1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133openssl_bin=openssl 134AC_ARG_WITH([openssl], 135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 136 [ if test "x$withval" = "xno" ; then 137 openssl=no 138 openssl_bin="" 139 fi 140 ] 141) 142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 143if test "x$openssl" = "xyes" ; then 144 AC_MSG_RESULT([yes]) 145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 146else 147 AC_MSG_RESULT([no]) 148fi 149 150use_stack_protector=1 151use_toolchain_hardening=1 152use_retpoline=1 153AC_ARG_WITH([stackprotect], 154 [ --without-stackprotect Don't use compiler's stack protection], [ 155 if test "x$withval" = "xno"; then 156 use_stack_protector=0 157 fi ]) 158AC_ARG_WITH([hardening], 159 [ --without-hardening Don't use toolchain hardening flags], [ 160 if test "x$withval" = "xno"; then 161 use_toolchain_hardening=0 162 fi ]) 163AC_ARG_WITH([retpoline], 164 [ --without-retpoline Enable retpoline spectre mitigation], [ 165 if test "x$withval" = "xno"; then 166 use_retpoline=0 167 fi ]) 168 169# We use -Werror for the tests only so that we catch warnings like "this is 170# on by default" for things like -fPIE. 171AC_MSG_CHECKING([if $CC supports -Werror]) 172saved_CFLAGS="$CFLAGS" 173CFLAGS="$CFLAGS -Werror" 174AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 175 [ AC_MSG_RESULT([yes]) 176 WERROR="-Werror"], 177 [ AC_MSG_RESULT([no]) 178 WERROR="" ] 179) 180CFLAGS="$saved_CFLAGS" 181 182if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 183 AC_MSG_CHECKING([gcc version]) 184 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 185 case "$GCC_VER" in 186 1.*) no_attrib_nonnull=1 ;; 187 2.8* | 2.9*) 188 no_attrib_nonnull=1 189 ;; 190 2.*) no_attrib_nonnull=1 ;; 191 *) ;; 192 esac 193 AC_MSG_RESULT([$GCC_VER]) 194 195 AC_MSG_CHECKING([clang version]) 196 ver="`$CC -v 2>&1`" 197 if echo "$ver" | grep "Apple" >/dev/null; then 198 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \ 199 $SED 's/.*clang version //g' | $AWK '{print $1}'` 200 else 201 CLANG_VER=`echo "$ver" | grep 'clang version' | \ 202 $SED 's/.*clang version //g' | $AWK '{print $1}'` 203 fi 204 AC_MSG_RESULT([$CLANG_VER]) 205 206 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 209 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 210 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 211 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 212 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 213 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 214 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 215 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 216 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 217 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 218 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 219 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 220 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 221 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 222 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 223 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 224 if test "x$use_toolchain_hardening" = "x1"; then 225 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 226 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 227 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 228 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 229 # NB. -ftrapv expects certain support functions to be present in 230 # the compiler library (libgcc or similar) to detect integer operations 231 # that can overflow. We must check that the result of enabling it 232 # actually links. The test program compiled/linked includes a number 233 # of integer operations that should exercise this. 234 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 235 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 236 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 237 # https://github.com/llvm/llvm-project/issues/59242 238 # clang 17 has a different bug that causes an ICE when using this 239 # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) 240 case "$CLANG_VER" in 241 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 242 17*) ;; 243 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 244 esac 245 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 246 fi 247 if test "x$use_retpoline" = "x1"; then 248 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 249 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 250 fi 251 252 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 253 saved_CFLAGS="$CFLAGS" 254 CFLAGS="$CFLAGS -fno-builtin-memset" 255 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 256 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 257 [ AC_MSG_RESULT([yes]) ], 258 [ AC_MSG_RESULT([no]) 259 CFLAGS="$saved_CFLAGS" ] 260 ) 261 262 # -fstack-protector-all doesn't always work for some GCC versions 263 # and/or platforms, so we test if we can. If it's not supported 264 # on a given platform gcc will emit a warning so we use -Werror. 