1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([RLIMIT_NPROC], 118 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 119 #include <sys/types.h> 120 #include <sys/resource.h> 121]) 122AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 123 #include <sys/types.h> 124 #include <linux/prctl.h> 125]) 126 127openssl=yes 128openssl_bin=openssl 129AC_ARG_WITH([openssl], 130 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 131 [ if test "x$withval" = "xno" ; then 132 openssl=no 133 openssl_bin="" 134 fi 135 ] 136) 137AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 138if test "x$openssl" = "xyes" ; then 139 AC_MSG_RESULT([yes]) 140 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 141else 142 AC_MSG_RESULT([no]) 143fi 144 145use_stack_protector=1 146use_toolchain_hardening=1 147use_retpoline=1 148AC_ARG_WITH([stackprotect], 149 [ --without-stackprotect Don't use compiler's stack protection], [ 150 if test "x$withval" = "xno"; then 151 use_stack_protector=0 152 fi ]) 153AC_ARG_WITH([hardening], 154 [ --without-hardening Don't use toolchain hardening flags], [ 155 if test "x$withval" = "xno"; then 156 use_toolchain_hardening=0 157 fi ]) 158AC_ARG_WITH([retpoline], 159 [ --without-retpoline Enable retpoline spectre mitigation], [ 160 if test "x$withval" = "xno"; then 161 use_retpoline=0 162 fi ]) 163 164# We use -Werror for the tests only so that we catch warnings like "this is 165# on by default" for things like -fPIE. 166AC_MSG_CHECKING([if $CC supports -Werror]) 167saved_CFLAGS="$CFLAGS" 168CFLAGS="$CFLAGS -Werror" 169AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 170 [ AC_MSG_RESULT([yes]) 171 WERROR="-Werror"], 172 [ AC_MSG_RESULT([no]) 173 WERROR="" ] 174) 175CFLAGS="$saved_CFLAGS" 176 177if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 178 AC_MSG_CHECKING([gcc version]) 179 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 180 case "$GCC_VER" in 181 1.*) no_attrib_nonnull=1 ;; 182 2.8* | 2.9*) 183 no_attrib_nonnull=1 184 ;; 185 2.*) no_attrib_nonnull=1 ;; 186 *) ;; 187 esac 188 AC_MSG_RESULT([$GCC_VER]) 189 190 AC_MSG_CHECKING([clang version]) 191 ver="`$CC -v 2>&1`" 192 if echo "$ver" | grep "Apple" >/dev/null; then 193 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \ 194 $SED 's/.*clang version //g' | $AWK '{print $1}'` 195 else 196 CLANG_VER=`echo "$ver" | grep 'clang version' | \ 197 $SED 's/.*clang version //g' | $AWK '{print $1}'` 198 fi 199 AC_MSG_RESULT([$CLANG_VER]) 200 201 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 202 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 203 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 204 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 205 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 206 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 209 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 210 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 211 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 212 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 213 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 214 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 215 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 216 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 217 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 218 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 219 if test "x$use_toolchain_hardening" = "x1"; then 220 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 221 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 222 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 223 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 224 # NB. -ftrapv expects certain support functions to be present in 225 # the compiler library (libgcc or similar) to detect integer operations 226 # that can overflow. We must check that the result of enabling it 227 # actually links. The test program compiled/linked includes a number 228 # of integer operations that should exercise this. 229 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 230 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 231 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 232 # https://github.com/llvm/llvm-project/issues/59242 233 # clang 17 has a different bug that causes an ICE when using this 234 # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) 235 case "$CLANG_VER" in 236 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 237 17*) ;; 238 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 239 esac 240 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 241 fi 242 if test "x$use_retpoline" = "x1"; then 243 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 244 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 245 fi 246 247 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 248 saved_CFLAGS="$CFLAGS" 249 CFLAGS="$CFLAGS -fno-builtin-memset" 250 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 251 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 252 [ AC_MSG_RESULT([yes]) ], 253 [ AC_MSG_RESULT([no]) 254 CFLAGS="$saved_CFLAGS" ] 255 ) 256 257 # -fstack-protector-all doesn't always work for some GCC versions 258 # and/or platforms, so we test if we can. If it's not supported 259 # on a given platform gcc will emit a warning so we use -Werror. 260 if test "x$use_stack_protector" = "x1"; then 261 for t in -fstack-protector-strong -fstack-protector-all \ 262 -fstack-protector; do 263 AC_MSG_CHECKING([if $CC supports $t]) 264 saved_CFLAGS="$CFLAGS" 265 saved_LDFLAGS="$LDFLAGS" 266 CFLAGS="$CFLAGS $t -Werror" 267 LDFLAGS="$LDFLAGS $t -Werror" 268 AC_LINK_IFELSE( 269 [AC_LANG_PROGRAM([[ 270 #include <stdio.h> 271 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 272 ]], 273 [[ 274 char x[256]; 275 snprintf(x, sizeof(x), "XXX%d", func(1)); 276 ]])], 277 [ AC_MSG_RESULT([yes]) 278 CFLAGS="$saved_CFLAGS $t" 279 LDFLAGS="$saved_LDFLAGS $t" 280 AC_MSG_CHECKING([if $t works]) 281 AC_RUN_IFELSE( 282 [AC_LANG_PROGRAM([[ 283 #include <stdio.h> 284 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 285 ]], 286 [[ 287 char x[256]; 288 snprintf(x, sizeof(x), "XXX%d", func(1)); 289 ]])], 290 [ AC_MSG_RESULT([yes]) 291 break ], 292 [ AC_MSG_RESULT([no]) ], 293 [ AC_MSG_WARN([cross compiling: cannot test]) 294 break ] 295 ) 296 ], 297 [ AC_MSG_RESULT([no]) ] 298 ) 299 CFLAGS="$saved_CFLAGS" 300 LDFLAGS="$saved_LDFLAGS" 301 done 302 fi 303 304 if test -z "$have_llong_max"; then 305 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 306 unset ac_cv_have_decl_LLONG_MAX 307 saved_CFLAGS="$CFLAGS" 308 CFLAGS="$CFLAGS -std=gnu99" 309 AC_CHECK_DECL([LLONG_MAX], 310 [have_llong_max=1], 311 [CFLAGS="$saved_CFLAGS"], 312 [#include <limits.h>] 313 ) 314 fi 315fi 316 317AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 318AC_COMPILE_IFELSE( 319 [AC_LANG_PROGRAM([[ 320#include <stdlib.h> 321__attribute__((__unused__)) static void foo(void){return;}]], 322 [[ exit(0); ]])], 323 [ AC_MSG_RESULT([yes]) ], 324 [ AC_MSG_RESULT([no]) 325 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 326 [compiler does not accept __attribute__ on return types]) ] 327) 328 329AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 330AC_COMPILE_IFELSE( 331 [AC_LANG_PROGRAM([[ 332#include <stdlib.h> 333typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 334 [[ exit(0); ]])], 335 [ AC_MSG_RESULT([yes]) ], 336 [ AC_MSG_RESULT([no]) 337 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 338 [compiler does not accept __attribute__ on prototype args]) ] 339) 340 341AC_MSG_CHECKING([if compiler supports variable length arrays]) 342AC_COMPILE_IFELSE( 343 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 344 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 345 [ AC_MSG_RESULT([yes]) 346 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 347 [compiler supports variable length arrays]) ], 348 [ AC_MSG_RESULT([no]) ] 349) 350 351AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 352AC_COMPILE_IFELSE( 353 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 354 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 355 [ AC_MSG_RESULT([yes]) 356 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 357 [compiler variable declarations after code]) ], 358 [ AC_MSG_RESULT([no]) ] 359) 360 361saved_CFLAGS="$CFLAGS" 362CFLAGS="$CFLAGS -Werror" 363AC_MSG_CHECKING([if compiler supports __nonstring__ attribute on char arrays]) 364AC_COMPILE_IFELSE( 365 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 366 [[ char __attribute__ ((__nonstring__)) h[5] = "hello"; return h[0]!='h'; ]])], 367 [ AC_MSG_RESULT([yes]) 368 AC_DEFINE(HAVE_ATTRIBUTE__NONSTRING__, [1], 369 [compiler supports nonstring attribute]) ], 370 [ AC_MSG_RESULT([no]) ] 371) 372CFLAGS="$saved_CFLAGS" 373 374if test "x$no_attrib_nonnull" != "x1" ; then 375 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 376fi 377 378AC_ARG_WITH([rpath], 379 [ --without-rpath Disable auto-added -R linker paths], 380 [ 381 if test "x$withval" = "xno" ; then 382 rpath_opt="" 383 elif test "x$withval" = "xyes" ; then 384 rpath_opt="-R" 385 else 386 rpath_opt="$withval" 387 fi 388 ] 389) 390 391# Allow user to specify flags 392AC_ARG_WITH([cflags], 393 [ --with-cflags Specify additional flags to pass to compiler], 394 [ 395 if test -n "$withval" && test "x$withval" != "xno" && \ 396 test "x${withval}" != "xyes"; then 397 CFLAGS="$CFLAGS $withval" 398 fi 399 ] 400) 401 402AC_ARG_WITH([cflags-after], 403 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 404 [ 405 if test -n "$withval" && test "x$withval" != "xno" && \ 406 test "x${withval}" != "xyes"; then 407 CFLAGS_AFTER="$withval" 408 fi 409 ] 410) 411AC_ARG_WITH([cppflags], 412 [ --with-cppflags Specify additional flags to pass to preprocessor] , 413 [ 414 if test -n "$withval" && test "x$withval" != "xno" && \ 415 test "x${withval}" != "xyes"; then 416 CPPFLAGS="$CPPFLAGS $withval" 417 fi 418 ] 419) 420AC_ARG_WITH([ldflags], 421 [ --with-ldflags Specify additional flags to pass to linker], 422 [ 423 if test -n "$withval" && test "x$withval" != "xno" && \ 424 test "x${withval}" != "xyes"; then 425 LDFLAGS="$LDFLAGS $withval" 426 fi 427 ] 428) 429AC_ARG_WITH([ldflags-after], 430 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 431 [ 432 if test -n "$withval" && test "x$withval" != "xno" && \ 433 test "x${withval}" != "xyes"; then 434 LDFLAGS_AFTER="$withval" 435 fi 436 ] 437) 438AC_ARG_WITH([libs], 439 [ --with-libs Specify additional libraries to link with], 440 [ 441 if test -n "$withval" && test "x$withval" != "xno" && \ 442 test "x${withval}" != "xyes"; then 443 LIBS="$LIBS $withval" 444 fi 445 ] 446) 447AC_ARG_WITH([Werror], 448 [ --with-Werror Build main code with -Werror], 449 [ 450 if test -n "$withval" && test "x$withval" != "xno"; then 451 werror_flags="-Werror" 452 if test "x${withval}" != "xyes"; then 453 werror_flags="$withval" 454 fi 455 fi 456 ] 457) 458 459dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 460dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 461dnl haven't detected it, recheck. 462if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 463 unset ac_cv_header_sys_stat_h 464 AC_CHECK_HEADERS([sys/stat.h]) 465fi 466 467AC_CHECK_HEADERS([ \ 468 blf.h \ 469 bstring.h \ 470 crypt.h \ 471 crypto/sha2.h \ 472 dirent.h \ 473 elf.h \ 474 err.h \ 475 features.h \ 476 fcntl.h \ 477 floatingpoint.h \ 478 fnmatch.h \ 479 getopt.h \ 480 ia.h \ 481 iaf.h \ 482 inttypes.h \ 483 langinfo.h \ 484 limits.h \ 485 locale.h \ 486 login.h \ 487 maillock.h \ 488 ndir.h \ 489 net/if_tun.h \ 490 netdb.h \ 491 pam/pam_appl.h \ 492 pty.h \ 493 readpassphrase.h \ 494 rpc/types.h \ 495 security/pam_appl.h \ 496 sha2.h \ 497 shadow.h \ 498 stddef.h \ 499 string.h \ 500 strings.h \ 501 sys/bitypes.h \ 502 sys/byteorder.h \ 503 sys/bsdtty.h \ 504 sys/cdefs.h \ 505 sys/dir.h \ 506 sys/file.h \ 507 sys/mman.h \ 508 sys/label.h \ 509 sys/ndir.h \ 510 sys/param.h \ 511 sys/poll.h \ 512 sys/prctl.h \ 513 sys/procctl.h \ 514 sys/pstat.h \ 515 sys/ptrace.h \ 516 sys/random.h \ 517 sys/select.h \ 518 sys/stream.h \ 519 sys/stropts.h \ 520 sys/strtio.h \ 521 sys/statvfs.h \ 522 sys/sysmacros.h \ 523 sys/timers.h \ 524 sys/vfs.h \ 525 tmpdir.h \ 526 ttyent.h \ 527 ucred.h \ 528 unistd.h \ 529 usersec.h \ 530 utime.h \ 531 utmp.h \ 532 utmpx.h \ 533 vis.h \ 534 wchar.h \ 535]) 536 537# Create replacement header files for common headers that are missing on this 538# platform. Usually these are just empty, but in some cases they'll include 539# the equivalent file. This avoids having to wrap those includes in 540# '#ifdef HAVE_FOO_H'. If we create any such headers, add the path to includes. 541COMPATINCLUDESDIR="openbsd-compat/include" 542COMPATINCLUDES="" 543AC_CHECK_HEADERS([ \ 544 endian.h \ 545 ifaddrs.h \ 546 libgen.h \ 547 paths.h \ 548 netgroup.h \ 549 nlist.h \ 550 poll.h \ 551 stdint.h \ 552 sys/mman.h \ 553 sys/stat.h \ 554 sys/statvfs.h \ 555 sys/time.h \ 556 sys/un.h \ 557 time.h \ 558 util.h \ 559 ], [ 560 # Remove any old shims. 561 rm -f "$COMPATINCLUDESDIR/$ac_header" 562 ], [ 563 COMPATINCLUDES="$COMPATINCLUDESDIR" 564 header="$COMPATINCLUDES/$ac_header" 565 dir=`dirname "$header"` 566 mkdir -p "$dir" 567 case "$ac_header" in 568 poll.h) echo '#ifdef HAVE_SYS_POLL_H' 569 echo '#include <sys/poll.h>' 570 echo '#endif' ;; 571 *) ;; 572 esac >"$header" 573]) 574 575dnl Now create replacement headers for those that we always want to shim. 576for include in sys/queue.h sys/tree.h; do 577 COMPATINCLUDES="$COMPATINCLUDESDIR" 578 header="$COMPATINCLUDES/$include" 579 dir=`dirname "$header"` 580 mkdir -p "$dir" 581 case "$include" in 582 sys/queue.h) 583 echo '#include "openbsd-compat/sys-queue.h"' 584 ;; 585 sys/tree.h) 586 echo '#include "openbsd-compat/sys-tree.h"' 587 ;; 588 esac >"$header" 589done 590 591AC_CHECK_DECLS([le32toh, le64toh, htole64], [], [], [ 592#ifdef HAVE_SYS_TYPES_H 593# include <sys/types.h> 594#endif 595#ifdef HAVE_STDINT_H 596# include <stdint.h> 597#endif 598#ifdef HAVE_ENDIAN_H 599# include <endian.h> 600#endif 601]) 602 603# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 604# to be included first. 605AC_CHECK_HEADERS([sys/audit.h], [], [], [ 606#ifdef HAVE_SYS_TIME_H 607# include <sys/time.h> 608#endif 609#ifdef HAVE_SYS_TYPES_H 610# include <sys/types.h> 611#endif 612#ifdef HAVE_SYS_LABEL_H 613# include <sys/label.h> 614#endif 615]) 616 617# sys/capsicum.h requires sys/types.h 618AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 619#ifdef HAVE_SYS_TYPES_H 620# include <sys/types.h> 621#endif 622]) 623 624AC_MSG_CHECKING([for caph_cache_tzdata]) 625AC_LINK_IFELSE( 626 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 627 [[caph_cache_tzdata();]])], 628 [ 629 AC_MSG_RESULT([yes]) 630 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 631 [Define if you have caph_cache_tzdata]) 632 ], 633 [ AC_MSG_RESULT([no]) ] 634) 635 636# net/route.h requires sys/socket.h and sys/types.h. 637# sys/sysctl.h also requires sys/param.h 638AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 639#ifdef HAVE_SYS_TYPES_H 640# include <sys/types.h> 641#endif 642#include <sys/param.h> 643#include <sys/socket.h> 644]) 645 646# lastlog.h requires sys/time.h to be included first on Solaris 647AC_CHECK_HEADERS([lastlog.h], [], [], [ 648#ifdef HAVE_SYS_TIME_H 649# include <sys/time.h> 650#endif 651]) 652 653# sys/ptms.h requires sys/stream.h to be included first on Solaris 654AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 655#ifdef HAVE_SYS_STREAM_H 656# include <sys/stream.h> 657#endif 658]) 659 660# login_cap.h requires sys/types.h on NetBSD 661AC_CHECK_HEADERS([login_cap.h], [], [], [ 662#include <sys/types.h> 663]) 664 665# older BSDs need sys/param.h before sys/mount.h 666AC_CHECK_HEADERS([sys/mount.h], [], [], [ 667#include <sys/param.h> 668]) 669 670# Android requires sys/socket.h to be included before sys/un.h 671AC_CHECK_HEADERS([sys/un.h], [], [], [ 672#include <sys/types.h> 673#include <sys/socket.h> 674]) 675 676# Messages for features tested for in target-specific section 677SIA_MSG="no" 678SPC_MSG="no" 679SP_MSG="no" 680SPP_MSG="no" 681 682# Support for Solaris/Illumos privileges (this test is used by both 683# the --with-solaris-privs option and --with-sandbox=solaris). 684SOLARIS_PRIVS="no" 685 686# Default shared library extension 687SHLIBEXT=".so" 688 689# See OpenBSD section in $host case below. 690need_pledge_inet="" 691 692# Check for some target-specific stuff 693case "$host" in 694*-*-aix*) 695 # Some versions of VAC won't allow macro redefinitions at 696 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 697 # particularly with older versions of vac or xlc. 698 # It also throws errors about null macro arguments, but these are 699 # not fatal. 700 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 701 AC_COMPILE_IFELSE( 702 [AC_LANG_PROGRAM([[ 703#include <stdlib.h> 704#define testmacro foo 705#define testmacro bar]], 706 [[ exit(0); ]])], 707 [ AC_MSG_RESULT([yes]) ], 708 [ AC_MSG_RESULT([no]) 709 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 710 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 711 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 712 ] 713 ) 714 715 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 716 if (test -z "$blibpath"); then 717 blibpath="/usr/lib:/lib" 718 fi 719 saved_LDFLAGS="$LDFLAGS" 720 if test "$GCC" = "yes"; then 721 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 722 else 723 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 724 fi 725 for tryflags in $flags ;do 726 if (test -z "$blibflags"); then 727 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 728 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 729 [blibflags=$tryflags], []) 730 fi 731 done 732 if (test -z "$blibflags"); then 733 AC_MSG_RESULT([not found]) 734 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 735 else 736 AC_MSG_RESULT([$blibflags]) 737 fi 738 LDFLAGS="$saved_LDFLAGS" 739 dnl Check for authenticate. Might be in libs.a on older AIXes 740 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 741 [Define if you want to enable AIX4's authenticate function])], 742 [AC_CHECK_LIB([s], [authenticate], 743 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 744 LIBS="$LIBS -ls" 745 ]) 746 ]) 747 dnl Check for various auth function declarations in headers. 748 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 749 passwdexpired, setauthdb], , , [#include <usersec.h>]) 750 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 751 AC_CHECK_DECLS([loginfailed], 752 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 753 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 754 [[ (void)loginfailed("user","host","tty",0); ]])], 755 [AC_MSG_RESULT([yes]) 756 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 757 [Define if your AIX loginfailed() function 758 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 759 ])], 760 [], 761 [#include <usersec.h>] 762 ) 763 AC_CHECK_FUNCS([getgrset setauthdb]) 764 AC_CHECK_DECL([F_CLOSEM], 765 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 766 [], 767 [ #include <limits.h> 768 #include <fcntl.h> ] 769 ) 770 check_for_aix_broken_getaddrinfo=1 771 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 772 [Define if your platform breaks doing a seteuid before a setuid]) 773 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 774 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 775 dnl AIX handles lastlog as part of its login message 776 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 777 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 778 [Some systems need a utmpx entry for /bin/login to work]) 779 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 780 [Define to a Set Process Title type if your system is 781 supported by bsd-setproctitle.c]) 782 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 783 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 784 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 785 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 786 ;; 787*-*-android*) 788 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 789 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 790 ;; 791*-*-cygwin*) 792 LIBS="$LIBS /usr/lib/textreadmode.o" 793 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 794 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 795 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 796 [Define to disable UID restoration test]) 797 AC_DEFINE([DISABLE_SHADOW], [1], 798 [Define if you want to disable shadow passwords]) 799 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 800 [Define if X11 doesn't support AF_UNIX sockets on that system]) 801 AC_DEFINE([DISABLE_FD_PASSING], [1], 802 [Define if your platform needs to skip post auth 803 file descriptor passing]) 804 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 805 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 806 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 807 # reasons which cause compile warnings, so we disable those warnings. 808 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 809 SHLIBEXT=".dll" 810 ;; 811*-*-dgux*) 812 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 813 [Define if your system choked on IP TOS setting]) 814 AC_DEFINE([SETEUID_BREAKS_SETUID]) 815 AC_DEFINE([BROKEN_SETREUID]) 816 AC_DEFINE([BROKEN_SETREGID]) 817 ;; 818*-*-darwin*) 819 use_pie=auto 820 AC_MSG_CHECKING([if we have working getaddrinfo]) 821 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 822#include <mach-o/dyld.h> 823#include <stdlib.h> 824int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 825 exit(0); 826 else 827 exit(1); 828} 829 ]])], 830 [AC_MSG_RESULT([working])], 831 [AC_MSG_RESULT([buggy]) 832 AC_DEFINE([BROKEN_GETADDRINFO], [1], 833 [getaddrinfo is broken (if present)]) 834 ], 835 [AC_MSG_RESULT([assume it is working])]) 836 AC_DEFINE([SETEUID_BREAKS_SETUID]) 837 AC_DEFINE([BROKEN_SETREUID]) 838 AC_DEFINE([BROKEN_SETREGID]) 839 broken_glob=yes # OS X glob does not do what we expect 840 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 841 [Define if your resolver libs need this for getrrsetbyname]) 842 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 843 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 844 [Use tunnel device compatibility to OpenBSD]) 845 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 846 [Prepend the address family to IP tunnel traffic]) 847 m4_pattern_allow([AU_IPv]) 848 AC_CHECK_DECL([AU_IPv4], [], 849 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 850 [#include <bsm/audit.h>] 851 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 852 [Define if pututxline updates lastlog too]) 853 ) 854 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 855 [Define to a Set Process Title type if your system is 856 supported by bsd-setproctitle.c]) 857 AC_CHECK_FUNCS([sandbox_init]) 858 AC_CHECK_HEADERS([sandbox.h]) 859 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 860 SSHDLIBS="$SSHDLIBS -lsandbox" 861 ]) 862 # proc_pidinfo()-based closefrom() replacement. 