1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133AC_ARG_WITH([openssl], 134 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 135 [ if test "x$withval" = "xno" ; then 136 openssl=no 137 fi 138 ] 139) 140AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 141if test "x$openssl" = "xyes" ; then 142 AC_MSG_RESULT([yes]) 143 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 144else 145 AC_MSG_RESULT([no]) 146fi 147 148use_stack_protector=1 149use_toolchain_hardening=1 150AC_ARG_WITH([stackprotect], 151 [ --without-stackprotect Don't use compiler's stack protection], [ 152 if test "x$withval" = "xno"; then 153 use_stack_protector=0 154 fi ]) 155AC_ARG_WITH([hardening], 156 [ --without-hardening Don't use toolchain hardening flags], [ 157 if test "x$withval" = "xno"; then 158 use_toolchain_hardening=0 159 fi ]) 160 161# We use -Werror for the tests only so that we catch warnings like "this is 162# on by default" for things like -fPIE. 163AC_MSG_CHECKING([if $CC supports -Werror]) 164saved_CFLAGS="$CFLAGS" 165CFLAGS="$CFLAGS -Werror" 166AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 167 [ AC_MSG_RESULT([yes]) 168 WERROR="-Werror"], 169 [ AC_MSG_RESULT([no]) 170 WERROR="" ] 171) 172CFLAGS="$saved_CFLAGS" 173 174if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 175 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 178 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 179 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 180 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 181 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 182 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 183 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 184 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 185 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 186 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 187 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 188 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 189 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 190 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 191 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 192 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 193 if test "x$use_toolchain_hardening" = "x1"; then 194 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 195 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 196 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 197 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 198 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 199 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 200 # NB. -ftrapv expects certain support functions to be present in 201 # the compiler library (libgcc or similar) to detect integer operations 202 # that can overflow. We must check that the result of enabling it 203 # actually links. The test program compiled/linked includes a number 204 # of integer operations that should exercise this. 205 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 206 OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) 207 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 208 fi 209 AC_MSG_CHECKING([gcc version]) 210 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 211 case $GCC_VER in 212 1.*) no_attrib_nonnull=1 ;; 213 2.8* | 2.9*) 214 no_attrib_nonnull=1 215 ;; 216 2.*) no_attrib_nonnull=1 ;; 217 *) ;; 218 esac 219 AC_MSG_RESULT([$GCC_VER]) 220 221 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 222 saved_CFLAGS="$CFLAGS" 223 CFLAGS="$CFLAGS -fno-builtin-memset" 224 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 225 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 226 [ AC_MSG_RESULT([yes]) ], 227 [ AC_MSG_RESULT([no]) 228 CFLAGS="$saved_CFLAGS" ] 229 ) 230 231 # -fstack-protector-all doesn't always work for some GCC versions 232 # and/or platforms, so we test if we can. If it's not supported 233 # on a given platform gcc will emit a warning so we use -Werror. 234 if test "x$use_stack_protector" = "x1"; then 235 for t in -fstack-protector-strong -fstack-protector-all \ 236 -fstack-protector; do 237 AC_MSG_CHECKING([if $CC supports $t]) 238 saved_CFLAGS="$CFLAGS" 239 saved_LDFLAGS="$LDFLAGS" 240 CFLAGS="$CFLAGS $t -Werror" 241 LDFLAGS="$LDFLAGS $t -Werror" 242 AC_LINK_IFELSE( 243 [AC_LANG_PROGRAM([[ 244 #include <stdio.h> 245 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 246 ]], 247 [[ 248 char x[256]; 249 snprintf(x, sizeof(x), "XXX%d", func(1)); 250 ]])], 251 [ AC_MSG_RESULT([yes]) 252 CFLAGS="$saved_CFLAGS $t" 253 LDFLAGS="$saved_LDFLAGS $t" 254 AC_MSG_CHECKING([if $t works]) 255 AC_RUN_IFELSE( 256 [AC_LANG_PROGRAM([[ 257 #include <stdio.h> 258 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 259 ]], 260 [[ 261 char x[256]; 262 snprintf(x, sizeof(x), "XXX%d", func(1)); 263 ]])], 264 [ AC_MSG_RESULT([yes]) 265 break ], 266 [ AC_MSG_RESULT([no]) ], 267 [ AC_MSG_WARN([cross compiling: cannot test]) 268 break ] 269 ) 270 ], 271 [ AC_MSG_RESULT([no]) ] 272 ) 273 CFLAGS="$saved_CFLAGS" 274 LDFLAGS="$saved_LDFLAGS" 275 done 276 fi 277 278 if test -z "$have_llong_max"; then 279 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 280 unset ac_cv_have_decl_LLONG_MAX 281 saved_CFLAGS="$CFLAGS" 282 CFLAGS="$CFLAGS -std=gnu99" 283 AC_CHECK_DECL([LLONG_MAX], 284 [have_llong_max=1], 285 [CFLAGS="$saved_CFLAGS"], 286 [#include <limits.h>] 287 ) 288 fi 289fi 290 291AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 292AC_COMPILE_IFELSE( 293 [AC_LANG_PROGRAM([[ 294#include <stdlib.h> 295__attribute__((__unused__)) static void foo(void){return;}]], 296 [[ exit(0); ]])], 297 [ AC_MSG_RESULT([yes]) ], 298 [ AC_MSG_RESULT([no]) 299 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 300 [compiler does not accept __attribute__ on return types]) ] 301) 302 303AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 304AC_COMPILE_IFELSE( 305 [AC_LANG_PROGRAM([[ 306#include <stdlib.h> 307typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 308 [[ exit(0); ]])], 309 [ AC_MSG_RESULT([yes]) ], 310 [ AC_MSG_RESULT([no]) 311 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 312 [compiler does not accept __attribute__ on prototype args]) ] 313) 314 315AC_MSG_CHECKING([if compiler supports variable length arrays]) 316AC_COMPILE_IFELSE( 317 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 318 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 319 [ AC_MSG_RESULT([yes]) 320 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 321 [compiler supports variable length arrays]) ], 322 [ AC_MSG_RESULT([no]) ] 323) 324 325AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 326AC_COMPILE_IFELSE( 327 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 328 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 329 [ AC_MSG_RESULT([yes]) 330 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 331 [compiler variable declarations after code]) ], 332 [ AC_MSG_RESULT([no]) ] 333) 334 335if test "x$no_attrib_nonnull" != "x1" ; then 336 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 337fi 338 339AC_ARG_WITH([rpath], 340 [ --without-rpath Disable auto-added -R linker paths], 341 [ 342 if test "x$withval" = "xno" ; then 343 rpath_opt="" 344 elif test "x$withval" = "xyes" ; then 345 rpath_opt="-R" 346 else 347 rpath_opt="$withval" 348 fi 349 ] 350) 351 352# Allow user to specify flags 353AC_ARG_WITH([cflags], 354 [ --with-cflags Specify additional flags to pass to compiler], 355 [ 356 if test -n "$withval" && test "x$withval" != "xno" && \ 357 test "x${withval}" != "xyes"; then 358 CFLAGS="$CFLAGS $withval" 359 fi 360 ] 361) 362 363AC_ARG_WITH([cflags-after], 364 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 365 [ 366 if test -n "$withval" && test "x$withval" != "xno" && \ 367 test "x${withval}" != "xyes"; then 368 CFLAGS_AFTER="$withval" 369 fi 370 ] 371) 372AC_ARG_WITH([cppflags], 373 [ --with-cppflags Specify additional flags to pass to preprocessor] , 374 [ 375 if test -n "$withval" && test "x$withval" != "xno" && \ 376 test "x${withval}" != "xyes"; then 377 CPPFLAGS="$CPPFLAGS $withval" 378 fi 379 ] 380) 381AC_ARG_WITH([ldflags], 382 [ --with-ldflags Specify additional flags to pass to linker], 383 [ 384 if test -n "$withval" && test "x$withval" != "xno" && \ 385 test "x${withval}" != "xyes"; then 386 LDFLAGS="$LDFLAGS $withval" 387 fi 388 ] 389) 390AC_ARG_WITH([ldflags-after], 391 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 392 [ 393 if test -n "$withval" && test "x$withval" != "xno" && \ 394 test "x${withval}" != "xyes"; then 395 LDFLAGS_AFTER="$withval" 396 fi 397 ] 398) 399AC_ARG_WITH([libs], 400 [ --with-libs Specify additional libraries to link with], 401 [ 402 if test -n "$withval" && test "x$withval" != "xno" && \ 403 test "x${withval}" != "xyes"; then 404 LIBS="$LIBS $withval" 405 fi 406 ] 407) 408AC_ARG_WITH([Werror], 409 [ --with-Werror Build main code with -Werror], 410 [ 411 if test -n "$withval" && test "x$withval" != "xno"; then 412 werror_flags="-Werror" 413 if test "x${withval}" != "xyes"; then 414 werror_flags="$withval" 415 fi 416 fi 417 ] 418) 419 420AC_CHECK_HEADERS([ \ 421 blf.h \ 422 bstring.h \ 423 crypt.h \ 424 crypto/sha2.h \ 425 dirent.h \ 426 endian.h \ 427 elf.h \ 428 err.h \ 429 features.h \ 430 fcntl.h \ 431 floatingpoint.h \ 432 fnmatch.h \ 433 getopt.h \ 434 glob.h \ 435 ia.h \ 436 iaf.h \ 437 ifaddrs.h \ 438 inttypes.h \ 439 langinfo.h \ 440 limits.h \ 441 locale.h \ 442 login.h \ 443 maillock.h \ 444 ndir.h \ 445 net/if_tun.h \ 446 netdb.h \ 447 netgroup.h \ 448 pam/pam_appl.h \ 449 paths.h \ 450 poll.h \ 451 pty.h \ 452 readpassphrase.h \ 453 rpc/types.h \ 454 security/pam_appl.h \ 455 sha2.h \ 456 shadow.h \ 457 stddef.h \ 458 stdint.h \ 459 string.h \ 460 strings.h \ 461 sys/bitypes.h \ 462 sys/byteorder.h \ 463 sys/bsdtty.h \ 464 sys/cdefs.h \ 465 sys/dir.h \ 466 sys/file.h \ 467 sys/mman.h \ 468 sys/label.h \ 469 sys/ndir.h \ 470 sys/param.h \ 471 sys/poll.h \ 472 sys/prctl.h \ 473 sys/procctl.h \ 474 sys/pstat.h \ 475 sys/ptrace.h \ 476 sys/random.h \ 477 sys/select.h \ 478 sys/stat.h \ 479 sys/stream.h \ 480 sys/stropts.h \ 481 sys/strtio.h \ 482 sys/statvfs.h \ 483 sys/sysmacros.h \ 484 sys/time.h \ 485 sys/timers.h \ 486 sys/vfs.h \ 487 time.h \ 488 tmpdir.h \ 489 ttyent.h \ 490 ucred.h \ 491 unistd.h \ 492 usersec.h \ 493 util.h \ 494 utime.h \ 495 utmp.h \ 496 utmpx.h \ 497 vis.h \ 498 wchar.h \ 499]) 500 501# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 502# to be included first. 503AC_CHECK_HEADERS([sys/audit.h], [], [], [ 504#ifdef HAVE_SYS_TIME_H 505# include <sys/time.h> 506#endif 507#ifdef HAVE_SYS_TYPES_H 508# include <sys/types.h> 509#endif 510#ifdef HAVE_SYS_LABEL_H 511# include <sys/label.h> 512#endif 513]) 514 515# sys/capsicum.h requires sys/types.h 516AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 517#ifdef HAVE_SYS_TYPES_H 518# include <sys/types.h> 519#endif 520]) 521 522AC_MSG_CHECKING([for caph_cache_tzdata]) 523AC_LINK_IFELSE( 524 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 525 [[caph_cache_tzdata();]])], 526 [ 527 AC_MSG_RESULT([yes]) 528 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 529 [Define if you have caph_cache_tzdata]) 530 ], 531 [ AC_MSG_RESULT([no]) ] 532) 533 534# net/route.h requires sys/socket.h and sys/types.h. 535# sys/sysctl.h also requires sys/param.h 536AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 537#ifdef HAVE_SYS_TYPES_H 538# include <sys/types.h> 539#endif 540#include <sys/param.h> 541#include <sys/socket.h> 542]) 543 544# lastlog.h requires sys/time.h to be included first on Solaris 545AC_CHECK_HEADERS([lastlog.h], [], [], [ 546#ifdef HAVE_SYS_TIME_H 547# include <sys/time.h> 548#endif 549]) 550 551# sys/ptms.h requires sys/stream.h to be included first on Solaris 552AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 553#ifdef HAVE_SYS_STREAM_H 554# include <sys/stream.h> 555#endif 556]) 557 558# login_cap.h requires sys/types.h on NetBSD 559AC_CHECK_HEADERS([login_cap.h], [], [], [ 560#include <sys/types.h> 561]) 562 563# older BSDs need sys/param.h before sys/mount.h 564AC_CHECK_HEADERS([sys/mount.h], [], [], [ 565#include <sys/param.h> 566]) 567 568# Android requires sys/socket.h to be included before sys/un.h 569AC_CHECK_HEADERS([sys/un.h], [], [], [ 570#include <sys/types.h> 571#include <sys/socket.h> 572]) 573 574# Messages for features tested for in target-specific section 575SIA_MSG="no" 576SPC_MSG="no" 577SP_MSG="no" 578SPP_MSG="no" 579 580# Support for Solaris/Illumos privileges (this test is used by both 581# the --with-solaris-privs option and --with-sandbox=solaris). 582SOLARIS_PRIVS="no" 583 584# Check for some target-specific stuff 585case "$host" in 586*-*-aix*) 587 # Some versions of VAC won't allow macro redefinitions at 588 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 589 # particularly with older versions of vac or xlc. 590 # It also throws errors about null macro arguments, but these are 591 # not fatal. 592 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 593 AC_COMPILE_IFELSE( 594 [AC_LANG_PROGRAM([[ 595#define testmacro foo 596#define testmacro bar]], 597 [[ exit(0); ]])], 598 [ AC_MSG_RESULT([yes]) ], 599 [ AC_MSG_RESULT([no]) 600 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 601 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 602 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 603 ] 604 ) 605 606 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 607 if (test -z "$blibpath"); then 608 blibpath="/usr/lib:/lib" 609 fi 610 saved_LDFLAGS="$LDFLAGS" 611 if test "$GCC" = "yes"; then 612 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 613 else 614 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 615 fi 616 for tryflags in $flags ;do 617 if (test -z "$blibflags"); then 618 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 619 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 620 [blibflags=$tryflags], []) 621 fi 622 done 623 if (test -z "$blibflags"); then 624 AC_MSG_RESULT([not found]) 625 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 626 else 627 AC_MSG_RESULT([$blibflags]) 628 fi 629 LDFLAGS="$saved_LDFLAGS" 630 dnl Check for authenticate. Might be in libs.a on older AIXes 631 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 632 [Define if you want to enable AIX4's authenticate function])], 633 [AC_CHECK_LIB([s], [authenticate], 634 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 635 LIBS="$LIBS -ls" 636 ]) 637 ]) 638 dnl Check for various auth function declarations in headers. 639 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 640 passwdexpired, setauthdb], , , [#include <usersec.h>]) 641 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 642 AC_CHECK_DECLS([loginfailed], 643 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 644 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 645 [[ (void)loginfailed("user","host","tty",0); ]])], 646 [AC_MSG_RESULT([yes]) 647 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 648 [Define if your AIX loginfailed() function 649 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 650 ])], 651 [], 652 [#include <usersec.h>] 653 ) 654 AC_CHECK_FUNCS([getgrset setauthdb]) 655 AC_CHECK_DECL([F_CLOSEM], 656 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 657 [], 658 [ #include <limits.h> 659 #include <fcntl.h> ] 660 ) 661 check_for_aix_broken_getaddrinfo=1 662 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 663 [Define if your platform breaks doing a seteuid before a setuid]) 664 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 665 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 666 dnl AIX handles lastlog as part of its login message 667 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 668 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 669 [Some systems need a utmpx entry for /bin/login to work]) 670 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 671 [Define to a Set Process Title type if your system is 672 supported by bsd-setproctitle.c]) 673 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 674 [AIX 5.2 and 5.3 (and presumably newer) require this]) 675 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 676 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 677 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 678 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 679 ;; 680*-*-android*) 681 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 682 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 683 ;; 684*-*-cygwin*) 685 LIBS="$LIBS /usr/lib/textreadmode.o" 686 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 687 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 688 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 689 [Define to disable UID restoration test]) 690 AC_DEFINE([DISABLE_SHADOW], [1], 691 [Define if you want to disable shadow passwords]) 692 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 693 [Define if X11 doesn't support AF_UNIX sockets on that system]) 694 AC_DEFINE([DISABLE_FD_PASSING], [1], 695 [Define if your platform needs to skip post auth 696 file descriptor passing]) 697 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 698 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 699 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 700 # reasons which cause compile warnings, so we disable those warnings. 701 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 702 ;; 703*-*-dgux*) 704 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 705 [Define if your system choked on IP TOS setting]) 706 AC_DEFINE([SETEUID_BREAKS_SETUID]) 707 AC_DEFINE([BROKEN_SETREUID]) 708 AC_DEFINE([BROKEN_SETREGID]) 709 ;; 710*-*-darwin*) 711 use_pie=auto 712 AC_MSG_CHECKING([if we have working getaddrinfo]) 713 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 714#include <mach-o/dyld.h> 715#include <stdlib.h> 716main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 717 exit(0); 718 else 719 exit(1); 720} 721 ]])], 722 [AC_MSG_RESULT([working])], 723 [AC_MSG_RESULT([buggy]) 724 AC_DEFINE([BROKEN_GETADDRINFO], [1], 725 [getaddrinfo is broken (if present)]) 726 ], 727 [AC_MSG_RESULT([assume it is working])]) 728 AC_DEFINE([SETEUID_BREAKS_SETUID]) 729 AC_DEFINE([BROKEN_SETREUID]) 730 AC_DEFINE([BROKEN_SETREGID]) 731 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 732 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 733 [Define if your resolver libs need this for getrrsetbyname]) 734 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 735 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 736 [Use tunnel device compatibility to OpenBSD]) 737 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 738 [Prepend the address family to IP tunnel traffic]) 739 m4_pattern_allow([AU_IPv]) 740 AC_CHECK_DECL([AU_IPv4], [], 741 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 742 [#include <bsm/audit.h>] 743 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 744 [Define if pututxline updates lastlog too]) 745 ) 746 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 747 [Define to a Set Process Title type if your system is 748 supported by bsd-setproctitle.c]) 749 AC_CHECK_FUNCS([sandbox_init]) 750 AC_CHECK_HEADERS([sandbox.h]) 751 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 752 SSHDLIBS="$SSHDLIBS -lsandbox" 753 ]) 754 # proc_pidinfo()-based closefrom() replacement. 755 AC_CHECK_HEADERS([libproc.h]) 756 AC_CHECK_FUNCS([proc_pidinfo]) 757 # poll(2) is broken for character-special devices (at least). 