265 if test "x$use_stack_protector" = "x1"; then 266 for t in -fstack-protector-strong -fstack-protector-all \ 267 -fstack-protector; do 268 AC_MSG_CHECKING([if $CC supports $t]) 269 saved_CFLAGS="$CFLAGS" 270 saved_LDFLAGS="$LDFLAGS" 271 CFLAGS="$CFLAGS $t -Werror" 272 LDFLAGS="$LDFLAGS $t -Werror" 273 AC_LINK_IFELSE( 274 [AC_LANG_PROGRAM([[ 275 #include <stdio.h> 276 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 277 ]], 278 [[ 279 char x[256]; 280 snprintf(x, sizeof(x), "XXX%d", func(1)); 281 ]])], 282 [ AC_MSG_RESULT([yes]) 283 CFLAGS="$saved_CFLAGS $t" 284 LDFLAGS="$saved_LDFLAGS $t" 285 AC_MSG_CHECKING([if $t works]) 286 AC_RUN_IFELSE( 287 [AC_LANG_PROGRAM([[ 288 #include <stdio.h> 289 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 290 ]], 291 [[ 292 char x[256]; 293 snprintf(x, sizeof(x), "XXX%d", func(1)); 294 ]])], 295 [ AC_MSG_RESULT([yes]) 296 break ], 297 [ AC_MSG_RESULT([no]) ], 298 [ AC_MSG_WARN([cross compiling: cannot test]) 299 break ] 300 ) 301 ], 302 [ AC_MSG_RESULT([no]) ] 303 ) 304 CFLAGS="$saved_CFLAGS" 305 LDFLAGS="$saved_LDFLAGS" 306 done 307 fi 308 309 if test -z "$have_llong_max"; then 310 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 311 unset ac_cv_have_decl_LLONG_MAX 312 saved_CFLAGS="$CFLAGS" 313 CFLAGS="$CFLAGS -std=gnu99" 314 AC_CHECK_DECL([LLONG_MAX], 315 [have_llong_max=1], 316 [CFLAGS="$saved_CFLAGS"], 317 [#include <limits.h>] 318 ) 319 fi 320fi 321 322AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 323AC_COMPILE_IFELSE( 324 [AC_LANG_PROGRAM([[ 325#include <stdlib.h> 326__attribute__((__unused__)) static void foo(void){return;}]], 327 [[ exit(0); ]])], 328 [ AC_MSG_RESULT([yes]) ], 329 [ AC_MSG_RESULT([no]) 330 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 331 [compiler does not accept __attribute__ on return types]) ] 332) 333 334AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 335AC_COMPILE_IFELSE( 336 [AC_LANG_PROGRAM([[ 337#include <stdlib.h> 338typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 339 [[ exit(0); ]])], 340 [ AC_MSG_RESULT([yes]) ], 341 [ AC_MSG_RESULT([no]) 342 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 343 [compiler does not accept __attribute__ on prototype args]) ] 344) 345 346AC_MSG_CHECKING([if compiler supports variable length arrays]) 347AC_COMPILE_IFELSE( 348 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 349 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 350 [ AC_MSG_RESULT([yes]) 351 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 352 [compiler supports variable length arrays]) ], 353 [ AC_MSG_RESULT([no]) ] 354) 355 356AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 357AC_COMPILE_IFELSE( 358 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 359 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 360 [ AC_MSG_RESULT([yes]) 361 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 362 [compiler variable declarations after code]) ], 363 [ AC_MSG_RESULT([no]) ] 364) 365 366if test "x$no_attrib_nonnull" != "x1" ; then 367 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 368fi 369 370AC_ARG_WITH([rpath], 371 [ --without-rpath Disable auto-added -R linker paths], 372 [ 373 if test "x$withval" = "xno" ; then 374 rpath_opt="" 375 elif test "x$withval" = "xyes" ; then 376 rpath_opt="-R" 377 else 378 rpath_opt="$withval" 379 fi 380 ] 381) 382 383# Allow user to specify flags 384AC_ARG_WITH([cflags], 385 [ --with-cflags Specify additional flags to pass to compiler], 386 [ 387 if test -n "$withval" && test "x$withval" != "xno" && \ 388 test "x${withval}" != "xyes"; then 389 CFLAGS="$CFLAGS $withval" 390 fi 391 ] 392) 393 394AC_ARG_WITH([cflags-after], 395 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 396 [ 397 if test -n "$withval" && test "x$withval" != "xno" && \ 398 test "x${withval}" != "xyes"; then 