		if test "x$ac_cv_func_setppriv" = "xyes" -a \
940			"x$ac_cv_header_priv_h" = "xyes" ; then
941			SOLARIS_PRIVS=yes
942			AC_MSG_RESULT([found])
943			AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
944				[Define to disable UID restoration test])
945			AC_DEFINE([USE_SOLARIS_PRIVS], [1],
946				[Define if you have Solaris privileges])
947			SPP_MSG="yes"
948		else
949			AC_MSG_RESULT([not found])
950			AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
951		fi
952		],
953	)
954	TEST_SHELL=$SHELL	# let configure find us a capable shell
955	;;
956*-*-sunos4*)
957	CPPFLAGS="$CPPFLAGS -DSUNOS4"
958	AC_CHECK_FUNCS([getpwanam])
959	AC_DEFINE([PAM_SUN_CODEBASE])
960	conf_utmp_location=/etc/utmp
961	conf_wtmp_location=/var/adm/wtmp
962	conf_lastlog_location=/var/adm/lastlog
963	AC_DEFINE([USE_PIPES])
964	;;
965*-ncr-sysv*)
966	LIBS="$LIBS -lc89"
967	AC_DEFINE([USE_PIPES])
968	AC_DEFINE([SSHD_ACQUIRES_CTTY])
969	AC_DEFINE([SETEUID_BREAKS_SETUID])
970	AC_DEFINE([BROKEN_SETREUID])
971	AC_DEFINE([BROKEN_SETREGID])
972	;;
973*-sni-sysv*)
974	# /usr/ucblib MUST NOT be searched on ReliantUNIX
975	AC_CHECK_LIB([dl], [dlsym], ,)
976	# -lresolv needs to be at the end of LIBS or DNS lookups break
977	AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
978	IPADDR_IN_DISPLAY=yes
979	AC_DEFINE([USE_PIPES])
980	AC_DEFINE([IP_TOS_IS_BROKEN])
981	AC_DEFINE([SETEUID_BREAKS_SETUID])
982	AC_DEFINE([BROKEN_SETREUID])
983	AC_DEFINE([BROKEN_SETREGID])
984	AC_DEFINE([SSHD_ACQUIRES_CTTY])
985	external_path_file=/etc/default/login
986	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
987	# Attention: always take care to bind libsocket and libnsl before libc,
988	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
989	;;
990# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
991*-*-sysv4.2*)
992	AC_DEFINE([USE_PIPES])
993	AC_DEFINE([SETEUID_BREAKS_SETUID])
994	AC_DEFINE([BROKEN_SETREUID])
995	AC_DEFINE([BROKEN_SETREGID])
996	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
997	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
998	TEST_SHELL=$SHELL	# let configure find us a capable shell
999	;;
1000# UnixWare 7.x, OpenUNIX 8
1001*-*-sysv5*)
1002	CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1003	AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1004	AC_DEFINE([USE_PIPES])
1005	AC_DEFINE([SETEUID_BREAKS_SETUID])
1006	AC_DEFINE([BROKEN_GETADDRINFO])
1007	AC_DEFINE([BROKEN_SETREUID])
1008	AC_DEFINE([BROKEN_SETREGID])
1009	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1010	TEST_SHELL=$SHELL	# let configure find us a capable shell
1011	case "$host" in
1012	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
1013		maildir=/var/spool/mail
1014		AC_DEFINE([BROKEN_LIBIAF], [1],
1015			[ia_uinfo routines not supported by OS yet])
1016		AC_DEFINE([BROKEN_UPDWTMPX])
1017		AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1018			AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1019			AC_DEFINE([HAVE_SECUREWARE])
1020			AC_DEFINE([DISABLE_SHADOW])
1021			], , )
1022		;;
1023	*)	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1024		check_for_libcrypt_later=1
1025		;;
1026	esac
1027	;;
1028*-*-sysv*)
1029	;;
1030# SCO UNIX and OEM versions of SCO UNIX
1031*-*-sco3.2v4*)
1032	AC_MSG_ERROR("This Platform is no longer supported.")
1033	;;
1034# SCO OpenServer 5.x
1035*-*-sco3.2v5*)
1036	if test -z "$GCC"; then
1037		CFLAGS="$CFLAGS -belf"
1038	fi
1039	LIBS="$LIBS -lprot -lx -ltinfo -lm"
1040	no_dev_ptmx=1
1041	AC_DEFINE([USE_PIPES])
1042	AC_DEFINE([HAVE_SECUREWARE])
1043	AC_DEFINE([DISABLE_SHADOW])
1044	AC_DEFINE([DISABLE_FD_PASSING])
1045	AC_DEFINE([SETEUID_BREAKS_SETUID])
1046	AC_DEFINE([BROKEN_GETADDRINFO])
1047	AC_DEFINE([BROKEN_SETREUID])
1048	AC_DEFINE([BROKEN_SETREGID])
1049	AC_DEFINE([WITH_ABBREV_NO_TTY])
1050	AC_DEFINE([BROKEN_UPDWTMPX])
1051	AC_DEFINE([PASSWD_NEEDS_USERNAME])
1052	AC_CHECK_FUNCS([getluid setluid])
1053	MANTYPE=man
1054	TEST_SHELL=$SHELL	# let configure find us a capable shell
1055	SKIP_DISABLE_LASTLOG_DEFINE=yes
1056	;;
1057*-*-unicosmk*)
1058	AC_DEFINE([NO_SSH_LASTLOG], [1],
1059		[Define if you don't want to use lastlog in session.c])
1060	AC_DEFINE([SETEUID_BREAKS_SETUID])
1061	AC_DEFINE([BROKEN_SETREUID])
1062	AC_DEFINE([BROKEN_SETREGID])
1063	AC_DEFINE([USE_PIPES])
1064	AC_DEFINE([DISABLE_FD_PASSING])
1065	LDFLAGS="$LDFLAGS"
1066	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1067	MANTYPE=cat
1068	;;
1069*-*-unicosmp*)
1070	AC_DEFINE([SETEUID_BREAKS_SETUID])
1071	AC_DEFINE([BROKEN_SETREUID])
1072	AC_DEFINE([BROKEN_SETREGID])
1073	AC_DEFINE([WITH_ABBREV_NO_TTY])
1074	AC_DEFINE([USE_PIPES])
1075	AC_DEFINE([DISABLE_FD_PASSING])
1076	LDFLAGS="$LDFLAGS"
1077	LIBS="$LIBS -lgen -lacid -ldb"
1078	MANTYPE=cat
1079	;;
1080*-*-unicos*)
1081	AC_DEFINE([SETEUID_BREAKS_SETUID])
1082	AC_DEFINE([BROKEN_SETREUID])
1083	AC_DEFINE([BROKEN_SETREGID])
1084	AC_DEFINE([USE_PIPES])
1085	AC_DEFINE([DISABLE_FD_PASSING])
1086	AC_DEFINE([NO_SSH_LASTLOG])
1087	LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1088	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1089	MANTYPE=cat
1090	;;
1091*-dec-osf*)
1092	AC_MSG_CHECKING([for Digital Unix SIA])
1093	no_osfsia=""
1094	AC_ARG_WITH([osfsia],
1095		[  --with-osfsia           Enable Digital Unix SIA],
1096		[
1097			if test "x$withval" = "xno" ; then
1098				AC_MSG_RESULT([disabled])
1099				no_osfsia=1
1100			fi
1101		],
1102	)
1103	if test -z "$no_osfsia" ; then
1104		if test -f /etc/sia/matrix.conf; then
1105			AC_MSG_RESULT([yes])
1106			AC_DEFINE([HAVE_OSF_SIA], [1],
1107				[Define if you have Digital Unix Security
1108				Integration Architecture])
1109			AC_DEFINE([DISABLE_LOGIN], [1],
1110				[Define if you don't want to use your
1111				system's login() call])
1112			AC_DEFINE([DISABLE_FD_PASSING])
1113			LIBS="$LIBS -lsecurity -ldb -lm -laud"
1114			SIA_MSG="yes"
1115		else
1116			AC_MSG_RESULT([no])
1117			AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1118			  [String used in /etc/passwd to denote locked account])
1119		fi
1120	fi
1121	AC_DEFINE([BROKEN_GETADDRINFO])
1122	AC_DEFINE([SETEUID_BREAKS_SETUID])
1123	AC_DEFINE([BROKEN_SETREUID])
1124	AC_DEFINE([BROKEN_SETREGID])
1125	AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1126	;;
1127
1128*-*-nto-qnx*)
1129	AC_DEFINE([USE_PIPES])
1130	AC_DEFINE([NO_X11_UNIX_SOCKETS])
1131	AC_DEFINE([DISABLE_LASTLOG])
1132	AC_DEFINE([SSHD_ACQUIRES_CTTY])
1133	AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1134	enable_etc_default_login=no	# has incompatible /etc/default/login
1135	case "$host" in
1136	*-*-nto-qnx6*)
1137		AC_DEFINE([DISABLE_FD_PASSING])
1138		;;
1139	esac
1140	;;
1141
1142*-*-ultrix*)
1143	AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1144	AC_DEFINE([NEED_SETPGRP])
1145	AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1146	;;
1147
1148*-*-lynxos)
1149	CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1150	AC_DEFINE([BROKEN_SETVBUF], [1],
1151	    [LynxOS has broken setvbuf() implementation])
1152	;;
1153esac
1154
1155AC_MSG_CHECKING([compiler and flags for sanity])
1156AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1157	[	AC_MSG_RESULT([yes]) ],
1158	[
1159		AC_MSG_RESULT([no])
1160		AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1161	],
1162	[	AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1163)
1164
1165dnl Checks for header files.
1166# Checks for libraries.
1167AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1168
1169dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1170AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1171	AC_CHECK_LIB([gen], [dirname], [
1172		AC_CACHE_CHECK([for broken dirname],
1173			ac_cv_have_broken_dirname, [
1174			save_LIBS="$LIBS"
1175			LIBS="$LIBS -lgen"
1176			AC_RUN_IFELSE(
1177				[AC_LANG_SOURCE([[
1178#include <libgen.h>
1179#include <string.h>
1180
1181int main(int argc, char **argv) {
1182    char *s, buf[32];
1183
1184    strncpy(buf,"/etc", 32);
1185    s = dirname(buf);
1186    if (!s || strncmp(s, "/", 32) != 0) {
1187	exit(1);
1188    } else {
1189	exit(0);
1190    }
1191}
1192				]])],
1193				[ ac_cv_have_broken_dirname="no" ],
1194				[ ac_cv_have_broken_dirname="yes" ],
1195				[ ac_cv_have_broken_dirname="no" ],
1196			)
1197			LIBS="$save_LIBS"
1198		])
1199		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1200			LIBS="$LIBS -lgen"
1201			AC_DEFINE([HAVE_DIRNAME])
1202			AC_CHECK_HEADERS([libgen.h])
1203		fi
1204	])
1205])
1206
1207AC_CHECK_FUNC([getspnam], ,
1208	[AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1209AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1210	[Define if you have the basename function.])])
1211
1212dnl zlib is required
1213AC_ARG_WITH([zlib],
1214	[  --with-zlib=PATH        Use zlib in PATH],
1215	[ if test "x$withval" = "xno" ; then
1216		AC_MSG_ERROR([*** zlib is required ***])
1217	  elif test "x$withval" != "xyes"; then
1218		if test -d "$withval/lib"; then
1219			if test -n "${need_dash_r}"; then
1220				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1221			else
1222				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1223			fi
1224		else
1225			if test -n "${need_dash_r}"; then
1226				LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1227			else
1228				LDFLAGS="-L${withval} ${LDFLAGS}"
1229			fi
1230		fi
1231		if test -d "$withval/include"; then
1232			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1233		else
1234			CPPFLAGS="-I${withval} ${CPPFLAGS}"
1235		fi
1236	fi ]
1237)
1238
1239AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1240AC_CHECK_LIB([z], [deflate], ,
1241	[
1242		saved_CPPFLAGS="$CPPFLAGS"
1243		saved_LDFLAGS="$LDFLAGS"
1244		save_LIBS="$LIBS"
1245		dnl Check default zlib install dir
1246		if test -n "${need_dash_r}"; then
1247			LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1248		else
1249			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1250		fi
1251		CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1252		LIBS="$LIBS -lz"
1253		AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1254			[
1255				AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1256			]
1257		)
1258	]
1259)
1260
1261AC_ARG_WITH([zlib-version-check],
1262	[  --without-zlib-version-check Disable zlib version check],
1263	[  if test "x$withval" = "xno" ; then
1264		zlib_check_nonfatal=1
1265	   fi
1266	]
1267)
1268
1269AC_MSG_CHECKING([for possibly buggy zlib])
1270AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1271#include <stdio.h>
1272#include <stdlib.h>
1273#include <zlib.h>
1274	]],
1275	[[
1276	int a=0, b=0, c=0, d=0, n, v;
1277	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1278	if (n != 3 && n != 4)
1279		exit(1);
1280	v = a*1000000 + b*10000 + c*100 + d;
1281	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1282
1283	/* 1.1.4 is OK */
1284	if (a == 1 && b == 1 && c >= 4)
1285		exit(0);
1286
1287	/* 1.2.3 and up are OK */
1288	if (v >= 1020300)
1289		exit(0);
1290
1291	exit(2);
1292	]])],
1293	AC_MSG_RESULT([no]),
1294	[ AC_MSG_RESULT([yes])
1295	  if test -z "$zlib_check_nonfatal" ; then
1296		AC_MSG_ERROR([*** zlib too old - check config.log ***
1297Your reported zlib version has known security problems.  It's possible your
1298vendor has fixed these problems without changing the version number.  If you
1299are sure this is the case, you can disable the check by running
1300"./configure --without-zlib-version-check".
1301If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1302See http://www.gzip.org/zlib/ for details.])
1303	  else
1304		AC_MSG_WARN([zlib version may have security problems])
1305	  fi
1306	],
1307	[	AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1308)
1309
1310dnl UnixWare 2.x
1311AC_CHECK_FUNC([strcasecmp],
1312	[], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1313)
1314AC_CHECK_FUNCS([utimes],
1315	[], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1316					LIBS="$LIBS -lc89"]) ]
1317)
1318
1319dnl    Checks for libutil functions
1320AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1321AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1322AC_SEARCH_LIBS([scan_scaled], [util bsd])
1323AC_SEARCH_LIBS([login], [util bsd])
1324AC_SEARCH_LIBS([logout], [util bsd])
1325AC_SEARCH_LIBS([logwtmp], [util bsd])
1326AC_SEARCH_LIBS([openpty], [util bsd])
1327AC_SEARCH_LIBS([updwtmp], [util bsd])
1328AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1329
1330# On some platforms, inet_ntop and gethostbyname may be found in libresolv
1331# or libnsl.