863 AC_CHECK_HEADERS([libproc.h]) 864 AC_CHECK_FUNCS([proc_pidinfo]) 865 # poll(2) is broken for character-special devices (at least). 866 # cf. Apple bug 3710161 (not public, but searchable) 867 AC_DEFINE([BROKEN_POLL], [1], 868 [System poll(2) implementation is broken]) 869 SHLIBEXT=".dylib" 870 ;; 871*-*-dragonfly*) 872 SSHDLIBS="$SSHDLIBS" 873 TEST_MALLOC_OPTIONS="AFGJPRX" 874 ;; 875*-*-haiku*) 876 LIBS="$LIBS -lbsd " 877 CFLAGS="$CFLAGS -D_BSD_SOURCE" 878 AC_CHECK_LIB([network], [socket]) 879 AC_DEFINE([HAVE_U_INT64_T]) 880 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 881 MANTYPE=man 882 ;; 883*-*-hpux*) 884 # first we define all of the options common to all HP-UX releases 885 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 886 IPADDR_IN_DISPLAY=yes 887 AC_DEFINE([USE_PIPES]) 888 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 889 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 890 [String used in /etc/passwd to denote locked account]) 891 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 892 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 893 maildir="/var/mail" 894 LIBS="$LIBS -lsec" 895 AC_CHECK_LIB([xnet], [t_error], , 896 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 897 898 # next, we define all of the options specific to major releases 899 case "$host" in 900 *-*-hpux10*) 901 if test -z "$GCC"; then 902 CFLAGS="$CFLAGS -Ae" 903 fi 904 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 905 ;; 906 *-*-hpux11*) 907 AC_DEFINE([PAM_SUN_CODEBASE], [1], 908 [Define if you are using Solaris-derived PAM which 909 passes pam_messages to the conversation function 910 with an extra level of indirection]) 911 AC_DEFINE([DISABLE_UTMP], [1], 912 [Define if you don't want to use utmp]) 913 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 914 check_for_hpux_broken_getaddrinfo=1 915 check_for_conflicting_getspnam=1 916 ;; 917 esac 918 919 # lastly, we define options specific to minor releases 920 case "$host" in 921 *-*-hpux10.26) 922 AC_DEFINE([HAVE_SECUREWARE], [1], 923 [Define if you have SecureWare-based 924 protected password database]) 925 disable_ptmx_check=yes 926 LIBS="$LIBS -lsecpw" 927 ;; 928 esac 929 ;; 930*-*-irix5*) 931 PATH="$PATH:/usr/etc" 932 AC_DEFINE([BROKEN_INET_NTOA], [1], 933 [Define if you system's inet_ntoa is busted 934 (e.g. Irix gcc issue)]) 935 AC_DEFINE([SETEUID_BREAKS_SETUID]) 936 AC_DEFINE([BROKEN_SETREUID]) 937 AC_DEFINE([BROKEN_SETREGID]) 938 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 939 [Define if you shouldn't strip 'tty' from your 940 ttyname in [uw]tmp]) 941 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 942 ;; 943*-*-irix6*) 944 PATH="$PATH:/usr/etc" 945 AC_DEFINE([WITH_IRIX_ARRAY], [1], 946 [Define if you have/want arrays 947 (cluster-wide session management, not C arrays)]) 948 AC_DEFINE([WITH_IRIX_PROJECT], [1], 949 [Define if you want IRIX project management]) 950 AC_DEFINE([WITH_IRIX_AUDIT], [1], 951 [Define if you want IRIX audit trails]) 952 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 953 [Define if you want IRIX kernel jobs])]) 954 AC_DEFINE([BROKEN_INET_NTOA]) 955 AC_DEFINE([SETEUID_BREAKS_SETUID]) 956 AC_DEFINE([BROKEN_SETREUID]) 957 AC_DEFINE([BROKEN_SETREGID]) 958 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 959 AC_DEFINE([WITH_ABBREV_NO_TTY]) 960 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 961 ;; 962*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 963 AC_DEFINE([PAM_TTY_KLUDGE]) 964 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 965 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 966 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 967 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 968 ;; 969*-*-linux*) 970 no_dev_ptmx=1 971 use_pie=auto 972 check_for_openpty_ctty_bug=1 973 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 974 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 975 dnl _GNU_SOURCE is needed for setres*id prototypes. 976 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 977 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 978 AC_DEFINE([PAM_TTY_KLUDGE], [1], 979 [Work around problematic Linux PAM modules handling of PAM_TTY]) 980 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 981 [String used in /etc/passwd to denote locked account]) 982 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 983 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 984 [Define to whatever link() returns for "not supported" 985 if it doesn't return EOPNOTSUPP.]) 986 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 987 AC_DEFINE([USE_BTMP]) 988 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 989 AC_ARG_WITH([linux-memlock-onfault], 990 [ --with-linux-memlock-onfault Enables memory locking on Linux], 991 [ 992 if test "x$withval" != "xno" ; then 993 AC_MSG_CHECKING([for MCL_ONFAULT]) 994 AC_COMPILE_IFELSE([AC_LANG_PROGRAM( 995 [[ #include <sys/mman.h> ]], 996 [[ mlockall(MCL_FUTURE | MCL_ONFAULT); ]], 997 )], 998 [ 999 AC_MSG_RESULT([supported]) 1000 AC_DEFINE([LINUX_MEMLOCK_ONFAULT], [1], 1001 [Lock all memory to protect sshd against Linux kcompactd] )], 1002 [ 1003 AC_MSG_RESULT([not supported]) 1004 AC_MSG_ERROR([MCL_ONFAULT is not available on your system]) 1005 ]) 1006 fi 1007 ], 1008 ) 1009 1010 AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload]) 1011 inet6_default_4in6=yes 1012 case `uname -r` in 1013 1.*|2.0.*) 1014 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 1015 [Define if cmsg_type is not passed correctly]) 1016 ;; 1017 esac 1018 # tun(4) forwarding compat code 1019 AC_CHECK_HEADERS([linux/if_tun.h]) 1020 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 1021 AC_DEFINE([SSH_TUN_LINUX], [1], 1022 [Open tunnel devices the Linux tun/tap way]) 1023 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 1024 [Use tunnel device compatibility to OpenBSD]) 1025 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1026 [Prepend the address family to IP tunnel traffic]) 1027 fi 1028 AC_CHECK_HEADER([linux/if.h], 1029 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 1030 [Support routing domains using Linux VRF]), [], [ 1031#ifdef HAVE_SYS_TYPES_H 1032# include <sys/types.h> 1033#endif 1034 ]) 1035 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 1036 [], [#include <linux/types.h>]) 1037 # Obtain MIPS ABI 1038 case "$host" in 1039 mips*) 1040 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1041#if _MIPS_SIM != _ABIO32 1042#error 1043#endif 1044 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1045#if _MIPS_SIM != _ABIN32 1046#error 1047#endif 1048 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1049#if _MIPS_SIM != _ABI64 1050#error 1051#endif 1052 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 1053 ]) 1054 ]) 1055 ]) 1056 ;; 1057 esac 1058 AC_MSG_CHECKING([for seccomp architecture]) 1059 seccomp_audit_arch= 1060 case "$host" in 1061 x86_64-*) 1062 seccomp_audit_arch=AUDIT_ARCH_X86_64 1063 ;; 1064 i*86-*) 1065 seccomp_audit_arch=AUDIT_ARCH_I386 1066 ;; 1067 arm*-*) 1068 seccomp_audit_arch=AUDIT_ARCH_ARM 1069 ;; 1070 aarch64*-*) 1071 seccomp_audit_arch=AUDIT_ARCH_AARCH64 1072 ;; 1073 s390x-*) 1074 seccomp_audit_arch=AUDIT_ARCH_S390X 1075 ;; 1076 s390-*) 1077 seccomp_audit_arch=AUDIT_ARCH_S390 1078 ;; 1079 powerpc-*) 1080 seccomp_audit_arch=AUDIT_ARCH_PPC 1081 ;; 1082 powerpc64-*) 1083 seccomp_audit_arch=AUDIT_ARCH_PPC64 1084 ;; 1085 powerpc64le-*) 1086 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 1087 ;; 1088 mips-*) 1089 seccomp_audit_arch=AUDIT_ARCH_MIPS 1090 ;; 1091 mipsel-*) 1092 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 1093 ;; 1094 mips64-*) 1095 case "$mips_abi" in 1096 "n32") 1097 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 1098 ;; 1099 "n64") 1100 seccomp_audit_arch=AUDIT_ARCH_MIPS64 1101 ;; 1102 esac 1103 ;; 1104 mips64el-*) 1105 case "$mips_abi" in 1106 "n32") 1107 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 1108 ;; 1109 "n64") 1110 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1111 ;; 1112 esac 1113 ;; 1114 riscv64-*) 1115 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1116 ;; 1117 esac 1118 if test "x$seccomp_audit_arch" != "x" ; then 1119 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1120 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1121 [Specify the system call convention in use]) 1122 else 1123 AC_MSG_RESULT([architecture not supported]) 1124 fi 1125 ;; 1126*-*-minix) 1127 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1128 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1129 AC_DEFINE([BROKEN_POLL], [1], 1130 [System poll(2) implementation is broken]) 1131 ;; 1132mips-sony-bsd|mips-sony-newsos4) 1133 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1134 SONY=1 1135 ;; 1136*-*-netbsd*) 1137 if test "x$withval" != "xno" ; then 1138 rpath_opt="-R" 1139 fi 1140 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1141 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1142 AC_CHECK_HEADER([net/if_tap.h], , 1143 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1144 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1145 [Prepend the address family to IP tunnel traffic]) 1146 TEST_MALLOC_OPTIONS="AJRX" 1147 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1148 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1149 ;; 1150*-*-freebsd*) 1151 SKIP_DISABLE_LASTLOG_DEFINE=yes 1152 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1153 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1154 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 1155 [Use tunnel device compatibility to OpenBSD]) 1156 AC_CHECK_HEADER([net/if_tap.h], , 1157 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1158 broken_glob=yes # FreeBSD glob does not do what we need 1159 TEST_MALLOC_OPTIONS="AJRX" 1160 # Preauth crypto occasionally uses file descriptors for crypto offload 1161 # and will crash if they cannot be opened. 1162 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1163 [define if setrlimit RLIMIT_NOFILE breaks things]) 1164 case "$host" in 1165 *-*-freebsd9.*|*-*-freebsd10.*) 1166 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1167 disable_capsicum=yes 1168 esac 1169 ;; 1170*-*-bsdi*) 1171 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1172 AC_DEFINE([BROKEN_SETREUID]) 1173 AC_DEFINE([BROKEN_SETREGID]) 1174 ;; 1175*-next-*) 1176 conf_lastlog_location="/usr/adm/lastlog" 1177 conf_utmp_location=/etc/utmp 1178 conf_wtmp_location=/usr/adm/wtmp 1179 maildir=/usr/spool/mail 1180 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1181 AC_DEFINE([USE_PIPES]) 1182 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1183 ;; 1184*-*-openbsd*) 1185 use_pie=auto 1186 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1187 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1188 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1189 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1190 [syslog_r function is safe to use in in a signal handler]) 1191 TEST_MALLOC_OPTIONS="SJRU" 1192 AC_MSG_CHECKING([whether pledge(2) allows IP_TOS]) 1193 AC_RUN_IFELSE( 1194 [AC_LANG_PROGRAM([[ 1195#include <sys/socket.h> 1196#include <netinet/in.h> 1197#include <unistd.h> 1198#include <stdlib.h> 1199#include <err.h> 1200 ]], [[ 1201int s, one = 1; 1202if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1) 1203 err(1, "socket"); 1204if (pledge("stdio", NULL) == -1) 1205 err(1, "pledge"); 1206if (setsockopt(s, IPPROTO_IP, IP_TOS, &one, sizeof(one)) == -1) 1207 err(1, "setsockopt"); 1208 ]])], 1209 [ AC_MSG_RESULT([yes]) ], [ 1210 AC_MSG_RESULT([no]) 1211 need_pledge_inet=1 1212 ], 1213 [ AC_MSG_WARN([cross compiling: cannot test]) ]) 1214 ;; 1215*-*-solaris*) 1216 if test "x$withval" != "xno" ; then 1217 rpath_opt="-R" 1218 fi 1219 AC_DEFINE([PAM_SUN_CODEBASE]) 1220 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1221 AC_DEFINE([PAM_TTY_KLUDGE]) 1222 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1223 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1224 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1225 [Define if sshd somehow reacquires a controlling TTY 1226 after setsid()]) 1227 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1228 in case the name is longer than 8 chars]) 1229 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1230 external_path_file=/etc/default/login 1231 # hardwire lastlog location (can't detect it on some versions) 1232 conf_lastlog_location="/var/adm/lastlog" 1233 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1234 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1235 if test "$sol2ver" -ge 8; then 1236 AC_MSG_RESULT([yes]) 1237 AC_DEFINE([DISABLE_UTMP]) 1238 AC_DEFINE([DISABLE_WTMP], [1], 1239 [Define if you don't want to use wtmp]) 1240 else 1241 AC_MSG_RESULT([no]) 1242 fi 1243 AC_CHECK_FUNCS([setpflags]) 1244 AC_CHECK_FUNCS([setppriv]) 1245 AC_CHECK_FUNCS([priv_basicset]) 1246 AC_CHECK_HEADERS([priv.h]) 1247 AC_ARG_WITH([solaris-contracts], 1248 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1249 [ 1250 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1251 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1252 [Define if you have Solaris process contracts]) 1253 LIBS="$LIBS -lcontract" 1254 SPC_MSG="yes" ], ) 1255 ], 1256 ) 1257 AC_ARG_WITH([solaris-projects], 1258 [ --with-solaris-projects Enable Solaris projects (experimental)], 1259 [ 1260 AC_CHECK_LIB([project], [setproject], 1261 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1262 [Define if you have Solaris projects]) 1263 LIBS="$LIBS -lproject" 1264 SP_MSG="yes" ], ) 1265 ], 1266 ) 1267 AC_ARG_WITH([solaris-privs], 1268 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1269 [ 1270 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1271 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1272 "x$ac_cv_header_priv_h" = "xyes" ; then 1273 SOLARIS_PRIVS=yes 1274 AC_MSG_RESULT([found]) 1275 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1276 [Define to disable UID restoration test]) 1277 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1278 [Define if you have Solaris privileges]) 1279 SPP_MSG="yes" 1280 else 1281 AC_MSG_RESULT([not found]) 1282 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1283 fi 1284 ], 1285 ) 1286 TEST_SHELL=$SHELL # let configure find us a capable shell 1287 ;; 1288*-*-sunos4*) 1289 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1290 AC_CHECK_FUNCS([getpwanam]) 1291 AC_DEFINE([PAM_SUN_CODEBASE]) 1292 conf_utmp_location=/etc/utmp 1293 conf_wtmp_location=/var/adm/wtmp 1294 conf_lastlog_location=/var/adm/lastlog 1295 AC_DEFINE([USE_PIPES]) 1296 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1297 ;; 1298*-ncr-sysv*) 1299 LIBS="$LIBS -lc89" 1300 AC_DEFINE([USE_PIPES]) 1301 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1302 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1303 AC_DEFINE([BROKEN_SETREUID]) 1304 AC_DEFINE([BROKEN_SETREGID]) 1305 ;; 1306*-sni-sysv*) 1307 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1308 AC_CHECK_LIB([dl], [dlsym], ,) 1309 # -lresolv needs to be at the end of LIBS or DNS lookups break 1310 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1311 IPADDR_IN_DISPLAY=yes 1312 AC_DEFINE([USE_PIPES]) 1313 AC_DEFINE([IP_TOS_IS_BROKEN]) 1314 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1315 AC_DEFINE([BROKEN_SETREUID]) 1316 AC_DEFINE([BROKEN_SETREGID]) 1317 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1318 external_path_file=/etc/default/login 1319 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1320 # Attention: always take care to bind libsocket and libnsl before libc, 1321 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1322 ;; 1323# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1324*-*-sysv4.2*) 1325 AC_DEFINE([USE_PIPES]) 1326 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1327 AC_DEFINE([BROKEN_SETREUID]) 1328 AC_DEFINE([BROKEN_SETREGID]) 1329 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1330 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1331 TEST_SHELL=$SHELL # let configure find us a capable shell 1332 ;; 1333# UnixWare 7.x, OpenUNIX 8 1334*-*-sysv5*) 1335 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1336 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1337 AC_DEFINE([USE_PIPES]) 1338 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1339 AC_DEFINE([BROKEN_GETADDRINFO]) 1340 AC_DEFINE([BROKEN_SETREUID]) 1341 AC_DEFINE([BROKEN_SETREGID]) 1342 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1343 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1344 TEST_SHELL=$SHELL # let configure find us a capable shell 1345 case "$host" in 1346 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1347 maildir=/var/spool/mail 1348 AC_DEFINE([BROKEN_UPDWTMPX]) 1349 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1350 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1351 ], , ) 1352 ;; 1353 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1354 ;; 1355 esac 1356 ;; 1357*-*-sysv*) 1358 ;; 1359# SCO UNIX and OEM versions of SCO UNIX 1360*-*-sco3.2v4*) 1361 AC_MSG_ERROR("This Platform is no longer supported.") 1362 ;; 1363# SCO OpenServer 5.x 1364*-*-sco3.2v5*) 1365 if test -z "$GCC"; then 1366 CFLAGS="$CFLAGS -belf" 1367 fi 1368 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1369 no_dev_ptmx=1 1370 AC_DEFINE([USE_PIPES]) 1371 AC_DEFINE([HAVE_SECUREWARE]) 1372 AC_DEFINE([DISABLE_SHADOW]) 1373 AC_DEFINE([DISABLE_FD_PASSING]) 1374 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1375 AC_DEFINE([BROKEN_GETADDRINFO]) 1376 AC_DEFINE([BROKEN_SETREUID]) 1377 AC_DEFINE([BROKEN_SETREGID]) 1378 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1379 AC_DEFINE([BROKEN_UPDWTMPX]) 1380 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1381 AC_CHECK_FUNCS([getluid setluid]) 1382 MANTYPE=man 1383 TEST_SHELL=$SHELL # let configure find us a capable shell 1384 SKIP_DISABLE_LASTLOG_DEFINE=yes 1385 ;; 1386*-dec-osf*) 1387 AC_MSG_CHECKING([for Digital Unix SIA]) 1388 no_osfsia="" 1389 AC_ARG_WITH([osfsia], 1390 [ --with-osfsia Enable Digital Unix SIA], 1391 [ 1392 if test "x$withval" = "xno" ; then 1393 AC_MSG_RESULT([disabled]) 1394 no_osfsia=1 1395 fi 1396 ], 1397 ) 1398 if test -z "$no_osfsia" ; then 1399 if test -f /etc/sia/matrix.conf; then 1400 AC_MSG_RESULT([yes]) 1401 AC_DEFINE([HAVE_OSF_SIA], [1], 1402 [Define if you have Digital Unix Security 1403 Integration Architecture]) 1404 AC_DEFINE([DISABLE_LOGIN], [1], 1405 [Define if you don't want to use your 1406 system's login() call]) 1407 AC_DEFINE([DISABLE_FD_PASSING]) 1408 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1409 SIA_MSG="yes" 1410 else 1411 AC_MSG_RESULT([no]) 1412 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1413 [String used in /etc/passwd to denote locked account]) 1414 fi 1415 fi 1416 AC_DEFINE([BROKEN_GETADDRINFO]) 1417 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1418 AC_DEFINE([BROKEN_SETREUID]) 1419 AC_DEFINE([BROKEN_SETREGID]) 1420 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1421 ;; 1422 1423*-*-nto-qnx*) 1424 AC_DEFINE([USE_PIPES]) 1425 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1426 AC_DEFINE([DISABLE_LASTLOG]) 1427 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1428 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1429 enable_etc_default_login=no # has incompatible /etc/default/login 1430 case "$host" in 1431 *-*-nto-qnx6*) 1432 AC_DEFINE([DISABLE_FD_PASSING]) 1433 ;; 1434 esac 1435 ;; 1436 1437*-*-ultrix*) 1438 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1439 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1440 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1441 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1442 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1443 # don't get a controlling tty. 1444 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1445 # On Ultrix some headers are not protected against multiple includes, 1446 # so we create wrappers and put it where the compiler will find it. 1447 AC_MSG_WARN([creating compat wrappers for headers]) 1448 mkdir -p netinet 1449 for header in netinet/ip.h netdb.h resolv.h; do 1450 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1451 cat >$header <<EOD 1452#ifndef _SSH_COMPAT_${name} 1453#define _SSH_COMPAT_${name} 1454#include "/usr/include/${header}" 1455#endif 1456EOD 1457 done 1458 ;; 1459 1460*-*-lynxos) 1461 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1462 AC_DEFINE([BROKEN_SETVBUF], [1], 1463 [LynxOS has broken setvbuf() implementation]) 1464 ;; 1465*-*-gnu*) 1466 dnl GNU Hurd. Needs to be after the linux and the other *-gnu entries. 1467 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 1468 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 1469 dnl _GNU_SOURCE is needed for setres*id prototypes. 1470 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 1471 ;; 1472esac 1473 1474AC_MSG_CHECKING([compiler and flags for sanity]) 1475AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1476 [ AC_MSG_RESULT([yes]) ], 1477 [ 1478 AC_MSG_RESULT([no]) 1479 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1480 ], 1481 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1482) 1483 1484dnl Finish up special pledge(2) handling from above. 1485if test -z "$need_pledge_inet" ; then 1486 AC_DEFINE_UNQUOTED([PLEDGE_EXTRA_INET], []) 1487else 1488 AC_DEFINE_UNQUOTED([PLEDGE_EXTRA_INET], ["inet "], 1489 [need inet in pledge for setsockopt IP_TOS]) 1490fi 1491 1492dnl Checks for header files. 