399 CFLAGS_AFTER="$withval" 400 fi 401 ] 402) 403AC_ARG_WITH([cppflags], 404 [ --with-cppflags Specify additional flags to pass to preprocessor] , 405 [ 406 if test -n "$withval" && test "x$withval" != "xno" && \ 407 test "x${withval}" != "xyes"; then 408 CPPFLAGS="$CPPFLAGS $withval" 409 fi 410 ] 411) 412AC_ARG_WITH([ldflags], 413 [ --with-ldflags Specify additional flags to pass to linker], 414 [ 415 if test -n "$withval" && test "x$withval" != "xno" && \ 416 test "x${withval}" != "xyes"; then 417 LDFLAGS="$LDFLAGS $withval" 418 fi 419 ] 420) 421AC_ARG_WITH([ldflags-after], 422 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 423 [ 424 if test -n "$withval" && test "x$withval" != "xno" && \ 425 test "x${withval}" != "xyes"; then 426 LDFLAGS_AFTER="$withval" 427 fi 428 ] 429) 430AC_ARG_WITH([libs], 431 [ --with-libs Specify additional libraries to link with], 432 [ 433 if test -n "$withval" && test "x$withval" != "xno" && \ 434 test "x${withval}" != "xyes"; then 435 LIBS="$LIBS $withval" 436 fi 437 ] 438) 439AC_ARG_WITH([Werror], 440 [ --with-Werror Build main code with -Werror], 441 [ 442 if test -n "$withval" && test "x$withval" != "xno"; then 443 werror_flags="-Werror" 444 if test "x${withval}" != "xyes"; then 445 werror_flags="$withval" 446 fi 447 fi 448 ] 449) 450 451dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 452dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 453dnl haven't detected it, recheck. 454if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 455 unset ac_cv_header_sys_stat_h 456 AC_CHECK_HEADERS([sys/stat.h]) 457fi 458 459AC_CHECK_HEADERS([ \ 460 blf.h \ 461 bstring.h \ 462 crypt.h \ 463 crypto/sha2.h \ 464 dirent.h \ 465 endian.h \ 466 elf.h \ 467 err.h \ 468 features.h \ 469 fcntl.h \ 470 floatingpoint.h \ 471 fnmatch.h \ 472 getopt.h \ 473 glob.h \ 474 ia.h \ 475 iaf.h \ 476 ifaddrs.h \ 477 inttypes.h \ 478 langinfo.h \ 479 limits.h \ 480 locale.h \ 481 login.h \ 482 maillock.h \ 483 ndir.h \ 484 net/if_tun.h \ 485 netdb.h \ 486 netgroup.h \ 487 pam/pam_appl.h \ 488 paths.h \ 489 poll.h \ 490 pty.h \ 491 readpassphrase.h \ 492 rpc/types.h \ 493 security/pam_appl.h \ 494 sha2.h \ 495 shadow.h \ 496 stddef.h \ 497 stdint.h \ 498 string.h \ 499 strings.h \ 500 sys/bitypes.h \ 501 sys/byteorder.h \ 502 sys/bsdtty.h \ 503 sys/cdefs.h \ 504 sys/dir.h \ 505 sys/file.h \ 506 sys/mman.h \ 507 sys/label.h \ 508 sys/ndir.h \ 509 sys/param.h \ 510 sys/poll.h \ 511 sys/prctl.h \ 512 sys/procctl.h \ 513 sys/pstat.h \ 514 sys/ptrace.h \ 515 sys/random.h \ 516 sys/select.h \ 517 sys/stream.h \ 518 sys/stropts.h \ 519 sys/strtio.h \ 520 sys/statvfs.h \ 521 sys/sysmacros.h \ 522 sys/time.h \ 523 sys/timers.h \ 524 sys/vfs.h \ 525 time.h \ 526 tmpdir.h \ 527 ttyent.h \ 528 ucred.h \ 529 unistd.h \ 530 usersec.h \ 531 util.h \ 532 utime.h \ 533 utmp.h \ 534 utmpx.h \ 535 vis.h \ 536 wchar.h \ 537]) 538 539# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 540# to be included first. 541AC_CHECK_HEADERS([sys/audit.h], [], [], [ 542#ifdef HAVE_SYS_TIME_H 543# include <sys/time.h> 544#endif 545#ifdef HAVE_SYS_TYPES_H 546# include <sys/types.h> 547#endif 548#ifdef HAVE_SYS_LABEL_H 549# include <sys/label.h> 550#endif 551]) 552 553# sys/capsicum.h requires sys/types.h 554AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 555#ifdef HAVE_SYS_TYPES_H 556# include <sys/types.h> 557#endif 558]) 559 560AC_MSG_CHECKING([for caph_cache_tzdata]) 561AC_LINK_IFELSE( 562 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 563 [[caph_cache_tzdata();]])], 564 [ 565 AC_MSG_RESULT([yes]) 566 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 567 [Define if you have caph_cache_tzdata]) 568 ], 569 [ AC_MSG_RESULT([no]) ] 570) 571 572# net/route.h requires sys/socket.h and sys/types.h. 573# sys/sysctl.h also requires sys/param.h 574AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 575#ifdef HAVE_SYS_TYPES_H 576# include <sys/types.h> 577#endif 578#include <sys/param.h> 579#include <sys/socket.h> 580]) 581 582# lastlog.h requires sys/time.h to be included first on Solaris 583AC_CHECK_HEADERS([lastlog.h], [], [], [ 584#ifdef HAVE_SYS_TIME_H 585# include <sys/time.h> 586#endif 587]) 588 589# sys/ptms.h requires sys/stream.h to be included first on Solaris 590AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 591#ifdef HAVE_SYS_STREAM_H 592# include <sys/stream.h> 593#endif 594]) 595 596# login_cap.h requires sys/types.h on NetBSD 597AC_CHECK_HEADERS([login_cap.h], [], [], [ 598#include <sys/types.h> 599]) 600 601# older BSDs need sys/param.h before sys/mount.h 602AC_CHECK_HEADERS([sys/mount.h], [], [], [ 603#include <sys/param.h> 604]) 605 606# Android requires sys/socket.h to be included before sys/un.h 607AC_CHECK_HEADERS([sys/un.h], [], [], [ 608#include <sys/types.h> 609#include <sys/socket.h> 610]) 611 612# Messages for features tested for in target-specific section 613SIA_MSG="no" 614SPC_MSG="no" 615SP_MSG="no" 616SPP_MSG="no" 617 618# Support for Solaris/Illumos privileges (this test is used by both 619# the --with-solaris-privs option and --with-sandbox=solaris). 