1332AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1333AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1334
1335AC_FUNC_STRFTIME
1336
1337# Check for ALTDIRFUNC glob() extension
1338AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1339AC_EGREP_CPP([FOUNDIT],
1340	[
1341		#include <glob.h>
1342		#ifdef GLOB_ALTDIRFUNC
1343		FOUNDIT
1344		#endif
1345	],
1346	[
1347		AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1348			[Define if your system glob() function has
1349			the GLOB_ALTDIRFUNC extension])
1350		AC_MSG_RESULT([yes])
1351	],
1352	[
1353		AC_MSG_RESULT([no])
1354	]
1355)
1356
1357# Check for g.gl_matchc glob() extension
1358AC_MSG_CHECKING([for gl_matchc field in glob_t])
1359AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1360	[[ glob_t g; g.gl_matchc = 1; ]])],
1361	[
1362		AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1363			[Define if your system glob() function has
1364			gl_matchc options in glob_t])
1365		AC_MSG_RESULT([yes])
1366	], [
1367		AC_MSG_RESULT([no])
1368])
1369
1370# Check for g.gl_statv glob() extension
1371AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1372AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1373#ifndef GLOB_KEEPSTAT
1374#error "glob does not support GLOB_KEEPSTAT extension"
1375#endif
1376glob_t g;
1377g.gl_statv = NULL;
1378]])],
1379	[
1380		AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1381			[Define if your system glob() function has
1382			gl_statv options in glob_t])
1383		AC_MSG_RESULT([yes])
1384	], [
1385		AC_MSG_RESULT([no])
1386
1387])
1388
1389AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1390
1391AC_CHECK_DECL([VIS_ALL], ,
1392    AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1393
1394AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1395AC_RUN_IFELSE(
1396	[AC_LANG_PROGRAM([[
1397#include <sys/types.h>
1398#include <dirent.h>]],
1399	[[
1400	struct dirent d;
1401	exit(sizeof(d.d_name)<=sizeof(char));
1402	]])],
1403	[AC_MSG_RESULT([yes])],
1404	[
1405		AC_MSG_RESULT([no])
1406		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1407			[Define if your struct dirent expects you to
1408			allocate extra space for d_name])
1409	],
1410	[
1411		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1412		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1413	]
1414)
1415
1416AC_MSG_CHECKING([for /proc/pid/fd directory])
1417if test -d "/proc/$$/fd" ; then
1418	AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1419	AC_MSG_RESULT([yes])
1420else
1421	AC_MSG_RESULT([no])
1422fi
1423
1424# Check whether user wants S/Key support
1425SKEY_MSG="no"
1426AC_ARG_WITH([skey],
1427	[  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
1428	[
1429		if test "x$withval" != "xno" ; then
1430
1431			if test "x$withval" != "xyes" ; then
1432				CPPFLAGS="$CPPFLAGS -I${withval}/include"
1433				LDFLAGS="$LDFLAGS -L${withval}/lib"
1434			fi
1435
1436			AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1437			LIBS="-lskey $LIBS"
1438			SKEY_MSG="yes"
1439
1440			AC_MSG_CHECKING([for s/key support])
1441			AC_LINK_IFELSE(
1442				[AC_LANG_PROGRAM([[
1443#include <stdio.h>
1444#include <skey.h>
1445				]], [[
1446	char *ff = skey_keyinfo(""); ff="";
1447	exit(0);
1448				]])],
1449				[AC_MSG_RESULT([yes])],
1450				[
1451					AC_MSG_RESULT([no])
1452					AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1453				])
1454			AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1455			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1456#include <stdio.h>
1457#include <skey.h>
1458				]], [[
1459	(void)skeychallenge(NULL,"name","",0);
1460				]])],
1461			[
1462				AC_MSG_RESULT([yes])
1463				AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1464					[Define if your skeychallenge()
1465					function takes 4 arguments (NetBSD)])],
1466			[
1467				AC_MSG_RESULT([no])
1468			])
1469		fi
1470	]
1471)
1472
1473# Check whether user wants to use ldns
1474LDNS_MSG="no"
1475AC_ARG_WITH(ldns,
1476	[  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
1477	[
1478	ldns=""
1479	if test "x$withval" = "xyes" ; then
1480		AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1481		if test "x$PKGCONFIG" = "xno"; then
1482			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1483			LDFLAGS="$LDFLAGS -L${withval}/lib"
1484			LIBS="-lldns $LIBS"
1485			ldns=yes
1486		else
1487			LIBS="$LIBS `$LDNSCONFIG --libs`"
1488			CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1489		fi
1490	elif test "x$withval" != "xno" ; then
1491			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1492			LDFLAGS="$LDFLAGS -L${withval}/lib"
1493			LIBS="-lldns $LIBS"
1494			ldns=yes
1495	fi
1496
1497	# Verify that it works.
1498	if test "x$ldns" = "xyes" ; then
1499		AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1500		LDNS_MSG="yes"
1501		AC_MSG_CHECKING([for ldns support])
1502		AC_LINK_IFELSE(
1503			[AC_LANG_SOURCE([[
1504#include <stdio.h>
1505#include <stdlib.h>
1506#include <stdint.h>
1507#include <ldns/ldns.h>
1508int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1509			]])
1510		],
1511			[AC_MSG_RESULT(yes)],
1512				[
1513					AC_MSG_RESULT(no)
1514					AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1515				])
1516	fi
1517])
1518
1519# Check whether user wants libedit support
1520LIBEDIT_MSG="no"
1521AC_ARG_WITH([libedit],
1522	[  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1523	[ if test "x$withval" != "xno" ; then
1524		if test "x$withval" = "xyes" ; then
1525			AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1526			if test "x$PKGCONFIG" != "xno"; then
1527				AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1528				if "$PKGCONFIG" libedit; then
1529					AC_MSG_RESULT([yes])
1530					use_pkgconfig_for_libedit=yes
1531				else
1532					AC_MSG_RESULT([no])
1533				fi
1534			fi
1535		else
1536			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1537			if test -n "${need_dash_r}"; then
1538				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1539			else
1540				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1541			fi
1542		fi
1543		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1544			LIBEDIT=`$PKGCONFIG --libs libedit`
1545			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1546		else
1547			LIBEDIT="-ledit -lcurses"
1548		fi
1549		OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1550		AC_CHECK_LIB([edit], [el_init],
1551			[ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1552			  LIBEDIT_MSG="yes"
1553			  AC_SUBST([LIBEDIT])
1554			],
1555			[ AC_MSG_ERROR([libedit not found]) ],
1556			[ $OTHERLIBS ]
1557		)
1558		AC_MSG_CHECKING([if libedit version is compatible])
1559		AC_COMPILE_IFELSE(
1560		    [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1561		    [[
1562	int i = H_SETSIZE;
1563	el_init("", NULL, NULL, NULL);
1564	exit(0);
1565		    ]])],
1566		    [ AC_MSG_RESULT([yes]) ],
1567		    [ AC_MSG_RESULT([no])
1568		      AC_MSG_ERROR([libedit version is not compatible]) ]
1569		)
1570	fi ]
1571)
1572
1573AUDIT_MODULE=none
1574AC_ARG_WITH([audit],
1575	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
1576	[
1577	  AC_MSG_CHECKING([for supported audit module])
1578	  case "$withval" in
1579	  bsm)
1580		AC_MSG_RESULT([bsm])
1581		AUDIT_MODULE=bsm
1582		dnl    Checks for headers, libs and functions
1583		AC_CHECK_HEADERS([bsm/audit.h], [],
1584		    [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1585		    [
1586#ifdef HAVE_TIME_H
1587# include <time.h>
1588#endif
1589		    ]
1590)
1591		AC_CHECK_LIB([bsm], [getaudit], [],
1592		    [AC_MSG_ERROR([BSM enabled and required library not found])])
1593		AC_CHECK_FUNCS([getaudit], [],
1594		    [AC_MSG_ERROR([BSM enabled and required function not found])])
1595		# These are optional
1596		AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1597		AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1598		if test "$sol2ver" -ge 11; then
1599			SSHDLIBS="$SSHDLIBS -lscf"
1600			AC_DEFINE([BROKEN_BSM_API], [1],
1601				[The system has incomplete BSM API])
1602		fi
1603		;;
1604	  linux)
1605		AC_MSG_RESULT([linux])
1606		AUDIT_MODULE=linux
1607		dnl    Checks for headers, libs and functions
1608		AC_CHECK_HEADERS([libaudit.h])
1609		SSHDLIBS="$SSHDLIBS -laudit"
1610		AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1611		;;
1612	  debug)
1613		AUDIT_MODULE=debug
1614		AC_MSG_RESULT([debug])
1615		AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1616		;;
1617	  no)
1618		AC_MSG_RESULT([no])
1619		;;
1620	  *)
1621		AC_MSG_ERROR([Unknown audit module $withval])
1622		;;
1623	esac ]
1624)
1625
1626AC_ARG_WITH([pie],
1627    [  --with-pie              Build Position Independent Executables if possible], [
1628	if test "x$withval" = "xno"; then
1629		use_pie=no
1630	fi
1631	if test "x$withval" = "xyes"; then
1632		use_pie=yes
1633	fi
1634    ]
1635)
1636if test "x$use_pie" = "x"; then
1637	use_pie=no
1638fi
1639if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1640	# Turn off automatic PIE when toolchain hardening is off.
1641	use_pie=no
1642fi
1643if test "x$use_pie" = "xauto"; then
1644	# Automatic PIE requires gcc >= 4.x
1645	AC_MSG_CHECKING([for gcc >= 4.x])
1646	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1647#if !defined(__GNUC__) || __GNUC__ < 4
1648#error gcc is too old
1649#endif
1650]])],
1651	[ AC_MSG_RESULT([yes]) ],
1652	[ AC_MSG_RESULT([no])
1653	  use_pie=no ]
1654)
1655fi
1656if test "x$use_pie" != "xno"; then
1657	SAVED_CFLAGS="$CFLAGS"
1658	SAVED_LDFLAGS="$LDFLAGS"
1659	OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1660	OSSH_CHECK_LDFLAG_LINK([-pie])
1661	# We use both -fPIE and -pie or neither.
1662	AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1663	if echo "x $CFLAGS"  | grep ' -fPIE' >/dev/null 2>&1 && \
1664	   echo "x $LDFLAGS" | grep ' -pie'  >/dev/null 2>&1 ; then
1665		AC_MSG_RESULT([yes])
1666	else
1667		AC_MSG_RESULT([no])
1668		CFLAGS="$SAVED_CFLAGS"
1669		LDFLAGS="$SAVED_LDFLAGS"
1670	fi
1671fi
1672
1673dnl    Checks for library functions. Please keep in alphabetical order
1674AC_CHECK_FUNCS([ \
1675	Blowfish_initstate \
1676	Blowfish_expandstate \
1677	Blowfish_expand0state \
1678	Blowfish_stream2word \
1679	asprintf \
1680	b64_ntop \
1681	__b64_ntop \
1682	b64_pton \
1683	__b64_pton \
1684	bcopy \
1685	bcrypt_pbkdf \
1686	bindresvport_sa \
1687	blf_enc \
1688	cap_rights_limit \
1689	clock \
1690	closefrom \
1691	dirfd \
1692	endgrent \
1693	err \
1694	errx \
1695	explicit_bzero \
1696	fchmod \
1697	fchown \
1698	freeaddrinfo \
1699	fstatfs \
1700	fstatvfs \
1701	futimes \
1702	getaddrinfo \
1703	getcwd \
1704	getgrouplist \
1705	getnameinfo \
1706	getopt \
1707	getpeereid \
1708	getpeerucred \
1709	getpgid \
1710	getpgrp \
1711	_getpty \
1712	getrlimit \
1713	getttyent \
1714	glob \
1715	group_from_gid \
1716	inet_aton \
1717	inet_ntoa \
1718	inet_ntop \
1719	innetgr \
1720	llabs \
1721	login_getcapbool \
1722	md5_crypt \
1723	memmove \
1724	memset_s \
1725	mkdtemp \
1726	ngetaddrinfo \
1727	nsleep \
1728	ogetaddrinfo \
1729	openlog_r \
1730	pledge \
1731	poll \
1732	prctl \
1733	pstat \
1734	readpassphrase \
1735	reallocarray \
1736	recvmsg \
1737	rresvport_af \
1738	sendmsg \
1739	setdtablesize \
1740	setegid \
1741	setenv \
1742	seteuid \
1743	setgroupent \
1744	setgroups \
1745	setlinebuf \
1746	setlogin \
1747	setpassent\
1748	setpcred \
1749	setproctitle \
1750	setregid \
1751	setreuid \
1752	setrlimit \
1753	setsid \
1754	setvbuf \
1755	sigaction \
1756	sigvec \
1757	snprintf \
1758	socketpair \
1759	statfs \
1760	statvfs \
1761	strcasestr \
1762	strdup \
1763	strerror \
1764	strlcat \
1765	strlcpy \
1766	strmode \
1767	strnlen \
1768	strnvis \
1769	strptime \
1770	strtonum \
1771	strtoll \
1772	strtoul \
1773	strtoull \
1774	swap32 \
1775	sysconf \
1776	tcgetpgrp \
1777	timingsafe_bcmp \
1778	truncate \
1779	unsetenv \
1780	updwtmpx \
1781	user_from_uid \
1782	usleep \
1783	vasprintf \
1784	vsnprintf \
1785	waitpid \
1786	warn \
1787])
1788
1789dnl Wide character support.
1790AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1791
1792TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
1793AC_MSG_CHECKING([for utf8 locale support])
1794AC_RUN_IFELSE(
1795	[AC_LANG_PROGRAM([[
1796#include <locale.h>
1797#include <stdlib.h>
1798	]], [[
1799	char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
1800	if (loc != NULL)
1801		exit(0);
1802	exit(1);
1803	]])],
1804	AC_MSG_RESULT(yes),
1805	[AC_MSG_RESULT(no)
1806	 TEST_SSH_UTF8=no],
1807	AC_MSG_WARN([cross compiling: assuming yes])
1808)
1809
1810AC_LINK_IFELSE(
1811        [AC_LANG_PROGRAM(
1812           [[ #include <ctype.h> ]],
1813           [[ return (isblank('a')); ]])],
1814	[AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1815])
1816
1817disable_pkcs11=
1818AC_ARG_ENABLE([pkcs11],
1819	[  --disable-pkcs11        disable PKCS#11 support code [no]],
1820	[
1821		if test "x$enableval" = "xno" ; then
1822			disable_pkcs11=1
1823		fi
1824	]
1825)
1826
1827# PKCS11 depends on OpenSSL.
1828if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
1829	# PKCS#11 support requires dlopen() and co
1830	AC_SEARCH_LIBS([dlopen], [dl],
1831	    [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1832	)
1833fi
1834
1835# IRIX has a const char return value for gai_strerror()
1836AC_CHECK_FUNCS([gai_strerror], [
1837	AC_DEFINE([HAVE_GAI_STRERROR])
1838	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1839#include <sys/types.h>
1840#include <sys/socket.h>
1841#include <netdb.h>
1842
1843const char *gai_strerror(int);
1844			]], [[
1845	char *str;
1846	str = gai_strerror(0);
1847			]])], [
1848		AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1849		[Define if gai_strerror() returns const char *])], [])])
1850
1851AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1852	[Some systems put nanosleep outside of libc])])
1853
1854AC_SEARCH_LIBS([clock_gettime], [rt],
1855	[AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1856
1857dnl Make sure prototypes are defined for these before using them.
1858AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1859AC_CHECK_DECL([strsep],
1860	[AC_CHECK_FUNCS([strsep])],
1861	[],
1862	[
1863#ifdef HAVE_STRING_H
1864# include <string.h>
1865#endif
1866	])
1867
1868dnl tcsendbreak might be a macro
1869AC_CHECK_DECL([tcsendbreak],
1870	[AC_DEFINE([HAVE_TCSENDBREAK])],
1871	[AC_CHECK_FUNCS([tcsendbreak])],
1872	[#include <termios.h>]
1873)
1874
1875AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1876
1877AC_CHECK_DECLS([SHUT_RD], , ,
1878	[
1879#include <sys/types.h>
1880#include <sys/socket.h>
1881	])
1882
1883AC_CHECK_DECLS([O_NONBLOCK], , ,
1884	[
1885#include <sys/types.h>
1886#ifdef HAVE_SYS_STAT_H
1887# include <sys/stat.h>
1888#endif
1889#ifdef HAVE_FCNTL_H
1890# include <fcntl.h>
1891#endif
1892	])
1893
1894AC_CHECK_DECLS([writev], , , [
1895#include <sys/types.h>
1896#include <sys/uio.h>
1897#include <unistd.h>
1898	])
1899
1900AC_CHECK_DECLS([MAXSYMLINKS], , , [
1901#include <sys/param.h>
1902	])
1903
1904AC_CHECK_DECLS([offsetof], , , [
1905#include <stddef.h>
1906	])
1907
1908# extra bits for select(2)
1909AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1910#include <sys/param.h>
1911#include <sys/types.h>
1912#ifdef HAVE_SYS_SYSMACROS_H
1913#include <sys/sysmacros.h>
1914#endif
1915#ifdef HAVE_SYS_SELECT_H
1916#include <sys/select.h>
1917#endif
1918#ifdef HAVE_SYS_TIME_H
1919#include <sys/time.h>
1920#endif
1921#ifdef HAVE_UNISTD_H
1922#include <unistd.h>
1923#endif
1924	]])
1925AC_CHECK_TYPES([fd_mask], [], [], [[
1926#include <sys/param.h>
1927#include <sys/types.h>
1928#ifdef HAVE_SYS_SELECT_H
1929#include <sys/select.h>
1930#endif
1931#ifdef HAVE_SYS_TIME_H
1932#include <sys/time.h>
1933#endif
1934#ifdef HAVE_UNISTD_H
1935#include <unistd.h>
1936#endif
1937	]])
1938
1939AC_CHECK_FUNCS([setresuid], [
1940	dnl Some platorms have setresuid that isn't implemented, test for this
1941	AC_MSG_CHECKING([if setresuid seems to work])
1942	AC_RUN_IFELSE(
1943		[AC_LANG_PROGRAM([[
1944#include <stdlib.h>
1945#include <errno.h>
1946		]], [[
1947	errno=0;
1948	setresuid(0,0,0);
1949	if (errno==ENOSYS)
1950		exit(1);
1951	else
1952		exit(0);
1953		]])],
1954		[AC_MSG_RESULT([yes])],
1955		[AC_DEFINE([BROKEN_SETRESUID], [1],
1956			[Define if your setresuid() is broken])
1957		 AC_MSG_RESULT([not implemented])],
1958		[AC_MSG_WARN([cross compiling: not checking setresuid])]
1959	)
1960])
1961
1962AC_CHECK_FUNCS([setresgid], [
1963	dnl Some platorms have setresgid that isn't implemented, test for this
1964	AC_MSG_CHECKING([if setresgid seems to work])
1965	AC_RUN_IFELSE(
1966		[AC_LANG_PROGRAM([[
1967#include <stdlib.h>
1968#include <errno.h>
1969		]], [[
1970	errno=0;
1971	setresgid(0,0,0);
1972	if (errno==ENOSYS)
1973		exit(1);
1974	else
1975		exit(0);
1976		]])],
1977		[AC_MSG_RESULT([yes])],
1978		[AC_DEFINE([BROKEN_SETRESGID], [1],
1979			[Define if your setresgid() is broken])
1980		 AC_MSG_RESULT([not implemented])],
1981		[AC_MSG_WARN([cross compiling: not checking setresuid])]
1982	)
1983])
1984
1985AC_CHECK_FUNCS([realpath], [
1986	dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
1987	dnl path name", however some implementations of realpath (and some
1988	dnl versions of the POSIX spec) do not work on non-existent files,
1989	dnl so we use the OpenBSD implementation on those platforms.
