1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133openssl_bin=openssl 134AC_ARG_WITH([openssl], 135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 136 [ if test "x$withval" = "xno" ; then 137 openssl=no 138 openssl_bin="" 139 fi 140 ] 141) 142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 143if test "x$openssl" = "xyes" ; then 144 AC_MSG_RESULT([yes]) 145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 146else 147 AC_MSG_RESULT([no]) 148fi 149 150use_stack_protector=1 151use_toolchain_hardening=1 152use_retpoline=1 153AC_ARG_WITH([stackprotect], 154 [ --without-stackprotect Don't use compiler's stack protection], [ 155 if test "x$withval" = "xno"; then 156 use_stack_protector=0 157 fi ]) 158AC_ARG_WITH([hardening], 159 [ --without-hardening Don't use toolchain hardening flags], [ 160 if test "x$withval" = "xno"; then 161 use_toolchain_hardening=0 162 fi ]) 163AC_ARG_WITH([retpoline], 164 [ --without-retpoline Enable retpoline spectre mitigation], [ 165 if test "x$withval" = "xno"; then 166 use_retpoline=0 167 fi ]) 168 169# We use -Werror for the tests only so that we catch warnings like "this is 170# on by default" for things like -fPIE. 171AC_MSG_CHECKING([if $CC supports -Werror]) 172saved_CFLAGS="$CFLAGS" 173CFLAGS="$CFLAGS -Werror" 174AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 175 [ AC_MSG_RESULT([yes]) 176 WERROR="-Werror"], 177 [ AC_MSG_RESULT([no]) 178 WERROR="" ] 179) 180CFLAGS="$saved_CFLAGS" 181 182if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 183 AC_MSG_CHECKING([gcc version]) 184 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 185 case "$GCC_VER" in 186 1.*) no_attrib_nonnull=1 ;; 187 2.8* | 2.9*) 188 no_attrib_nonnull=1 189 ;; 190 2.*) no_attrib_nonnull=1 ;; 191 *) ;; 192 esac 193 AC_MSG_RESULT([$GCC_VER]) 194 195 AC_MSG_CHECKING([clang version]) 196 ver="`$CC -v 2>&1`" 197 if echo "$ver" | grep "Apple" >/dev/null; then 198 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \ 199 $SED 's/.*clang version //g' | $AWK '{print $1}'` 200 else 201 CLANG_VER=`echo "$ver" | grep 'clang version' | \ 202 $SED 's/.*clang version //g' | $AWK '{print $1}'` 203 fi 204 AC_MSG_RESULT([$CLANG_VER]) 205 206 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 209 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 210 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 211 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 212 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 213 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 214 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 215 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 216 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 217 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 218 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 219 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 220 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 221 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 222 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 223 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 224 if test "x$use_toolchain_hardening" = "x1"; then 225 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 226 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 227 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 228 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 229 # NB. -ftrapv expects certain support functions to be present in 230 # the compiler library (libgcc or similar) to detect integer operations 231 # that can overflow. We must check that the result of enabling it 232 # actually links. The test program compiled/linked includes a number 233 # of integer operations that should exercise this. 234 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 235 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 236 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 237 # https://github.com/llvm/llvm-project/issues/59242 238 # clang 17 has a different bug that causes an ICE when using this 239 # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) 240 case "$CLANG_VER" in 241 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 242 17*) ;; 243 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 244 esac 245 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 246 fi 247 if test "x$use_retpoline" = "x1"; then 248 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 249 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 250 fi 251 252 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 253 saved_CFLAGS="$CFLAGS" 254 CFLAGS="$CFLAGS -fno-builtin-memset" 255 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 256 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 257 [ AC_MSG_RESULT([yes]) ], 258 [ AC_MSG_RESULT([no]) 259 CFLAGS="$saved_CFLAGS" ] 260 ) 261 262 # -fstack-protector-all doesn't always work for some GCC versions 263 # and/or platforms, so we test if we can. If it's not supported 264 # on a given platform gcc will emit a warning so we use -Werror. 265 if test "x$use_stack_protector" = "x1"; then 266 for t in -fstack-protector-strong -fstack-protector-all \ 267 -fstack-protector; do 268 AC_MSG_CHECKING([if $CC supports $t]) 269 saved_CFLAGS="$CFLAGS" 270 saved_LDFLAGS="$LDFLAGS" 271 CFLAGS="$CFLAGS $t -Werror" 272 LDFLAGS="$LDFLAGS $t -Werror" 273 AC_LINK_IFELSE( 274 [AC_LANG_PROGRAM([[ 275 #include <stdio.h> 276 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 277 ]], 278 [[ 279 char x[256]; 280 snprintf(x, sizeof(x), "XXX%d", func(1)); 281 ]])], 282 [ AC_MSG_RESULT([yes]) 283 CFLAGS="$saved_CFLAGS $t" 284 LDFLAGS="$saved_LDFLAGS $t" 285 AC_MSG_CHECKING([if $t works]) 286 AC_RUN_IFELSE( 287 [AC_LANG_PROGRAM([[ 288 #include <stdio.h> 289 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 290 ]], 291 [[ 292 char x[256]; 293 snprintf(x, sizeof(x), "XXX%d", func(1)); 294 ]])], 295 [ AC_MSG_RESULT([yes]) 296 break ], 297 [ AC_MSG_RESULT([no]) ], 298 [ AC_MSG_WARN([cross compiling: cannot test]) 299 break ] 300 ) 301 ], 302 [ AC_MSG_RESULT([no]) ] 303 ) 304 CFLAGS="$saved_CFLAGS" 305 LDFLAGS="$saved_LDFLAGS" 306 done 307 fi 308 309 if test -z "$have_llong_max"; then 310 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 311 unset ac_cv_have_decl_LLONG_MAX 312 saved_CFLAGS="$CFLAGS" 313 CFLAGS="$CFLAGS -std=gnu99" 314 AC_CHECK_DECL([LLONG_MAX], 315 [have_llong_max=1], 316 [CFLAGS="$saved_CFLAGS"], 317 [#include <limits.h>] 318 ) 319 fi 320fi 321 322AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 323AC_COMPILE_IFELSE( 324 [AC_LANG_PROGRAM([[ 325#include <stdlib.h> 326__attribute__((__unused__)) static void foo(void){return;}]], 327 [[ exit(0); ]])], 328 [ AC_MSG_RESULT([yes]) ], 329 [ AC_MSG_RESULT([no]) 330 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 331 [compiler does not accept __attribute__ on return types]) ] 332) 333 334AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 335AC_COMPILE_IFELSE( 336 [AC_LANG_PROGRAM([[ 337#include <stdlib.h> 338typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 339 [[ exit(0); ]])], 340 [ AC_MSG_RESULT([yes]) ], 341 [ AC_MSG_RESULT([no]) 342 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 343 [compiler does not accept __attribute__ on prototype args]) ] 344) 345 346AC_MSG_CHECKING([if compiler supports variable length arrays]) 347AC_COMPILE_IFELSE( 348 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 349 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 350 [ AC_MSG_RESULT([yes]) 351 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 352 [compiler supports variable length arrays]) ], 353 [ AC_MSG_RESULT([no]) ] 354) 355 356AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 357AC_COMPILE_IFELSE( 358 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 359 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 360 [ AC_MSG_RESULT([yes]) 361 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 362 [compiler variable declarations after code]) ], 363 [ AC_MSG_RESULT([no]) ] 364) 365 366if test "x$no_attrib_nonnull" != "x1" ; then 367 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 368fi 369 370AC_ARG_WITH([rpath], 371 [ --without-rpath Disable auto-added -R linker paths], 372 [ 373 if test "x$withval" = "xno" ; then 374 rpath_opt="" 375 elif test "x$withval" = "xyes" ; then 376 rpath_opt="-R" 377 else 378 rpath_opt="$withval" 379 fi 380 ] 381) 382 383# Allow user to specify flags 384AC_ARG_WITH([cflags], 385 [ --with-cflags Specify additional flags to pass to compiler], 386 [ 387 if test -n "$withval" && test "x$withval" != "xno" && \ 388 test "x${withval}" != "xyes"; then 389 CFLAGS="$CFLAGS $withval" 390 fi 391 ] 392) 393 394AC_ARG_WITH([cflags-after], 395 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 396 [ 397 if test -n "$withval" && test "x$withval" != "xno" && \ 398 test "x${withval}" != "xyes"; then 399 CFLAGS_AFTER="$withval" 400 fi 401 ] 402) 403AC_ARG_WITH([cppflags], 404 [ --with-cppflags Specify additional flags to pass to preprocessor] , 405 [ 406 if test -n "$withval" && test "x$withval" != "xno" && \ 407 test "x${withval}" != "xyes"; then 408 CPPFLAGS="$CPPFLAGS $withval" 409 fi 410 ] 411) 412AC_ARG_WITH([ldflags], 413 [ --with-ldflags Specify additional flags to pass to linker], 414 [ 415 if test -n "$withval" && test "x$withval" != "xno" && \ 416 test "x${withval}" != "xyes"; then 417 LDFLAGS="$LDFLAGS $withval" 418 fi 419 ] 420) 421AC_ARG_WITH([ldflags-after], 422 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 423 [ 424 if test -n "$withval" && test "x$withval" != "xno" && \ 425 test "x${withval}" != "xyes"; then 426 LDFLAGS_AFTER="$withval" 427 fi 428 ] 429) 430AC_ARG_WITH([libs], 431 [ --with-libs Specify additional libraries to link with], 432 [ 433 if test -n "$withval" && test "x$withval" != "xno" && \ 434 test "x${withval}" != "xyes"; then 435 LIBS="$LIBS $withval" 436 fi 437 ] 438) 439AC_ARG_WITH([Werror], 440 [ --with-Werror Build main code with -Werror], 441 [ 442 if test -n "$withval" && test "x$withval" != "xno"; then 443 werror_flags="-Werror" 444 if test "x${withval}" != "xyes"; then 445 werror_flags="$withval" 446 fi 447 fi 448 ] 449) 450 451dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 452dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 453dnl haven't detected it, recheck. 454if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 455 unset ac_cv_header_sys_stat_h 456 AC_CHECK_HEADERS([sys/stat.h]) 457fi 458 459AC_CHECK_HEADERS([ \ 460 blf.h \ 461 bstring.h \ 462 crypt.h \ 463 crypto/sha2.h \ 464 dirent.h \ 465 endian.h \ 466 elf.h \ 467 err.h \ 468 features.h \ 469 fcntl.h \ 470 floatingpoint.h \ 471 fnmatch.h \ 472 getopt.h \ 473 glob.h \ 474 ia.h \ 475 iaf.h \ 476 ifaddrs.h \ 477 inttypes.h \ 478 langinfo.h \ 479 limits.h \ 480 locale.h \ 481 login.h \ 482 maillock.h \ 483 ndir.h \ 484 net/if_tun.h \ 485 netdb.h \ 486 netgroup.h \ 487 pam/pam_appl.h \ 488 paths.h \ 489 poll.h \ 490 pty.h \ 491 readpassphrase.h \ 492 rpc/types.h \ 493 security/pam_appl.h \ 494 sha2.h \ 495 shadow.h \ 496 stddef.h \ 497 stdint.h \ 498 string.h \ 499 strings.h \ 500 sys/bitypes.h \ 501 sys/byteorder.h \ 502 sys/bsdtty.h \ 503 sys/cdefs.h \ 504 sys/dir.h \ 505 sys/file.h \ 506 sys/mman.h \ 507 sys/label.h \ 508 sys/ndir.h \ 509 sys/param.h \ 510 sys/poll.h \ 511 sys/prctl.h \ 512 sys/procctl.h \ 513 sys/pstat.h \ 514 sys/ptrace.h \ 515 sys/random.h \ 516 sys/select.h \ 517 sys/stream.h \ 518 sys/stropts.h \ 519 sys/strtio.h \ 520 sys/statvfs.h \ 521 sys/sysmacros.h \ 522 sys/time.h \ 523 sys/timers.h \ 524 sys/vfs.h \ 525 time.h \ 526 tmpdir.h \ 527 ttyent.h \ 528 ucred.h \ 529 unistd.h \ 530 usersec.h \ 531 util.h \ 532 utime.h \ 533 utmp.h \ 534 utmpx.h \ 535 vis.h \ 536 wchar.h \ 537]) 538 539# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 540# to be included first. 541AC_CHECK_HEADERS([sys/audit.h], [], [], [ 542#ifdef HAVE_SYS_TIME_H 543# include <sys/time.h> 544#endif 545#ifdef HAVE_SYS_TYPES_H 546# include <sys/types.h> 547#endif 548#ifdef HAVE_SYS_LABEL_H 549# include <sys/label.h> 550#endif 551]) 552 553# sys/capsicum.h requires sys/types.h 554AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 555#ifdef HAVE_SYS_TYPES_H 556# include <sys/types.h> 557#endif 558]) 559 560AC_MSG_CHECKING([for caph_cache_tzdata]) 561AC_LINK_IFELSE( 562 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 563 [[caph_cache_tzdata();]])], 564 [ 565 AC_MSG_RESULT([yes]) 566 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 567 [Define if you have caph_cache_tzdata]) 568 ], 569 [ AC_MSG_RESULT([no]) ] 570) 571 572# net/route.h requires sys/socket.h and sys/types.h. 573# sys/sysctl.h also requires sys/param.h 574AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 575#ifdef HAVE_SYS_TYPES_H 576# include <sys/types.h> 577#endif 578#include <sys/param.h> 579#include <sys/socket.h> 580]) 581 582# lastlog.h requires sys/time.h to be included first on Solaris 583AC_CHECK_HEADERS([lastlog.h], [], [], [ 584#ifdef HAVE_SYS_TIME_H 585# include <sys/time.h> 586#endif 587]) 588 589# sys/ptms.h requires sys/stream.h to be included first on Solaris 590AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 591#ifdef HAVE_SYS_STREAM_H 592# include <sys/stream.h> 593#endif 594]) 595 596# login_cap.h requires sys/types.h on NetBSD 597AC_CHECK_HEADERS([login_cap.h], [], [], [ 598#include <sys/types.h> 599]) 600 601# older BSDs need sys/param.h before sys/mount.h 602AC_CHECK_HEADERS([sys/mount.h], [], [], [ 603#include <sys/param.h> 604]) 605 606# Android requires sys/socket.h to be included before sys/un.h 607AC_CHECK_HEADERS([sys/un.h], [], [], [ 608#include <sys/types.h> 609#include <sys/socket.h> 610]) 611 612# Messages for features tested for in target-specific section 613SIA_MSG="no" 614SPC_MSG="no" 615SP_MSG="no" 616SPP_MSG="no" 617 618# Support for Solaris/Illumos privileges (this test is used by both 619# the --with-solaris-privs option and --with-sandbox=solaris). 620SOLARIS_PRIVS="no" 621 622# Check for some target-specific stuff 623case "$host" in 624*-*-aix*) 625 # Some versions of VAC won't allow macro redefinitions at 626 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 627 # particularly with older versions of vac or xlc. 628 # It also throws errors about null macro arguments, but these are 629 # not fatal. 630 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 631 AC_COMPILE_IFELSE( 632 [AC_LANG_PROGRAM([[ 633#define testmacro foo 634#define testmacro bar]], 635 [[ exit(0); ]])], 636 [ AC_MSG_RESULT([yes]) ], 637 [ AC_MSG_RESULT([no]) 638 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 639 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 640 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 641 ] 642 ) 643 644 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 645 if (test -z "$blibpath"); then 646 blibpath="/usr/lib:/lib" 647 fi 648 saved_LDFLAGS="$LDFLAGS" 649 if test "$GCC" = "yes"; then 650 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 651 else 652 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 653 fi 654 for tryflags in $flags ;do 655 if (test -z "$blibflags"); then 656 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 657 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 658 [blibflags=$tryflags], []) 659 fi 660 done 661 if (test -z "$blibflags"); then 662 AC_MSG_RESULT([not found]) 663 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 664 else 665 AC_MSG_RESULT([$blibflags]) 666 fi 667 LDFLAGS="$saved_LDFLAGS" 668 dnl Check for authenticate. Might be in libs.a on older AIXes 669 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 670 [Define if you want to enable AIX4's authenticate function])], 671 [AC_CHECK_LIB([s], [authenticate], 672 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 673 LIBS="$LIBS -ls" 674 ]) 675 ]) 676 dnl Check for various auth function declarations in headers. 677 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 678 passwdexpired, setauthdb], , , [#include <usersec.h>]) 679 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 680 AC_CHECK_DECLS([loginfailed], 681 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 682 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 683 [[ (void)loginfailed("user","host","tty",0); ]])], 684 [AC_MSG_RESULT([yes]) 685 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 686 [Define if your AIX loginfailed() function 687 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 688 ])], 689 [], 690 [#include <usersec.h>] 691 ) 692 AC_CHECK_FUNCS([getgrset setauthdb]) 693 AC_CHECK_DECL([F_CLOSEM], 694 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 695 [], 696 [ #include <limits.h> 697 #include <fcntl.h> ] 698 ) 699 check_for_aix_broken_getaddrinfo=1 700 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 701 [Define if your platform breaks doing a seteuid before a setuid]) 702 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 703 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 704 dnl AIX handles lastlog as part of its login message 705 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 706 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 707 [Some systems need a utmpx entry for /bin/login to work]) 708 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 709 [Define to a Set Process Title type if your system is 710 supported by bsd-setproctitle.c]) 711 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 712 [AIX 5.2 and 5.3 (and presumably newer) require this]) 713 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 714 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 715 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 716 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 717 ;; 718*-*-android*) 719 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 720 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 721 ;; 722*-*-cygwin*) 723 LIBS="$LIBS /usr/lib/textreadmode.o" 724 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 725 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 726 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 727 [Define to disable UID restoration test]) 728 AC_DEFINE([DISABLE_SHADOW], [1], 729 [Define if you want to disable shadow passwords]) 730 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 731 [Define if X11 doesn't support AF_UNIX sockets on that system]) 732 AC_DEFINE([DISABLE_FD_PASSING], [1], 733 [Define if your platform needs to skip post auth 734 file descriptor passing]) 735 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 736 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 737 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 738 # reasons which cause compile warnings, so we disable those warnings. 739 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 740 ;; 741*-*-dgux*) 742 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 743 [Define if your system choked on IP TOS setting]) 744 AC_DEFINE([SETEUID_BREAKS_SETUID]) 745 AC_DEFINE([BROKEN_SETREUID]) 746 AC_DEFINE([BROKEN_SETREGID]) 747 ;; 748*-*-darwin*) 749 use_pie=auto 750 AC_MSG_CHECKING([if we have working getaddrinfo]) 751 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 752#include <mach-o/dyld.h> 753#include <stdlib.h> 754int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 755 exit(0); 756 else 757 exit(1); 758} 759 ]])], 760 [AC_MSG_RESULT([working])], 761 [AC_MSG_RESULT([buggy]) 762 AC_DEFINE([BROKEN_GETADDRINFO], [1], 763 [getaddrinfo is broken (if present)]) 764 ], 765 [AC_MSG_RESULT([assume it is working])]) 766 AC_DEFINE([SETEUID_BREAKS_SETUID]) 767 AC_DEFINE([BROKEN_SETREUID]) 768 AC_DEFINE([BROKEN_SETREGID]) 769 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 770 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 771 [Define if your resolver libs need this for getrrsetbyname]) 772 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 773 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 774 [Use tunnel device compatibility to OpenBSD]) 775 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 776 [Prepend the address family to IP tunnel traffic]) 777 m4_pattern_allow([AU_IPv]) 778 AC_CHECK_DECL([AU_IPv4], [], 779 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 780 [#include <bsm/audit.h>] 781 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 782 [Define if pututxline updates lastlog too]) 783 ) 784 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 785 [Define to a Set Process Title type if your system is 786 supported by bsd-setproctitle.c]) 787 AC_CHECK_FUNCS([sandbox_init]) 788 AC_CHECK_HEADERS([sandbox.h]) 789 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 790 SSHDLIBS="$SSHDLIBS -lsandbox" 791 ]) 792 # proc_pidinfo()-based closefrom() replacement. 793 AC_CHECK_HEADERS([libproc.h]) 794 AC_CHECK_FUNCS([proc_pidinfo]) 795 # poll(2) is broken for character-special devices (at least). 