620SOLARIS_PRIVS="no" 621 622# Check for some target-specific stuff 623case "$host" in 624*-*-aix*) 625 # Some versions of VAC won't allow macro redefinitions at 626 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 627 # particularly with older versions of vac or xlc. 628 # It also throws errors about null macro arguments, but these are 629 # not fatal. 630 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 631 AC_COMPILE_IFELSE( 632 [AC_LANG_PROGRAM([[ 633#define testmacro foo 634#define testmacro bar]], 635 [[ exit(0); ]])], 636 [ AC_MSG_RESULT([yes]) ], 637 [ AC_MSG_RESULT([no]) 638 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 639 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 640 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 641 ] 642 ) 643 644 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 645 if (test -z "$blibpath"); then 646 blibpath="/usr/lib:/lib" 647 fi 648 saved_LDFLAGS="$LDFLAGS" 649 if test "$GCC" = "yes"; then 650 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 651 else 652 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 653 fi 654 for tryflags in $flags ;do 655 if (test -z "$blibflags"); then 656 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 657 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 658 [blibflags=$tryflags], []) 659 fi 660 done 661 if (test -z "$blibflags"); then 662 AC_MSG_RESULT([not found]) 663 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 664 else 665 AC_MSG_RESULT([$blibflags]) 666 fi 667 LDFLAGS="$saved_LDFLAGS" 668 dnl Check for authenticate. Might be in libs.a on older AIXes 669 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 670 [Define if you want to enable AIX4's authenticate function])], 671 [AC_CHECK_LIB([s], [authenticate], 672 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 673 LIBS="$LIBS -ls" 674 ]) 675 ]) 676 dnl Check for various auth function declarations in headers. 677 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 678 passwdexpired, setauthdb], , , [#include <usersec.h>]) 679 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 680 AC_CHECK_DECLS([loginfailed], 681 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 682 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 683 [[ (void)loginfailed("user","host","tty",0); ]])], 684 [AC_MSG_RESULT([yes]) 685 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 686 [Define if your AIX loginfailed() function 687 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 688 ])], 689 [], 690 [#include <usersec.h>] 691 ) 692 AC_CHECK_FUNCS([getgrset setauthdb]) 693 AC_CHECK_DECL([F_CLOSEM], 694 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 695 [], 696 [ #include <limits.h> 697 #include <fcntl.h> ] 698 ) 699 check_for_aix_broken_getaddrinfo=1 700 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 701 [Define if your platform breaks doing a seteuid before a setuid]) 702 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 703 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 704 dnl AIX handles lastlog as part of its login message 705 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 706 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 707 [Some systems need a utmpx entry for /bin/login to work]) 708 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 709 [Define to a Set Process Title type if your system is 710 supported by bsd-setproctitle.c]) 711 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 712 [AIX 5.2 and 5.3 (and presumably newer) require this]) 713 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 714 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 715 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 716 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 717 ;; 718*-*-android*) 719 