1493# Checks for libraries. 1494AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1495 1496dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1497AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1498 AC_CHECK_LIB([gen], [dirname], [ 1499 AC_CACHE_CHECK([for broken dirname], 1500 ac_cv_have_broken_dirname, [ 1501 save_LIBS="$LIBS" 1502 LIBS="$LIBS -lgen" 1503 AC_RUN_IFELSE( 1504 [AC_LANG_SOURCE([[ 1505#include <libgen.h> 1506#include <string.h> 1507#include <stdlib.h> 1508 1509int main(int argc, char **argv) { 1510 char *s, buf[32]; 1511 1512 strncpy(buf,"/etc", 32); 1513 s = dirname(buf); 1514 if (!s || strncmp(s, "/", 32) != 0) { 1515 exit(1); 1516 } else { 1517 exit(0); 1518 } 1519} 1520 ]])], 1521 [ ac_cv_have_broken_dirname="no" ], 1522 [ ac_cv_have_broken_dirname="yes" ], 1523 [ ac_cv_have_broken_dirname="no" ], 1524 ) 1525 LIBS="$save_LIBS" 1526 ]) 1527 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1528 LIBS="$LIBS -lgen" 1529 AC_DEFINE([HAVE_DIRNAME]) 1530 AC_CHECK_HEADERS([libgen.h]) 1531 fi 1532 ]) 1533]) 1534 1535AC_CHECK_FUNC([getspnam], , 1536 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1537AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1538 [Define if you have the basename function.])]) 1539 1540dnl sqrt() only used in unit tests. 1541AC_CHECK_FUNC([sqrt], , 1542 [AC_CHECK_LIB([m], [sqrt], [TESTLIBS="$TESTLIBS -lm"])]) 1543AC_SUBST([TESTLIBS]) 1544 1545dnl zlib defaults to enabled 1546zlib=yes 1547AC_ARG_WITH([zlib], 1548 [ --with-zlib=PATH Use zlib in PATH], 1549 [ if test "x$withval" = "xno" ; then 1550 zlib=no 1551 elif test "x$withval" != "xyes"; then 1552 if test -d "$withval/lib"; then 1553 if test -n "${rpath_opt}"; then 1554 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1555 else 1556 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1557 fi 1558 else 1559 if test -n "${rpath_opt}"; then 1560 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1561 else 1562 LDFLAGS="-L${withval} ${LDFLAGS}" 1563 fi 1564 fi 1565 if test -d "$withval/include"; then 1566 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1567 else 1568 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1569 fi 1570 fi ] 1571) 1572 1573# These libraries are needed for anything that links in the channel code. 1574CHANNELLIBS="" 1575AC_MSG_CHECKING([for zlib]) 1576if test "x${zlib}" = "xno"; then 1577 AC_MSG_RESULT([no]) 1578else 1579 saved_LIBS="$LIBS" 1580 CHANNELLIBS="$CHANNELLIBS -lz" 1581 AC_MSG_RESULT([yes]) 1582 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1583 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1584 AC_CHECK_LIB([z], [deflate], [], 1585 [ 1586 saved_CPPFLAGS="$CPPFLAGS" 1587 saved_LDFLAGS="$LDFLAGS" 1588 dnl Check default zlib install dir 1589 if test -n "${rpath_opt}"; then 1590 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1591 else 1592 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1593 fi 1594 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1595 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1596 [ 1597 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1598 ] 1599 ) 1600 ] 1601 ) 1602 1603 AC_ARG_WITH([zlib-version-check], 1604 [ --without-zlib-version-check Disable zlib version check], 1605 [ if test "x$withval" = "xno" ; then 1606 zlib_check_nonfatal=1 1607 fi 1608 ] 1609 ) 1610 1611 AC_MSG_CHECKING([for possibly buggy zlib]) 1612 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1613#include <stdio.h> 1614#include <stdlib.h> 1615#include <zlib.h> 1616 ]], 1617 [[ 1618 int a=0, b=0, c=0, d=0, n, v; 1619 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1620 if (n < 1) 1621 exit(1); 1622 v = a*1000000 + b*10000 + c*100 + d; 1623 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1624 1625 /* 1.1.4 is OK */ 1626 if (a == 1 && b == 1 && c >= 4) 1627 exit(0); 1628 1629 /* 1.2.3 and up are OK */ 1630 if (v >= 1020300) 1631 exit(0); 1632 1633 exit(2); 1634 ]])], 1635 AC_MSG_RESULT([no]), 1636 [ AC_MSG_RESULT([yes]) 1637 if test -z "$zlib_check_nonfatal" ; then 1638 AC_MSG_ERROR([*** zlib too old - check config.log *** 1639Your reported zlib version has known security problems. It's possible your 1640vendor has fixed these problems without changing the version number. If you 1641are sure this is the case, you can disable the check by running 1642"./configure --without-zlib-version-check". 1643If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1644See http://www.gzip.org/zlib/ for details.]) 1645 else 1646 AC_MSG_WARN([zlib version may have security problems]) 1647 fi 1648 ], 1649 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1650 ) 1651 LIBS="$saved_LIBS" 1652fi 1653 1654dnl UnixWare 2.x 1655AC_CHECK_FUNC([strcasecmp], 1656 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1657) 1658AC_CHECK_FUNCS([utimes], 1659 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1660 LIBS="$LIBS -lc89"]) ] 1661) 1662 1663dnl Checks for libutil functions 1664AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1665AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1666AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1667AC_SEARCH_LIBS([login], [util bsd]) 1668AC_SEARCH_LIBS([logout], [util bsd]) 1669AC_SEARCH_LIBS([logwtmp], [util bsd]) 1670AC_SEARCH_LIBS([openpty], [util bsd]) 1671AC_SEARCH_LIBS([updwtmp], [util bsd]) 1672AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1673 1674# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1675# or libnsl. 1676AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1677AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1678 1679# Some Linux distribtions ship the BSD libc hashing functions in 1680# separate libraries. 1681AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1682 1683# "Particular Function Checks" 1684# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1685AC_FUNC_STRFTIME 1686AC_FUNC_MALLOC 1687AC_FUNC_REALLOC 1688# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1689AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1690AC_RUN_IFELSE( 1691 [AC_LANG_PROGRAM( 1692 [[ #include <stdlib.h> ]], 1693 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1694 )], 1695 [ func_calloc_0_nonnull=yes ], 1696 [ func_calloc_0_nonnull=no ], 1697 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1698 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1699) 1700AC_MSG_RESULT([$func_calloc_0_nonnull]) 1701 1702if test "x$func_calloc_0_nonnull" = "xyes"; then 1703 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1704else 1705 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1706 AC_DEFINE(calloc, rpl_calloc, 1707 [Define to rpl_calloc if the replacement function should be used.]) 1708fi 1709 1710dnl Figure out if we have a system glob, and if so if we can use it. 1711AC_CHECK_FUNCS([glob], 1712 [ AC_CHECK_HEADERS([glob.h], 1713 [use_system_glob=yes], 1714 [use_system_glob=no]) 1715 ], 1716 use_system_glob=no 1717) 1718 1719# Check for ALTDIRFUNC glob() extension 1720AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1721AC_EGREP_CPP([FOUNDIT], 1722 [ 1723 #include <glob.h> 1724 #ifdef GLOB_ALTDIRFUNC 1725 FOUNDIT 1726 #endif 1727 ], 1728 [ 1729 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1730 [Define if your system glob() function has 1731 the GLOB_ALTDIRFUNC extension]) 1732 AC_MSG_RESULT([yes]) 1733 ], 1734 [ 1735 AC_MSG_RESULT([no]) 1736 use_system_glob=no 1737 ] 1738) 1739 1740# Check for g.gl_matchc glob() extension 1741AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1742AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1743 [[ glob_t g; g.gl_matchc = 1; ]])], 1744 [ 1745 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1746 [Define if your system glob() function has 1747 gl_matchc options in glob_t]) 1748 AC_MSG_RESULT([yes]) 1749 ], [ 1750 AC_MSG_RESULT([no]) 1751 use_system_glob=no 1752 ] 1753) 1754 1755# Check for g.gl_statv glob() extension 1756AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1757AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1758#ifndef GLOB_KEEPSTAT 1759#error "glob does not support GLOB_KEEPSTAT extension" 1760#endif 1761glob_t g; 1762g.gl_statv = NULL; 1763]])], 1764 [ 1765 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1766 [Define if your system glob() function has 1767 gl_statv options in glob_t]) 1768 AC_MSG_RESULT([yes]) 1769 ], [ 1770 AC_MSG_RESULT([no]) 1771 use_system_glob=no 1772 ] 1773) 1774 1775AC_CHECK_DECLS([GLOB_NOMATCH], , [use_system_glob=no], [#include <glob.h>]) 1776 1777if test "x$broken_glob" = "xyes"; then 1778 AC_DEFINE([BROKEN_GLOB], [1], [Do not use system glob]) 1779 use_system_glob=no 1780fi 1781 1782dnl If we don't have a system glob, or we do but we're not using it, then 1783dnl create a glob.h shim so we don't have to sprinkle ifdefs everywhere. 1784AC_MSG_CHECKING([if we can use the system glob]) 1785if test "x$use_system_glob" = "xyes" ; then 1786 AC_MSG_RESULT([yes]) 1787 # Remove any old shims. 1788 rm -f "$COMPATINCLUDESDIR/glob.h" 1789else 1790 AC_MSG_RESULT([no]) 1791 COMPATINCLUDES="$COMPATINCLUDESDIR" 1792 mkdir -p "$COMPATINCLUDES" 1793 echo '#include "openbsd-compat/glob.h"' >$COMPATINCLUDES/glob.h 1794fi 1795 1796AC_CHECK_DECL([VIS_ALL], , 1797 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1798 1799AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1800AC_RUN_IFELSE( 1801 [AC_LANG_PROGRAM([[ 1802#include <sys/types.h> 1803#include <dirent.h> 1804#include <stdlib.h> 1805 ]], 1806 [[ 1807 struct dirent d; 1808 exit(sizeof(d.d_name)<=sizeof(char)); 1809 ]])], 1810 [AC_MSG_RESULT([yes])], 1811 [ 1812 AC_MSG_RESULT([no]) 1813 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1814 [Define if your struct dirent expects you to 1815 allocate extra space for d_name]) 1816 ], 1817 [ 1818 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1819 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1820 ] 1821) 1822 1823AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [[ 1824#ifdef HAVE_DIRENT_H 1825#include <dirent.h> 1826#endif 1827]]) 1828 1829AC_MSG_CHECKING([for /proc/pid/fd directory]) 1830if test -d "/proc/$$/fd" ; then 1831 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1832 AC_MSG_RESULT([yes]) 1833else 1834 AC_MSG_RESULT([no]) 1835fi 1836 1837# Check whether user wants TCP wrappers support 1838TCPW_MSG="no" 1839AC_ARG_WITH([tcp-wrappers], 1840 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1841 [ 1842 if test "x$withval" != "xno" ; then 1843 saved_LIBS="$LIBS" 1844 saved_LDFLAGS="$LDFLAGS" 1845 saved_CPPFLAGS="$CPPFLAGS" 1846 if test -n "${withval}" && \ 1847 test "x${withval}" != "xyes"; then 1848 if test -d "${withval}/lib"; then 1849 if test -n "${need_dash_r}"; then 1850 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1851 else 1852 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1853 fi 1854 else 1855 if test -n "${need_dash_r}"; then 1856 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1857 else 1858 LDFLAGS="-L${withval} ${LDFLAGS}" 1859 fi 1860 fi 1861 if test -d "${withval}/include"; then 1862 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1863 else 1864 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1865 fi 1866 fi 1867 LIBS="-lwrap $LIBS" 1868 AC_MSG_CHECKING([for libwrap]) 1869 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1870#include <sys/types.h> 1871#include <sys/socket.h> 1872#include <netinet/in.h> 1873#include <tcpd.h> 1874int deny_severity = 0, allow_severity = 0; 1875 ]], [[ 1876 hosts_access(0); 1877 ]])], [ 1878 AC_MSG_RESULT([yes]) 1879 AC_DEFINE([LIBWRAP], [1], 1880 [Define if you want 1881 TCP Wrappers support]) 1882 SSHDLIBS="$SSHDLIBS -lwrap" 1883 TCPW_MSG="yes" 1884 ], [ 1885 AC_MSG_ERROR([*** libwrap missing]) 1886 ]) 1887 LIBS="$saved_LIBS" 1888 fi 1889 ] 1890) 1891 1892# Check whether user wants to use ldns 1893LDNS_MSG="no" 1894AC_ARG_WITH(ldns, 1895 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1896 [ 1897 ldns="" 1898 if test "x$withval" = "xyes" ; then 1899 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1900 if test "x$LDNSCONFIG" = "xno"; then 1901 LIBS="-lldns $LIBS" 1902 ldns=yes 1903 else 1904 LIBS="$LIBS `$LDNSCONFIG --libs`" 1905 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1906 ldns=yes 1907 fi 1908 elif test "x$withval" != "xno" ; then 1909 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1910 LDFLAGS="$LDFLAGS -L${withval}/lib" 1911 LIBS="-lldns $LIBS" 1912 ldns=yes 1913 fi 1914 1915 # Verify that it works. 1916 if test "x$ldns" = "xyes" ; then 1917 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1918 LDNS_MSG="yes" 1919 AC_MSG_CHECKING([for ldns support]) 1920 AC_LINK_IFELSE( 1921 [AC_LANG_SOURCE([[ 1922#include <stdio.h> 1923#include <stdlib.h> 1924#ifdef HAVE_STDINT_H 1925# include <stdint.h> 1926#endif 1927#include <ldns/ldns.h> 1928int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1929 ]]) 1930 ], 1931 [AC_MSG_RESULT(yes)], 1932 [ 1933 AC_MSG_RESULT(no) 1934 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1935 ]) 1936 fi 1937]) 1938 1939# Check whether user wants libedit support 1940LIBEDIT_MSG="no" 1941AC_ARG_WITH([libedit], 1942 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1943 [ if test "x$withval" != "xno" ; then 1944 if test "x$withval" = "xyes" ; then 1945 if test "x$PKGCONFIG" != "xno"; then 1946 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1947 if "$PKGCONFIG" libedit; then 1948 AC_MSG_RESULT([yes]) 1949 use_pkgconfig_for_libedit=yes 1950 else 1951 AC_MSG_RESULT([no]) 1952 fi 1953 fi 1954 else 1955 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1956 if test -n "${rpath_opt}"; then 1957 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1958 else 1959 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1960 fi 1961 fi 1962 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1963 LIBEDIT=`$PKGCONFIG --libs libedit` 1964 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1965 else 1966 LIBEDIT="-ledit -lcurses" 1967 fi 1968 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1969 AC_CHECK_LIB([edit], [el_init], 1970 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1971 LIBEDIT_MSG="yes" 1972 AC_SUBST([LIBEDIT]) 1973 ], 1974 [ AC_MSG_ERROR([libedit not found]) ], 1975 [ $OTHERLIBS ] 1976 ) 1977 AC_MSG_CHECKING([if libedit version is compatible]) 1978 AC_COMPILE_IFELSE( 1979 [AC_LANG_PROGRAM([[ 1980#include <histedit.h> 1981#include <stdlib.h> 1982 ]], 1983 [[ 1984 int i = H_SETSIZE; 1985 el_init("", NULL, NULL, NULL); 1986 exit(0); 1987 ]])], 1988 [ AC_MSG_RESULT([yes]) ], 1989 [ AC_MSG_RESULT([no]) 1990 AC_MSG_ERROR([libedit version is not compatible]) ] 1991 ) 1992 fi ] 1993) 1994 1995# Check whether user wants wtmpdb support 1996WTMPDB_MSG="no" 1997AC_ARG_WITH([wtmpdb], 1998 [ --with-wtmpdb[[=PATH]] Enable wtmpdb support for sshd], 1999 [ if test "x$withval" != "xno" ; then 2000 if test "x$withval" = "xyes" ; then 2001 if test "x$PKGCONFIG" != "xno"; then 2002 AC_MSG_CHECKING([if $PKGCONFIG knows about wtmpdb]) 2003 if "$PKGCONFIG" libwtmpdb; then 2004 AC_MSG_RESULT([yes]) 2005 use_pkgconfig_for_libwtmpdb=yes 2006 else 2007 AC_MSG_RESULT([no]) 2008 fi 2009 fi 2010 else 2011 CPPFLAGS="$CPPFLAGS -I${withval}/include" 2012 if test -n "${rpath_opt}"; then 2013 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2014 else 2015 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2016 fi 2017 fi 2018 if test "x$use_pkgconfig_for_libwtmpdb" = "xyes"; then 2019 LIBWTMPDB=`$PKGCONFIG --libs libwtmpdb` 2020 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libwtmpdb`" 2021 else 2022 LIBWTMPDB="-lwtmpdb" 2023 fi 2024 OTHERLIBS=`echo $LIBWTMPDB | sed 's/-lwtmpdb//'` 2025 AC_CHECK_LIB([wtmpdb], [wtmpdb_login], 2026 [ AC_DEFINE([USE_WTMPDB], [1], [Use libwtmpdb for sshd]) 2027 WTMPDB_MSG="yes" 2028 AC_SUBST([LIBWTMPDB]) 2029 ], 2030 [ AC_MSG_ERROR([libwtmpdb not found]) ], 2031 [ $OTHERLIBS ] 2032 ) 2033 fi ] 2034) 2035 2036 2037AUDIT_MODULE=none 2038AC_ARG_WITH([audit], 2039 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 2040 [ 2041 AC_MSG_CHECKING([for supported audit module]) 2042 case "$withval" in 2043 bsm) 2044 AC_MSG_RESULT([bsm]) 2045 AUDIT_MODULE=bsm 2046 dnl Checks for headers, libs and functions 2047 AC_CHECK_HEADERS([bsm/audit.h], [], 2048 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 2049 [ 2050#ifdef HAVE_TIME_H 2051# include <time.h> 2052#endif 2053 ] 2054) 2055 AC_CHECK_LIB([bsm], [getaudit], [], 2056 [AC_MSG_ERROR([BSM enabled and required library not found])]) 2057 AC_CHECK_FUNCS([getaudit], [], 2058 [AC_MSG_ERROR([BSM enabled and required function not found])]) 2059 # These are optional 2060 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 2061 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 2062 if test "$sol2ver" -ge 11; then 2063 SSHDLIBS="$SSHDLIBS -lscf" 2064 AC_DEFINE([BROKEN_BSM_API], [1], 2065 [The system has incomplete BSM API]) 2066 fi 2067 ;; 2068 linux) 2069 AC_MSG_RESULT([linux]) 2070 AUDIT_MODULE=linux 2071 dnl Checks for headers, libs and functions 2072 AC_CHECK_HEADERS([libaudit.h]) 2073 SSHDLIBS="$SSHDLIBS -laudit" 2074 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 2075 ;; 2076 debug) 2077 AUDIT_MODULE=debug 2078 AC_MSG_RESULT([debug]) 2079 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 2080 ;; 2081 no) 2082 AC_MSG_RESULT([no]) 2083 ;; 2084 *) 2085 AC_MSG_ERROR([Unknown audit module $withval]) 2086 ;; 2087 esac ] 2088) 2089 2090AC_ARG_WITH([pie], 2091 [ --with-pie Build Position Independent Executables if possible], [ 2092 if test "x$withval" = "xno"; then 2093 use_pie=no 2094 fi 2095 if test "x$withval" = "xyes"; then 2096 use_pie=yes 2097 fi 2098 ] 2099) 2100if test "x$use_pie" = "x"; then 2101 use_pie=no 2102fi 2103if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 2104 # Turn off automatic PIE when toolchain hardening is off. 2105 use_pie=no 2106fi 2107if test "x$use_pie" = "xauto"; then 2108 # Automatic PIE requires gcc >= 4.x 2109 AC_MSG_CHECKING([for gcc >= 4.x]) 2110 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 2111#if !defined(__GNUC__) || __GNUC__ < 4 2112#error gcc is too old 2113#endif 2114]])], 2115 [ AC_MSG_RESULT([yes]) ], 2116 [ AC_MSG_RESULT([no]) 2117 use_pie=no ] 2118) 2119fi 2120if test "x$use_pie" != "xno"; then 2121 SAVED_CFLAGS="$CFLAGS" 2122 SAVED_LDFLAGS="$LDFLAGS" 2123 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 2124 OSSH_CHECK_LDFLAG_LINK([-pie]) 2125 # We use both -fPIE and -pie or neither. 2126 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 2127 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 2128 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 2129 AC_MSG_RESULT([yes]) 2130 else 2131 AC_MSG_RESULT([no]) 2132 CFLAGS="$SAVED_CFLAGS" 2133 LDFLAGS="$SAVED_LDFLAGS" 2134 fi 2135fi 2136 2137AC_MSG_CHECKING([whether -fPIC is accepted]) 2138SAVED_CFLAGS="$CFLAGS" 2139CFLAGS="$CFLAGS -fPIC" 2140AC_COMPILE_IFELSE( 2141 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 2142 [AC_MSG_RESULT([yes]) 2143 PICFLAG="-fPIC"; ], 2144 [AC_MSG_RESULT([no]) 2145 PICFLAG=""; ]) 2146CFLAGS="$SAVED_CFLAGS" 2147AC_SUBST([PICFLAG]) 2148 2149dnl Checks for library functions. Please keep in alphabetical order 2150AC_CHECK_FUNCS([ \ 2151 auth_hostok \ 2152 auth_timeok \ 2153 Blowfish_initstate \ 2154 Blowfish_expandstate \ 2155 Blowfish_expand0state \ 2156 Blowfish_stream2word \ 2157 SHA256Update \ 2158 SHA384Update \ 2159 SHA512Update \ 2160 asprintf \ 2161 b64_ntop \ 2162 __b64_ntop \ 2163 b64_pton \ 2164 __b64_pton \ 2165 bcopy \ 2166 bcrypt_pbkdf \ 2167 bindresvport_sa \ 2168 blf_enc \ 2169 bzero \ 2170 cap_rights_limit \ 2171 clock \ 2172 closefrom \ 2173 close_range \ 2174 dirfd \ 2175 endgrent \ 2176 err \ 2177 errx \ 2178 explicit_bzero \ 2179 explicit_memset \ 2180 fchmod \ 2181 fchmodat \ 2182 fchown \ 2183 fchownat \ 2184 flock \ 2185 fnmatch \ 2186 freeaddrinfo \ 2187 freezero \ 2188 fstatat \ 2189 fstatfs \ 2190 fstatvfs \ 2191 futimes \ 2192 getaddrinfo \ 2193 getcwd \ 2194 getentropy \ 2195 getgrouplist \ 2196 getline \ 2197 getnameinfo \ 2198 getopt \ 2199 getpeereid \ 2200 getpeerucred \ 2201 getpgid \ 2202 _getpty \ 2203 getrlimit \ 2204 getrandom \ 2205 getsid \ 2206 getttyent \ 2207 group_from_gid \ 2208 inet_aton \ 2209 inet_ntoa \ 2210 inet_ntop \ 2211 innetgr \ 2212 killpg \ 2213 llabs \ 2214 localtime_r \ 2215 login_getcapbool \ 2216 login_getpwclass \ 2217 memmem \ 2218 memmove \ 2219 memset_s \ 2220 mkdtemp \ 2221 mmap \ 2222 ngetaddrinfo \ 2223 nlist \ 2224 nsleep \ 2225 ogetaddrinfo \ 2226 openlog_r \ 2227 pledge \ 2228 poll \ 2229 ppoll \ 2230 prctl \ 2231 procctl \ 2232 pselect \ 2233 pstat \ 2234 raise \ 2235 readpassphrase \ 2236 reallocarray \ 2237 realpath \ 2238 recvmsg \ 2239 recallocarray \ 2240 rresvport_af \ 2241 sendmsg \ 2242 setdtablesize \ 2243 setegid \ 2244 setenv \ 2245 seteuid \ 2246 setgroupent \ 2247 setgroups \ 2248 setlinebuf \ 2249 setlogin \ 2250 setpassent\ 2251 setpcred \ 2252 setproctitle \ 2253 setregid \ 2254 setreuid \ 2255 setrlimit \ 2256 setsid \ 2257 setvbuf \ 2258 sigaction \ 2259 sigvec \ 2260 snprintf \ 2261 socketpair \ 2262 statfs \ 2263 statvfs \ 2264 strcasestr \ 2265 strdup \ 2266 strerror \ 2267 strlcat \ 2268 strlcpy \ 2269 strmode \ 2270 strndup \ 2271 strnlen \ 2272 strnvis \ 2273 strptime \ 2274 strsignal \ 2275 strtonum \ 2276 strtoll \ 2277 strtoul \ 2278 strtoull \ 2279 sysconf \ 2280 tcgetpgrp \ 2281 timegm \ 2282 timingsafe_bcmp \ 2283 truncate \ 2284 unlinkat \ 2285 unsetenv \ 2286 unveil \ 2287 updwtmpx \ 2288 utimensat \ 2289 user_from_uid \ 2290 usleep \ 2291 vasprintf \ 2292 vsnprintf \ 2293 waitpid \ 2294 warn \ 2295]) 2296 2297AC_MSG_CHECKING([whether compiler supports __builtin_popcount]) 2298AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 2299 #include <stdlib.h> 2300 ]], 2301 [[ int x = 123, y; 2302 y = __builtin_popcount(123); 2303 exit(y == 6 ? 0 : -1); ]])], 2304 [ AC_MSG_RESULT([yes]) ], [ 2305 AC_MSG_RESULT([no]) 2306 AC_DEFINE([MISSING_BUILTIN_POPCOUNT], [1], [Define if your compiler lacks __builtin_popcount]) 2307 ] 2308) 2309 2310AC_CHECK_DECLS([bzero, memmem]) 2311 2312dnl Wide character support. 