796 # cf. Apple bug 3710161 (not public, but searchable) 797 AC_DEFINE([BROKEN_POLL], [1], 798 [System poll(2) implementation is broken]) 799 ;; 800*-*-dragonfly*) 801 SSHDLIBS="$SSHDLIBS" 802 TEST_MALLOC_OPTIONS="AFGJPRX" 803 ;; 804*-*-haiku*) 805 LIBS="$LIBS -lbsd " 806 CFLAGS="$CFLAGS -D_BSD_SOURCE" 807 AC_CHECK_LIB([network], [socket]) 808 AC_DEFINE([HAVE_U_INT64_T]) 809 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 810 MANTYPE=man 811 ;; 812*-*-hpux*) 813 # first we define all of the options common to all HP-UX releases 814 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 815 IPADDR_IN_DISPLAY=yes 816 AC_DEFINE([USE_PIPES]) 817 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 818 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 819 [String used in /etc/passwd to denote locked account]) 820 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 821 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 822 maildir="/var/mail" 823 LIBS="$LIBS -lsec" 824 AC_CHECK_LIB([xnet], [t_error], , 825 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 826 827 # next, we define all of the options specific to major releases 828 case "$host" in 829 *-*-hpux10*) 830 if test -z "$GCC"; then 831 CFLAGS="$CFLAGS -Ae" 832 fi 833 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 834 ;; 835 *-*-hpux11*) 836 AC_DEFINE([PAM_SUN_CODEBASE], [1], 837 [Define if you are using Solaris-derived PAM which 838 passes pam_messages to the conversation function 839 with an extra level of indirection]) 840 AC_DEFINE([DISABLE_UTMP], [1], 841 [Define if you don't want to use utmp]) 842 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 843 check_for_hpux_broken_getaddrinfo=1 844 check_for_conflicting_getspnam=1 845 ;; 846 esac 847 848 # lastly, we define options specific to minor releases 849 case "$host" in 850 *-*-hpux10.26) 851 AC_DEFINE([HAVE_SECUREWARE], [1], 852 [Define if you have SecureWare-based 853 protected password database]) 854 disable_ptmx_check=yes 855 LIBS="$LIBS -lsecpw" 856 ;; 857 esac 858 ;; 859*-*-irix5*) 860 PATH="$PATH:/usr/etc" 861 AC_DEFINE([BROKEN_INET_NTOA], [1], 862 [Define if you system's inet_ntoa is busted 863 (e.g. Irix gcc issue)]) 864 AC_DEFINE([SETEUID_BREAKS_SETUID]) 865 AC_DEFINE([BROKEN_SETREUID]) 866 AC_DEFINE([BROKEN_SETREGID]) 867 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 868 [Define if you shouldn't strip 'tty' from your 869 ttyname in [uw]tmp]) 870 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 871 ;; 872*-*-irix6*) 873 PATH="$PATH:/usr/etc" 874 AC_DEFINE([WITH_IRIX_ARRAY], [1], 875 [Define if you have/want arrays 876 (cluster-wide session management, not C arrays)]) 877 AC_DEFINE([WITH_IRIX_PROJECT], [1], 878 [Define if you want IRIX project management]) 879 AC_DEFINE([WITH_IRIX_AUDIT], [1], 880 [Define if you want IRIX audit trails]) 881 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 882 [Define if you want IRIX kernel jobs])]) 883 AC_DEFINE([BROKEN_INET_NTOA]) 884 AC_DEFINE([SETEUID_BREAKS_SETUID]) 885 AC_DEFINE([BROKEN_SETREUID]) 886 AC_DEFINE([BROKEN_SETREGID]) 887 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 888 AC_DEFINE([WITH_ABBREV_NO_TTY]) 889 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 890 ;; 891*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 892 AC_DEFINE([PAM_TTY_KLUDGE]) 893 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 894 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 895 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 896 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 897 ;; 898*-*-linux*) 899 no_dev_ptmx=1 900 use_pie=auto 901 check_for_openpty_ctty_bug=1 902 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 903 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 904 dnl _GNU_SOURCE is needed for setres*id prototypes. 905 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 906 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 907 AC_DEFINE([PAM_TTY_KLUDGE], [1], 908 [Work around problematic Linux PAM modules handling of PAM_TTY]) 909 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 910 [String used in /etc/passwd to denote locked account]) 911 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 912 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 913 [Define to whatever link() returns for "not supported" 914 if it doesn't return EOPNOTSUPP.]) 915 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 916 AC_DEFINE([USE_BTMP]) 917 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 918 AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload]) 919 inet6_default_4in6=yes 920 case `uname -r` in 921 1.*|2.0.*) 922 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 923 [Define if cmsg_type is not passed correctly]) 924 ;; 925 esac 926 # tun(4) forwarding compat code 927 AC_CHECK_HEADERS([linux/if_tun.h]) 928 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 929 AC_DEFINE([SSH_TUN_LINUX], [1], 930 [Open tunnel devices the Linux tun/tap way]) 931 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 932 [Use tunnel device compatibility to OpenBSD]) 933 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 934 [Prepend the address family to IP tunnel traffic]) 935 fi 936 AC_CHECK_HEADER([linux/if.h], 937 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 938 [Support routing domains using Linux VRF]), [], [ 939#ifdef HAVE_SYS_TYPES_H 940# include <sys/types.h> 941#endif 942 ]) 943 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 944 [], [#include <linux/types.h>]) 945 # Obtain MIPS ABI 946 case "$host" in 947 mips*) 948 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 949#if _MIPS_SIM != _ABIO32 950#error 951#endif 952 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 953#if _MIPS_SIM != _ABIN32 954#error 955#endif 956 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 957#if _MIPS_SIM != _ABI64 958#error 959#endif 960 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 961 ]) 962 ]) 963 ]) 964 ;; 965 esac 966 AC_MSG_CHECKING([for seccomp architecture]) 967 seccomp_audit_arch= 968 case "$host" in 969 x86_64-*) 970 seccomp_audit_arch=AUDIT_ARCH_X86_64 971 ;; 972 i*86-*) 973 seccomp_audit_arch=AUDIT_ARCH_I386 974 ;; 975 arm*-*) 976 seccomp_audit_arch=AUDIT_ARCH_ARM 977 ;; 978 aarch64*-*) 979 seccomp_audit_arch=AUDIT_ARCH_AARCH64 980 ;; 981 s390x-*) 982 seccomp_audit_arch=AUDIT_ARCH_S390X 983 ;; 984 s390-*) 985 seccomp_audit_arch=AUDIT_ARCH_S390 986 ;; 987 powerpc-*) 988 seccomp_audit_arch=AUDIT_ARCH_PPC 989 ;; 990 powerpc64-*) 991 seccomp_audit_arch=AUDIT_ARCH_PPC64 992 ;; 993 powerpc64le-*) 994 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 995 ;; 996 mips-*) 997 seccomp_audit_arch=AUDIT_ARCH_MIPS 998 ;; 999 mipsel-*) 1000 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 1001 ;; 1002 mips64-*) 1003 case "$mips_abi" in 1004 "n32") 1005 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 1006 ;; 1007 "n64") 1008 seccomp_audit_arch=AUDIT_ARCH_MIPS64 1009 ;; 1010 esac 1011 ;; 1012 mips64el-*) 1013 case "$mips_abi" in 1014 "n32") 1015 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 1016 ;; 1017 "n64") 1018 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1019 ;; 1020 esac 1021 ;; 1022 riscv64-*) 1023 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1024 ;; 1025 esac 1026 if test "x$seccomp_audit_arch" != "x" ; then 1027 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1028 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1029 [Specify the system call convention in use]) 1030 else 1031 AC_MSG_RESULT([architecture not supported]) 1032 fi 1033 ;; 1034*-*-minix) 1035 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1036 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1037 AC_DEFINE([BROKEN_POLL], [1], 1038 [System poll(2) implementation is broken]) 1039 ;; 1040mips-sony-bsd|mips-sony-newsos4) 1041 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1042 SONY=1 1043 ;; 1044*-*-netbsd*) 1045 if test "x$withval" != "xno" ; then 1046 rpath_opt="-R" 1047 fi 1048 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1049 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1050 AC_CHECK_HEADER([net/if_tap.h], , 1051 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1052 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1053 [Prepend the address family to IP tunnel traffic]) 1054 TEST_MALLOC_OPTIONS="AJRX" 1055 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1056 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1057 ;; 1058*-*-freebsd*) 1059 SKIP_DISABLE_LASTLOG_DEFINE=yes 1060 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1061 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1062 AC_CHECK_HEADER([net/if_tap.h], , 1063 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1064 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1065 TEST_MALLOC_OPTIONS="AJRX" 1066 # Preauth crypto occasionally uses file descriptors for crypto offload 1067 # and will crash if they cannot be opened. 1068 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1069 [define if setrlimit RLIMIT_NOFILE breaks things]) 1070 case "$host" in 1071 *-*-freebsd9.*|*-*-freebsd10.*) 1072 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1073 disable_capsicum=yes 1074 esac 1075 ;; 1076*-*-bsdi*) 1077 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1078 AC_DEFINE([BROKEN_SETREUID]) 1079 AC_DEFINE([BROKEN_SETREGID]) 1080 ;; 1081*-next-*) 1082 conf_lastlog_location="/usr/adm/lastlog" 1083 conf_utmp_location=/etc/utmp 1084 conf_wtmp_location=/usr/adm/wtmp 1085 maildir=/usr/spool/mail 1086 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1087 AC_DEFINE([USE_PIPES]) 1088 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1089 ;; 1090*-*-openbsd*) 1091 use_pie=auto 1092 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1093 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1094 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1095 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1096 [syslog_r function is safe to use in in a signal handler]) 1097 TEST_MALLOC_OPTIONS="SJRU" 1098 ;; 1099*-*-solaris*) 1100 if test "x$withval" != "xno" ; then 1101 rpath_opt="-R" 1102 fi 1103 AC_DEFINE([PAM_SUN_CODEBASE]) 1104 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1105 AC_DEFINE([PAM_TTY_KLUDGE]) 1106 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1107 [Define if pam_chauthtok wants real uid set 1108 to the unpriv'ed user]) 1109 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1110 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1111 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1112 [Define if sshd somehow reacquires a controlling TTY 1113 after setsid()]) 1114 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1115 in case the name is longer than 8 chars]) 1116 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1117 external_path_file=/etc/default/login 1118 # hardwire lastlog location (can't detect it on some versions) 1119 conf_lastlog_location="/var/adm/lastlog" 1120 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1121 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1122 if test "$sol2ver" -ge 8; then 1123 AC_MSG_RESULT([yes]) 1124 AC_DEFINE([DISABLE_UTMP]) 1125 AC_DEFINE([DISABLE_WTMP], [1], 1126 [Define if you don't want to use wtmp]) 1127 else 1128 AC_MSG_RESULT([no]) 1129 fi 1130 AC_CHECK_FUNCS([setpflags]) 1131 AC_CHECK_FUNCS([setppriv]) 1132 AC_CHECK_FUNCS([priv_basicset]) 1133 AC_CHECK_HEADERS([priv.h]) 1134 AC_ARG_WITH([solaris-contracts], 1135 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1136 [ 1137 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1138 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1139 [Define if you have Solaris process contracts]) 1140 LIBS="$LIBS -lcontract" 1141 SPC_MSG="yes" ], ) 1142 ], 1143 ) 1144 AC_ARG_WITH([solaris-projects], 1145 [ --with-solaris-projects Enable Solaris projects (experimental)], 1146 [ 1147 AC_CHECK_LIB([project], [setproject], 1148 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1149 [Define if you have Solaris projects]) 1150 LIBS="$LIBS -lproject" 1151 SP_MSG="yes" ], ) 1152 ], 1153 ) 1154 AC_ARG_WITH([solaris-privs], 1155 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1156 [ 1157 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1158 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1159 "x$ac_cv_header_priv_h" = "xyes" ; then 1160 SOLARIS_PRIVS=yes 1161 AC_MSG_RESULT([found]) 1162 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1163 [Define to disable UID restoration test]) 1164 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1165 [Define if you have Solaris privileges]) 1166 SPP_MSG="yes" 1167 else 1168 AC_MSG_RESULT([not found]) 1169 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1170 fi 1171 ], 1172 ) 1173 TEST_SHELL=$SHELL # let configure find us a capable shell 1174 ;; 1175*-*-sunos4*) 1176 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1177 AC_CHECK_FUNCS([getpwanam]) 1178 AC_DEFINE([PAM_SUN_CODEBASE]) 1179 conf_utmp_location=/etc/utmp 1180 conf_wtmp_location=/var/adm/wtmp 1181 conf_lastlog_location=/var/adm/lastlog 1182 AC_DEFINE([USE_PIPES]) 1183 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1184 ;; 1185*-ncr-sysv*) 1186 LIBS="$LIBS -lc89" 1187 AC_DEFINE([USE_PIPES]) 1188 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1189 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1190 AC_DEFINE([BROKEN_SETREUID]) 1191 AC_DEFINE([BROKEN_SETREGID]) 1192 ;; 1193*-sni-sysv*) 1194 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1195 AC_CHECK_LIB([dl], [dlsym], ,) 1196 # -lresolv needs to be at the end of LIBS or DNS lookups break 1197 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1198 IPADDR_IN_DISPLAY=yes 1199 AC_DEFINE([USE_PIPES]) 1200 AC_DEFINE([IP_TOS_IS_BROKEN]) 1201 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1202 AC_DEFINE([BROKEN_SETREUID]) 1203 AC_DEFINE([BROKEN_SETREGID]) 1204 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1205 external_path_file=/etc/default/login 1206 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1207 # Attention: always take care to bind libsocket and libnsl before libc, 1208 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1209 ;; 1210# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1211*-*-sysv4.2*) 1212 AC_DEFINE([USE_PIPES]) 1213 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1214 AC_DEFINE([BROKEN_SETREUID]) 1215 AC_DEFINE([BROKEN_SETREGID]) 1216 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1217 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1218 TEST_SHELL=$SHELL # let configure find us a capable shell 1219 ;; 1220# UnixWare 7.x, OpenUNIX 8 1221*-*-sysv5*) 1222 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1223 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1224 AC_DEFINE([USE_PIPES]) 1225 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1226 AC_DEFINE([BROKEN_GETADDRINFO]) 1227 AC_DEFINE([BROKEN_SETREUID]) 1228 AC_DEFINE([BROKEN_SETREGID]) 1229 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1230 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1231 TEST_SHELL=$SHELL # let configure find us a capable shell 1232 case "$host" in 1233 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1234 maildir=/var/spool/mail 1235 AC_DEFINE([BROKEN_UPDWTMPX]) 1236 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1237 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1238 ], , ) 1239 ;; 1240 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1241 ;; 1242 esac 1243 ;; 1244*-*-sysv*) 1245 ;; 1246# SCO UNIX and OEM versions of SCO UNIX 1247*-*-sco3.2v4*) 1248 AC_MSG_ERROR("This Platform is no longer supported.") 1249 ;; 1250# SCO OpenServer 5.x 1251*-*-sco3.2v5*) 1252 if test -z "$GCC"; then 1253 CFLAGS="$CFLAGS -belf" 1254 fi 1255 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1256 no_dev_ptmx=1 1257 AC_DEFINE([USE_PIPES]) 1258 AC_DEFINE([HAVE_SECUREWARE]) 1259 AC_DEFINE([DISABLE_SHADOW]) 1260 AC_DEFINE([DISABLE_FD_PASSING]) 1261 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1262 AC_DEFINE([BROKEN_GETADDRINFO]) 1263 AC_DEFINE([BROKEN_SETREUID]) 1264 AC_DEFINE([BROKEN_SETREGID]) 1265 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1266 AC_DEFINE([BROKEN_UPDWTMPX]) 1267 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1268 AC_CHECK_FUNCS([getluid setluid]) 1269 MANTYPE=man 1270 TEST_SHELL=$SHELL # let configure find us a capable shell 1271 SKIP_DISABLE_LASTLOG_DEFINE=yes 1272 ;; 1273*-dec-osf*) 1274 AC_MSG_CHECKING([for Digital Unix SIA]) 1275 no_osfsia="" 1276 AC_ARG_WITH([osfsia], 1277 [ --with-osfsia Enable Digital Unix SIA], 1278 [ 1279 if test "x$withval" = "xno" ; then 1280 AC_MSG_RESULT([disabled]) 1281 no_osfsia=1 1282 fi 1283 ], 1284 ) 1285 if test -z "$no_osfsia" ; then 1286 if test -f /etc/sia/matrix.conf; then 1287 AC_MSG_RESULT([yes]) 1288 AC_DEFINE([HAVE_OSF_SIA], [1], 1289 [Define if you have Digital Unix Security 1290 Integration Architecture]) 1291 AC_DEFINE([DISABLE_LOGIN], [1], 1292 [Define if you don't want to use your 1293 system's login() call]) 1294 AC_DEFINE([DISABLE_FD_PASSING]) 1295 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1296 SIA_MSG="yes" 1297 else 1298 AC_MSG_RESULT([no]) 1299 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1300 [String used in /etc/passwd to denote locked account]) 1301 fi 1302 fi 1303 AC_DEFINE([BROKEN_GETADDRINFO]) 1304 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1305 AC_DEFINE([BROKEN_SETREUID]) 1306 AC_DEFINE([BROKEN_SETREGID]) 1307 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1308 ;; 1309 1310*-*-nto-qnx*) 1311 AC_DEFINE([USE_PIPES]) 1312 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1313 AC_DEFINE([DISABLE_LASTLOG]) 1314 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1315 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1316 enable_etc_default_login=no # has incompatible /etc/default/login 1317 case "$host" in 1318 *-*-nto-qnx6*) 1319 AC_DEFINE([DISABLE_FD_PASSING]) 1320 ;; 1321 esac 1322 ;; 1323 1324*-*-ultrix*) 1325 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1326 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1327 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1328 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1329 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1330 # don't get a controlling tty. 1331 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1332 # On Ultrix some headers are not protected against multiple includes, 1333 # so we create wrappers and put it where the compiler will find it. 1334 AC_MSG_WARN([creating compat wrappers for headers]) 1335 mkdir -p netinet 1336 for header in netinet/ip.h netdb.h resolv.h; do 1337 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1338 cat >$header <<EOD 1339#ifndef _SSH_COMPAT_${name} 1340#define _SSH_COMPAT_${name} 1341#include "/usr/include/${header}" 1342#endif 1343EOD 1344 done 1345 ;; 1346 1347*-*-lynxos) 1348 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1349 AC_DEFINE([BROKEN_SETVBUF], [1], 1350 [LynxOS has broken setvbuf() implementation]) 1351 ;; 1352*-*-gnu*) 1353 dnl GNU Hurd. Needs to be after the linux and the other *-gnu entries. 1354 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 1355 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 1356 dnl _GNU_SOURCE is needed for setres*id prototypes. 1357 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 1358 ;; 1359esac 1360 1361AC_MSG_CHECKING([compiler and flags for sanity]) 1362AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1363 [ AC_MSG_RESULT([yes]) ], 1364 [ 1365 AC_MSG_RESULT([no]) 1366 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1367 ], 1368 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1369) 1370 1371dnl Checks for header files. 1372# Checks for libraries. 1373AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1374 1375dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1376AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1377 AC_CHECK_LIB([gen], [dirname], [ 1378 AC_CACHE_CHECK([for broken dirname], 1379 ac_cv_have_broken_dirname, [ 1380 save_LIBS="$LIBS" 1381 LIBS="$LIBS -lgen" 1382 AC_RUN_IFELSE( 1383 [AC_LANG_SOURCE([[ 1384#include <libgen.h> 1385#include <string.h> 1386#include <stdlib.h> 1387 1388int main(int argc, char **argv) { 1389 char *s, buf[32]; 1390 1391 strncpy(buf,"/etc", 32); 1392 s = dirname(buf); 1393 if (!s || strncmp(s, "/", 32) != 0) { 1394 exit(1); 1395 } else { 1396 exit(0); 1397 } 1398} 1399 ]])], 1400 [ ac_cv_have_broken_dirname="no" ], 1401 [ ac_cv_have_broken_dirname="yes" ], 1402 [ ac_cv_have_broken_dirname="no" ], 1403 ) 1404 LIBS="$save_LIBS" 1405 ]) 1406 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1407 LIBS="$LIBS -lgen" 1408 AC_DEFINE([HAVE_DIRNAME]) 1409 AC_CHECK_HEADERS([libgen.h]) 1410 fi 1411 ]) 1412]) 1413 1414AC_CHECK_FUNC([getspnam], , 1415 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1416AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1417 [Define if you have the basename function.])]) 