758 # cf. Apple bug 3710161 (not public, but searchable) 759 AC_DEFINE([BROKEN_POLL], [1], 760 [System poll(2) implementation is broken]) 761 ;; 762*-*-dragonfly*) 763 SSHDLIBS="$SSHDLIBS" 764 TEST_MALLOC_OPTIONS="AFGJPRX" 765 ;; 766*-*-haiku*) 767 LIBS="$LIBS -lbsd " 768 CFLAGS="$CFLAGS -D_BSD_SOURCE" 769 AC_CHECK_LIB([network], [socket]) 770 AC_DEFINE([HAVE_U_INT64_T]) 771 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 772 MANTYPE=man 773 ;; 774*-*-hpux*) 775 # first we define all of the options common to all HP-UX releases 776 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 777 IPADDR_IN_DISPLAY=yes 778 AC_DEFINE([USE_PIPES]) 779 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 780 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 781 [String used in /etc/passwd to denote locked account]) 782 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 783 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 784 maildir="/var/mail" 785 LIBS="$LIBS -lsec" 786 AC_CHECK_LIB([xnet], [t_error], , 787 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 788 789 # next, we define all of the options specific to major releases 790 case "$host" in 791 *-*-hpux10*) 792 if test -z "$GCC"; then 793 CFLAGS="$CFLAGS -Ae" 794 fi 795 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 796 ;; 797 *-*-hpux11*) 798 AC_DEFINE([PAM_SUN_CODEBASE], [1], 799 [Define if you are using Solaris-derived PAM which 800 passes pam_messages to the conversation function 801 with an extra level of indirection]) 802 AC_DEFINE([DISABLE_UTMP], [1], 803 [Define if you don't want to use utmp]) 804 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 805 check_for_hpux_broken_getaddrinfo=1 806 check_for_conflicting_getspnam=1 807 ;; 808 esac 809 810 # lastly, we define options specific to minor releases 811 case "$host" in 812 *-*-hpux10.26) 813 AC_DEFINE([HAVE_SECUREWARE], [1], 814 [Define if you have SecureWare-based 815 protected password database]) 816 disable_ptmx_check=yes 817 LIBS="$LIBS -lsecpw" 818 ;; 819 esac 820 ;; 821*-*-irix5*) 822 PATH="$PATH:/usr/etc" 823 AC_DEFINE([BROKEN_INET_NTOA], [1], 824 [Define if you system's inet_ntoa is busted 825 (e.g. Irix gcc issue)]) 826 AC_DEFINE([SETEUID_BREAKS_SETUID]) 827 AC_DEFINE([BROKEN_SETREUID]) 828 AC_DEFINE([BROKEN_SETREGID]) 829 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 830 [Define if you shouldn't strip 'tty' from your 831 ttyname in [uw]tmp]) 832 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 833 ;; 834*-*-irix6*) 835 PATH="$PATH:/usr/etc" 836 AC_DEFINE([WITH_IRIX_ARRAY], [1], 837 [Define if you have/want arrays 838 (cluster-wide session management, not C arrays)]) 839 AC_DEFINE([WITH_IRIX_PROJECT], [1], 840 [Define if you want IRIX project management]) 841 AC_DEFINE([WITH_IRIX_AUDIT], [1], 842 [Define if you want IRIX audit trails]) 843 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 844 [Define if you want IRIX kernel jobs])]) 845 AC_DEFINE([BROKEN_INET_NTOA]) 846 AC_DEFINE([SETEUID_BREAKS_SETUID]) 847 AC_DEFINE([BROKEN_SETREUID]) 848 AC_DEFINE([BROKEN_SETREGID]) 849 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 850 AC_DEFINE([WITH_ABBREV_NO_TTY]) 851 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 852 ;; 853*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 854 AC_DEFINE([PAM_TTY_KLUDGE]) 855 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 856 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 857 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 858 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 859 ;; 860*-*-linux*) 861 no_dev_ptmx=1 862 use_pie=auto 863 check_for_openpty_ctty_bug=1 864 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 865 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 866 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 867 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 868 AC_DEFINE([PAM_TTY_KLUDGE], [1], 869 [Work around problematic Linux PAM modules handling of PAM_TTY]) 870 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 871 [String used in /etc/passwd to denote locked account]) 872 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 873 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 874 [Define to whatever link() returns for "not supported" 875 if it doesn't return EOPNOTSUPP.]) 876 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 877 AC_DEFINE([USE_BTMP]) 878 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 879 inet6_default_4in6=yes 880 case `uname -r` in 881 1.*|2.0.*) 882 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 883 [Define if cmsg_type is not passed correctly]) 884 ;; 885 esac 886 # tun(4) forwarding compat code 887 AC_CHECK_HEADERS([linux/if_tun.h]) 888 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 889 AC_DEFINE([SSH_TUN_LINUX], [1], 890 [Open tunnel devices the Linux tun/tap way]) 891 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 892 [Use tunnel device compatibility to OpenBSD]) 893 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 894 [Prepend the address family to IP tunnel traffic]) 895 fi 896 AC_CHECK_HEADER([linux/if.h], 897 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 898 [Support routing domains using Linux VRF]), [], [ 899#ifdef HAVE_SYS_TYPES_H 900# include <sys/types.h> 901#endif 902 ]) 903 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 904 [], [#include <linux/types.h>]) 905 # Obtain MIPS ABI 906 case "$host" in 907 mips*) 908 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 909#if _MIPS_SIM != _ABIO32 910#error 911#endif 912 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 913#if _MIPS_SIM != _ABIN32 914#error 915#endif 916 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 917#if _MIPS_SIM != _ABI64 918#error 919#endif 920 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 921 ]) 922 ]) 923 ]) 924 ;; 925 esac 926 AC_MSG_CHECKING([for seccomp architecture]) 927 seccomp_audit_arch= 928 case "$host" in 929 x86_64-*) 930 seccomp_audit_arch=AUDIT_ARCH_X86_64 931 ;; 932 i*86-*) 933 seccomp_audit_arch=AUDIT_ARCH_I386 934 ;; 935 arm*-*) 936 seccomp_audit_arch=AUDIT_ARCH_ARM 937 ;; 938 aarch64*-*) 939 seccomp_audit_arch=AUDIT_ARCH_AARCH64 940 ;; 941 s390x-*) 942 seccomp_audit_arch=AUDIT_ARCH_S390X 943 ;; 944 s390-*) 945 seccomp_audit_arch=AUDIT_ARCH_S390 946 ;; 947 powerpc-*) 948 seccomp_audit_arch=AUDIT_ARCH_PPC 949 ;; 950 powerpc64-*) 951 seccomp_audit_arch=AUDIT_ARCH_PPC64 952 ;; 953 powerpc64le-*) 954 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 955 ;; 956 mips-*) 957 seccomp_audit_arch=AUDIT_ARCH_MIPS 958 ;; 959 mipsel-*) 960 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 961 ;; 962 mips64-*) 963 case "$mips_abi" in 964 "n32") 965 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 966 ;; 967 "n64") 968 seccomp_audit_arch=AUDIT_ARCH_MIPS64 969 ;; 970 esac 971 ;; 972 mips64el-*) 973 case "$mips_abi" in 974 "n32") 975 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 976 ;; 977 "n64") 978 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 979 ;; 980 esac 981 ;; 982 riscv64-*) 983 seccomp_audit_arch=AUDIT_ARCH_RISCV64 984 ;; 985 esac 986 if test "x$seccomp_audit_arch" != "x" ; then 987 AC_MSG_RESULT(["$seccomp_audit_arch"]) 988 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 989 [Specify the system call convention in use]) 990 else 991 AC_MSG_RESULT([architecture not supported]) 992 fi 993 ;; 994*-*-minix) 995 AC_DEFINE([SETEUID_BREAKS_SETUID]) 996 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 997 AC_DEFINE([BROKEN_POLL], [1], 998 [System poll(2) implementation is broken]) 999 ;; 1000mips-sony-bsd|mips-sony-newsos4) 1001 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1002 SONY=1 1003 ;; 1004*-*-netbsd*) 1005 if test "x$withval" != "xno" ; then 1006 rpath_opt="-R" 1007 fi 1008 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1009 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1010 AC_CHECK_HEADER([net/if_tap.h], , 1011 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1012 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1013 [Prepend the address family to IP tunnel traffic]) 1014 TEST_MALLOC_OPTIONS="AJRX" 1015 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1016 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1017 ;; 1018*-*-freebsd*) 1019 SKIP_DISABLE_LASTLOG_DEFINE=yes 1020 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1021 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1022 AC_CHECK_HEADER([net/if_tap.h], , 1023 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1024 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1025 TEST_MALLOC_OPTIONS="AJRX" 1026 # Preauth crypto occasionally uses file descriptors for crypto offload 1027 # and will crash if they cannot be opened. 1028 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1029 [define if setrlimit RLIMIT_NOFILE breaks things]) 1030 case "$host" in 1031 *-*-freebsd9.*|*-*-freebsd10.*) 1032 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1033 disable_capsicum=yes 1034 esac 1035 ;; 1036*-*-bsdi*) 1037 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1038 AC_DEFINE([BROKEN_SETREUID]) 1039 AC_DEFINE([BROKEN_SETREGID]) 1040 ;; 1041*-next-*) 1042 conf_lastlog_location="/usr/adm/lastlog" 1043 conf_utmp_location=/etc/utmp 1044 conf_wtmp_location=/usr/adm/wtmp 1045 maildir=/usr/spool/mail 1046 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1047 AC_DEFINE([USE_PIPES]) 1048 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1049 ;; 1050*-*-openbsd*) 1051 use_pie=auto 1052 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1053 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1054 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1055 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1056 [syslog_r function is safe to use in in a signal handler]) 1057 TEST_MALLOC_OPTIONS="AFGJPRX" 1058 ;; 1059*-*-solaris*) 1060 if test "x$withval" != "xno" ; then 1061 rpath_opt="-R" 1062 fi 1063 AC_DEFINE([PAM_SUN_CODEBASE]) 1064 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1065 AC_DEFINE([PAM_TTY_KLUDGE]) 1066 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1067 [Define if pam_chauthtok wants real uid set 1068 to the unpriv'ed user]) 1069 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1070 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1071 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1072 [Define if sshd somehow reacquires a controlling TTY 1073 after setsid()]) 1074 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1075 in case the name is longer than 8 chars]) 1076 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1077 external_path_file=/etc/default/login 1078 # hardwire lastlog location (can't detect it on some versions) 1079 conf_lastlog_location="/var/adm/lastlog" 1080 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1081 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1082 if test "$sol2ver" -ge 8; then 1083 AC_MSG_RESULT([yes]) 1084 AC_DEFINE([DISABLE_UTMP]) 1085 AC_DEFINE([DISABLE_WTMP], [1], 1086 [Define if you don't want to use wtmp]) 1087 else 1088 AC_MSG_RESULT([no]) 1089 fi 1090 AC_CHECK_FUNCS([setpflags]) 1091 AC_CHECK_FUNCS([setppriv]) 1092 AC_CHECK_FUNCS([priv_basicset]) 1093 AC_CHECK_HEADERS([priv.h]) 1094 AC_ARG_WITH([solaris-contracts], 1095 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1096 [ 1097 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1098 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1099 [Define if you have Solaris process contracts]) 1100 LIBS="$LIBS -lcontract" 1101 SPC_MSG="yes" ], ) 1102 ], 1103 ) 1104 AC_ARG_WITH([solaris-projects], 1105 [ --with-solaris-projects Enable Solaris projects (experimental)], 1106 [ 1107 AC_CHECK_LIB([project], [setproject], 1108 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1109 [Define if you have Solaris projects]) 1110 LIBS="$LIBS -lproject" 1111 SP_MSG="yes" ], ) 1112 ], 1113 ) 1114 AC_ARG_WITH([solaris-privs], 1115 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1116 [ 1117 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1118 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1119 "x$ac_cv_header_priv_h" = "xyes" ; then 1120 SOLARIS_PRIVS=yes 1121 AC_MSG_RESULT([found]) 1122 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1123 [Define to disable UID restoration test]) 1124 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1125 [Define if you have Solaris privileges]) 1126 SPP_MSG="yes" 1127 else 1128 AC_MSG_RESULT([not found]) 1129 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1130 fi 1131 ], 1132 ) 1133 TEST_SHELL=$SHELL # let configure find us a capable shell 1134 ;; 1135*-*-sunos4*) 1136 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1137 AC_CHECK_FUNCS([getpwanam]) 1138 AC_DEFINE([PAM_SUN_CODEBASE]) 1139 conf_utmp_location=/etc/utmp 1140 conf_wtmp_location=/var/adm/wtmp 1141 conf_lastlog_location=/var/adm/lastlog 1142 AC_DEFINE([USE_PIPES]) 1143 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1144 ;; 1145*-ncr-sysv*) 1146 LIBS="$LIBS -lc89" 1147 AC_DEFINE([USE_PIPES]) 1148 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1149 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1150 AC_DEFINE([BROKEN_SETREUID]) 1151 AC_DEFINE([BROKEN_SETREGID]) 1152 ;; 1153*-sni-sysv*) 1154 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1155 AC_CHECK_LIB([dl], [dlsym], ,) 1156 # -lresolv needs to be at the end of LIBS or DNS lookups break 1157 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1158 IPADDR_IN_DISPLAY=yes 1159 AC_DEFINE([USE_PIPES]) 1160 AC_DEFINE([IP_TOS_IS_BROKEN]) 1161 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1162 AC_DEFINE([BROKEN_SETREUID]) 1163 AC_DEFINE([BROKEN_SETREGID]) 1164 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1165 external_path_file=/etc/default/login 1166 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1167 # Attention: always take care to bind libsocket and libnsl before libc, 1168 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1169 ;; 1170# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1171*-*-sysv4.2*) 1172 AC_DEFINE([USE_PIPES]) 1173 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1174 AC_DEFINE([BROKEN_SETREUID]) 1175 AC_DEFINE([BROKEN_SETREGID]) 1176 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1177 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1178 TEST_SHELL=$SHELL # let configure find us a capable shell 1179 ;; 1180# UnixWare 7.x, OpenUNIX 8 1181*-*-sysv5*) 1182 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1183 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1184 AC_DEFINE([USE_PIPES]) 1185 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1186 AC_DEFINE([BROKEN_GETADDRINFO]) 1187 AC_DEFINE([BROKEN_SETREUID]) 1188 AC_DEFINE([BROKEN_SETREGID]) 1189 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1190 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1191 TEST_SHELL=$SHELL # let configure find us a capable shell 1192 case "$host" in 1193 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1194 maildir=/var/spool/mail 1195 AC_DEFINE([BROKEN_UPDWTMPX]) 1196 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1197 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1198 ], , ) 1199 ;; 1200 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1201 ;; 1202 esac 1203 ;; 1204*-*-sysv*) 1205 ;; 1206# SCO UNIX and OEM versions of SCO UNIX 1207*-*-sco3.2v4*) 1208 AC_MSG_ERROR("This Platform is no longer supported.") 1209 ;; 1210# SCO OpenServer 5.x 1211*-*-sco3.2v5*) 1212 if test -z "$GCC"; then 1213 CFLAGS="$CFLAGS -belf" 1214 fi 1215 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1216 no_dev_ptmx=1 1217 AC_DEFINE([USE_PIPES]) 1218 AC_DEFINE([HAVE_SECUREWARE]) 1219 AC_DEFINE([DISABLE_SHADOW]) 1220 AC_DEFINE([DISABLE_FD_PASSING]) 1221 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1222 AC_DEFINE([BROKEN_GETADDRINFO]) 1223 AC_DEFINE([BROKEN_SETREUID]) 1224 AC_DEFINE([BROKEN_SETREGID]) 1225 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1226 AC_DEFINE([BROKEN_UPDWTMPX]) 1227 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1228 AC_CHECK_FUNCS([getluid setluid]) 1229 MANTYPE=man 1230 TEST_SHELL=$SHELL # let configure find us a capable shell 1231 SKIP_DISABLE_LASTLOG_DEFINE=yes 1232 ;; 1233*-dec-osf*) 1234 AC_MSG_CHECKING([for Digital Unix SIA]) 1235 no_osfsia="" 1236 AC_ARG_WITH([osfsia], 1237 [ --with-osfsia Enable Digital Unix SIA], 1238 [ 1239 if test "x$withval" = "xno" ; then 1240 AC_MSG_RESULT([disabled]) 1241 no_osfsia=1 1242 fi 1243 ], 1244 ) 1245 if test -z "$no_osfsia" ; then 1246 if test -f /etc/sia/matrix.conf; then 1247 AC_MSG_RESULT([yes]) 1248 AC_DEFINE([HAVE_OSF_SIA], [1], 1249 [Define if you have Digital Unix Security 1250 Integration Architecture]) 1251 AC_DEFINE([DISABLE_LOGIN], [1], 1252 [Define if you don't want to use your 1253 system's login() call]) 1254 AC_DEFINE([DISABLE_FD_PASSING]) 1255 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1256 SIA_MSG="yes" 1257 else 1258 AC_MSG_RESULT([no]) 1259 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1260 [String used in /etc/passwd to denote locked account]) 1261 fi 1262 fi 1263 AC_DEFINE([BROKEN_GETADDRINFO]) 1264 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1265 AC_DEFINE([BROKEN_SETREUID]) 1266 AC_DEFINE([BROKEN_SETREGID]) 1267 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1268 ;; 1269 1270*-*-nto-qnx*) 1271 AC_DEFINE([USE_PIPES]) 1272 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1273 AC_DEFINE([DISABLE_LASTLOG]) 1274 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1275 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1276 enable_etc_default_login=no # has incompatible /etc/default/login 1277 case "$host" in 1278 *-*-nto-qnx6*) 1279 AC_DEFINE([DISABLE_FD_PASSING]) 1280 ;; 1281 esac 1282 ;; 1283 1284*-*-ultrix*) 1285 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1286 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1287 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1288 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1289 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1290 # don't get a controlling tty. 1291 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1292 # On Ultrix some headers are not protected against multiple includes, 1293 # so we create wrappers and put it where the compiler will find it. 1294 AC_MSG_WARN([creating compat wrappers for headers]) 1295 mkdir -p netinet 1296 for header in netinet/ip.h netdb.h resolv.h; do 1297 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1298 cat >$header <<EOD 1299#ifndef _SSH_COMPAT_${name} 1300#define _SSH_COMPAT_${name} 1301#include "/usr/include/${header}" 1302#endif 1303EOD 1304 done 1305 ;; 1306 1307*-*-lynxos) 1308 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1309 AC_DEFINE([BROKEN_SETVBUF], [1], 1310 [LynxOS has broken setvbuf() implementation]) 1311 ;; 1312esac 1313 1314AC_MSG_CHECKING([compiler and flags for sanity]) 1315AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1316 [ AC_MSG_RESULT([yes]) ], 1317 [ 1318 AC_MSG_RESULT([no]) 1319 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1320 ], 1321 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1322) 1323 1324dnl Checks for header files. 1325# Checks for libraries. 1326AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1327 1328dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1329AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1330 AC_CHECK_LIB([gen], [dirname], [ 1331 AC_CACHE_CHECK([for broken dirname], 1332 ac_cv_have_broken_dirname, [ 1333 save_LIBS="$LIBS" 1334 LIBS="$LIBS -lgen" 1335 AC_RUN_IFELSE( 1336 [AC_LANG_SOURCE([[ 1337#include <libgen.h> 1338#include <string.h> 1339#include <stdlib.h> 1340 1341int main(int argc, char **argv) { 1342 char *s, buf[32]; 1343 1344 strncpy(buf,"/etc", 32); 1345 s = dirname(buf); 1346 if (!s || strncmp(s, "/", 32) != 0) { 1347 exit(1); 1348 } else { 1349 exit(0); 1350 } 1351} 1352 ]])], 1353 [ ac_cv_have_broken_dirname="no" ], 1354 [ ac_cv_have_broken_dirname="yes" ], 1355 [ ac_cv_have_broken_dirname="no" ], 1356 ) 1357 LIBS="$save_LIBS" 1358 ]) 1359 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1360 LIBS="$LIBS -lgen" 1361 AC_DEFINE([HAVE_DIRNAME]) 1362 AC_CHECK_HEADERS([libgen.h]) 1363 fi 1364 ]) 1365]) 1366 1367AC_CHECK_FUNC([getspnam], , 1368 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1369AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1370 [Define if you have the basename function.])]) 1371 1372dnl zlib defaults to enabled 1373zlib=yes 1374AC_ARG_WITH([zlib], 1375 [ --with-zlib=PATH Use zlib in PATH], 1376 [ if test "x$withval" = "xno" ; then 1377 zlib=no 1378 elif test "x$withval" != "xyes"; then 1379 if test -d "$withval/lib"; then 1380 if test -n "${rpath_opt}"; then 1381 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1382 else 1383 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1384 fi 1385 else 1386 if test -n "${rpath_opt}"; then 1387 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1388 else 1389 LDFLAGS="-L${withval} ${LDFLAGS}" 1390 fi 1391 fi 1392 if test -d "$withval/include"; then 1393 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1394 else 1395 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1396 fi 1397 fi ] 1398) 1399 1400# These libraries are needed for anything that links in the channel code. 1401CHANNELLIBS="" 1402AC_MSG_CHECKING([for zlib]) 1403if test "x${zlib}" = "xno"; then 1404 AC_MSG_RESULT([no]) 1405else 1406 saved_LIBS="$LIBS" 1407 CHANNELLIBS="$CHANNELLIBS -lz" 1408 AC_MSG_RESULT([yes]) 1409 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1410 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1411 AC_CHECK_LIB([z], [deflate], [], 1412 [ 1413 saved_CPPFLAGS="$CPPFLAGS" 1414 saved_LDFLAGS="$LDFLAGS" 1415 dnl Check default zlib install dir 1416 if test -n "${rpath_opt}"; then 1417 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1418 else 1419 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1420 fi 1421 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1422 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1423 [ 1424 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1425 ] 1426 ) 1427 ] 1428 ) 1429 1430 AC_ARG_WITH([zlib-version-check], 1431 [ --without-zlib-version-check Disable zlib version check], 1432 [ if test "x$withval" = "xno" ; then 1433 zlib_check_nonfatal=1 1434 fi 1435 ] 1436 ) 1437 1438 AC_MSG_CHECKING([for possibly buggy zlib]) 1439 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1440#include <stdio.h> 1441#include <stdlib.h> 1442#include <zlib.h> 1443 ]], 1444 [[ 1445 int a=0, b=0, c=0, d=0, n, v; 1446 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1447 if (n != 3 && n != 4) 1448 exit(1); 1449 v = a*1000000 + b*10000 + c*100 + d; 1450 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1451 1452 /* 1.1.4 is OK */ 1453 if (a == 1 && b == 1 && c >= 4) 1454 exit(0); 1455 1456 /* 1.2.3 and up are OK */ 1457 if (v >= 1020300) 1458 exit(0); 1459 1460 exit(2); 1461 ]])], 1462 AC_MSG_RESULT([no]), 1463 [ AC_MSG_RESULT([yes]) 1464 if test -z "$zlib_check_nonfatal" ; then 1465 AC_MSG_ERROR([*** zlib too old - check config.log *** 1466Your reported zlib version has known security problems. It's possible your 1467vendor has fixed these problems without changing the version number. If you 1468are sure this is the case, you can disable the check by running 1469"./configure --without-zlib-version-check". 