1990	AC_MSG_CHECKING([if realpath works with non-existent files])
1991	AC_RUN_IFELSE(
1992		[AC_LANG_PROGRAM([[
1993#include <limits.h>
1994#include <stdlib.h>
1995#include <errno.h>
1996		]], [[
1997		char buf[PATH_MAX];
1998		if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
1999			if (errno == ENOENT)
2000				exit(1);
2001		exit(0);
2002		]])],
2003		[AC_MSG_RESULT([yes])],
2004		[AC_DEFINE([BROKEN_REALPATH], [1],
2005			[realpath does not work with nonexistent files])
2006		 AC_MSG_RESULT([no])],
2007		[AC_MSG_WARN([cross compiling: assuming working])]
2008	)
2009])
2010
2011dnl    Checks for time functions
2012AC_CHECK_FUNCS([gettimeofday time])
2013dnl    Checks for utmp functions
2014AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2015AC_CHECK_FUNCS([utmpname])
2016dnl    Checks for utmpx functions
2017AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2018AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2019dnl    Checks for lastlog functions
2020AC_CHECK_FUNCS([getlastlogxbyname])
2021
2022AC_CHECK_FUNC([daemon],
2023	[AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2024	[AC_CHECK_LIB([bsd], [daemon],
2025		[LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2026)
2027
2028AC_CHECK_FUNC([getpagesize],
2029	[AC_DEFINE([HAVE_GETPAGESIZE], [1],
2030		[Define if your libraries define getpagesize()])],
2031	[AC_CHECK_LIB([ucb], [getpagesize],
2032		[LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2033)
2034
2035# Check for broken snprintf
2036if test "x$ac_cv_func_snprintf" = "xyes" ; then
2037	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2038	AC_RUN_IFELSE(
2039		[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2040		[[
2041	char b[5];
2042	snprintf(b,5,"123456789");
2043	exit(b[4]!='\0');
2044		]])],
2045		[AC_MSG_RESULT([yes])],
2046		[
2047			AC_MSG_RESULT([no])
2048			AC_DEFINE([BROKEN_SNPRINTF], [1],
2049				[Define if your snprintf is busted])
2050			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2051		],
2052		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2053	)
2054fi
2055
2056# We depend on vsnprintf returning the right thing on overflow: the
2057# number of characters it tried to create (as per SUSv3)
2058if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2059	AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2060	AC_RUN_IFELSE(
2061		[AC_LANG_PROGRAM([[
2062#include <sys/types.h>
2063#include <stdio.h>
2064#include <stdarg.h>
2065
2066int x_snprintf(char *str, size_t count, const char *fmt, ...)
2067{
2068	size_t ret;
2069	va_list ap;
2070
2071	va_start(ap, fmt);
2072	ret = vsnprintf(str, count, fmt, ap);
2073	va_end(ap);
2074	return ret;
2075}
2076		]], [[
2077char x[1];
2078if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2079	return 1;
2080if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2081	return 1;
2082return 0;
2083		]])],
2084		[AC_MSG_RESULT([yes])],
2085		[
2086			AC_MSG_RESULT([no])
2087			AC_DEFINE([BROKEN_SNPRINTF], [1],
2088				[Define if your snprintf is busted])
2089			AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2090		],
2091		[ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2092	)
2093fi
2094
2095# On systems where [v]snprintf is broken, but is declared in stdio,
2096# check that the fmt argument is const char * or just char *.
2097# This is only useful for when BROKEN_SNPRINTF
2098AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2099AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2100#include <stdio.h>
2101int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2102		]], [[
2103	snprintf(0, 0, 0);
2104		]])],
2105   [AC_MSG_RESULT([yes])
2106    AC_DEFINE([SNPRINTF_CONST], [const],
2107              [Define as const if snprintf() can declare const char *fmt])],
2108   [AC_MSG_RESULT([no])
2109    AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2110
2111# Check for missing getpeereid (or equiv) support
2112NO_PEERCHECK=""
2113if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2114	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2115	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2116#include <sys/types.h>
2117#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2118		[ AC_MSG_RESULT([yes])
2119		  AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2120		], [AC_MSG_RESULT([no])
2121		NO_PEERCHECK=1
2122        ])
2123fi
2124
2125dnl see whether mkstemp() requires XXXXXX
2126if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2127AC_MSG_CHECKING([for (overly) strict mkstemp])
2128AC_RUN_IFELSE(
2129	[AC_LANG_PROGRAM([[
2130#include <stdlib.h>
2131	]], [[
2132	char template[]="conftest.mkstemp-test";
2133	if (mkstemp(template) == -1)
2134		exit(1);
2135	unlink(template);
2136	exit(0);
2137	]])],
2138	[
2139		AC_MSG_RESULT([no])
2140	],
2141	[
2142		AC_MSG_RESULT([yes])
2143		AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2144	],
2145	[
2146		AC_MSG_RESULT([yes])
2147		AC_DEFINE([HAVE_STRICT_MKSTEMP])
2148	]
2149)
2150fi
2151
2152dnl make sure that openpty does not reacquire controlling terminal
2153if test ! -z "$check_for_openpty_ctty_bug"; then
2154	AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2155	AC_RUN_IFELSE(
2156		[AC_LANG_PROGRAM([[
2157#include <stdio.h>
2158#include <sys/fcntl.h>
2159#include <sys/types.h>
2160#include <sys/wait.h>
2161		]], [[
2162	pid_t pid;
2163	int fd, ptyfd, ttyfd, status;
2164
2165	pid = fork();
2166	if (pid < 0) {		/* failed */
2167		exit(1);
2168	} else if (pid > 0) {	/* parent */
2169		waitpid(pid, &status, 0);
2170		if (WIFEXITED(status))
2171			exit(WEXITSTATUS(status));
2172		else
2173			exit(2);
2174	} else {		/* child */
2175		close(0); close(1); close(2);
2176		setsid();
2177		openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2178		fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2179		if (fd >= 0)
2180			exit(3);	/* Acquired ctty: broken */
2181		else
2182			exit(0);	/* Did not acquire ctty: OK */
2183	}
2184		]])],
2185		[
2186			AC_MSG_RESULT([yes])
2187		],
2188		[
2189			AC_MSG_RESULT([no])
2190			AC_DEFINE([SSHD_ACQUIRES_CTTY])
2191		],
2192		[
2193			AC_MSG_RESULT([cross-compiling, assuming yes])
2194		]
2195	)
2196fi
2197
2198if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2199    test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2200	AC_MSG_CHECKING([if getaddrinfo seems to work])
2201	AC_RUN_IFELSE(
2202		[AC_LANG_PROGRAM([[
2203#include <stdio.h>
2204#include <sys/socket.h>
2205#include <netdb.h>
2206#include <errno.h>
2207#include <netinet/in.h>
2208
2209#define TEST_PORT "2222"
2210		]], [[
2211	int err, sock;
2212	struct addrinfo *gai_ai, *ai, hints;
2213	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2214
2215	memset(&hints, 0, sizeof(hints));
2216	hints.ai_family = PF_UNSPEC;
2217	hints.ai_socktype = SOCK_STREAM;
2218	hints.ai_flags = AI_PASSIVE;
2219
2220	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2221	if (err != 0) {
2222		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2223		exit(1);
2224	}
2225
2226	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2227		if (ai->ai_family != AF_INET6)
2228			continue;
2229
2230		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2231		    sizeof(ntop), strport, sizeof(strport),
2232		    NI_NUMERICHOST|NI_NUMERICSERV);
2233
2234		if (err != 0) {
2235			if (err == EAI_SYSTEM)
2236				perror("getnameinfo EAI_SYSTEM");
2237			else
2238				fprintf(stderr, "getnameinfo failed: %s\n",
2239				    gai_strerror(err));
2240			exit(2);
2241		}
2242
2243		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2244		if (sock < 0)
2245			perror("socket");
2246		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2247			if (errno == EBADF)
2248				exit(3);
2249		}
2250	}
2251	exit(0);
2252		]])],
2253		[
2254			AC_MSG_RESULT([yes])
2255		],
2256		[
2257			AC_MSG_RESULT([no])
2258			AC_DEFINE([BROKEN_GETADDRINFO])
2259		],
2260		[
2261			AC_MSG_RESULT([cross-compiling, assuming yes])
2262		]
2263	)
2264fi
2265
2266if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2267    test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2268	AC_MSG_CHECKING([if getaddrinfo seems to work])
2269	AC_RUN_IFELSE(
2270		[AC_LANG_PROGRAM([[
2271#include <stdio.h>
2272#include <sys/socket.h>
2273#include <netdb.h>
2274#include <errno.h>
2275#include <netinet/in.h>
2276
2277#define TEST_PORT "2222"
2278		]], [[
2279	int err, sock;
2280	struct addrinfo *gai_ai, *ai, hints;
2281	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2282
2283	memset(&hints, 0, sizeof(hints));
2284	hints.ai_family = PF_UNSPEC;
2285	hints.ai_socktype = SOCK_STREAM;
2286	hints.ai_flags = AI_PASSIVE;
2287
2288	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2289	if (err != 0) {
2290		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2291		exit(1);
2292	}
2293
2294	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2295		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2296			continue;
2297
2298		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2299		    sizeof(ntop), strport, sizeof(strport),
2300		    NI_NUMERICHOST|NI_NUMERICSERV);
2301
2302		if (ai->ai_family == AF_INET && err != 0) {
2303			perror("getnameinfo");
2304			exit(2);
2305		}
2306	}
2307	exit(0);
2308		]])],
2309		[
2310			AC_MSG_RESULT([yes])
2311			AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2312				[Define if you have a getaddrinfo that fails
2313				for the all-zeros IPv6 address])
2314		],
2315		[
2316			AC_MSG_RESULT([no])
2317			AC_DEFINE([BROKEN_GETADDRINFO])
2318		],
2319		[
2320			AC_MSG_RESULT([cross-compiling, assuming no])
2321		]
2322	)
2323fi
2324
2325if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2326	AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2327	    [#include <sys/types.h>
2328	     #include <sys/socket.h>
2329	     #include <netdb.h>])
2330fi
2331
2332if test "x$check_for_conflicting_getspnam" = "x1"; then
2333	AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2334	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2335		[[ exit(0); ]])],
2336		[
2337			AC_MSG_RESULT([no])
2338		],
2339		[
2340			AC_MSG_RESULT([yes])
2341			AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2342			    [Conflicting defs for getspnam])
2343		]
2344	)
2345fi
2346
2347dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2348dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2349dnl for over ten years). Despite this incompatibility being reported during
2350dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2351dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2352dnl implementation.  Try to detect this mess, and assume the only safe option
2353dnl if we're cross compiling.
2354dnl
2355dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2356dnl NetBSD: 2012,  strnvis(char *dst, size_t dlen, const char *src, int flag);
2357if test "x$ac_cv_func_strnvis" = "xyes"; then
2358	AC_MSG_CHECKING([for working strnvis])
2359	AC_RUN_IFELSE(
2360		[AC_LANG_PROGRAM([[
2361#include <signal.h>
2362#include <stdlib.h>
2363#include <string.h>
2364#include <vis.h>
2365static void sighandler(int sig) { _exit(1); }
2366		]], [[
2367	char dst[16];
2368
2369	signal(SIGSEGV, sighandler);
2370	if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2371		exit(0);
2372	exit(1)
2373		]])],
2374		[AC_MSG_RESULT([yes])],
2375		[AC_MSG_RESULT([no])
2376		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2377		[AC_MSG_WARN([cross compiling: assuming broken])
2378		 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2379	)
2380fi
2381
2382AC_FUNC_GETPGRP
2383
2384# Search for OpenSSL
2385saved_CPPFLAGS="$CPPFLAGS"
2386saved_LDFLAGS="$LDFLAGS"
2387AC_ARG_WITH([ssl-dir],
2388	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
2389	[
2390		if test "x$openssl" = "xno" ; then
2391			AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2392		fi
2393		if test "x$withval" != "xno" ; then
2394			case "$withval" in
2395				# Relative paths
2396				./*|../*)	withval="`pwd`/$withval"
2397			esac
2398			if test -d "$withval/lib"; then
2399				if test -n "${need_dash_r}"; then
2400					LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2401				else
2402					LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2403				fi
2404			elif test -d "$withval/lib64"; then
2405				if test -n "${need_dash_r}"; then
2406					LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2407				else
2408					LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2409				fi
2410			else
2411				if test -n "${need_dash_r}"; then
2412					LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2413				else
2414					LDFLAGS="-L${withval} ${LDFLAGS}"
2415				fi
2416			fi
2417			if test -d "$withval/include"; then
2418				CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2419			else
2420				CPPFLAGS="-I${withval} ${CPPFLAGS}"
2421			fi
2422		fi
2423	]
2424)
2425
2426AC_ARG_WITH([openssl-header-check],
2427	[  --without-openssl-header-check Disable OpenSSL version consistency check],
2428	[
2429		if test "x$withval" = "xno" ; then
2430			openssl_check_nonfatal=1
2431		fi
2432	]
2433)
2434
2435openssl_engine=no
2436AC_ARG_WITH([ssl-engine],
2437	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
2438	[
2439		if test "x$withval" != "xno" ; then
2440			if test "x$openssl" = "xno" ; then
2441				AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2442			fi
2443			openssl_engine=yes
2444		fi
2445	]
2446)
2447
2448if test "x$openssl" = "xyes" ; then
2449	LIBS="-lcrypto $LIBS"
2450	AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2451		[Define if your ssl headers are included
2452		with #include <openssl/header.h>])],
2453		[
2454			dnl Check default openssl install dir
2455			if test -n "${need_dash_r}"; then
2456				LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2457			else
2458				LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2459			fi
2460			CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2461			AC_CHECK_HEADER([openssl/opensslv.h], ,
2462			    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2463			AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2464				[
2465					AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2466				]
2467			)
2468		]
2469	)
2470
2471	# Determine OpenSSL header version
2472	AC_MSG_CHECKING([OpenSSL header version])
2473	AC_RUN_IFELSE(
2474		[AC_LANG_PROGRAM([[
2475	#include <stdlib.h>
2476	#include <stdio.h>
2477	#include <string.h>
2478	#include <openssl/opensslv.h>
2479	#define DATA "conftest.sslincver"
2480		]], [[
2481		FILE *fd;
2482		int rc;
2483
2484		fd = fopen(DATA,"w");
2485		if(fd == NULL)
2486			exit(1);
2487
2488		if ((rc = fprintf(fd, "%08lx (%s)\n",
2489		    (unsigned long)OPENSSL_VERSION_NUMBER,
2490		     OPENSSL_VERSION_TEXT)) < 0)
2491			exit(1);
2492
2493		exit(0);
2494		]])],
2495		[
2496			ssl_header_ver=`cat conftest.sslincver`
2497			AC_MSG_RESULT([$ssl_header_ver])
2498		],
2499		[
2500			AC_MSG_RESULT([not found])
2501			AC_MSG_ERROR([OpenSSL version header not found.])
2502		],
2503		[
2504			AC_MSG_WARN([cross compiling: not checking])
2505		]
2506	)
2507
2508	# Determine OpenSSL library version
2509	AC_MSG_CHECKING([OpenSSL library version])
2510	AC_RUN_IFELSE(
2511		[AC_LANG_PROGRAM([[
2512	#include <stdio.h>
2513	#include <string.h>
2514	#include <openssl/opensslv.h>
2515	#include <openssl/crypto.h>
2516	#define DATA "conftest.ssllibver"
2517		]], [[
2518		FILE *fd;
2519		int rc;
2520
2521		fd = fopen(DATA,"w");
2522		if(fd == NULL)
2523			exit(1);
2524
2525		if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
2526		    SSLeay_version(SSLEAY_VERSION))) < 0)
2527			exit(1);
2528
2529		exit(0);
2530		]])],
2531		[
2532			ssl_library_ver=`cat conftest.ssllibver`
2533			# Check version is supported.