1418 1419dnl zlib defaults to enabled 1420zlib=yes 1421AC_ARG_WITH([zlib], 1422 [ --with-zlib=PATH Use zlib in PATH], 1423 [ if test "x$withval" = "xno" ; then 1424 zlib=no 1425 elif test "x$withval" != "xyes"; then 1426 if test -d "$withval/lib"; then 1427 if test -n "${rpath_opt}"; then 1428 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1429 else 1430 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1431 fi 1432 else 1433 if test -n "${rpath_opt}"; then 1434 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1435 else 1436 LDFLAGS="-L${withval} ${LDFLAGS}" 1437 fi 1438 fi 1439 if test -d "$withval/include"; then 1440 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1441 else 1442 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1443 fi 1444 fi ] 1445) 1446 1447# These libraries are needed for anything that links in the channel code. 1448CHANNELLIBS="" 1449AC_MSG_CHECKING([for zlib]) 1450if test "x${zlib}" = "xno"; then 1451 AC_MSG_RESULT([no]) 1452else 1453 saved_LIBS="$LIBS" 1454 CHANNELLIBS="$CHANNELLIBS -lz" 1455 AC_MSG_RESULT([yes]) 1456 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1457 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1458 AC_CHECK_LIB([z], [deflate], [], 1459 [ 1460 saved_CPPFLAGS="$CPPFLAGS" 1461 saved_LDFLAGS="$LDFLAGS" 1462 dnl Check default zlib install dir 1463 if test -n "${rpath_opt}"; then 1464 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1465 else 1466 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1467 fi 1468 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1469 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1470 [ 1471 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1472 ] 1473 ) 1474 ] 1475 ) 1476 1477 AC_ARG_WITH([zlib-version-check], 1478 [ --without-zlib-version-check Disable zlib version check], 1479 [ if test "x$withval" = "xno" ; then 1480 zlib_check_nonfatal=1 1481 fi 1482 ] 1483 ) 1484 1485 AC_MSG_CHECKING([for possibly buggy zlib]) 1486 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1487#include <stdio.h> 1488#include <stdlib.h> 1489#include <zlib.h> 1490 ]], 1491 [[ 1492 int a=0, b=0, c=0, d=0, n, v; 1493 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1494 if (n < 1) 1495 exit(1); 1496 v = a*1000000 + b*10000 + c*100 + d; 1497 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1498 1499 /* 1.1.4 is OK */ 1500 if (a == 1 && b == 1 && c >= 4) 1501 exit(0); 1502 1503 /* 1.2.3 and up are OK */ 1504 if (v >= 1020300) 1505 exit(0); 1506 1507 exit(2); 1508 ]])], 1509 AC_MSG_RESULT([no]), 1510 [ AC_MSG_RESULT([yes]) 1511 if test -z "$zlib_check_nonfatal" ; then 1512 AC_MSG_ERROR([*** zlib too old - check config.log *** 1513Your reported zlib version has known security problems. It's possible your 1514vendor has fixed these problems without changing the version number. If you 1515are sure this is the case, you can disable the check by running 1516"./configure --without-zlib-version-check". 1517If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1518See http://www.gzip.org/zlib/ for details.]) 1519 else 1520 AC_MSG_WARN([zlib version may have security problems]) 1521 fi 1522 ], 1523 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1524 ) 1525 LIBS="$saved_LIBS" 1526fi 1527 1528dnl UnixWare 2.x 1529AC_CHECK_FUNC([strcasecmp], 1530 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1531) 1532AC_CHECK_FUNCS([utimes], 1533 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1534 LIBS="$LIBS -lc89"]) ] 1535) 1536 1537dnl Checks for libutil functions 1538AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1539AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1540AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1541AC_SEARCH_LIBS([login], [util bsd]) 1542AC_SEARCH_LIBS([logout], [util bsd]) 1543AC_SEARCH_LIBS([logwtmp], [util bsd]) 1544AC_SEARCH_LIBS([openpty], [util bsd]) 1545AC_SEARCH_LIBS([updwtmp], [util bsd]) 1546AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1547 1548# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1549# or libnsl. 1550AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1551AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1552 1553# Some Linux distribtions ship the BSD libc hashing functions in 1554# separate libraries. 1555AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1556 1557# "Particular Function Checks" 1558# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1559AC_FUNC_STRFTIME 1560AC_FUNC_MALLOC 1561AC_FUNC_REALLOC 1562# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1563AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1564AC_RUN_IFELSE( 1565 [AC_LANG_PROGRAM( 1566 [[ #include <stdlib.h> ]], 1567 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1568 )], 1569 [ func_calloc_0_nonnull=yes ], 1570 [ func_calloc_0_nonnull=no ], 1571 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1572 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1573) 1574AC_MSG_RESULT([$func_calloc_0_nonnull]) 1575 1576if test "x$func_calloc_0_nonnull" = "xyes"; then 1577 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1578else 1579 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1580 AC_DEFINE(calloc, rpl_calloc, 1581 [Define to rpl_calloc if the replacement function should be used.]) 1582fi 1583 1584# Check for ALTDIRFUNC glob() extension 1585AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1586AC_EGREP_CPP([FOUNDIT], 1587 [ 1588 #include <glob.h> 1589 #ifdef GLOB_ALTDIRFUNC 1590 FOUNDIT 1591 #endif 1592 ], 1593 [ 1594 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1595 [Define if your system glob() function has 1596 the GLOB_ALTDIRFUNC extension]) 1597 AC_MSG_RESULT([yes]) 1598 ], 1599 [ 1600 AC_MSG_RESULT([no]) 1601 ] 1602) 1603 1604# Check for g.gl_matchc glob() extension 1605AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1606AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1607 [[ glob_t g; g.gl_matchc = 1; ]])], 1608 [ 1609 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1610 [Define if your system glob() function has 1611 gl_matchc options in glob_t]) 1612 AC_MSG_RESULT([yes]) 1613 ], [ 1614 AC_MSG_RESULT([no]) 1615]) 1616 1617# Check for g.gl_statv glob() extension 1618AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1619AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1620#ifndef GLOB_KEEPSTAT 1621#error "glob does not support GLOB_KEEPSTAT extension" 1622#endif 1623glob_t g; 1624g.gl_statv = NULL; 1625]])], 1626 [ 1627 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1628 [Define if your system glob() function has 1629 gl_statv options in glob_t]) 1630 AC_MSG_RESULT([yes]) 1631 ], [ 1632 AC_MSG_RESULT([no]) 1633 1634]) 1635 1636AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1637 1638AC_CHECK_DECL([VIS_ALL], , 1639 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1640 1641AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1642AC_RUN_IFELSE( 1643 [AC_LANG_PROGRAM([[ 1644#include <sys/types.h> 1645#include <dirent.h> 1646#include <stdlib.h> 1647 ]], 1648 [[ 1649 struct dirent d; 1650 exit(sizeof(d.d_name)<=sizeof(char)); 1651 ]])], 1652 [AC_MSG_RESULT([yes])], 1653 [ 1654 AC_MSG_RESULT([no]) 1655 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1656 [Define if your struct dirent expects you to 1657 allocate extra space for d_name]) 1658 ], 1659 [ 1660 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1661 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1662 ] 1663) 1664 1665AC_MSG_CHECKING([for /proc/pid/fd directory]) 1666if test -d "/proc/$$/fd" ; then 1667 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1668 AC_MSG_RESULT([yes]) 1669else 1670 AC_MSG_RESULT([no]) 1671fi 1672 1673# Check whether user wants TCP wrappers support 1674TCPW_MSG="no" 1675AC_ARG_WITH([tcp-wrappers], 1676 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1677 [ 1678 if test "x$withval" != "xno" ; then 1679 saved_LIBS="$LIBS" 1680 saved_LDFLAGS="$LDFLAGS" 1681 saved_CPPFLAGS="$CPPFLAGS" 1682 if test -n "${withval}" && \ 1683 test "x${withval}" != "xyes"; then 1684 if test -d "${withval}/lib"; then 1685 if test -n "${need_dash_r}"; then 1686 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1687 else 1688 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1689 fi 1690 else 1691 if test -n "${need_dash_r}"; then 1692 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1693 else 1694 LDFLAGS="-L${withval} ${LDFLAGS}" 1695 fi 1696 fi 1697 if test -d "${withval}/include"; then 1698 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1699 else 1700 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1701 fi 1702 fi 1703 LIBS="-lwrap $LIBS" 1704 AC_MSG_CHECKING([for libwrap]) 1705 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1706#include <sys/types.h> 1707#include <sys/socket.h> 1708#include <netinet/in.h> 1709#include <tcpd.h> 1710int deny_severity = 0, allow_severity = 0; 1711 ]], [[ 1712 hosts_access(0); 1713 ]])], [ 1714 AC_MSG_RESULT([yes]) 1715 AC_DEFINE([LIBWRAP], [1], 1716 [Define if you want 1717 TCP Wrappers support]) 1718 SSHDLIBS="$SSHDLIBS -lwrap" 1719 TCPW_MSG="yes" 1720 ], [ 1721 AC_MSG_ERROR([*** libwrap missing]) 1722 ]) 1723 LIBS="$saved_LIBS" 1724 fi 1725 ] 1726) 1727 1728# Check whether user wants to use ldns 1729LDNS_MSG="no" 1730AC_ARG_WITH(ldns, 1731 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1732 [ 1733 ldns="" 1734 if test "x$withval" = "xyes" ; then 1735 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1736 if test "x$LDNSCONFIG" = "xno"; then 1737 LIBS="-lldns $LIBS" 1738 ldns=yes 1739 else 1740 LIBS="$LIBS `$LDNSCONFIG --libs`" 1741 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1742 ldns=yes 1743 fi 1744 elif test "x$withval" != "xno" ; then 1745 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1746 LDFLAGS="$LDFLAGS -L${withval}/lib" 1747 LIBS="-lldns $LIBS" 1748 ldns=yes 1749 fi 1750 1751 # Verify that it works. 1752 if test "x$ldns" = "xyes" ; then 1753 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1754 LDNS_MSG="yes" 1755 AC_MSG_CHECKING([for ldns support]) 1756 AC_LINK_IFELSE( 1757 [AC_LANG_SOURCE([[ 1758#include <stdio.h> 1759#include <stdlib.h> 1760#ifdef HAVE_STDINT_H 1761# include <stdint.h> 1762#endif 1763#include <ldns/ldns.h> 1764int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1765 ]]) 1766 ], 1767 [AC_MSG_RESULT(yes)], 1768 [ 1769 AC_MSG_RESULT(no) 1770 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1771 ]) 1772 fi 1773]) 1774 1775# Check whether user wants libedit support 1776LIBEDIT_MSG="no" 1777AC_ARG_WITH([libedit], 1778 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1779 [ if test "x$withval" != "xno" ; then 1780 if test "x$withval" = "xyes" ; then 1781 if test "x$PKGCONFIG" != "xno"; then 1782 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1783 if "$PKGCONFIG" libedit; then 1784 AC_MSG_RESULT([yes]) 1785 use_pkgconfig_for_libedit=yes 1786 else 1787 AC_MSG_RESULT([no]) 1788 fi 1789 fi 1790 else 1791 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1792 if test -n "${rpath_opt}"; then 1793 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1794 else 1795 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1796 fi 1797 fi 1798 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1799 LIBEDIT=`$PKGCONFIG --libs libedit` 1800 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1801 else 1802 LIBEDIT="-ledit -lcurses" 1803 fi 1804 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1805 AC_CHECK_LIB([edit], [el_init], 1806 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1807 LIBEDIT_MSG="yes" 1808 AC_SUBST([LIBEDIT]) 1809 ], 1810 [ AC_MSG_ERROR([libedit not found]) ], 1811 [ $OTHERLIBS ] 1812 ) 1813 AC_MSG_CHECKING([if libedit version is compatible]) 1814 AC_COMPILE_IFELSE( 1815 [AC_LANG_PROGRAM([[ 1816#include <histedit.h> 1817#include <stdlib.h> 1818 ]], 1819 [[ 1820 int i = H_SETSIZE; 1821 el_init("", NULL, NULL, NULL); 1822 exit(0); 1823 ]])], 1824 [ AC_MSG_RESULT([yes]) ], 1825 [ AC_MSG_RESULT([no]) 1826 AC_MSG_ERROR([libedit version is not compatible]) ] 1827 ) 1828 fi ] 1829) 1830 1831AUDIT_MODULE=none 1832AC_ARG_WITH([audit], 1833 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1834 [ 1835 AC_MSG_CHECKING([for supported audit module]) 1836 case "$withval" in 1837 bsm) 1838 AC_MSG_RESULT([bsm]) 1839 AUDIT_MODULE=bsm 1840 dnl Checks for headers, libs and functions 1841 AC_CHECK_HEADERS([bsm/audit.h], [], 1842 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1843 [ 1844#ifdef HAVE_TIME_H 1845# include <time.h> 1846#endif 1847 ] 1848) 1849 AC_CHECK_LIB([bsm], [getaudit], [], 1850 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1851 AC_CHECK_FUNCS([getaudit], [], 1852 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1853 # These are optional 1854 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1855 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1856 if test "$sol2ver" -ge 11; then 1857 SSHDLIBS="$SSHDLIBS -lscf" 1858 AC_DEFINE([BROKEN_BSM_API], [1], 1859 [The system has incomplete BSM API]) 1860 fi 1861 ;; 1862 linux) 1863 AC_MSG_RESULT([linux]) 1864 AUDIT_MODULE=linux 1865 dnl Checks for headers, libs and functions 1866 AC_CHECK_HEADERS([libaudit.h]) 1867 SSHDLIBS="$SSHDLIBS -laudit" 1868 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1869 ;; 1870 debug) 1871 AUDIT_MODULE=debug 1872 AC_MSG_RESULT([debug]) 1873 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1874 ;; 1875 no) 1876 AC_MSG_RESULT([no]) 1877 ;; 1878 *) 1879 AC_MSG_ERROR([Unknown audit module $withval]) 1880 ;; 1881 esac ] 1882) 1883 1884AC_ARG_WITH([pie], 1885 [ --with-pie Build Position Independent Executables if possible], [ 1886 if test "x$withval" = "xno"; then 1887 use_pie=no 1888 fi 1889 if test "x$withval" = "xyes"; then 1890 use_pie=yes 1891 fi 1892 ] 1893) 1894if test "x$use_pie" = "x"; then 1895 use_pie=no 1896fi 1897if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1898 # Turn off automatic PIE when toolchain hardening is off. 1899 use_pie=no 1900fi 1901if test "x$use_pie" = "xauto"; then 1902 # Automatic PIE requires gcc >= 4.x 1903 AC_MSG_CHECKING([for gcc >= 4.x]) 1904 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1905#if !defined(__GNUC__) || __GNUC__ < 4 1906#error gcc is too old 1907#endif 1908]])], 1909 [ AC_MSG_RESULT([yes]) ], 1910 [ AC_MSG_RESULT([no]) 1911 use_pie=no ] 1912) 1913fi 1914if test "x$use_pie" != "xno"; then 1915 SAVED_CFLAGS="$CFLAGS" 1916 SAVED_LDFLAGS="$LDFLAGS" 1917 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1918 OSSH_CHECK_LDFLAG_LINK([-pie]) 1919 # We use both -fPIE and -pie or neither. 1920 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1921 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1922 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1923 AC_MSG_RESULT([yes]) 1924 else 1925 AC_MSG_RESULT([no]) 1926 CFLAGS="$SAVED_CFLAGS" 1927 LDFLAGS="$SAVED_LDFLAGS" 1928 fi 1929fi 1930 1931AC_MSG_CHECKING([whether -fPIC is accepted]) 1932SAVED_CFLAGS="$CFLAGS" 1933CFLAGS="$CFLAGS -fPIC" 1934AC_COMPILE_IFELSE( 1935 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1936 [AC_MSG_RESULT([yes]) 1937 PICFLAG="-fPIC"; ], 1938 [AC_MSG_RESULT([no]) 1939 PICFLAG=""; ]) 1940CFLAGS="$SAVED_CFLAGS" 1941AC_SUBST([PICFLAG]) 1942 1943dnl Checks for library functions. Please keep in alphabetical order 1944AC_CHECK_FUNCS([ \ 1945 auth_hostok \ 1946 auth_timeok \ 1947 Blowfish_initstate \ 1948 Blowfish_expandstate \ 1949 Blowfish_expand0state \ 1950 Blowfish_stream2word \ 1951 SHA256Update \ 1952 SHA384Update \ 1953 SHA512Update \ 1954 asprintf \ 1955 b64_ntop \ 1956 __b64_ntop \ 1957 b64_pton \ 1958 __b64_pton \ 1959 bcopy \ 1960 bcrypt_pbkdf \ 1961 bindresvport_sa \ 1962 blf_enc \ 1963 bzero \ 1964 cap_rights_limit \ 1965 clock \ 1966 closefrom \ 1967 close_range \ 1968 dirfd \ 1969 endgrent \ 1970 err \ 1971 errx \ 1972 explicit_bzero \ 1973 explicit_memset \ 1974 fchmod \ 1975 fchmodat \ 1976 fchown \ 1977 fchownat \ 1978 flock \ 1979 fnmatch \ 1980 freeaddrinfo \ 1981 freezero \ 1982 fstatfs \ 1983 fstatvfs \ 1984 futimes \ 1985 getaddrinfo \ 1986 getcwd \ 1987 getentropy \ 1988 getgrouplist \ 1989 getline \ 1990 getnameinfo \ 1991 getopt \ 1992 getpagesize \ 1993 getpeereid \ 1994 getpeerucred \ 1995 getpgid \ 1996 _getpty \ 1997 getrlimit \ 1998 getrandom \ 1999 getsid \ 2000 getttyent \ 2001 glob \ 2002 group_from_gid \ 2003 inet_aton \ 2004 inet_ntoa \ 2005 inet_ntop \ 2006 innetgr \ 2007 killpg \ 2008 llabs \ 2009 localtime_r \ 2010 login_getcapbool \ 2011 login_getpwclass \ 2012 memmem \ 2013 memmove \ 2014 memset_s \ 2015 mkdtemp \ 2016 ngetaddrinfo \ 2017 nsleep \ 2018 ogetaddrinfo \ 2019 openlog_r \ 2020 pledge \ 2021 poll \ 2022 ppoll \ 2023 prctl \ 2024 procctl \ 2025 pselect \ 2026 pstat \ 2027 raise \ 2028 readpassphrase \ 2029 reallocarray \ 2030 realpath \ 2031 recvmsg \ 2032 recallocarray \ 2033 rresvport_af \ 2034 sendmsg \ 2035 setdtablesize \ 2036 setegid \ 2037 setenv \ 2038 seteuid \ 2039 setgroupent \ 2040 setgroups \ 2041 setlinebuf \ 2042 setlogin \ 2043 setpassent\ 2044 setpcred \ 2045 setproctitle \ 2046 setregid \ 2047 setreuid \ 2048 setrlimit \ 2049 setsid \ 2050 setvbuf \ 2051 sigaction \ 2052 sigvec \ 2053 snprintf \ 2054 socketpair \ 2055 statfs \ 2056 statvfs \ 2057 strcasestr \ 2058 strdup \ 2059 strerror \ 2060 strlcat \ 2061 strlcpy \ 2062 strmode \ 2063 strndup \ 2064 strnlen \ 2065 strnvis \ 2066 strptime \ 2067 strsignal \ 2068 strtonum \ 2069 strtoll \ 2070 strtoul \ 2071 strtoull \ 2072 sysconf \ 2073 tcgetpgrp \ 2074 timegm \ 2075 timingsafe_bcmp \ 2076 truncate \ 2077 unsetenv \ 2078 updwtmpx \ 2079 utimensat \ 2080 user_from_uid \ 2081 usleep \ 2082 vasprintf \ 2083 vsnprintf \ 2084 waitpid \ 2085 warn \ 2086]) 2087 2088AC_CHECK_DECLS([bzero, memmem]) 2089 2090dnl Wide character support. 2091AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2092 2093TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2094AC_MSG_CHECKING([for utf8 locale support]) 2095AC_RUN_IFELSE( 2096 [AC_LANG_PROGRAM([[ 2097#include <locale.h> 2098#include <stdlib.h> 2099 ]], [[ 2100 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2101 if (loc != NULL) 2102 exit(0); 2103 exit(1); 2104 ]])], 2105 AC_MSG_RESULT(yes), 2106 [AC_MSG_RESULT(no) 2107 TEST_SSH_UTF8=no], 2108 AC_MSG_WARN([cross compiling: assuming yes]) 2109) 2110 2111AC_LINK_IFELSE( 2112 [AC_LANG_PROGRAM( 2113 [[ #include <ctype.h> ]], 2114 [[ return (isblank('a')); ]])], 2115 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2116]) 2117 2118disable_pkcs11= 2119AC_ARG_ENABLE([pkcs11], 2120 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2121 [ 2122 if test "x$enableval" = "xno" ; then 2123 disable_pkcs11=1 2124 fi 2125 ] 2126) 2127 2128disable_sk= 2129AC_ARG_ENABLE([security-key], 2130 [ --disable-security-key disable U2F/FIDO support code [no]], 2131 [ 2132 if test "x$enableval" = "xno" ; then 2133 disable_sk=1 2134 fi 2135 ] 2136) 2137enable_sk_internal= 2138AC_ARG_WITH([security-key-builtin], 2139 [ --with-security-key-builtin include builtin U2F/FIDO support], 2140 [ enable_sk_internal=$withval ] 2141) 2142 2143AC_SEARCH_LIBS([dlopen], [dl]) 2144AC_CHECK_FUNCS([dlopen]) 2145AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2146 2147# IRIX has a const char return value for gai_strerror() 2148AC_CHECK_FUNCS([gai_strerror], [ 2149 AC_DEFINE([HAVE_GAI_STRERROR]) 2150 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2151#include <sys/types.h> 2152#include <sys/socket.h> 2153#include <netdb.h> 2154 2155const char *gai_strerror(int); 2156 ]], [[ 2157 char *str; 2158 str = gai_strerror(0); 2159 ]])], [ 2160 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2161 [Define if gai_strerror() returns const char *])], [])]) 2162 2163AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2164 [Some systems put nanosleep outside of libc])]) 2165 2166AC_SEARCH_LIBS([clock_gettime], [rt], 2167 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2168 2169dnl check if we need -D_REENTRANT for localtime_r declaration. 