1470If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1471See http://www.gzip.org/zlib/ for details.]) 1472 else 1473 AC_MSG_WARN([zlib version may have security problems]) 1474 fi 1475 ], 1476 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1477 ) 1478 LIBS="$saved_LIBS" 1479fi 1480 1481dnl UnixWare 2.x 1482AC_CHECK_FUNC([strcasecmp], 1483 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1484) 1485AC_CHECK_FUNCS([utimes], 1486 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1487 LIBS="$LIBS -lc89"]) ] 1488) 1489 1490dnl Checks for libutil functions 1491AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1492AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1493AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1494AC_SEARCH_LIBS([login], [util bsd]) 1495AC_SEARCH_LIBS([logout], [util bsd]) 1496AC_SEARCH_LIBS([logwtmp], [util bsd]) 1497AC_SEARCH_LIBS([openpty], [util bsd]) 1498AC_SEARCH_LIBS([updwtmp], [util bsd]) 1499AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1500 1501# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1502# or libnsl. 1503AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1504AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1505 1506# Some Linux distribtions ship the BSD libc hashing functions in 1507# separate libraries. 1508AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1509 1510# "Particular Function Checks" 1511# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1512AC_FUNC_STRFTIME 1513AC_FUNC_MALLOC 1514AC_FUNC_REALLOC 1515# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1516AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1517AC_RUN_IFELSE( 1518 [AC_LANG_PROGRAM( 1519 [[ #include <stdlib.h> ]], 1520 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1521 )], 1522 [ func_calloc_0_nonnull=yes ], 1523 [ func_calloc_0_nonnull=no ], 1524 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1525 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1526) 1527AC_MSG_RESULT([$func_calloc_0_nonnull]) 1528 1529if test "x$func_calloc_0_nonnull" = "xyes"; then 1530 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1531else 1532 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1533 AC_DEFINE(calloc, rpl_calloc, 1534 [Define to rpl_calloc if the replacement function should be used.]) 1535fi 1536 1537# Check for ALTDIRFUNC glob() extension 1538AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1539AC_EGREP_CPP([FOUNDIT], 1540 [ 1541 #include <glob.h> 1542 #ifdef GLOB_ALTDIRFUNC 1543 FOUNDIT 1544 #endif 1545 ], 1546 [ 1547 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1548 [Define if your system glob() function has 1549 the GLOB_ALTDIRFUNC extension]) 1550 AC_MSG_RESULT([yes]) 1551 ], 1552 [ 1553 AC_MSG_RESULT([no]) 1554 ] 1555) 1556 1557# Check for g.gl_matchc glob() extension 1558AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1559AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1560 [[ glob_t g; g.gl_matchc = 1; ]])], 1561 [ 1562 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1563 [Define if your system glob() function has 1564 gl_matchc options in glob_t]) 1565 AC_MSG_RESULT([yes]) 1566 ], [ 1567 AC_MSG_RESULT([no]) 1568]) 1569 1570# Check for g.gl_statv glob() extension 1571AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1572AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1573#ifndef GLOB_KEEPSTAT 1574#error "glob does not support GLOB_KEEPSTAT extension" 1575#endif 1576glob_t g; 1577g.gl_statv = NULL; 1578]])], 1579 [ 1580 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1581 [Define if your system glob() function has 1582 gl_statv options in glob_t]) 1583 AC_MSG_RESULT([yes]) 1584 ], [ 1585 AC_MSG_RESULT([no]) 1586 1587]) 1588 1589AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1590 1591AC_CHECK_DECL([VIS_ALL], , 1592 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1593 1594AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1595AC_RUN_IFELSE( 1596 [AC_LANG_PROGRAM([[ 1597#include <sys/types.h> 1598#include <dirent.h> 1599#include <stdlib.h> 1600 ]], 1601 [[ 1602 struct dirent d; 1603 exit(sizeof(d.d_name)<=sizeof(char)); 1604 ]])], 1605 [AC_MSG_RESULT([yes])], 1606 [ 1607 AC_MSG_RESULT([no]) 1608 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1609 [Define if your struct dirent expects you to 1610 allocate extra space for d_name]) 1611 ], 1612 [ 1613 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1614 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1615 ] 1616) 1617 1618AC_MSG_CHECKING([for /proc/pid/fd directory]) 1619if test -d "/proc/$$/fd" ; then 1620 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1621 AC_MSG_RESULT([yes]) 1622else 1623 AC_MSG_RESULT([no]) 1624fi 1625 1626# Check whether user wants TCP wrappers support 1627TCPW_MSG="no" 1628AC_ARG_WITH([tcp-wrappers], 1629 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1630 [ 1631 if test "x$withval" != "xno" ; then 1632 saved_LIBS="$LIBS" 1633 saved_LDFLAGS="$LDFLAGS" 1634 saved_CPPFLAGS="$CPPFLAGS" 1635 if test -n "${withval}" && \ 1636 test "x${withval}" != "xyes"; then 1637 if test -d "${withval}/lib"; then 1638 if test -n "${need_dash_r}"; then 1639 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1640 else 1641 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1642 fi 1643 else 1644 if test -n "${need_dash_r}"; then 1645 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1646 else 1647 LDFLAGS="-L${withval} ${LDFLAGS}" 1648 fi 1649 fi 1650 if test -d "${withval}/include"; then 1651 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1652 else 1653 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1654 fi 1655 fi 1656 LIBS="-lwrap $LIBS" 1657 AC_MSG_CHECKING([for libwrap]) 1658 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1659#include <sys/types.h> 1660#include <sys/socket.h> 1661#include <netinet/in.h> 1662#include <tcpd.h> 1663int deny_severity = 0, allow_severity = 0; 1664 ]], [[ 1665 hosts_access(0); 1666 ]])], [ 1667 AC_MSG_RESULT([yes]) 1668 AC_DEFINE([LIBWRAP], [1], 1669 [Define if you want 1670 TCP Wrappers support]) 1671 SSHDLIBS="$SSHDLIBS -lwrap" 1672 TCPW_MSG="yes" 1673 ], [ 1674 AC_MSG_ERROR([*** libwrap missing]) 1675 ]) 1676 LIBS="$saved_LIBS" 1677 fi 1678 ] 1679) 1680 1681# Check whether user wants to use ldns 1682LDNS_MSG="no" 1683AC_ARG_WITH(ldns, 1684 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1685 [ 1686 ldns="" 1687 if test "x$withval" = "xyes" ; then 1688 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1689 if test "x$LDNSCONFIG" = "xno"; then 1690 LIBS="-lldns $LIBS" 1691 ldns=yes 1692 else 1693 LIBS="$LIBS `$LDNSCONFIG --libs`" 1694 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1695 ldns=yes 1696 fi 1697 elif test "x$withval" != "xno" ; then 1698 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1699 LDFLAGS="$LDFLAGS -L${withval}/lib" 1700 LIBS="-lldns $LIBS" 1701 ldns=yes 1702 fi 1703 1704 # Verify that it works. 1705 if test "x$ldns" = "xyes" ; then 1706 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1707 LDNS_MSG="yes" 1708 AC_MSG_CHECKING([for ldns support]) 1709 AC_LINK_IFELSE( 1710 [AC_LANG_SOURCE([[ 1711#include <stdio.h> 1712#include <stdlib.h> 1713#ifdef HAVE_STDINT_H 1714# include <stdint.h> 1715#endif 1716#include <ldns/ldns.h> 1717int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1718 ]]) 1719 ], 1720 [AC_MSG_RESULT(yes)], 1721 [ 1722 AC_MSG_RESULT(no) 1723 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1724 ]) 1725 fi 1726]) 1727 1728# Check whether user wants libedit support 1729LIBEDIT_MSG="no" 1730AC_ARG_WITH([libedit], 1731 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1732 [ if test "x$withval" != "xno" ; then 1733 if test "x$withval" = "xyes" ; then 1734 if test "x$PKGCONFIG" != "xno"; then 1735 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1736 if "$PKGCONFIG" libedit; then 1737 AC_MSG_RESULT([yes]) 1738 use_pkgconfig_for_libedit=yes 1739 else 1740 AC_MSG_RESULT([no]) 1741 fi 1742 fi 1743 else 1744 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1745 if test -n "${rpath_opt}"; then 1746 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1747 else 1748 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1749 fi 1750 fi 1751 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1752 LIBEDIT=`$PKGCONFIG --libs libedit` 1753 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1754 else 1755 LIBEDIT="-ledit -lcurses" 1756 fi 1757 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1758 AC_CHECK_LIB([edit], [el_init], 1759 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1760 LIBEDIT_MSG="yes" 1761 AC_SUBST([LIBEDIT]) 1762 ], 1763 [ AC_MSG_ERROR([libedit not found]) ], 1764 [ $OTHERLIBS ] 1765 ) 1766 AC_MSG_CHECKING([if libedit version is compatible]) 1767 AC_COMPILE_IFELSE( 1768 [AC_LANG_PROGRAM([[ 1769#include <histedit.h> 1770#include <stdlib.h> 1771 ]], 1772 [[ 1773 int i = H_SETSIZE; 1774 el_init("", NULL, NULL, NULL); 1775 exit(0); 1776 ]])], 1777 [ AC_MSG_RESULT([yes]) ], 1778 [ AC_MSG_RESULT([no]) 1779 AC_MSG_ERROR([libedit version is not compatible]) ] 1780 ) 1781 fi ] 1782) 1783 1784AUDIT_MODULE=none 1785AC_ARG_WITH([audit], 1786 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1787 [ 1788 AC_MSG_CHECKING([for supported audit module]) 1789 case "$withval" in 1790 bsm) 1791 AC_MSG_RESULT([bsm]) 1792 AUDIT_MODULE=bsm 1793 dnl Checks for headers, libs and functions 1794 AC_CHECK_HEADERS([bsm/audit.h], [], 1795 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1796 [ 1797#ifdef HAVE_TIME_H 1798# include <time.h> 1799#endif 1800 ] 1801) 1802 AC_CHECK_LIB([bsm], [getaudit], [], 1803 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1804 AC_CHECK_FUNCS([getaudit], [], 1805 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1806 # These are optional 1807 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1808 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1809 if test "$sol2ver" -ge 11; then 1810 SSHDLIBS="$SSHDLIBS -lscf" 1811 AC_DEFINE([BROKEN_BSM_API], [1], 1812 [The system has incomplete BSM API]) 1813 fi 1814 ;; 1815 linux) 1816 AC_MSG_RESULT([linux]) 1817 AUDIT_MODULE=linux 1818 dnl Checks for headers, libs and functions 1819 AC_CHECK_HEADERS([libaudit.h]) 1820 SSHDLIBS="$SSHDLIBS -laudit" 1821 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1822 ;; 1823 debug) 1824 AUDIT_MODULE=debug 1825 AC_MSG_RESULT([debug]) 1826 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1827 ;; 1828 no) 1829 AC_MSG_RESULT([no]) 1830 ;; 1831 *) 1832 AC_MSG_ERROR([Unknown audit module $withval]) 1833 ;; 1834 esac ] 1835) 1836 1837AC_ARG_WITH([pie], 1838 [ --with-pie Build Position Independent Executables if possible], [ 1839 if test "x$withval" = "xno"; then 1840 use_pie=no 1841 fi 1842 if test "x$withval" = "xyes"; then 1843 use_pie=yes 1844 fi 1845 ] 1846) 1847if test "x$use_pie" = "x"; then 1848 use_pie=no 1849fi 1850if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1851 # Turn off automatic PIE when toolchain hardening is off. 1852 use_pie=no 1853fi 1854if test "x$use_pie" = "xauto"; then 1855 # Automatic PIE requires gcc >= 4.x 1856 AC_MSG_CHECKING([for gcc >= 4.x]) 1857 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1858#if !defined(__GNUC__) || __GNUC__ < 4 1859#error gcc is too old 1860#endif 1861]])], 1862 [ AC_MSG_RESULT([yes]) ], 1863 [ AC_MSG_RESULT([no]) 1864 use_pie=no ] 1865) 1866fi 1867if test "x$use_pie" != "xno"; then 1868 SAVED_CFLAGS="$CFLAGS" 1869 SAVED_LDFLAGS="$LDFLAGS" 1870 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1871 OSSH_CHECK_LDFLAG_LINK([-pie]) 1872 # We use both -fPIE and -pie or neither. 1873 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1874 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1875 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1876 AC_MSG_RESULT([yes]) 1877 else 1878 AC_MSG_RESULT([no]) 1879 CFLAGS="$SAVED_CFLAGS" 1880 LDFLAGS="$SAVED_LDFLAGS" 1881 fi 1882fi 1883 1884AC_MSG_CHECKING([whether -fPIC is accepted]) 1885SAVED_CFLAGS="$CFLAGS" 1886CFLAGS="$CFLAGS -fPIC" 1887AC_COMPILE_IFELSE( 1888 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1889 [AC_MSG_RESULT([yes]) 1890 PICFLAG="-fPIC"; ], 1891 [AC_MSG_RESULT([no]) 1892 PICFLAG=""; ]) 1893CFLAGS="$SAVED_CFLAGS" 1894AC_SUBST([PICFLAG]) 1895 1896dnl Checks for library functions. Please keep in alphabetical order 1897AC_CHECK_FUNCS([ \ 1898 auth_hostok \ 1899 auth_timeok \ 1900 Blowfish_initstate \ 1901 Blowfish_expandstate \ 1902 Blowfish_expand0state \ 1903 Blowfish_stream2word \ 1904 SHA256Update \ 1905 SHA384Update \ 1906 SHA512Update \ 1907 asprintf \ 1908 b64_ntop \ 1909 __b64_ntop \ 1910 b64_pton \ 1911 __b64_pton \ 1912 bcopy \ 1913 bcrypt_pbkdf \ 1914 bindresvport_sa \ 1915 blf_enc \ 1916 bzero \ 1917 cap_rights_limit \ 1918 clock \ 1919 closefrom \ 1920 close_range \ 1921 dirfd \ 1922 endgrent \ 1923 err \ 1924 errx \ 1925 explicit_bzero \ 1926 explicit_memset \ 1927 fchmod \ 1928 fchmodat \ 1929 fchown \ 1930 fchownat \ 1931 flock \ 1932 fnmatch \ 1933 freeaddrinfo \ 1934 freezero \ 1935 fstatfs \ 1936 fstatvfs \ 1937 futimes \ 1938 getaddrinfo \ 1939 getcwd \ 1940 getentropy \ 1941 getgrouplist \ 1942 getline \ 1943 getnameinfo \ 1944 getopt \ 1945 getpagesize \ 1946 getpeereid \ 1947 getpeerucred \ 1948 getpgid \ 1949 _getpty \ 1950 getrlimit \ 1951 getrandom \ 1952 getsid \ 1953 getttyent \ 1954 glob \ 1955 group_from_gid \ 1956 inet_aton \ 1957 inet_ntoa \ 1958 inet_ntop \ 1959 innetgr \ 1960 killpg \ 1961 llabs \ 1962 localtime_r \ 1963 login_getcapbool \ 1964 login_getpwclass \ 1965 memmem \ 1966 memmove \ 1967 memset_s \ 1968 mkdtemp \ 1969 ngetaddrinfo \ 1970 nsleep \ 1971 ogetaddrinfo \ 1972 openlog_r \ 1973 pledge \ 1974 poll \ 1975 ppoll \ 1976 prctl \ 1977 procctl \ 1978 pselect \ 1979 pstat \ 1980 raise \ 1981 readpassphrase \ 1982 reallocarray \ 1983 realpath \ 1984 recvmsg \ 1985 recallocarray \ 1986 rresvport_af \ 1987 sendmsg \ 1988 setdtablesize \ 1989 setegid \ 1990 setenv \ 1991 seteuid \ 1992 setgroupent \ 1993 setgroups \ 1994 setlinebuf \ 1995 setlogin \ 1996 setpassent\ 1997 setpcred \ 1998 setproctitle \ 1999 setregid \ 2000 setreuid \ 2001 setrlimit \ 2002 setsid \ 2003 setvbuf \ 2004 sigaction \ 2005 sigvec \ 2006 snprintf \ 2007 socketpair \ 2008 statfs \ 2009 statvfs \ 2010 strcasestr \ 2011 strdup \ 2012 strerror \ 2013 strlcat \ 2014 strlcpy \ 2015 strmode \ 2016 strndup \ 2017 strnlen \ 2018 strnvis \ 2019 strptime \ 2020 strsignal \ 2021 strtonum \ 2022 strtoll \ 2023 strtoul \ 2024 strtoull \ 2025 swap32 \ 2026 sysconf \ 2027 tcgetpgrp \ 2028 timegm \ 2029 timingsafe_bcmp \ 2030 truncate \ 2031 unsetenv \ 2032 updwtmpx \ 2033 utimensat \ 2034 user_from_uid \ 2035 usleep \ 2036 vasprintf \ 2037 vsnprintf \ 2038 waitpid \ 2039 warn \ 2040]) 2041 2042AC_CHECK_DECLS([bzero, memmem]) 2043 2044dnl Wide character support. 2045AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2046 2047TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2048AC_MSG_CHECKING([for utf8 locale support]) 2049AC_RUN_IFELSE( 2050 [AC_LANG_PROGRAM([[ 2051#include <locale.h> 2052#include <stdlib.h> 2053 ]], [[ 2054 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2055 if (loc != NULL) 2056 exit(0); 2057 exit(1); 2058 ]])], 2059 AC_MSG_RESULT(yes), 2060 [AC_MSG_RESULT(no) 2061 TEST_SSH_UTF8=no], 2062 AC_MSG_WARN([cross compiling: assuming yes]) 2063) 2064 2065AC_LINK_IFELSE( 2066 [AC_LANG_PROGRAM( 2067 [[ #include <ctype.h> ]], 2068 [[ return (isblank('a')); ]])], 2069 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2070]) 2071 2072disable_pkcs11= 2073AC_ARG_ENABLE([pkcs11], 2074 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2075 [ 2076 if test "x$enableval" = "xno" ; then 2077 disable_pkcs11=1 2078 fi 2079 ] 2080) 2081 2082disable_sk= 2083AC_ARG_ENABLE([security-key], 2084 [ --disable-security-key disable U2F/FIDO support code [no]], 2085 [ 2086 if test "x$enableval" = "xno" ; then 2087 disable_sk=1 2088 fi 2089 ] 2090) 2091enable_sk_internal= 2092AC_ARG_WITH([security-key-builtin], 2093 [ --with-security-key-builtin include builtin U2F/FIDO support], 2094 [ enable_sk_internal=$withval ] 2095) 2096 2097AC_SEARCH_LIBS([dlopen], [dl]) 2098AC_CHECK_FUNCS([dlopen]) 2099AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2100 2101# IRIX has a const char return value for gai_strerror() 2102AC_CHECK_FUNCS([gai_strerror], [ 2103 AC_DEFINE([HAVE_GAI_STRERROR]) 2104 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2105#include <sys/types.h> 2106#include <sys/socket.h> 2107#include <netdb.h> 2108 2109const char *gai_strerror(int); 2110 ]], [[ 2111 char *str; 2112 str = gai_strerror(0); 2113 ]])], [ 2114 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2115 [Define if gai_strerror() returns const char *])], [])]) 2116 2117AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2118 [Some systems put nanosleep outside of libc])]) 2119 2120AC_SEARCH_LIBS([clock_gettime], [rt], 2121 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2122 2123dnl check if we need -D_REENTRANT for localtime_r declaration. 