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 720 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 721 ;; 722*-*-cygwin*) 723 LIBS="$LIBS /usr/lib/textreadmode.o" 724 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 725 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 726 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 727 [Define to disable UID restoration test]) 728 AC_DEFINE([DISABLE_SHADOW], [1], 729 [Define if you want to disable shadow passwords]) 730 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 731 [Define if X11 doesn't support AF_UNIX sockets on that system]) 732 AC_DEFINE([DISABLE_FD_PASSING], [1], 733 [Define if your platform needs to skip post auth 734 file descriptor passing]) 735 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 736 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 737 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 738 # reasons which cause compile warnings, so we disable those warnings. 739 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 740 ;; 741*-*-dgux*) 742 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 743 [Define if your system choked on IP TOS setting]) 744 AC_DEFINE([SETEUID_BREAKS_SETUID]) 745 AC_DEFINE([BROKEN_SETREUID]) 746 AC_DEFINE([BROKEN_SETREGID]) 747 ;; 748*-*-darwin*) 749 use_pie=auto 750 AC_MSG_CHECKING([if we have working getaddrinfo]) 751 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 752#include <mach-o/dyld.h> 753#include <stdlib.h> 754int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 755 exit(0); 756 else 757 exit(1); 758} 759 ]])], 760 [AC_MSG_RESULT([working])], 761 [AC_MSG_RESULT([buggy]) 762 AC_DEFINE([BROKEN_GETADDRINFO], [1], 763 [getaddrinfo is broken (if present)]) 764 ], 765 [AC_MSG_RESULT([assume it is working])]) 766 AC_DEFINE([SETEUID_BREAKS_SETUID]) 767 AC_DEFINE([BROKEN_SETREUID]) 768 AC_DEFINE([BROKEN_SETREGID]) 769 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 770 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 771 [Define if your resolver libs need this for getrrsetbyname]) 772 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 773 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 774 [Use tunnel device compatibility to OpenBSD]) 775 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 776 [Prepend the address family to IP tunnel traffic]) 777 m4_pattern_allow([AU_IPv]) 778 AC_CHECK_DECL([AU_IPv4], [], 779 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 780 [#include <bsm/audit.h>] 781 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 782 [Define if pututxline updates lastlog too]) 783 ) 784 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 785 [Define to a Set Process Title type if your system is 786 supported by bsd-setproctitle.c]) 787 AC_CHECK_FUNCS([sandbox_init]) 788 AC_CHECK_HEADERS([sandbox.h]) 789 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 790 SSHDLIBS="$SSHDLIBS -lsandbox" 791 ]) 792 # proc_pidinfo()-based closefrom() replacement. 793 AC_CHECK_HEADERS([libproc.h]) 794 AC_CHECK_FUNCS([proc_pidinfo]) 795 # poll(2) is broken for character-special devices (at least). 796 # cf. Apple bug 3710161 (not public, but searchable) 797 AC_DEFINE([BROKEN_POLL], [1], 798 [System poll(2) implementation is broken]) 799 ;; 800*-*-dragonfly*) 801 SSHDLIBS="$SSHDLIBS" 802 TEST_MALLOC_OPTIONS="AFGJPRX" 803 ;; 804*-*-haiku*) 805 LIBS="$LIBS -lbsd " 806 CFLAGS="$CFLAGS -D_BSD_SOURCE" 807 AC_CHECK_LIB([network], [socket]) 808 AC_DEFINE([HAVE_U_INT64_T]) 809 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 810 MANTYPE=man 811 ;; 812*-*-hpux*) 813 # first we define all of the options common to all HP-UX releases 814 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 815 IPADDR_IN_DISPLAY=yes 816 AC_DEFINE([USE_PIPES]) 817 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 818 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 819 [String used in /etc/passwd to denote locked account]) 820 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 821 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 822 maildir="/var/mail" 823 LIBS="$LIBS -lsec" 824 AC_CHECK_LIB([xnet], [t_error], , 825 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 826 827 # next, we define all of the options specific to major releases 828 case "$host" in 829 *-*-hpux10*) 830 if test -z "$GCC"; then 831 CFLAGS="$CFLAGS -Ae" 832 fi 833 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 