2170AC_CHECK_DECL([localtime_r], [], 2171 [ saved_CPPFLAGS="$CPPFLAGS" 2172 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2173 unset ac_cv_have_decl_localtime_r 2174 AC_CHECK_DECL([localtime_r], [], 2175 [ CPPFLAGS="$saved_CPPFLAGS" ], 2176 [ #include <time.h> ] 2177 ) 2178 ], 2179 [ #include <time.h> ] 2180) 2181 2182dnl Make sure prototypes are defined for these before using them. 2183AC_CHECK_DECL([strsep], 2184 [AC_CHECK_FUNCS([strsep])], 2185 [], 2186 [ 2187#ifdef HAVE_STRING_H 2188# include <string.h> 2189#endif 2190 ]) 2191 2192dnl tcsendbreak might be a macro 2193AC_CHECK_DECL([tcsendbreak], 2194 [AC_DEFINE([HAVE_TCSENDBREAK])], 2195 [AC_CHECK_FUNCS([tcsendbreak])], 2196 [#include <termios.h>] 2197) 2198 2199AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2200 2201AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2202 [ 2203#include <sys/types.h> 2204#include <sys/socket.h> 2205#include <unistd.h> 2206 ]) 2207 2208AC_CHECK_DECLS([O_NONBLOCK], , , 2209 [ 2210#include <sys/types.h> 2211#ifdef HAVE_SYS_STAT_H 2212# include <sys/stat.h> 2213#endif 2214#ifdef HAVE_FCNTL_H 2215# include <fcntl.h> 2216#endif 2217 ]) 2218 2219AC_CHECK_DECLS([ftruncate, getentropy], , , 2220 [ 2221#include <sys/types.h> 2222#include <unistd.h> 2223 ]) 2224 2225AC_CHECK_DECLS([readv, writev], , , [ 2226#include <sys/types.h> 2227#include <sys/uio.h> 2228#include <unistd.h> 2229 ]) 2230 2231AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2232#include <sys/param.h> 2233 ]) 2234 2235AC_CHECK_DECLS([offsetof], , , [ 2236#include <stddef.h> 2237 ]) 2238 2239# extra bits for select(2) 2240AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2241#include <sys/param.h> 2242#include <sys/types.h> 2243#ifdef HAVE_SYS_SYSMACROS_H 2244#include <sys/sysmacros.h> 2245#endif 2246#ifdef HAVE_SYS_SELECT_H 2247#include <sys/select.h> 2248#endif 2249#ifdef HAVE_SYS_TIME_H 2250#include <sys/time.h> 2251#endif 2252#ifdef HAVE_UNISTD_H 2253#include <unistd.h> 2254#endif 2255 ]]) 2256AC_CHECK_TYPES([fd_mask], [], [], [[ 2257#include <sys/param.h> 2258#include <sys/types.h> 2259#ifdef HAVE_SYS_SELECT_H 2260#include <sys/select.h> 2261#endif 2262#ifdef HAVE_SYS_TIME_H 2263#include <sys/time.h> 2264#endif 2265#ifdef HAVE_UNISTD_H 2266#include <unistd.h> 2267#endif 2268 ]]) 2269 2270AC_CHECK_FUNCS([setresuid], [ 2271 dnl Some platorms have setresuid that isn't implemented, test for this 2272 AC_MSG_CHECKING([if setresuid seems to work]) 2273 AC_RUN_IFELSE( 2274 [AC_LANG_PROGRAM([[ 2275#include <errno.h> 2276#include <stdlib.h> 2277#include <unistd.h> 2278 ]], [[ 2279 errno=0; 2280 setresuid(0,0,0); 2281 if (errno==ENOSYS) 2282 exit(1); 2283 else 2284 exit(0); 2285 ]])], 2286 [AC_MSG_RESULT([yes])], 2287 [AC_DEFINE([BROKEN_SETRESUID], [1], 2288 [Define if your setresuid() is broken]) 2289 AC_MSG_RESULT([not implemented])], 2290 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2291 ) 2292]) 2293 2294AC_CHECK_FUNCS([setresgid], [ 2295 dnl Some platorms have setresgid that isn't implemented, test for this 2296 AC_MSG_CHECKING([if setresgid seems to work]) 2297 AC_RUN_IFELSE( 2298 [AC_LANG_PROGRAM([[ 2299#include <errno.h> 2300#include <stdlib.h> 2301#include <unistd.h> 2302 ]], [[ 2303 errno=0; 2304 setresgid(0,0,0); 2305 if (errno==ENOSYS) 2306 exit(1); 2307 else 2308 exit(0); 2309 ]])], 2310 [AC_MSG_RESULT([yes])], 2311 [AC_DEFINE([BROKEN_SETRESGID], [1], 2312 [Define if your setresgid() is broken]) 2313 AC_MSG_RESULT([not implemented])], 2314 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2315 ) 2316]) 2317 2318AC_MSG_CHECKING([for working fflush(NULL)]) 2319AC_RUN_IFELSE( 2320 [AC_LANG_PROGRAM([[ 2321#include <stdio.h> 2322#include <stdlib.h> 2323 ]], 2324 [[fflush(NULL); exit(0);]])], 2325 AC_MSG_RESULT([yes]), 2326 [AC_MSG_RESULT([no]) 2327 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2328 [define if fflush(NULL) does not work])], 2329 AC_MSG_WARN([cross compiling: assuming working]) 2330) 2331 2332dnl Checks for time functions 2333AC_CHECK_FUNCS([gettimeofday time]) 2334dnl Checks for utmp functions 2335AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2336AC_CHECK_FUNCS([utmpname]) 2337dnl Checks for utmpx functions 2338AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2339AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2340dnl Checks for lastlog functions 2341AC_CHECK_FUNCS([getlastlogxbyname]) 2342 2343AC_CHECK_FUNC([daemon], 2344 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2345 [AC_CHECK_LIB([bsd], [daemon], 2346 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2347) 2348 2349AC_CHECK_FUNC([getpagesize], 2350 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2351 [Define if your libraries define getpagesize()])], 2352 [AC_CHECK_LIB([ucb], [getpagesize], 2353 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2354) 2355 2356# Check for broken snprintf 2357if test "x$ac_cv_func_snprintf" = "xyes" ; then 2358 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2359 AC_RUN_IFELSE( 2360 [AC_LANG_PROGRAM([[ 2361#include <stdio.h> 2362#include <stdlib.h> 2363 ]], 2364 [[ 2365 char b[5]; 2366 snprintf(b,5,"123456789"); 2367 exit(b[4]!='\0'); 2368 ]])], 2369 [AC_MSG_RESULT([yes])], 2370 [ 2371 AC_MSG_RESULT([no]) 2372 AC_DEFINE([BROKEN_SNPRINTF], [1], 2373 [Define if your snprintf is busted]) 2374 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2375 ], 2376 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2377 ) 2378fi 2379 2380if test "x$ac_cv_func_snprintf" = "xyes" ; then 2381 AC_MSG_CHECKING([whether snprintf understands %zu]) 2382 AC_RUN_IFELSE( 2383 [AC_LANG_PROGRAM([[ 2384#include <sys/types.h> 2385#include <stdio.h> 2386#include <stdlib.h> 2387#include <string.h> 2388 ]], 2389 [[ 2390 size_t a = 1, b = 2; 2391 char z[128]; 2392 snprintf(z, sizeof z, "%zu%zu", a, b); 2393 exit(strcmp(z, "12")); 2394 ]])], 2395 [AC_MSG_RESULT([yes])], 2396 [ 2397 AC_MSG_RESULT([no]) 2398 AC_DEFINE([BROKEN_SNPRINTF], [1], 2399 [snprintf does not understand %zu]) 2400 ], 2401 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2402 ) 2403fi 2404 2405# We depend on vsnprintf returning the right thing on overflow: the 2406# number of characters it tried to create (as per SUSv3) 2407if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2408 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2409 AC_RUN_IFELSE( 2410 [AC_LANG_PROGRAM([[ 2411#include <sys/types.h> 2412#include <stdio.h> 2413#include <stdarg.h> 2414 2415int x_snprintf(char *str, size_t count, const char *fmt, ...) 2416{ 2417 size_t ret; 2418 va_list ap; 2419 2420 va_start(ap, fmt); 2421 ret = vsnprintf(str, count, fmt, ap); 2422 va_end(ap); 2423 return ret; 2424} 2425 ]], [[ 2426char x[1]; 2427if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2428 return 1; 2429if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2430 return 1; 2431return 0; 2432 ]])], 2433 [AC_MSG_RESULT([yes])], 2434 [ 2435 AC_MSG_RESULT([no]) 2436 AC_DEFINE([BROKEN_SNPRINTF], [1], 2437 [Define if your snprintf is busted]) 2438 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2439 ], 2440 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2441 ) 2442fi 2443 2444# On systems where [v]snprintf is broken, but is declared in stdio, 2445# check that the fmt argument is const char * or just char *. 2446# This is only useful for when BROKEN_SNPRINTF 2447AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2448AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2449#include <stdio.h> 2450int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2451 ]], [[ 2452 snprintf(0, 0, 0); 2453 ]])], 2454 [AC_MSG_RESULT([yes]) 2455 AC_DEFINE([SNPRINTF_CONST], [const], 2456 [Define as const if snprintf() can declare const char *fmt])], 2457 [AC_MSG_RESULT([no]) 2458 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2459 2460# Check for missing getpeereid (or equiv) support 2461NO_PEERCHECK="" 2462if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2463 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2464 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2465#include <sys/types.h> 2466#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2467 [ AC_MSG_RESULT([yes]) 2468 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2469 ], [AC_MSG_RESULT([no]) 2470 NO_PEERCHECK=1 2471 ]) 2472fi 2473 2474dnl make sure that openpty does not reacquire controlling terminal 2475if test ! -z "$check_for_openpty_ctty_bug"; then 2476 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2477 AC_RUN_IFELSE( 2478 [AC_LANG_PROGRAM([[ 2479#include <stdio.h> 2480#include <stdlib.h> 2481#include <unistd.h> 2482#ifdef HAVE_PTY_H 2483# include <pty.h> 2484#endif 2485#include <sys/fcntl.h> 2486#include <sys/types.h> 2487#include <sys/wait.h> 2488 ]], [[ 2489 pid_t pid; 2490 int fd, ptyfd, ttyfd, status; 2491 2492 pid = fork(); 2493 if (pid < 0) { /* failed */ 2494 exit(1); 2495 } else if (pid > 0) { /* parent */ 2496 waitpid(pid, &status, 0); 2497 if (WIFEXITED(status)) 2498 exit(WEXITSTATUS(status)); 2499 else 2500 exit(2); 2501 } else { /* child */ 2502 close(0); close(1); close(2); 2503 setsid(); 2504 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2505 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2506 if (fd >= 0) 2507 exit(3); /* Acquired ctty: broken */ 2508 else 2509 exit(0); /* Did not acquire ctty: OK */ 2510 } 2511 ]])], 2512 [ 2513 AC_MSG_RESULT([yes]) 2514 ], 2515 [ 2516 AC_MSG_RESULT([no]) 2517 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2518 ], 2519 [ 2520 AC_MSG_RESULT([cross-compiling, assuming yes]) 2521 ] 2522 ) 2523fi 2524 2525if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2526 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2527 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2528 AC_RUN_IFELSE( 2529 [AC_LANG_PROGRAM([[ 2530#include <stdio.h> 2531#include <stdlib.h> 2532#include <sys/socket.h> 2533#include <netdb.h> 2534#include <errno.h> 2535#include <netinet/in.h> 2536 2537#define TEST_PORT "2222" 2538 ]], [[ 2539 int err, sock; 2540 struct addrinfo *gai_ai, *ai, hints; 2541 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2542 2543 memset(&hints, 0, sizeof(hints)); 2544 hints.ai_family = PF_UNSPEC; 2545 hints.ai_socktype = SOCK_STREAM; 2546 hints.ai_flags = AI_PASSIVE; 2547 2548 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2549 if (err != 0) { 2550 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2551 exit(1); 2552 } 2553 2554 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2555 if (ai->ai_family != AF_INET6) 2556 continue; 2557 2558 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2559 sizeof(ntop), strport, sizeof(strport), 2560 NI_NUMERICHOST|NI_NUMERICSERV); 2561 2562 if (err != 0) { 2563 if (err == EAI_SYSTEM) 2564 perror("getnameinfo EAI_SYSTEM"); 2565 else 2566 fprintf(stderr, "getnameinfo failed: %s\n", 2567 gai_strerror(err)); 2568 exit(2); 2569 } 2570 2571 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2572 if (sock < 0) 2573 perror("socket"); 2574 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2575 if (errno == EBADF) 2576 exit(3); 2577 } 2578 } 2579 exit(0); 2580 ]])], 2581 [ 2582 AC_MSG_RESULT([yes]) 2583 ], 2584 [ 2585 AC_MSG_RESULT([no]) 2586 AC_DEFINE([BROKEN_GETADDRINFO]) 2587 ], 2588 [ 2589 AC_MSG_RESULT([cross-compiling, assuming yes]) 2590 ] 2591 ) 2592fi 2593 2594if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2595 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2596 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2597 AC_RUN_IFELSE( 2598 [AC_LANG_PROGRAM([[ 2599#include <stdio.h> 2600#include <stdlib.h> 2601#include <sys/socket.h> 2602#include <netdb.h> 2603#include <errno.h> 2604#include <netinet/in.h> 2605 2606#define TEST_PORT "2222" 2607 ]], [[ 2608 int err, sock; 2609 struct addrinfo *gai_ai, *ai, hints; 2610 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2611 2612 memset(&hints, 0, sizeof(hints)); 2613 hints.ai_family = PF_UNSPEC; 2614 hints.ai_socktype = SOCK_STREAM; 2615 hints.ai_flags = AI_PASSIVE; 2616 2617 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2618 if (err != 0) { 2619 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2620 exit(1); 2621 } 2622 2623 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2624 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2625 continue; 2626 2627 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2628 sizeof(ntop), strport, sizeof(strport), 2629 NI_NUMERICHOST|NI_NUMERICSERV); 2630 2631 if (ai->ai_family == AF_INET && err != 0) { 2632 perror("getnameinfo"); 2633 exit(2); 2634 } 2635 } 2636 exit(0); 2637 ]])], 2638 [ 2639 AC_MSG_RESULT([yes]) 2640 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2641 [Define if you have a getaddrinfo that fails 2642 for the all-zeros IPv6 address]) 2643 ], 2644 [ 2645 AC_MSG_RESULT([no]) 2646 AC_DEFINE([BROKEN_GETADDRINFO]) 2647 ], 2648 [ 2649 AC_MSG_RESULT([cross-compiling, assuming no]) 2650 ] 2651 ) 2652fi 2653 2654if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2655 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2656 [#include <sys/types.h> 2657 #include <sys/socket.h> 2658 #include <netdb.h>]) 2659fi 2660 2661if test "x$check_for_conflicting_getspnam" = "x1"; then 2662 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2663 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2664#include <shadow.h> 2665#include <stdlib.h> 2666 ]], 2667 [[ exit(0); ]])], 2668 [ 2669 AC_MSG_RESULT([no]) 2670 ], 2671 [ 2672 AC_MSG_RESULT([yes]) 2673 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2674 [Conflicting defs for getspnam]) 2675 ] 2676 ) 2677fi 2678 2679dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2680dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2681dnl for over ten years). Despite this incompatibility being reported during 2682dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2683dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2684dnl implementation. Try to detect this mess, and assume the only safe option 2685dnl if we're cross compiling. 2686dnl 2687dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2688dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2689if test "x$ac_cv_func_strnvis" = "xyes"; then 2690 AC_MSG_CHECKING([for working strnvis]) 2691 AC_RUN_IFELSE( 2692 [AC_LANG_PROGRAM([[ 2693#include <signal.h> 2694#include <stdlib.h> 2695#include <string.h> 2696#include <unistd.h> 2697#include <vis.h> 2698static void sighandler(int sig) { _exit(1); } 2699 ]], [[ 2700 char dst[16]; 2701 2702 signal(SIGSEGV, sighandler); 2703 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2704 exit(0); 2705 exit(1) 2706 ]])], 2707 [AC_MSG_RESULT([yes])], 2708 [AC_MSG_RESULT([no]) 2709 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2710 [AC_MSG_WARN([cross compiling: assuming broken]) 2711 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2712 ) 2713fi 2714 2715AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2716AC_RUN_IFELSE( 2717 [AC_LANG_PROGRAM([[ 2718#ifdef HAVE_SYS_SELECT 2719# include <sys/select.h> 2720#endif 2721#include <sys/types.h> 2722#include <sys/time.h> 2723#include <stdlib.h> 2724#include <signal.h> 2725#include <unistd.h> 2726static void sighandler(int sig) { } 2727 ]], [[ 2728 int r; 2729 pid_t pid; 2730 struct sigaction sa; 2731 2732 sa.sa_handler = sighandler; 2733 sa.sa_flags = SA_RESTART; 2734 (void)sigaction(SIGTERM, &sa, NULL); 2735 if ((pid = fork()) == 0) { /* child */ 2736 pid = getppid(); 2737 sleep(1); 2738 kill(pid, SIGTERM); 2739 sleep(1); 2740 if (getppid() == pid) /* if parent did not exit, shoot it */ 2741 kill(pid, SIGKILL); 2742 exit(0); 2743 } else { /* parent */ 2744 r = select(0, NULL, NULL, NULL, NULL); 2745 } 2746 exit(r == -1 ? 0 : 1); 2747 ]])], 2748 [AC_MSG_RESULT([yes])], 2749 [AC_MSG_RESULT([no]) 2750 AC_DEFINE([NO_SA_RESTART], [1], 2751 [SA_RESTARTed signals do no interrupt select])], 2752 [AC_MSG_WARN([cross compiling: assuming yes])] 2753) 2754 2755AC_CHECK_FUNCS([getpgrp],[ 2756 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2757 AC_COMPILE_IFELSE( 2758 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2759 [ AC_MSG_RESULT([yes]) 2760 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2761 [ AC_MSG_RESULT([no]) 2762 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2763 ) 2764]) 2765 2766# Search for OpenSSL 2767saved_CPPFLAGS="$CPPFLAGS" 2768saved_LDFLAGS="$LDFLAGS" 2769openssl_bin_PATH="$PATH" 2770AC_ARG_WITH([ssl-dir], 2771 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2772 [ 2773 if test "x$openssl" = "xno" ; then 2774 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2775 fi 2776 if test "x$withval" != "xno" ; then 2777 case "$withval" in 2778 # Relative paths 2779 ./*|../*) withval="`pwd`/$withval" 2780 esac 2781 if test -d "$withval/lib"; then 2782 libcrypto_path="${withval}/lib" 2783 elif test -d "$withval/lib64"; then 2784 libcrypto_path="$withval/lib64" 2785 else 2786 # Built but not installed 2787 libcrypto_path="${withval}" 2788 fi 2789 if test -n "${rpath_opt}"; then 2790 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2791 else 2792 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2793 fi 2794 if test -d "$withval/include"; then 2795 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2796 else 2797 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2798 fi 2799 dnl Ensure specified openssl binary works, eg it can 2800 dnl find its runtime libraries, before trying to use. 2801 if test -x "${withval}/bin/openssl" && \ 2802 "${withval}/bin/openssl" version >/dev/null 2>&1; then 2803 openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" 2804 elif test -x "${withval}/apps/openssl" && \ 2805 "${withval}/apps/openssl" version >/dev/null 2>&1; then 2806 openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" 2807 fi 2808 fi 2809 ] 2810) 2811AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2812AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2813 2814AC_ARG_WITH([openssl-header-check], 2815 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2816 [ 2817 if test "x$withval" = "xno" ; then 2818 openssl_check_nonfatal=1 2819 fi 2820 ] 2821) 2822 2823openssl_engine=no 2824AC_ARG_WITH([ssl-engine], 2825 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2826 [ 2827 if test "x$withval" != "xno" ; then 2828 if test "x$openssl" = "xno" ; then 2829 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2830 fi 2831 openssl_engine=yes 2832 fi 2833 ] 2834) 2835 2836nocrypto_saved_LIBS="$LIBS" 2837if test "x$openssl" = "xyes" ; then 2838 LIBS="-lcrypto $LIBS" 2839 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2840 AC_TRY_LINK_FUNC([RAND_add], , 2841 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2842 AC_CHECK_HEADER([openssl/opensslv.h], , 2843 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2844 2845 # Determine OpenSSL header version 2846 AC_MSG_CHECKING([OpenSSL header version]) 2847 AC_RUN_IFELSE( 2848 [AC_LANG_PROGRAM([[ 2849 #include <stdlib.h> 2850 #include <stdio.h> 2851 #include <string.h> 2852 #include <openssl/opensslv.h> 2853 #define DATA "conftest.sslincver" 2854 ]], [[ 2855 FILE *fd; 2856 int rc; 2857 2858 fd = fopen(DATA,"w"); 2859 if(fd == NULL) 2860 exit(1); 2861 2862 if ((rc = fprintf(fd, "%08lx (%s)\n", 2863 (unsigned long)OPENSSL_VERSION_NUMBER, 2864 OPENSSL_VERSION_TEXT)) < 0) 2865 exit(1); 2866 2867 exit(0); 2868 ]])], 2869 [ 2870 ssl_header_ver=`cat conftest.sslincver` 2871 AC_MSG_RESULT([$ssl_header_ver]) 2872 ], 2873 [ 2874 AC_MSG_RESULT([failed]) 2875 AC_MSG_ERROR([OpenSSL version test program failed.]) 2876 ], 2877 [ 2878 AC_MSG_WARN([cross compiling: not checking]) 2879 ] 2880 ) 2881 2882 # Determining OpenSSL library version is version dependent. 2883 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2884 2885 # Determine OpenSSL library version 2886 AC_MSG_CHECKING([OpenSSL library version]) 2887 AC_RUN_IFELSE( 2888 [AC_LANG_PROGRAM([[ 2889 #include <stdio.h> 2890 #include <stdlib.h> 2891 #include <string.h> 2892 #include <openssl/opensslv.h> 2893 #include <openssl/crypto.h> 2894 #define DATA "conftest.ssllibver" 2895 ]], [[ 2896 FILE *f; 2897 /* We need these legacy bits to warn for old libcrypto */ 2898 #ifndef OPENSSL_VERSION 2899 # define OPENSSL_VERSION SSLEAY_VERSION 2900 #endif 2901 #ifndef HAVE_OPENSSL_VERSION 2902 # define OpenSSL_version SSLeay_version 2903 #endif 2904 #ifndef HAVE_OPENSSL_VERSION_NUM 2905 # define OpenSSL_version_num SSLeay 2906 #endif 2907 if ((f = fopen(DATA, "w")) == NULL) 2908 exit(1); 2909 if (fprintf(f, "%08lx (%s)", 2910 (unsigned long)OpenSSL_version_num(), 2911 OpenSSL_version(OPENSSL_VERSION)) < 0) 2912 exit(1); 2913#ifdef LIBRESSL_VERSION_NUMBER 2914 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) 2915 exit(1); 2916#endif 2917 if (fputc('\n', f) == EOF || fclose(f) == EOF) 2918 exit(1); 2919 exit(0); 2920 ]])], 2921 [ 2922 sslver=`cat conftest.ssllibver` 2923 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` 2924 # Check version is supported. 2925 case "$sslver" in 2926 100*|10100*) # 1.0.x, 1.1.0x 2927 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) 2928 ;; 2929 101*) ;; # 1.1.x 2930 200*) # LibreSSL 2931 lver=`echo "$sslver" | sed 's/.*libressl-//'` 2932 case "$lver" in 2933 2*|300*) # 2.x, 3.0.0 2934 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) 2935 ;; 2936 *) ;; # Assume all other versions are good. 2937 esac 2938 ;; 2939 30*) 2940 # OpenSSL 3; we use the 1.1x API 2941 # https://openssl.org/policies/general/versioning-policy.html 2942 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2943 ;; 2944 *) 2945 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) 2946 ;; 2947 esac 2948 AC_MSG_RESULT([$ssl_showver]) 2949 ], 2950 [ 2951 AC_MSG_RESULT([not found]) 2952 AC_MSG_ERROR([OpenSSL library not found.]) 2953 ], 2954 [ 2955 AC_MSG_WARN([cross compiling: not checking]) 2956 ] 2957 ) 2958 2959 case "$host" in 2960 x86_64-*) 2961 case "$sslver" in 2962 3000004*) 2963 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2964 ;; 2965 esac 2966 esac 2967 2968 # Sanity check OpenSSL headers 2969 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2970 AC_RUN_IFELSE( 2971 [AC_LANG_PROGRAM([[ 2972 #include <stdlib.h> 2973 #include <string.h> 2974 #include <openssl/opensslv.h> 2975 #include <openssl/crypto.h> 2976 ]], [[ 2977 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2978 ]])], 2979 [ 2980 AC_MSG_RESULT([yes]) 2981 ], 2982 [ 2983 AC_MSG_RESULT([no]) 2984 if test "x$openssl_check_nonfatal" = "x"; then 2985 AC_MSG_ERROR([Your OpenSSL headers do not match your 2986 library. Check config.log for details. 2987 If you are sure your installation is consistent, you can disable the check 2988 by running "./configure --without-openssl-header-check". 2989 Also see contrib/findssl.sh for help identifying header/library mismatches. 2990 ]) 2991 else 2992 AC_MSG_WARN([Your OpenSSL headers do not match your 2993 library. Check config.log for details. 