2124AC_CHECK_DECL([localtime_r], [], 2125 [ saved_CPPFLAGS="$CPPFLAGS" 2126 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2127 unset ac_cv_have_decl_localtime_r 2128 AC_CHECK_DECL([localtime_r], [], 2129 [ CPPFLAGS="$saved_CPPFLAGS" ], 2130 [ #include <time.h> ] 2131 ) 2132 ], 2133 [ #include <time.h> ] 2134) 2135 2136dnl Make sure prototypes are defined for these before using them. 2137AC_CHECK_DECL([strsep], 2138 [AC_CHECK_FUNCS([strsep])], 2139 [], 2140 [ 2141#ifdef HAVE_STRING_H 2142# include <string.h> 2143#endif 2144 ]) 2145 2146dnl tcsendbreak might be a macro 2147AC_CHECK_DECL([tcsendbreak], 2148 [AC_DEFINE([HAVE_TCSENDBREAK])], 2149 [AC_CHECK_FUNCS([tcsendbreak])], 2150 [#include <termios.h>] 2151) 2152 2153AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2154 2155AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2156 [ 2157#include <sys/types.h> 2158#include <sys/socket.h> 2159#include <unistd.h> 2160 ]) 2161 2162AC_CHECK_DECLS([O_NONBLOCK], , , 2163 [ 2164#include <sys/types.h> 2165#ifdef HAVE_SYS_STAT_H 2166# include <sys/stat.h> 2167#endif 2168#ifdef HAVE_FCNTL_H 2169# include <fcntl.h> 2170#endif 2171 ]) 2172 2173AC_CHECK_DECLS([ftruncate, getentropy], , , 2174 [ 2175#include <sys/types.h> 2176#include <unistd.h> 2177 ]) 2178 2179AC_CHECK_DECLS([readv, writev], , , [ 2180#include <sys/types.h> 2181#include <sys/uio.h> 2182#include <unistd.h> 2183 ]) 2184 2185AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2186#include <sys/param.h> 2187 ]) 2188 2189AC_CHECK_DECLS([offsetof], , , [ 2190#include <stddef.h> 2191 ]) 2192 2193# extra bits for select(2) 2194AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2195#include <sys/param.h> 2196#include <sys/types.h> 2197#ifdef HAVE_SYS_SYSMACROS_H 2198#include <sys/sysmacros.h> 2199#endif 2200#ifdef HAVE_SYS_SELECT_H 2201#include <sys/select.h> 2202#endif 2203#ifdef HAVE_SYS_TIME_H 2204#include <sys/time.h> 2205#endif 2206#ifdef HAVE_UNISTD_H 2207#include <unistd.h> 2208#endif 2209 ]]) 2210AC_CHECK_TYPES([fd_mask], [], [], [[ 2211#include <sys/param.h> 2212#include <sys/types.h> 2213#ifdef HAVE_SYS_SELECT_H 2214#include <sys/select.h> 2215#endif 2216#ifdef HAVE_SYS_TIME_H 2217#include <sys/time.h> 2218#endif 2219#ifdef HAVE_UNISTD_H 2220#include <unistd.h> 2221#endif 2222 ]]) 2223 2224AC_CHECK_FUNCS([setresuid], [ 2225 dnl Some platorms have setresuid that isn't implemented, test for this 2226 AC_MSG_CHECKING([if setresuid seems to work]) 2227 AC_RUN_IFELSE( 2228 [AC_LANG_PROGRAM([[ 2229#include <stdlib.h> 2230#include <errno.h> 2231 ]], [[ 2232 errno=0; 2233 setresuid(0,0,0); 2234 if (errno==ENOSYS) 2235 exit(1); 2236 else 2237 exit(0); 2238 ]])], 2239 [AC_MSG_RESULT([yes])], 2240 [AC_DEFINE([BROKEN_SETRESUID], [1], 2241 [Define if your setresuid() is broken]) 2242 AC_MSG_RESULT([not implemented])], 2243 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2244 ) 2245]) 2246 2247AC_CHECK_FUNCS([setresgid], [ 2248 dnl Some platorms have setresgid that isn't implemented, test for this 2249 AC_MSG_CHECKING([if setresgid seems to work]) 2250 AC_RUN_IFELSE( 2251 [AC_LANG_PROGRAM([[ 2252#include <stdlib.h> 2253#include <errno.h> 2254 ]], [[ 2255 errno=0; 2256 setresgid(0,0,0); 2257 if (errno==ENOSYS) 2258 exit(1); 2259 else 2260 exit(0); 2261 ]])], 2262 [AC_MSG_RESULT([yes])], 2263 [AC_DEFINE([BROKEN_SETRESGID], [1], 2264 [Define if your setresgid() is broken]) 2265 AC_MSG_RESULT([not implemented])], 2266 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2267 ) 2268]) 2269 2270AC_MSG_CHECKING([for working fflush(NULL)]) 2271AC_RUN_IFELSE( 2272 [AC_LANG_PROGRAM([[ 2273#include <stdio.h> 2274#include <stdlib.h> 2275 ]], 2276 [[fflush(NULL); exit(0);]])], 2277 AC_MSG_RESULT([yes]), 2278 [AC_MSG_RESULT([no]) 2279 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2280 [define if fflush(NULL) does not work])], 2281 AC_MSG_WARN([cross compiling: assuming working]) 2282) 2283 2284dnl Checks for time functions 2285AC_CHECK_FUNCS([gettimeofday time]) 2286dnl Checks for utmp functions 2287AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2288AC_CHECK_FUNCS([utmpname]) 2289dnl Checks for utmpx functions 2290AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2291AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2292dnl Checks for lastlog functions 2293AC_CHECK_FUNCS([getlastlogxbyname]) 2294 2295AC_CHECK_FUNC([daemon], 2296 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2297 [AC_CHECK_LIB([bsd], [daemon], 2298 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2299) 2300 2301AC_CHECK_FUNC([getpagesize], 2302 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2303 [Define if your libraries define getpagesize()])], 2304 [AC_CHECK_LIB([ucb], [getpagesize], 2305 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2306) 2307 2308# Check for broken snprintf 2309if test "x$ac_cv_func_snprintf" = "xyes" ; then 2310 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2311 AC_RUN_IFELSE( 2312 [AC_LANG_PROGRAM([[ 2313#include <stdio.h> 2314#include <stdlib.h> 2315 ]], 2316 [[ 2317 char b[5]; 2318 snprintf(b,5,"123456789"); 2319 exit(b[4]!='\0'); 2320 ]])], 2321 [AC_MSG_RESULT([yes])], 2322 [ 2323 AC_MSG_RESULT([no]) 2324 AC_DEFINE([BROKEN_SNPRINTF], [1], 2325 [Define if your snprintf is busted]) 2326 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2327 ], 2328 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2329 ) 2330fi 2331 2332if test "x$ac_cv_func_snprintf" = "xyes" ; then 2333 AC_MSG_CHECKING([whether snprintf understands %zu]) 2334 AC_RUN_IFELSE( 2335 [AC_LANG_PROGRAM([[ 2336#include <sys/types.h> 2337#include <stdio.h> 2338#include <stdlib.h> 2339#include <string.h> 2340 ]], 2341 [[ 2342 size_t a = 1, b = 2; 2343 char z[128]; 2344 snprintf(z, sizeof z, "%zu%zu", a, b); 2345 exit(strcmp(z, "12")); 2346 ]])], 2347 [AC_MSG_RESULT([yes])], 2348 [ 2349 AC_MSG_RESULT([no]) 2350 AC_DEFINE([BROKEN_SNPRINTF], [1], 2351 [snprintf does not understand %zu]) 2352 ], 2353 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2354 ) 2355fi 2356 2357# We depend on vsnprintf returning the right thing on overflow: the 2358# number of characters it tried to create (as per SUSv3) 2359if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2360 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2361 AC_RUN_IFELSE( 2362 [AC_LANG_PROGRAM([[ 2363#include <sys/types.h> 2364#include <stdio.h> 2365#include <stdarg.h> 2366 2367int x_snprintf(char *str, size_t count, const char *fmt, ...) 2368{ 2369 size_t ret; 2370 va_list ap; 2371 2372 va_start(ap, fmt); 2373 ret = vsnprintf(str, count, fmt, ap); 2374 va_end(ap); 2375 return ret; 2376} 2377 ]], [[ 2378char x[1]; 2379if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2380 return 1; 2381if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2382 return 1; 2383return 0; 2384 ]])], 2385 [AC_MSG_RESULT([yes])], 2386 [ 2387 AC_MSG_RESULT([no]) 2388 AC_DEFINE([BROKEN_SNPRINTF], [1], 2389 [Define if your snprintf is busted]) 2390 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2391 ], 2392 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2393 ) 2394fi 2395 2396# On systems where [v]snprintf is broken, but is declared in stdio, 2397# check that the fmt argument is const char * or just char *. 2398# This is only useful for when BROKEN_SNPRINTF 2399AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2400AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2401#include <stdio.h> 2402int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2403 ]], [[ 2404 snprintf(0, 0, 0); 2405 ]])], 2406 [AC_MSG_RESULT([yes]) 2407 AC_DEFINE([SNPRINTF_CONST], [const], 2408 [Define as const if snprintf() can declare const char *fmt])], 2409 [AC_MSG_RESULT([no]) 2410 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2411 2412# Check for missing getpeereid (or equiv) support 2413NO_PEERCHECK="" 2414if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2415 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2416 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2417#include <sys/types.h> 2418#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2419 [ AC_MSG_RESULT([yes]) 2420 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2421 ], [AC_MSG_RESULT([no]) 2422 NO_PEERCHECK=1 2423 ]) 2424fi 2425 2426dnl make sure that openpty does not reacquire controlling terminal 2427if test ! -z "$check_for_openpty_ctty_bug"; then 2428 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2429 AC_RUN_IFELSE( 2430 [AC_LANG_PROGRAM([[ 2431#include <stdio.h> 2432#include <stdlib.h> 2433#include <unistd.h> 2434#include <sys/fcntl.h> 2435#include <sys/types.h> 2436#include <sys/wait.h> 2437 ]], [[ 2438 pid_t pid; 2439 int fd, ptyfd, ttyfd, status; 2440 2441 pid = fork(); 2442 if (pid < 0) { /* failed */ 2443 exit(1); 2444 } else if (pid > 0) { /* parent */ 2445 waitpid(pid, &status, 0); 2446 if (WIFEXITED(status)) 2447 exit(WEXITSTATUS(status)); 2448 else 2449 exit(2); 2450 } else { /* child */ 2451 close(0); close(1); close(2); 2452 setsid(); 2453 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2454 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2455 if (fd >= 0) 2456 exit(3); /* Acquired ctty: broken */ 2457 else 2458 exit(0); /* Did not acquire ctty: OK */ 2459 } 2460 ]])], 2461 [ 2462 AC_MSG_RESULT([yes]) 2463 ], 2464 [ 2465 AC_MSG_RESULT([no]) 2466 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2467 ], 2468 [ 2469 AC_MSG_RESULT([cross-compiling, assuming yes]) 2470 ] 2471 ) 2472fi 2473 2474if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2475 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2476 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2477 AC_RUN_IFELSE( 2478 [AC_LANG_PROGRAM([[ 2479#include <stdio.h> 2480#include <stdlib.h> 2481#include <sys/socket.h> 2482#include <netdb.h> 2483#include <errno.h> 2484#include <netinet/in.h> 2485 2486#define TEST_PORT "2222" 2487 ]], [[ 2488 int err, sock; 2489 struct addrinfo *gai_ai, *ai, hints; 2490 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2491 2492 memset(&hints, 0, sizeof(hints)); 2493 hints.ai_family = PF_UNSPEC; 2494 hints.ai_socktype = SOCK_STREAM; 2495 hints.ai_flags = AI_PASSIVE; 2496 2497 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2498 if (err != 0) { 2499 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2500 exit(1); 2501 } 2502 2503 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2504 if (ai->ai_family != AF_INET6) 2505 continue; 2506 2507 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2508 sizeof(ntop), strport, sizeof(strport), 2509 NI_NUMERICHOST|NI_NUMERICSERV); 2510 2511 if (err != 0) { 2512 if (err == EAI_SYSTEM) 2513 perror("getnameinfo EAI_SYSTEM"); 2514 else 2515 fprintf(stderr, "getnameinfo failed: %s\n", 2516 gai_strerror(err)); 2517 exit(2); 2518 } 2519 2520 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2521 if (sock < 0) 2522 perror("socket"); 2523 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2524 if (errno == EBADF) 2525 exit(3); 2526 } 2527 } 2528 exit(0); 2529 ]])], 2530 [ 2531 AC_MSG_RESULT([yes]) 2532 ], 2533 [ 2534 AC_MSG_RESULT([no]) 2535 AC_DEFINE([BROKEN_GETADDRINFO]) 2536 ], 2537 [ 2538 AC_MSG_RESULT([cross-compiling, assuming yes]) 2539 ] 2540 ) 2541fi 2542 2543if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2544 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2545 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2546 AC_RUN_IFELSE( 2547 [AC_LANG_PROGRAM([[ 2548#include <stdio.h> 2549#include <stdlib.h> 2550#include <sys/socket.h> 2551#include <netdb.h> 2552#include <errno.h> 2553#include <netinet/in.h> 2554 2555#define TEST_PORT "2222" 2556 ]], [[ 2557 int err, sock; 2558 struct addrinfo *gai_ai, *ai, hints; 2559 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2560 2561 memset(&hints, 0, sizeof(hints)); 2562 hints.ai_family = PF_UNSPEC; 2563 hints.ai_socktype = SOCK_STREAM; 2564 hints.ai_flags = AI_PASSIVE; 2565 2566 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2567 if (err != 0) { 2568 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2569 exit(1); 2570 } 2571 2572 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2573 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2574 continue; 2575 2576 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2577 sizeof(ntop), strport, sizeof(strport), 2578 NI_NUMERICHOST|NI_NUMERICSERV); 2579 2580 if (ai->ai_family == AF_INET && err != 0) { 2581 perror("getnameinfo"); 2582 exit(2); 2583 } 2584 } 2585 exit(0); 2586 ]])], 2587 [ 2588 AC_MSG_RESULT([yes]) 2589 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2590 [Define if you have a getaddrinfo that fails 2591 for the all-zeros IPv6 address]) 2592 ], 2593 [ 2594 AC_MSG_RESULT([no]) 2595 AC_DEFINE([BROKEN_GETADDRINFO]) 2596 ], 2597 [ 2598 AC_MSG_RESULT([cross-compiling, assuming no]) 2599 ] 2600 ) 2601fi 2602 2603if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2604 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2605 [#include <sys/types.h> 2606 #include <sys/socket.h> 2607 #include <netdb.h>]) 2608fi 2609 2610if test "x$check_for_conflicting_getspnam" = "x1"; then 2611 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2612 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2613#include <shadow.h> 2614#include <stdlib.h> 2615 ]], 2616 [[ exit(0); ]])], 2617 [ 2618 AC_MSG_RESULT([no]) 2619 ], 2620 [ 2621 AC_MSG_RESULT([yes]) 2622 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2623 [Conflicting defs for getspnam]) 2624 ] 2625 ) 2626fi 2627 2628dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2629dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2630dnl for over ten years). Despite this incompatibility being reported during 2631dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2632dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2633dnl implementation. Try to detect this mess, and assume the only safe option 2634dnl if we're cross compiling. 2635dnl 2636dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2637dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2638if test "x$ac_cv_func_strnvis" = "xyes"; then 2639 AC_MSG_CHECKING([for working strnvis]) 2640 AC_RUN_IFELSE( 2641 [AC_LANG_PROGRAM([[ 2642#include <signal.h> 2643#include <stdlib.h> 2644#include <string.h> 2645#include <unistd.h> 2646#include <vis.h> 2647static void sighandler(int sig) { _exit(1); } 2648 ]], [[ 2649 char dst[16]; 2650 2651 signal(SIGSEGV, sighandler); 2652 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2653 exit(0); 2654 exit(1) 2655 ]])], 2656 [AC_MSG_RESULT([yes])], 2657 [AC_MSG_RESULT([no]) 2658 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2659 [AC_MSG_WARN([cross compiling: assuming broken]) 2660 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2661 ) 2662fi 2663 2664AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2665AC_RUN_IFELSE( 2666 [AC_LANG_PROGRAM([[ 2667#ifdef HAVE_SYS_SELECT 2668# include <sys/select.h> 2669#endif 2670#include <sys/types.h> 2671#include <sys/time.h> 2672#include <stdlib.h> 2673#include <signal.h> 2674#include <unistd.h> 2675static void sighandler(int sig) { } 2676 ]], [[ 2677 int r; 2678 pid_t pid; 2679 struct sigaction sa; 2680 2681 sa.sa_handler = sighandler; 2682 sa.sa_flags = SA_RESTART; 2683 (void)sigaction(SIGTERM, &sa, NULL); 2684 if ((pid = fork()) == 0) { /* child */ 2685 pid = getppid(); 2686 sleep(1); 2687 kill(pid, SIGTERM); 2688 sleep(1); 2689 if (getppid() == pid) /* if parent did not exit, shoot it */ 2690 kill(pid, SIGKILL); 2691 exit(0); 2692 } else { /* parent */ 2693 r = select(0, NULL, NULL, NULL, NULL); 2694 } 2695 exit(r == -1 ? 0 : 1); 2696 ]])], 2697 [AC_MSG_RESULT([yes])], 2698 [AC_MSG_RESULT([no]) 2699 AC_DEFINE([NO_SA_RESTART], [1], 2700 [SA_RESTARTed signals do no interrupt select])], 2701 [AC_MSG_WARN([cross compiling: assuming yes])] 2702) 2703 2704AC_CHECK_FUNCS([getpgrp],[ 2705 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2706 AC_COMPILE_IFELSE( 2707 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2708 [ AC_MSG_RESULT([yes]) 2709 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2710 [ AC_MSG_RESULT([no]) 2711 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2712 ) 2713]) 2714 2715# Search for OpenSSL 2716saved_CPPFLAGS="$CPPFLAGS" 2717saved_LDFLAGS="$LDFLAGS" 2718AC_ARG_WITH([ssl-dir], 2719 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2720 [ 2721 if test "x$openssl" = "xno" ; then 2722 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2723 fi 2724 if test "x$withval" != "xno" ; then 2725 case "$withval" in 2726 # Relative paths 2727 ./*|../*) withval="`pwd`/$withval" 2728 esac 2729 if test -d "$withval/lib"; then 2730 libcrypto_path="${withval}/lib" 2731 elif test -d "$withval/lib64"; then 2732 libcrypto_path="$withval/lib64" 2733 else 2734 # Built but not installed 2735 libcrypto_path="${withval}" 2736 fi 2737 if test -n "${rpath_opt}"; then 2738 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2739 else 2740 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2741 fi 2742 if test -d "$withval/include"; then 2743 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2744 else 2745 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2746 fi 2747 fi 2748 ] 2749) 2750 2751AC_ARG_WITH([openssl-header-check], 2752 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2753 [ 2754 if test "x$withval" = "xno" ; then 2755 openssl_check_nonfatal=1 2756 fi 2757 ] 2758) 2759 2760openssl_engine=no 2761AC_ARG_WITH([ssl-engine], 2762 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2763 [ 2764 if test "x$withval" != "xno" ; then 2765 if test "x$openssl" = "xno" ; then 2766 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2767 fi 2768 openssl_engine=yes 2769 fi 2770 ] 2771) 2772 2773nocrypto_saved_LIBS="$LIBS" 2774if test "x$openssl" = "xyes" ; then 2775 LIBS="-lcrypto $LIBS" 2776 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2777 AC_TRY_LINK_FUNC([RAND_add], , 2778 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2779 AC_CHECK_HEADER([openssl/opensslv.h], , 2780 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2781 2782 # Determine OpenSSL header version 2783 AC_MSG_CHECKING([OpenSSL header version]) 2784 AC_RUN_IFELSE( 2785 [AC_LANG_PROGRAM([[ 2786 #include <stdlib.h> 2787 #include <stdio.h> 2788 #include <string.h> 2789 #include <openssl/opensslv.h> 2790 #define DATA "conftest.sslincver" 2791 ]], [[ 2792 FILE *fd; 2793 int rc; 2794 2795 fd = fopen(DATA,"w"); 2796 if(fd == NULL) 2797 exit(1); 2798 2799 if ((rc = fprintf(fd, "%08lx (%s)\n", 2800 (unsigned long)OPENSSL_VERSION_NUMBER, 2801 OPENSSL_VERSION_TEXT)) < 0) 2802 exit(1); 2803 2804 exit(0); 2805 ]])], 2806 [ 2807 ssl_header_ver=`cat conftest.sslincver` 2808 AC_MSG_RESULT([$ssl_header_ver]) 2809 ], 2810 [ 2811 AC_MSG_RESULT([not found]) 2812 AC_MSG_ERROR([OpenSSL version header not found.]) 2813 ], 2814 [ 2815 AC_MSG_WARN([cross compiling: not checking]) 2816 ] 2817 ) 2818 2819 # Determining OpenSSL library version is version dependent. 2820 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2821 2822 # Determine OpenSSL library version 2823 AC_MSG_CHECKING([OpenSSL library version]) 2824 AC_RUN_IFELSE( 2825 [AC_LANG_PROGRAM([[ 2826 #include <stdio.h> 2827 #include <stdlib.h> 2828 #include <string.h> 2829 #include <openssl/opensslv.h> 2830 #include <openssl/crypto.h> 2831 #define DATA "conftest.ssllibver" 2832 ]], [[ 2833 FILE *fd; 2834 int rc; 2835 2836 fd = fopen(DATA,"w"); 2837 if(fd == NULL) 2838 exit(1); 2839#ifndef OPENSSL_VERSION 2840# define OPENSSL_VERSION SSLEAY_VERSION 2841#endif 2842#ifndef HAVE_OPENSSL_VERSION 2843# define OpenSSL_version SSLeay_version 2844#endif 2845#ifndef HAVE_OPENSSL_VERSION_NUM 2846# define OpenSSL_version_num SSLeay 2847#endif 2848 if ((rc = fprintf(fd, "%08lx (%s)\n", 2849 (unsigned long)OpenSSL_version_num(), 2850 OpenSSL_version(OPENSSL_VERSION))) < 0) 2851 exit(1); 2852 2853 exit(0); 2854 ]])], 2855 [ 2856 ssl_library_ver=`cat conftest.ssllibver` 2857 # Check version is supported. 2858 case "$ssl_library_ver" in 2859 10000*|0*) 2860 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2861 ;; 2862 100*) ;; # 1.0.x 2863 101000[[0123456]]*) 2864 # https://github.com/openssl/openssl/pull/4613 2865 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2866 ;; 2867 101*) ;; # 1.1.x 2868 200*) ;; # LibreSSL 2869 300*) 2870 # OpenSSL 3; we use the 1.1x API 2871 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2872 ;; 2873 301*) 2874 # OpenSSL development branch; request 1.1x API 2875 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2876 ;; 2877 *) 2878 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2879 ;; 2880 esac 2881 AC_MSG_RESULT([$ssl_library_ver]) 2882 ], 2883 [ 2884 AC_MSG_RESULT([not found]) 2885 AC_MSG_ERROR([OpenSSL library not found.]) 2886 ], 2887 [ 2888 AC_MSG_WARN([cross compiling: not checking]) 2889 ] 2890 ) 2891 2892 case "$host" in 2893 x86_64-*) 2894 case "$ssl_library_ver" in 2895 3000004*) 2896 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2897 ;; 2898 esac 2899 esac 2900 2901 # Sanity check OpenSSL headers 2902 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2903 AC_RUN_IFELSE( 2904 [AC_LANG_PROGRAM([[ 2905 #include <stdlib.h> 2906 #include <string.h> 2907 #include <openssl/opensslv.h> 2908 #include <openssl/crypto.h> 2909 ]], [[ 2910#ifndef HAVE_OPENSSL_VERSION_NUM 2911# define OpenSSL_version_num SSLeay 2912#endif 2913 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2914 ]])], 2915 [ 2916 AC_MSG_RESULT([yes]) 2917 ], 2918 [ 2919 AC_MSG_RESULT([no]) 2920 if test "x$openssl_check_nonfatal" = "x"; then 2921 AC_MSG_ERROR([Your OpenSSL headers do not match your 2922 library. Check config.log for details. 2923 If you are sure your installation is consistent, you can disable the check 2924 by running "./configure --without-openssl-header-check". 2925 Also see contrib/findssl.sh for help identifying header/library mismatches. 2926 ]) 2927 else 2928 AC_MSG_WARN([Your OpenSSL headers do not match your 2929 library. Check config.log for details. 2930 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2931 fi 2932 ], 2933 [ 2934 AC_MSG_WARN([cross compiling: not checking]) 2935 ] 2936 ) 2937 2938 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2939 AC_LINK_IFELSE( 2940 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2941 [[ ERR_load_crypto_strings(); ]])], 2942 [ 2943 AC_MSG_RESULT([yes]) 2944 ], 2945 [ 2946 AC_MSG_RESULT([no]) 2947 LIBS="$LIBS -ldl" 2948 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2949 AC_LINK_IFELSE( 2950 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2951 [[ ERR_load_crypto_strings(); ]])], 2952 [ 2953 AC_MSG_RESULT([yes]) 2954 CHANNELLIBS="$CHANNELLIBS -ldl" 2955 ], 2956 [ 2957 AC_MSG_RESULT([no]) 2958 ] 2959 ) 2960 ] 2961 ) 2962 2963 AC_CHECK_FUNCS([ \ 2964 BN_is_prime_ex \ 2965 DES_crypt \ 2966 DSA_generate_parameters_ex \ 2967 EVP_DigestFinal_ex \ 2968 EVP_DigestInit_ex \ 2969 EVP_MD_CTX_cleanup \ 2970 EVP_MD_CTX_copy_ex \ 2971 EVP_MD_CTX_init \ 2972 HMAC_CTX_init \ 2973 RSA_generate_key_ex \ 2974 RSA_get_default_method \ 2975 ]) 2976 2977 # OpenSSL_add_all_algorithms may be a macro. 