2534			case "$ssl_library_ver" in
2535				10000*|0*)
2536					AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2537			                ;;
2538			        *) ;;
2539			esac
2540			AC_MSG_RESULT([$ssl_library_ver])
2541		],
2542		[
2543			AC_MSG_RESULT([not found])
2544			AC_MSG_ERROR([OpenSSL library not found.])
2545		],
2546		[
2547			AC_MSG_WARN([cross compiling: not checking])
2548		]
2549	)
2550
2551	# Sanity check OpenSSL headers
2552	AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2553	AC_RUN_IFELSE(
2554		[AC_LANG_PROGRAM([[
2555	#include <string.h>
2556	#include <openssl/opensslv.h>
2557	#include <openssl/crypto.h>
2558		]], [[
2559		exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2560		]])],
2561		[
2562			AC_MSG_RESULT([yes])
2563		],
2564		[
2565			AC_MSG_RESULT([no])
2566			if test "x$openssl_check_nonfatal" = "x"; then
2567				AC_MSG_ERROR([Your OpenSSL headers do not match your
2568	library. Check config.log for details.
2569	If you are sure your installation is consistent, you can disable the check
2570	by running "./configure --without-openssl-header-check".
2571	Also see contrib/findssl.sh for help identifying header/library mismatches.
2572	])
2573			else
2574				AC_MSG_WARN([Your OpenSSL headers do not match your
2575	library. Check config.log for details.
2576	Also see contrib/findssl.sh for help identifying header/library mismatches.])
2577			fi
2578		],
2579		[
2580			AC_MSG_WARN([cross compiling: not checking])
2581		]
2582	)
2583
2584	AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2585	AC_LINK_IFELSE(
2586		[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2587		[[ SSLeay_add_all_algorithms(); ]])],
2588		[
2589			AC_MSG_RESULT([yes])
2590		],
2591		[
2592			AC_MSG_RESULT([no])
2593			saved_LIBS="$LIBS"
2594			LIBS="$LIBS -ldl"
2595			AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2596			AC_LINK_IFELSE(
2597				[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2598				[[ SSLeay_add_all_algorithms(); ]])],
2599				[
2600					AC_MSG_RESULT([yes])
2601				],
2602				[
2603					AC_MSG_RESULT([no])
2604					LIBS="$saved_LIBS"
2605				]
2606			)
2607		]
2608	)
2609
2610	AC_CHECK_FUNCS([ \
2611		BN_is_prime_ex \
2612		DSA_generate_parameters_ex \
2613		EVP_DigestInit_ex \
2614		EVP_DigestFinal_ex \
2615		EVP_MD_CTX_init \
2616		EVP_MD_CTX_cleanup \
2617		EVP_MD_CTX_copy_ex \
2618		HMAC_CTX_init \
2619		RSA_generate_key_ex \
2620		RSA_get_default_method \
2621	])
2622
2623	if test "x$openssl_engine" = "xyes" ; then
2624		AC_MSG_CHECKING([for OpenSSL ENGINE support])
2625		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2626	#include <openssl/engine.h>
2627			]], [[
2628				ENGINE_load_builtin_engines();
2629				ENGINE_register_all_complete();
2630			]])],
2631			[ AC_MSG_RESULT([yes])
2632			  AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2633			     [Enable OpenSSL engine support])
2634			], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2635		])
2636	fi
2637
2638	# Check for OpenSSL without EVP_aes_{192,256}_cbc
2639	AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2640	AC_LINK_IFELSE(
2641		[AC_LANG_PROGRAM([[
2642	#include <string.h>
2643	#include <openssl/evp.h>
2644		]], [[
2645		exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2646		]])],
2647		[
2648			AC_MSG_RESULT([no])
2649		],
2650		[
2651			AC_MSG_RESULT([yes])
2652			AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2653			    [libcrypto is missing AES 192 and 256 bit functions])
2654		]
2655	)
2656
2657	# Check for OpenSSL with EVP_aes_*ctr
2658	AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2659	AC_LINK_IFELSE(
2660		[AC_LANG_PROGRAM([[
2661	#include <string.h>
2662	#include <openssl/evp.h>
2663		]], [[
2664		exit(EVP_aes_128_ctr() == NULL ||
2665		    EVP_aes_192_cbc() == NULL ||
2666		    EVP_aes_256_cbc() == NULL);
2667		]])],
2668		[
2669			AC_MSG_RESULT([yes])
2670			AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2671			    [libcrypto has EVP AES CTR])
2672		],
2673		[
2674			AC_MSG_RESULT([no])
2675		]
2676	)
2677
2678	# Check for OpenSSL with EVP_aes_*gcm
2679	AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2680	AC_LINK_IFELSE(
2681		[AC_LANG_PROGRAM([[
2682	#include <string.h>
2683	#include <openssl/evp.h>
2684		]], [[
2685		exit(EVP_aes_128_gcm() == NULL ||
2686		    EVP_aes_256_gcm() == NULL ||
2687		    EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2688		    EVP_CTRL_GCM_IV_GEN == 0 ||
2689		    EVP_CTRL_GCM_SET_TAG == 0 ||
2690		    EVP_CTRL_GCM_GET_TAG == 0 ||
2691		    EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2692		]])],
2693		[
2694			AC_MSG_RESULT([yes])
2695			AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2696			    [libcrypto has EVP AES GCM])
2697		],
2698		[
2699			AC_MSG_RESULT([no])
2700			unsupported_algorithms="$unsupported_cipers \
2701			   aes128-gcm@openssh.com \
2702			   aes256-gcm@openssh.com"
2703		]
2704	)
2705
2706	AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2707		[AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2708		    [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2709
2710	AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2711	AC_LINK_IFELSE(
2712		[AC_LANG_PROGRAM([[
2713	#include <string.h>
2714	#include <openssl/evp.h>
2715		]], [[
2716		if(EVP_DigestUpdate(NULL, NULL,0))
2717			exit(0);
2718		]])],
2719		[
2720			AC_MSG_RESULT([yes])
2721		],
2722		[
2723			AC_MSG_RESULT([no])
2724			AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2725			    [Define if EVP_DigestUpdate returns void])
2726		]
2727	)
2728
2729	# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2730	# because the system crypt() is more featureful.
2731	if test "x$check_for_libcrypt_before" = "x1"; then
2732		AC_CHECK_LIB([crypt], [crypt])
2733	fi
2734
2735	# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2736	# version in OpenSSL.
2737	if test "x$check_for_libcrypt_later" = "x1"; then
2738		AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2739	fi
2740	AC_CHECK_FUNCS([crypt DES_crypt])
2741
2742	# Search for SHA256 support in libc and/or OpenSSL
2743	AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2744	    [unsupported_algorithms="$unsupported_algorithms \
2745		hmac-sha2-256 \
2746		hmac-sha2-512 \
2747		diffie-hellman-group-exchange-sha256 \
2748		hmac-sha2-256-etm@openssh.com \
2749		hmac-sha2-512-etm@openssh.com"
2750	     ]
2751	)
2752	# Search for RIPE-MD support in OpenSSL
2753	AC_CHECK_FUNCS([EVP_ripemd160], ,
2754	    [unsupported_algorithms="$unsupported_algorithms \
2755		hmac-ripemd160 \
2756		hmac-ripemd160@openssh.com \
2757		hmac-ripemd160-etm@openssh.com"
2758	     ]
2759	)
2760
2761	# Check complete ECC support in OpenSSL
2762	AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2763	AC_LINK_IFELSE(
2764		[AC_LANG_PROGRAM([[
2765	#include <openssl/ec.h>
2766	#include <openssl/ecdh.h>
2767	#include <openssl/ecdsa.h>
2768	#include <openssl/evp.h>
2769	#include <openssl/objects.h>
2770	#include <openssl/opensslv.h>
2771	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2772	# error "OpenSSL < 0.9.8g has unreliable ECC code"
2773	#endif
2774		]], [[
2775		EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2776		const EVP_MD *m = EVP_sha256(); /* We need this too */
2777		]])],
2778		[ AC_MSG_RESULT([yes])
2779		  enable_nistp256=1 ],
2780		[ AC_MSG_RESULT([no]) ]
2781	)
2782
2783	AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2784	AC_LINK_IFELSE(
2785		[AC_LANG_PROGRAM([[
2786	#include <openssl/ec.h>
2787	#include <openssl/ecdh.h>
2788	#include <openssl/ecdsa.h>
2789	#include <openssl/evp.h>
2790	#include <openssl/objects.h>
2791	#include <openssl/opensslv.h>
2792	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2793	# error "OpenSSL < 0.9.8g has unreliable ECC code"
2794	#endif
2795		]], [[
2796		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2797		const EVP_MD *m = EVP_sha384(); /* We need this too */
2798		]])],
2799		[ AC_MSG_RESULT([yes])
2800		  enable_nistp384=1 ],
2801		[ AC_MSG_RESULT([no]) ]
2802	)
2803
2804	AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2805	AC_LINK_IFELSE(
2806		[AC_LANG_PROGRAM([[
2807	#include <openssl/ec.h>
2808	#include <openssl/ecdh.h>
2809	#include <openssl/ecdsa.h>
2810	#include <openssl/evp.h>
2811	#include <openssl/objects.h>
2812	#include <openssl/opensslv.h>
2813	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2814	# error "OpenSSL < 0.9.8g has unreliable ECC code"
2815	#endif
2816		]], [[
2817		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2818		const EVP_MD *m = EVP_sha512(); /* We need this too */
2819		]])],
2820		[ AC_MSG_RESULT([yes])
2821		  AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2822		  AC_RUN_IFELSE(
2823			[AC_LANG_PROGRAM([[
2824	#include <openssl/ec.h>
2825	#include <openssl/ecdh.h>
2826	#include <openssl/ecdsa.h>
2827	#include <openssl/evp.h>
2828	#include <openssl/objects.h>
2829	#include <openssl/opensslv.h>
2830			]],[[
2831			EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2832			const EVP_MD *m = EVP_sha512(); /* We need this too */
2833			exit(e == NULL || m == NULL);
2834			]])],
2835			[ AC_MSG_RESULT([yes])
2836			  enable_nistp521=1 ],
2837			[ AC_MSG_RESULT([no]) ],
2838			[ AC_MSG_WARN([cross-compiling: assuming yes])
2839			  enable_nistp521=1 ]
2840		  )],
2841		AC_MSG_RESULT([no])
2842	)
2843
2844	COMMENT_OUT_ECC="#no ecc#"
2845	TEST_SSH_ECC=no
2846
2847	if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2848	    test x$enable_nistp521 = x1; then
2849		AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2850	fi
2851	if test x$enable_nistp256 = x1; then
2852		AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2853		    [libcrypto has NID_X9_62_prime256v1])
2854		TEST_SSH_ECC=yes
2855		COMMENT_OUT_ECC=""
2856	else
2857		unsupported_algorithms="$unsupported_algorithms \
2858			ecdsa-sha2-nistp256 \
2859			ecdh-sha2-nistp256 \
2860			ecdsa-sha2-nistp256-cert-v01@openssh.com"
2861	fi
2862	if test x$enable_nistp384 = x1; then
2863		AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2864		TEST_SSH_ECC=yes
2865		COMMENT_OUT_ECC=""
2866	else
2867		unsupported_algorithms="$unsupported_algorithms \
2868			ecdsa-sha2-nistp384 \
2869			ecdh-sha2-nistp384 \
2870			ecdsa-sha2-nistp384-cert-v01@openssh.com"
2871	fi
2872	if test x$enable_nistp521 = x1; then
2873		AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2874		TEST_SSH_ECC=yes
2875		COMMENT_OUT_ECC=""
2876	else
2877		unsupported_algorithms="$unsupported_algorithms \
2878			ecdh-sha2-nistp521 \
2879			ecdsa-sha2-nistp521 \
2880			ecdsa-sha2-nistp521-cert-v01@openssh.com"
2881	fi
2882
2883	AC_SUBST([TEST_SSH_ECC])
2884	AC_SUBST([COMMENT_OUT_ECC])
2885else
2886	AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2887	AC_CHECK_FUNCS([crypt])
2888fi
2889
2890AC_CHECK_FUNCS([ \
2891	arc4random \
2892	arc4random_buf \
2893	arc4random_stir \
2894	arc4random_uniform \
2895])
2896
2897saved_LIBS="$LIBS"
2898AC_CHECK_LIB([iaf], [ia_openinfo], [
2899	LIBS="$LIBS -liaf"
2900	AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2901				AC_DEFINE([HAVE_LIBIAF], [1],
2902			[Define if system has libiaf that supports set_id])
2903				])
2904])
2905LIBS="$saved_LIBS"
2906
2907### Configure cryptographic random number support
2908
2909# Check wheter OpenSSL seeds itself
2910if test "x$openssl" = "xyes" ; then
2911	AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2912	AC_RUN_IFELSE(
2913		[AC_LANG_PROGRAM([[
2914	#include <string.h>
2915	#include <openssl/rand.h>
2916		]], [[
2917		exit(RAND_status() == 1 ? 0 : 1);
2918		]])],
2919		[
2920			OPENSSL_SEEDS_ITSELF=yes
2921			AC_MSG_RESULT([yes])
2922		],
2923		[
2924			AC_MSG_RESULT([no])
2925		],
2926		[
2927			AC_MSG_WARN([cross compiling: assuming yes])
2928			# This is safe, since we will fatal() at runtime if
2929			# OpenSSL is not seeded correctly.
2930			OPENSSL_SEEDS_ITSELF=yes
2931		]
2932	)
2933fi
2934
2935# PRNGD TCP socket
2936AC_ARG_WITH([prngd-port],
2937	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
2938	[
2939		case "$withval" in
2940		no)
2941			withval=""
2942			;;
2943		[[0-9]]*)
2944			;;
2945		*)
2946			AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2947			;;
2948		esac
2949		if test ! -z "$withval" ; then
2950			PRNGD_PORT="$withval"
2951			AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2952				[Port number of PRNGD/EGD random number socket])
2953		fi
2954	]
2955)
2956
2957# PRNGD Unix domain socket
2958AC_ARG_WITH([prngd-socket],
2959	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2960	[
2961		case "$withval" in
2962		yes)
2963			withval="/var/run/egd-pool"
2964			;;
2965		no)
2966			withval=""
2967			;;
2968		/*)
2969			;;
2970		*)
2971			AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2972			;;
2973		esac
2974
2975		if test ! -z "$withval" ; then
2976			if test ! -z "$PRNGD_PORT" ; then
2977				AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2978			fi
2979			if test ! -r "$withval" ; then
2980				AC_MSG_WARN([Entropy socket is not readable])
2981			fi
2982			PRNGD_SOCKET="$withval"
2983			AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2984				[Location of PRNGD/EGD random number socket])
2985		fi
2986	],
2987	[
2988		# Check for existing socket only if we don't have a random device already
2989		if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2990			AC_MSG_CHECKING([for PRNGD/EGD socket])
2991			# Insert other locations here
2992			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2993				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2994					PRNGD_SOCKET="$sock"
2995					AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2996					break;
2997				fi
2998			done
2999			if test ! -z "$PRNGD_SOCKET" ; then
3000				AC_MSG_RESULT([$PRNGD_SOCKET])
3001			else
3002				AC_MSG_RESULT([not found])
3003			fi
3004		fi
3005	]
3006)
3007
3008# Which randomness source do we use?