2313AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2314 2315TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2316AC_MSG_CHECKING([for utf8 locale support]) 2317AC_RUN_IFELSE( 2318 [AC_LANG_PROGRAM([[ 2319#include <locale.h> 2320#include <stdlib.h> 2321 ]], [[ 2322 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2323 if (loc != NULL) 2324 exit(0); 2325 exit(1); 2326 ]])], 2327 AC_MSG_RESULT(yes), 2328 [AC_MSG_RESULT(no) 2329 TEST_SSH_UTF8=no], 2330 AC_MSG_WARN([cross compiling: assuming yes]) 2331) 2332 2333AC_LINK_IFELSE( 2334 [AC_LANG_PROGRAM( 2335 [[ #include <ctype.h> ]], 2336 [[ return (isblank('a')); ]])], 2337 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2338]) 2339 2340disable_pkcs11= 2341AC_ARG_ENABLE([pkcs11], 2342 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2343 [ 2344 if test "x$enableval" = "xno" ; then 2345 disable_pkcs11=1 2346 fi 2347 ] 2348) 2349 2350disable_sk= 2351AC_ARG_ENABLE([security-key], 2352 [ --disable-security-key disable U2F/FIDO support code [no]], 2353 [ 2354 if test "x$enableval" = "xno" ; then 2355 disable_sk=1 2356 fi 2357 ] 2358) 2359enable_sk_internal= 2360AC_ARG_WITH([security-key-builtin], 2361 [ --with-security-key-builtin include builtin U2F/FIDO support], 2362 [ enable_sk_internal=$withval ] 2363) 2364 2365enable_sk_standalone= 2366AC_ARG_WITH([security-key-standalone], 2367 [ --with-security-key-standalone build standalone sk-libfido2 SecurityKeyProvider], 2368 [ enable_sk_standalone=$withval ] 2369) 2370 2371AC_SEARCH_LIBS([dlopen], [dl]) 2372AC_CHECK_FUNCS([dlopen]) 2373AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2374 2375# IRIX has a const char return value for gai_strerror() 2376AC_CHECK_FUNCS([gai_strerror], [ 2377 AC_DEFINE([HAVE_GAI_STRERROR]) 2378 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2379#include <sys/types.h> 2380#include <sys/socket.h> 2381#include <netdb.h> 2382 2383const char *gai_strerror(int); 2384 ]], [[ 2385 char *str; 2386 str = gai_strerror(0); 2387 ]])], [ 2388 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2389 [Define if gai_strerror() returns const char *])], [])]) 2390 2391AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2392 [Some systems put nanosleep outside of libc])]) 2393 2394AC_SEARCH_LIBS([clock_gettime], [rt], 2395 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2396 2397dnl check if we need -D_REENTRANT for localtime_r declaration. 2398AC_CHECK_DECL([localtime_r], [], 2399 [ saved_CPPFLAGS="$CPPFLAGS" 2400 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2401 unset ac_cv_have_decl_localtime_r 2402 AC_CHECK_DECL([localtime_r], [], 2403 [ CPPFLAGS="$saved_CPPFLAGS" ], 2404 [ #include <time.h> ] 2405 ) 2406 ], 2407 [ #include <time.h> ] 2408) 2409 2410dnl Make sure prototypes are defined for these before using them. 2411AC_CHECK_DECL([strsep], 2412 [AC_CHECK_FUNCS([strsep])], 2413 [], 2414 [ 2415#ifdef HAVE_STRING_H 2416# include <string.h> 2417#endif 2418 ]) 2419 2420dnl tcsendbreak might be a macro 2421AC_CHECK_DECL([tcsendbreak], 2422 [AC_DEFINE([HAVE_TCSENDBREAK])], 2423 [AC_CHECK_FUNCS([tcsendbreak])], 2424 [#include <termios.h>] 2425) 2426 2427AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2428 2429AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2430 [ 2431#include <sys/types.h> 2432#include <sys/socket.h> 2433#include <unistd.h> 2434 ]) 2435 2436AC_CHECK_DECLS([O_NONBLOCK], , , 2437 [ 2438#include <sys/types.h> 2439#ifdef HAVE_SYS_STAT_H 2440# include <sys/stat.h> 2441#endif 2442#ifdef HAVE_FCNTL_H 2443# include <fcntl.h> 2444#endif 2445 ]) 2446 2447AC_CHECK_DECLS([ftruncate, getentropy], , , 2448 [ 2449#include <sys/types.h> 2450#include <unistd.h> 2451 ]) 2452 2453AC_CHECK_DECLS([readv, writev], , , [ 2454#include <sys/types.h> 2455#include <sys/uio.h> 2456#include <unistd.h> 2457 ]) 2458 2459AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2460#include <sys/param.h> 2461 ]) 2462 2463AC_CHECK_DECLS([offsetof], , , [ 2464#include <stddef.h> 2465 ]) 2466 2467AC_CHECK_DECLS([INFINITY], , 2468 AC_CHECK_DECLS(__builtin_inff), 2469 [#include <math.h>] 2470) 2471 2472# extra bits for select(2) 2473AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2474#include <sys/param.h> 2475#include <sys/types.h> 2476#ifdef HAVE_SYS_SYSMACROS_H 2477#include <sys/sysmacros.h> 2478#endif 2479#ifdef HAVE_SYS_SELECT_H 2480#include <sys/select.h> 2481#endif 2482#ifdef HAVE_SYS_TIME_H 2483#include <sys/time.h> 2484#endif 2485#ifdef HAVE_UNISTD_H 2486#include <unistd.h> 2487#endif 2488 ]]) 2489AC_CHECK_TYPES([fd_mask], [], [], [[ 2490#include <sys/param.h> 2491#include <sys/types.h> 2492#ifdef HAVE_SYS_SELECT_H 2493#include <sys/select.h> 2494#endif 2495#ifdef HAVE_SYS_TIME_H 2496#include <sys/time.h> 2497#endif 2498#ifdef HAVE_UNISTD_H 2499#include <unistd.h> 2500#endif 2501 ]]) 2502 2503AC_CHECK_FUNCS([setresuid], [ 2504 dnl Some platorms have setresuid that isn't implemented, test for this 2505 AC_MSG_CHECKING([if setresuid seems to work]) 2506 AC_RUN_IFELSE( 2507 [AC_LANG_PROGRAM([[ 2508#include <errno.h> 2509#include <stdlib.h> 2510#include <unistd.h> 2511 ]], [[ 2512 errno=0; 2513 setresuid(0,0,0); 2514 if (errno==ENOSYS) 2515 exit(1); 2516 else 2517 exit(0); 2518 ]])], 2519 [AC_MSG_RESULT([yes])], 2520 [AC_DEFINE([BROKEN_SETRESUID], [1], 2521 [Define if your setresuid() is broken]) 2522 AC_MSG_RESULT([not implemented])], 2523 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2524 ) 2525]) 2526 2527AC_CHECK_FUNCS([setresgid], [ 2528 dnl Some platorms have setresgid that isn't implemented, test for this 2529 AC_MSG_CHECKING([if setresgid seems to work]) 2530 AC_RUN_IFELSE( 2531 [AC_LANG_PROGRAM([[ 2532#include <errno.h> 2533#include <stdlib.h> 2534#include <unistd.h> 2535 ]], [[ 2536 errno=0; 2537 setresgid(0,0,0); 2538 if (errno==ENOSYS) 2539 exit(1); 2540 else 2541 exit(0); 2542 ]])], 2543 [AC_MSG_RESULT([yes])], 2544 [AC_DEFINE([BROKEN_SETRESGID], [1], 2545 [Define if your setresgid() is broken]) 2546 AC_MSG_RESULT([not implemented])], 2547 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2548 ) 2549]) 2550 2551AC_MSG_CHECKING([for working fflush(NULL)]) 2552AC_RUN_IFELSE( 2553 [AC_LANG_PROGRAM([[ 2554#include <stdio.h> 2555#include <stdlib.h> 2556 ]], 2557 [[fflush(NULL); exit(0);]])], 2558 AC_MSG_RESULT([yes]), 2559 [AC_MSG_RESULT([no]) 2560 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2561 [define if fflush(NULL) does not work])], 2562 AC_MSG_WARN([cross compiling: assuming working]) 2563) 2564 2565dnl Checks for time functions 2566AC_CHECK_FUNCS([gettimeofday time]) 2567dnl Checks for utmp functions 2568AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2569AC_CHECK_FUNCS([utmpname]) 2570dnl Checks for utmpx functions 2571AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2572AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2573dnl Checks for lastlog functions 2574AC_CHECK_FUNCS([getlastlogxbyname]) 2575 2576AC_CHECK_FUNC([daemon], 2577 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2578 [AC_CHECK_LIB([bsd], [daemon], 2579 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2580) 2581 2582AC_CHECK_FUNC([getpagesize], 2583 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2584 [Define if your libraries define getpagesize()])], 2585 [AC_CHECK_LIB([ucb], [getpagesize], 2586 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2587) 2588 2589# Check for broken snprintf 2590if test "x$ac_cv_func_snprintf" = "xyes" ; then 2591 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2592 AC_RUN_IFELSE( 2593 [AC_LANG_PROGRAM([[ 2594#include <stdio.h> 2595#include <stdlib.h> 2596 ]], 2597 [[ 2598 char b[5]; 2599 snprintf(b,5,"123456789"); 2600 exit(b[4]!='\0'); 2601 ]])], 2602 [AC_MSG_RESULT([yes])], 2603 [ 2604 AC_MSG_RESULT([no]) 2605 AC_DEFINE([BROKEN_SNPRINTF], [1], 2606 [Define if your snprintf is busted]) 2607 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2608 ], 2609 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2610 ) 2611fi 2612 2613if test "x$ac_cv_func_snprintf" = "xyes" ; then 2614 AC_MSG_CHECKING([whether snprintf understands %zu]) 2615 AC_RUN_IFELSE( 2616 [AC_LANG_PROGRAM([[ 2617#include <sys/types.h> 2618#include <stdio.h> 2619#include <stdlib.h> 2620#include <string.h> 2621 ]], 2622 [[ 2623 size_t a = 1, b = 2; 2624 char z[128]; 2625 snprintf(z, sizeof z, "%zu%zu", a, b); 2626 exit(strcmp(z, "12")); 2627 ]])], 2628 [AC_MSG_RESULT([yes])], 2629 [ 2630 AC_MSG_RESULT([no]) 2631 AC_DEFINE([BROKEN_SNPRINTF], [1], 2632 [snprintf does not understand %zu]) 2633 ], 2634 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2635 ) 2636fi 2637 2638# We depend on vsnprintf returning the right thing on overflow: the 2639# number of characters it tried to create (as per SUSv3) 2640if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2641 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2642 AC_RUN_IFELSE( 2643 [AC_LANG_PROGRAM([[ 2644#include <sys/types.h> 2645#include <stdio.h> 2646#include <stdarg.h> 2647 2648int x_snprintf(char *str, size_t count, const char *fmt, ...) 2649{ 2650 size_t ret; 2651 va_list ap; 2652 2653 va_start(ap, fmt); 2654 ret = vsnprintf(str, count, fmt, ap); 2655 va_end(ap); 2656 return ret; 2657} 2658 ]], [[ 2659char x[1]; 2660if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2661 return 1; 2662if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2663 return 1; 2664return 0; 2665 ]])], 2666 [AC_MSG_RESULT([yes])], 2667 [ 2668 AC_MSG_RESULT([no]) 2669 AC_DEFINE([BROKEN_SNPRINTF], [1], 2670 [Define if your snprintf is busted]) 2671 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2672 ], 2673 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2674 ) 2675fi 2676 2677# On systems where [v]snprintf is broken, but is declared in stdio, 2678# check that the fmt argument is const char * or just char *. 2679# This is only useful for when BROKEN_SNPRINTF 2680AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2681AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2682#ifdef _FORTIFY_SOURCE 2683#undef _FORTIFY_SOURCE 2684#endif 2685#include <stdio.h> 2686int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2687 ]], [[ 2688 snprintf(0, 0, 0); 2689 ]])], 2690 [AC_MSG_RESULT([yes]) 2691 AC_DEFINE([SNPRINTF_CONST], [const], 2692 [Define as const if snprintf() can declare const char *fmt])], 2693 [AC_MSG_RESULT([no]) 2694 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2695 2696# Check for missing getpeereid (or equiv) support 2697NO_PEERCHECK="" 2698if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2699 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2700 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2701#include <sys/types.h> 2702#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2703 [ AC_MSG_RESULT([yes]) 2704 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2705 ], [AC_MSG_RESULT([no]) 2706 NO_PEERCHECK=1 2707 ]) 2708fi 2709 2710dnl make sure that openpty does not reacquire controlling terminal 2711if test ! -z "$check_for_openpty_ctty_bug"; then 2712 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2713 AC_RUN_IFELSE( 2714 [AC_LANG_PROGRAM([[ 2715#include <stdio.h> 2716#include <stdlib.h> 2717#include <unistd.h> 2718#ifdef HAVE_PTY_H 2719# include <pty.h> 2720#endif 2721#include <sys/fcntl.h> 2722#include <sys/types.h> 2723#include <sys/wait.h> 2724 ]], [[ 2725 pid_t pid; 2726 int fd, ptyfd, ttyfd, status; 2727 2728 pid = fork(); 2729 if (pid < 0) { /* failed */ 2730 exit(1); 2731 } else if (pid > 0) { /* parent */ 2732 waitpid(pid, &status, 0); 2733 if (WIFEXITED(status)) 2734 exit(WEXITSTATUS(status)); 2735 else 2736 exit(2); 2737 } else { /* child */ 2738 close(0); close(1); close(2); 2739 setsid(); 2740 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2741 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2742 if (fd >= 0) 2743 exit(3); /* Acquired ctty: broken */ 2744 else 2745 exit(0); /* Did not acquire ctty: OK */ 2746 } 2747 ]])], 2748 [ 2749 AC_MSG_RESULT([yes]) 2750 ], 2751 [ 2752 AC_MSG_RESULT([no]) 2753 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2754 ], 2755 [ 2756 AC_MSG_RESULT([cross-compiling, assuming yes]) 2757 ] 2758 ) 2759fi 2760 2761if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2762 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2763 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2764 AC_RUN_IFELSE( 2765 [AC_LANG_PROGRAM([[ 2766#include <stdio.h> 2767#include <stdlib.h> 2768#include <sys/socket.h> 2769#include <netdb.h> 2770#include <errno.h> 2771#include <netinet/in.h> 2772 2773#define TEST_PORT "2222" 2774 ]], [[ 2775 int err, sock; 2776 struct addrinfo *gai_ai, *ai, hints; 2777 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2778 2779 memset(&hints, 0, sizeof(hints)); 2780 hints.ai_family = PF_UNSPEC; 2781 hints.ai_socktype = SOCK_STREAM; 2782 hints.ai_flags = AI_PASSIVE; 2783 2784 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2785 if (err != 0) { 2786 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2787 exit(1); 2788 } 2789 2790 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2791 if (ai->ai_family != AF_INET6) 2792 continue; 2793 2794 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2795 sizeof(ntop), strport, sizeof(strport), 2796 NI_NUMERICHOST|NI_NUMERICSERV); 2797 2798 if (err != 0) { 2799 if (err == EAI_SYSTEM) 2800 perror("getnameinfo EAI_SYSTEM"); 2801 else 2802 fprintf(stderr, "getnameinfo failed: %s\n", 2803 gai_strerror(err)); 2804 exit(2); 2805 } 2806 2807 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2808 if (sock < 0) 2809 perror("socket"); 2810 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2811 if (errno == EBADF) 2812 exit(3); 2813 } 2814 } 2815 exit(0); 2816 ]])], 2817 [ 2818 AC_MSG_RESULT([yes]) 2819 ], 2820 [ 2821 AC_MSG_RESULT([no]) 2822 AC_DEFINE([BROKEN_GETADDRINFO]) 2823 ], 2824 [ 2825 AC_MSG_RESULT([cross-compiling, assuming yes]) 2826 ] 2827 ) 2828fi 2829 2830if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2831 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2832 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2833 AC_RUN_IFELSE( 2834 [AC_LANG_PROGRAM([[ 2835#include <stdio.h> 2836#include <stdlib.h> 2837#include <sys/socket.h> 2838#include <netdb.h> 2839#include <errno.h> 2840#include <netinet/in.h> 2841 2842#define TEST_PORT "2222" 2843 ]], [[ 2844 int err, sock; 2845 struct addrinfo *gai_ai, *ai, hints; 2846 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2847 2848 memset(&hints, 0, sizeof(hints)); 2849 hints.ai_family = PF_UNSPEC; 2850 hints.ai_socktype = SOCK_STREAM; 2851 hints.ai_flags = AI_PASSIVE; 2852 2853 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2854 if (err != 0) { 2855 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2856 exit(1); 2857 } 2858 2859 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2860 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2861 continue; 2862 2863 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2864 sizeof(ntop), strport, sizeof(strport), 2865 NI_NUMERICHOST|NI_NUMERICSERV); 2866 2867 if (ai->ai_family == AF_INET && err != 0) { 2868 perror("getnameinfo"); 2869 exit(2); 2870 } 2871 } 2872 exit(0); 2873 ]])], 2874 [ 2875 AC_MSG_RESULT([yes]) 2876 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2877 [Define if you have a getaddrinfo that fails 2878 for the all-zeros IPv6 address]) 2879 ], 2880 [ 2881 AC_MSG_RESULT([no]) 2882 AC_DEFINE([BROKEN_GETADDRINFO]) 2883 ], 2884 [ 2885 AC_MSG_RESULT([cross-compiling, assuming no]) 2886 ] 2887 ) 2888fi 2889 2890if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2891 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2892 [#include <sys/types.h> 2893 #include <sys/socket.h> 2894 #include <netdb.h>]) 2895fi 2896 2897if test "x$check_for_conflicting_getspnam" = "x1"; then 2898 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2899 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2900#include <shadow.h> 2901#include <stdlib.h> 2902 ]], 2903 [[ exit(0); ]])], 2904 [ 2905 AC_MSG_RESULT([no]) 2906 ], 2907 [ 2908 AC_MSG_RESULT([yes]) 2909 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2910 [Conflicting defs for getspnam]) 2911 ] 2912 ) 2913fi 2914 2915dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2916dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2917dnl for over ten years). Despite this incompatibility being reported during 2918dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2919dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2920dnl implementation. Try to detect this mess, and assume the only safe option 2921dnl if we're cross compiling. 2922dnl 2923dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2924dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2925if test "x$ac_cv_func_strnvis" = "xyes"; then 2926 AC_MSG_CHECKING([for working strnvis]) 2927 AC_RUN_IFELSE( 2928 [AC_LANG_PROGRAM([[ 2929#include <signal.h> 2930#include <stdlib.h> 2931#include <string.h> 2932#include <unistd.h> 2933#include <vis.h> 2934static void sighandler(int sig) { _exit(1); } 2935 ]], [[ 2936 char dst[16]; 2937 2938 signal(SIGSEGV, sighandler); 2939 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2940 exit(0); 2941 exit(1) 2942 ]])], 2943 [AC_MSG_RESULT([yes])], 2944 [AC_MSG_RESULT([no]) 2945 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2946 [AC_MSG_WARN([cross compiling: assuming broken]) 2947 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2948 ) 2949fi 2950 2951AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2952AC_RUN_IFELSE( 2953 [AC_LANG_PROGRAM([[ 2954#ifdef HAVE_SYS_SELECT 2955# include <sys/select.h> 2956#endif 2957#include <sys/types.h> 2958#include <sys/time.h> 2959#include <stdlib.h> 2960#include <signal.h> 2961#include <unistd.h> 2962static void sighandler(int sig) { } 2963 ]], [[ 2964 int r; 2965 pid_t pid; 2966 struct sigaction sa; 2967 2968 sa.sa_handler = sighandler; 2969 sa.sa_flags = SA_RESTART; 2970 (void)sigaction(SIGTERM, &sa, NULL); 2971 if ((pid = fork()) == 0) { /* child */ 2972 pid = getppid(); 2973 sleep(1); 2974 kill(pid, SIGTERM); 2975 sleep(1); 2976 if (getppid() == pid) /* if parent did not exit, shoot it */ 2977 kill(pid, SIGKILL); 2978 exit(0); 2979 } else { /* parent */ 2980 r = select(0, NULL, NULL, NULL, NULL); 2981 } 2982 exit(r == -1 ? 0 : 1); 2983 ]])], 2984 [AC_MSG_RESULT([yes])], 2985 [AC_MSG_RESULT([no]) 2986 AC_DEFINE([NO_SA_RESTART], [1], 2987 [SA_RESTARTed signals do no interrupt select])], 2988 [AC_MSG_WARN([cross compiling: assuming yes])] 2989) 2990 2991AC_CHECK_FUNCS([getpgrp],[ 2992 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2993 AC_COMPILE_IFELSE( 2994 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2995 [ AC_MSG_RESULT([yes]) 2996 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2997 [ AC_MSG_RESULT([no]) 2998 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2999 ) 3000]) 3001 3002# Search for OpenSSL 3003saved_CPPFLAGS="$CPPFLAGS" 3004saved_LDFLAGS="$LDFLAGS" 3005openssl_bin_PATH="$PATH" 3006AC_ARG_WITH([ssl-dir], 3007 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 3008 [ 3009 if test "x$openssl" = "xno" ; then 3010 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 3011 fi 3012 if test "x$withval" != "xno" ; then 3013 case "$withval" in 3014 # Relative paths 3015 ./*|../*) withval="`pwd`/$withval" 3016 esac 3017 if test -d "$withval/lib"; then 3018 libcrypto_path="${withval}/lib" 3019 elif test -d "$withval/lib64"; then 3020 libcrypto_path="$withval/lib64" 3021 else 3022 # Built but not installed 3023 libcrypto_path="${withval}" 3024 fi 3025 if test -n "${rpath_opt}"; then 3026 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 3027 else 3028 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 3029 fi 3030 if test -d "$withval/include"; then 3031 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 3032 else 3033 CPPFLAGS="-I${withval} ${CPPFLAGS}" 3034 fi 3035 dnl Ensure specified openssl binary works, eg it can 3036 dnl find its runtime libraries, before trying to use. 3037 if test -x "${withval}/bin/openssl" && \ 3038 "${withval}/bin/openssl" version >/dev/null 2>&1; then 3039 openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" 3040 elif test -x "${withval}/apps/openssl" && \ 3041 "${withval}/apps/openssl" version >/dev/null 2>&1; then 3042 openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" 3043 fi 3044 fi 3045 ] 3046) 3047AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 3048AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 3049 3050AC_ARG_WITH([openssl-header-check], 3051 [ --without-openssl-header-check Disable OpenSSL version consistency check], 3052 [ 3053 if test "x$withval" = "xno" ; then 3054 openssl_check_nonfatal=1 3055 fi 3056 ] 3057) 3058 3059openssl_engine=no 3060AC_ARG_WITH([ssl-engine], 3061 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 3062 [ 3063 if test "x$withval" != "xno" ; then 3064 if test "x$openssl" = "xno" ; then 3065 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 3066 fi 3067 openssl_engine=yes 3068 fi 3069 ] 3070) 3071 3072nocrypto_saved_LIBS="$LIBS" 3073if test "x$openssl" = "xyes" ; then 3074 LIBS="-lcrypto $LIBS" 3075 CHANNELLIBS="-lcrypto $CHANNELLIBS" 3076 AC_TRY_LINK_FUNC([RAND_add], , [ 3077 # As of early 2026, BoringSSL libcrypto needs -lstdc++ for 3078 # destructors so try that before giving up. 3079 LIBS="$LIBS -lstdc++" 3080 CHANNELLIBS="$CHANNELLIBS -lstdc++" 3081 AC_TRY_LINK_FUNC([RAND_add], , [ 3082 AC_MSG_ERROR([*** working libcrypto not found, check config.log]) 3083 ]) 3084 ]) 3085 AC_CHECK_HEADER([openssl/opensslv.h], , 3086 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 3087 3088 # Determine OpenSSL header version 3089 AC_MSG_CHECKING([OpenSSL header version]) 3090 AC_RUN_IFELSE( 3091 [AC_LANG_PROGRAM([[ 3092 #include <stdlib.h> 3093 #include <stdio.h> 3094 #include <string.h> 3095 #include <openssl/opensslv.h> 3096 #define DATA "conftest.sslincver" 3097 ]], [[ 3098 FILE *fd; 3099 int rc; 3100 3101 fd = fopen(DATA,"w"); 3102 if(fd == NULL) 3103 exit(1); 3104 3105 if ((rc = fprintf(fd, "%08lx (%s)\n", 3106 (unsigned long)OPENSSL_VERSION_NUMBER, 3107 OPENSSL_VERSION_TEXT)) < 0) 3108 exit(1); 3109 3110 exit(0); 3111 ]])], 3112 [ 3113 ssl_header_ver=`cat conftest.sslincver` 3114 AC_MSG_RESULT([$ssl_header_ver]) 3115 ], 3116 [ 3117 AC_MSG_RESULT([failed]) 3118 AC_MSG_ERROR([OpenSSL version test program failed.]) 