2994 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2995 fi 2996 ], 2997 [ 2998 AC_MSG_WARN([cross compiling: not checking]) 2999 ] 3000 ) 3001 3002 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 3003 AC_LINK_IFELSE( 3004 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3005 [[ ERR_load_crypto_strings(); ]])], 3006 [ 3007 AC_MSG_RESULT([yes]) 3008 ], 3009 [ 3010 AC_MSG_RESULT([no]) 3011 LIBS="$LIBS -ldl" 3012 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 3013 AC_LINK_IFELSE( 3014 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3015 [[ ERR_load_crypto_strings(); ]])], 3016 [ 3017 AC_MSG_RESULT([yes]) 3018 CHANNELLIBS="$CHANNELLIBS -ldl" 3019 ], 3020 [ 3021 AC_MSG_RESULT([no]) 3022 ] 3023 ) 3024 ] 3025 ) 3026 3027 AC_CHECK_FUNCS([ \ 3028 BN_is_prime_ex \ 3029 DES_crypt \ 3030 DSA_generate_parameters_ex \ 3031 EVP_DigestSign \ 3032 EVP_DigestVerify \ 3033 EVP_DigestFinal_ex \ 3034 EVP_DigestInit_ex \ 3035 EVP_MD_CTX_cleanup \ 3036 EVP_MD_CTX_copy_ex \ 3037 EVP_MD_CTX_init \ 3038 HMAC_CTX_init \ 3039 RSA_generate_key_ex \ 3040 RSA_get_default_method \ 3041 ]) 3042 3043 # OpenSSL_add_all_algorithms may be a macro. 3044 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 3045 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 3046 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 3047 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 3048 [[#include <openssl/evp.h>]] 3049 ) 3050 ) 3051 3052 # LibreSSL/OpenSSL API differences 3053 AC_CHECK_FUNCS([ \ 3054 EVP_CIPHER_CTX_iv \ 3055 EVP_CIPHER_CTX_iv_noconst \ 3056 EVP_CIPHER_CTX_get_iv \ 3057 EVP_CIPHER_CTX_get_updated_iv \ 3058 EVP_CIPHER_CTX_set_iv \ 3059 ]) 3060 3061 if test "x$openssl_engine" = "xyes" ; then 3062 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3063 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3064 #include <openssl/engine.h> 3065 ]], [[ 3066 ENGINE_load_builtin_engines(); 3067 ENGINE_register_all_complete(); 3068 ]])], 3069 [ AC_MSG_RESULT([yes]) 3070 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3071 [Enable OpenSSL engine support]) 3072 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3073 ]) 3074 fi 3075 3076 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3077 AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256]) 3078 AC_LINK_IFELSE( 3079 [AC_LANG_PROGRAM([[ 3080 #include <stdlib.h> 3081 #include <string.h> 3082 #include <openssl/evp.h> 3083 ]], [[ 3084 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3085 ]])], 3086 [ 3087 AC_MSG_RESULT([no]) 3088 ], 3089 [ 3090 AC_MSG_RESULT([yes]) 3091 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3092 [libcrypto is missing AES 192 and 256 bit functions]) 3093 ] 3094 ) 3095 3096 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3097 AC_LINK_IFELSE( 3098 [AC_LANG_PROGRAM([[ 3099 #include <stdlib.h> 3100 #include <string.h> 3101 #include <openssl/evp.h> 3102 ]], [[ 3103 if(EVP_DigestUpdate(NULL, NULL,0)) 3104 exit(0); 3105 ]])], 3106 [ 3107 AC_MSG_RESULT([yes]) 3108 ], 3109 [ 3110 AC_MSG_RESULT([no]) 3111 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3112 [Define if EVP_DigestUpdate returns void]) 3113 ] 3114 ) 3115 3116 # Check for various EVP support in OpenSSL 3117 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) 3118 3119 # Check complete ECC support in OpenSSL 3120 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3121 AC_LINK_IFELSE( 3122 [AC_LANG_PROGRAM([[ 3123 #include <openssl/ec.h> 3124 #include <openssl/ecdh.h> 3125 #include <openssl/ecdsa.h> 3126 #include <openssl/evp.h> 3127 #include <openssl/objects.h> 3128 #include <openssl/opensslv.h> 3129 ]], [[ 3130 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3131 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3132 ]])], 3133 [ AC_MSG_RESULT([yes]) 3134 enable_nistp256=1 ], 3135 [ AC_MSG_RESULT([no]) ] 3136 ) 3137 3138 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3139 AC_LINK_IFELSE( 3140 [AC_LANG_PROGRAM([[ 3141 #include <openssl/ec.h> 3142 #include <openssl/ecdh.h> 3143 #include <openssl/ecdsa.h> 3144 #include <openssl/evp.h> 3145 #include <openssl/objects.h> 3146 #include <openssl/opensslv.h> 3147 ]], [[ 3148 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3149 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3150 ]])], 3151 [ AC_MSG_RESULT([yes]) 3152 enable_nistp384=1 ], 3153 [ AC_MSG_RESULT([no]) ] 3154 ) 3155 3156 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3157 AC_LINK_IFELSE( 3158 [AC_LANG_PROGRAM([[ 3159 #include <openssl/ec.h> 3160 #include <openssl/ecdh.h> 3161 #include <openssl/ecdsa.h> 3162 #include <openssl/evp.h> 3163 #include <openssl/objects.h> 3164 #include <openssl/opensslv.h> 3165 ]], [[ 3166 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3167 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3168 ]])], 3169 [ AC_MSG_RESULT([yes]) 3170 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3171 AC_RUN_IFELSE( 3172 [AC_LANG_PROGRAM([[ 3173 #include <stdlib.h> 3174 #include <openssl/ec.h> 3175 #include <openssl/ecdh.h> 3176 #include <openssl/ecdsa.h> 3177 #include <openssl/evp.h> 3178 #include <openssl/objects.h> 3179 #include <openssl/opensslv.h> 3180 ]],[[ 3181 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3182 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3183 exit(e == NULL || m == NULL); 3184 ]])], 3185 [ AC_MSG_RESULT([yes]) 3186 enable_nistp521=1 ], 3187 [ AC_MSG_RESULT([no]) ], 3188 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3189 enable_nistp521=1 ] 3190 )], 3191 AC_MSG_RESULT([no]) 3192 ) 3193 3194 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3195 test x$enable_nistp521 = x1; then 3196 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3197 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3198 openssl_ecc=yes 3199 else 3200 openssl_ecc=no 3201 fi 3202 if test x$enable_nistp256 = x1; then 3203 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3204 [libcrypto has NID_X9_62_prime256v1]) 3205 else 3206 unsupported_algorithms="$unsupported_algorithms \ 3207 ecdsa-sha2-nistp256 \ 3208 ecdh-sha2-nistp256 \ 3209 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3210 fi 3211 if test x$enable_nistp384 = x1; then 3212 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3213 else 3214 unsupported_algorithms="$unsupported_algorithms \ 3215 ecdsa-sha2-nistp384 \ 3216 ecdh-sha2-nistp384 \ 3217 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3218 fi 3219 if test x$enable_nistp521 = x1; then 3220 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3221 else 3222 unsupported_algorithms="$unsupported_algorithms \ 3223 ecdh-sha2-nistp521 \ 3224 ecdsa-sha2-nistp521 \ 3225 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3226 fi 3227 3228 # Check libcrypto ED25519 support 3229 AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key]) 3230 AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key]) 3231 AC_MSG_CHECKING([whether OpenSSL has ED25519 support]) 3232 AC_LINK_IFELSE( 3233 [AC_LANG_PROGRAM([[ 3234 #include <string.h> 3235 #include <openssl/evp.h> 3236 ]], [[ 3237 unsigned char buf[64]; 3238 memset(buf, 0, sizeof(buf)); 3239 exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL, 3240 buf, sizeof(buf)) == NULL); 3241 ]])], 3242 [ 3243 AC_MSG_RESULT([yes]) 3244 AC_DEFINE([OPENSSL_HAS_ED25519], [1], 3245 [libcrypto has ed25519 support]) 3246 ], 3247 [ 3248 AC_MSG_RESULT([no]) 3249 ] 3250 ) 3251fi 3252 3253# PKCS11/U2F depend on OpenSSL and dlopen(). 3254enable_pkcs11=yes 3255enable_sk=yes 3256if test "x$openssl" != "xyes" ; then 3257 enable_pkcs11="disabled; missing libcrypto" 3258fi 3259if test "x$ac_cv_func_dlopen" != "xyes" ; then 3260 enable_pkcs11="disabled; missing dlopen(3)" 3261 enable_sk="disabled; missing dlopen(3)" 3262fi 3263if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3264 enable_pkcs11="disabled; missing RTLD_NOW" 3265 enable_sk="disabled; missing RTLD_NOW" 3266fi 3267if test ! -z "$disable_pkcs11" ; then 3268 enable_pkcs11="disabled by user" 3269fi 3270if test ! -z "$disable_sk" ; then 3271 enable_sk="disabled by user" 3272fi 3273 3274AC_MSG_CHECKING([whether to enable PKCS11]) 3275if test "x$enable_pkcs11" = "xyes" ; then 3276 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3277fi 3278AC_MSG_RESULT([$enable_pkcs11]) 3279 3280AC_MSG_CHECKING([whether to enable U2F]) 3281if test "x$enable_sk" = "xyes" ; then 3282 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3283 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3284else 3285 # Do not try to build sk-dummy library. 3286 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3287fi 3288AC_MSG_RESULT([$enable_sk]) 3289 3290# Now check for built-in security key support. 3291if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3292 use_pkgconfig_for_libfido2= 3293 if test "x$PKGCONFIG" != "xno"; then 3294 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3295 if "$PKGCONFIG" libfido2; then 3296 AC_MSG_RESULT([yes]) 3297 use_pkgconfig_for_libfido2=yes 3298 else 3299 AC_MSG_RESULT([no]) 3300 fi 3301 fi 3302 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3303 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3304 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3305 else 3306 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3307 fi 3308 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3309 fido2_error= 3310 AC_CHECK_LIB([privatefido2], [fido_init], 3311 [ ], 3312 [ fido2_error="missing/unusable libfido2" ], 3313 [ $OTHERLIBS ] 3314 ) 3315 AC_CHECK_HEADER([fido.h], [], 3316 [ fido2_error="missing fido.h from libfido2" ]) 3317 AC_CHECK_HEADER([fido/credman.h], [], 3318 [ fido2_error="missing fido/credman.h from libfido2" ], 3319 [ #include <fido.h> ] 3320 ) 3321 AC_MSG_CHECKING([for usable libfido2 installation]) 3322 if test ! -z "$fido2_error" ; then 3323 AC_MSG_RESULT([$fido2_error]) 3324 if test "x$enable_sk_internal" = "xyes" ; then 3325 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3326 fi 3327 LIBFIDO2="" 3328 else 3329 AC_MSG_RESULT([yes]) 3330 AC_SUBST([LIBFIDO2]) 3331 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3332 [Enable for built-in U2F/FIDO support]) 3333 enable_sk="built-in" 3334 saved_LIBS="$LIBS" 3335 LIBS="$LIBFIDO2 $LIBS" 3336 AC_CHECK_FUNCS([ \ 3337 fido_assert_set_clientdata \ 3338 fido_cred_prot \ 3339 fido_cred_set_prot \ 3340 fido_cred_set_clientdata \ 3341 fido_dev_get_touch_begin \ 3342 fido_dev_get_touch_status \ 3343 fido_dev_supports_cred_prot \ 3344 fido_dev_is_winhello \ 3345 ]) 3346 LIBS="$saved_LIBS" 3347 fi 3348fi 3349 3350AC_CHECK_FUNCS([ \ 3351 arc4random \ 3352 arc4random_buf \ 3353 arc4random_stir \ 3354 arc4random_uniform \ 3355]) 3356### Configure cryptographic random number support 3357 3358# Check whether OpenSSL seeds itself 3359if test "x$openssl" = "xyes" ; then 3360 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3361 AC_RUN_IFELSE( 3362 [AC_LANG_PROGRAM([[ 3363 #include <stdlib.h> 3364 #include <string.h> 3365 #include <openssl/rand.h> 3366 ]], [[ 3367 exit(RAND_status() == 1 ? 0 : 1); 3368 ]])], 3369 [ 3370 OPENSSL_SEEDS_ITSELF=yes 3371 AC_MSG_RESULT([yes]) 3372 ], 3373 [ 3374 AC_MSG_RESULT([no]) 3375 ], 3376 [ 3377 AC_MSG_WARN([cross compiling: assuming yes]) 3378 # This is safe, since we will fatal() at runtime if 3379 # OpenSSL is not seeded correctly. 3380 OPENSSL_SEEDS_ITSELF=yes 3381 ] 3382 ) 3383fi 3384 3385# PRNGD TCP socket 3386AC_ARG_WITH([prngd-port], 3387 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3388 [ 3389 case "$withval" in 3390 no) 3391 withval="" 3392 ;; 3393 [[0-9]]*) 3394 ;; 3395 *) 3396 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3397 ;; 3398 esac 3399 if test ! -z "$withval" ; then 3400 PRNGD_PORT="$withval" 3401 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3402 [Port number of PRNGD/EGD random number socket]) 3403 fi 3404 ] 3405) 3406 3407# PRNGD Unix domain socket 3408AC_ARG_WITH([prngd-socket], 3409 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3410 [ 3411 case "$withval" in 3412 yes) 3413 withval="/var/run/egd-pool" 3414 ;; 3415 no) 3416 withval="" 3417 ;; 3418 /*) 3419 ;; 3420 *) 3421 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3422 ;; 3423 esac 3424 3425 if test ! -z "$withval" ; then 3426 if test ! -z "$PRNGD_PORT" ; then 3427 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3428 fi 3429 if test ! -r "$withval" ; then 3430 AC_MSG_WARN([Entropy socket is not readable]) 3431 fi 3432 PRNGD_SOCKET="$withval" 3433 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3434 [Location of PRNGD/EGD random number socket]) 3435 fi 3436 ], 3437 [ 3438 # Check for existing socket only if we don't have a random device already 3439 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3440 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3441 # Insert other locations here 3442 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3443 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3444 PRNGD_SOCKET="$sock" 3445 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3446 break; 3447 fi 3448 done 3449 if test ! -z "$PRNGD_SOCKET" ; then 3450 AC_MSG_RESULT([$PRNGD_SOCKET]) 3451 else 3452 AC_MSG_RESULT([not found]) 3453 fi 3454 fi 3455 ] 3456) 3457 3458# Which randomness source do we use? 3459if test ! -z "$PRNGD_PORT" ; then 3460 RAND_MSG="PRNGd port $PRNGD_PORT" 3461elif test ! -z "$PRNGD_SOCKET" ; then 3462 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3463elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3464 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3465 [Define if you want the OpenSSL internally seeded PRNG only]) 3466 RAND_MSG="OpenSSL internal ONLY" 3467elif test "x$openssl" = "xno" ; then 3468 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3469else 3470 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3471fi 3472LIBS="$nocrypto_saved_LIBS" 3473 3474saved_LIBS="$LIBS" 3475AC_CHECK_LIB([iaf], [ia_openinfo], [ 3476 LIBS="$LIBS -liaf" 3477 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3478 AC_DEFINE([HAVE_LIBIAF], [1], 3479 [Define if system has libiaf that supports set_id]) 3480 ]) 3481]) 3482LIBS="$saved_LIBS" 3483 3484# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3485saved_LIBS="$LIBS" 3486AC_CHECK_LIB([crypt], [crypt], [ 3487 LIBS="-lcrypt $LIBS" 3488 SSHDLIBS="-lcrypt $SSHDLIBS" 3489]) 3490AC_CHECK_FUNCS([crypt]) 3491LIBS="$saved_LIBS" 3492 3493# Check for PAM libs 3494PAM_MSG="no" 3495AC_ARG_WITH([pam], 3496 [ --with-pam Enable PAM support ], 3497 [ 3498 if test "x$withval" != "xno" ; then 3499 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3500 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3501 AC_MSG_ERROR([PAM headers not found]) 3502 fi 3503 3504 saved_LIBS="$LIBS" 3505 AC_CHECK_LIB([dl], [dlopen], , ) 3506 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3507 AC_CHECK_FUNCS([pam_getenvlist]) 3508 AC_CHECK_FUNCS([pam_putenv]) 3509 LIBS="$saved_LIBS" 3510 3511 PAM_MSG="yes" 3512 3513 SSHDLIBS="$SSHDLIBS -lpam" 3514 AC_DEFINE([USE_PAM], [1], 3515 [Define if you want to enable PAM support]) 3516 3517 if test $ac_cv_lib_dl_dlopen = yes; then 3518 case "$LIBS" in 3519 *-ldl*) 3520 # libdl already in LIBS 3521 ;; 3522 *) 3523 SSHDLIBS="$SSHDLIBS -ldl" 3524 ;; 3525 esac 3526 fi 3527 fi 3528 ] 3529) 3530 3531AC_ARG_WITH([pam-service], 3532 [ --with-pam-service=name Specify PAM service name ], 3533 [ 3534 if test "x$withval" != "xno" && \ 3535 test "x$withval" != "xyes" ; then 3536 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3537 ["$withval"], [sshd PAM service name]) 3538 fi 3539 ] 3540) 3541 3542# Check for older PAM 3543if test "x$PAM_MSG" = "xyes" ; then 3544 # Check PAM strerror arguments (old PAM) 3545 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3546 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3547#include <stdlib.h> 3548#if defined(HAVE_SECURITY_PAM_APPL_H) 3549#include <security/pam_appl.h> 3550#elif defined (HAVE_PAM_PAM_APPL_H) 3551#include <pam/pam_appl.h> 3552#endif 3553 ]], [[ 3554(void)pam_strerror((pam_handle_t *)NULL, -1); 3555 ]])], [AC_MSG_RESULT([no])], [ 3556 AC_DEFINE([HAVE_OLD_PAM], [1], 3557 [Define if you have an old version of PAM 3558 which takes only one argument to pam_strerror]) 3559 AC_MSG_RESULT([yes]) 3560 PAM_MSG="yes (old library)" 3561 3562 ]) 3563fi 3564 3565case "$host" in 3566*-*-cygwin*) 3567 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3568 ;; 3569*) 3570 SSH_PRIVSEP_USER=sshd 3571 ;; 3572esac 3573AC_ARG_WITH([privsep-user], 3574 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3575 [ 3576 if test -n "$withval" && test "x$withval" != "xno" && \ 3577 test "x${withval}" != "xyes"; then 3578 SSH_PRIVSEP_USER=$withval 3579 fi 3580 ] 3581) 3582if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3583 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3584 [Cygwin function to fetch non-privileged user for privilege separation]) 3585else 3586 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3587 [non-privileged user for privilege separation]) 3588fi 3589AC_SUBST([SSH_PRIVSEP_USER]) 3590 3591if test "x$have_linux_no_new_privs" = "x1" ; then 3592AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3593 #include <sys/types.h> 3594 #include <linux/seccomp.h> 3595]) 3596fi 3597if test "x$have_seccomp_filter" = "x1" ; then 3598AC_MSG_CHECKING([kernel for seccomp_filter support]) 3599AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3600 #include <errno.h> 3601 #include <elf.h> 3602 #include <linux/audit.h> 3603 #include <linux/seccomp.h> 3604 #include <stdlib.h> 3605 #include <sys/prctl.h> 3606 ]], 3607 [[ int i = $seccomp_audit_arch; 3608 errno = 0; 3609 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3610 exit(errno == EFAULT ? 0 : 1); ]])], 3611 [ AC_MSG_RESULT([yes]) ], [ 3612 AC_MSG_RESULT([no]) 3613 # Disable seccomp filter as a target 3614 have_seccomp_filter=0 3615 ] 3616) 3617fi 3618 3619AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3620#include <sys/types.h> 3621#ifdef HAVE_POLL_H 3622#include <poll.h> 3623#endif 3624#ifdef HAVE_SYS_POLL_H 3625#include <sys/poll.h> 3626#endif 3627]]) 3628 3629AC_CHECK_TYPES([nfds_t], , , [ 3630#include <sys/types.h> 3631#ifdef HAVE_POLL_H 3632#include <poll.h> 3633#endif 3634#ifdef HAVE_SYS_POLL_H 3635#include <sys/poll.h> 3636#endif 3637]) 3638 3639# Decide which sandbox style to use 3640sandbox_arg="" 3641AC_ARG_WITH([sandbox], 3642 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3643 [ 3644 if test "x$withval" = "xyes" ; then 3645 sandbox_arg="" 3646 else 3647 sandbox_arg="$withval" 3648 fi 3649 ] 3650) 3651 3652if test "x$sandbox_arg" != "xno"; then 3653# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3654# is greater than OPEN_MAX". On some platforms that includes implementions 3655# of select in userspace on top of poll() so check both work with rlimit 3656# NOFILES so check that both work before enabling the rlimit sandbox. 3657 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3658 AC_RUN_IFELSE( 3659 [AC_LANG_PROGRAM([[ 3660#include <sys/types.h> 3661#ifdef HAVE_SYS_TIME_H 3662# include <sys/time.h> 3663#endif 3664#include <sys/resource.h> 3665#ifdef HAVE_SYS_SELECT_H 3666# include <sys/select.h> 3667#endif 3668#ifdef HAVE_POLL_H 3669# include <poll.h> 3670#elif HAVE_SYS_POLL_H 3671# include <sys/poll.h> 3672#endif 3673#include <errno.h> 3674#include <fcntl.h> 3675#include <stdlib.h> 3676 ]],[[ 3677 struct rlimit rl_zero; 3678 int fd, r; 3679 fd_set fds; 3680 struct timeval tv; 3681#ifdef HAVE_POLL 3682 struct pollfd pfd; 3683#endif 3684 3685 fd = open("/dev/null", O_RDONLY); 3686 FD_ZERO(&fds); 3687 FD_SET(fd, &fds); 3688 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3689 setrlimit(RLIMIT_FSIZE, &rl_zero); 3690 setrlimit(RLIMIT_NOFILE, &rl_zero); 3691 tv.tv_sec = 1; 3692 tv.tv_usec = 0; 3693 r = select(fd+1, &fds, NULL, NULL, &tv); 3694 if (r == -1) 3695 exit(1); 3696#ifdef HAVE_POLL 3697 pfd.fd = fd; 3698 pfd.events = POLLIN; 3699 r = poll(&pfd, 1, 1); 3700 if (r == -1) 3701 exit(2); 3702#endif 3703 exit(0); 3704 ]])], 3705 [AC_MSG_RESULT([yes]) 3706 select_works_with_rlimit=yes], 3707 [AC_MSG_RESULT([no]) 3708 select_works_with_rlimit=no], 3709 [AC_MSG_WARN([cross compiling: assuming no]) 3710 select_works_with_rlimit=no] 3711 ) 3712 3713 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3714 AC_RUN_IFELSE( 3715 [AC_LANG_PROGRAM([[ 3716#include <sys/types.h> 3717#ifdef HAVE_SYS_TIME_H 3718# include <sys/time.h> 3719#endif 3720#include <sys/resource.h> 3721#include <errno.h> 3722#include <stdlib.h> 3723 ]],[[ 3724 struct rlimit rl_zero; 3725 int r; 3726 3727 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3728 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3729 exit (r == -1 ? 