3009if test ! -z "$PRNGD_PORT" ; then
3010	RAND_MSG="PRNGd port $PRNGD_PORT"
3011elif test ! -z "$PRNGD_SOCKET" ; then
3012	RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3013elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3014	AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3015		[Define if you want the OpenSSL internally seeded PRNG only])
3016	RAND_MSG="OpenSSL internal ONLY"
3017elif test "x$openssl" = "xno" ; then
3018	AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3019else
3020	AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3021fi
3022
3023# Check for PAM libs
3024PAM_MSG="no"
3025AC_ARG_WITH([pam],
3026	[  --with-pam              Enable PAM support ],
3027	[
3028		if test "x$withval" != "xno" ; then
3029			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3030			   test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3031				AC_MSG_ERROR([PAM headers not found])
3032			fi
3033
3034			saved_LIBS="$LIBS"
3035			AC_CHECK_LIB([dl], [dlopen], , )
3036			AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3037			AC_CHECK_FUNCS([pam_getenvlist])
3038			AC_CHECK_FUNCS([pam_putenv])
3039			LIBS="$saved_LIBS"
3040
3041			PAM_MSG="yes"
3042
3043			SSHDLIBS="$SSHDLIBS -lpam"
3044			AC_DEFINE([USE_PAM], [1],
3045				[Define if you want to enable PAM support])
3046
3047			if test $ac_cv_lib_dl_dlopen = yes; then
3048				case "$LIBS" in
3049				*-ldl*)
3050					# libdl already in LIBS
3051					;;
3052				*)
3053					SSHDLIBS="$SSHDLIBS -ldl"
3054					;;
3055				esac
3056			fi
3057		fi
3058	]
3059)
3060
3061AC_ARG_WITH([pam-service],
3062	[  --with-pam-service=name Specify PAM service name ],
3063	[
3064		if test "x$withval" != "xno" && \
3065		   test "x$withval" != "xyes" ; then
3066			AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3067				["$withval"], [sshd PAM service name])
3068		fi
3069	]
3070)
3071
3072# Check for older PAM
3073if test "x$PAM_MSG" = "xyes" ; then
3074	# Check PAM strerror arguments (old PAM)
3075	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3076	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3077#include <stdlib.h>
3078#if defined(HAVE_SECURITY_PAM_APPL_H)
3079#include <security/pam_appl.h>
3080#elif defined (HAVE_PAM_PAM_APPL_H)
3081#include <pam/pam_appl.h>
3082#endif
3083		]], [[
3084(void)pam_strerror((pam_handle_t *)NULL, -1);
3085		]])], [AC_MSG_RESULT([no])], [
3086			AC_DEFINE([HAVE_OLD_PAM], [1],
3087				[Define if you have an old version of PAM
3088				which takes only one argument to pam_strerror])
3089			AC_MSG_RESULT([yes])
3090			PAM_MSG="yes (old library)"
3091
3092	])
3093fi
3094
3095case "$host" in
3096*-*-cygwin*)
3097	SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3098	;;
3099*)
3100	SSH_PRIVSEP_USER=sshd
3101	;;
3102esac
3103AC_ARG_WITH([privsep-user],
3104	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
3105	[
3106		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3107		    test "x${withval}" != "xyes"; then
3108			SSH_PRIVSEP_USER=$withval
3109		fi
3110	]
3111)
3112if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3113	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3114		[Cygwin function to fetch non-privileged user for privilege separation])
3115else
3116	AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3117		[non-privileged user for privilege separation])
3118fi
3119AC_SUBST([SSH_PRIVSEP_USER])
3120
3121if test "x$have_linux_no_new_privs" = "x1" ; then
3122AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3123	#include <sys/types.h>
3124	#include <linux/seccomp.h>
3125])
3126fi
3127if test "x$have_seccomp_filter" = "x1" ; then
3128AC_MSG_CHECKING([kernel for seccomp_filter support])
3129AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3130		#include <errno.h>
3131		#include <elf.h>
3132		#include <linux/audit.h>
3133		#include <linux/seccomp.h>
3134		#include <stdlib.h>
3135		#include <sys/prctl.h>
3136	]],
3137	[[ int i = $seccomp_audit_arch;
3138	   errno = 0;
3139	   prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3140	   exit(errno == EFAULT ? 0 : 1); ]])],
3141	[ AC_MSG_RESULT([yes]) ], [
3142		AC_MSG_RESULT([no])
3143		# Disable seccomp filter as a target
3144		have_seccomp_filter=0
3145	]
3146)
3147fi
3148
3149# Decide which sandbox style to use
3150sandbox_arg=""
3151AC_ARG_WITH([sandbox],
3152	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3153	[
3154		if test "x$withval" = "xyes" ; then
3155			sandbox_arg=""
3156		else
3157			sandbox_arg="$withval"
3158		fi
3159	]
3160)
3161
3162# Some platforms (seems to be the ones that have a kernel poll(2)-type
3163# function with which they implement select(2)) use an extra file descriptor
3164# when calling select(2), which means we can't use the rlimit sandbox.
3165AC_MSG_CHECKING([if select works with descriptor rlimit])
3166AC_RUN_IFELSE(
3167	[AC_LANG_PROGRAM([[
3168#include <sys/types.h>
3169#ifdef HAVE_SYS_TIME_H
3170# include <sys/time.h>
3171#endif
3172#include <sys/resource.h>
3173#ifdef HAVE_SYS_SELECT_H
3174# include <sys/select.h>
3175#endif
3176#include <errno.h>
3177#include <fcntl.h>
3178#include <stdlib.h>
3179	]],[[
3180	struct rlimit rl_zero;
3181	int fd, r;
3182	fd_set fds;
3183	struct timeval tv;
3184
3185	fd = open("/dev/null", O_RDONLY);
3186	FD_ZERO(&fds);
3187	FD_SET(fd, &fds);
3188	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3189	setrlimit(RLIMIT_FSIZE, &rl_zero);
3190	setrlimit(RLIMIT_NOFILE, &rl_zero);
3191	tv.tv_sec = 1;
3192	tv.tv_usec = 0;
3193	r = select(fd+1, &fds, NULL, NULL, &tv);
3194	exit (r == -1 ? 1 : 0);
3195	]])],
3196	[AC_MSG_RESULT([yes])
3197	 select_works_with_rlimit=yes],
3198	[AC_MSG_RESULT([no])
3199	 select_works_with_rlimit=no],
3200	[AC_MSG_WARN([cross compiling: assuming yes])]
3201)
3202
3203AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3204AC_RUN_IFELSE(
3205	[AC_LANG_PROGRAM([[
3206#include <sys/types.h>
3207#ifdef HAVE_SYS_TIME_H
3208# include <sys/time.h>
3209#endif
3210#include <sys/resource.h>
3211#include <errno.h>
3212#include <stdlib.h>
3213	]],[[
3214	struct rlimit rl_zero;
3215	int fd, r;
3216	fd_set fds;
3217
3218	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3219	r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3220	exit (r == -1 ? 1 : 0);
3221	]])],
3222	[AC_MSG_RESULT([yes])
3223	 rlimit_nofile_zero_works=yes],
3224	[AC_MSG_RESULT([no])
3225	 rlimit_nofile_zero_works=no],
3226	[AC_MSG_WARN([cross compiling: assuming yes])]
3227)
3228
3229AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3230AC_RUN_IFELSE(
3231	[AC_LANG_PROGRAM([[
3232#include <sys/types.h>
3233#include <sys/resource.h>
3234#include <stdlib.h>
3235	]],[[
3236		struct rlimit rl_zero;
3237
3238		rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3239		exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3240	]])],
3241	[AC_MSG_RESULT([yes])],
3242	[AC_MSG_RESULT([no])
3243	 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3244	    [setrlimit RLIMIT_FSIZE works])],
3245	[AC_MSG_WARN([cross compiling: assuming yes])]
3246)
3247
3248if test "x$sandbox_arg" = "xpledge" || \
3249   ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3250	test "x$ac_cv_func_pledge" != "xyes" && \
3251		AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3252	SANDBOX_STYLE="pledge"
3253	AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3254elif test "x$sandbox_arg" = "xsystrace" || \
3255   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3256	test "x$have_systr_policy_kill" != "x1" && \
3257		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3258	SANDBOX_STYLE="systrace"
3259	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3260elif test "x$sandbox_arg" = "xdarwin" || \
3261     ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3262       test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3263	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3264	     "x$ac_cv_header_sandbox_h" != "xyes" && \
3265		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3266	SANDBOX_STYLE="darwin"
3267	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3268elif test "x$sandbox_arg" = "xseccomp_filter" || \
3269     ( test -z "$sandbox_arg" && \
3270       test "x$have_seccomp_filter" = "x1" && \
3271       test "x$ac_cv_header_elf_h" = "xyes" && \
3272       test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3273       test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3274       test "x$seccomp_audit_arch" != "x" && \
3275       test "x$have_linux_no_new_privs" = "x1" && \
3276       test "x$ac_cv_func_prctl" = "xyes" ) ; then
3277	test "x$seccomp_audit_arch" = "x" && \
3278		AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3279	test "x$have_linux_no_new_privs" != "x1" && \
3280		AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3281	test "x$have_seccomp_filter" != "x1" && \
3282		AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3283	test "x$ac_cv_func_prctl" != "xyes" && \
3284		AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3285	SANDBOX_STYLE="seccomp_filter"
3286	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3287elif test "x$sandbox_arg" = "xcapsicum" || \
3288     ( test -z "$sandbox_arg" && \
3289       test "x$ac_cv_header_sys_capability_h" = "xyes" && \
3290       test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3291       test "x$ac_cv_header_sys_capability_h" != "xyes" && \
3292		AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header])
3293       test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3294		AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3295       SANDBOX_STYLE="capsicum"
3296       AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3297elif test "x$sandbox_arg" = "xrlimit" || \
3298     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3299       test "x$select_works_with_rlimit" = "xyes" && \
3300       test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3301	test "x$ac_cv_func_setrlimit" != "xyes" && \
3302		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3303	test "x$select_works_with_rlimit" != "xyes" && \
3304		AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3305	SANDBOX_STYLE="rlimit"
3306	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3307elif test "x$sandbox_arg" = "xsolaris" || \
3308   ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3309	SANDBOX_STYLE="solaris"
3310	AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3311elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3312     test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3313	SANDBOX_STYLE="none"
3314	AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3315else
3316	AC_MSG_ERROR([unsupported --with-sandbox])
3317fi
3318
3319# Cheap hack to ensure NEWS-OS libraries are arranged right.
3320if test ! -z "$SONY" ; then
3321  LIBS="$LIBS -liberty";
3322fi
3323
3324# Check for  long long datatypes
3325AC_CHECK_TYPES([long long, unsigned long long, long double])
3326
3327# Check datatype sizes
3328AC_CHECK_SIZEOF([short int], [2])
3329AC_CHECK_SIZEOF([int], [4])
3330AC_CHECK_SIZEOF([long int], [4])
3331AC_CHECK_SIZEOF([long long int], [8])
3332
3333# Sanity check long long for some platforms (AIX)
3334if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3335	ac_cv_sizeof_long_long_int=0
3336fi
3337
3338# compute LLONG_MIN and LLONG_MAX if we don't know them.
3339if test -z "$have_llong_max"; then
3340	AC_MSG_CHECKING([for max value of long long])
3341	AC_RUN_IFELSE(
3342		[AC_LANG_PROGRAM([[
3343#include <stdio.h>
3344/* Why is this so damn hard? */
3345#ifdef __GNUC__
3346# undef __GNUC__
3347#endif
3348#define __USE_ISOC99
3349#include <limits.h>
3350#define DATA "conftest.llminmax"
3351#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3352
3353/*
3354 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3355 * we do this the hard way.