3119 ], 3120 [ 3121 AC_MSG_WARN([cross compiling: not checking]) 3122 ] 3123 ) 3124 3125 # Determining OpenSSL library version is version dependent. 3126 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 3127 3128 # Determine OpenSSL library version 3129 AC_MSG_CHECKING([OpenSSL library version]) 3130 AC_RUN_IFELSE( 3131 [AC_LANG_PROGRAM([[ 3132 #include <stdio.h> 3133 #include <stdlib.h> 3134 #include <string.h> 3135 #include <openssl/opensslv.h> 3136 #include <openssl/crypto.h> 3137 #define DATA "conftest.ssllibver" 3138 ]], [[ 3139 FILE *f; 3140 /* We need these legacy bits to warn for old libcrypto */ 3141 #ifndef OPENSSL_VERSION 3142 # define OPENSSL_VERSION SSLEAY_VERSION 3143 #endif 3144 #ifndef HAVE_OPENSSL_VERSION 3145 # define OpenSSL_version SSLeay_version 3146 #endif 3147 #ifndef HAVE_OPENSSL_VERSION_NUM 3148 # define OpenSSL_version_num SSLeay 3149 #endif 3150 if ((f = fopen(DATA, "w")) == NULL) 3151 exit(1); 3152 if (fprintf(f, "%08lx (%s)", 3153 (unsigned long)OpenSSL_version_num(), 3154 OpenSSL_version(OPENSSL_VERSION)) < 0) 3155 exit(1); 3156#ifdef LIBRESSL_VERSION_NUMBER 3157 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) 3158 exit(1); 3159#endif 3160 if (fputc('\n', f) == EOF || fclose(f) == EOF) 3161 exit(1); 3162 exit(0); 3163 ]])], 3164 [ 3165 sslver=`cat conftest.ssllibver` 3166 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` 3167 # Check version is supported. 3168 case "$sslver" in 3169 100*|10100*) # 1.0.x, 1.1.0x 3170 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) 3171 ;; 3172 101*) ;; # 1.1.x 3173 200*) # LibreSSL 3174 lver=`echo "$sslver" | sed 's/.*libressl-//'` 3175 case "$lver" in 3176 2*|300*) # 2.x, 3.0.0 3177 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) 3178 ;; 3179 *) ;; # Assume all other versions are good. 3180 esac 3181 ;; 3182 30*|40*) 3183 # OpenSSL 3 & 4; we use the 1.1x API 3184 # https://openssl.org/policies/general/versioning-policy.html 3185 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 3186 ;; 3187 *) 3188 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) 3189 ;; 3190 esac 3191 AC_MSG_RESULT([$ssl_showver]) 3192 ], 3193 [ 3194 AC_MSG_RESULT([not found]) 3195 AC_MSG_ERROR([OpenSSL library not found.]) 3196 ], 3197 [ 3198 AC_MSG_WARN([cross compiling: not checking]) 3199 ] 3200 ) 3201 3202 case "$host" in 3203 x86_64-*) 3204 case "$sslver" in 3205 3000004*) 3206 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 3207 ;; 3208 esac 3209 esac 3210 3211 # Sanity check OpenSSL headers 3212 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 3213 AC_RUN_IFELSE( 3214 [AC_LANG_PROGRAM([[ 3215 #include <stdlib.h> 3216 #include <string.h> 3217 #include <openssl/opensslv.h> 3218 #include <openssl/crypto.h> 3219 ]], [[ 3220 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 3221 ]])], 3222 [ 3223 AC_MSG_RESULT([yes]) 3224 ], 3225 [ 3226 AC_MSG_RESULT([no]) 3227 if test "x$openssl_check_nonfatal" = "x"; then 3228 AC_MSG_ERROR([Your OpenSSL headers do not match your 3229 library. Check config.log for details. 3230 If you are sure your installation is consistent, you can disable the check 3231 by running "./configure --without-openssl-header-check". 3232 Also see contrib/findssl.sh for help identifying header/library mismatches. 3233 ]) 3234 else 3235 AC_MSG_WARN([Your OpenSSL headers do not match your 3236 library. Check config.log for details. 3237 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 3238 fi 3239 ], 3240 [ 3241 AC_MSG_WARN([cross compiling: not checking]) 3242 ] 3243 ) 3244 3245 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 3246 AC_LINK_IFELSE( 3247 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3248 [[ ERR_load_crypto_strings(); ]])], 3249 [ 3250 AC_MSG_RESULT([yes]) 3251 ], 3252 [ 3253 AC_MSG_RESULT([no]) 3254 LIBS="$LIBS -ldl" 3255 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 3256 AC_LINK_IFELSE( 3257 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3258 [[ ERR_load_crypto_strings(); ]])], 3259 [ 3260 AC_MSG_RESULT([yes]) 3261 CHANNELLIBS="$CHANNELLIBS -ldl" 3262 ], 3263 [ 3264 AC_MSG_RESULT([no]) 3265 ] 3266 ) 3267 ] 3268 ) 3269 3270 AC_CHECK_FUNCS([ \ 3271 BN_is_prime_ex \ 3272 DES_crypt \ 3273 EVP_DigestSign \ 3274 EVP_DigestVerify \ 3275 EVP_DigestFinal_ex \ 3276 EVP_DigestInit_ex \ 3277 EVP_MD_CTX_cleanup \ 3278 EVP_MD_CTX_copy_ex \ 3279 EVP_MD_CTX_init \ 3280 HMAC_CTX_init \ 3281 RSA_generate_key_ex \ 3282 RSA_get_default_method \ 3283 ]) 3284 3285 # LibreSSL/OpenSSL API differences 3286 AC_CHECK_FUNCS([ \ 3287 EC_POINT_get_affine_coordinates \ 3288 EC_POINT_get_affine_coordinates_GFp \ 3289 EC_POINT_set_affine_coordinates \ 3290 EC_POINT_set_affine_coordinates_GFp \ 3291 EVP_CIPHER_CTX_iv \ 3292 EVP_CIPHER_CTX_iv_noconst \ 3293 EVP_CIPHER_CTX_get_iv \ 3294 EVP_CIPHER_CTX_get_updated_iv \ 3295 EVP_CIPHER_CTX_set_iv \ 3296 ]) 3297 3298 if test "x$openssl_engine" = "xyes" ; then 3299 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3300 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3301 #include <openssl/engine.h> 3302 ]], [[ 3303 ENGINE_load_builtin_engines(); 3304 ENGINE_register_all_complete(); 3305 ]])], 3306 [ AC_MSG_RESULT([yes]) 3307 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3308 [Enable OpenSSL engine support]) 3309 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3310 ]) 3311 fi 3312 3313 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3314 AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256]) 3315 AC_LINK_IFELSE( 3316 [AC_LANG_PROGRAM([[ 3317 #include <stdlib.h> 3318 #include <string.h> 3319 #include <openssl/evp.h> 3320 ]], [[ 3321 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3322 ]])], 3323 [ 3324 AC_MSG_RESULT([no]) 3325 ], 3326 [ 3327 AC_MSG_RESULT([yes]) 3328 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3329 [libcrypto is missing AES 192 and 256 bit functions]) 3330 ] 3331 ) 3332 3333 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3334 AC_LINK_IFELSE( 3335 [AC_LANG_PROGRAM([[ 3336 #include <stdlib.h> 3337 #include <string.h> 3338 #include <openssl/evp.h> 3339 ]], [[ 3340 if(EVP_DigestUpdate(NULL, NULL,0)) 3341 exit(0); 3342 ]])], 3343 [ 3344 AC_MSG_RESULT([yes]) 3345 ], 3346 [ 3347 AC_MSG_RESULT([no]) 3348 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3349 [Define if EVP_DigestUpdate returns void]) 3350 ] 3351 ) 3352 3353 # Check for various EVP support in OpenSSL 3354 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) 3355 3356 # Check complete ECC support in OpenSSL 3357 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3358 AC_LINK_IFELSE( 3359 [AC_LANG_PROGRAM([[ 3360 #include <openssl/ec.h> 3361 #include <openssl/ecdh.h> 3362 #include <openssl/ecdsa.h> 3363 #include <openssl/evp.h> 3364 #include <openssl/objects.h> 3365 #include <openssl/opensslv.h> 3366 ]], [[ 3367 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3368 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3369 ]])], 3370 [ AC_MSG_RESULT([yes]) 3371 enable_nistp256=1 ], 3372 [ AC_MSG_RESULT([no]) ] 3373 ) 3374 3375 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3376 AC_LINK_IFELSE( 3377 [AC_LANG_PROGRAM([[ 3378 #include <openssl/ec.h> 3379 #include <openssl/ecdh.h> 3380 #include <openssl/ecdsa.h> 3381 #include <openssl/evp.h> 3382 #include <openssl/objects.h> 3383 #include <openssl/opensslv.h> 3384 ]], [[ 3385 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3386 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3387 ]])], 3388 [ AC_MSG_RESULT([yes]) 3389 enable_nistp384=1 ], 3390 [ AC_MSG_RESULT([no]) ] 3391 ) 3392 3393 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3394 AC_LINK_IFELSE( 3395 [AC_LANG_PROGRAM([[ 3396 #include <openssl/ec.h> 3397 #include <openssl/ecdh.h> 3398 #include <openssl/ecdsa.h> 3399 #include <openssl/evp.h> 3400 #include <openssl/objects.h> 3401 #include <openssl/opensslv.h> 3402 ]], [[ 3403 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3404 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3405 ]])], 3406 [ AC_MSG_RESULT([yes]) 3407 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3408 AC_RUN_IFELSE( 3409 [AC_LANG_PROGRAM([[ 3410 #include <stdlib.h> 3411 #include <openssl/ec.h> 3412 #include <openssl/ecdh.h> 3413 #include <openssl/ecdsa.h> 3414 #include <openssl/evp.h> 3415 #include <openssl/objects.h> 3416 #include <openssl/opensslv.h> 3417 ]],[[ 3418 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3419 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3420 exit(e == NULL || m == NULL); 3421 ]])], 3422 [ AC_MSG_RESULT([yes]) 3423 enable_nistp521=1 ], 3424 [ AC_MSG_RESULT([no]) ], 3425 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3426 enable_nistp521=1 ] 3427 )], 3428 AC_MSG_RESULT([no]) 3429 ) 3430 3431 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3432 test x$enable_nistp521 = x1; then 3433 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3434 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3435 openssl_ecc=yes 3436 else 3437 openssl_ecc=no 3438 fi 3439 if test x$enable_nistp256 = x1; then 3440 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3441 [libcrypto has NID_X9_62_prime256v1]) 3442 else 3443 unsupported_algorithms="$unsupported_algorithms \ 3444 ecdsa-sha2-nistp256 \ 3445 ecdh-sha2-nistp256 \ 3446 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3447 fi 3448 if test x$enable_nistp384 = x1; then 3449 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3450 else 3451 unsupported_algorithms="$unsupported_algorithms \ 3452 ecdsa-sha2-nistp384 \ 3453 ecdh-sha2-nistp384 \ 3454 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3455 fi 3456 if test x$enable_nistp521 = x1; then 3457 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3458 else 3459 unsupported_algorithms="$unsupported_algorithms \ 3460 ecdh-sha2-nistp521 \ 3461 ecdsa-sha2-nistp521 \ 3462 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3463 fi 3464 3465 # Check libcrypto ED25519 support 3466 AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key]) 3467 AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key]) 3468 AC_MSG_CHECKING([whether OpenSSL has ED25519 support]) 3469 AC_LINK_IFELSE( 3470 [AC_LANG_PROGRAM([[ 3471 #include <string.h> 3472 #include <openssl/evp.h> 3473 #include <openssl/opensslconf.h> 3474 #ifdef OPENSSL_NO_EC 3475 # error "OpenSSL has no EC support." 3476 #endif 3477 ]], [[ 3478 unsigned char buf[64]; 3479 memset(buf, 0, sizeof(buf)); 3480 exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL, 3481 buf, sizeof(buf)) == NULL); 3482 ]])], 3483 [ 3484 AC_MSG_RESULT([yes]) 3485 AC_DEFINE([OPENSSL_HAS_ED25519], [1], 3486 [libcrypto has ed25519 support]) 3487 ], 3488 [ 3489 AC_MSG_RESULT([no]) 3490 ] 3491 ) 3492fi 3493 3494# PKCS11/U2F depend on OpenSSL and dlopen(). 3495enable_pkcs11=yes 3496enable_sk=yes 3497 3498AC_CHECK_DECL([OPENSSL_IS_AWSLC], 3499 [enable_pkcs11="disabled; PKCS#11 not supported with AWS-LC"], 3500 [], 3501 [#include <openssl/base.h>] 3502) 3503if test "x$ac_cv_func_dlopen" != "xyes" ; then 3504 enable_pkcs11="disabled; missing dlopen(3)" 3505 enable_sk="disabled; missing dlopen(3)" 3506fi 3507if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3508 enable_pkcs11="disabled; missing RTLD_NOW" 3509 enable_sk="disabled; missing RTLD_NOW" 3510fi 3511if test ! -z "$disable_pkcs11" ; then 3512 enable_pkcs11="disabled by user" 3513fi 3514if test ! -z "$disable_sk" ; then 3515 enable_sk="disabled by user" 3516fi 3517 3518AC_MSG_CHECKING([whether to enable PKCS11]) 3519if test "x$enable_pkcs11" = "xyes" ; then 3520 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3521fi 3522AC_MSG_RESULT([$enable_pkcs11]) 3523 3524AC_MSG_CHECKING([whether to enable U2F]) 3525if test "x$enable_sk" = "xyes" ; then 3526 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3527 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3528else 3529 # Do not try to build sk-dummy library. 3530 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3531fi 3532AC_MSG_RESULT([$enable_sk]) 3533 3534# Now check for built-in security key support. 3535if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3536 use_pkgconfig_for_libfido2= 3537 if test "x$PKGCONFIG" != "xno"; then 3538 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3539 if "$PKGCONFIG" libfido2; then 3540 AC_MSG_RESULT([yes]) 3541 use_pkgconfig_for_libfido2=yes 3542 else 3543 AC_MSG_RESULT([no]) 3544 fi 3545 fi 3546 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3547 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3548 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3549 else 3550 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3551 fi 3552 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3553 fido2_error= 3554 AC_CHECK_LIB([privatefido2], [fido_init], 3555 [ ], 3556 [ fido2_error="missing/unusable libfido2" ], 3557 [ $OTHERLIBS ] 3558 ) 3559 AC_CHECK_HEADER([fido.h], [], 3560 [ fido2_error="missing fido.h from libfido2" ]) 3561 AC_CHECK_HEADER([fido/credman.h], [], 3562 [ fido2_error="missing fido/credman.h from libfido2" ], 3563 [ #include <fido.h> ] 3564 ) 3565 AC_MSG_CHECKING([for usable libfido2 installation]) 3566 if test ! -z "$fido2_error" ; then 3567 AC_MSG_RESULT([$fido2_error]) 3568 if test "x$enable_sk_internal" = "xyes" ; then 3569 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3570 fi 3571 LIBFIDO2="" 3572 else 3573 AC_MSG_RESULT([yes]) 3574 AC_SUBST([LIBFIDO2]) 3575 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3576 [Enable for built-in U2F/FIDO support]) 3577 enable_sk="built-in" 3578 saved_LIBS="$LIBS" 3579 LIBS="$LIBFIDO2 $LIBS" 3580 AC_CHECK_FUNCS([ \ 3581 fido_assert_set_clientdata \ 3582 fido_cred_prot \ 3583 fido_cred_set_prot \ 3584 fido_cred_set_clientdata \ 3585 fido_dev_get_touch_begin \ 3586 fido_dev_get_touch_status \ 3587 fido_dev_supports_cred_prot \ 3588 fido_dev_is_winhello \ 3589 ]) 3590 LIBS="$saved_LIBS" 3591 fi 3592fi 3593 3594# Check for standalone SecurityKeyProvider 3595AC_MSG_CHECKING([whether to build standalone sk-libfido2]) 3596if test "x$enable_sk_standalone" = "xyes" ; then 3597 AC_MSG_RESULT([yes]) 3598 AC_SUBST([SK_STANDALONE], [sk-libfido2$SHLIBEXT]) 3599else 3600 AC_MSG_RESULT([no]) 3601 AC_SUBST([SK_STANDALONE], [""]) 3602fi 3603 3604AC_CHECK_FUNCS([ \ 3605 arc4random \ 3606 arc4random_buf \ 3607 arc4random_stir \ 3608 arc4random_uniform \ 3609]) 3610### Configure cryptographic random number support 3611 3612# Check whether OpenSSL seeds itself 3613if test "x$openssl" = "xyes" ; then 3614 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3615 AC_RUN_IFELSE( 3616 [AC_LANG_PROGRAM([[ 3617 #include <stdlib.h> 3618 #include <string.h> 3619 #include <openssl/rand.h> 3620 ]], [[ 3621 exit(RAND_status() == 1 ? 0 : 1); 3622 ]])], 3623 [ 3624 OPENSSL_SEEDS_ITSELF=yes 3625 AC_MSG_RESULT([yes]) 3626 ], 3627 [ 3628 AC_MSG_RESULT([no]) 3629 ], 3630 [ 3631 AC_MSG_WARN([cross compiling: assuming yes]) 3632 # This is safe, since we will fatal() at runtime if 3633 # OpenSSL is not seeded correctly. 3634 OPENSSL_SEEDS_ITSELF=yes 3635 ] 3636 ) 3637fi 3638 3639# PRNGD TCP socket 3640AC_ARG_WITH([prngd-port], 3641 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3642 [ 3643 case "$withval" in 3644 no) 3645 withval="" 3646 ;; 3647 [[0-9]]*) 3648 ;; 3649 *) 3650 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3651 ;; 3652 esac 3653 if test ! -z "$withval" ; then 3654 PRNGD_PORT="$withval" 3655 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3656 [Port number of PRNGD/EGD random number socket]) 3657 fi 3658 ] 3659) 3660 3661# PRNGD Unix domain socket 3662AC_ARG_WITH([prngd-socket], 3663 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3664 [ 3665 case "$withval" in 3666 yes) 3667 withval="/var/run/egd-pool" 3668 ;; 3669 no) 3670 withval="" 3671 ;; 3672 /*) 3673 ;; 3674 *) 3675 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3676 ;; 3677 esac 3678 3679 if test ! -z "$withval" ; then 3680 if test ! -z "$PRNGD_PORT" ; then 3681 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3682 fi 3683 if test ! -r "$withval" ; then 3684 AC_MSG_WARN([Entropy socket is not readable]) 3685 fi 3686 PRNGD_SOCKET="$withval" 3687 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3688 [Location of PRNGD/EGD random number socket]) 3689 fi 3690 ], 3691 [ 3692 # Check for existing socket only if we don't have a random device already 3693 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3694 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3695 # Insert other locations here 3696 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3697 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3698 PRNGD_SOCKET="$sock" 3699 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3700 break; 3701 fi 3702 done 3703 if test ! -z "$PRNGD_SOCKET" ; then 3704 AC_MSG_RESULT([$PRNGD_SOCKET]) 3705 else 3706 AC_MSG_RESULT([not found]) 3707 fi 3708 fi 3709 ] 3710) 3711 3712# Which randomness source do we use? 3713if test ! -z "$PRNGD_PORT" ; then 3714 RAND_MSG="PRNGd port $PRNGD_PORT" 3715elif test ! -z "$PRNGD_SOCKET" ; then 3716 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3717elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3718 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3719 [Define if you want the OpenSSL internally seeded PRNG only]) 3720 RAND_MSG="OpenSSL internal ONLY" 3721elif test "x$openssl" = "xno" ; then 3722 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3723else 3724 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3725fi 3726LIBS="$nocrypto_saved_LIBS" 3727 3728saved_LIBS="$LIBS" 3729AC_CHECK_LIB([iaf], [ia_openinfo], [ 3730 LIBS="$LIBS -liaf" 3731 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3732 AC_DEFINE([HAVE_LIBIAF], [1], 3733 [Define if system has libiaf that supports set_id]) 3734 ]) 3735]) 3736LIBS="$saved_LIBS" 3737 3738# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3739saved_LIBS="$LIBS" 3740AC_CHECK_LIB([crypt], [crypt], [ 3741 LIBS="-lcrypt $LIBS" 3742 SSHDLIBS="-lcrypt $SSHDLIBS" 3743]) 3744AC_CHECK_FUNCS([crypt]) 3745LIBS="$saved_LIBS" 3746 3747# Check for PAM libs 3748PAM_MSG="no" 3749AC_ARG_WITH([pam], 3750 [ --with-pam Enable PAM support ], 3751 [ 3752 if test "x$withval" != "xno" ; then 3753 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3754 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3755 AC_MSG_ERROR([PAM headers not found]) 3756 fi 3757 3758 saved_LIBS="$LIBS" 3759 AC_CHECK_LIB([dl], [dlopen], , ) 3760 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3761 AC_CHECK_FUNCS([pam_getenvlist]) 3762 AC_CHECK_FUNCS([pam_putenv]) 3763 LIBS="$saved_LIBS" 3764 3765 PAM_MSG="yes" 3766 3767 SSHDLIBS="$SSHDLIBS -lpam" 3768 AC_DEFINE([USE_PAM], [1], 3769 [Define if you want to enable PAM support]) 3770 3771 if test $ac_cv_lib_dl_dlopen = yes; then 3772 case "$LIBS" in 3773 *-ldl*) 3774 # libdl already in LIBS 3775 ;; 3776 *) 3777 SSHDLIBS="$SSHDLIBS -ldl" 3778 ;; 3779 esac 3780 fi 3781 fi 3782 ] 3783) 3784 3785AC_ARG_WITH([pam-service], 3786 [ --with-pam-service=name Specify PAM service name ], 3787 [ 3788 if test "x$withval" != "xno" && \ 3789 test "x$withval" != "xyes" ; then 3790 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3791 ["$withval"], [sshd PAM service name]) 3792 fi 3793 ] 3794) 3795 3796# Check for older PAM 3797if test "x$PAM_MSG" = "xyes" ; then 3798 # Check PAM strerror arguments (old PAM) 3799 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3800 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3801#include <stdlib.h> 3802#if defined(HAVE_SECURITY_PAM_APPL_H) 3803#include <security/pam_appl.h> 3804#elif defined (HAVE_PAM_PAM_APPL_H) 3805#include <pam/pam_appl.h> 3806#endif 3807 ]], [[ 3808(void)pam_strerror((pam_handle_t *)NULL, -1); 3809 ]])], [AC_MSG_RESULT([no])], [ 3810 AC_DEFINE([HAVE_OLD_PAM], [1], 3811 [Define if you have an old version of PAM 3812 which takes only one argument to pam_strerror]) 3813 AC_MSG_RESULT([yes]) 3814 PAM_MSG="yes (old library)" 3815 3816 ]) 3817fi 3818 3819case "$host" in 3820*-*-cygwin*) 3821 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3822 ;; 3823*) 3824 SSH_PRIVSEP_USER=sshd 3825 ;; 3826esac 3827AC_ARG_WITH([privsep-user], 3828 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3829 [ 3830 if test -n "$withval" && test "x$withval" != "xno" && \ 3831 test "x${withval}" != "xyes"; then 3832 SSH_PRIVSEP_USER=$withval 3833 fi 3834 ] 3835) 3836if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3837 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3838 [Cygwin function to fetch non-privileged user for privilege separation]) 3839else 3840 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3841 [non-privileged user for privilege separation]) 3842fi 3843AC_SUBST([SSH_PRIVSEP_USER]) 3844 3845if test "x$have_linux_no_new_privs" = "x1" ; then 3846AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3847 #include <sys/types.h> 3848 #include <linux/seccomp.h> 3849]) 3850fi 3851if test "x$have_seccomp_filter" = "x1" ; then 3852AC_MSG_CHECKING([kernel for seccomp_filter support]) 3853AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3854 #include <errno.h> 3855 #include <elf.h> 3856 #include <linux/audit.h> 3857 #include <linux/seccomp.h> 3858 #include <stdlib.h> 3859 #include <sys/prctl.h> 3860 ]], 3861 [[ int i = $seccomp_audit_arch; 3862 errno = 0; 3863 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3864 exit(errno == EFAULT ? 0 : 1); ]])], 3865 [ AC_MSG_RESULT([yes]) ], [ 3866 AC_MSG_RESULT([no]) 3867 # Disable seccomp filter as a target 3868 have_seccomp_filter=0 3869 ] 3870) 3871fi 3872 3873AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3874#include <sys/types.h> 3875#ifdef HAVE_POLL_H 3876#include <poll.h> 3877#endif 3878#ifdef HAVE_SYS_POLL_H 3879#include <sys/poll.h> 3880#endif 3881]]) 3882 3883AC_CHECK_TYPES([nfds_t], , , [ 3884#include <sys/types.h> 3885#ifdef HAVE_POLL_H 3886#include <poll.h> 3887#endif 3888#ifdef HAVE_SYS_POLL_H 3889#include <sys/poll.h> 3890#endif 3891]) 3892 3893if test "x$ac_cv_type_nfds_t" != "xyes"; then 3894 AC_MSG_CHECKING([if poll nfds_t is unsigned long]) 3895 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3896#include <sys/types.h> 3897#ifdef HAVE_POLL_H 3898#include <poll.h> 3899#endif 3900#ifdef HAVE_SYS_POLL_H 3901#include <sys/poll.h> 3902#endif 3903 int poll(struct pollfd *, unsigned long, int timeout); 3904 ]], [[return poll(0, 0, 0);]])], 3905 [AC_MSG_RESULT([yes]) 3906 AC_DEFINE(POLL_NFDS_T_ULONG, 1, [Define if poll 2nd arg is ulong])], 3907 [AC_MSG_RESULT([no])] 3908 ) 3909fi 3910 3911# Decide which sandbox style to use 3912sandbox_arg="" 3913AC_ARG_WITH([sandbox], 3914 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter)], 3915 [ 3916 if test "x$withval" = "xyes" ; then 3917 sandbox_arg="" 3918 else 3919 sandbox_arg="$withval" 3920 fi 3921 ] 3922) 3923 3924if test "x$sandbox_arg" != "xno"; then 3925# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3926# is greater than OPEN_MAX". On some platforms that includes implementions 3927# of select in userspace on top of poll() so check both work with rlimit 3928# NOFILES so check that both work before enabling the rlimit sandbox. 