1 : 0); 3730 ]])], 3731 [AC_MSG_RESULT([yes]) 3732 rlimit_nofile_zero_works=yes], 3733 [AC_MSG_RESULT([no]) 3734 rlimit_nofile_zero_works=no], 3735 [AC_MSG_WARN([cross compiling: assuming yes]) 3736 rlimit_nofile_zero_works=yes] 3737 ) 3738 3739 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3740 AC_RUN_IFELSE( 3741 [AC_LANG_PROGRAM([[ 3742#include <sys/types.h> 3743#include <sys/resource.h> 3744#include <stdlib.h> 3745 ]],[[ 3746 struct rlimit rl_zero; 3747 3748 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3749 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3750 ]])], 3751 [AC_MSG_RESULT([yes])], 3752 [AC_MSG_RESULT([no]) 3753 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3754 [setrlimit RLIMIT_FSIZE works])], 3755 [AC_MSG_WARN([cross compiling: assuming yes])] 3756 ) 3757fi 3758 3759if test "x$sandbox_arg" = "xpledge" || \ 3760 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3761 test "x$ac_cv_func_pledge" != "xyes" && \ 3762 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3763 SANDBOX_STYLE="pledge" 3764 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3765elif test "x$sandbox_arg" = "xsystrace" || \ 3766 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3767 test "x$have_systr_policy_kill" != "x1" && \ 3768 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3769 SANDBOX_STYLE="systrace" 3770 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3771elif test "x$sandbox_arg" = "xdarwin" || \ 3772 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3773 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3774 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3775 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3776 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3777 SANDBOX_STYLE="darwin" 3778 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3779elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3780 ( test -z "$sandbox_arg" && \ 3781 test "x$have_seccomp_filter" = "x1" && \ 3782 test "x$ac_cv_header_elf_h" = "xyes" && \ 3783 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3784 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3785 test "x$seccomp_audit_arch" != "x" && \ 3786 test "x$have_linux_no_new_privs" = "x1" && \ 3787 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3788 test "x$seccomp_audit_arch" = "x" && \ 3789 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3790 test "x$have_linux_no_new_privs" != "x1" && \ 3791 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3792 test "x$have_seccomp_filter" != "x1" && \ 3793 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3794 test "x$ac_cv_func_prctl" != "xyes" && \ 3795 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3796 SANDBOX_STYLE="seccomp_filter" 3797 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3798elif test "x$sandbox_arg" = "xcapsicum" || \ 3799 ( test -z "$sandbox_arg" && \ 3800 test "x$disable_capsicum" != "xyes" && \ 3801 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3802 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3803 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3804 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3805 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3806 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3807 SANDBOX_STYLE="capsicum" 3808 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3809elif test "x$sandbox_arg" = "xrlimit" || \ 3810 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3811 test "x$select_works_with_rlimit" = "xyes" && \ 3812 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3813 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3814 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3815 test "x$select_works_with_rlimit" != "xyes" && \ 3816 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3817 SANDBOX_STYLE="rlimit" 3818 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3819elif test "x$sandbox_arg" = "xsolaris" || \ 3820 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3821 SANDBOX_STYLE="solaris" 3822 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3823elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3824 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3825 SANDBOX_STYLE="none" 3826 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3827else 3828 AC_MSG_ERROR([unsupported --with-sandbox]) 3829fi 3830 3831# Cheap hack to ensure NEWS-OS libraries are arranged right. 3832if test ! -z "$SONY" ; then 3833 LIBS="$LIBS -liberty"; 3834fi 3835 3836# Check for long long datatypes 3837AC_CHECK_TYPES([long long, unsigned long long, long double]) 3838 3839# Check datatype sizes 3840AC_CHECK_SIZEOF([short int]) 3841AC_CHECK_SIZEOF([int]) 3842AC_CHECK_SIZEOF([long int]) 3843AC_CHECK_SIZEOF([long long int]) 3844AC_CHECK_SIZEOF([time_t], [], [[ 3845 #include <sys/types.h> 3846 #ifdef HAVE_SYS_TIME_H 3847 # include <sys/time.h> 3848 #endif 3849 #ifdef HAVE_TIME_H 3850 # include <time.h> 3851 #endif 3852 ]] 3853) 3854 3855# Sanity check long long for some platforms (AIX) 3856if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3857 ac_cv_sizeof_long_long_int=0 3858fi 3859 3860# compute LLONG_MIN and LLONG_MAX if we don't know them. 3861if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3862 AC_MSG_CHECKING([for max value of long long]) 3863 AC_RUN_IFELSE( 3864 [AC_LANG_PROGRAM([[ 3865#include <stdio.h> 3866#include <stdlib.h> 3867/* Why is this so damn hard? */ 3868#ifdef __GNUC__ 3869# undef __GNUC__ 3870#endif 3871#define __USE_ISOC99 3872#include <limits.h> 3873#define DATA "conftest.llminmax" 3874#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3875 3876/* 3877 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3878 * we do this the hard way. 3879 */ 3880static int 3881fprint_ll(FILE *f, long long n) 3882{ 3883 unsigned int i; 3884 int l[sizeof(long long) * 8]; 3885 3886 if (n < 0) 3887 if (fprintf(f, "-") < 0) 3888 return -1; 3889 for (i = 0; n != 0; i++) { 3890 l[i] = my_abs(n % 10); 3891 n /= 10; 3892 } 3893 do { 3894 if (fprintf(f, "%d", l[--i]) < 0) 3895 return -1; 3896 } while (i != 0); 3897 if (fprintf(f, " ") < 0) 3898 return -1; 3899 return 0; 3900} 3901 ]], [[ 3902 FILE *f; 3903 long long i, llmin, llmax = 0; 3904 3905 if((f = fopen(DATA,"w")) == NULL) 3906 exit(1); 3907 3908#if defined(LLONG_MIN) && defined(LLONG_MAX) 3909 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3910 llmin = LLONG_MIN; 3911 llmax = LLONG_MAX; 3912#else 3913 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3914 /* This will work on one's complement and two's complement */ 3915 for (i = 1; i > llmax; i <<= 1, i++) 3916 llmax = i; 3917 llmin = llmax + 1LL; /* wrap */ 3918#endif 3919 3920 /* Sanity check */ 3921 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3922 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3923 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3924 fprintf(f, "unknown unknown\n"); 3925 exit(2); 3926 } 3927 3928 if (fprint_ll(f, llmin) < 0) 3929 exit(3); 3930 if (fprint_ll(f, llmax) < 0) 3931 exit(4); 3932 if (fclose(f) < 0) 3933 exit(5); 3934 exit(0); 3935 ]])], 3936 [ 3937 llong_min=`$AWK '{print $1}' conftest.llminmax` 3938 llong_max=`$AWK '{print $2}' conftest.llminmax` 3939 3940 AC_MSG_RESULT([$llong_max]) 3941 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3942 [max value of long long calculated by configure]) 3943 AC_MSG_CHECKING([for min value of long long]) 3944 AC_MSG_RESULT([$llong_min]) 3945 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3946 [min value of long long calculated by configure]) 3947 ], 3948 [ 3949 AC_MSG_RESULT([not found]) 3950 ], 3951 [ 3952 AC_MSG_WARN([cross compiling: not checking]) 3953 ] 3954 ) 3955fi 3956 3957AC_CHECK_DECLS([UINT32_MAX], , , [[ 3958#ifdef HAVE_SYS_LIMITS_H 3959# include <sys/limits.h> 3960#endif 3961#ifdef HAVE_LIMITS_H 3962# include <limits.h> 3963#endif 3964#ifdef HAVE_STDINT_H 3965# include <stdint.h> 3966#endif 3967]]) 3968 3969# More checks for data types 3970AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3971 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3972 [[ u_int a; a = 1;]])], 3973 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3974 ]) 3975]) 3976if test "x$ac_cv_have_u_int" = "xyes" ; then 3977 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3978 have_u_int=1 3979fi 3980 3981AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3982 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3983 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3984 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3985 ]) 3986]) 3987if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3988 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3989 have_intxx_t=1 3990fi 3991 3992if (test -z "$have_intxx_t" && \ 3993 test "x$ac_cv_header_stdint_h" = "xyes") 3994then 3995 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3996 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3997 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3998 [ 3999 AC_DEFINE([HAVE_INTXX_T]) 4000 AC_MSG_RESULT([yes]) 4001 ], [ AC_MSG_RESULT([no]) 4002 ]) 4003fi 4004 4005AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 4006 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4007#include <sys/types.h> 4008#ifdef HAVE_STDINT_H 4009# include <stdint.h> 4010#endif 4011#include <sys/socket.h> 4012#ifdef HAVE_SYS_BITYPES_H 4013# include <sys/bitypes.h> 4014#endif 4015 ]], [[ 4016int64_t a; a = 1; 4017 ]])], 4018 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 4019 ]) 4020]) 4021if test "x$ac_cv_have_int64_t" = "xyes" ; then 4022 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 4023fi 4024 4025AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 4026 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4027 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4028 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 4029 ]) 4030]) 4031if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 4032 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 4033 have_u_intxx_t=1 4034fi 4035 4036if test -z "$have_u_intxx_t" ; then 4037 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 4038 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 4039 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4040 [ 4041 AC_DEFINE([HAVE_U_INTXX_T]) 4042 AC_MSG_RESULT([yes]) 4043 ], [ AC_MSG_RESULT([no]) 4044 ]) 4045fi 4046 4047AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4048 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4049 [[ u_int64_t a; a = 1;]])], 4050 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4051 ]) 4052]) 4053if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4054 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4055 have_u_int64_t=1 4056fi 4057 4058if (test -z "$have_u_int64_t" && \ 4059 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4060then 4061 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4062 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4063 [[ u_int64_t a; a = 1]])], 4064 [ 4065 AC_DEFINE([HAVE_U_INT64_T]) 4066 AC_MSG_RESULT([yes]) 4067 ], [ AC_MSG_RESULT([no]) 4068 ]) 4069fi 4070 4071if test -z "$have_u_intxx_t" ; then 4072 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4073 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4074#include <sys/types.h> 4075 ]], [[ 4076 uint8_t a; 4077 uint16_t b; 4078 uint32_t c; 4079 a = b = c = 1; 4080 ]])], 4081 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4082 ]) 4083 ]) 4084 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4085 AC_DEFINE([HAVE_UINTXX_T], [1], 4086 [define if you have uintxx_t data type]) 4087 fi 4088fi 4089 4090if (test -z "$have_uintxx_t" && \ 4091 test "x$ac_cv_header_stdint_h" = "xyes") 4092then 4093 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4094 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4095 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4096 [ 4097 AC_DEFINE([HAVE_UINTXX_T]) 4098 AC_MSG_RESULT([yes]) 4099 ], [ AC_MSG_RESULT([no]) 4100 ]) 4101fi 4102 4103if (test -z "$have_uintxx_t" && \ 4104 test "x$ac_cv_header_inttypes_h" = "xyes") 4105then 4106 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4107 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4108 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4109 [ 4110 AC_DEFINE([HAVE_UINTXX_T]) 4111 AC_MSG_RESULT([yes]) 4112 ], [ AC_MSG_RESULT([no]) 4113 ]) 4114fi 4115 4116if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4117 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4118then 4119 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4120 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4121#include <sys/bitypes.h> 4122 ]], [[ 4123 int8_t a; int16_t b; int32_t c; 4124 u_int8_t e; u_int16_t f; u_int32_t g; 4125 a = b = c = e = f = g = 1; 4126 ]])], 4127 [ 4128 AC_DEFINE([HAVE_U_INTXX_T]) 4129 AC_DEFINE([HAVE_INTXX_T]) 4130 AC_MSG_RESULT([yes]) 4131 ], [AC_MSG_RESULT([no]) 4132 ]) 4133fi 4134 4135 4136AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4137 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4138 [[ u_char foo; foo = 125; ]])], 4139 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4140 ]) 4141]) 4142if test "x$ac_cv_have_u_char" = "xyes" ; then 4143 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4144fi 4145 4146AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4147#include <sys/types.h> 4148#ifdef HAVE_STDINT_H 4149# include <stdint.h> 4150#endif 4151]) 4152 4153TYPE_SOCKLEN_T 4154 4155AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4156AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4157#include <sys/types.h> 4158#ifdef HAVE_SYS_BITYPES_H 4159#include <sys/bitypes.h> 4160#endif 4161#ifdef HAVE_SYS_STATFS_H 4162#include <sys/statfs.h> 4163#endif 4164#ifdef HAVE_SYS_STATVFS_H 4165#include <sys/statvfs.h> 4166#endif 4167]) 4168 4169AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4170#include <sys/param.h> 4171#include <sys/types.h> 4172#ifdef HAVE_SYS_BITYPES_H 4173#include <sys/bitypes.h> 4174#endif 4175#ifdef HAVE_SYS_STATFS_H 4176#include <sys/statfs.h> 4177#endif 4178#ifdef HAVE_SYS_STATVFS_H 4179#include <sys/statvfs.h> 4180#endif 4181#ifdef HAVE_SYS_VFS_H 4182#include <sys/vfs.h> 4183#endif 4184#ifdef HAVE_SYS_MOUNT_H 4185#include <sys/mount.h> 4186#endif 4187]]) 4188 4189 4190AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4191[#include <sys/types.h> 4192#include <netinet/in.h>]) 4193 4194AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4195 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4196 [[ size_t foo; foo = 1235; ]])], 4197 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4198 ]) 4199]) 4200if test "x$ac_cv_have_size_t" = "xyes" ; then 4201 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4202fi 4203 4204AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4205 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4206 [[ ssize_t foo; foo = 1235; ]])], 4207 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4208 ]) 4209]) 4210if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4211 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4212fi 4213 4214AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4215 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4216 [[ clock_t foo; foo = 1235; ]])], 4217 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4218 ]) 4219]) 4220if test "x$ac_cv_have_clock_t" = "xyes" ; then 4221 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4222fi 4223 4224AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4225 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4226#include <sys/types.h> 4227#include <sys/socket.h> 4228 ]], [[ sa_family_t foo; foo = 1235; ]])], 4229 [ ac_cv_have_sa_family_t="yes" ], 4230 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4231#include <sys/types.h> 4232#include <sys/socket.h> 4233#include <netinet/in.h> 4234 ]], [[ sa_family_t foo; foo = 1235; ]])], 4235 [ ac_cv_have_sa_family_t="yes" ], 4236 [ ac_cv_have_sa_family_t="no" ] 4237 ) 4238 ]) 4239]) 4240if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4241 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4242 [define if you have sa_family_t data type]) 4243fi 4244 4245AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4246 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4247 [[ pid_t foo; foo = 1235; ]])], 4248 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4249 ]) 4250]) 4251if test "x$ac_cv_have_pid_t" = "xyes" ; then 4252 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4253fi 4254 4255AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4256 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4257 [[ mode_t foo; foo = 1235; ]])], 4258 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4259 ]) 4260]) 4261if test "x$ac_cv_have_mode_t" = "xyes" ; then 4262 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4263fi 4264 4265 4266AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4267 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4268#include <sys/types.h> 4269#include <sys/socket.h> 4270 ]], [[ struct sockaddr_storage s; ]])], 4271 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4272 [ ac_cv_have_struct_sockaddr_storage="no" 4273 ]) 4274]) 4275if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4276 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4277 [define if you have struct sockaddr_storage data type]) 4278fi 4279 4280AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4281 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4282#include <sys/types.h> 4283#include <netinet/in.h> 4284 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4285 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4286 [ ac_cv_have_struct_sockaddr_in6="no" 4287 ]) 4288]) 4289if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4290 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4291 [define if you have struct sockaddr_in6 data type]) 4292fi 4293 4294AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4295 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4296#include <sys/types.h> 4297#include <netinet/in.h> 4298 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4299 [ ac_cv_have_struct_in6_addr="yes" ], 4300 [ ac_cv_have_struct_in6_addr="no" 4301 ]) 4302]) 4303if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4304 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4305 [define if you have struct in6_addr data type]) 4306 4307dnl Now check for sin6_scope_id 4308 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4309 [ 4310#ifdef HAVE_SYS_TYPES_H 4311#include <sys/types.h> 4312#endif 4313#include <netinet/in.h> 4314 ]) 4315fi 4316 4317AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4318 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4319#include <sys/types.h> 4320#include <sys/socket.h> 4321#include <netdb.h> 4322 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4323 [ ac_cv_have_struct_addrinfo="yes" ], 4324 [ ac_cv_have_struct_addrinfo="no" 4325 ]) 4326]) 4327if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4328 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4329 [define if you have struct addrinfo data type]) 4330fi 4331 4332AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4333 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4334 [[ struct timeval tv; tv.tv_sec = 1;]])], 4335 [ ac_cv_have_struct_timeval="yes" ], 4336 [ ac_cv_have_struct_timeval="no" 4337 ]) 4338]) 4339if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4340 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4341 have_struct_timeval=1 4342fi 4343 4344AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4345 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4346 #ifdef HAVE_SYS_TIME_H 4347 # include <sys/time.h> 4348 #endif 4349 #ifdef HAVE_TIME_H 4350 # include <time.h> 4351 #endif 4352 ]], 4353 [[ struct timespec ts; ts.tv_sec = 1;]])], 4354 [ ac_cv_have_struct_timespec="yes" ], 4355 [ ac_cv_have_struct_timespec="no" 4356 ]) 4357]) 4358if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4359 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4360 have_struct_timespec=1 4361fi 4362 4363# We need int64_t or else certain parts of the compile will fail. 4364if test "x$ac_cv_have_int64_t" = "xno" && \ 4365 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4366 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4367 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4368 echo "an alternative compiler (I.E., GCC) before continuing." 