3356 */
3357static int
3358fprint_ll(FILE *f, long long n)
3359{
3360	unsigned int i;
3361	int l[sizeof(long long) * 8];
3362
3363	if (n < 0)
3364		if (fprintf(f, "-") < 0)
3365			return -1;
3366	for (i = 0; n != 0; i++) {
3367		l[i] = my_abs(n % 10);
3368		n /= 10;
3369	}
3370	do {
3371		if (fprintf(f, "%d", l[--i]) < 0)
3372			return -1;
3373	} while (i != 0);
3374	if (fprintf(f, " ") < 0)
3375		return -1;
3376	return 0;
3377}
3378		]], [[
3379	FILE *f;
3380	long long i, llmin, llmax = 0;
3381
3382	if((f = fopen(DATA,"w")) == NULL)
3383		exit(1);
3384
3385#if defined(LLONG_MIN) && defined(LLONG_MAX)
3386	fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3387	llmin = LLONG_MIN;
3388	llmax = LLONG_MAX;
3389#else
3390	fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
3391	/* This will work on one's complement and two's complement */
3392	for (i = 1; i > llmax; i <<= 1, i++)
3393		llmax = i;
3394	llmin = llmax + 1LL;	/* wrap */
3395#endif
3396
3397	/* Sanity check */
3398	if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3399	    || llmax - 1 > llmax || llmin == llmax || llmin == 0
3400	    || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3401		fprintf(f, "unknown unknown\n");
3402		exit(2);
3403	}
3404
3405	if (fprint_ll(f, llmin) < 0)
3406		exit(3);
3407	if (fprint_ll(f, llmax) < 0)
3408		exit(4);
3409	if (fclose(f) < 0)
3410		exit(5);
3411	exit(0);
3412		]])],
3413		[
3414			llong_min=`$AWK '{print $1}' conftest.llminmax`
3415			llong_max=`$AWK '{print $2}' conftest.llminmax`
3416
3417			AC_MSG_RESULT([$llong_max])
3418			AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3419			    [max value of long long calculated by configure])
3420			AC_MSG_CHECKING([for min value of long long])
3421			AC_MSG_RESULT([$llong_min])
3422			AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3423			    [min value of long long calculated by configure])
3424		],
3425		[
3426			AC_MSG_RESULT([not found])
3427		],
3428		[
3429			AC_MSG_WARN([cross compiling: not checking])
3430		]
3431	)
3432fi
3433
3434
3435# More checks for data types
3436AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3437	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3438	[[ u_int a; a = 1;]])],
3439	[ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3440	])
3441])
3442if test "x$ac_cv_have_u_int" = "xyes" ; then
3443	AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3444	have_u_int=1
3445fi
3446
3447AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3448	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3449	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3450	[ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3451	])
3452])
3453if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3454	AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3455	have_intxx_t=1
3456fi
3457
3458if (test -z "$have_intxx_t" && \
3459	   test "x$ac_cv_header_stdint_h" = "xyes")
3460then
3461    AC_MSG_CHECKING([for intXX_t types in stdint.h])
3462	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3463	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3464		[
3465			AC_DEFINE([HAVE_INTXX_T])
3466			AC_MSG_RESULT([yes])
3467		], [ AC_MSG_RESULT([no])
3468	])
3469fi
3470
3471AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3472	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3473#include <sys/types.h>
3474#ifdef HAVE_STDINT_H
3475# include <stdint.h>
3476#endif
3477#include <sys/socket.h>
3478#ifdef HAVE_SYS_BITYPES_H
3479# include <sys/bitypes.h>
3480#endif
3481		]], [[
3482int64_t a; a = 1;
3483		]])],
3484	[ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3485	])
3486])
3487if test "x$ac_cv_have_int64_t" = "xyes" ; then
3488	AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3489fi
3490
3491AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3492	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3493	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3494	[ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3495	])
3496])
3497if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3498	AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3499	have_u_intxx_t=1
3500fi
3501
3502if test -z "$have_u_intxx_t" ; then
3503    AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3504	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3505	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3506		[
3507			AC_DEFINE([HAVE_U_INTXX_T])
3508			AC_MSG_RESULT([yes])
3509		], [ AC_MSG_RESULT([no])
3510	])
3511fi
3512
3513AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3514	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3515	[[ u_int64_t a; a = 1;]])],
3516	[ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3517	])
3518])
3519if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3520	AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3521	have_u_int64_t=1
3522fi
3523
3524if (test -z "$have_u_int64_t" && \
3525	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3526then
3527    AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3528	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3529	[[ u_int64_t a; a = 1]])],
3530		[
3531			AC_DEFINE([HAVE_U_INT64_T])
3532			AC_MSG_RESULT([yes])
3533		], [ AC_MSG_RESULT([no])
3534	])
3535fi
3536
3537if test -z "$have_u_intxx_t" ; then
3538	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3539		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3540#include <sys/types.h>
3541			]], [[
3542	uint8_t a;
3543	uint16_t b;
3544	uint32_t c;
3545	a = b = c = 1;
3546			]])],
3547		[ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3548		])
3549	])
3550	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3551		AC_DEFINE([HAVE_UINTXX_T], [1],
3552			[define if you have uintxx_t data type])
3553	fi
3554fi
3555
3556if (test -z "$have_uintxx_t" && \
3557	   test "x$ac_cv_header_stdint_h" = "xyes")
3558then
3559    AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3560	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3561	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3562		[
3563			AC_DEFINE([HAVE_UINTXX_T])
3564			AC_MSG_RESULT([yes])
3565		], [ AC_MSG_RESULT([no])
3566	])
3567fi
3568
3569if (test -z "$have_uintxx_t" && \
3570	   test "x$ac_cv_header_inttypes_h" = "xyes")
3571then
3572    AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3573	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3574	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3575		[
3576			AC_DEFINE([HAVE_UINTXX_T])
3577			AC_MSG_RESULT([yes])
3578		], [ AC_MSG_RESULT([no])
3579	])
3580fi
3581
3582if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3583	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3584then
3585	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3586	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3587#include <sys/bitypes.h>
3588		]], [[
3589			int8_t a; int16_t b; int32_t c;
3590			u_int8_t e; u_int16_t f; u_int32_t g;
3591			a = b = c = e = f = g = 1;
3592		]])],
3593		[
3594			AC_DEFINE([HAVE_U_INTXX_T])
3595			AC_DEFINE([HAVE_INTXX_T])
3596			AC_MSG_RESULT([yes])
3597		], [AC_MSG_RESULT([no])
3598	])
3599fi
3600
3601
3602AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3603	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3604	[[ u_char foo; foo = 125; ]])],
3605	[ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3606	])
3607])
3608if test "x$ac_cv_have_u_char" = "xyes" ; then
3609	AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3610fi
3611
3612AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3613#include <sys/types.h>
3614#include <stdint.h>
3615])
3616
3617TYPE_SOCKLEN_T
3618
3619AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3620AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3621#include <sys/types.h>
3622#ifdef HAVE_SYS_BITYPES_H
3623#include <sys/bitypes.h>
3624#endif
3625#ifdef HAVE_SYS_STATFS_H
3626#include <sys/statfs.h>
3627#endif
3628#ifdef HAVE_SYS_STATVFS_H
3629#include <sys/statvfs.h>
3630#endif
3631])
3632
3633AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3634[#include <sys/types.h>
3635#include <netinet/in.h>])
3636
3637AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3638	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3639	[[ size_t foo; foo = 1235; ]])],
3640	[ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3641	])
3642])
3643if test "x$ac_cv_have_size_t" = "xyes" ; then
3644	AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3645fi
3646
3647AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3648	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3649	[[ ssize_t foo; foo = 1235; ]])],
3650	[ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3651	])
3652])
3653if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3654	AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3655fi
3656
3657AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3658	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3659	[[ clock_t foo; foo = 1235; ]])],
3660	[ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3661	])
3662])
3663if test "x$ac_cv_have_clock_t" = "xyes" ; then
3664	AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3665fi
3666
3667AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3668	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3669#include <sys/types.h>
3670#include <sys/socket.h>
3671		]], [[ sa_family_t foo; foo = 1235; ]])],
3672	[ ac_cv_have_sa_family_t="yes" ],
3673	[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3674#include <sys/types.h>
3675#include <sys/socket.h>
3676#include <netinet/in.h>
3677		]], [[ sa_family_t foo; foo = 1235; ]])],
3678		[ ac_cv_have_sa_family_t="yes" ],
3679		[ ac_cv_have_sa_family_t="no" ]
3680	)
3681	])
3682])
3683if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3684	AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3685		[define if you have sa_family_t data type])
3686fi
3687
3688AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3689	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3690	[[ pid_t foo; foo = 1235; ]])],
3691	[ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3692	])
3693])
3694if test "x$ac_cv_have_pid_t" = "xyes" ; then
3695	AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3696fi
3697
3698AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3699	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3700	[[ mode_t foo; foo = 1235; ]])],
3701	[ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3702	])
3703])
3704if test "x$ac_cv_have_mode_t" = "xyes" ; then
3705	AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3706fi
3707
3708
3709AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3710	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3711#include <sys/types.h>
3712#include <sys/socket.h>
3713		]], [[ struct sockaddr_storage s; ]])],
3714	[ ac_cv_have_struct_sockaddr_storage="yes" ],
3715	[ ac_cv_have_struct_sockaddr_storage="no"
3716	])
3717])
3718if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3719	AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3720		[define if you have struct sockaddr_storage data type])
3721fi
3722
3723AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3724	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3725#include <sys/types.h>
3726#include <netinet/in.h>
3727		]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3728	[ ac_cv_have_struct_sockaddr_in6="yes" ],
3729	[ ac_cv_have_struct_sockaddr_in6="no"
3730	])
3731])
3732if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3733	AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3734		[define if you have struct sockaddr_in6 data type])
3735fi
3736
3737AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3738	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3739#include <sys/types.h>
3740#include <netinet/in.h>
3741		]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3742	[ ac_cv_have_struct_in6_addr="yes" ],
3743	[ ac_cv_have_struct_in6_addr="no"
3744	])
3745])
3746if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3747	AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3748		[define if you have struct in6_addr data type])
3749
3750dnl Now check for sin6_scope_id
3751	AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3752		[
3753#ifdef HAVE_SYS_TYPES_H
3754#include <sys/types.h>
3755#endif
3756#include <netinet/in.h>
3757		])
3758fi
3759
3760AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3761	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3762#include <sys/types.h>
3763#include <sys/socket.h>
3764#include <netdb.h>
3765		]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3766	[ ac_cv_have_struct_addrinfo="yes" ],
3767	[ ac_cv_have_struct_addrinfo="no"
3768	])
3769])
3770if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3771	AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3772		[define if you have struct addrinfo data type])
3773fi
3774
3775AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3776	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3777	[[ struct timeval tv; tv.tv_sec = 1;]])],
3778	[ ac_cv_have_struct_timeval="yes" ],
3779	[ ac_cv_have_struct_timeval="no"
3780	])
3781])
3782if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3783	AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3784	have_struct_timeval=1
3785fi
3786
3787AC_CHECK_TYPES([struct timespec])
3788
3789# We need int64_t or else certian parts of the compile will fail.
3790if test "x$ac_cv_have_int64_t" = "xno" && \
3791	test "x$ac_cv_sizeof_long_int" != "x8" && \
3792	test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3793	echo "OpenSSH requires int64_t support.  Contact your vendor or install"
3794	echo "an alternative compiler (I.E., GCC) before continuing."
3795	echo ""
3796	exit 1;
3797else
3798dnl test snprintf (broken on SCO w/gcc)
3799	AC_RUN_IFELSE(
3800		[AC_LANG_SOURCE([[
3801#include <stdio.h>
3802#include <string.h>
3803#ifdef HAVE_SNPRINTF
3804main()
3805{
3806	char buf[50];
3807	char expected_out[50];
3808	int mazsize = 50 ;
3809#if (SIZEOF_LONG_INT == 8)
3810	long int num = 0x7fffffffffffffff;
3811#else
3812	long long num = 0x7fffffffffffffffll;
3813#endif
3814	strcpy(expected_out, "9223372036854775807");
3815	snprintf(buf, mazsize, "%lld", num);
3816	if(strcmp(buf, expected_out) != 0)
3817		exit(1);
3818	exit(0);
3819}
3820#else
3821main() { exit(0); }
3822#endif
3823		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3824		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3825	)
3826fi
3827
3828dnl Checks for structure members
3829OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3830OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3831OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3832OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3833OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3834OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3835OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3836OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3837OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3838OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3839OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3840OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3841OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3842OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3843OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3844OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3845OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3846
3847AC_CHECK_MEMBERS([struct stat.st_blksize])
3848AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3849struct passwd.pw_change, struct passwd.pw_expire],
3850[], [], [[
3851#include <sys/types.h>
3852#include <pwd.h>
3853]])
3854
3855AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3856	[Define if we don't have struct __res_state in resolv.h])],
3857[[
3858#include <stdio.h>
3859#if HAVE_SYS_TYPES_H
3860# include <sys/types.h>
3861#endif
3862#include <netinet/in.h>
3863#include <arpa/nameser.h>
3864#include <resolv.h>
3865]])
3866
3867AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3868		ac_cv_have_ss_family_in_struct_ss, [
3869	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3870#include <sys/types.h>
3871#include <sys/socket.h>
3872		]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3873	[ ac_cv_have_ss_family_in_struct_ss="yes" ],
3874	[ ac_cv_have_ss_family_in_struct_ss="no" ])
3875])
3876if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3877	AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3878fi
3879
3880AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3881		ac_cv_have___ss_family_in_struct_ss, [
3882	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3883#include <sys/types.h>
3884#include <sys/socket.h>
3885		]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3886	[ ac_cv_have___ss_family_in_struct_ss="yes" ],
3887	[ ac_cv_have___ss_family_in_struct_ss="no"
3888	])
3889])
3890if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3891	AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3892		[Fields in struct sockaddr_storage])
3893fi
3894
3895dnl make sure we're using the real structure members and not defines
3896AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3897		ac_cv_have_accrights_in_msghdr, [
3898	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3899#include <sys/types.h>
3900#include <sys/socket.h>
3901#include <sys/uio.h>
3902		]], [[
3903#ifdef msg_accrights
3904#error "msg_accrights is a macro"
3905exit(1);
3906#endif
3907struct msghdr m;
3908m.msg_accrights = 0;
3909exit(0);
3910		]])],
3911		[ ac_cv_have_accrights_in_msghdr="yes" ],
3912		[ ac_cv_have_accrights_in_msghdr="no" ]
3913	)
3914])
3915if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3916	AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3917		[Define if your system uses access rights style
3918		file descriptor passing])
3919fi
3920
3921AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3922AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3923#include <sys/param.h>
3924#include <sys/stat.h>
3925#ifdef HAVE_SYS_TIME_H
3926# include <sys/time.h>
3927#endif
3928#ifdef HAVE_SYS_MOUNT_H
3929#include <sys/mount.h>
3930#endif
3931#ifdef HAVE_SYS_STATVFS_H
3932#include <sys/statvfs.h>
3933#endif
3934	]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3935	[ AC_MSG_RESULT([yes]) ],
3936	[ AC_MSG_RESULT([no])
3937
3938	AC_MSG_CHECKING([if fsid_t has member val])
3939	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3940#include <sys/types.h>
3941#include <sys/statvfs.h>
3942	]], [[ fsid_t t; t.val[0] = 0; ]])],
3943	[ AC_MSG_RESULT([yes])
3944	  AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3945	[ AC_MSG_RESULT([no]) ])
3946
3947	AC_MSG_CHECKING([if f_fsid has member __val])
3948	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3949#include <sys/types.h>
3950#include <sys/statvfs.h>
3951	]], [[ fsid_t t; t.__val[0] = 0; ]])],
3952	[ AC_MSG_RESULT([yes])
3953	  AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3954	[ AC_MSG_RESULT([no]) ])
3955])
3956
3957AC_CACHE_CHECK([for msg_control field in struct msghdr],
3958		ac_cv_have_control_in_msghdr, [
3959	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3960#include <sys/types.h>
3961#include <sys/socket.h>
3962#include <sys/uio.h>
3963		]], [[
3964#ifdef msg_control
3965#error "msg_control is a macro"
3966exit(1);
3967#endif
3968struct msghdr m;
3969m.msg_control = 0;
3970exit(0);
3971		]])],
3972		[ ac_cv_have_control_in_msghdr="yes" ],
3973		[ ac_cv_have_control_in_msghdr="no" ]
3974	)
3975])
3976if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3977	AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3978		[Define if your system uses ancillary data style
3979		file descriptor passing])
3980fi
3981
3982AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3983	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3984		[[ extern char *__progname; printf("%s", __progname); ]])],
3985	[ ac_cv_libc_defines___progname="yes" ],
3986	[ ac_cv_libc_defines___progname="no"
3987	])
3988])
3989if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3990	AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3991fi
3992
3993AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3994	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3995		[[ printf("%s", __FUNCTION__); ]])],
3996	[ ac_cv_cc_implements___FUNCTION__="yes" ],
3997	[ ac_cv_cc_implements___FUNCTION__="no"
3998	])
3999])
4000if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4001	AC_DEFINE([HAVE___FUNCTION__], [1],
4002		[Define if compiler implements __FUNCTION__])
4003fi
4004
4005AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4006	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4007		[[ printf("%s", __func__); ]])],
4008	[ ac_cv_cc_implements___func__="yes" ],
4009	[ ac_cv_cc_implements___func__="no"
4010	])
4011])
4012if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4013	AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4014fi
4015
4016AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4017	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4018#include <stdarg.h>
4019va_list x,y;
4020		]], [[ va_copy(x,y); ]])],
4021	[ ac_cv_have_va_copy="yes" ],
4022	[ ac_cv_have_va_copy="no"
4023	])
4024])
4025if test "x$ac_cv_have_va_copy" = "xyes" ; then
4026	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4027fi
4028
4029AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4030	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4031#include <stdarg.h>
4032va_list x,y;
4033		]], [[ __va_copy(x,y); ]])],
4034	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4035	])
4036])
4037if test "x$ac_cv_have___va_copy" = "xyes" ; then
4038	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4039fi
4040
4041AC_CACHE_CHECK([whether getopt has optreset support],
4042		ac_cv_have_getopt_optreset, [
4043	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4044		[[ extern int optreset; optreset = 0; ]])],
4045	[ ac_cv_have_getopt_optreset="yes" ],
4046	[ ac_cv_have_getopt_optreset="no"
4047	])
4048])
4049if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4050	AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4051		[Define if your getopt(3) defines and uses optreset])
4052fi
4053
4054AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4055	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4056[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4057	[ ac_cv_libc_defines_sys_errlist="yes" ],
4058	[ ac_cv_libc_defines_sys_errlist="no"
4059	])
4060])
4061if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4062	AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4063		[Define if your system defines sys_errlist[]])
4064fi
4065
4066
4067AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4068	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4069[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4070	[ ac_cv_libc_defines_sys_nerr="yes" ],
4071	[ ac_cv_libc_defines_sys_nerr="no"
4072	])
4073])
4074if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4075	AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4076fi
4077
4078# Check libraries needed by DNS fingerprint support
4079AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4080	[AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4081		[Define if getrrsetbyname() exists])],
4082	[
4083		# Needed by our getrrsetbyname()
4084		AC_SEARCH_LIBS([res_query], [resolv])
4085		AC_SEARCH_LIBS([dn_expand], [resolv])
4086		AC_MSG_CHECKING([if res_query will link])
4087		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4088#include <sys/types.h>
4089#include <netinet/in.h>
4090#include <arpa/nameser.h>
4091#include <netdb.h>
4092#include <resolv.h>
4093				]], [[
4094	res_query (0, 0, 0, 0, 0);
4095				]])],
4096		    AC_MSG_RESULT([yes]),
4097		   [AC_MSG_RESULT([no])
4098		    saved_LIBS="$LIBS"
4099		    LIBS="$LIBS -lresolv"
4100		    AC_MSG_CHECKING([for res_query in -lresolv])
4101		    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4102#include <sys/types.h>
4103#include <netinet/in.h>
4104#include <arpa/nameser.h>
4105#include <netdb.h>
4106#include <resolv.h>
4107				]], [[
4108	res_query (0, 0, 0, 0, 0);
4109				]])],
4110			[AC_MSG_RESULT([yes])],
4111			[LIBS="$saved_LIBS"
4112			 AC_MSG_RESULT([no])])
4113		    ])
4114		AC_CHECK_FUNCS([_getshort _getlong])
4115		AC_CHECK_DECLS([_getshort, _getlong], , ,
4116		    [#include <sys/types.h>
4117		    #include <arpa/nameser.h>])
4118		AC_CHECK_MEMBER([HEADER.ad],
4119			[AC_DEFINE([HAVE_HEADER_AD], [1],
4120			    [Define if HEADER.ad exists in arpa/nameser.h])], ,
4121			[#include <arpa/nameser.h>])
4122	])
4123
4124AC_MSG_CHECKING([if struct __res_state _res is an extern])
4125AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4126#include <stdio.h>
4127#if HAVE_SYS_TYPES_H
4128# include <sys/types.h>
4129#endif
4130#include <netinet/in.h>
4131#include <arpa/nameser.h>
4132#include <resolv.h>
4133extern struct __res_state _res;
4134		]], [[
4135struct __res_state *volatile p = &_res;  /* force resolution of _res */
4136return 0;
4137		]],)],
4138		[AC_MSG_RESULT([yes])
4139		 AC_DEFINE([HAVE__RES_EXTERN], [1],
4140		    [Define if you have struct __res_state _res as an extern])
4141		],
4142		[ AC_MSG_RESULT([no]) ]
4143)
4144
4145# Check whether user wants SELinux support
4146SELINUX_MSG="no"
4147LIBSELINUX=""
4148AC_ARG_WITH([selinux],
4149	[  --with-selinux          Enable SELinux support],
4150	[ if test "x$withval" != "xno" ; then
4151		save_LIBS="$LIBS"
4152		AC_DEFINE([WITH_SELINUX], [1],
4153			[Define if you want SELinux support.])