834 ;; 835 *-*-hpux11*) 836 AC_DEFINE([PAM_SUN_CODEBASE], [1], 837 [Define if you are using Solaris-derived PAM which 838 passes pam_messages to the conversation function 839 with an extra level of indirection]) 840 AC_DEFINE([DISABLE_UTMP], [1], 841 [Define if you don't want to use utmp]) 842 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 843 check_for_hpux_broken_getaddrinfo=1 844 check_for_conflicting_getspnam=1 845 ;; 846 esac 847 848 # lastly, we define options specific to minor releases 849 case "$host" in 850 *-*-hpux10.26) 851 AC_DEFINE([HAVE_SECUREWARE], [1], 852 [Define if you have SecureWare-based 853 protected password database]) 854 disable_ptmx_check=yes 855 LIBS="$LIBS -lsecpw" 856 ;; 857 esac 858 ;; 859*-*-irix5*) 860 PATH="$PATH:/usr/etc" 861 AC_DEFINE([BROKEN_INET_NTOA], [1], 862 [Define if you system's inet_ntoa is busted 863 (e.g. Irix gcc issue)]) 864 AC_DEFINE([SETEUID_BREAKS_SETUID]) 865 AC_DEFINE([BROKEN_SETREUID]) 866 AC_DEFINE([BROKEN_SETREGID]) 867 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 868 [Define if you shouldn't strip 'tty' from your 869 ttyname in [uw]tmp]) 870 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 871 ;; 872*-*-irix6*) 873 PATH="$PATH:/usr/etc" 874 AC_DEFINE([WITH_IRIX_ARRAY], [1], 875 [Define if you have/want arrays 876 (cluster-wide session management, not C arrays)]) 877 AC_DEFINE([WITH_IRIX_PROJECT], [1], 878 [Define if you want IRIX project management]) 879 AC_DEFINE([WITH_IRIX_AUDIT], [1], 880 [Define if you want IRIX audit trails]) 881 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 882 [Define if you want IRIX kernel jobs])]) 883 AC_DEFINE([BROKEN_INET_NTOA]) 884 AC_DEFINE([SETEUID_BREAKS_SETUID]) 885 AC_DEFINE([BROKEN_SETREUID]) 886 AC_DEFINE([BROKEN_SETREGID]) 887 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 888 AC_DEFINE([WITH_ABBREV_NO_TTY]) 889 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 890 ;; 891*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 892 AC_DEFINE([PAM_TTY_KLUDGE]) 893 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 894 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 895 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 896 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 897 ;; 898*-*-linux*) 899 no_dev_ptmx=1 900 use_pie=auto 901 check_for_openpty_ctty_bug=1 902 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 903 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 904 dnl _GNU_SOURCE is needed for setres*id prototypes. 905 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 906 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 907 AC_DEFINE([PAM_TTY_KLUDGE], [1], 908 [Work around problematic Linux PAM modules handling of PAM_TTY]) 909 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 910 [String used in /etc/passwd to denote locked account]) 911 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 912 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 913 [Define to whatever link() returns for "not supported" 914 if it doesn't return EOPNOTSUPP.]) 915 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 916 AC_DEFINE([USE_BTMP]) 917 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 918 inet6_default_4in6=yes 919 case `uname -r` in 920 1.*|2.0.*) 921 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 922 [Define if cmsg_type is not passed correctly]) 923 ;; 924 esac 925 # tun(4) forwarding compat code 926 AC_CHECK_HEADERS([linux/if_tun.h]) 927 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 928 AC_DEFINE([SSH_TUN_LINUX], [1], 929 [Open tunnel devices the Linux tun/tap way]) 930 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 931 [Use tunnel device compatibility to OpenBSD]) 932 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 933 [Prepend the address family to IP tunnel traffic]) 934 fi 935 AC_CHECK_HEADER([linux/if.h], 936 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 937 [Support routing domains using Linux VRF]), [], [ 938#ifdef HAVE_SYS_TYPES_H 939# include <sys/types.h> 940#endif 941 ]) 942 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 943 [], [#include <linux/types.h>]) 944 # Obtain MIPS ABI 945 case "$host" in 946 mips*) 947 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 948#if _MIPS_SIM != _ABIO32 949#error 950#endif 951 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 952#if _MIPS_SIM != _ABIN32 953#error 954#endif 955 