3929 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3930 AC_RUN_IFELSE( 3931 [AC_LANG_PROGRAM([[ 3932#include <sys/types.h> 3933#ifdef HAVE_SYS_TIME_H 3934# include <sys/time.h> 3935#endif 3936#include <sys/resource.h> 3937#ifdef HAVE_SYS_SELECT_H 3938# include <sys/select.h> 3939#endif 3940#ifdef HAVE_POLL_H 3941# include <poll.h> 3942#elif HAVE_SYS_POLL_H 3943# include <sys/poll.h> 3944#endif 3945#include <errno.h> 3946#include <fcntl.h> 3947#include <stdlib.h> 3948 ]],[[ 3949 struct rlimit rl_zero; 3950 int fd, r; 3951 fd_set fds; 3952 struct timeval tv; 3953#ifdef HAVE_POLL 3954 struct pollfd pfd; 3955#endif 3956 3957 fd = open("/dev/null", O_RDONLY); 3958 FD_ZERO(&fds); 3959 FD_SET(fd, &fds); 3960 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3961 setrlimit(RLIMIT_FSIZE, &rl_zero); 3962 setrlimit(RLIMIT_NOFILE, &rl_zero); 3963 tv.tv_sec = 1; 3964 tv.tv_usec = 0; 3965 r = select(fd+1, &fds, NULL, NULL, &tv); 3966 if (r == -1) 3967 exit(1); 3968#ifdef HAVE_POLL 3969 pfd.fd = fd; 3970 pfd.events = POLLIN; 3971 r = poll(&pfd, 1, 1); 3972 if (r == -1) 3973 exit(2); 3974#endif 3975 exit(0); 3976 ]])], 3977 [AC_MSG_RESULT([yes]) 3978 select_works_with_rlimit=yes], 3979 [AC_MSG_RESULT([no]) 3980 select_works_with_rlimit=no], 3981 [AC_MSG_WARN([cross compiling: assuming no]) 3982 select_works_with_rlimit=no] 3983 ) 3984 3985 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3986 AC_RUN_IFELSE( 3987 [AC_LANG_PROGRAM([[ 3988#include <sys/types.h> 3989#ifdef HAVE_SYS_TIME_H 3990# include <sys/time.h> 3991#endif 3992#include <sys/resource.h> 3993#include <errno.h> 3994#include <stdlib.h> 3995 ]],[[ 3996 struct rlimit rl_zero; 3997 int r; 3998 3999 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 4000 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 4001 exit (r == -1 ? 1 : 0); 4002 ]])], 4003 [AC_MSG_RESULT([yes]) 4004 rlimit_nofile_zero_works=yes], 4005 [AC_MSG_RESULT([no]) 4006 rlimit_nofile_zero_works=no], 4007 [AC_MSG_WARN([cross compiling: assuming yes]) 4008 rlimit_nofile_zero_works=yes] 4009 ) 4010 4011 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 4012 AC_RUN_IFELSE( 4013 [AC_LANG_PROGRAM([[ 4014#include <sys/types.h> 4015#include <sys/resource.h> 4016#include <stdlib.h> 4017 ]],[[ 4018 struct rlimit rl_zero; 4019 4020 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 4021 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 4022 ]])], 4023 [AC_MSG_RESULT([yes])], 4024 [AC_MSG_RESULT([no]) 4025 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 4026 [setrlimit RLIMIT_FSIZE works])], 4027 [AC_MSG_WARN([cross compiling: assuming yes])] 4028 ) 4029fi 4030 4031if test "x$sandbox_arg" = "xdarwin" || \ 4032 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 4033 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 4034 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 4035 "x$ac_cv_header_sandbox_h" != "xyes" && \ 4036 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 4037 SANDBOX_STYLE="darwin" 4038 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 4039elif test "x$sandbox_arg" = "xseccomp_filter" || \ 4040 ( test -z "$sandbox_arg" && \ 4041 test "x$have_seccomp_filter" = "x1" && \ 4042 test "x$ac_cv_header_elf_h" = "xyes" && \ 4043 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 4044 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 4045 test "x$seccomp_audit_arch" != "x" && \ 4046 test "x$have_linux_no_new_privs" = "x1" && \ 4047 test "x$ac_cv_func_prctl" = "xyes" ) ; then 4048 test "x$seccomp_audit_arch" = "x" && \ 4049 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 4050 test "x$have_linux_no_new_privs" != "x1" && \ 4051 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 4052 test "x$have_seccomp_filter" != "x1" && \ 4053 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 4054 test "x$ac_cv_func_prctl" != "xyes" && \ 4055 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 4056 SANDBOX_STYLE="seccomp_filter" 4057 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 4058elif test "x$sandbox_arg" = "xcapsicum" || \ 4059 ( test -z "$sandbox_arg" && \ 4060 test "x$disable_capsicum" != "xyes" && \ 4061 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 4062 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 4063 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 4064 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 4065 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 4066 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 4067 SANDBOX_STYLE="capsicum" 4068 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 4069elif test "x$sandbox_arg" = "xrlimit" || \ 4070 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 4071 test "x$select_works_with_rlimit" = "xyes" && \ 4072 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 4073 test "x$ac_cv_func_setrlimit" != "xyes" && \ 4074 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 4075 test "x$select_works_with_rlimit" != "xyes" && \ 4076 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 4077 SANDBOX_STYLE="rlimit" 4078 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 4079elif test "x$sandbox_arg" = "xsolaris" || \ 4080 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 4081 SANDBOX_STYLE="solaris" 4082 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 4083elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 4084 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 4085 SANDBOX_STYLE="none" 4086 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 4087else 4088 AC_MSG_ERROR([unsupported --with-sandbox]) 4089fi 4090 4091# Cheap hack to ensure NEWS-OS libraries are arranged right. 4092if test ! -z "$SONY" ; then 4093 LIBS="$LIBS -liberty"; 4094fi 4095 4096# Check for long long datatypes 4097AC_CHECK_TYPES([long long, unsigned long long, long double]) 4098 4099# Check datatype sizes 4100AC_CHECK_SIZEOF([short int]) 4101AC_CHECK_SIZEOF([int]) 4102AC_CHECK_SIZEOF([long int]) 4103AC_CHECK_SIZEOF([long long int]) 4104AC_CHECK_SIZEOF([time_t], [], [[ 4105 #include <sys/types.h> 4106 #ifdef HAVE_SYS_TIME_H 4107 # include <sys/time.h> 4108 #endif 4109 #ifdef HAVE_TIME_H 4110 # include <time.h> 4111 #endif 4112 ]] 4113) 4114 4115# Sanity check long long for some platforms (AIX) 4116if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 4117 ac_cv_sizeof_long_long_int=0 4118fi 4119 4120# compute LLONG_MIN and LLONG_MAX if we don't know them. 4121if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 4122 AC_MSG_CHECKING([for max value of long long]) 4123 AC_RUN_IFELSE( 4124 [AC_LANG_PROGRAM([[ 4125#include <stdio.h> 4126#include <stdlib.h> 4127/* Why is this so damn hard? */ 4128#ifdef __GNUC__ 4129# undef __GNUC__ 4130#endif 4131#define __USE_ISOC99 4132#include <limits.h> 4133#define DATA "conftest.llminmax" 4134#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 4135 4136/* 4137 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 4138 * we do this the hard way. 4139 */ 4140static int 4141fprint_ll(FILE *f, long long n) 4142{ 4143 unsigned int i; 4144 int l[sizeof(long long) * 8]; 4145 4146 if (n < 0) 4147 if (fprintf(f, "-") < 0) 4148 return -1; 4149 for (i = 0; n != 0; i++) { 4150 l[i] = my_abs(n % 10); 4151 n /= 10; 4152 } 4153 do { 4154 if (fprintf(f, "%d", l[--i]) < 0) 4155 return -1; 4156 } while (i != 0); 4157 if (fprintf(f, " ") < 0) 4158 return -1; 4159 return 0; 4160} 4161 ]], [[ 4162 FILE *f; 4163 long long i, llmin, llmax = 0; 4164 4165 if((f = fopen(DATA,"w")) == NULL) 4166 exit(1); 4167 4168#if defined(LLONG_MIN) && defined(LLONG_MAX) 4169 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 4170 llmin = LLONG_MIN; 4171 llmax = LLONG_MAX; 4172#else 4173 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 4174 /* This will work on one's complement and two's complement */ 4175 for (i = 1; i > llmax; i <<= 1, i++) 4176 llmax = i; 4177 llmin = llmax + 1LL; /* wrap */ 4178#endif 4179 4180 /* Sanity check */ 4181 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 4182 || llmax - 1 > llmax || llmin == llmax || llmin == 0 4183 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 4184 fprintf(f, "unknown unknown\n"); 4185 exit(2); 4186 } 4187 4188 if (fprint_ll(f, llmin) < 0) 4189 exit(3); 4190 if (fprint_ll(f, llmax) < 0) 4191 exit(4); 4192 if (fclose(f) < 0) 4193 exit(5); 4194 exit(0); 4195 ]])], 4196 [ 4197 llong_min=`$AWK '{print $1}' conftest.llminmax` 4198 llong_max=`$AWK '{print $2}' conftest.llminmax` 4199 4200 AC_MSG_RESULT([$llong_max]) 4201 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 4202 [max value of long long calculated by configure]) 4203 AC_MSG_CHECKING([for min value of long long]) 4204 AC_MSG_RESULT([$llong_min]) 4205 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 4206 [min value of long long calculated by configure]) 4207 ], 4208 [ 4209 AC_MSG_RESULT([not found]) 4210 ], 4211 [ 4212 AC_MSG_WARN([cross compiling: not checking]) 4213 ] 4214 ) 4215fi 4216 4217AC_CHECK_DECLS([UINT32_MAX], , , [[ 4218#ifdef HAVE_SYS_LIMITS_H 4219# include <sys/limits.h> 4220#endif 4221#ifdef HAVE_LIMITS_H 4222# include <limits.h> 4223#endif 4224#ifdef HAVE_STDINT_H 4225# include <stdint.h> 4226#endif 4227]]) 4228 4229# More checks for data types 4230AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 4231 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4232 [[ u_int a; a = 1;]])], 4233 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 4234 ]) 4235]) 4236if test "x$ac_cv_have_u_int" = "xyes" ; then 4237 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 4238 have_u_int=1 4239fi 4240 4241AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 4242 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4243 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 4244 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 4245 ]) 4246]) 4247if test "x$ac_cv_have_intxx_t" = "xyes" ; then 4248 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 4249 have_intxx_t=1 4250fi 4251 4252if (test -z "$have_intxx_t" && \ 4253 test "x$ac_cv_header_stdint_h" = "xyes") 4254then 4255 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 4256 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4257 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 4258 [ 4259 AC_DEFINE([HAVE_INTXX_T]) 4260 AC_MSG_RESULT([yes]) 4261 ], [ AC_MSG_RESULT([no]) 4262 ]) 4263fi 4264 4265AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 4266 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4267#include <sys/types.h> 4268#ifdef HAVE_STDINT_H 4269# include <stdint.h> 4270#endif 4271#include <sys/socket.h> 4272#ifdef HAVE_SYS_BITYPES_H 4273# include <sys/bitypes.h> 4274#endif 4275 ]], [[ 4276int64_t a; a = 1; 4277 ]])], 4278 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 4279 ]) 4280]) 4281if test "x$ac_cv_have_int64_t" = "xyes" ; then 4282 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 4283fi 4284 4285AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 4286 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4287 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4288 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 4289 ]) 4290]) 4291if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 4292 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 4293 have_u_intxx_t=1 4294fi 4295 4296if test -z "$have_u_intxx_t" ; then 4297 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 4298 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 4299 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4300 [ 4301 AC_DEFINE([HAVE_U_INTXX_T]) 4302 AC_MSG_RESULT([yes]) 4303 ], [ AC_MSG_RESULT([no]) 4304 ]) 4305fi 4306 4307AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4308 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4309 [[ u_int64_t a; a = 1;]])], 4310 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4311 ]) 4312]) 4313if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4314 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4315 have_u_int64_t=1 4316fi 4317 4318if (test -z "$have_u_int64_t" && \ 4319 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4320then 4321 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4322 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4323 [[ u_int64_t a; a = 1]])], 4324 [ 4325 AC_DEFINE([HAVE_U_INT64_T]) 4326 AC_MSG_RESULT([yes]) 4327 ], [ AC_MSG_RESULT([no]) 4328 ]) 4329fi 4330 4331if test -z "$have_u_intxx_t" ; then 4332 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4333 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4334#include <sys/types.h> 4335 ]], [[ 4336 uint8_t a; 4337 uint16_t b; 4338 uint32_t c; 4339 a = b = c = 1; 4340 ]])], 4341 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4342 ]) 4343 ]) 4344 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4345 AC_DEFINE([HAVE_UINTXX_T], [1], 4346 [define if you have uintxx_t data type]) 4347 fi 4348fi 4349 4350if (test -z "$have_uintxx_t" && \ 4351 test "x$ac_cv_header_stdint_h" = "xyes") 4352then 4353 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4354 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4355 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4356 [ 4357 AC_DEFINE([HAVE_UINTXX_T]) 4358 AC_MSG_RESULT([yes]) 4359 ], [ AC_MSG_RESULT([no]) 4360 ]) 4361fi 4362 4363if (test -z "$have_uintxx_t" && \ 4364 test "x$ac_cv_header_inttypes_h" = "xyes") 4365then 4366 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4367 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4368 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4369 [ 4370 AC_DEFINE([HAVE_UINTXX_T]) 4371 AC_MSG_RESULT([yes]) 4372 ], [ AC_MSG_RESULT([no]) 4373 ]) 4374fi 4375 4376if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4377 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4378then 4379 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4380 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4381#include <sys/bitypes.h> 4382 ]], [[ 4383 int8_t a; int16_t b; int32_t c; 4384 u_int8_t e; u_int16_t f; u_int32_t g; 4385 a = b = c = e = f = g = 1; 4386 ]])], 4387 [ 4388 AC_DEFINE([HAVE_U_INTXX_T]) 4389 AC_DEFINE([HAVE_INTXX_T]) 4390 AC_MSG_RESULT([yes]) 4391 ], [AC_MSG_RESULT([no]) 4392 ]) 4393fi 4394 4395 4396AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4397 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4398 [[ u_char foo; foo = 125; ]])], 4399 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4400 ]) 4401]) 4402if test "x$ac_cv_have_u_char" = "xyes" ; then 4403 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4404fi 4405 4406AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4407#include <sys/types.h> 4408#ifdef HAVE_STDINT_H 4409# include <stdint.h> 4410#endif 4411]) 4412 4413TYPE_SOCKLEN_T 4414 4415AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4416AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4417#include <sys/types.h> 4418#ifdef HAVE_SYS_BITYPES_H 4419#include <sys/bitypes.h> 4420#endif 4421#ifdef HAVE_SYS_STATFS_H 4422#include <sys/statfs.h> 4423#endif 4424#ifdef HAVE_SYS_STATVFS_H 4425#include <sys/statvfs.h> 4426#endif 4427]) 4428 4429AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4430#include <sys/param.h> 4431#include <sys/types.h> 4432#ifdef HAVE_SYS_BITYPES_H 4433#include <sys/bitypes.h> 4434#endif 4435#ifdef HAVE_SYS_STATFS_H 4436#include <sys/statfs.h> 4437#endif 4438#ifdef HAVE_SYS_STATVFS_H 4439#include <sys/statvfs.h> 4440#endif 4441#ifdef HAVE_SYS_VFS_H 4442#include <sys/vfs.h> 4443#endif 4444#ifdef HAVE_SYS_MOUNT_H 4445#include <sys/mount.h> 4446#endif 4447]]) 4448 4449 4450AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4451[#include <sys/types.h> 4452#include <netinet/in.h>]) 4453 4454AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4455 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4456 [[ size_t foo; foo = 1235; ]])], 4457 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4458 ]) 4459]) 4460if test "x$ac_cv_have_size_t" = "xyes" ; then 4461 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4462fi 4463 4464AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4465 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4466 [[ ssize_t foo; foo = 1235; ]])], 4467 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4468 ]) 4469]) 4470if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4471 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4472fi 4473 4474AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4475 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4476 [[ clock_t foo; foo = 1235; ]])], 4477 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4478 ]) 4479]) 4480if test "x$ac_cv_have_clock_t" = "xyes" ; then 4481 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4482fi 4483 4484AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4485 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4486#include <sys/types.h> 4487#include <sys/socket.h> 4488 ]], [[ sa_family_t foo; foo = 1235; ]])], 4489 [ ac_cv_have_sa_family_t="yes" ], 4490 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4491#include <sys/types.h> 4492#include <sys/socket.h> 4493#include <netinet/in.h> 4494 ]], [[ sa_family_t foo; foo = 1235; ]])], 4495 [ ac_cv_have_sa_family_t="yes" ], 4496 [ ac_cv_have_sa_family_t="no" ] 4497 ) 4498 ]) 4499]) 4500if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4501 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4502 [define if you have sa_family_t data type]) 4503fi 4504 4505AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4506 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4507 [[ pid_t foo; foo = 1235; ]])], 4508 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4509 ]) 4510]) 4511if test "x$ac_cv_have_pid_t" = "xyes" ; then 4512 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4513fi 4514 4515AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4516 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4517 [[ mode_t foo; foo = 1235; ]])], 4518 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4519 ]) 4520]) 4521if test "x$ac_cv_have_mode_t" = "xyes" ; then 4522 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4523fi 4524 4525 4526AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4527 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4528#include <sys/types.h> 4529#include <sys/socket.h> 4530 ]], [[ struct sockaddr_storage s; ]])], 4531 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4532 [ ac_cv_have_struct_sockaddr_storage="no" 4533 ]) 4534]) 4535if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4536 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4537 [define if you have struct sockaddr_storage data type]) 4538fi 4539 4540AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4541 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4542#include <sys/types.h> 4543#include <netinet/in.h> 4544 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4545 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4546 [ ac_cv_have_struct_sockaddr_in6="no" 4547 ]) 4548]) 4549if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4550 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4551 [define if you have struct sockaddr_in6 data type]) 4552fi 4553 4554AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4555 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4556#include <sys/types.h> 4557#include <netinet/in.h> 4558 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4559 [ ac_cv_have_struct_in6_addr="yes" ], 4560 [ ac_cv_have_struct_in6_addr="no" 4561 ]) 4562]) 4563if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4564 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4565 [define if you have struct in6_addr data type]) 4566 4567dnl Now check for sin6_scope_id 4568 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4569 [ 4570#ifdef HAVE_SYS_TYPES_H 4571#include <sys/types.h> 4572#endif 4573#include <netinet/in.h> 4574 ]) 4575fi 4576 4577AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4578 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4579#include <sys/types.h> 4580#include <sys/socket.h> 4581#include <netdb.h> 4582 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4583 [ ac_cv_have_struct_addrinfo="yes" ], 4584 [ ac_cv_have_struct_addrinfo="no" 4585 ]) 4586]) 4587if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4588 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4589 [define if you have struct addrinfo data type]) 4590fi 4591 4592AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4593 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4594 [[ struct timeval tv; tv.tv_sec = 1;]])], 4595 [ ac_cv_have_struct_timeval="yes" ], 4596 [ ac_cv_have_struct_timeval="no" 4597 ]) 4598]) 4599if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4600 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4601 have_struct_timeval=1 4602fi 4603 4604AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4605 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4606 #ifdef HAVE_SYS_TIME_H 4607 # include <sys/time.h> 4608 #endif 4609 #ifdef HAVE_TIME_H 4610 # include <time.h> 4611 #endif 4612 ]], 4613 [[ struct timespec ts; ts.tv_sec = 1;]])], 4614 [ ac_cv_have_struct_timespec="yes" ], 4615 [ ac_cv_have_struct_timespec="no" 4616 ]) 4617]) 4618if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4619 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4620 have_struct_timespec=1 4621fi 4622 4623# We need int64_t or else certain parts of the compile will fail. 4624if test "x$ac_cv_have_int64_t" = "xno" && \ 4625 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4626 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4627 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4628 echo "an alternative compiler (I.E., GCC) before continuing." 