2978 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2979 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2980 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2981 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2982 [[#include <openssl/evp.h>]] 2983 ) 2984 ) 2985 2986 # LibreSSL/OpenSSL 1.1x API 2987 AC_CHECK_FUNCS([ \ 2988 OPENSSL_init_crypto \ 2989 DH_get0_key \ 2990 DH_get0_pqg \ 2991 DH_set0_key \ 2992 DH_set_length \ 2993 DH_set0_pqg \ 2994 DSA_get0_key \ 2995 DSA_get0_pqg \ 2996 DSA_set0_key \ 2997 DSA_set0_pqg \ 2998 DSA_SIG_get0 \ 2999 DSA_SIG_set0 \ 3000 ECDSA_SIG_get0 \ 3001 ECDSA_SIG_set0 \ 3002 EVP_CIPHER_CTX_iv \ 3003 EVP_CIPHER_CTX_iv_noconst \ 3004 EVP_CIPHER_CTX_get_iv \ 3005 EVP_CIPHER_CTX_get_updated_iv \ 3006 EVP_CIPHER_CTX_set_iv \ 3007 RSA_get0_crt_params \ 3008 RSA_get0_factors \ 3009 RSA_get0_key \ 3010 RSA_set0_crt_params \ 3011 RSA_set0_factors \ 3012 RSA_set0_key \ 3013 RSA_meth_free \ 3014 RSA_meth_dup \ 3015 RSA_meth_set1_name \ 3016 RSA_meth_get_finish \ 3017 RSA_meth_set_priv_enc \ 3018 RSA_meth_set_priv_dec \ 3019 RSA_meth_set_finish \ 3020 EVP_PKEY_get0_RSA \ 3021 EVP_MD_CTX_new \ 3022 EVP_MD_CTX_free \ 3023 EVP_chacha20 \ 3024 ]) 3025 3026 if test "x$openssl_engine" = "xyes" ; then 3027 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3028 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3029 #include <openssl/engine.h> 3030 ]], [[ 3031 ENGINE_load_builtin_engines(); 3032 ENGINE_register_all_complete(); 3033 ]])], 3034 [ AC_MSG_RESULT([yes]) 3035 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3036 [Enable OpenSSL engine support]) 3037 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3038 ]) 3039 fi 3040 3041 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3042 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 3043 AC_LINK_IFELSE( 3044 [AC_LANG_PROGRAM([[ 3045 #include <stdlib.h> 3046 #include <string.h> 3047 #include <openssl/evp.h> 3048 ]], [[ 3049 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3050 ]])], 3051 [ 3052 AC_MSG_RESULT([no]) 3053 ], 3054 [ 3055 AC_MSG_RESULT([yes]) 3056 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3057 [libcrypto is missing AES 192 and 256 bit functions]) 3058 ] 3059 ) 3060 3061 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3062 AC_LINK_IFELSE( 3063 [AC_LANG_PROGRAM([[ 3064 #include <stdlib.h> 3065 #include <string.h> 3066 #include <openssl/evp.h> 3067 ]], [[ 3068 if(EVP_DigestUpdate(NULL, NULL,0)) 3069 exit(0); 3070 ]])], 3071 [ 3072 AC_MSG_RESULT([yes]) 3073 ], 3074 [ 3075 AC_MSG_RESULT([no]) 3076 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3077 [Define if EVP_DigestUpdate returns void]) 3078 ] 3079 ) 3080 3081 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3082 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3083 3084 # Check complete ECC support in OpenSSL 3085 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3086 AC_LINK_IFELSE( 3087 [AC_LANG_PROGRAM([[ 3088 #include <openssl/ec.h> 3089 #include <openssl/ecdh.h> 3090 #include <openssl/ecdsa.h> 3091 #include <openssl/evp.h> 3092 #include <openssl/objects.h> 3093 #include <openssl/opensslv.h> 3094 ]], [[ 3095 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3096 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3097 ]])], 3098 [ AC_MSG_RESULT([yes]) 3099 enable_nistp256=1 ], 3100 [ AC_MSG_RESULT([no]) ] 3101 ) 3102 3103 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3104 AC_LINK_IFELSE( 3105 [AC_LANG_PROGRAM([[ 3106 #include <openssl/ec.h> 3107 #include <openssl/ecdh.h> 3108 #include <openssl/ecdsa.h> 3109 #include <openssl/evp.h> 3110 #include <openssl/objects.h> 3111 #include <openssl/opensslv.h> 3112 ]], [[ 3113 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3114 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3115 ]])], 3116 [ AC_MSG_RESULT([yes]) 3117 enable_nistp384=1 ], 3118 [ AC_MSG_RESULT([no]) ] 3119 ) 3120 3121 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3122 AC_LINK_IFELSE( 3123 [AC_LANG_PROGRAM([[ 3124 #include <openssl/ec.h> 3125 #include <openssl/ecdh.h> 3126 #include <openssl/ecdsa.h> 3127 #include <openssl/evp.h> 3128 #include <openssl/objects.h> 3129 #include <openssl/opensslv.h> 3130 ]], [[ 3131 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3132 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3133 ]])], 3134 [ AC_MSG_RESULT([yes]) 3135 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3136 AC_RUN_IFELSE( 3137 [AC_LANG_PROGRAM([[ 3138 #include <stdlib.h> 3139 #include <openssl/ec.h> 3140 #include <openssl/ecdh.h> 3141 #include <openssl/ecdsa.h> 3142 #include <openssl/evp.h> 3143 #include <openssl/objects.h> 3144 #include <openssl/opensslv.h> 3145 ]],[[ 3146 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3147 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3148 exit(e == NULL || m == NULL); 3149 ]])], 3150 [ AC_MSG_RESULT([yes]) 3151 enable_nistp521=1 ], 3152 [ AC_MSG_RESULT([no]) ], 3153 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3154 enable_nistp521=1 ] 3155 )], 3156 AC_MSG_RESULT([no]) 3157 ) 3158 3159 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3160 test x$enable_nistp521 = x1; then 3161 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3162 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3163 openssl_ecc=yes 3164 else 3165 openssl_ecc=no 3166 fi 3167 if test x$enable_nistp256 = x1; then 3168 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3169 [libcrypto has NID_X9_62_prime256v1]) 3170 else 3171 unsupported_algorithms="$unsupported_algorithms \ 3172 ecdsa-sha2-nistp256 \ 3173 ecdh-sha2-nistp256 \ 3174 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3175 fi 3176 if test x$enable_nistp384 = x1; then 3177 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3178 else 3179 unsupported_algorithms="$unsupported_algorithms \ 3180 ecdsa-sha2-nistp384 \ 3181 ecdh-sha2-nistp384 \ 3182 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3183 fi 3184 if test x$enable_nistp521 = x1; then 3185 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3186 else 3187 unsupported_algorithms="$unsupported_algorithms \ 3188 ecdh-sha2-nistp521 \ 3189 ecdsa-sha2-nistp521 \ 3190 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3191 fi 3192fi 3193 3194# PKCS11/U2F depend on OpenSSL and dlopen(). 3195enable_pkcs11=yes 3196enable_sk=yes 3197if test "x$openssl" != "xyes" ; then 3198 enable_pkcs11="disabled; missing libcrypto" 3199fi 3200if test "x$ac_cv_func_dlopen" != "xyes" ; then 3201 enable_pkcs11="disabled; missing dlopen(3)" 3202 enable_sk="disabled; missing dlopen(3)" 3203fi 3204if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3205 enable_pkcs11="disabled; missing RTLD_NOW" 3206 enable_sk="disabled; missing RTLD_NOW" 3207fi 3208if test ! -z "$disable_pkcs11" ; then 3209 enable_pkcs11="disabled by user" 3210fi 3211if test ! -z "$disable_sk" ; then 3212 enable_sk="disabled by user" 3213fi 3214 3215AC_MSG_CHECKING([whether to enable PKCS11]) 3216if test "x$enable_pkcs11" = "xyes" ; then 3217 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3218fi 3219AC_MSG_RESULT([$enable_pkcs11]) 3220 3221AC_MSG_CHECKING([whether to enable U2F]) 3222if test "x$enable_sk" = "xyes" ; then 3223 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3224 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3225else 3226 # Do not try to build sk-dummy library. 3227 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3228fi 3229AC_MSG_RESULT([$enable_sk]) 3230 3231# Now check for built-in security key support. 3232if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3233 use_pkgconfig_for_libfido2= 3234 if test "x$PKGCONFIG" != "xno"; then 3235 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3236 if "$PKGCONFIG" libfido2; then 3237 AC_MSG_RESULT([yes]) 3238 use_pkgconfig_for_libfido2=yes 3239 else 3240 AC_MSG_RESULT([no]) 3241 fi 3242 fi 3243 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3244 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3245 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3246 else 3247 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3248 fi 3249 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3250 fido2_error= 3251 AC_CHECK_LIB([privatefido2], [fido_init], 3252 [ ], 3253 [ fido2_error="missing/unusable libfido2" ], 3254 [ $OTHERLIBS ] 3255 ) 3256 AC_CHECK_HEADER([fido.h], [], 3257 [ fido2_error="missing fido.h from libfido2" ]) 3258 AC_CHECK_HEADER([fido/credman.h], [], 3259 [ fido2_error="missing fido/credman.h from libfido2" ], 3260 [ #include <fido.h> ] 3261 ) 3262 AC_MSG_CHECKING([for usable libfido2 installation]) 3263 if test ! -z "$fido2_error" ; then 3264 AC_MSG_RESULT([$fido2_error]) 3265 if test "x$enable_sk_internal" = "xyes" ; then 3266 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3267 fi 3268 LIBFIDO2="" 3269 else 3270 AC_MSG_RESULT([yes]) 3271 AC_SUBST([LIBFIDO2]) 3272 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3273 [Enable for built-in U2F/FIDO support]) 3274 enable_sk="built-in" 3275 saved_LIBS="$LIBS" 3276 LIBS="$LIBS $LIBFIDO2" 3277 AC_CHECK_FUNCS([ \ 3278 fido_assert_set_clientdata \ 3279 fido_cred_prot \ 3280 fido_cred_set_prot \ 3281 fido_cred_set_clientdata \ 3282 fido_dev_get_touch_begin \ 3283 fido_dev_get_touch_status \ 3284 fido_dev_supports_cred_prot \ 3285 fido_dev_is_winhello \ 3286 ]) 3287 LIBS="$saved_LIBS" 3288 fi 3289fi 3290 3291AC_CHECK_FUNCS([ \ 3292 arc4random \ 3293 arc4random_buf \ 3294 arc4random_stir \ 3295 arc4random_uniform \ 3296]) 3297### Configure cryptographic random number support 3298 3299# Check whether OpenSSL seeds itself 3300if test "x$openssl" = "xyes" ; then 3301 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3302 AC_RUN_IFELSE( 3303 [AC_LANG_PROGRAM([[ 3304 #include <stdlib.h> 3305 #include <string.h> 3306 #include <openssl/rand.h> 3307 ]], [[ 3308 exit(RAND_status() == 1 ? 0 : 1); 3309 ]])], 3310 [ 3311 OPENSSL_SEEDS_ITSELF=yes 3312 AC_MSG_RESULT([yes]) 3313 ], 3314 [ 3315 AC_MSG_RESULT([no]) 3316 ], 3317 [ 3318 AC_MSG_WARN([cross compiling: assuming yes]) 3319 # This is safe, since we will fatal() at runtime if 3320 # OpenSSL is not seeded correctly. 3321 OPENSSL_SEEDS_ITSELF=yes 3322 ] 3323 ) 3324fi 3325 3326# PRNGD TCP socket 3327AC_ARG_WITH([prngd-port], 3328 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3329 [ 3330 case "$withval" in 3331 no) 3332 withval="" 3333 ;; 3334 [[0-9]]*) 3335 ;; 3336 *) 3337 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3338 ;; 3339 esac 3340 if test ! -z "$withval" ; then 3341 PRNGD_PORT="$withval" 3342 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3343 [Port number of PRNGD/EGD random number socket]) 3344 fi 3345 ] 3346) 3347 3348# PRNGD Unix domain socket 3349AC_ARG_WITH([prngd-socket], 3350 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3351 [ 3352 case "$withval" in 3353 yes) 3354 withval="/var/run/egd-pool" 3355 ;; 3356 no) 3357 withval="" 3358 ;; 3359 /*) 3360 ;; 3361 *) 3362 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3363 ;; 3364 esac 3365 3366 if test ! -z "$withval" ; then 3367 if test ! -z "$PRNGD_PORT" ; then 3368 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3369 fi 3370 if test ! -r "$withval" ; then 3371 AC_MSG_WARN([Entropy socket is not readable]) 3372 fi 3373 PRNGD_SOCKET="$withval" 3374 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3375 [Location of PRNGD/EGD random number socket]) 3376 fi 3377 ], 3378 [ 3379 # Check for existing socket only if we don't have a random device already 3380 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3381 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3382 # Insert other locations here 3383 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3384 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3385 PRNGD_SOCKET="$sock" 3386 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3387 break; 3388 fi 3389 done 3390 if test ! -z "$PRNGD_SOCKET" ; then 3391 AC_MSG_RESULT([$PRNGD_SOCKET]) 3392 else 3393 AC_MSG_RESULT([not found]) 3394 fi 3395 fi 3396 ] 3397) 3398 3399# Which randomness source do we use? 3400if test ! -z "$PRNGD_PORT" ; then 3401 RAND_MSG="PRNGd port $PRNGD_PORT" 3402elif test ! -z "$PRNGD_SOCKET" ; then 3403 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3404elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3405 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3406 [Define if you want the OpenSSL internally seeded PRNG only]) 3407 RAND_MSG="OpenSSL internal ONLY" 3408elif test "x$openssl" = "xno" ; then 3409 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3410else 3411 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3412fi 3413LIBS="$nocrypto_saved_LIBS" 3414 3415saved_LIBS="$LIBS" 3416AC_CHECK_LIB([iaf], [ia_openinfo], [ 3417 LIBS="$LIBS -liaf" 3418 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3419 AC_DEFINE([HAVE_LIBIAF], [1], 3420 [Define if system has libiaf that supports set_id]) 3421 ]) 3422]) 3423LIBS="$saved_LIBS" 3424 3425# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3426saved_LIBS="$LIBS" 3427AC_CHECK_LIB([crypt], [crypt], [ 3428 LIBS="-lcrypt $LIBS" 3429 SSHDLIBS="-lcrypt $SSHDLIBS" 3430]) 3431AC_CHECK_FUNCS([crypt]) 3432LIBS="$saved_LIBS" 3433 3434# Check for PAM libs 3435PAM_MSG="no" 3436AC_ARG_WITH([pam], 3437 [ --with-pam Enable PAM support ], 3438 [ 3439 if test "x$withval" != "xno" ; then 3440 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3441 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3442 AC_MSG_ERROR([PAM headers not found]) 3443 fi 3444 3445 saved_LIBS="$LIBS" 3446 AC_CHECK_LIB([dl], [dlopen], , ) 3447 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3448 AC_CHECK_FUNCS([pam_getenvlist]) 3449 AC_CHECK_FUNCS([pam_putenv]) 3450 LIBS="$saved_LIBS" 3451 3452 PAM_MSG="yes" 3453 3454 SSHDLIBS="$SSHDLIBS -lpam" 3455 AC_DEFINE([USE_PAM], [1], 3456 [Define if you want to enable PAM support]) 3457 3458 if test $ac_cv_lib_dl_dlopen = yes; then 3459 case "$LIBS" in 3460 *-ldl*) 3461 # libdl already in LIBS 3462 ;; 3463 *) 3464 SSHDLIBS="$SSHDLIBS -ldl" 3465 ;; 3466 esac 3467 fi 3468 fi 3469 ] 3470) 3471 3472AC_ARG_WITH([pam-service], 3473 [ --with-pam-service=name Specify PAM service name ], 3474 [ 3475 if test "x$withval" != "xno" && \ 3476 test "x$withval" != "xyes" ; then 3477 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3478 ["$withval"], [sshd PAM service name]) 3479 fi 3480 ] 3481) 3482 3483# Check for older PAM 3484if test "x$PAM_MSG" = "xyes" ; then 3485 # Check PAM strerror arguments (old PAM) 3486 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3487 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3488#include <stdlib.h> 3489#if defined(HAVE_SECURITY_PAM_APPL_H) 3490#include <security/pam_appl.h> 3491#elif defined (HAVE_PAM_PAM_APPL_H) 3492#include <pam/pam_appl.h> 3493#endif 3494 ]], [[ 3495(void)pam_strerror((pam_handle_t *)NULL, -1); 3496 ]])], [AC_MSG_RESULT([no])], [ 3497 AC_DEFINE([HAVE_OLD_PAM], [1], 3498 [Define if you have an old version of PAM 3499 which takes only one argument to pam_strerror]) 3500 AC_MSG_RESULT([yes]) 3501 PAM_MSG="yes (old library)" 3502 3503 ]) 3504fi 3505 3506case "$host" in 3507*-*-cygwin*) 3508 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3509 ;; 3510*) 3511 SSH_PRIVSEP_USER=sshd 3512 ;; 3513esac 3514AC_ARG_WITH([privsep-user], 3515 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3516 [ 3517 if test -n "$withval" && test "x$withval" != "xno" && \ 3518 test "x${withval}" != "xyes"; then 3519 SSH_PRIVSEP_USER=$withval 3520 fi 3521 ] 3522) 3523if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3524 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3525 [Cygwin function to fetch non-privileged user for privilege separation]) 3526else 3527 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3528 [non-privileged user for privilege separation]) 3529fi 3530AC_SUBST([SSH_PRIVSEP_USER]) 3531 3532if test "x$have_linux_no_new_privs" = "x1" ; then 3533AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3534 #include <sys/types.h> 3535 #include <linux/seccomp.h> 3536]) 3537fi 3538if test "x$have_seccomp_filter" = "x1" ; then 3539AC_MSG_CHECKING([kernel for seccomp_filter support]) 3540AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3541 #include <errno.h> 3542 #include <elf.h> 3543 #include <linux/audit.h> 3544 #include <linux/seccomp.h> 3545 #include <stdlib.h> 3546 #include <sys/prctl.h> 3547 ]], 3548 [[ int i = $seccomp_audit_arch; 3549 errno = 0; 3550 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3551 exit(errno == EFAULT ? 0 : 1); ]])], 3552 [ AC_MSG_RESULT([yes]) ], [ 3553 AC_MSG_RESULT([no]) 3554 # Disable seccomp filter as a target 3555 have_seccomp_filter=0 3556 ] 3557) 3558fi 3559 3560AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3561#include <sys/types.h> 3562#ifdef HAVE_POLL_H 3563#include <poll.h> 3564#endif 3565#ifdef HAVE_SYS_POLL_H 3566#include <sys/poll.h> 3567#endif 3568]]) 3569 3570AC_CHECK_TYPES([nfds_t], , , [ 3571#include <sys/types.h> 3572#ifdef HAVE_POLL_H 3573#include <poll.h> 3574#endif 3575#ifdef HAVE_SYS_POLL_H 3576#include <sys/poll.h> 3577#endif 3578]) 3579 3580# Decide which sandbox style to use 3581sandbox_arg="" 3582AC_ARG_WITH([sandbox], 3583 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3584 [ 3585 if test "x$withval" = "xyes" ; then 3586 sandbox_arg="" 3587 else 3588 sandbox_arg="$withval" 3589 fi 3590 ] 3591) 3592 3593if test "x$sandbox_arg" != "xno"; then 3594# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3595# is greater than OPEN_MAX". On some platforms that includes implementions 3596# of select in userspace on top of poll() so check both work with rlimit 3597# NOFILES so check that both work before enabling the rlimit sandbox. 3598 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3599 AC_RUN_IFELSE( 3600 [AC_LANG_PROGRAM([[ 3601#include <sys/types.h> 3602#ifdef HAVE_SYS_TIME_H 3603# include <sys/time.h> 3604#endif 3605#include <sys/resource.h> 3606#ifdef HAVE_SYS_SELECT_H 3607# include <sys/select.h> 3608#endif 3609#ifdef HAVE_POLL_H 3610# include <poll.h> 3611#elif HAVE_SYS_POLL_H 3612# include <sys/poll.h> 3613#endif 3614#include <errno.h> 3615#include <fcntl.h> 3616#include <stdlib.h> 3617 ]],[[ 3618 struct rlimit rl_zero; 3619 int fd, r; 3620 fd_set fds; 3621 struct timeval tv; 3622#ifdef HAVE_POLL 3623 struct pollfd pfd; 3624#endif 3625 3626 fd = open("/dev/null", O_RDONLY); 3627 FD_ZERO(&fds); 3628 FD_SET(fd, &fds); 3629 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3630 setrlimit(RLIMIT_FSIZE, &rl_zero); 3631 setrlimit(RLIMIT_NOFILE, &rl_zero); 3632 tv.tv_sec = 1; 3633 tv.tv_usec = 0; 3634 r = select(fd+1, &fds, NULL, NULL, &tv); 3635 if (r == -1) 3636 exit(1); 3637#ifdef HAVE_POLL 3638 pfd.fd = fd; 3639 pfd.events = POLLIN; 3640 r = poll(&pfd, 1, 1); 3641 if (r == -1) 3642 exit(2); 3643#endif 3644 exit(0); 3645 ]])], 3646 [AC_MSG_RESULT([yes]) 3647 select_works_with_rlimit=yes], 3648 [AC_MSG_RESULT([no]) 3649 select_works_with_rlimit=no], 3650 [AC_MSG_WARN([cross compiling: assuming no]) 3651 select_works_with_rlimit=no] 3652 ) 3653 3654 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3655 AC_RUN_IFELSE( 3656 [AC_LANG_PROGRAM([[ 3657#include <sys/types.h> 3658#ifdef HAVE_SYS_TIME_H 3659# include <sys/time.h> 3660#endif 3661#include <sys/resource.h> 3662#include <errno.h> 3663#include <stdlib.h> 3664 ]],[[ 3665 struct rlimit rl_zero; 3666 int r; 3667 3668 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3669 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3670 exit (r == -1 ? 