4369 echo "" 4370 exit 1; 4371else 4372dnl test snprintf (broken on SCO w/gcc) 4373 AC_RUN_IFELSE( 4374 [AC_LANG_SOURCE([[ 4375#include <stdio.h> 4376#include <stdlib.h> 4377#include <string.h> 4378#ifdef HAVE_SNPRINTF 4379int main(void) 4380{ 4381 char buf[50]; 4382 char expected_out[50]; 4383 int mazsize = 50 ; 4384#if (SIZEOF_LONG_INT == 8) 4385 long int num = 0x7fffffffffffffff; 4386#else 4387 long long num = 0x7fffffffffffffffll; 4388#endif 4389 strcpy(expected_out, "9223372036854775807"); 4390 snprintf(buf, mazsize, "%lld", num); 4391 if(strcmp(buf, expected_out) != 0) 4392 exit(1); 4393 exit(0); 4394} 4395#else 4396int main(void) { exit(0); } 4397#endif 4398 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4399 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4400 ) 4401fi 4402 4403dnl Checks for structure members 4404OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4405OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4406OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4407OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4408OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4409OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4410OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4411OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4412OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4413OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4414OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4415OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4416OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4417OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4418OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4419OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4420OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4421OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4422 4423AC_CHECK_MEMBERS([struct stat.st_blksize]) 4424AC_CHECK_MEMBERS([struct stat.st_mtim]) 4425AC_CHECK_MEMBERS([struct stat.st_mtime]) 4426AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4427struct passwd.pw_change, struct passwd.pw_expire], 4428[], [], [[ 4429#include <sys/types.h> 4430#include <pwd.h> 4431]]) 4432 4433AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4434 [Define if we don't have struct __res_state in resolv.h])], 4435[[ 4436#include <stdio.h> 4437#if HAVE_SYS_TYPES_H 4438# include <sys/types.h> 4439#endif 4440#include <netinet/in.h> 4441#include <arpa/nameser.h> 4442#include <resolv.h> 4443]]) 4444 4445AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4446 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4447 [], 4448 [AC_LANG_SOURCE([[ 4449#include <sys/types.h> 4450#include <sys/socket.h> 4451#include <netinet/in.h> 4452 ]])] 4453) 4454 4455AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4456 ac_cv_have_ss_family_in_struct_ss, [ 4457 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4458#include <sys/types.h> 4459#include <sys/socket.h> 4460 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4461 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4462 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4463]) 4464if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4465 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4466fi 4467 4468AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4469 ac_cv_have___ss_family_in_struct_ss, [ 4470 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4471#include <sys/types.h> 4472#include <sys/socket.h> 4473 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4474 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4475 [ ac_cv_have___ss_family_in_struct_ss="no" 4476 ]) 4477]) 4478if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4479 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4480 [Fields in struct sockaddr_storage]) 4481fi 4482 4483dnl make sure we're using the real structure members and not defines 4484AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4485 ac_cv_have_accrights_in_msghdr, [ 4486 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4487#include <sys/types.h> 4488#include <sys/socket.h> 4489#include <sys/uio.h> 4490#include <stdlib.h> 4491 ]], [[ 4492#ifdef msg_accrights 4493#error "msg_accrights is a macro" 4494exit(1); 4495#endif 4496struct msghdr m; 4497m.msg_accrights = 0; 4498exit(0); 4499 ]])], 4500 [ ac_cv_have_accrights_in_msghdr="yes" ], 4501 [ ac_cv_have_accrights_in_msghdr="no" ] 4502 ) 4503]) 4504if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4505 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4506 [Define if your system uses access rights style 4507 file descriptor passing]) 4508fi 4509 4510AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4511AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4512#include <sys/param.h> 4513#include <sys/stat.h> 4514#ifdef HAVE_SYS_TIME_H 4515# include <sys/time.h> 4516#endif 4517#ifdef HAVE_SYS_MOUNT_H 4518#include <sys/mount.h> 4519#endif 4520#ifdef HAVE_SYS_STATVFS_H 4521#include <sys/statvfs.h> 4522#endif 4523 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4524 [ AC_MSG_RESULT([yes]) ], 4525 [ AC_MSG_RESULT([no]) 4526 4527 AC_MSG_CHECKING([if fsid_t has member val]) 4528 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4529#include <sys/types.h> 4530#include <sys/statvfs.h> 4531 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4532 [ AC_MSG_RESULT([yes]) 4533 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4534 [ AC_MSG_RESULT([no]) ]) 4535 4536 AC_MSG_CHECKING([if f_fsid has member __val]) 4537 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4538#include <sys/types.h> 4539#include <sys/statvfs.h> 4540 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4541 [ AC_MSG_RESULT([yes]) 4542 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4543 [ AC_MSG_RESULT([no]) ]) 4544]) 4545 4546AC_CACHE_CHECK([for msg_control field in struct msghdr], 4547 ac_cv_have_control_in_msghdr, [ 4548 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4549#include <sys/types.h> 4550#include <sys/socket.h> 4551#include <sys/uio.h> 4552#include <stdlib.h> 4553 ]], [[ 4554#ifdef msg_control 4555#error "msg_control is a macro" 4556exit(1); 4557#endif 4558struct msghdr m; 4559m.msg_control = 0; 4560exit(0); 4561 ]])], 4562 [ ac_cv_have_control_in_msghdr="yes" ], 4563 [ ac_cv_have_control_in_msghdr="no" ] 4564 ) 4565]) 4566if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4567 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4568 [Define if your system uses ancillary data style 4569 file descriptor passing]) 4570fi 4571 4572AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4573 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4574 [[ extern char *__progname; printf("%s", __progname); ]])], 4575 [ ac_cv_libc_defines___progname="yes" ], 4576 [ ac_cv_libc_defines___progname="no" 4577 ]) 4578]) 4579if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4580 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4581fi 4582 4583AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4584 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4585 [[ printf("%s", __FUNCTION__); ]])], 4586 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4587 [ ac_cv_cc_implements___FUNCTION__="no" 4588 ]) 4589]) 4590if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4591 AC_DEFINE([HAVE___FUNCTION__], [1], 4592 [Define if compiler implements __FUNCTION__]) 4593fi 4594 4595AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4596 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4597 [[ printf("%s", __func__); ]])], 4598 [ ac_cv_cc_implements___func__="yes" ], 4599 [ ac_cv_cc_implements___func__="no" 4600 ]) 4601]) 4602if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4603 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4604fi 4605 4606AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4607 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4608#include <stdarg.h> 4609va_list x,y; 4610 ]], [[ va_copy(x,y); ]])], 4611 [ ac_cv_have_va_copy="yes" ], 4612 [ ac_cv_have_va_copy="no" 4613 ]) 4614]) 4615if test "x$ac_cv_have_va_copy" = "xyes" ; then 4616 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4617fi 4618 4619AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4620 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4621#include <stdarg.h> 4622va_list x,y; 4623 ]], [[ __va_copy(x,y); ]])], 4624 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4625 ]) 4626]) 4627if test "x$ac_cv_have___va_copy" = "xyes" ; then 4628 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4629fi 4630 4631AC_CACHE_CHECK([whether getopt has optreset support], 4632 ac_cv_have_getopt_optreset, [ 4633 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4634 [[ extern int optreset; optreset = 0; ]])], 4635 [ ac_cv_have_getopt_optreset="yes" ], 4636 [ ac_cv_have_getopt_optreset="no" 4637 ]) 4638]) 4639if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4640 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4641 [Define if your getopt(3) defines and uses optreset]) 4642fi 4643 4644AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4645 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4646[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4647 [ ac_cv_libc_defines_sys_errlist="yes" ], 4648 [ ac_cv_libc_defines_sys_errlist="no" 4649 ]) 4650]) 4651if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4652 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4653 [Define if your system defines sys_errlist[]]) 4654fi 4655 4656 4657AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4658 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4659[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4660 [ ac_cv_libc_defines_sys_nerr="yes" ], 4661 [ ac_cv_libc_defines_sys_nerr="no" 4662 ]) 4663]) 4664if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4665 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4666fi 4667 4668# Check libraries needed by DNS fingerprint support 4669AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4670 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4671 [Define if getrrsetbyname() exists])], 4672 [ 4673 # Needed by our getrrsetbyname() 4674 AC_SEARCH_LIBS([res_query], [resolv]) 4675 AC_SEARCH_LIBS([dn_expand], [resolv]) 4676 AC_MSG_CHECKING([if res_query will link]) 4677 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4678#include <sys/types.h> 4679#include <netinet/in.h> 4680#include <arpa/nameser.h> 4681#include <netdb.h> 4682#include <resolv.h> 4683 ]], [[ 4684 res_query (0, 0, 0, 0, 0); 4685 ]])], 4686 AC_MSG_RESULT([yes]), 4687 [AC_MSG_RESULT([no]) 4688 saved_LIBS="$LIBS" 4689 LIBS="$LIBS -lresolv" 4690 AC_MSG_CHECKING([for res_query in -lresolv]) 4691 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4692#include <sys/types.h> 4693#include <netinet/in.h> 4694#include <arpa/nameser.h> 4695#include <netdb.h> 4696#include <resolv.h> 4697 ]], [[ 4698 res_query (0, 0, 0, 0, 0); 4699 ]])], 4700 [AC_MSG_RESULT([yes])], 4701 [LIBS="$saved_LIBS" 4702 AC_MSG_RESULT([no])]) 4703 ]) 4704 AC_CHECK_FUNCS([_getshort _getlong]) 4705 AC_CHECK_DECLS([_getshort, _getlong], , , 4706 [#include <sys/types.h> 4707 #include <arpa/nameser.h>]) 4708 AC_CHECK_MEMBER([HEADER.ad], 4709 [AC_DEFINE([HAVE_HEADER_AD], [1], 4710 [Define if HEADER.ad exists in arpa/nameser.h])], , 4711 [#include <arpa/nameser.h>]) 4712 ]) 4713 4714AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4715AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4716#include <stdio.h> 4717#if HAVE_SYS_TYPES_H 4718# include <sys/types.h> 4719#endif 4720#include <netinet/in.h> 4721#include <arpa/nameser.h> 4722#include <resolv.h> 4723extern struct __res_state _res; 4724 ]], [[ 4725struct __res_state *volatile p = &_res; /* force resolution of _res */ 4726return 0; 4727 ]],)], 4728 [AC_MSG_RESULT([yes]) 4729 AC_DEFINE([HAVE__RES_EXTERN], [1], 4730 [Define if you have struct __res_state _res as an extern]) 4731 ], 4732 [ AC_MSG_RESULT([no]) ] 4733) 4734 4735# Check whether user wants SELinux support 4736SELINUX_MSG="no" 4737LIBSELINUX="" 4738AC_ARG_WITH([selinux], 4739 [ --with-selinux Enable SELinux support], 4740 [ if test "x$withval" != "xno" ; then 4741 save_LIBS="$LIBS" 4742 AC_DEFINE([WITH_SELINUX], [1], 4743 [Define if you want SELinux support.]) 4744 SELINUX_MSG="yes" 4745 AC_CHECK_HEADER([selinux/selinux.h], , 4746 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4747 AC_CHECK_LIB([selinux], [setexeccon], 4748 [ LIBSELINUX="-lselinux" 4749 LIBS="$LIBS -lselinux" 4750 ], 4751 AC_MSG_ERROR([SELinux support requires libselinux library])) 4752 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4753 LIBS="$save_LIBS $LIBSELINUX" 4754 fi ] 4755) 4756AC_SUBST([SSHDLIBS]) 4757 4758# Check whether user wants Kerberos 5 support 4759KRB5_MSG="no" 4760AC_ARG_WITH([kerberos5], 4761 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4762 [ if test "x$withval" != "xno" ; then 4763 if test "x$withval" = "xyes" ; then 4764 KRB5ROOT="/usr/local" 4765 else 4766 KRB5ROOT=${withval} 4767 fi 4768 4769 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4770 KRB5_MSG="yes" 4771 4772 use_pkgconfig_for_krb5= 4773 if test "x$PKGCONFIG" != "xno"; then 4774 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4775 if "$PKGCONFIG" krb5; then 4776 AC_MSG_RESULT([yes]) 4777 use_pkgconfig_for_krb5=yes 4778 else 4779 AC_MSG_RESULT([no]) 4780 fi 4781 fi 4782 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4783 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4784 K5LIBS=`$PKGCONFIG --libs krb5` 4785 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4786 4787 AC_MSG_CHECKING([for gssapi support]) 4788 if "$PKGCONFIG" krb5-gssapi; then 4789 AC_MSG_RESULT([yes]) 4790 AC_DEFINE([GSSAPI], [1], 4791 [Define this if you want GSSAPI 4792 support in the version 2 protocol]) 4793 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4794 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4795 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4796 else 4797 AC_MSG_RESULT([no]) 4798 fi 4799 AC_MSG_CHECKING([whether we are using Heimdal]) 4800 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4801 ]], [[ char *tmp = heimdal_version; ]])], 4802 [ AC_MSG_RESULT([yes]) 4803 AC_DEFINE([HEIMDAL], [1], 4804 [Define this if you are using the Heimdal 4805 version of Kerberos V5]) ], 4806 [AC_MSG_RESULT([no]) 4807 ]) 4808 else 4809 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4810 [$KRB5ROOT/bin/krb5-config], 4811 [$KRB5ROOT/bin:$PATH]) 4812 if test -x $KRB5CONF ; then 4813 K5CFLAGS="`$KRB5CONF --cflags`" 4814 K5LIBS="`$KRB5CONF --libs`" 4815 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4816 4817 AC_MSG_CHECKING([for gssapi support]) 4818 if $KRB5CONF | grep gssapi >/dev/null ; then 4819 AC_MSG_RESULT([yes]) 4820 AC_DEFINE([GSSAPI], [1], 4821 [Define this if you want GSSAPI 4822 support in the version 2 protocol]) 4823 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4824 GSSLIBS="`$KRB5CONF --libs gssapi`" 4825 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4826 else 4827 AC_MSG_RESULT([no]) 4828 fi 4829 AC_MSG_CHECKING([whether we are using Heimdal]) 4830 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4831 ]], [[ char *tmp = heimdal_version; ]])], 4832 [ AC_MSG_RESULT([yes]) 4833 AC_DEFINE([HEIMDAL], [1], 4834 [Define this if you are using the Heimdal 4835 version of Kerberos V5]) ], 4836 [AC_MSG_RESULT([no]) 4837 ]) 4838 else 4839 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4840 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4841 AC_MSG_CHECKING([whether we are using Heimdal]) 4842 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4843 ]], [[ char *tmp = heimdal_version; ]])], 4844 [ AC_MSG_RESULT([yes]) 4845 AC_DEFINE([HEIMDAL]) 4846 K5LIBS="-lkrb5" 4847 K5LIBS="$K5LIBS -lcom_err -lasn1" 4848 AC_CHECK_LIB([roken], [net_write], 4849 [K5LIBS="$K5LIBS -lroken"]) 4850 AC_CHECK_LIB([des], [des_cbc_encrypt], 4851 [K5LIBS="$K5LIBS -ldes"]) 4852 ], [ AC_MSG_RESULT([no]) 4853 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4854 ]) 4855 AC_SEARCH_LIBS([dn_expand], [resolv]) 4856 4857 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4858 [ AC_DEFINE([GSSAPI]) 4859 GSSLIBS="-lgssapi_krb5" ], 4860 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4861 [ AC_DEFINE([GSSAPI]) 4862 GSSLIBS="-lgssapi" ], 4863 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4864 [ AC_DEFINE([GSSAPI]) 4865 GSSLIBS="-lgss" ], 4866 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4867 ]) 4868 ]) 4869 4870 AC_CHECK_HEADER([gssapi.h], , 4871 [ unset ac_cv_header_gssapi_h 4872 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4873 AC_CHECK_HEADERS([gssapi.h], , 4874 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4875 ) 4876 ] 4877 ) 4878 4879 oldCPP="$CPPFLAGS" 4880 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4881 AC_CHECK_HEADER([gssapi_krb5.h], , 4882 [ CPPFLAGS="$oldCPP" ]) 4883 4884 fi 4885 fi 4886 if test -n "${rpath_opt}" ; then 4887 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4888 fi 4889 if test ! -z "$blibpath" ; then 4890 blibpath="$blibpath:${KRB5ROOT}/lib" 4891 fi 4892 4893 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4894 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4895 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4896 4897 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4898 [Define this if you want to use libkafs' AFS support])]) 4899 4900 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4901#ifdef HAVE_GSSAPI_H 4902# include <gssapi.h> 4903#elif defined(HAVE_GSSAPI_GSSAPI_H) 4904# include <gssapi/gssapi.h> 4905#endif 4906 4907#ifdef HAVE_GSSAPI_GENERIC_H 4908# include <gssapi_generic.h> 4909#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4910# include <gssapi/gssapi_generic.h> 4911#endif 4912 ]]) 4913 saved_LIBS="$LIBS" 4914 LIBS="$LIBS $K5LIBS" 4915 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4916 LIBS="$saved_LIBS" 4917 4918 fi 4919 ] 4920) 4921AC_SUBST([GSSLIBS]) 4922AC_SUBST([K5LIBS]) 4923AC_SUBST([CHANNELLIBS]) 4924 4925# Looking for programs, paths and files 4926 4927PRIVSEP_PATH=/var/empty 4928AC_ARG_WITH([privsep-path], 4929 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4930 [ 4931 if test -n "$withval" && test "x$withval" != "xno" && \ 4932 test "x${withval}" != "xyes"; then 4933 PRIVSEP_PATH=$withval 4934 fi 4935 ] 4936) 4937AC_SUBST([PRIVSEP_PATH]) 4938 4939AC_ARG_WITH([xauth], 4940 [ --with-xauth=PATH Specify path to xauth program ], 4941 [ 4942 if test -n "$withval" && test "x$withval" != "xno" && \ 4943 test "x${withval}" != "xyes"; then 4944 xauth_path=$withval 4945 fi 4946 ], 4947 [ 4948 TestPath="$PATH" 4949 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4950 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4951 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4952 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4953 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4954 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4955 xauth_path="/usr/openwin/bin/xauth" 4956 fi 4957 ] 4958) 4959 4960STRIP_OPT=-s 4961AC_ARG_ENABLE([strip], 4962 [ --disable-strip Disable calling strip(1) on install], 4963 [ 4964 if test "x$enableval" = "xno" ; then 4965 STRIP_OPT= 4966 fi 4967 ] 4968) 4969AC_SUBST([STRIP_OPT]) 4970 4971if test -z "$xauth_path" ; then 4972 XAUTH_PATH="undefined" 4973 AC_SUBST([XAUTH_PATH]) 4974else 4975 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4976 [Define if xauth is found in your path]) 4977 XAUTH_PATH=$xauth_path 4978 AC_SUBST([XAUTH_PATH]) 4979fi 4980 4981dnl # --with-maildir=/path/to/mail gets top priority. 4982dnl # if maildir is set in the platform case statement above we use that. 4983dnl # Otherwise we run a program to get the dir from system headers. 4984dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4985dnl # If we find _PATH_MAILDIR we do nothing because that is what 4986dnl # session.c expects anyway. Otherwise we set to the value found 4987dnl # stripping any trailing slash. If for some strage reason our program 4988dnl # does not find what it needs, we default to /var/spool/mail. 4989# Check for mail directory 4990AC_ARG_WITH([maildir], 4991 [ --with-maildir=/path/to/mail Specify your system mail directory], 4992 [ 4993 if test "X$withval" != X && test "x$withval" != xno && \ 4994 test "x${withval}" != xyes; then 4995 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4996 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4997 fi 4998 ],[ 4999 if test "X$maildir" != "X"; then 5000 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5001 else 5002 AC_MSG_CHECKING([Discovering system mail directory]) 5003 AC_RUN_IFELSE( 5004 [AC_LANG_PROGRAM([[ 5005#include <stdio.h> 5006#include <stdlib.h> 5007#include <string.h> 5008#ifdef HAVE_PATHS_H 5009#include <paths.h> 5010#endif 5011#ifdef HAVE_MAILLOCK_H 5012#include <maillock.h> 5013#endif 5014#define DATA "conftest.maildir" 5015 ]], [[ 5016 FILE *fd; 5017 int rc; 5018 5019 fd = fopen(DATA,"w"); 5020 if(fd == NULL) 5021 exit(1); 5022 5023#if defined (_PATH_MAILDIR) 5024 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 5025 exit(1); 5026#elif defined (MAILDIR) 5027 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 5028 exit(1); 5029#elif defined (_PATH_MAIL) 5030 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 5031 exit(1); 5032#else 5033 exit (2); 5034#endif 5035 5036 exit(0); 5037 ]])], 5038 [ 5039 maildir_what=`awk -F: '{print $1}' conftest.maildir` 5040 maildir=`awk -F: '{print $2}' conftest.maildir \ 5041 | sed 's|/$||'` 5042 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 5043 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 5044 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5045 fi 5046 ], 5047 [ 5048 if test "X$ac_status" = "X2";then 5049# our test program didn't find it. Default to /var/spool/mail 5050 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5051 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5052 else 5053 AC_MSG_RESULT([*** not found ***]) 5054 fi 5055 ], 5056 [ 5057 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5058 ] 5059 ) 5060 fi 5061 ] 5062) # maildir 5063 5064if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5065 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5066 disable_ptmx_check=yes 5067fi 5068if test -z "$no_dev_ptmx" ; then 5069 if test "x$disable_ptmx_check" != "xyes" ; then 5070 AC_CHECK_FILE(["/dev/ptmx"], 5071 [ 5072 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5073 [Define if you have /dev/ptmx]) 5074 have_dev_ptmx=1 5075 ] 5076 ) 5077 fi 5078fi 5079 5080if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5081 AC_CHECK_FILE(["/dev/ptc"], 5082 [ 5083 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5084 [Define if you have /dev/ptc]) 5085 have_dev_ptc=1 5086 ] 5087 ) 5088else 5089 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5090fi 5091 5092# Options from here on. Some of these are preset by platform above 5093AC_ARG_WITH([mantype], 5094 [ --with-mantype=man|cat|doc Set man page type], 5095 [ 5096 case "$withval" in 5097 man|cat|doc) 5098 MANTYPE=$withval 5099 ;; 5100 *) 5101 AC_MSG_ERROR([invalid man type: $withval]) 5102 ;; 5103 esac 5104 ] 5105) 5106if test -z "$MANTYPE"; then 5107 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5108 MANTYPE=doc 5109 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5110 MANTYPE=doc 5111 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5112 MANTYPE=man 5113 else 5114 MANTYPE=cat 5115 fi 5116fi 5117AC_SUBST([MANTYPE]) 5118if test "$MANTYPE" = "doc"; then 5119 mansubdir=man; 5120else 5121 mansubdir=$MANTYPE; 5122fi 5123AC_SUBST([mansubdir]) 5124 5125# Whether to disable shadow password support 5126AC_ARG_WITH([shadow], 5127 [ --without-shadow Disable shadow password support], 5128 [ 5129 if test "x$withval" = "xno" ; then 5130 AC_DEFINE([DISABLE_SHADOW]) 5131 disable_shadow=yes 5132 fi 5133 ] 5134) 5135 5136if test -z "$disable_shadow" ; then 5137 AC_MSG_CHECKING([if the systems has expire shadow information]) 5138 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5139#include <sys/types.h> 5140#include <shadow.h> 5141struct spwd sp; 5142 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5143 [ sp_expire_available=yes ], [ 5144 ]) 5145 5146 if test "x$sp_expire_available" = "xyes" ; then 5147 AC_MSG_RESULT([yes]) 5148 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5149 [Define if you want to use shadow password expire field]) 5150 else 5151 AC_MSG_RESULT([no]) 5152 fi 5153fi 5154 5155# Use ip address instead of hostname in $DISPLAY 5156if test ! -z "$IPADDR_IN_DISPLAY" ; then 5157 DISPLAY_HACK_MSG="yes" 5158 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5159 [Define if you need to use IP address 5160 instead of hostname in $DISPLAY]) 5161else 5162 DISPLAY_HACK_MSG="no" 5163 AC_ARG_WITH([ipaddr-display], 5164 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5165 [ 5166 if test "x$withval" != "xno" ; then 5167 AC_DEFINE([IPADDR_IN_DISPLAY]) 5168 DISPLAY_HACK_MSG="yes" 5169 fi 5170 ] 5171 ) 5172fi 5173 5174# check for /etc/default/login and use it if present. 