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 956#if _MIPS_SIM != _ABI64 957#error 958#endif 959 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 960 ]) 961 ]) 962 ]) 963 ;; 964 esac 965 AC_MSG_CHECKING([for seccomp architecture]) 966 seccomp_audit_arch= 967 case "$host" in 968 x86_64-*) 969 seccomp_audit_arch=AUDIT_ARCH_X86_64 970 ;; 971 i*86-*) 972 seccomp_audit_arch=AUDIT_ARCH_I386 973 ;; 974 arm*-*) 975 seccomp_audit_arch=AUDIT_ARCH_ARM 976 ;; 977 aarch64*-*) 978 seccomp_audit_arch=AUDIT_ARCH_AARCH64 979 ;; 980 s390x-*) 981 seccomp_audit_arch=AUDIT_ARCH_S390X 982 ;; 983 s390-*) 984 seccomp_audit_arch=AUDIT_ARCH_S390 985 ;; 986 powerpc-*) 987 seccomp_audit_arch=AUDIT_ARCH_PPC 988 ;; 989 powerpc64-*) 990 seccomp_audit_arch=AUDIT_ARCH_PPC64 991 ;; 992 powerpc64le-*) 993 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 994 ;; 995 mips-*) 996 seccomp_audit_arch=AUDIT_ARCH_MIPS 997 ;; 998 mipsel-*) 999 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 1000 ;; 1001 mips64-*) 1002 case "$mips_abi" in 1003 "n32") 1004 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 1005 ;; 1006 "n64") 1007 seccomp_audit_arch=AUDIT_ARCH_MIPS64 1008 ;; 1009 esac 1010 ;; 1011 mips64el-*) 1012 case "$mips_abi" in 1013 "n32") 1014 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 1015 ;; 1016 "n64") 1017 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1018 ;; 1019 esac 1020 ;; 1021 riscv64-*) 1022 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1023 ;; 1024 esac 1025 if test "x$seccomp_audit_arch" != "x" ; then 1026 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1027 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1028 [Specify the system call convention in use]) 1029 else 1030 AC_MSG_RESULT([architecture not supported]) 1031 fi 1032 ;; 1033*-*-minix) 1034 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1035 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1036 AC_DEFINE([BROKEN_POLL], [1], 1037 [System poll(2) implementation is broken]) 1038 ;; 1039mips-sony-bsd|mips-sony-newsos4) 1040 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1041 SONY=1 1042 ;; 1043*-*-netbsd*) 1044 if test "x$withval" != "xno" ; then 1045 rpath_opt="-R" 1046 fi 1047 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1048 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1049 AC_CHECK_HEADER([net/if_tap.h], , 1050 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1051 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1052 [Prepend the address family to IP tunnel traffic]) 1053 TEST_MALLOC_OPTIONS="AJRX" 1054 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1055 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1056 ;; 1057*-*-freebsd*) 1058 SKIP_DISABLE_LASTLOG_DEFINE=yes 1059 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1060 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1061 AC_CHECK_HEADER([net/if_tap.h], , 1062 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1063 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1064 TEST_MALLOC_OPTIONS="AJRX" 1065 # Preauth crypto occasionally uses file descriptors for crypto offload 1066 # and will crash if they cannot be opened. 1067 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1068 [define if setrlimit RLIMIT_NOFILE breaks things]) 1069 case "$host" in 1070 *-*-freebsd9.*|*-*-freebsd10.*) 1071 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1072 disable_capsicum=yes 1073 esac 1074 ;; 1075*-*-bsdi*) 1076 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1077 AC_DEFINE([BROKEN_SETREUID]) 1078 AC_DEFINE([BROKEN_SETREGID]) 1079 ;; 1080*-next-*) 1081 conf_lastlog_location="/usr/adm/lastlog" 1082 conf_utmp_location=/etc/utmp 1083 conf_wtmp_location=/usr/adm/wtmp 1084 maildir=/usr/spool/mail 1085 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1086 AC_DEFINE([USE_PIPES]) 1087 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1088 ;; 1089*-*-openbsd*) 1090 use_pie=auto 1091 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1092 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1093 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1094 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1095 [syslog_r function is safe to use in in a signal handler]) 1096 TEST_MALLOC_OPTIONS="AFGJPRX" 1097 ;; 1098*-*-solaris*) 1099 if test "x$withval" != "xno" ; then 1100 rpath_opt="-R" 1101 fi 1102 AC_DEFINE([PAM_SUN_CODEBASE]) 1103 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1104 