1 : 0); 3671 ]])], 3672 [AC_MSG_RESULT([yes]) 3673 rlimit_nofile_zero_works=yes], 3674 [AC_MSG_RESULT([no]) 3675 rlimit_nofile_zero_works=no], 3676 [AC_MSG_WARN([cross compiling: assuming yes]) 3677 rlimit_nofile_zero_works=yes] 3678 ) 3679 3680 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3681 AC_RUN_IFELSE( 3682 [AC_LANG_PROGRAM([[ 3683#include <sys/types.h> 3684#include <sys/resource.h> 3685#include <stdlib.h> 3686 ]],[[ 3687 struct rlimit rl_zero; 3688 3689 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3690 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3691 ]])], 3692 [AC_MSG_RESULT([yes])], 3693 [AC_MSG_RESULT([no]) 3694 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3695 [setrlimit RLIMIT_FSIZE works])], 3696 [AC_MSG_WARN([cross compiling: assuming yes])] 3697 ) 3698fi 3699 3700if test "x$sandbox_arg" = "xpledge" || \ 3701 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3702 test "x$ac_cv_func_pledge" != "xyes" && \ 3703 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3704 SANDBOX_STYLE="pledge" 3705 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3706elif test "x$sandbox_arg" = "xsystrace" || \ 3707 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3708 test "x$have_systr_policy_kill" != "x1" && \ 3709 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3710 SANDBOX_STYLE="systrace" 3711 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3712elif test "x$sandbox_arg" = "xdarwin" || \ 3713 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3714 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3715 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3716 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3717 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3718 SANDBOX_STYLE="darwin" 3719 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3720elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3721 ( test -z "$sandbox_arg" && \ 3722 test "x$have_seccomp_filter" = "x1" && \ 3723 test "x$ac_cv_header_elf_h" = "xyes" && \ 3724 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3725 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3726 test "x$seccomp_audit_arch" != "x" && \ 3727 test "x$have_linux_no_new_privs" = "x1" && \ 3728 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3729 test "x$seccomp_audit_arch" = "x" && \ 3730 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3731 test "x$have_linux_no_new_privs" != "x1" && \ 3732 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3733 test "x$have_seccomp_filter" != "x1" && \ 3734 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3735 test "x$ac_cv_func_prctl" != "xyes" && \ 3736 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3737 SANDBOX_STYLE="seccomp_filter" 3738 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3739elif test "x$sandbox_arg" = "xcapsicum" || \ 3740 ( test -z "$sandbox_arg" && \ 3741 test "x$disable_capsicum" != "xyes" && \ 3742 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3743 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3744 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3745 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3746 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3747 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3748 SANDBOX_STYLE="capsicum" 3749 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3750elif test "x$sandbox_arg" = "xrlimit" || \ 3751 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3752 test "x$select_works_with_rlimit" = "xyes" && \ 3753 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3754 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3755 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3756 test "x$select_works_with_rlimit" != "xyes" && \ 3757 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3758 SANDBOX_STYLE="rlimit" 3759 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3760elif test "x$sandbox_arg" = "xsolaris" || \ 3761 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3762 SANDBOX_STYLE="solaris" 3763 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3764elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3765 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3766 SANDBOX_STYLE="none" 3767 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3768else 3769 AC_MSG_ERROR([unsupported --with-sandbox]) 3770fi 3771 3772# Cheap hack to ensure NEWS-OS libraries are arranged right. 3773if test ! -z "$SONY" ; then 3774 LIBS="$LIBS -liberty"; 3775fi 3776 3777# Check for long long datatypes 3778AC_CHECK_TYPES([long long, unsigned long long, long double]) 3779 3780# Check datatype sizes 3781AC_CHECK_SIZEOF([short int]) 3782AC_CHECK_SIZEOF([int]) 3783AC_CHECK_SIZEOF([long int]) 3784AC_CHECK_SIZEOF([long long int]) 3785AC_CHECK_SIZEOF([time_t], [], [[ 3786 #include <sys/types.h> 3787 #ifdef HAVE_SYS_TIME_H 3788 # include <sys/time.h> 3789 #endif 3790 #ifdef HAVE_TIME_H 3791 # include <time.h> 3792 #endif 3793 ]] 3794) 3795 3796# Sanity check long long for some platforms (AIX) 3797if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3798 ac_cv_sizeof_long_long_int=0 3799fi 3800 3801# compute LLONG_MIN and LLONG_MAX if we don't know them. 3802if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3803 AC_MSG_CHECKING([for max value of long long]) 3804 AC_RUN_IFELSE( 3805 [AC_LANG_PROGRAM([[ 3806#include <stdio.h> 3807#include <stdlib.h> 3808/* Why is this so damn hard? */ 3809#ifdef __GNUC__ 3810# undef __GNUC__ 3811#endif 3812#define __USE_ISOC99 3813#include <limits.h> 3814#define DATA "conftest.llminmax" 3815#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3816 3817/* 3818 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3819 * we do this the hard way. 3820 */ 3821static int 3822fprint_ll(FILE *f, long long n) 3823{ 3824 unsigned int i; 3825 int l[sizeof(long long) * 8]; 3826 3827 if (n < 0) 3828 if (fprintf(f, "-") < 0) 3829 return -1; 3830 for (i = 0; n != 0; i++) { 3831 l[i] = my_abs(n % 10); 3832 n /= 10; 3833 } 3834 do { 3835 if (fprintf(f, "%d", l[--i]) < 0) 3836 return -1; 3837 } while (i != 0); 3838 if (fprintf(f, " ") < 0) 3839 return -1; 3840 return 0; 3841} 3842 ]], [[ 3843 FILE *f; 3844 long long i, llmin, llmax = 0; 3845 3846 if((f = fopen(DATA,"w")) == NULL) 3847 exit(1); 3848 3849#if defined(LLONG_MIN) && defined(LLONG_MAX) 3850 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3851 llmin = LLONG_MIN; 3852 llmax = LLONG_MAX; 3853#else 3854 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3855 /* This will work on one's complement and two's complement */ 3856 for (i = 1; i > llmax; i <<= 1, i++) 3857 llmax = i; 3858 llmin = llmax + 1LL; /* wrap */ 3859#endif 3860 3861 /* Sanity check */ 3862 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3863 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3864 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3865 fprintf(f, "unknown unknown\n"); 3866 exit(2); 3867 } 3868 3869 if (fprint_ll(f, llmin) < 0) 3870 exit(3); 3871 if (fprint_ll(f, llmax) < 0) 3872 exit(4); 3873 if (fclose(f) < 0) 3874 exit(5); 3875 exit(0); 3876 ]])], 3877 [ 3878 llong_min=`$AWK '{print $1}' conftest.llminmax` 3879 llong_max=`$AWK '{print $2}' conftest.llminmax` 3880 3881 AC_MSG_RESULT([$llong_max]) 3882 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3883 [max value of long long calculated by configure]) 3884 AC_MSG_CHECKING([for min value of long long]) 3885 AC_MSG_RESULT([$llong_min]) 3886 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3887 [min value of long long calculated by configure]) 3888 ], 3889 [ 3890 AC_MSG_RESULT([not found]) 3891 ], 3892 [ 3893 AC_MSG_WARN([cross compiling: not checking]) 3894 ] 3895 ) 3896fi 3897 3898AC_CHECK_DECLS([UINT32_MAX], , , [[ 3899#ifdef HAVE_SYS_LIMITS_H 3900# include <sys/limits.h> 3901#endif 3902#ifdef HAVE_LIMITS_H 3903# include <limits.h> 3904#endif 3905#ifdef HAVE_STDINT_H 3906# include <stdint.h> 3907#endif 3908]]) 3909 3910# More checks for data types 3911AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3912 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3913 [[ u_int a; a = 1;]])], 3914 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3915 ]) 3916]) 3917if test "x$ac_cv_have_u_int" = "xyes" ; then 3918 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3919 have_u_int=1 3920fi 3921 3922AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3923 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3924 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3925 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3926 ]) 3927]) 3928if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3929 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3930 have_intxx_t=1 3931fi 3932 3933if (test -z "$have_intxx_t" && \ 3934 test "x$ac_cv_header_stdint_h" = "xyes") 3935then 3936 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3937 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3938 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3939 [ 3940 AC_DEFINE([HAVE_INTXX_T]) 3941 AC_MSG_RESULT([yes]) 3942 ], [ AC_MSG_RESULT([no]) 3943 ]) 3944fi 3945 3946AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3947 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3948#include <sys/types.h> 3949#ifdef HAVE_STDINT_H 3950# include <stdint.h> 3951#endif 3952#include <sys/socket.h> 3953#ifdef HAVE_SYS_BITYPES_H 3954# include <sys/bitypes.h> 3955#endif 3956 ]], [[ 3957int64_t a; a = 1; 3958 ]])], 3959 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3960 ]) 3961]) 3962if test "x$ac_cv_have_int64_t" = "xyes" ; then 3963 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3964fi 3965 3966AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3967 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3968 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3969 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3970 ]) 3971]) 3972if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3973 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3974 have_u_intxx_t=1 3975fi 3976 3977if test -z "$have_u_intxx_t" ; then 3978 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3979 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3980 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3981 [ 3982 AC_DEFINE([HAVE_U_INTXX_T]) 3983 AC_MSG_RESULT([yes]) 3984 ], [ AC_MSG_RESULT([no]) 3985 ]) 3986fi 3987 3988AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3989 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3990 [[ u_int64_t a; a = 1;]])], 3991 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3992 ]) 3993]) 3994if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3995 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3996 have_u_int64_t=1 3997fi 3998 3999if (test -z "$have_u_int64_t" && \ 4000 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4001then 4002 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4003 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4004 [[ u_int64_t a; a = 1]])], 4005 [ 4006 AC_DEFINE([HAVE_U_INT64_T]) 4007 AC_MSG_RESULT([yes]) 4008 ], [ AC_MSG_RESULT([no]) 4009 ]) 4010fi 4011 4012if test -z "$have_u_intxx_t" ; then 4013 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4014 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4015#include <sys/types.h> 4016 ]], [[ 4017 uint8_t a; 4018 uint16_t b; 4019 uint32_t c; 4020 a = b = c = 1; 4021 ]])], 4022 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4023 ]) 4024 ]) 4025 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4026 AC_DEFINE([HAVE_UINTXX_T], [1], 4027 [define if you have uintxx_t data type]) 4028 fi 4029fi 4030 4031if (test -z "$have_uintxx_t" && \ 4032 test "x$ac_cv_header_stdint_h" = "xyes") 4033then 4034 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4035 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4036 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4037 [ 4038 AC_DEFINE([HAVE_UINTXX_T]) 4039 AC_MSG_RESULT([yes]) 4040 ], [ AC_MSG_RESULT([no]) 4041 ]) 4042fi 4043 4044if (test -z "$have_uintxx_t" && \ 4045 test "x$ac_cv_header_inttypes_h" = "xyes") 4046then 4047 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4048 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4049 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4050 [ 4051 AC_DEFINE([HAVE_UINTXX_T]) 4052 AC_MSG_RESULT([yes]) 4053 ], [ AC_MSG_RESULT([no]) 4054 ]) 4055fi 4056 4057if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4058 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4059then 4060 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4061 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4062#include <sys/bitypes.h> 4063 ]], [[ 4064 int8_t a; int16_t b; int32_t c; 4065 u_int8_t e; u_int16_t f; u_int32_t g; 4066 a = b = c = e = f = g = 1; 4067 ]])], 4068 [ 4069 AC_DEFINE([HAVE_U_INTXX_T]) 4070 AC_DEFINE([HAVE_INTXX_T]) 4071 AC_MSG_RESULT([yes]) 4072 ], [AC_MSG_RESULT([no]) 4073 ]) 4074fi 4075 4076 4077AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4078 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4079 [[ u_char foo; foo = 125; ]])], 4080 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4081 ]) 4082]) 4083if test "x$ac_cv_have_u_char" = "xyes" ; then 4084 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4085fi 4086 4087AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4088#include <sys/types.h> 4089#ifdef HAVE_STDINT_H 4090# include <stdint.h> 4091#endif 4092]) 4093 4094TYPE_SOCKLEN_T 4095 4096AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4097AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4098#include <sys/types.h> 4099#ifdef HAVE_SYS_BITYPES_H 4100#include <sys/bitypes.h> 4101#endif 4102#ifdef HAVE_SYS_STATFS_H 4103#include <sys/statfs.h> 4104#endif 4105#ifdef HAVE_SYS_STATVFS_H 4106#include <sys/statvfs.h> 4107#endif 4108]) 4109 4110AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4111#include <sys/param.h> 4112#include <sys/types.h> 4113#ifdef HAVE_SYS_BITYPES_H 4114#include <sys/bitypes.h> 4115#endif 4116#ifdef HAVE_SYS_STATFS_H 4117#include <sys/statfs.h> 4118#endif 4119#ifdef HAVE_SYS_STATVFS_H 4120#include <sys/statvfs.h> 4121#endif 4122#ifdef HAVE_SYS_VFS_H 4123#include <sys/vfs.h> 4124#endif 4125#ifdef HAVE_SYS_MOUNT_H 4126#include <sys/mount.h> 4127#endif 4128]]) 4129 4130 4131AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4132[#include <sys/types.h> 4133#include <netinet/in.h>]) 4134 4135AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4136 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4137 [[ size_t foo; foo = 1235; ]])], 4138 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4139 ]) 4140]) 4141if test "x$ac_cv_have_size_t" = "xyes" ; then 4142 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4143fi 4144 4145AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4146 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4147 [[ ssize_t foo; foo = 1235; ]])], 4148 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4149 ]) 4150]) 4151if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4152 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4153fi 4154 4155AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4156 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4157 [[ clock_t foo; foo = 1235; ]])], 4158 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4159 ]) 4160]) 4161if test "x$ac_cv_have_clock_t" = "xyes" ; then 4162 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4163fi 4164 4165AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4166 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4167#include <sys/types.h> 4168#include <sys/socket.h> 4169 ]], [[ sa_family_t foo; foo = 1235; ]])], 4170 [ ac_cv_have_sa_family_t="yes" ], 4171 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4172#include <sys/types.h> 4173#include <sys/socket.h> 4174#include <netinet/in.h> 4175 ]], [[ sa_family_t foo; foo = 1235; ]])], 4176 [ ac_cv_have_sa_family_t="yes" ], 4177 [ ac_cv_have_sa_family_t="no" ] 4178 ) 4179 ]) 4180]) 4181if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4182 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4183 [define if you have sa_family_t data type]) 4184fi 4185 4186AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4187 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4188 [[ pid_t foo; foo = 1235; ]])], 4189 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4190 ]) 4191]) 4192if test "x$ac_cv_have_pid_t" = "xyes" ; then 4193 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4194fi 4195 4196AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4197 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4198 [[ mode_t foo; foo = 1235; ]])], 4199 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4200 ]) 4201]) 4202if test "x$ac_cv_have_mode_t" = "xyes" ; then 4203 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4204fi 4205 4206 4207AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4208 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4209#include <sys/types.h> 4210#include <sys/socket.h> 4211 ]], [[ struct sockaddr_storage s; ]])], 4212 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4213 [ ac_cv_have_struct_sockaddr_storage="no" 4214 ]) 4215]) 4216if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4217 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4218 [define if you have struct sockaddr_storage data type]) 4219fi 4220 4221AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4222 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4223#include <sys/types.h> 4224#include <netinet/in.h> 4225 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4226 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4227 [ ac_cv_have_struct_sockaddr_in6="no" 4228 ]) 4229]) 4230if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4231 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4232 [define if you have struct sockaddr_in6 data type]) 4233fi 4234 4235AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4236 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4237#include <sys/types.h> 4238#include <netinet/in.h> 4239 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4240 [ ac_cv_have_struct_in6_addr="yes" ], 4241 [ ac_cv_have_struct_in6_addr="no" 4242 ]) 4243]) 4244if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4245 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4246 [define if you have struct in6_addr data type]) 4247 4248dnl Now check for sin6_scope_id 4249 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4250 [ 4251#ifdef HAVE_SYS_TYPES_H 4252#include <sys/types.h> 4253#endif 4254#include <netinet/in.h> 4255 ]) 4256fi 4257 4258AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4259 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4260#include <sys/types.h> 4261#include <sys/socket.h> 4262#include <netdb.h> 4263 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4264 [ ac_cv_have_struct_addrinfo="yes" ], 4265 [ ac_cv_have_struct_addrinfo="no" 4266 ]) 4267]) 4268if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4269 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4270 [define if you have struct addrinfo data type]) 4271fi 4272 4273AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4274 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4275 [[ struct timeval tv; tv.tv_sec = 1;]])], 4276 [ ac_cv_have_struct_timeval="yes" ], 4277 [ ac_cv_have_struct_timeval="no" 4278 ]) 4279]) 4280if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4281 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4282 have_struct_timeval=1 4283fi 4284 4285AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4286 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4287 #ifdef HAVE_SYS_TIME_H 4288 # include <sys/time.h> 4289 #endif 4290 #ifdef HAVE_TIME_H 4291 # include <time.h> 4292 #endif 4293 ]], 4294 [[ struct timespec ts; ts.tv_sec = 1;]])], 4295 [ ac_cv_have_struct_timespec="yes" ], 4296 [ ac_cv_have_struct_timespec="no" 4297 ]) 4298]) 4299if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4300 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4301 have_struct_timespec=1 4302fi 4303 4304# We need int64_t or else certain parts of the compile will fail. 4305if test "x$ac_cv_have_int64_t" = "xno" && \ 4306 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4307 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4308 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4309 echo "an alternative compiler (I.E., GCC) before continuing." 