4154		SELINUX_MSG="yes"
4155		AC_CHECK_HEADER([selinux/selinux.h], ,
4156			AC_MSG_ERROR([SELinux support requires selinux.h header]))
4157		AC_CHECK_LIB([selinux], [setexeccon],
4158			[ LIBSELINUX="-lselinux"
4159			  LIBS="$LIBS -lselinux"
4160			],
4161			AC_MSG_ERROR([SELinux support requires libselinux library]))
4162		SSHLIBS="$SSHLIBS $LIBSELINUX"
4163		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4164		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4165		LIBS="$save_LIBS"
4166	fi ]
4167)
4168AC_SUBST([SSHLIBS])
4169AC_SUBST([SSHDLIBS])
4170
4171# Check whether user wants Kerberos 5 support
4172KRB5_MSG="no"
4173AC_ARG_WITH([kerberos5],
4174	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
4175	[ if test "x$withval" != "xno" ; then
4176		if test "x$withval" = "xyes" ; then
4177			KRB5ROOT="/usr/local"
4178		else
4179			KRB5ROOT=${withval}
4180		fi
4181
4182		AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4183		KRB5_MSG="yes"
4184
4185		AC_PATH_TOOL([KRB5CONF], [krb5-config],
4186			     [$KRB5ROOT/bin/krb5-config],
4187			     [$KRB5ROOT/bin:$PATH])
4188		if test -x $KRB5CONF ; then
4189			K5CFLAGS="`$KRB5CONF --cflags`"
4190			K5LIBS="`$KRB5CONF --libs`"
4191			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4192
4193			AC_MSG_CHECKING([for gssapi support])
4194			if $KRB5CONF | grep gssapi >/dev/null ; then
4195				AC_MSG_RESULT([yes])
4196				AC_DEFINE([GSSAPI], [1],
4197					[Define this if you want GSSAPI
4198					support in the version 2 protocol])
4199				GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4200				GSSLIBS="`$KRB5CONF --libs gssapi`"
4201				CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4202			else
4203				AC_MSG_RESULT([no])
4204			fi
4205			AC_MSG_CHECKING([whether we are using Heimdal])
4206			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4207				]], [[ char *tmp = heimdal_version; ]])],
4208				[ AC_MSG_RESULT([yes])
4209				AC_DEFINE([HEIMDAL], [1],
4210				[Define this if you are using the Heimdal
4211				version of Kerberos V5]) ],
4212				[AC_MSG_RESULT([no])
4213			])
4214		else
4215			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4216			LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4217			AC_MSG_CHECKING([whether we are using Heimdal])
4218			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4219				]], [[ char *tmp = heimdal_version; ]])],
4220					[ AC_MSG_RESULT([yes])
4221					 AC_DEFINE([HEIMDAL])
4222					 K5LIBS="-lkrb5"
4223					 K5LIBS="$K5LIBS -lcom_err -lasn1"
4224					 AC_CHECK_LIB([roken], [net_write],
4225					   [K5LIBS="$K5LIBS -lroken"])
4226					 AC_CHECK_LIB([des], [des_cbc_encrypt],
4227					   [K5LIBS="$K5LIBS -ldes"])
4228				       ], [ AC_MSG_RESULT([no])
4229					 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4230			])
4231			AC_SEARCH_LIBS([dn_expand], [resolv])
4232
4233			AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4234				[ AC_DEFINE([GSSAPI])
4235				  GSSLIBS="-lgssapi_krb5" ],
4236				[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4237					[ AC_DEFINE([GSSAPI])
4238					  GSSLIBS="-lgssapi" ],
4239					[ AC_CHECK_LIB([gss], [gss_init_sec_context],
4240						[ AC_DEFINE([GSSAPI])
4241						  GSSLIBS="-lgss" ],
4242						AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4243					])
4244				])
4245
4246			AC_CHECK_HEADER([gssapi.h], ,
4247				[ unset ac_cv_header_gssapi_h
4248				  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4249				  AC_CHECK_HEADERS([gssapi.h], ,
4250					AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4251				  )
4252				]
4253			)
4254
4255			oldCPP="$CPPFLAGS"
4256			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4257			AC_CHECK_HEADER([gssapi_krb5.h], ,
4258					[ CPPFLAGS="$oldCPP" ])
4259
4260		fi
4261		if test ! -z "$need_dash_r" ; then
4262			LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4263		fi
4264		if test ! -z "$blibpath" ; then
4265			blibpath="$blibpath:${KRB5ROOT}/lib"
4266		fi
4267
4268		AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4269		AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4270		AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4271
4272		AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4273			[Define this if you want to use libkafs' AFS support])])
4274
4275		AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4276#ifdef HAVE_GSSAPI_H
4277# include <gssapi.h>
4278#elif defined(HAVE_GSSAPI_GSSAPI_H)
4279# include <gssapi/gssapi.h>
4280#endif
4281
4282#ifdef HAVE_GSSAPI_GENERIC_H
4283# include <gssapi_generic.h>
4284#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4285# include <gssapi/gssapi_generic.h>
4286#endif
4287		]])
4288		saved_LIBS="$LIBS"
4289		LIBS="$LIBS $K5LIBS"
4290		AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4291		LIBS="$saved_LIBS"
4292
4293	fi
4294	]
4295)
4296AC_SUBST([GSSLIBS])
4297AC_SUBST([K5LIBS])
4298
4299# Looking for programs, paths and files
4300
4301PRIVSEP_PATH=/var/empty
4302AC_ARG_WITH([privsep-path],
4303	[  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4304	[
4305		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4306		    test "x${withval}" != "xyes"; then
4307			PRIVSEP_PATH=$withval
4308		fi
4309	]
4310)
4311AC_SUBST([PRIVSEP_PATH])
4312
4313AC_ARG_WITH([xauth],
4314	[  --with-xauth=PATH       Specify path to xauth program ],
4315	[
4316		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4317		    test "x${withval}" != "xyes"; then
4318			xauth_path=$withval
4319		fi
4320	],
4321	[
4322		TestPath="$PATH"
4323		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4324		TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4325		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4326		TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4327		AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4328		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4329			xauth_path="/usr/openwin/bin/xauth"
4330		fi
4331	]
4332)
4333
4334STRIP_OPT=-s
4335AC_ARG_ENABLE([strip],
4336	[  --disable-strip         Disable calling strip(1) on install],
4337	[
4338		if test "x$enableval" = "xno" ; then
4339			STRIP_OPT=
4340		fi
4341	]
4342)
4343AC_SUBST([STRIP_OPT])
4344
4345if test -z "$xauth_path" ; then
4346	XAUTH_PATH="undefined"
4347	AC_SUBST([XAUTH_PATH])
4348else
4349	AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4350		[Define if xauth is found in your path])
4351	XAUTH_PATH=$xauth_path
4352	AC_SUBST([XAUTH_PATH])
4353fi
4354
4355dnl # --with-maildir=/path/to/mail gets top priority.
4356dnl # if maildir is set in the platform case statement above we use that.
4357dnl # Otherwise we run a program to get the dir from system headers.
4358dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4359dnl # If we find _PATH_MAILDIR we do nothing because that is what
4360dnl # session.c expects anyway. Otherwise we set to the value found
4361dnl # stripping any trailing slash. If for some strage reason our program
4362dnl # does not find what it needs, we default to /var/spool/mail.
4363# Check for mail directory
4364AC_ARG_WITH([maildir],
4365    [  --with-maildir=/path/to/mail    Specify your system mail directory],
4366    [
4367	if test "X$withval" != X  &&  test "x$withval" != xno  &&  \
4368	    test "x${withval}" != xyes; then
4369		AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4370            [Set this to your mail directory if you do not have _PATH_MAILDIR])
4371	    fi
4372     ],[
4373	if test "X$maildir" != "X"; then
4374	    AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4375	else
4376	    AC_MSG_CHECKING([Discovering system mail directory])
4377	    AC_RUN_IFELSE(
4378		[AC_LANG_PROGRAM([[
4379#include <stdio.h>
4380#include <string.h>
4381#ifdef HAVE_PATHS_H
4382#include <paths.h>
4383#endif
4384#ifdef HAVE_MAILLOCK_H
4385#include <maillock.h>
4386#endif
4387#define DATA "conftest.maildir"
4388	]], [[
4389	FILE *fd;
4390	int rc;
4391
4392	fd = fopen(DATA,"w");
4393	if(fd == NULL)
4394		exit(1);
4395
4396#if defined (_PATH_MAILDIR)
4397	if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4398		exit(1);
4399#elif defined (MAILDIR)
4400	if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4401		exit(1);
4402#elif defined (_PATH_MAIL)
4403	if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4404		exit(1);
4405#else
4406	exit (2);
4407#endif
4408
4409	exit(0);
4410		]])],
4411		[
4412		    maildir_what=`awk -F: '{print $1}' conftest.maildir`
4413		    maildir=`awk -F: '{print $2}' conftest.maildir \
4414			| sed 's|/$||'`
4415		    AC_MSG_RESULT([Using: $maildir from $maildir_what])
4416		    if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4417			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4418		    fi
4419		],
4420		[
4421		    if test "X$ac_status" = "X2";then
4422# our test program didn't find it. Default to /var/spool/mail
4423			AC_MSG_RESULT([Using: default value of /var/spool/mail])
4424			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4425		     else
4426			AC_MSG_RESULT([*** not found ***])
4427		     fi
4428		],
4429		[
4430			AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4431		]
4432	    )
4433	fi
4434    ]
4435) # maildir
4436
4437if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4438	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4439	disable_ptmx_check=yes
4440fi
4441if test -z "$no_dev_ptmx" ; then
4442	if test "x$disable_ptmx_check" != "xyes" ; then
4443		AC_CHECK_FILE(["/dev/ptmx"],
4444			[
4445				AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4446					[Define if you have /dev/ptmx])
4447				have_dev_ptmx=1
4448			]
4449		)
4450	fi
4451fi
4452
4453if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4454	AC_CHECK_FILE(["/dev/ptc"],
4455		[
4456			AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4457				[Define if you have /dev/ptc])
4458			have_dev_ptc=1
4459		]
4460	)
4461else
4462	AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4463fi
4464
4465# Options from here on. Some of these are preset by platform above
4466AC_ARG_WITH([mantype],
4467	[  --with-mantype=man|cat|doc  Set man page type],
4468	[
4469		case "$withval" in
4470		man|cat|doc)
4471			MANTYPE=$withval
4472			;;
4473		*)
4474			AC_MSG_ERROR([invalid man type: $withval])
4475			;;
4476		esac
4477	]
4478)
4479if test -z "$MANTYPE"; then
4480	TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4481	AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4482	if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4483		MANTYPE=doc
4484	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4485		MANTYPE=man
4486	else
4487		MANTYPE=cat
4488	fi
4489fi
4490AC_SUBST([MANTYPE])
4491if test "$MANTYPE" = "doc"; then
4492	mansubdir=man;
4493else
4494	mansubdir=$MANTYPE;
4495fi
4496AC_SUBST([mansubdir])
4497
4498# Check whether to enable MD5 passwords
4499MD5_MSG="no"
4500AC_ARG_WITH([md5-passwords],
4501	[  --with-md5-passwords    Enable use of MD5 passwords],
4502	[
4503		if test "x$withval" != "xno" ; then
4504			AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4505				[Define if you want to allow MD5 passwords])
4506			MD5_MSG="yes"
4507		fi
4508	]
4509)
4510
4511# Whether to disable shadow password support
4512AC_ARG_WITH([shadow],
4513	[  --without-shadow        Disable shadow password support],
4514	[
4515		if test "x$withval" = "xno" ; then
4516			AC_DEFINE([DISABLE_SHADOW])
4517			disable_shadow=yes
4518		fi
4519	]
4520)
4521
4522if test -z "$disable_shadow" ; then
4523	AC_MSG_CHECKING([if the systems has expire shadow information])
4524	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4525#include <sys/types.h>
4526#include <shadow.h>
4527struct spwd sp;
4528		]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4529		[ sp_expire_available=yes ], [
4530	])
4531
4532	if test "x$sp_expire_available" = "xyes" ; then
4533		AC_MSG_RESULT([yes])
4534		AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4535		    [Define if you want to use shadow password expire field])
4536	else
4537		AC_MSG_RESULT([no])
4538	fi
4539fi
4540
4541# Use ip address instead of hostname in $DISPLAY
4542if test ! -z "$IPADDR_IN_DISPLAY" ; then
4543	DISPLAY_HACK_MSG="yes"
4544	AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4545		[Define if you need to use IP address
4546		instead of hostname in $DISPLAY])
4547else
4548	DISPLAY_HACK_MSG="no"
4549	AC_ARG_WITH([ipaddr-display],
4550		[  --with-ipaddr-display   Use ip address instead of hostname in $DISPLAY],
4551		[
4552			if test "x$withval" != "xno" ; then
4553				AC_DEFINE([IPADDR_IN_DISPLAY])
4554				DISPLAY_HACK_MSG="yes"
4555			fi
4556		]
4557	)
4558fi
4559
4560# check for /etc/default/login and use it if present.
4561AC_ARG_ENABLE([etc-default-login],
4562	[  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4563	[ if test "x$enableval" = "xno"; then
4564		AC_MSG_NOTICE([/etc/default/login handling disabled])
4565		etc_default_login=no
4566	  else
4567		etc_default_login=yes
4568	  fi ],
4569	[ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4570	  then
4571		AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4572		etc_default_login=no
4573	  else
4574		etc_default_login=yes
4575	  fi ]
4576)
4577
4578if test "x$etc_default_login" != "xno"; then
4579	AC_CHECK_FILE(["/etc/default/login"],
4580	    [ external_path_file=/etc/default/login ])
4581	if test "x$external_path_file" = "x/etc/default/login"; then
4582		AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4583			[Define if your system has /etc/default/login])
4584	fi
4585fi
4586
4587dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4588if test $ac_cv_func_login_getcapbool = "yes" && \
4589	test $ac_cv_header_login_cap_h = "yes" ; then
4590	external_path_file=/etc/login.conf
4591fi
4592
4593# Whether to mess with the default path
4594SERVER_PATH_MSG="(default)"
4595AC_ARG_WITH([default-path],
4596	[  --with-default-path=    Specify default $PATH environment for server],
4597	[
4598		if test "x$external_path_file" = "x/etc/login.conf" ; then
4599			AC_MSG_WARN([
4600--with-default-path=PATH has no effect on this system.
4601Edit /etc/login.conf instead.])
4602		elif test "x$withval" != "xno" ; then
4603			if test ! -z "$external_path_file" ; then
4604				AC_MSG_WARN([
4605--with-default-path=PATH will only be used if PATH is not defined in
4606$external_path_file .])
4607			fi
4608			user_path="$withval"
4609			SERVER_PATH_MSG="$withval"
4610		fi
4611	],
4612	[ if test "x$external_path_file" = "x/etc/login.conf" ; then
4613		AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4614	else
4615		if test ! -z "$external_path_file" ; then
4616			AC_MSG_WARN([
4617If PATH is defined in $external_path_file, ensure the path to scp is included,
4618otherwise scp will not work.])