4629 echo "" 4630 exit 1; 4631else 4632dnl test snprintf (broken on SCO w/gcc) 4633 AC_RUN_IFELSE( 4634 [AC_LANG_SOURCE([[ 4635#include <stdio.h> 4636#include <stdlib.h> 4637#include <string.h> 4638#ifdef HAVE_SNPRINTF 4639int main(void) 4640{ 4641 char buf[50]; 4642 char expected_out[50]; 4643 int mazsize = 50 ; 4644#if (SIZEOF_LONG_INT == 8) 4645 long int num = 0x7fffffffffffffff; 4646#else 4647 long long num = 0x7fffffffffffffffll; 4648#endif 4649 strcpy(expected_out, "9223372036854775807"); 4650#if (SIZEOF_LONG_INT == 8) 4651 snprintf(buf, mazsize, "%ld", num); 4652#else 4653 snprintf(buf, mazsize, "%lld", num); 4654#endif 4655 if(strcmp(buf, expected_out) != 0) 4656 exit(1); 4657 exit(0); 4658} 4659#else 4660int main(void) { exit(0); } 4661#endif 4662 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4663 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4664 ) 4665fi 4666 4667dnl Checks for structure members 4668OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4669OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4670OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4671OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4672OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4673OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4674OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4675OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4676OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4677OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4678OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4679OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4680OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4681OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4682OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4683OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4684OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4685OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4686 4687AC_CHECK_MEMBERS([struct stat.st_blksize]) 4688AC_CHECK_MEMBERS([struct stat.st_mtim]) 4689AC_CHECK_MEMBERS([struct stat.st_mtime]) 4690AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4691struct passwd.pw_change, struct passwd.pw_expire], 4692[], [], [[ 4693#include <sys/types.h> 4694#include <pwd.h> 4695]]) 4696 4697AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4698 [Define if we don't have struct __res_state in resolv.h])], 4699[[ 4700#include <stdio.h> 4701#if HAVE_SYS_TYPES_H 4702# include <sys/types.h> 4703#endif 4704#include <netinet/in.h> 4705#include <arpa/nameser.h> 4706#include <resolv.h> 4707]]) 4708 4709AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4710 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4711 [], 4712 [AC_LANG_SOURCE([[ 4713#include <sys/types.h> 4714#include <sys/socket.h> 4715#include <netinet/in.h> 4716 ]])] 4717) 4718 4719AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4720 ac_cv_have_ss_family_in_struct_ss, [ 4721 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4722#include <sys/types.h> 4723#include <sys/socket.h> 4724 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4725 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4726 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4727]) 4728if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4729 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4730fi 4731 4732AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4733 ac_cv_have___ss_family_in_struct_ss, [ 4734 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4735#include <sys/types.h> 4736#include <sys/socket.h> 4737 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4738 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4739 [ ac_cv_have___ss_family_in_struct_ss="no" 4740 ]) 4741]) 4742if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4743 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4744 [Fields in struct sockaddr_storage]) 4745fi 4746 4747dnl make sure we're using the real structure members and not defines 4748AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4749 ac_cv_have_accrights_in_msghdr, [ 4750 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4751#include <sys/types.h> 4752#include <sys/socket.h> 4753#include <sys/uio.h> 4754#include <stdlib.h> 4755 ]], [[ 4756#ifdef msg_accrights 4757#error "msg_accrights is a macro" 4758exit(1); 4759#endif 4760struct msghdr m; 4761m.msg_accrights = 0; 4762exit(0); 4763 ]])], 4764 [ ac_cv_have_accrights_in_msghdr="yes" ], 4765 [ ac_cv_have_accrights_in_msghdr="no" ] 4766 ) 4767]) 4768if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4769 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4770 [Define if your system uses access rights style 4771 file descriptor passing]) 4772fi 4773 4774AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4775AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4776#include <sys/param.h> 4777#include <sys/stat.h> 4778#ifdef HAVE_SYS_TIME_H 4779# include <sys/time.h> 4780#endif 4781#ifdef HAVE_SYS_MOUNT_H 4782#include <sys/mount.h> 4783#endif 4784#ifdef HAVE_SYS_STATVFS_H 4785#include <sys/statvfs.h> 4786#endif 4787 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4788 [ AC_MSG_RESULT([yes]) ], 4789 [ AC_MSG_RESULT([no]) 4790 4791 AC_MSG_CHECKING([if fsid_t has member val]) 4792 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4793#include <sys/types.h> 4794#include <sys/statvfs.h> 4795 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4796 [ AC_MSG_RESULT([yes]) 4797 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4798 [ AC_MSG_RESULT([no]) ]) 4799 4800 AC_MSG_CHECKING([if f_fsid has member __val]) 4801 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4802#include <sys/types.h> 4803#include <sys/statvfs.h> 4804 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4805 [ AC_MSG_RESULT([yes]) 4806 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4807 [ AC_MSG_RESULT([no]) ]) 4808]) 4809 4810AC_CACHE_CHECK([for msg_control field in struct msghdr], 4811 ac_cv_have_control_in_msghdr, [ 4812 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4813#include <sys/types.h> 4814#include <sys/socket.h> 4815#include <sys/uio.h> 4816#include <stdlib.h> 4817 ]], [[ 4818#ifdef msg_control 4819#error "msg_control is a macro" 4820exit(1); 4821#endif 4822struct msghdr m; 4823m.msg_control = 0; 4824exit(0); 4825 ]])], 4826 [ ac_cv_have_control_in_msghdr="yes" ], 4827 [ ac_cv_have_control_in_msghdr="no" ] 4828 ) 4829]) 4830if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4831 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4832 [Define if your system uses ancillary data style 4833 file descriptor passing]) 4834fi 4835 4836AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4837 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4838 [[ extern char *__progname; printf("%s", __progname); ]])], 4839 [ ac_cv_libc_defines___progname="yes" ], 4840 [ ac_cv_libc_defines___progname="no" 4841 ]) 4842]) 4843if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4844 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4845fi 4846 4847AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4848 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4849 [[ printf("%s", __FUNCTION__); ]])], 4850 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4851 [ ac_cv_cc_implements___FUNCTION__="no" 4852 ]) 4853]) 4854if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4855 AC_DEFINE([HAVE___FUNCTION__], [1], 4856 [Define if compiler implements __FUNCTION__]) 4857fi 4858 4859AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4860 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4861 [[ printf("%s", __func__); ]])], 4862 [ ac_cv_cc_implements___func__="yes" ], 4863 [ ac_cv_cc_implements___func__="no" 4864 ]) 4865]) 4866if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4867 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4868fi 4869 4870AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4871 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4872#include <stdarg.h> 4873va_list x,y; 4874 ]], [[ va_copy(x,y); ]])], 4875 [ ac_cv_have_va_copy="yes" ], 4876 [ ac_cv_have_va_copy="no" 4877 ]) 4878]) 4879if test "x$ac_cv_have_va_copy" = "xyes" ; then 4880 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4881fi 4882 4883AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4884 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4885#include <stdarg.h> 4886va_list x,y; 4887 ]], [[ __va_copy(x,y); ]])], 4888 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4889 ]) 4890]) 4891if test "x$ac_cv_have___va_copy" = "xyes" ; then 4892 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4893fi 4894 4895AC_CACHE_CHECK([whether getopt has optreset support], 4896 ac_cv_have_getopt_optreset, [ 4897 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4898 [[ extern int optreset; optreset = 0; ]])], 4899 [ ac_cv_have_getopt_optreset="yes" ], 4900 [ ac_cv_have_getopt_optreset="no" 4901 ]) 4902]) 4903if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4904 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4905 [Define if your getopt(3) defines and uses optreset]) 4906fi 4907 4908AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4909 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4910[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4911 [ ac_cv_libc_defines_sys_errlist="yes" ], 4912 [ ac_cv_libc_defines_sys_errlist="no" 4913 ]) 4914]) 4915if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4916 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4917 [Define if your system defines sys_errlist[]]) 4918fi 4919 4920 4921AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4922 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4923[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4924 [ ac_cv_libc_defines_sys_nerr="yes" ], 4925 [ ac_cv_libc_defines_sys_nerr="no" 4926 ]) 4927]) 4928if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4929 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4930fi 4931 4932# Check libraries needed by DNS fingerprint support 4933AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4934 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4935 [Define if getrrsetbyname() exists])], 4936 [ 4937 # Needed by our getrrsetbyname() 4938 AC_SEARCH_LIBS([res_query], [resolv]) 4939 AC_SEARCH_LIBS([dn_expand], [resolv]) 4940 AC_MSG_CHECKING([if res_query will link]) 4941 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4942#include <sys/types.h> 4943#include <netinet/in.h> 4944#include <arpa/nameser.h> 4945#include <netdb.h> 4946#include <resolv.h> 4947 ]], [[ 4948 res_query (0, 0, 0, 0, 0); 4949 ]])], 4950 AC_MSG_RESULT([yes]), 4951 [AC_MSG_RESULT([no]) 4952 saved_LIBS="$LIBS" 4953 LIBS="$LIBS -lresolv" 4954 AC_MSG_CHECKING([for res_query in -lresolv]) 4955 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4956#include <sys/types.h> 4957#include <netinet/in.h> 4958#include <arpa/nameser.h> 4959#include <netdb.h> 4960#include <resolv.h> 4961 ]], [[ 4962 res_query (0, 0, 0, 0, 0); 4963 ]])], 4964 [AC_MSG_RESULT([yes])], 4965 [LIBS="$saved_LIBS" 4966 AC_MSG_RESULT([no])]) 4967 ]) 4968 AC_CHECK_FUNCS([_getshort _getlong]) 4969 AC_CHECK_DECLS([_getshort, _getlong], , , 4970 [#include <sys/types.h> 4971 #include <arpa/nameser.h>]) 4972 AC_CHECK_MEMBER([HEADER.ad], 4973 [AC_DEFINE([HAVE_HEADER_AD], [1], 4974 [Define if HEADER.ad exists in arpa/nameser.h])], , 4975 [#include <arpa/nameser.h>]) 4976 ]) 4977 4978AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4979AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4980#include <stdio.h> 4981#if HAVE_SYS_TYPES_H 4982# include <sys/types.h> 4983#endif 4984#include <netinet/in.h> 4985#include <arpa/nameser.h> 4986#include <resolv.h> 4987extern struct __res_state _res; 4988 ]], [[ 4989struct __res_state *volatile p = &_res; /* force resolution of _res */ 4990return 0; 4991 ]],)], 4992 [AC_MSG_RESULT([yes]) 4993 AC_DEFINE([HAVE__RES_EXTERN], [1], 4994 [Define if you have struct __res_state _res as an extern]) 4995 ], 4996 [ AC_MSG_RESULT([no]) ] 4997) 4998 4999# Check whether user wants SELinux support 5000SELINUX_MSG="no" 5001LIBSELINUX="" 5002AC_ARG_WITH([selinux], 5003 [ --with-selinux Enable SELinux support], 5004 [ if test "x$withval" != "xno" ; then 5005 save_LIBS="$LIBS" 5006 AC_DEFINE([WITH_SELINUX], [1], 5007 [Define if you want SELinux support.]) 5008 SELINUX_MSG="yes" 5009 AC_CHECK_HEADER([selinux/selinux.h], , 5010 AC_MSG_ERROR([SELinux support requires selinux.h header])) 5011 AC_CHECK_LIB([selinux], [setexeccon], 5012 [ LIBSELINUX="-lselinux" 5013 LIBS="$LIBS -lselinux" 5014 ], 5015 AC_MSG_ERROR([SELinux support requires libselinux library])) 5016 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 5017 LIBS="$save_LIBS $LIBSELINUX" 5018 fi ] 5019) 5020AC_SUBST([SSHDLIBS]) 5021 5022# Check whether user wants Kerberos 5 support 5023KRB5_MSG="no" 5024AC_ARG_WITH([kerberos5], 5025 [ --with-kerberos5=PATH Enable Kerberos 5 support], 5026 [ if test "x$withval" != "xno" ; then 5027 if test "x$withval" = "xyes" ; then 5028 KRB5ROOT="/usr/local" 5029 else 5030 KRB5ROOT=${withval} 5031 fi 5032 5033 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 5034 KRB5_MSG="yes" 5035 5036 use_pkgconfig_for_krb5= 5037 if test "x$PKGCONFIG" != "xno"; then 5038 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 5039 if "$PKGCONFIG" krb5; then 5040 AC_MSG_RESULT([yes]) 5041 use_pkgconfig_for_krb5=yes 5042 else 5043 AC_MSG_RESULT([no]) 5044 fi 5045 fi 5046 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 5047 K5CFLAGS=`$PKGCONFIG --cflags krb5` 5048 K5LIBS=`$PKGCONFIG --libs krb5` 5049 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 5050 5051 AC_MSG_CHECKING([for gssapi support]) 5052 if "$PKGCONFIG" krb5-gssapi; then 5053 AC_MSG_RESULT([yes]) 5054 AC_DEFINE([GSSAPI], [1], 5055 [Define this if you want GSSAPI 5056 support in the version 2 protocol]) 5057 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 5058 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 5059 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 5060 else 5061 AC_MSG_RESULT([no]) 5062 fi 5063 AC_MSG_CHECKING([whether we are using Heimdal]) 5064 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 5065 ]], [[ char *tmp = heimdal_version; ]])], 5066 [ AC_MSG_RESULT([yes]) 5067 AC_DEFINE([HEIMDAL], [1], 5068 [Define this if you are using the Heimdal 5069 version of Kerberos V5]) ], 5070 [AC_MSG_RESULT([no]) 5071 ]) 5072 else 5073 AC_PATH_TOOL([KRB5CONF], [krb5-config], 5074 [$KRB5ROOT/bin/krb5-config], 5075 [$KRB5ROOT/bin:$PATH]) 5076 if test -x $KRB5CONF ; then 5077 K5CFLAGS="`$KRB5CONF --cflags`" 5078 K5LIBS="`$KRB5CONF --libs`" 5079 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 5080 5081 AC_MSG_CHECKING([for gssapi support]) 5082 if $KRB5CONF | grep gssapi >/dev/null ; then 5083 AC_MSG_RESULT([yes]) 5084 AC_DEFINE([GSSAPI], [1], 5085 [Define this if you want GSSAPI 5086 support in the version 2 protocol]) 5087 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 5088 GSSLIBS="`$KRB5CONF --libs gssapi`" 5089 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 5090 else 5091 AC_MSG_RESULT([no]) 5092 fi 5093 AC_MSG_CHECKING([whether we are using Heimdal]) 5094 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 5095 ]], [[ char *tmp = heimdal_version; ]])], 5096 [ AC_MSG_RESULT([yes]) 5097 AC_DEFINE([HEIMDAL], [1], 5098 [Define this if you are using the Heimdal 5099 version of Kerberos V5]) ], 5100 [AC_MSG_RESULT([no]) 5101 ]) 5102 else 5103 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 5104 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 5105 AC_MSG_CHECKING([whether we are using Heimdal]) 5106 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 5107 ]], [[ char *tmp = heimdal_version; ]])], 5108 [ AC_MSG_RESULT([yes]) 5109 AC_DEFINE([HEIMDAL]) 5110 K5LIBS="-lkrb5" 5111 K5LIBS="$K5LIBS -lcom_err -lasn1" 5112 AC_CHECK_LIB([roken], [net_write], 5113 [K5LIBS="$K5LIBS -lroken"]) 5114 AC_CHECK_LIB([des], [des_cbc_encrypt], 5115 [K5LIBS="$K5LIBS -ldes"]) 5116 ], [ AC_MSG_RESULT([no]) 5117 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 5118 ]) 5119 AC_SEARCH_LIBS([dn_expand], [resolv]) 5120 5121 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 5122 [ AC_DEFINE([GSSAPI]) 5123 GSSLIBS="-lgssapi_krb5" ], 5124 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 5125 [ AC_DEFINE([GSSAPI]) 5126 GSSLIBS="-lgssapi" ], 5127 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 5128 [ AC_DEFINE([GSSAPI]) 5129 GSSLIBS="-lgss" ], 5130 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 5131 ]) 5132 ]) 5133 5134 AC_CHECK_HEADER([gssapi.h], , 5135 [ unset ac_cv_header_gssapi_h 5136 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 5137 AC_CHECK_HEADERS([gssapi.h], , 5138 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 5139 ) 5140 ] 5141 ) 5142 5143 oldCPP="$CPPFLAGS" 5144 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 5145 AC_CHECK_HEADER([gssapi_krb5.h], , 5146 [ CPPFLAGS="$oldCPP" ]) 5147 5148 fi 5149 fi 5150 if test -n "${rpath_opt}" ; then 5151 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 5152 fi 5153 if test ! -z "$blibpath" ; then 5154 blibpath="$blibpath:${KRB5ROOT}/lib" 5155 fi 5156 5157 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 5158 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 5159 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 5160 5161 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 5162 [Define this if you want to use libkafs' AFS support])]) 5163 5164 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 5165#ifdef HAVE_GSSAPI_H 5166# include <gssapi.h> 5167#elif defined(HAVE_GSSAPI_GSSAPI_H) 5168# include <gssapi/gssapi.h> 5169#endif 5170 5171#ifdef HAVE_GSSAPI_GENERIC_H 5172# include <gssapi_generic.h> 5173#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 5174# include <gssapi/gssapi_generic.h> 5175#endif 5176 ]]) 5177 saved_LIBS="$LIBS" 5178 LIBS="$LIBS $K5LIBS" 5179 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 5180 LIBS="$saved_LIBS" 5181 5182 fi 5183 ] 5184) 5185AC_SUBST([GSSLIBS]) 5186AC_SUBST([K5LIBS]) 5187AC_SUBST([CHANNELLIBS]) 5188 5189# Looking for programs, paths and files 5190 5191PRIVSEP_PATH=/var/empty 5192AC_ARG_WITH([privsep-path], 5193 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 5194 [ 5195 if test -n "$withval" && test "x$withval" != "xno" && \ 5196 test "x${withval}" != "xyes"; then 5197 PRIVSEP_PATH=$withval 5198 fi 5199 ] 5200) 5201AC_SUBST([PRIVSEP_PATH]) 5202 5203AC_ARG_WITH([xauth], 5204 [ --with-xauth=PATH Specify path to xauth program ], 5205 [ 5206 if test -n "$withval" && test "x$withval" != "xno" && \ 5207 test "x${withval}" != "xyes"; then 5208 xauth_path=$withval 5209 fi 5210 ], 5211 [ 5212 TestPath="$PATH" 5213 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 5214 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 5215 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 5216 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 5217 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 5218 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 5219 xauth_path="/usr/openwin/bin/xauth" 5220 fi 5221 ] 5222) 5223 5224STRIP_OPT=-s 5225AC_ARG_ENABLE([strip], 5226 [ --disable-strip Disable calling strip(1) on install], 5227 [ 5228 if test "x$enableval" = "xno" ; then 5229 STRIP_OPT= 5230 fi 5231 ] 5232) 5233AC_SUBST([STRIP_OPT]) 5234 5235if test -z "$xauth_path" ; then 5236 XAUTH_PATH="undefined" 5237 AC_SUBST([XAUTH_PATH]) 5238else 5239 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 5240 [Define if xauth is found in your path]) 5241 XAUTH_PATH=$xauth_path 5242 AC_SUBST([XAUTH_PATH]) 5243fi 5244 5245dnl # --with-maildir=/path/to/mail gets top priority. 5246dnl # if maildir is set in the platform case statement above we use that. 5247dnl # Otherwise we run a program to get the dir from system headers. 