4310 echo "" 4311 exit 1; 4312else 4313dnl test snprintf (broken on SCO w/gcc) 4314 AC_RUN_IFELSE( 4315 [AC_LANG_SOURCE([[ 4316#include <stdio.h> 4317#include <stdlib.h> 4318#include <string.h> 4319#ifdef HAVE_SNPRINTF 4320main() 4321{ 4322 char buf[50]; 4323 char expected_out[50]; 4324 int mazsize = 50 ; 4325#if (SIZEOF_LONG_INT == 8) 4326 long int num = 0x7fffffffffffffff; 4327#else 4328 long long num = 0x7fffffffffffffffll; 4329#endif 4330 strcpy(expected_out, "9223372036854775807"); 4331 snprintf(buf, mazsize, "%lld", num); 4332 if(strcmp(buf, expected_out) != 0) 4333 exit(1); 4334 exit(0); 4335} 4336#else 4337main() { exit(0); } 4338#endif 4339 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4340 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4341 ) 4342fi 4343 4344dnl Checks for structure members 4345OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4346OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4347OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4348OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4349OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4350OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4351OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4352OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4353OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4354OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4355OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4356OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4357OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4358OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4359OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4360OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4361OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4362OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4363 4364AC_CHECK_MEMBERS([struct stat.st_blksize]) 4365AC_CHECK_MEMBERS([struct stat.st_mtim]) 4366AC_CHECK_MEMBERS([struct stat.st_mtime]) 4367AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4368struct passwd.pw_change, struct passwd.pw_expire], 4369[], [], [[ 4370#include <sys/types.h> 4371#include <pwd.h> 4372]]) 4373 4374AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4375 [Define if we don't have struct __res_state in resolv.h])], 4376[[ 4377#include <stdio.h> 4378#if HAVE_SYS_TYPES_H 4379# include <sys/types.h> 4380#endif 4381#include <netinet/in.h> 4382#include <arpa/nameser.h> 4383#include <resolv.h> 4384]]) 4385 4386AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4387 ac_cv_have_ss_family_in_struct_ss, [ 4388 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4389#include <sys/types.h> 4390#include <sys/socket.h> 4391 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4392 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4393 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4394]) 4395if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4396 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4397fi 4398 4399AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4400 ac_cv_have___ss_family_in_struct_ss, [ 4401 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4402#include <sys/types.h> 4403#include <sys/socket.h> 4404 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4405 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4406 [ ac_cv_have___ss_family_in_struct_ss="no" 4407 ]) 4408]) 4409if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4410 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4411 [Fields in struct sockaddr_storage]) 4412fi 4413 4414dnl make sure we're using the real structure members and not defines 4415AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4416 ac_cv_have_accrights_in_msghdr, [ 4417 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4418#include <sys/types.h> 4419#include <sys/socket.h> 4420#include <sys/uio.h> 4421#include <stdlib.h> 4422 ]], [[ 4423#ifdef msg_accrights 4424#error "msg_accrights is a macro" 4425exit(1); 4426#endif 4427struct msghdr m; 4428m.msg_accrights = 0; 4429exit(0); 4430 ]])], 4431 [ ac_cv_have_accrights_in_msghdr="yes" ], 4432 [ ac_cv_have_accrights_in_msghdr="no" ] 4433 ) 4434]) 4435if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4436 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4437 [Define if your system uses access rights style 4438 file descriptor passing]) 4439fi 4440 4441AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4442AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4443#include <sys/param.h> 4444#include <sys/stat.h> 4445#ifdef HAVE_SYS_TIME_H 4446# include <sys/time.h> 4447#endif 4448#ifdef HAVE_SYS_MOUNT_H 4449#include <sys/mount.h> 4450#endif 4451#ifdef HAVE_SYS_STATVFS_H 4452#include <sys/statvfs.h> 4453#endif 4454 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4455 [ AC_MSG_RESULT([yes]) ], 4456 [ AC_MSG_RESULT([no]) 4457 4458 AC_MSG_CHECKING([if fsid_t has member val]) 4459 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4460#include <sys/types.h> 4461#include <sys/statvfs.h> 4462 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4463 [ AC_MSG_RESULT([yes]) 4464 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4465 [ AC_MSG_RESULT([no]) ]) 4466 4467 AC_MSG_CHECKING([if f_fsid has member __val]) 4468 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4469#include <sys/types.h> 4470#include <sys/statvfs.h> 4471 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4472 [ AC_MSG_RESULT([yes]) 4473 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4474 [ AC_MSG_RESULT([no]) ]) 4475]) 4476 4477AC_CACHE_CHECK([for msg_control field in struct msghdr], 4478 ac_cv_have_control_in_msghdr, [ 4479 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4480#include <sys/types.h> 4481#include <sys/socket.h> 4482#include <sys/uio.h> 4483#include <stdlib.h> 4484 ]], [[ 4485#ifdef msg_control 4486#error "msg_control is a macro" 4487exit(1); 4488#endif 4489struct msghdr m; 4490m.msg_control = 0; 4491exit(0); 4492 ]])], 4493 [ ac_cv_have_control_in_msghdr="yes" ], 4494 [ ac_cv_have_control_in_msghdr="no" ] 4495 ) 4496]) 4497if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4498 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4499 [Define if your system uses ancillary data style 4500 file descriptor passing]) 4501fi 4502 4503AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4504 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4505 [[ extern char *__progname; printf("%s", __progname); ]])], 4506 [ ac_cv_libc_defines___progname="yes" ], 4507 [ ac_cv_libc_defines___progname="no" 4508 ]) 4509]) 4510if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4511 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4512fi 4513 4514AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4515 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4516 [[ printf("%s", __FUNCTION__); ]])], 4517 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4518 [ ac_cv_cc_implements___FUNCTION__="no" 4519 ]) 4520]) 4521if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4522 AC_DEFINE([HAVE___FUNCTION__], [1], 4523 [Define if compiler implements __FUNCTION__]) 4524fi 4525 4526AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4527 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4528 [[ printf("%s", __func__); ]])], 4529 [ ac_cv_cc_implements___func__="yes" ], 4530 [ ac_cv_cc_implements___func__="no" 4531 ]) 4532]) 4533if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4534 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4535fi 4536 4537AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4538 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4539#include <stdarg.h> 4540va_list x,y; 4541 ]], [[ va_copy(x,y); ]])], 4542 [ ac_cv_have_va_copy="yes" ], 4543 [ ac_cv_have_va_copy="no" 4544 ]) 4545]) 4546if test "x$ac_cv_have_va_copy" = "xyes" ; then 4547 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4548fi 4549 4550AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4551 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4552#include <stdarg.h> 4553va_list x,y; 4554 ]], [[ __va_copy(x,y); ]])], 4555 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4556 ]) 4557]) 4558if test "x$ac_cv_have___va_copy" = "xyes" ; then 4559 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4560fi 4561 4562AC_CACHE_CHECK([whether getopt has optreset support], 4563 ac_cv_have_getopt_optreset, [ 4564 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4565 [[ extern int optreset; optreset = 0; ]])], 4566 [ ac_cv_have_getopt_optreset="yes" ], 4567 [ ac_cv_have_getopt_optreset="no" 4568 ]) 4569]) 4570if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4571 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4572 [Define if your getopt(3) defines and uses optreset]) 4573fi 4574 4575AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4576 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4577[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4578 [ ac_cv_libc_defines_sys_errlist="yes" ], 4579 [ ac_cv_libc_defines_sys_errlist="no" 4580 ]) 4581]) 4582if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4583 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4584 [Define if your system defines sys_errlist[]]) 4585fi 4586 4587 4588AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4589 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4590[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4591 [ ac_cv_libc_defines_sys_nerr="yes" ], 4592 [ ac_cv_libc_defines_sys_nerr="no" 4593 ]) 4594]) 4595if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4596 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4597fi 4598 4599# Check libraries needed by DNS fingerprint support 4600AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4601 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4602 [Define if getrrsetbyname() exists])], 4603 [ 4604 # Needed by our getrrsetbyname() 4605 AC_SEARCH_LIBS([res_query], [resolv]) 4606 AC_SEARCH_LIBS([dn_expand], [resolv]) 4607 AC_MSG_CHECKING([if res_query will link]) 4608 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4609#include <sys/types.h> 4610#include <netinet/in.h> 4611#include <arpa/nameser.h> 4612#include <netdb.h> 4613#include <resolv.h> 4614 ]], [[ 4615 res_query (0, 0, 0, 0, 0); 4616 ]])], 4617 AC_MSG_RESULT([yes]), 4618 [AC_MSG_RESULT([no]) 4619 saved_LIBS="$LIBS" 4620 LIBS="$LIBS -lresolv" 4621 AC_MSG_CHECKING([for res_query in -lresolv]) 4622 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4623#include <sys/types.h> 4624#include <netinet/in.h> 4625#include <arpa/nameser.h> 4626#include <netdb.h> 4627#include <resolv.h> 4628 ]], [[ 4629 res_query (0, 0, 0, 0, 0); 4630 ]])], 4631 [AC_MSG_RESULT([yes])], 4632 [LIBS="$saved_LIBS" 4633 AC_MSG_RESULT([no])]) 4634 ]) 4635 AC_CHECK_FUNCS([_getshort _getlong]) 4636 AC_CHECK_DECLS([_getshort, _getlong], , , 4637 [#include <sys/types.h> 4638 #include <arpa/nameser.h>]) 4639 AC_CHECK_MEMBER([HEADER.ad], 4640 [AC_DEFINE([HAVE_HEADER_AD], [1], 4641 [Define if HEADER.ad exists in arpa/nameser.h])], , 4642 [#include <arpa/nameser.h>]) 4643 ]) 4644 4645AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4646AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4647#include <stdio.h> 4648#if HAVE_SYS_TYPES_H 4649# include <sys/types.h> 4650#endif 4651#include <netinet/in.h> 4652#include <arpa/nameser.h> 4653#include <resolv.h> 4654extern struct __res_state _res; 4655 ]], [[ 4656struct __res_state *volatile p = &_res; /* force resolution of _res */ 4657return 0; 4658 ]],)], 4659 [AC_MSG_RESULT([yes]) 4660 AC_DEFINE([HAVE__RES_EXTERN], [1], 4661 [Define if you have struct __res_state _res as an extern]) 4662 ], 4663 [ AC_MSG_RESULT([no]) ] 4664) 4665 4666# Check whether user wants SELinux support 4667SELINUX_MSG="no" 4668LIBSELINUX="" 4669AC_ARG_WITH([selinux], 4670 [ --with-selinux Enable SELinux support], 4671 [ if test "x$withval" != "xno" ; then 4672 save_LIBS="$LIBS" 4673 AC_DEFINE([WITH_SELINUX], [1], 4674 [Define if you want SELinux support.]) 4675 SELINUX_MSG="yes" 4676 AC_CHECK_HEADER([selinux/selinux.h], , 4677 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4678 AC_CHECK_LIB([selinux], [setexeccon], 4679 [ LIBSELINUX="-lselinux" 4680 LIBS="$LIBS -lselinux" 4681 ], 4682 AC_MSG_ERROR([SELinux support requires libselinux library])) 4683 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4684 LIBS="$save_LIBS $LIBSELINUX" 4685 fi ] 4686) 4687AC_SUBST([SSHDLIBS]) 4688 4689# Check whether user wants Kerberos 5 support 4690KRB5_MSG="no" 4691AC_ARG_WITH([kerberos5], 4692 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4693 [ if test "x$withval" != "xno" ; then 4694 if test "x$withval" = "xyes" ; then 4695 KRB5ROOT="/usr/local" 4696 else 4697 KRB5ROOT=${withval} 4698 fi 4699 4700 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4701 KRB5_MSG="yes" 4702 4703 use_pkgconfig_for_krb5= 4704 if test "x$PKGCONFIG" != "xno"; then 4705 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4706 if "$PKGCONFIG" krb5; then 4707 AC_MSG_RESULT([yes]) 4708 use_pkgconfig_for_krb5=yes 4709 else 4710 AC_MSG_RESULT([no]) 4711 fi 4712 fi 4713 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4714 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4715 K5LIBS=`$PKGCONFIG --libs krb5` 4716 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4717 4718 AC_MSG_CHECKING([for gssapi support]) 4719 if "$PKGCONFIG" krb5-gssapi; then 4720 AC_MSG_RESULT([yes]) 4721 AC_DEFINE([GSSAPI], [1], 4722 [Define this if you want GSSAPI 4723 support in the version 2 protocol]) 4724 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4725 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4726 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4727 else 4728 AC_MSG_RESULT([no]) 4729 fi 4730 AC_MSG_CHECKING([whether we are using Heimdal]) 4731 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4732 ]], [[ char *tmp = heimdal_version; ]])], 4733 [ AC_MSG_RESULT([yes]) 4734 AC_DEFINE([HEIMDAL], [1], 4735 [Define this if you are using the Heimdal 4736 version of Kerberos V5]) ], 4737 [AC_MSG_RESULT([no]) 4738 ]) 4739 else 4740 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4741 [$KRB5ROOT/bin/krb5-config], 4742 [$KRB5ROOT/bin:$PATH]) 4743 if test -x $KRB5CONF ; then 4744 K5CFLAGS="`$KRB5CONF --cflags`" 4745 K5LIBS="`$KRB5CONF --libs`" 4746 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4747 4748 AC_MSG_CHECKING([for gssapi support]) 4749 if $KRB5CONF | grep gssapi >/dev/null ; then 4750 AC_MSG_RESULT([yes]) 4751 AC_DEFINE([GSSAPI], [1], 4752 [Define this if you want GSSAPI 4753 support in the version 2 protocol]) 4754 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4755 GSSLIBS="`$KRB5CONF --libs gssapi`" 4756 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4757 else 4758 AC_MSG_RESULT([no]) 4759 fi 4760 AC_MSG_CHECKING([whether we are using Heimdal]) 4761 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4762 ]], [[ char *tmp = heimdal_version; ]])], 4763 [ AC_MSG_RESULT([yes]) 4764 AC_DEFINE([HEIMDAL], [1], 4765 [Define this if you are using the Heimdal 4766 version of Kerberos V5]) ], 4767 [AC_MSG_RESULT([no]) 4768 ]) 4769 else 4770 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4771 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4772 AC_MSG_CHECKING([whether we are using Heimdal]) 4773 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4774 ]], [[ char *tmp = heimdal_version; ]])], 4775 [ AC_MSG_RESULT([yes]) 4776 AC_DEFINE([HEIMDAL]) 4777 K5LIBS="-lkrb5" 4778 K5LIBS="$K5LIBS -lcom_err -lasn1" 4779 AC_CHECK_LIB([roken], [net_write], 4780 [K5LIBS="$K5LIBS -lroken"]) 4781 AC_CHECK_LIB([des], [des_cbc_encrypt], 4782 [K5LIBS="$K5LIBS -ldes"]) 4783 ], [ AC_MSG_RESULT([no]) 4784 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4785 ]) 4786 AC_SEARCH_LIBS([dn_expand], [resolv]) 4787 4788 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4789 [ AC_DEFINE([GSSAPI]) 4790 GSSLIBS="-lgssapi_krb5" ], 4791 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4792 [ AC_DEFINE([GSSAPI]) 4793 GSSLIBS="-lgssapi" ], 4794 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4795 [ AC_DEFINE([GSSAPI]) 4796 GSSLIBS="-lgss" ], 4797 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4798 ]) 4799 ]) 4800 4801 AC_CHECK_HEADER([gssapi.h], , 4802 [ unset ac_cv_header_gssapi_h 4803 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4804 AC_CHECK_HEADERS([gssapi.h], , 4805 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4806 ) 4807 ] 4808 ) 4809 4810 oldCPP="$CPPFLAGS" 4811 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4812 AC_CHECK_HEADER([gssapi_krb5.h], , 4813 [ CPPFLAGS="$oldCPP" ]) 4814 4815 fi 4816 fi 4817 if test -n "${rpath_opt}" ; then 4818 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4819 fi 4820 if test ! -z "$blibpath" ; then 4821 blibpath="$blibpath:${KRB5ROOT}/lib" 4822 fi 4823 4824 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4825 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4826 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4827 4828 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4829 [Define this if you want to use libkafs' AFS support])]) 4830 4831 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4832#ifdef HAVE_GSSAPI_H 4833# include <gssapi.h> 4834#elif defined(HAVE_GSSAPI_GSSAPI_H) 4835# include <gssapi/gssapi.h> 4836#endif 4837 4838#ifdef HAVE_GSSAPI_GENERIC_H 4839# include <gssapi_generic.h> 4840#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4841# include <gssapi/gssapi_generic.h> 4842#endif 4843 ]]) 4844 saved_LIBS="$LIBS" 4845 LIBS="$LIBS $K5LIBS" 4846 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4847 LIBS="$saved_LIBS" 4848 4849 fi 4850 ] 4851) 4852AC_SUBST([GSSLIBS]) 4853AC_SUBST([K5LIBS]) 4854AC_SUBST([CHANNELLIBS]) 4855 4856# Looking for programs, paths and files 4857 4858PRIVSEP_PATH=/var/empty 4859AC_ARG_WITH([privsep-path], 4860 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4861 [ 4862 if test -n "$withval" && test "x$withval" != "xno" && \ 4863 test "x${withval}" != "xyes"; then 4864 PRIVSEP_PATH=$withval 4865 fi 4866 ] 4867) 4868AC_SUBST([PRIVSEP_PATH]) 4869 4870AC_ARG_WITH([xauth], 4871 [ --with-xauth=PATH Specify path to xauth program ], 4872 [ 4873 if test -n "$withval" && test "x$withval" != "xno" && \ 4874 test "x${withval}" != "xyes"; then 4875 xauth_path=$withval 4876 fi 4877 ], 4878 [ 4879 TestPath="$PATH" 4880 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4881 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4882 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4883 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4884 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4885 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4886 xauth_path="/usr/openwin/bin/xauth" 4887 fi 4888 ] 4889) 4890 4891STRIP_OPT=-s 4892AC_ARG_ENABLE([strip], 4893 [ --disable-strip Disable calling strip(1) on install], 4894 [ 4895 if test "x$enableval" = "xno" ; then 4896 STRIP_OPT= 4897 fi 4898 ] 4899) 4900AC_SUBST([STRIP_OPT]) 4901 4902if test -z "$xauth_path" ; then 4903 XAUTH_PATH="undefined" 4904 AC_SUBST([XAUTH_PATH]) 4905else 4906 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4907 [Define if xauth is found in your path]) 4908 XAUTH_PATH=$xauth_path 4909 AC_SUBST([XAUTH_PATH]) 4910fi 4911 4912dnl # --with-maildir=/path/to/mail gets top priority. 4913dnl # if maildir is set in the platform case statement above we use that. 4914dnl # Otherwise we run a program to get the dir from system headers. 4915dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4916dnl # If we find _PATH_MAILDIR we do nothing because that is what 4917dnl # session.c expects anyway. Otherwise we set to the value found 4918dnl # stripping any trailing slash. If for some strage reason our program 4919dnl # does not find what it needs, we default to /var/spool/mail. 4920# Check for mail directory 4921AC_ARG_WITH([maildir], 4922 [ --with-maildir=/path/to/mail Specify your system mail directory], 4923 [ 4924 if test "X$withval" != X && test "x$withval" != xno && \ 4925 test "x${withval}" != xyes; then 4926 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4927 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4928 fi 4929 ],[ 4930 if test "X$maildir" != "X"; then 4931 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4932 else 4933 AC_MSG_CHECKING([Discovering system mail directory]) 4934 AC_RUN_IFELSE( 4935 [AC_LANG_PROGRAM([[ 4936#include <stdio.h> 4937#include <stdlib.h> 4938#include <string.h> 4939#ifdef HAVE_PATHS_H 4940#include <paths.h> 4941#endif 4942#ifdef HAVE_MAILLOCK_H 4943#include <maillock.h> 4944#endif 4945#define DATA "conftest.maildir" 4946 ]], [[ 4947 FILE *fd; 4948 int rc; 4949 4950 fd = fopen(DATA,"w"); 4951 if(fd == NULL) 4952 exit(1); 4953 4954#if defined (_PATH_MAILDIR) 4955 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4956 exit(1); 4957#elif defined (MAILDIR) 4958 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4959 exit(1); 4960#elif defined (_PATH_MAIL) 4961 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4962 exit(1); 4963#else 4964 exit (2); 4965#endif 4966 4967 exit(0); 4968 ]])], 4969 [ 4970 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4971 maildir=`awk -F: '{print $2}' conftest.maildir \ 4972 | sed 's|/$||'` 4973 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4974 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4975 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4976 fi 4977 ], 4978 [ 4979 if test "X$ac_status" = "X2";then 4980# our test program didn't find it. Default to /var/spool/mail 4981 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4982 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4983 else 4984 AC_MSG_RESULT([*** not found ***]) 4985 fi 4986 ], 4987 [ 4988 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4989 ] 4990 ) 4991 fi 4992 ] 4993) # maildir 4994 4995if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4996 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4997 disable_ptmx_check=yes 4998fi 4999if test -z "$no_dev_ptmx" ; then 5000 if test "x$disable_ptmx_check" != "xyes" ; then 5001 AC_CHECK_FILE(["/dev/ptmx"], 5002 [ 5003 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5004 [Define if you have /dev/ptmx]) 5005 have_dev_ptmx=1 5006 ] 5007 ) 5008 fi 5009fi 5010 5011if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5012 AC_CHECK_FILE(["/dev/ptc"], 5013 [ 5014 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5015 [Define if you have /dev/ptc]) 5016 have_dev_ptc=1 5017 ] 5018 ) 5019else 5020 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5021fi 5022 5023# Options from here on. Some of these are preset by platform above 5024AC_ARG_WITH([mantype], 5025 [ --with-mantype=man|cat|doc Set man page type], 5026 [ 5027 case "$withval" in 5028 man|cat|doc) 5029 MANTYPE=$withval 5030 ;; 5031 *) 5032 AC_MSG_ERROR([invalid man type: $withval]) 5033 ;; 5034 esac 5035 ] 5036) 5037if test -z "$MANTYPE"; then 5038 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5039 MANTYPE=doc 5040 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5041 MANTYPE=doc 5042 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5043 MANTYPE=man 5044 else 5045 MANTYPE=cat 5046 fi 5047fi 5048AC_SUBST([MANTYPE]) 5049if test "$MANTYPE" = "doc"; then 5050 mansubdir=man; 5051else 5052 mansubdir=$MANTYPE; 5053fi 5054AC_SUBST([mansubdir]) 5055 5056# Whether to disable shadow password support 5057AC_ARG_WITH([shadow], 5058 [ --without-shadow Disable shadow password support], 5059 [ 5060 if test "x$withval" = "xno" ; then 5061 AC_DEFINE([DISABLE_SHADOW]) 5062 disable_shadow=yes 5063 fi 5064 ] 5065) 5066 5067if test -z "$disable_shadow" ; then 5068 AC_MSG_CHECKING([if the systems has expire shadow information]) 5069 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5070#include <sys/types.h> 5071#include <shadow.h> 5072struct spwd sp; 5073 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5074 [ sp_expire_available=yes ], [ 5075 ]) 5076 5077 if test "x$sp_expire_available" = "xyes" ; then 5078 AC_MSG_RESULT([yes]) 5079 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5080 [Define if you want to use shadow password expire field]) 5081 else 5082 AC_MSG_RESULT([no]) 5083 fi 5084fi 5085 5086# Use ip address instead of hostname in $DISPLAY 5087if test ! -z "$IPADDR_IN_DISPLAY" ; then 5088 DISPLAY_HACK_MSG="yes" 5089 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5090 [Define if you need to use IP address 5091 instead of hostname in $DISPLAY]) 5092else 5093 DISPLAY_HACK_MSG="no" 5094 AC_ARG_WITH([ipaddr-display], 5095 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5096 [ 5097 if test "x$withval" != "xno" ; then 5098 AC_DEFINE([IPADDR_IN_DISPLAY]) 5099 DISPLAY_HACK_MSG="yes" 5100 fi 5101 ] 5102 ) 5103fi 5104 5105# check for /etc/default/login and use it if present. 