4619		fi
4620		AC_RUN_IFELSE(
4621			[AC_LANG_PROGRAM([[
4622/* find out what STDPATH is */
4623#include <stdio.h>
4624#ifdef HAVE_PATHS_H
4625# include <paths.h>
4626#endif
4627#ifndef _PATH_STDPATH
4628# ifdef _PATH_USERPATH	/* Irix */
4629#  define _PATH_STDPATH _PATH_USERPATH
4630# else
4631#  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4632# endif
4633#endif
4634#include <sys/types.h>
4635#include <sys/stat.h>
4636#include <fcntl.h>
4637#define DATA "conftest.stdpath"
4638			]], [[
4639	FILE *fd;
4640	int rc;
4641
4642	fd = fopen(DATA,"w");
4643	if(fd == NULL)
4644		exit(1);
4645
4646	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4647		exit(1);
4648
4649	exit(0);
4650		]])],
4651		[ user_path=`cat conftest.stdpath` ],
4652		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4653		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4654	)
4655# make sure $bindir is in USER_PATH so scp will work
4656		t_bindir="${bindir}"
4657		while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4658			t_bindir=`eval echo ${t_bindir}`
4659			case $t_bindir in
4660				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4661			esac
4662			case $t_bindir in
4663				NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4664			esac
4665		done
4666		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
4667		if test $? -ne 0  ; then
4668			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
4669			if test $? -ne 0  ; then
4670				user_path=$user_path:$t_bindir
4671				AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4672			fi
4673		fi
4674	fi ]
4675)
4676if test "x$external_path_file" != "x/etc/login.conf" ; then
4677	AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4678	AC_SUBST([user_path])
4679fi
4680
4681# Set superuser path separately to user path
4682AC_ARG_WITH([superuser-path],
4683	[  --with-superuser-path=  Specify different path for super-user],
4684	[
4685		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4686		    test "x${withval}" != "xyes"; then
4687			AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4688				[Define if you want a different $PATH
4689				for the superuser])
4690			superuser_path=$withval
4691		fi
4692	]
4693)
4694
4695
4696AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4697IPV4_IN6_HACK_MSG="no"
4698AC_ARG_WITH(4in6,
4699	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
4700	[
4701		if test "x$withval" != "xno" ; then
4702			AC_MSG_RESULT([yes])
4703			AC_DEFINE([IPV4_IN_IPV6], [1],
4704				[Detect IPv4 in IPv6 mapped addresses
4705				and treat as IPv4])
4706			IPV4_IN6_HACK_MSG="yes"
4707		else
4708			AC_MSG_RESULT([no])
4709		fi
4710	], [
4711		if test "x$inet6_default_4in6" = "xyes"; then
4712			AC_MSG_RESULT([yes (default)])
4713			AC_DEFINE([IPV4_IN_IPV6])
4714			IPV4_IN6_HACK_MSG="yes"
4715		else
4716			AC_MSG_RESULT([no (default)])
4717		fi
4718	]
4719)
4720
4721# Whether to enable BSD auth support
4722BSD_AUTH_MSG=no
4723AC_ARG_WITH([bsd-auth],
4724	[  --with-bsd-auth         Enable BSD auth support],
4725	[
4726		if test "x$withval" != "xno" ; then
4727			AC_DEFINE([BSD_AUTH], [1],
4728				[Define if you have BSD auth support])
4729			BSD_AUTH_MSG=yes
4730		fi
4731	]
4732)
4733
4734# Where to place sshd.pid
4735piddir=/var/run
4736# make sure the directory exists
4737if test ! -d $piddir ; then
4738	piddir=`eval echo ${sysconfdir}`
4739	case $piddir in
4740		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4741	esac
4742fi
4743
4744AC_ARG_WITH([pid-dir],
4745	[  --with-pid-dir=PATH     Specify location of ssh.pid file],
4746	[
4747		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
4748		    test "x${withval}" != "xyes"; then
4749			piddir=$withval
4750			if test ! -d $piddir ; then
4751			AC_MSG_WARN([** no $piddir directory on this system **])
4752			fi
4753		fi
4754	]
4755)
4756
4757AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4758	[Specify location of ssh.pid])
4759AC_SUBST([piddir])
4760
4761dnl allow user to disable some login recording features
4762AC_ARG_ENABLE([lastlog],
4763	[  --disable-lastlog       disable use of lastlog even if detected [no]],
4764	[
4765		if test "x$enableval" = "xno" ; then
4766			AC_DEFINE([DISABLE_LASTLOG])
4767		fi
4768	]
4769)
4770AC_ARG_ENABLE([utmp],
4771	[  --disable-utmp          disable use of utmp even if detected [no]],
4772	[
4773		if test "x$enableval" = "xno" ; then
4774			AC_DEFINE([DISABLE_UTMP])
4775		fi
4776	]
4777)
4778AC_ARG_ENABLE([utmpx],
4779	[  --disable-utmpx         disable use of utmpx even if detected [no]],
4780	[
4781		if test "x$enableval" = "xno" ; then
4782			AC_DEFINE([DISABLE_UTMPX], [1],
4783				[Define if you don't want to use utmpx])
4784		fi
4785	]
4786)
4787AC_ARG_ENABLE([wtmp],
4788	[  --disable-wtmp          disable use of wtmp even if detected [no]],
4789	[
4790		if test "x$enableval" = "xno" ; then
4791			AC_DEFINE([DISABLE_WTMP])
4792		fi
4793	]
4794)
4795AC_ARG_ENABLE([wtmpx],
4796	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
4797	[
4798		if test "x$enableval" = "xno" ; then
4799			AC_DEFINE([DISABLE_WTMPX], [1],
4800				[Define if you don't want to use wtmpx])
4801		fi
4802	]
4803)
4804AC_ARG_ENABLE([libutil],
4805	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
4806	[
4807		if test "x$enableval" = "xno" ; then
4808			AC_DEFINE([DISABLE_LOGIN])
4809		fi
4810	]
4811)
4812AC_ARG_ENABLE([pututline],
4813	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
4814	[
4815		if test "x$enableval" = "xno" ; then
4816			AC_DEFINE([DISABLE_PUTUTLINE], [1],
4817				[Define if you don't want to use pututline()
4818				etc. to write [uw]tmp])
4819		fi
4820	]
4821)
4822AC_ARG_ENABLE([pututxline],
4823	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
4824	[
4825		if test "x$enableval" = "xno" ; then
4826			AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4827				[Define if you don't want to use pututxline()
4828				etc. to write [uw]tmpx])
4829		fi
4830	]
4831)
4832AC_ARG_WITH([lastlog],
4833  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4834	[
4835		if test "x$withval" = "xno" ; then
4836			AC_DEFINE([DISABLE_LASTLOG])
4837		elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
4838			conf_lastlog_location=$withval
4839		fi
4840	]
4841)
4842
4843dnl lastlog, [uw]tmpx? detection
4844dnl  NOTE: set the paths in the platform section to avoid the
4845dnl   need for command-line parameters
4846dnl lastlog and [uw]tmp are subject to a file search if all else fails
4847
4848dnl lastlog detection
4849dnl  NOTE: the code itself will detect if lastlog is a directory
4850AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4851AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4852#include <sys/types.h>
4853#include <utmp.h>
4854#ifdef HAVE_LASTLOG_H
4855#  include <lastlog.h>
4856#endif
4857#ifdef HAVE_PATHS_H
4858#  include <paths.h>
4859#endif
4860#ifdef HAVE_LOGIN_H
4861# include <login.h>
4862#endif
4863	]], [[ char *lastlog = LASTLOG_FILE; ]])],
4864		[ AC_MSG_RESULT([yes]) ],
4865		[
4866		AC_MSG_RESULT([no])
4867		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4868		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4869#include <sys/types.h>
4870#include <utmp.h>
4871#ifdef HAVE_LASTLOG_H
4872#  include <lastlog.h>
4873#endif
4874#ifdef HAVE_PATHS_H
4875#  include <paths.h>
4876#endif
4877		]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4878		[ AC_MSG_RESULT([yes]) ],
4879		[
4880			AC_MSG_RESULT([no])
4881			system_lastlog_path=no
4882		])
4883])
4884
4885if test -z "$conf_lastlog_location"; then
4886	if test x"$system_lastlog_path" = x"no" ; then
4887		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4888				if (test -d "$f" || test -f "$f") ; then
4889					conf_lastlog_location=$f
4890				fi
4891		done
4892		if test -z "$conf_lastlog_location"; then
4893			AC_MSG_WARN([** Cannot find lastlog **])
4894			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4895		fi
4896	fi
4897fi
4898
4899if test -n "$conf_lastlog_location"; then
4900	AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4901		[Define if you want to specify the path to your lastlog file])
4902fi
4903
4904dnl utmp detection
4905AC_MSG_CHECKING([if your system defines UTMP_FILE])
4906AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4907#include <sys/types.h>
4908#include <utmp.h>
4909#ifdef HAVE_PATHS_H
4910#  include <paths.h>
4911#endif
4912	]], [[ char *utmp = UTMP_FILE; ]])],
4913	[ AC_MSG_RESULT([yes]) ],
4914	[ AC_MSG_RESULT([no])
4915	  system_utmp_path=no
4916])
4917if test -z "$conf_utmp_location"; then
4918	if test x"$system_utmp_path" = x"no" ; then
4919		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4920			if test -f $f ; then
4921				conf_utmp_location=$f
4922			fi
4923		done
4924		if test -z "$conf_utmp_location"; then
4925			AC_DEFINE([DISABLE_UTMP])
4926		fi
4927	fi
4928fi
4929if test -n "$conf_utmp_location"; then
4930	AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4931		[Define if you want to specify the path to your utmp file])
4932fi
4933
4934dnl wtmp detection
4935AC_MSG_CHECKING([if your system defines WTMP_FILE])
4936AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4937#include <sys/types.h>
4938#include <utmp.h>
4939#ifdef HAVE_PATHS_H
4940#  include <paths.h>
4941#endif
4942	]], [[ char *wtmp = WTMP_FILE; ]])],
4943	[ AC_MSG_RESULT([yes]) ],
4944	[ AC_MSG_RESULT([no])
4945	  system_wtmp_path=no
4946])
4947if test -z "$conf_wtmp_location"; then
4948	if test x"$system_wtmp_path" = x"no" ; then
4949		for f in /usr/adm/wtmp /var/log/wtmp; do
4950			if test -f $f ; then
4951				conf_wtmp_location=$f
4952			fi
4953		done
4954		if test -z "$conf_wtmp_location"; then
4955			AC_DEFINE([DISABLE_WTMP])
4956		fi
4957	fi
4958fi
4959if test -n "$conf_wtmp_location"; then
4960	AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4961		[Define if you want to specify the path to your wtmp file])
4962fi
4963
4964dnl wtmpx detection
4965AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4966AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4967#include <sys/types.h>
4968#include <utmp.h>
4969#ifdef HAVE_UTMPX_H
4970#include <utmpx.h>
4971#endif
4972#ifdef HAVE_PATHS_H
4973#  include <paths.h>
4974#endif
4975	]], [[ char *wtmpx = WTMPX_FILE; ]])],
4976	[ AC_MSG_RESULT([yes]) ],
4977	[ AC_MSG_RESULT([no])
4978	  system_wtmpx_path=no
4979])
4980if test -z "$conf_wtmpx_location"; then
4981	if test x"$system_wtmpx_path" = x"no" ; then
4982		AC_DEFINE([DISABLE_WTMPX])
4983	fi
4984else
4985	AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4986		[Define if you want to specify the path to your wtmpx file])
4987fi
4988
4989
4990if test ! -z "$blibpath" ; then
4991	LDFLAGS="$LDFLAGS $blibflags$blibpath"
4992	AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4993fi
4994
4995AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4996    if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4997	AC_DEFINE([DISABLE_LASTLOG])
4998    fi
4999	], [
5000#ifdef HAVE_SYS_TYPES_H
5001#include <sys/types.h>
5002#endif
5003#ifdef HAVE_UTMP_H
5004#include <utmp.h>
5005#endif
5006#ifdef HAVE_UTMPX_H
5007#include <utmpx.h>
5008#endif
5009#ifdef HAVE_LASTLOG_H
5010#include <lastlog.h>
5011#endif
5012	])
5013
5014AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5015	AC_DEFINE([DISABLE_UTMP])
5016	AC_DEFINE([DISABLE_WTMP])
5017	], [
5018#ifdef HAVE_SYS_TYPES_H
5019#include <sys/types.h>
5020#endif
5021#ifdef HAVE_UTMP_H
5022#include <utmp.h>
5023#endif
5024#ifdef HAVE_UTMPX_H
5025#include <utmpx.h>
5026#endif
5027#ifdef HAVE_LASTLOG_H
5028#include <lastlog.h>
5029#endif
5030	])
5031
5032dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5033dnl Add now.
5034CFLAGS="$CFLAGS $werror_flags"
5035
5036if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5037	TEST_SSH_IPV6=no
5038else
5039	TEST_SSH_IPV6=yes
5040fi
5041AC_CHECK_DECL([BROKEN_GETADDRINFO],  [TEST_SSH_IPV6=no])
5042AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5043AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5044AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5045AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5046
5047AC_EXEEXT
5048AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5049	openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5050	survey.sh])
5051AC_OUTPUT
5052
5053# Print summary of options
5054
5055# Someone please show me a better way :)
5056A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5057B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5058C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5059D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5060E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5061F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5062G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5063H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5064I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5065J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5066
5067echo ""
5068echo "OpenSSH has been configured with the following options:"
5069echo "                     User binaries: $B"
5070echo "                   System binaries: $C"
5071echo "               Configuration files: $D"
5072echo "                   Askpass program: $E"
5073echo "                      Manual pages: $F"
5074echo "                          PID file: $G"
5075echo "  Privilege separation chroot path: $H"
5076if test "x$external_path_file" = "x/etc/login.conf" ; then
5077echo "   At runtime, sshd will use the path defined in $external_path_file"
5078echo "   Make sure the path to scp is present, otherwise scp will not work"
5079else
5080echo "            sshd default user PATH: $I"
5081	if test ! -z "$external_path_file"; then
5082echo "   (If PATH is set in $external_path_file it will be used instead. If"
5083echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
5084	fi
5085fi
5086if test ! -z "$superuser_path" ; then
5087echo "          sshd superuser user PATH: $J"
5088fi
5089echo "                    Manpage format: $MANTYPE"
5090echo "                       PAM support: $PAM_MSG"
5091echo "                   OSF SIA support: $SIA_MSG"
5092echo "                 KerberosV support: $KRB5_MSG"
5093echo "                   SELinux support: $SELINUX_MSG"
5094echo "                 Smartcard support: $SCARD_MSG"
5095echo "                     S/KEY support: $SKEY_MSG"
5096echo "              MD5 password support: $MD5_MSG"
5097echo "                   libedit support: $LIBEDIT_MSG"
5098echo "                   libldns support: $LDNS_MSG"
5099echo "  Solaris process contract support: $SPC_MSG"
5100echo "           Solaris project support: $SP_MSG"
5101echo "         Solaris privilege support: $SPP_MSG"
5102echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5103echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5104echo "                  BSD Auth support: $BSD_AUTH_MSG"
5105echo "              Random number source: $RAND_MSG"
5106echo "             Privsep sandbox style: $SANDBOX_STYLE"
5107
5108echo ""
5109
5110echo "              Host: ${host}"
5111echo "          Compiler: ${CC}"
5112echo "    Compiler flags: ${CFLAGS}"
5113echo "Preprocessor flags: ${CPPFLAGS}"
5114echo "      Linker flags: ${LDFLAGS}"
5115echo "         Libraries: ${LIBS}"
5116if test ! -z "${SSHDLIBS}"; then
5117echo "         +for sshd: ${SSHDLIBS}"
5118fi
5119if test ! -z "${SSHLIBS}"; then
5120echo "          +for ssh: ${SSHLIBS}"
5121fi
5122
5123echo ""
5124
5125if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5126	echo "SVR4 style packages are supported with \"make package\""
5127	echo ""
5128fi
5129
5130if test "x$PAM_MSG" = "xyes" ; then
5131	echo "PAM is enabled. You may need to install a PAM control file "
5132	echo "for sshd, otherwise password authentication may fail. "
5133	echo "Example PAM control files can be found in the contrib/ "
5134	echo "subdirectory"
5135	echo ""
5136fi
5137
5138if test ! -z "$NO_PEERCHECK" ; then
5139	echo "WARNING: the operating system that you are using does not"
5140	echo "appear to support getpeereid(), getpeerucred() or the"
5141	echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5142	echo "enforce security checks to prevent unauthorised connections to"
5143	echo "ssh-agent. Their absence increases the risk that a malicious"
5144	echo "user can connect to your agent."
5145	echo ""
5146fi
5147
5148if test "$AUDIT_MODULE" = "bsm" ; then
5149	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5150	echo "See the Solaris section in README.platform for details."
5151fi
5152