5248dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 5249dnl # If we find _PATH_MAILDIR we do nothing because that is what 5250dnl # session.c expects anyway. Otherwise we set to the value found 5251dnl # stripping any trailing slash. If for some strage reason our program 5252dnl # does not find what it needs, we default to /var/spool/mail. 5253# Check for mail directory 5254AC_ARG_WITH([maildir], 5255 [ --with-maildir=/path/to/mail Specify your system mail directory], 5256 [ 5257 if test "X$withval" != X && test "x$withval" != xno && \ 5258 test "x${withval}" != xyes; then 5259 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 5260 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 5261 fi 5262 ],[ 5263 if test "X$maildir" != "X"; then 5264 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5265 else 5266 AC_MSG_CHECKING([Discovering system mail directory]) 5267 AC_RUN_IFELSE( 5268 [AC_LANG_PROGRAM([[ 5269#include <stdio.h> 5270#include <stdlib.h> 5271#include <string.h> 5272#ifdef HAVE_PATHS_H 5273#include <paths.h> 5274#endif 5275#ifdef HAVE_MAILLOCK_H 5276#include <maillock.h> 5277#endif 5278#define DATA "conftest.maildir" 5279 ]], [[ 5280 FILE *fd; 5281 int rc; 5282 5283 fd = fopen(DATA,"w"); 5284 if(fd == NULL) 5285 exit(1); 5286 5287#if defined (_PATH_MAILDIR) 5288 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 5289 exit(1); 5290#elif defined (MAILDIR) 5291 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 5292 exit(1); 5293#elif defined (_PATH_MAIL) 5294 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 5295 exit(1); 5296#else 5297 exit (2); 5298#endif 5299 5300 exit(0); 5301 ]])], 5302 [ 5303 maildir_what=`awk -F: '{print $1}' conftest.maildir` 5304 maildir=`awk -F: '{print $2}' conftest.maildir \ 5305 | sed 's|/$||'` 5306 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 5307 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 5308 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5309 fi 5310 ], 5311 [ 5312 if test "X$ac_status" = "X2";then 5313# our test program didn't find it. Default to /var/spool/mail 5314 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5315 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5316 else 5317 AC_MSG_RESULT([*** not found ***]) 5318 fi 5319 ], 5320 [ 5321 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5322 ] 5323 ) 5324 fi 5325 ] 5326) # maildir 5327 5328if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5329 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5330 disable_ptmx_check=yes 5331fi 5332if test -z "$no_dev_ptmx" ; then 5333 if test "x$disable_ptmx_check" != "xyes" ; then 5334 AC_CHECK_FILE(["/dev/ptmx"], 5335 [ 5336 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5337 [Define if you have /dev/ptmx]) 5338 have_dev_ptmx=1 5339 ] 5340 ) 5341 fi 5342fi 5343 5344if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5345 AC_CHECK_FILE(["/dev/ptc"], 5346 [ 5347 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5348 [Define if you have /dev/ptc]) 5349 have_dev_ptc=1 5350 ] 5351 ) 5352else 5353 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5354fi 5355 5356# Options from here on. Some of these are preset by platform above 5357AC_ARG_WITH([mantype], 5358 [ --with-mantype=man|cat|doc Set man page type], 5359 [ 5360 case "$withval" in 5361 man|cat|doc) 5362 MANTYPE=$withval 5363 ;; 5364 *) 5365 AC_MSG_ERROR([invalid man type: $withval]) 5366 ;; 5367 esac 5368 ] 5369) 5370if test -z "$MANTYPE"; then 5371 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5372 MANTYPE=doc 5373 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5374 MANTYPE=doc 5375 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5376 MANTYPE=man 5377 else 5378 MANTYPE=cat 5379 fi 5380fi 5381AC_SUBST([MANTYPE]) 5382if test "$MANTYPE" = "doc"; then 5383 mansubdir=man; 5384else 5385 mansubdir=$MANTYPE; 5386fi 5387AC_SUBST([mansubdir]) 5388 5389# Whether to disable shadow password support 5390AC_ARG_WITH([shadow], 5391 [ --without-shadow Disable shadow password support], 5392 [ 5393 if test "x$withval" = "xno" ; then 5394 AC_DEFINE([DISABLE_SHADOW]) 5395 disable_shadow=yes 5396 fi 5397 ] 5398) 5399 5400if test -z "$disable_shadow" ; then 5401 AC_MSG_CHECKING([if the systems has expire shadow information]) 5402 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5403#include <sys/types.h> 5404#include <shadow.h> 5405struct spwd sp; 5406 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5407 [ sp_expire_available=yes ], [ 5408 ]) 5409 5410 if test "x$sp_expire_available" = "xyes" ; then 5411 AC_MSG_RESULT([yes]) 5412 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5413 [Define if you want to use shadow password expire field]) 5414 else 5415 AC_MSG_RESULT([no]) 5416 fi 5417fi 5418 5419# Use ip address instead of hostname in $DISPLAY 5420if test ! -z "$IPADDR_IN_DISPLAY" ; then 5421 DISPLAY_HACK_MSG="yes" 5422 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5423 [Define if you need to use IP address 5424 instead of hostname in $DISPLAY]) 5425else 5426 DISPLAY_HACK_MSG="no" 5427 AC_ARG_WITH([ipaddr-display], 5428 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5429 [ 5430 if test "x$withval" != "xno" ; then 5431 AC_DEFINE([IPADDR_IN_DISPLAY]) 5432 DISPLAY_HACK_MSG="yes" 5433 fi 5434 ] 5435 ) 5436fi 5437 5438# check for /etc/default/login and use it if present. 5439AC_ARG_ENABLE([etc-default-login], 5440 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5441 [ if test "x$enableval" = "xno"; then 5442 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5443 etc_default_login=no 5444 else 5445 etc_default_login=yes 5446 fi ], 5447 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5448 then 5449 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5450 etc_default_login=no 5451 else 5452 etc_default_login=yes 5453 fi ] 5454) 5455 5456if test "x$etc_default_login" != "xno"; then 5457 AC_CHECK_FILE(["/etc/default/login"], 5458 [ external_path_file=/etc/default/login ]) 5459 if test "x$external_path_file" = "x/etc/default/login"; then 5460 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5461 [Define if your system has /etc/default/login]) 5462 fi 5463fi 5464 5465dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5466if test $ac_cv_func_login_getcapbool = "yes" && \ 5467 test $ac_cv_header_login_cap_h = "yes" ; then 5468 external_path_file=/etc/login.conf 5469fi 5470 5471# Whether to mess with the default path 5472SERVER_PATH_MSG="(default)" 5473AC_ARG_WITH([default-path], 5474 [ --with-default-path= Specify default $PATH environment for server], 5475 [ 5476 if test "x$external_path_file" = "x/etc/login.conf" ; then 5477 AC_MSG_WARN([ 5478--with-default-path=PATH has no effect on this system. 5479Edit /etc/login.conf instead.]) 5480 elif test "x$withval" != "xno" ; then 5481 if test ! -z "$external_path_file" ; then 5482 AC_MSG_WARN([ 5483--with-default-path=PATH will only be used if PATH is not defined in 5484$external_path_file .]) 5485 fi 5486 user_path="$withval" 5487 SERVER_PATH_MSG="$withval" 5488 fi 5489 ], 5490 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5491 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5492 else 5493 if test ! -z "$external_path_file" ; then 5494 AC_MSG_WARN([ 5495If PATH is defined in $external_path_file, ensure the path to scp is included, 5496otherwise scp will not work.]) 5497 fi 5498 AC_RUN_IFELSE( 5499 [AC_LANG_PROGRAM([[ 5500/* find out what STDPATH is */ 5501#include <stdio.h> 5502#include <stdlib.h> 5503#ifdef HAVE_PATHS_H 5504# include <paths.h> 5505#endif 5506#ifndef _PATH_STDPATH 5507# ifdef _PATH_USERPATH /* Irix */ 5508# define _PATH_STDPATH _PATH_USERPATH 5509# else 5510# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5511# endif 5512#endif 5513#include <sys/types.h> 5514#include <sys/stat.h> 5515#include <fcntl.h> 5516#define DATA "conftest.stdpath" 5517 ]], [[ 5518 FILE *fd; 5519 int rc; 5520 5521 fd = fopen(DATA,"w"); 5522 if(fd == NULL) 5523 exit(1); 5524 5525 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5526 exit(1); 5527 5528 exit(0); 5529 ]])], 5530 [ user_path=`cat conftest.stdpath` ], 5531 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5532 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5533 ) 5534# make sure $bindir is in USER_PATH so scp will work 5535 t_bindir="${bindir}" 5536 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5537 t_bindir=`eval echo ${t_bindir}` 5538 case $t_bindir in 5539 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5540 esac 5541 case $t_bindir in 5542 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5543 esac 5544 done 5545 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5546 if test $? -ne 0 ; then 5547 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5548 if test $? -ne 0 ; then 5549 user_path=$user_path:$t_bindir 5550 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5551 fi 5552 fi 5553 fi ] 5554) 5555if test "x$external_path_file" != "x/etc/login.conf" ; then 5556 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5557 AC_SUBST([user_path]) 5558fi 5559 5560# Set superuser path separately to user path 5561AC_ARG_WITH([superuser-path], 5562 [ --with-superuser-path= Specify different path for super-user], 5563 [ 5564 if test -n "$withval" && test "x$withval" != "xno" && \ 5565 test "x${withval}" != "xyes"; then 5566 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5567 [Define if you want a different $PATH 5568 for the superuser]) 5569 superuser_path=$withval 5570 fi 5571 ] 5572) 5573 5574 5575AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5576IPV4_IN6_HACK_MSG="no" 5577AC_ARG_WITH(4in6, 5578 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5579 [ 5580 if test "x$withval" != "xno" ; then 5581 AC_MSG_RESULT([yes]) 5582 AC_DEFINE([IPV4_IN_IPV6], [1], 5583 [Detect IPv4 in IPv6 mapped addresses 5584 and treat as IPv4]) 5585 IPV4_IN6_HACK_MSG="yes" 5586 else 5587 AC_MSG_RESULT([no]) 5588 fi 5589 ], [ 5590 if test "x$inet6_default_4in6" = "xyes"; then 5591 AC_MSG_RESULT([yes (default)]) 5592 AC_DEFINE([IPV4_IN_IPV6]) 5593 IPV4_IN6_HACK_MSG="yes" 5594 else 5595 AC_MSG_RESULT([no (default)]) 5596 fi 5597 ] 5598) 5599 5600# Whether to enable BSD auth support 5601BSD_AUTH_MSG=no 5602AC_ARG_WITH([bsd-auth], 5603 [ --with-bsd-auth Enable BSD auth support], 5604 [ 5605 if test "x$withval" != "xno" ; then 5606 AC_DEFINE([BSD_AUTH], [1], 5607 [Define if you have BSD auth support]) 5608 BSD_AUTH_MSG=yes 5609 fi 5610 ] 5611) 5612 5613# Where to place sshd.pid 5614piddir=/var/run 5615# make sure the directory exists 5616if test ! -d $piddir ; then 5617 piddir=`eval echo ${sysconfdir}` 5618 case $piddir in 5619 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5620 esac 5621fi 5622 5623AC_ARG_WITH([pid-dir], 5624 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5625 [ 5626 if test -n "$withval" && test "x$withval" != "xno" && \ 5627 test "x${withval}" != "xyes"; then 5628 piddir=$withval 5629 if test ! -d $piddir ; then 5630 AC_MSG_WARN([** no $piddir directory on this system **]) 5631 fi 5632 fi 5633 ] 5634) 5635 5636AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5637 [Specify location of ssh.pid]) 5638AC_SUBST([piddir]) 5639 5640 5641AC_ARG_ENABLE([fd-passing], 5642 [ --disable-fd-passing disable file descriptor passsing [no]], 5643 [ 5644 if test "x$enableval" = "xno" ; then 5645 AC_DEFINE([DISABLE_FD_PASSING]) 5646 fi 5647 ] 5648) 5649 5650dnl allow user to disable some login recording features 5651AC_ARG_ENABLE([lastlog], 5652 [ --disable-lastlog disable use of lastlog even if detected [no]], 5653 [ 5654 if test "x$enableval" = "xno" ; then 5655 AC_DEFINE([DISABLE_LASTLOG]) 5656 fi 5657 ] 5658) 5659AC_ARG_ENABLE([utmp], 5660 [ --disable-utmp disable use of utmp even if detected [no]], 5661 [ 5662 if test "x$enableval" = "xno" ; then 5663 AC_DEFINE([DISABLE_UTMP]) 5664 fi 5665 ] 5666) 5667AC_ARG_ENABLE([utmpx], 5668 [ --disable-utmpx disable use of utmpx even if detected [no]], 5669 [ 5670 if test "x$enableval" = "xno" ; then 5671 AC_DEFINE([DISABLE_UTMPX], [1], 5672 [Define if you don't want to use utmpx]) 5673 fi 5674 ] 5675) 5676AC_ARG_ENABLE([wtmp], 5677 [ --disable-wtmp disable use of wtmp even if detected [no]], 5678 [ 5679 if test "x$enableval" = "xno" ; then 5680 AC_DEFINE([DISABLE_WTMP]) 5681 fi 5682 ] 5683) 5684AC_ARG_ENABLE([wtmpx], 5685 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5686 [ 5687 if test "x$enableval" = "xno" ; then 5688 AC_DEFINE([DISABLE_WTMPX], [1], 5689 [Define if you don't want to use wtmpx]) 5690 fi 5691 ] 5692) 5693AC_ARG_ENABLE([libutil], 5694 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5695 [ 5696 if test "x$enableval" = "xno" ; then 5697 AC_DEFINE([DISABLE_LOGIN]) 5698 fi 5699 ] 5700) 5701AC_ARG_ENABLE([pututline], 5702 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5703 [ 5704 if test "x$enableval" = "xno" ; then 5705 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5706 [Define if you don't want to use pututline() 5707 etc. to write [uw]tmp]) 5708 fi 5709 ] 5710) 5711AC_ARG_ENABLE([pututxline], 5712 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5713 [ 5714 if test "x$enableval" = "xno" ; then 5715 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5716 [Define if you don't want to use pututxline() 5717 etc. to write [uw]tmpx]) 5718 fi 5719 ] 5720) 5721AC_ARG_WITH([lastlog], 5722 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5723 [ 5724 if test "x$withval" = "xno" ; then 5725 AC_DEFINE([DISABLE_LASTLOG]) 5726 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5727 conf_lastlog_location=$withval 5728 fi 5729 ] 5730) 5731 5732dnl lastlog, [uw]tmpx? detection 5733dnl NOTE: set the paths in the platform section to avoid the 5734dnl need for command-line parameters 5735dnl lastlog and [uw]tmp are subject to a file search if all else fails 5736 5737dnl lastlog detection 5738dnl NOTE: the code itself will detect if lastlog is a directory 5739AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5740AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5741#include <sys/types.h> 5742#include <utmp.h> 5743#ifdef HAVE_LASTLOG_H 5744# include <lastlog.h> 5745#endif 5746#ifdef HAVE_PATHS_H 5747# include <paths.h> 5748#endif 5749#ifdef HAVE_LOGIN_H 5750# include <login.h> 5751#endif 5752 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5753 [ AC_MSG_RESULT([yes]) ], 5754 [ 5755 AC_MSG_RESULT([no]) 5756 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5757 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5758#include <sys/types.h> 5759#include <utmp.h> 5760#ifdef HAVE_LASTLOG_H 5761# include <lastlog.h> 5762#endif 5763#ifdef HAVE_PATHS_H 5764# include <paths.h> 5765#endif 5766 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5767 [ AC_MSG_RESULT([yes]) ], 5768 [ 5769 AC_MSG_RESULT([no]) 5770 system_lastlog_path=no 5771 ]) 5772]) 5773 5774if test -z "$conf_lastlog_location"; then 5775 if test x"$system_lastlog_path" = x"no" ; then 5776 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5777 if (test -d "$f" || test -f "$f") ; then 5778 conf_lastlog_location=$f 5779 fi 5780 done 5781 if test -z "$conf_lastlog_location"; then 5782 AC_MSG_WARN([** Cannot find lastlog **]) 5783 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5784 fi 5785 fi 5786fi 5787 5788if test -n "$conf_lastlog_location"; then 5789 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5790 [Define if you want to specify the path to your lastlog file]) 5791fi 5792 5793dnl utmp detection 5794AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5795AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5796#include <sys/types.h> 5797#include <utmp.h> 5798#ifdef HAVE_PATHS_H 5799# include <paths.h> 5800#endif 5801 ]], [[ char *utmp = UTMP_FILE; ]])], 5802 [ AC_MSG_RESULT([yes]) ], 5803 [ AC_MSG_RESULT([no]) 5804 system_utmp_path=no 5805]) 5806if test -z "$conf_utmp_location"; then 5807 if test x"$system_utmp_path" = x"no" ; then 5808 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5809 if test -f $f ; then 5810 conf_utmp_location=$f 5811 fi 5812 done 5813 if test -z "$conf_utmp_location"; then 5814 AC_DEFINE([DISABLE_UTMP]) 5815 fi 5816 fi 5817fi 5818if test -n "$conf_utmp_location"; then 5819 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5820 [Define if you want to specify the path to your utmp file]) 5821fi 5822 5823dnl wtmp detection 5824AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5825AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5826#include <sys/types.h> 5827#include <utmp.h> 5828#ifdef HAVE_PATHS_H 5829# include <paths.h> 5830#endif 5831 ]], [[ char *wtmp = WTMP_FILE; ]])], 5832 [ AC_MSG_RESULT([yes]) ], 5833 [ AC_MSG_RESULT([no]) 5834 system_wtmp_path=no 5835]) 5836if test -z "$conf_wtmp_location"; then 5837 if test x"$system_wtmp_path" = x"no" ; then 5838 for f in /usr/adm/wtmp /var/log/wtmp; do 5839 if test -f $f ; then 5840 conf_wtmp_location=$f 5841 fi 5842 done 5843 if test -z "$conf_wtmp_location"; then 5844 AC_DEFINE([DISABLE_WTMP]) 5845 fi 5846 fi 5847fi 5848if test -n "$conf_wtmp_location"; then 5849 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5850 [Define if you want to specify the path to your wtmp file]) 5851fi 5852 5853dnl wtmpx detection 5854AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5855AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5856#include <sys/types.h> 5857#include <utmp.h> 5858#ifdef HAVE_UTMPX_H 5859#include <utmpx.h> 5860#endif 5861#ifdef HAVE_PATHS_H 5862# include <paths.h> 5863#endif 5864 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5865 [ AC_MSG_RESULT([yes]) ], 5866 [ AC_MSG_RESULT([no]) 5867 system_wtmpx_path=no 5868]) 5869if test -z "$conf_wtmpx_location"; then 5870 if test x"$system_wtmpx_path" = x"no" ; then 5871 AC_DEFINE([DISABLE_WTMPX]) 5872 fi 5873else 5874 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5875 [Define if you want to specify the path to your wtmpx file]) 5876fi 5877 5878 5879if test ! -z "$blibpath" ; then 5880 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5881 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5882fi 5883 5884AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5885 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5886 AC_DEFINE([DISABLE_LASTLOG]) 5887 fi 5888 ], [ 5889#ifdef HAVE_SYS_TYPES_H 5890#include <sys/types.h> 5891#endif 5892#ifdef HAVE_UTMP_H 5893#include <utmp.h> 5894#endif 5895#ifdef HAVE_UTMPX_H 5896#include <utmpx.h> 5897#endif 5898#ifdef HAVE_LASTLOG_H 5899#include <lastlog.h> 5900#endif 5901 ]) 5902 5903AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5904 AC_DEFINE([DISABLE_UTMP]) 5905 AC_DEFINE([DISABLE_WTMP]) 5906 ], [ 5907#ifdef HAVE_SYS_TYPES_H 5908#include <sys/types.h> 5909#endif 5910#ifdef HAVE_UTMP_H 5911#include <utmp.h> 5912#endif 5913#ifdef HAVE_UTMPX_H 5914#include <utmpx.h> 5915#endif 5916#ifdef HAVE_LASTLOG_H 5917#include <lastlog.h> 5918#endif 5919 ]) 5920 5921dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5922dnl Add now. 5923CFLAGS="$CFLAGS $werror_flags" 5924 5925if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5926 TEST_SSH_IPV6=no 5927else 5928 TEST_SSH_IPV6=yes 5929fi 5930AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5931AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5932AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5933AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5934AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5935AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5936 5937# Binaries for interop tests. 5938AC_PATH_PROG([PLINK], [plink]) 5939AC_PATH_PROG([PUTTYGEN], [puttygen]) 5940AC_PATH_PROG([CONCH], [conch]) 5941AC_PATH_PROG([DROPBEAR], [dropbear]) 5942AC_PATH_PROG([DBCLIENT], [dbclient]) 5943AC_PATH_PROG([DROPBEARKEY], [dropbearkey]) 5944AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert]) 5945AC_PATH_PROG([TMUX], [tmux]) 5946 5947CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5948LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5949 5950# Make a copy of CFLAGS/LDFLAGS without PIE options. 5951LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/^-pie //;s/ -pie//g'` 5952CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/^-fPIE //;s/ -fPIE//g'` 5953AC_SUBST([LDFLAGS_NOPIE]) 5954AC_SUBST([CFLAGS_NOPIE]) 5955AC_SUBST([COMPATINCLUDES]) 5956 5957AC_EXEEXT 5958AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5959 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5960 survey.sh]) 5961AC_OUTPUT 5962 5963# Print summary of options 5964 5965# Someone please show me a better way :) 5966A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5967B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5968C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5969D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5970E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5971F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5972G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5973H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5974I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5975J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5976 5977echo "" 5978echo "OpenSSH has been configured with the following options:" 5979echo " User binaries: $B" 5980echo " System binaries: $C" 5981echo " Configuration files: $D" 5982echo " Askpass program: $E" 5983echo " Manual pages: $F" 5984echo " PID file: $G" 5985echo " Privilege separation chroot path: $H" 5986if test "x$external_path_file" = "x/etc/login.conf" ; then 5987echo " At runtime, sshd will use the path defined in $external_path_file" 5988echo " Make sure the path to scp is present, otherwise scp will not work" 5989else 5990echo " sshd default user PATH: $I" 5991 if test ! -z "$external_path_file"; then 5992echo " (If PATH is set in $external_path_file it will be used instead. If" 5993echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5994 fi 5995fi 5996if test ! -z "$superuser_path" ; then 5997echo " sshd superuser user PATH: $J" 5998fi 5999echo " Manpage format: $MANTYPE" 6000echo " PAM support: $PAM_MSG" 6001echo " OSF SIA support: $SIA_MSG" 6002echo " KerberosV support: $KRB5_MSG" 6003echo " SELinux support: $SELINUX_MSG" 6004echo " TCP Wrappers support: $TCPW_MSG" 6005echo " libedit support: $LIBEDIT_MSG" 6006echo " libldns support: $LDNS_MSG" 6007echo " Solaris process contract support: $SPC_MSG" 6008echo " Solaris project support: $SP_MSG" 6009echo " Solaris privilege support: $SPP_MSG" 6010echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 6011echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 6012echo " BSD Auth support: $BSD_AUTH_MSG" 6013echo " Random number source: $RAND_MSG" 6014echo " Privsep sandbox style: $SANDBOX_STYLE" 6015echo " PKCS#11 support: $enable_pkcs11" 6016echo " U2F/FIDO support: $enable_sk" 6017 6018echo "" 6019 6020echo " Host: ${host}" 6021echo " Compiler: ${CC}" 6022echo " Compiler flags: ${CFLAGS}" 6023echo "Preprocessor flags: ${CPPFLAGS}" 6024echo " Linker flags: ${LDFLAGS}" 6025echo " Libraries: ${LIBS}" 6026if test ! -z "${CHANNELLIBS}"; then 6027echo " +for channels: ${CHANNELLIBS}" 6028fi 6029if test ! -z "${LIBFIDO2}"; then 6030echo " +for FIDO2: ${LIBFIDO2}" 6031fi 6032if test ! -z "${SSHDLIBS}"; then 6033echo " +for sshd: ${SSHDLIBS}" 6034fi 6035 6036echo "" 6037 6038if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 6039 echo "SVR4 style packages are supported with \"make package\"" 6040 echo "" 6041fi 6042 6043if test "x$PAM_MSG" = "xyes" ; then 6044 echo "PAM is enabled. You may need to install a PAM control file " 6045 echo "for sshd, otherwise password authentication may fail. " 6046 echo "Example PAM control files can be found in the contrib/ " 6047 echo "subdirectory" 6048 echo "" 6049fi 6050 6051if test ! -z "$NO_PEERCHECK" ; then 6052 echo "WARNING: the operating system that you are using does not" 6053 echo "appear to support getpeereid(), getpeerucred() or the" 6054 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 6055 echo "enforce security checks to prevent unauthorised connections to" 6056 echo "ssh-agent. Their absence increases the risk that a malicious" 6057 echo "user can connect to your agent." 6058 echo "" 6059fi 6060 6061if test "$AUDIT_MODULE" = "bsm" ; then 6062 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 6063 echo "See the Solaris section in README.platform for details." 6064fi 6065