5175AC_ARG_ENABLE([etc-default-login], 5176 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5177 [ if test "x$enableval" = "xno"; then 5178 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5179 etc_default_login=no 5180 else 5181 etc_default_login=yes 5182 fi ], 5183 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5184 then 5185 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5186 etc_default_login=no 5187 else 5188 etc_default_login=yes 5189 fi ] 5190) 5191 5192if test "x$etc_default_login" != "xno"; then 5193 AC_CHECK_FILE(["/etc/default/login"], 5194 [ external_path_file=/etc/default/login ]) 5195 if test "x$external_path_file" = "x/etc/default/login"; then 5196 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5197 [Define if your system has /etc/default/login]) 5198 fi 5199fi 5200 5201dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5202if test $ac_cv_func_login_getcapbool = "yes" && \ 5203 test $ac_cv_header_login_cap_h = "yes" ; then 5204 external_path_file=/etc/login.conf 5205fi 5206 5207# Whether to mess with the default path 5208SERVER_PATH_MSG="(default)" 5209AC_ARG_WITH([default-path], 5210 [ --with-default-path= Specify default $PATH environment for server], 5211 [ 5212 if test "x$external_path_file" = "x/etc/login.conf" ; then 5213 AC_MSG_WARN([ 5214--with-default-path=PATH has no effect on this system. 5215Edit /etc/login.conf instead.]) 5216 elif test "x$withval" != "xno" ; then 5217 if test ! -z "$external_path_file" ; then 5218 AC_MSG_WARN([ 5219--with-default-path=PATH will only be used if PATH is not defined in 5220$external_path_file .]) 5221 fi 5222 user_path="$withval" 5223 SERVER_PATH_MSG="$withval" 5224 fi 5225 ], 5226 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5227 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5228 else 5229 if test ! -z "$external_path_file" ; then 5230 AC_MSG_WARN([ 5231If PATH is defined in $external_path_file, ensure the path to scp is included, 5232otherwise scp will not work.]) 5233 fi 5234 AC_RUN_IFELSE( 5235 [AC_LANG_PROGRAM([[ 5236/* find out what STDPATH is */ 5237#include <stdio.h> 5238#include <stdlib.h> 5239#ifdef HAVE_PATHS_H 5240# include <paths.h> 5241#endif 5242#ifndef _PATH_STDPATH 5243# ifdef _PATH_USERPATH /* Irix */ 5244# define _PATH_STDPATH _PATH_USERPATH 5245# else 5246# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5247# endif 5248#endif 5249#include <sys/types.h> 5250#include <sys/stat.h> 5251#include <fcntl.h> 5252#define DATA "conftest.stdpath" 5253 ]], [[ 5254 FILE *fd; 5255 int rc; 5256 5257 fd = fopen(DATA,"w"); 5258 if(fd == NULL) 5259 exit(1); 5260 5261 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5262 exit(1); 5263 5264 exit(0); 5265 ]])], 5266 [ user_path=`cat conftest.stdpath` ], 5267 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5268 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5269 ) 5270# make sure $bindir is in USER_PATH so scp will work 5271 t_bindir="${bindir}" 5272 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5273 t_bindir=`eval echo ${t_bindir}` 5274 case $t_bindir in 5275 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5276 esac 5277 case $t_bindir in 5278 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5279 esac 5280 done 5281 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5282 if test $? -ne 0 ; then 5283 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5284 if test $? -ne 0 ; then 5285 user_path=$user_path:$t_bindir 5286 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5287 fi 5288 fi 5289 fi ] 5290) 5291if test "x$external_path_file" != "x/etc/login.conf" ; then 5292 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5293 AC_SUBST([user_path]) 5294fi 5295 5296# Set superuser path separately to user path 5297AC_ARG_WITH([superuser-path], 5298 [ --with-superuser-path= Specify different path for super-user], 5299 [ 5300 if test -n "$withval" && test "x$withval" != "xno" && \ 5301 test "x${withval}" != "xyes"; then 5302 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5303 [Define if you want a different $PATH 5304 for the superuser]) 5305 superuser_path=$withval 5306 fi 5307 ] 5308) 5309 5310 5311AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5312IPV4_IN6_HACK_MSG="no" 5313AC_ARG_WITH(4in6, 5314 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5315 [ 5316 if test "x$withval" != "xno" ; then 5317 AC_MSG_RESULT([yes]) 5318 AC_DEFINE([IPV4_IN_IPV6], [1], 5319 [Detect IPv4 in IPv6 mapped addresses 5320 and treat as IPv4]) 5321 IPV4_IN6_HACK_MSG="yes" 5322 else 5323 AC_MSG_RESULT([no]) 5324 fi 5325 ], [ 5326 if test "x$inet6_default_4in6" = "xyes"; then 5327 AC_MSG_RESULT([yes (default)]) 5328 AC_DEFINE([IPV4_IN_IPV6]) 5329 IPV4_IN6_HACK_MSG="yes" 5330 else 5331 AC_MSG_RESULT([no (default)]) 5332 fi 5333 ] 5334) 5335 5336# Whether to enable BSD auth support 5337BSD_AUTH_MSG=no 5338AC_ARG_WITH([bsd-auth], 5339 [ --with-bsd-auth Enable BSD auth support], 5340 [ 5341 if test "x$withval" != "xno" ; then 5342 AC_DEFINE([BSD_AUTH], [1], 5343 [Define if you have BSD auth support]) 5344 BSD_AUTH_MSG=yes 5345 fi 5346 ] 5347) 5348 5349# Where to place sshd.pid 5350piddir=/var/run 5351# make sure the directory exists 5352if test ! -d $piddir ; then 5353 piddir=`eval echo ${sysconfdir}` 5354 case $piddir in 5355 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5356 esac 5357fi 5358 5359AC_ARG_WITH([pid-dir], 5360 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5361 [ 5362 if test -n "$withval" && test "x$withval" != "xno" && \ 5363 test "x${withval}" != "xyes"; then 5364 piddir=$withval 5365 if test ! -d $piddir ; then 5366 AC_MSG_WARN([** no $piddir directory on this system **]) 5367 fi 5368 fi 5369 ] 5370) 5371 5372AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5373 [Specify location of ssh.pid]) 5374AC_SUBST([piddir]) 5375 5376 5377AC_ARG_ENABLE([fd-passing], 5378 [ --disable-fd-passing disable file descriptor passsing [no]], 5379 [ 5380 if test "x$enableval" = "xno" ; then 5381 AC_DEFINE([DISABLE_FD_PASSING]) 5382 fi 5383 ] 5384) 5385 5386dnl allow user to disable some login recording features 5387AC_ARG_ENABLE([lastlog], 5388 [ --disable-lastlog disable use of lastlog even if detected [no]], 5389 [ 5390 if test "x$enableval" = "xno" ; then 5391 AC_DEFINE([DISABLE_LASTLOG]) 5392 fi 5393 ] 5394) 5395AC_ARG_ENABLE([utmp], 5396 [ --disable-utmp disable use of utmp even if detected [no]], 5397 [ 5398 if test "x$enableval" = "xno" ; then 5399 AC_DEFINE([DISABLE_UTMP]) 5400 fi 5401 ] 5402) 5403AC_ARG_ENABLE([utmpx], 5404 [ --disable-utmpx disable use of utmpx even if detected [no]], 5405 [ 5406 if test "x$enableval" = "xno" ; then 5407 AC_DEFINE([DISABLE_UTMPX], [1], 5408 [Define if you don't want to use utmpx]) 5409 fi 5410 ] 5411) 5412AC_ARG_ENABLE([wtmp], 5413 [ --disable-wtmp disable use of wtmp even if detected [no]], 5414 [ 5415 if test "x$enableval" = "xno" ; then 5416 AC_DEFINE([DISABLE_WTMP]) 5417 fi 5418 ] 5419) 5420AC_ARG_ENABLE([wtmpx], 5421 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5422 [ 5423 if test "x$enableval" = "xno" ; then 5424 AC_DEFINE([DISABLE_WTMPX], [1], 5425 [Define if you don't want to use wtmpx]) 5426 fi 5427 ] 5428) 5429AC_ARG_ENABLE([libutil], 5430 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5431 [ 5432 if test "x$enableval" = "xno" ; then 5433 AC_DEFINE([DISABLE_LOGIN]) 5434 fi 5435 ] 5436) 5437AC_ARG_ENABLE([pututline], 5438 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5439 [ 5440 if test "x$enableval" = "xno" ; then 5441 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5442 [Define if you don't want to use pututline() 5443 etc. to write [uw]tmp]) 5444 fi 5445 ] 5446) 5447AC_ARG_ENABLE([pututxline], 5448 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5449 [ 5450 if test "x$enableval" = "xno" ; then 5451 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5452 [Define if you don't want to use pututxline() 5453 etc. to write [uw]tmpx]) 5454 fi 5455 ] 5456) 5457AC_ARG_WITH([lastlog], 5458 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5459 [ 5460 if test "x$withval" = "xno" ; then 5461 AC_DEFINE([DISABLE_LASTLOG]) 5462 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5463 conf_lastlog_location=$withval 5464 fi 5465 ] 5466) 5467 5468dnl lastlog, [uw]tmpx? detection 5469dnl NOTE: set the paths in the platform section to avoid the 5470dnl need for command-line parameters 5471dnl lastlog and [uw]tmp are subject to a file search if all else fails 5472 5473dnl lastlog detection 5474dnl NOTE: the code itself will detect if lastlog is a directory 5475AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5476AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5477#include <sys/types.h> 5478#include <utmp.h> 5479#ifdef HAVE_LASTLOG_H 5480# include <lastlog.h> 5481#endif 5482#ifdef HAVE_PATHS_H 5483# include <paths.h> 5484#endif 5485#ifdef HAVE_LOGIN_H 5486# include <login.h> 5487#endif 5488 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5489 [ AC_MSG_RESULT([yes]) ], 5490 [ 5491 AC_MSG_RESULT([no]) 5492 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5493 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5494#include <sys/types.h> 5495#include <utmp.h> 5496#ifdef HAVE_LASTLOG_H 5497# include <lastlog.h> 5498#endif 5499#ifdef HAVE_PATHS_H 5500# include <paths.h> 5501#endif 5502 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5503 [ AC_MSG_RESULT([yes]) ], 5504 [ 5505 AC_MSG_RESULT([no]) 5506 system_lastlog_path=no 5507 ]) 5508]) 5509 5510if test -z "$conf_lastlog_location"; then 5511 if test x"$system_lastlog_path" = x"no" ; then 5512 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5513 if (test -d "$f" || test -f "$f") ; then 5514 conf_lastlog_location=$f 5515 fi 5516 done 5517 if test -z "$conf_lastlog_location"; then 5518 AC_MSG_WARN([** Cannot find lastlog **]) 5519 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5520 fi 5521 fi 5522fi 5523 5524if test -n "$conf_lastlog_location"; then 5525 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5526 [Define if you want to specify the path to your lastlog file]) 5527fi 5528 5529dnl utmp detection 5530AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5531AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5532#include <sys/types.h> 5533#include <utmp.h> 5534#ifdef HAVE_PATHS_H 5535# include <paths.h> 5536#endif 5537 ]], [[ char *utmp = UTMP_FILE; ]])], 5538 [ AC_MSG_RESULT([yes]) ], 5539 [ AC_MSG_RESULT([no]) 5540 system_utmp_path=no 5541]) 5542if test -z "$conf_utmp_location"; then 5543 if test x"$system_utmp_path" = x"no" ; then 5544 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5545 if test -f $f ; then 5546 conf_utmp_location=$f 5547 fi 5548 done 5549 if test -z "$conf_utmp_location"; then 5550 AC_DEFINE([DISABLE_UTMP]) 5551 fi 5552 fi 5553fi 5554if test -n "$conf_utmp_location"; then 5555 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5556 [Define if you want to specify the path to your utmp file]) 5557fi 5558 5559dnl wtmp detection 5560AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5561AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5562#include <sys/types.h> 5563#include <utmp.h> 5564#ifdef HAVE_PATHS_H 5565# include <paths.h> 5566#endif 5567 ]], [[ char *wtmp = WTMP_FILE; ]])], 5568 [ AC_MSG_RESULT([yes]) ], 5569 [ AC_MSG_RESULT([no]) 5570 system_wtmp_path=no 5571]) 5572if test -z "$conf_wtmp_location"; then 5573 if test x"$system_wtmp_path" = x"no" ; then 5574 for f in /usr/adm/wtmp /var/log/wtmp; do 5575 if test -f $f ; then 5576 conf_wtmp_location=$f 5577 fi 5578 done 5579 if test -z "$conf_wtmp_location"; then 5580 AC_DEFINE([DISABLE_WTMP]) 5581 fi 5582 fi 5583fi 5584if test -n "$conf_wtmp_location"; then 5585 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5586 [Define if you want to specify the path to your wtmp file]) 5587fi 5588 5589dnl wtmpx detection 5590AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5591AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5592#include <sys/types.h> 5593#include <utmp.h> 5594#ifdef HAVE_UTMPX_H 5595#include <utmpx.h> 5596#endif 5597#ifdef HAVE_PATHS_H 5598# include <paths.h> 5599#endif 5600 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5601 [ AC_MSG_RESULT([yes]) ], 5602 [ AC_MSG_RESULT([no]) 5603 system_wtmpx_path=no 5604]) 5605if test -z "$conf_wtmpx_location"; then 5606 if test x"$system_wtmpx_path" = x"no" ; then 5607 AC_DEFINE([DISABLE_WTMPX]) 5608 fi 5609else 5610 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5611 [Define if you want to specify the path to your wtmpx file]) 5612fi 5613 5614 5615if test ! -z "$blibpath" ; then 5616 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5617 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5618fi 5619 5620AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5621 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5622 AC_DEFINE([DISABLE_LASTLOG]) 5623 fi 5624 ], [ 5625#ifdef HAVE_SYS_TYPES_H 5626#include <sys/types.h> 5627#endif 5628#ifdef HAVE_UTMP_H 5629#include <utmp.h> 5630#endif 5631#ifdef HAVE_UTMPX_H 5632#include <utmpx.h> 5633#endif 5634#ifdef HAVE_LASTLOG_H 5635#include <lastlog.h> 5636#endif 5637 ]) 5638 5639AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5640 AC_DEFINE([DISABLE_UTMP]) 5641 AC_DEFINE([DISABLE_WTMP]) 5642 ], [ 5643#ifdef HAVE_SYS_TYPES_H 5644#include <sys/types.h> 5645#endif 5646#ifdef HAVE_UTMP_H 5647#include <utmp.h> 5648#endif 5649#ifdef HAVE_UTMPX_H 5650#include <utmpx.h> 5651#endif 5652#ifdef HAVE_LASTLOG_H 5653#include <lastlog.h> 5654#endif 5655 ]) 5656 5657dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5658dnl Add now. 5659CFLAGS="$CFLAGS $werror_flags" 5660 5661if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5662 TEST_SSH_IPV6=no 5663else 5664 TEST_SSH_IPV6=yes 5665fi 5666AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5667AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5668AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5669AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5670AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5671AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5672 5673# Binaries for interop tests. 5674AC_PATH_PROG([PLINK], [plink]) 5675AC_PATH_PROG([PUTTYGEN], [puttygen]) 5676AC_PATH_PROG([CONCH], [conch]) 5677AC_PATH_PROG([DROPBEAR], [dropbear]) 5678AC_PATH_PROG([DBCLIENT], [dbclient]) 5679AC_PATH_PROG([DROPBEARKEY], [dropbearkey]) 5680AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert]) 5681 5682CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5683LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5684 5685# Make a copy of CFLAGS/LDFLAGS without PIE options. 5686LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5687CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5688AC_SUBST([LDFLAGS_NOPIE]) 5689AC_SUBST([CFLAGS_NOPIE]) 5690 5691AC_EXEEXT 5692AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5693 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5694 survey.sh]) 5695AC_OUTPUT 5696 5697# Print summary of options 5698 5699# Someone please show me a better way :) 5700A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5701B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5702C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5703D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5704E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5705F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5706G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5707H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5708I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5709J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5710 5711echo "" 5712echo "OpenSSH has been configured with the following options:" 5713echo " User binaries: $B" 5714echo " System binaries: $C" 5715echo " Configuration files: $D" 5716echo " Askpass program: $E" 5717echo " Manual pages: $F" 5718echo " PID file: $G" 5719echo " Privilege separation chroot path: $H" 5720if test "x$external_path_file" = "x/etc/login.conf" ; then 5721echo " At runtime, sshd will use the path defined in $external_path_file" 5722echo " Make sure the path to scp is present, otherwise scp will not work" 5723else 5724echo " sshd default user PATH: $I" 5725 if test ! -z "$external_path_file"; then 5726echo " (If PATH is set in $external_path_file it will be used instead. If" 5727echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5728 fi 5729fi 5730if test ! -z "$superuser_path" ; then 5731echo " sshd superuser user PATH: $J" 5732fi 5733echo " Manpage format: $MANTYPE" 5734echo " PAM support: $PAM_MSG" 5735echo " OSF SIA support: $SIA_MSG" 5736echo " KerberosV support: $KRB5_MSG" 5737echo " SELinux support: $SELINUX_MSG" 5738echo " TCP Wrappers support: $TCPW_MSG" 5739echo " libedit support: $LIBEDIT_MSG" 5740echo " libldns support: $LDNS_MSG" 5741echo " Solaris process contract support: $SPC_MSG" 5742echo " Solaris project support: $SP_MSG" 5743echo " Solaris privilege support: $SPP_MSG" 5744echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5745echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5746echo " BSD Auth support: $BSD_AUTH_MSG" 5747echo " Random number source: $RAND_MSG" 5748echo " Privsep sandbox style: $SANDBOX_STYLE" 5749echo " PKCS#11 support: $enable_pkcs11" 5750echo " U2F/FIDO support: $enable_sk" 5751 5752echo "" 5753 5754echo " Host: ${host}" 5755echo " Compiler: ${CC}" 5756echo " Compiler flags: ${CFLAGS}" 5757echo "Preprocessor flags: ${CPPFLAGS}" 5758echo " Linker flags: ${LDFLAGS}" 5759echo " Libraries: ${LIBS}" 5760if test ! -z "${CHANNELLIBS}"; then 5761echo " +for channels: ${CHANNELLIBS}" 5762fi 5763if test ! -z "${LIBFIDO2}"; then 5764echo " +for FIDO2: ${LIBFIDO2}" 5765fi 5766if test ! -z "${SSHDLIBS}"; then 5767echo " +for sshd: ${SSHDLIBS}" 5768fi 5769 5770echo "" 5771 5772if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5773 echo "SVR4 style packages are supported with \"make package\"" 5774 echo "" 5775fi 5776 5777if test "x$PAM_MSG" = "xyes" ; then 5778 echo "PAM is enabled. You may need to install a PAM control file " 5779 echo "for sshd, otherwise password authentication may fail. " 5780 echo "Example PAM control files can be found in the contrib/ " 5781 echo "subdirectory" 5782 echo "" 5783fi 5784 5785if test ! -z "$NO_PEERCHECK" ; then 5786 echo "WARNING: the operating system that you are using does not" 5787 echo "appear to support getpeereid(), getpeerucred() or the" 5788 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5789 echo "enforce security checks to prevent unauthorised connections to" 5790 echo "ssh-agent. Their absence increases the risk that a malicious" 5791 echo "user can connect to your agent." 5792 echo "" 5793fi 5794 5795if test "$AUDIT_MODULE" = "bsm" ; then 5796 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5797 echo "See the Solaris section in README.platform for details." 5798fi 5799