5106AC_ARG_ENABLE([etc-default-login], 5107 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5108 [ if test "x$enableval" = "xno"; then 5109 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5110 etc_default_login=no 5111 else 5112 etc_default_login=yes 5113 fi ], 5114 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5115 then 5116 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5117 etc_default_login=no 5118 else 5119 etc_default_login=yes 5120 fi ] 5121) 5122 5123if test "x$etc_default_login" != "xno"; then 5124 AC_CHECK_FILE(["/etc/default/login"], 5125 [ external_path_file=/etc/default/login ]) 5126 if test "x$external_path_file" = "x/etc/default/login"; then 5127 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5128 [Define if your system has /etc/default/login]) 5129 fi 5130fi 5131 5132dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5133if test $ac_cv_func_login_getcapbool = "yes" && \ 5134 test $ac_cv_header_login_cap_h = "yes" ; then 5135 external_path_file=/etc/login.conf 5136fi 5137 5138# Whether to mess with the default path 5139SERVER_PATH_MSG="(default)" 5140AC_ARG_WITH([default-path], 5141 [ --with-default-path= Specify default $PATH environment for server], 5142 [ 5143 if test "x$external_path_file" = "x/etc/login.conf" ; then 5144 AC_MSG_WARN([ 5145--with-default-path=PATH has no effect on this system. 5146Edit /etc/login.conf instead.]) 5147 elif test "x$withval" != "xno" ; then 5148 if test ! -z "$external_path_file" ; then 5149 AC_MSG_WARN([ 5150--with-default-path=PATH will only be used if PATH is not defined in 5151$external_path_file .]) 5152 fi 5153 user_path="$withval" 5154 SERVER_PATH_MSG="$withval" 5155 fi 5156 ], 5157 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5158 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5159 else 5160 if test ! -z "$external_path_file" ; then 5161 AC_MSG_WARN([ 5162If PATH is defined in $external_path_file, ensure the path to scp is included, 5163otherwise scp will not work.]) 5164 fi 5165 AC_RUN_IFELSE( 5166 [AC_LANG_PROGRAM([[ 5167/* find out what STDPATH is */ 5168#include <stdio.h> 5169#include <stdlib.h> 5170#ifdef HAVE_PATHS_H 5171# include <paths.h> 5172#endif 5173#ifndef _PATH_STDPATH 5174# ifdef _PATH_USERPATH /* Irix */ 5175# define _PATH_STDPATH _PATH_USERPATH 5176# else 5177# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5178# endif 5179#endif 5180#include <sys/types.h> 5181#include <sys/stat.h> 5182#include <fcntl.h> 5183#define DATA "conftest.stdpath" 5184 ]], [[ 5185 FILE *fd; 5186 int rc; 5187 5188 fd = fopen(DATA,"w"); 5189 if(fd == NULL) 5190 exit(1); 5191 5192 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5193 exit(1); 5194 5195 exit(0); 5196 ]])], 5197 [ user_path=`cat conftest.stdpath` ], 5198 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5199 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5200 ) 5201# make sure $bindir is in USER_PATH so scp will work 5202 t_bindir="${bindir}" 5203 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5204 t_bindir=`eval echo ${t_bindir}` 5205 case $t_bindir in 5206 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5207 esac 5208 case $t_bindir in 5209 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5210 esac 5211 done 5212 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5213 if test $? -ne 0 ; then 5214 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5215 if test $? -ne 0 ; then 5216 user_path=$user_path:$t_bindir 5217 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5218 fi 5219 fi 5220 fi ] 5221) 5222if test "x$external_path_file" != "x/etc/login.conf" ; then 5223 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5224 AC_SUBST([user_path]) 5225fi 5226 5227# Set superuser path separately to user path 5228AC_ARG_WITH([superuser-path], 5229 [ --with-superuser-path= Specify different path for super-user], 5230 [ 5231 if test -n "$withval" && test "x$withval" != "xno" && \ 5232 test "x${withval}" != "xyes"; then 5233 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5234 [Define if you want a different $PATH 5235 for the superuser]) 5236 superuser_path=$withval 5237 fi 5238 ] 5239) 5240 5241 5242AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5243IPV4_IN6_HACK_MSG="no" 5244AC_ARG_WITH(4in6, 5245 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5246 [ 5247 if test "x$withval" != "xno" ; then 5248 AC_MSG_RESULT([yes]) 5249 AC_DEFINE([IPV4_IN_IPV6], [1], 5250 [Detect IPv4 in IPv6 mapped addresses 5251 and treat as IPv4]) 5252 IPV4_IN6_HACK_MSG="yes" 5253 else 5254 AC_MSG_RESULT([no]) 5255 fi 5256 ], [ 5257 if test "x$inet6_default_4in6" = "xyes"; then 5258 AC_MSG_RESULT([yes (default)]) 5259 AC_DEFINE([IPV4_IN_IPV6]) 5260 IPV4_IN6_HACK_MSG="yes" 5261 else 5262 AC_MSG_RESULT([no (default)]) 5263 fi 5264 ] 5265) 5266 5267# Whether to enable BSD auth support 5268BSD_AUTH_MSG=no 5269AC_ARG_WITH([bsd-auth], 5270 [ --with-bsd-auth Enable BSD auth support], 5271 [ 5272 if test "x$withval" != "xno" ; then 5273 AC_DEFINE([BSD_AUTH], [1], 5274 [Define if you have BSD auth support]) 5275 BSD_AUTH_MSG=yes 5276 fi 5277 ] 5278) 5279 5280# Where to place sshd.pid 5281piddir=/var/run 5282# make sure the directory exists 5283if test ! -d $piddir ; then 5284 piddir=`eval echo ${sysconfdir}` 5285 case $piddir in 5286 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5287 esac 5288fi 5289 5290AC_ARG_WITH([pid-dir], 5291 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5292 [ 5293 if test -n "$withval" && test "x$withval" != "xno" && \ 5294 test "x${withval}" != "xyes"; then 5295 piddir=$withval 5296 if test ! -d $piddir ; then 5297 AC_MSG_WARN([** no $piddir directory on this system **]) 5298 fi 5299 fi 5300 ] 5301) 5302 5303AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5304 [Specify location of ssh.pid]) 5305AC_SUBST([piddir]) 5306 5307dnl allow user to disable some login recording features 5308AC_ARG_ENABLE([lastlog], 5309 [ --disable-lastlog disable use of lastlog even if detected [no]], 5310 [ 5311 if test "x$enableval" = "xno" ; then 5312 AC_DEFINE([DISABLE_LASTLOG]) 5313 fi 5314 ] 5315) 5316AC_ARG_ENABLE([utmp], 5317 [ --disable-utmp disable use of utmp even if detected [no]], 5318 [ 5319 if test "x$enableval" = "xno" ; then 5320 AC_DEFINE([DISABLE_UTMP]) 5321 fi 5322 ] 5323) 5324AC_ARG_ENABLE([utmpx], 5325 [ --disable-utmpx disable use of utmpx even if detected [no]], 5326 [ 5327 if test "x$enableval" = "xno" ; then 5328 AC_DEFINE([DISABLE_UTMPX], [1], 5329 [Define if you don't want to use utmpx]) 5330 fi 5331 ] 5332) 5333AC_ARG_ENABLE([wtmp], 5334 [ --disable-wtmp disable use of wtmp even if detected [no]], 5335 [ 5336 if test "x$enableval" = "xno" ; then 5337 AC_DEFINE([DISABLE_WTMP]) 5338 fi 5339 ] 5340) 5341AC_ARG_ENABLE([wtmpx], 5342 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5343 [ 5344 if test "x$enableval" = "xno" ; then 5345 AC_DEFINE([DISABLE_WTMPX], [1], 5346 [Define if you don't want to use wtmpx]) 5347 fi 5348 ] 5349) 5350AC_ARG_ENABLE([libutil], 5351 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5352 [ 5353 if test "x$enableval" = "xno" ; then 5354 AC_DEFINE([DISABLE_LOGIN]) 5355 fi 5356 ] 5357) 5358AC_ARG_ENABLE([pututline], 5359 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5360 [ 5361 if test "x$enableval" = "xno" ; then 5362 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5363 [Define if you don't want to use pututline() 5364 etc. to write [uw]tmp]) 5365 fi 5366 ] 5367) 5368AC_ARG_ENABLE([pututxline], 5369 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5370 [ 5371 if test "x$enableval" = "xno" ; then 5372 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5373 [Define if you don't want to use pututxline() 5374 etc. to write [uw]tmpx]) 5375 fi 5376 ] 5377) 5378AC_ARG_WITH([lastlog], 5379 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5380 [ 5381 if test "x$withval" = "xno" ; then 5382 AC_DEFINE([DISABLE_LASTLOG]) 5383 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5384 conf_lastlog_location=$withval 5385 fi 5386 ] 5387) 5388 5389dnl lastlog, [uw]tmpx? detection 5390dnl NOTE: set the paths in the platform section to avoid the 5391dnl need for command-line parameters 5392dnl lastlog and [uw]tmp are subject to a file search if all else fails 5393 5394dnl lastlog detection 5395dnl NOTE: the code itself will detect if lastlog is a directory 5396AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5397AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5398#include <sys/types.h> 5399#include <utmp.h> 5400#ifdef HAVE_LASTLOG_H 5401# include <lastlog.h> 5402#endif 5403#ifdef HAVE_PATHS_H 5404# include <paths.h> 5405#endif 5406#ifdef HAVE_LOGIN_H 5407# include <login.h> 5408#endif 5409 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5410 [ AC_MSG_RESULT([yes]) ], 5411 [ 5412 AC_MSG_RESULT([no]) 5413 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5414 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5415#include <sys/types.h> 5416#include <utmp.h> 5417#ifdef HAVE_LASTLOG_H 5418# include <lastlog.h> 5419#endif 5420#ifdef HAVE_PATHS_H 5421# include <paths.h> 5422#endif 5423 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5424 [ AC_MSG_RESULT([yes]) ], 5425 [ 5426 AC_MSG_RESULT([no]) 5427 system_lastlog_path=no 5428 ]) 5429]) 5430 5431if test -z "$conf_lastlog_location"; then 5432 if test x"$system_lastlog_path" = x"no" ; then 5433 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5434 if (test -d "$f" || test -f "$f") ; then 5435 conf_lastlog_location=$f 5436 fi 5437 done 5438 if test -z "$conf_lastlog_location"; then 5439 AC_MSG_WARN([** Cannot find lastlog **]) 5440 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5441 fi 5442 fi 5443fi 5444 5445if test -n "$conf_lastlog_location"; then 5446 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5447 [Define if you want to specify the path to your lastlog file]) 5448fi 5449 5450dnl utmp detection 5451AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5452AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5453#include <sys/types.h> 5454#include <utmp.h> 5455#ifdef HAVE_PATHS_H 5456# include <paths.h> 5457#endif 5458 ]], [[ char *utmp = UTMP_FILE; ]])], 5459 [ AC_MSG_RESULT([yes]) ], 5460 [ AC_MSG_RESULT([no]) 5461 system_utmp_path=no 5462]) 5463if test -z "$conf_utmp_location"; then 5464 if test x"$system_utmp_path" = x"no" ; then 5465 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5466 if test -f $f ; then 5467 conf_utmp_location=$f 5468 fi 5469 done 5470 if test -z "$conf_utmp_location"; then 5471 AC_DEFINE([DISABLE_UTMP]) 5472 fi 5473 fi 5474fi 5475if test -n "$conf_utmp_location"; then 5476 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5477 [Define if you want to specify the path to your utmp file]) 5478fi 5479 5480dnl wtmp detection 5481AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5482AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5483#include <sys/types.h> 5484#include <utmp.h> 5485#ifdef HAVE_PATHS_H 5486# include <paths.h> 5487#endif 5488 ]], [[ char *wtmp = WTMP_FILE; ]])], 5489 [ AC_MSG_RESULT([yes]) ], 5490 [ AC_MSG_RESULT([no]) 5491 system_wtmp_path=no 5492]) 5493if test -z "$conf_wtmp_location"; then 5494 if test x"$system_wtmp_path" = x"no" ; then 5495 for f in /usr/adm/wtmp /var/log/wtmp; do 5496 if test -f $f ; then 5497 conf_wtmp_location=$f 5498 fi 5499 done 5500 if test -z "$conf_wtmp_location"; then 5501 AC_DEFINE([DISABLE_WTMP]) 5502 fi 5503 fi 5504fi 5505if test -n "$conf_wtmp_location"; then 5506 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5507 [Define if you want to specify the path to your wtmp file]) 5508fi 5509 5510dnl wtmpx detection 5511AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5512AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5513#include <sys/types.h> 5514#include <utmp.h> 5515#ifdef HAVE_UTMPX_H 5516#include <utmpx.h> 5517#endif 5518#ifdef HAVE_PATHS_H 5519# include <paths.h> 5520#endif 5521 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5522 [ AC_MSG_RESULT([yes]) ], 5523 [ AC_MSG_RESULT([no]) 5524 system_wtmpx_path=no 5525]) 5526if test -z "$conf_wtmpx_location"; then 5527 if test x"$system_wtmpx_path" = x"no" ; then 5528 AC_DEFINE([DISABLE_WTMPX]) 5529 fi 5530else 5531 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5532 [Define if you want to specify the path to your wtmpx file]) 5533fi 5534 5535 5536if test ! -z "$blibpath" ; then 5537 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5538 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5539fi 5540 5541AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5542 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5543 AC_DEFINE([DISABLE_LASTLOG]) 5544 fi 5545 ], [ 5546#ifdef HAVE_SYS_TYPES_H 5547#include <sys/types.h> 5548#endif 5549#ifdef HAVE_UTMP_H 5550#include <utmp.h> 5551#endif 5552#ifdef HAVE_UTMPX_H 5553#include <utmpx.h> 5554#endif 5555#ifdef HAVE_LASTLOG_H 5556#include <lastlog.h> 5557#endif 5558 ]) 5559 5560AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5561 AC_DEFINE([DISABLE_UTMP]) 5562 AC_DEFINE([DISABLE_WTMP]) 5563 ], [ 5564#ifdef HAVE_SYS_TYPES_H 5565#include <sys/types.h> 5566#endif 5567#ifdef HAVE_UTMP_H 5568#include <utmp.h> 5569#endif 5570#ifdef HAVE_UTMPX_H 5571#include <utmpx.h> 5572#endif 5573#ifdef HAVE_LASTLOG_H 5574#include <lastlog.h> 5575#endif 5576 ]) 5577 5578dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5579dnl Add now. 5580CFLAGS="$CFLAGS $werror_flags" 5581 5582if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5583 TEST_SSH_IPV6=no 5584else 5585 TEST_SSH_IPV6=yes 5586fi 5587AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5588AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5589AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5590AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5591AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5592AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5593 5594CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5595LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5596 5597# Make a copy of CFLAGS/LDFLAGS without PIE options. 5598LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5599CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5600AC_SUBST([LDFLAGS_NOPIE]) 5601AC_SUBST([CFLAGS_NOPIE]) 5602 5603AC_EXEEXT 5604AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5605 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5606 survey.sh]) 5607AC_OUTPUT 5608 5609# Print summary of options 5610 5611# Someone please show me a better way :) 5612A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5613B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5614C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5615D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5616E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5617F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5618G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5619H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5620I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5621J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5622 5623echo "" 5624echo "OpenSSH has been configured with the following options:" 5625echo " User binaries: $B" 5626echo " System binaries: $C" 5627echo " Configuration files: $D" 5628echo " Askpass program: $E" 5629echo " Manual pages: $F" 5630echo " PID file: $G" 5631echo " Privilege separation chroot path: $H" 5632if test "x$external_path_file" = "x/etc/login.conf" ; then 5633echo " At runtime, sshd will use the path defined in $external_path_file" 5634echo " Make sure the path to scp is present, otherwise scp will not work" 5635else 5636echo " sshd default user PATH: $I" 5637 if test ! -z "$external_path_file"; then 5638echo " (If PATH is set in $external_path_file it will be used instead. If" 5639echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5640 fi 5641fi 5642if test ! -z "$superuser_path" ; then 5643echo " sshd superuser user PATH: $J" 5644fi 5645echo " Manpage format: $MANTYPE" 5646echo " PAM support: $PAM_MSG" 5647echo " OSF SIA support: $SIA_MSG" 5648echo " KerberosV support: $KRB5_MSG" 5649echo " SELinux support: $SELINUX_MSG" 5650echo " TCP Wrappers support: $TCPW_MSG" 5651echo " libedit support: $LIBEDIT_MSG" 5652echo " libldns support: $LDNS_MSG" 5653echo " Solaris process contract support: $SPC_MSG" 5654echo " Solaris project support: $SP_MSG" 5655echo " Solaris privilege support: $SPP_MSG" 5656echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5657echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5658echo " BSD Auth support: $BSD_AUTH_MSG" 5659echo " Random number source: $RAND_MSG" 5660echo " Privsep sandbox style: $SANDBOX_STYLE" 5661echo " PKCS#11 support: $enable_pkcs11" 5662echo " U2F/FIDO support: $enable_sk" 5663 5664echo "" 5665 5666echo " Host: ${host}" 5667echo " Compiler: ${CC}" 5668echo " Compiler flags: ${CFLAGS}" 5669echo "Preprocessor flags: ${CPPFLAGS}" 5670echo " Linker flags: ${LDFLAGS}" 5671echo " Libraries: ${LIBS}" 5672if test ! -z "${CHANNELLIBS}"; then 5673echo " +for channels: ${CHANNELLIBS}" 5674fi 5675if test ! -z "${LIBFIDO2}"; then 5676echo " +for FIDO2: ${LIBFIDO2}" 5677fi 5678if test ! -z "${SSHDLIBS}"; then 5679echo " +for sshd: ${SSHDLIBS}" 5680fi 5681 5682echo "" 5683 5684if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5685 echo "SVR4 style packages are supported with \"make package\"" 5686 echo "" 5687fi 5688 5689if test "x$PAM_MSG" = "xyes" ; then 5690 echo "PAM is enabled. You may need to install a PAM control file " 5691 echo "for sshd, otherwise password authentication may fail. " 5692 echo "Example PAM control files can be found in the contrib/ " 5693 echo "subdirectory" 5694 echo "" 5695fi 5696 5697if test ! -z "$NO_PEERCHECK" ; then 5698 echo "WARNING: the operating system that you are using does not" 5699 echo "appear to support getpeereid(), getpeerucred() or the" 5700 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5701 echo "enforce security checks to prevent unauthorised connections to" 5702 echo "ssh-agent. Their absence increases the risk that a malicious" 5703 echo "user can connect to your agent." 5704 echo "" 5705fi 5706 5707if test "$AUDIT_MODULE" = "bsm" ; then 5708 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5709 echo "See the Solaris section in README.platform for details." 5710fi 5711