AC_DEFINE([PAM_TTY_KLUDGE]) 1105 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1106 [Define if pam_chauthtok wants real uid set 1107 to the unpriv'ed user]) 1108 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1109 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1110 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1111 [Define if sshd somehow reacquires a controlling TTY 1112 after setsid()]) 1113 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1114 in case the name is longer than 8 chars]) 1115 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1116 external_path_file=/etc/default/login 1117 # hardwire lastlog location (can't detect it on some versions) 1118 conf_lastlog_location="/var/adm/lastlog" 1119 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1120 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1121 if test "$sol2ver" -ge 8; then 1122 AC_MSG_RESULT([yes]) 1123 AC_DEFINE([DISABLE_UTMP]) 1124 AC_DEFINE([DISABLE_WTMP], [1], 1125 [Define if you don't want to use wtmp]) 1126 else 1127 AC_MSG_RESULT([no]) 1128 fi 1129 AC_CHECK_FUNCS([setpflags]) 1130 AC_CHECK_FUNCS([setppriv]) 1131 AC_CHECK_FUNCS([priv_basicset]) 1132 AC_CHECK_HEADERS([priv.h]) 1133 AC_ARG_WITH([solaris-contracts], 1134 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1135 [ 1136 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1137 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1138 [Define if you have Solaris process contracts]) 1139 LIBS="$LIBS -lcontract" 1140 SPC_MSG="yes" ], ) 1141 ], 1142 ) 1143 AC_ARG_WITH([solaris-projects], 1144 [ --with-solaris-projects Enable Solaris projects (experimental)], 1145 [ 1146 AC_CHECK_LIB([project], [setproject], 1147 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1148 [Define if you have Solaris projects]) 1149 LIBS="$LIBS -lproject" 1150 SP_MSG="yes" ], ) 1151 ], 1152 ) 1153 AC_ARG_WITH([solaris-privs], 1154 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1155 [ 1156 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1157 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1158 "x$ac_cv_header_priv_h" = "xyes" ; then 1159 SOLARIS_PRIVS=yes 1160 AC_MSG_RESULT([found]) 1161 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1162 [Define to disable UID restoration test]) 1163 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1164 [Define if you have Solaris privileges]) 1165 SPP_MSG="yes" 1166 else 1167 AC_MSG_RESULT([not found]) 1168 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1169 fi 1170 ], 1171 ) 1172 TEST_SHELL=$SHELL # let configure find us a capable shell 1173 ;; 1174*-*-sunos4*) 1175 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1176 AC_CHECK_FUNCS([getpwanam]) 1177 AC_DEFINE([PAM_SUN_CODEBASE]) 1178 conf_utmp_location=/etc/utmp 1179 conf_wtmp_location=/var/adm/wtmp 1180 conf_lastlog_location=/var/adm/lastlog 1181 AC_DEFINE([USE_PIPES]) 1182 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1183 ;; 1184*-ncr-sysv*) 1185 LIBS="$LIBS -lc89" 1186 AC_DEFINE([USE_PIPES]) 1187 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1188 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1189 AC_DEFINE([BROKEN_SETREUID]) 1190 AC_DEFINE([BROKEN_SETREGID]) 1191 ;; 1192*-sni-sysv*) 1193 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1194 AC_CHECK_LIB([dl], [dlsym], ,) 1195 # -lresolv needs to be at the end of LIBS or DNS lookups break 1196 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1197 IPADDR_IN_DISPLAY=yes 1198 AC_DEFINE([USE_PIPES]) 1199 AC_DEFINE([IP_TOS_IS_BROKEN]) 1200 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1201 AC_DEFINE([BROKEN_SETREUID]) 1202 AC_DEFINE([BROKEN_SETREGID]) 1203 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1204 external_path_file=/etc/default/login 1205 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1206 # Attention: always take care to bind libsocket and libnsl before libc, 1207 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1208 ;; 1209# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1210*-*-sysv4.2*) 1211 AC_DEFINE([USE_PIPES]) 1212 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1213 AC_DEFINE([BROKEN_SETREUID]) 1214 AC_DEFINE([BROKEN_SETREGID]) 1215 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1216 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1217 TEST_SHELL=$SHELL # let configure find us a capable shell 1218 ;; 1219# UnixWare 7.x, OpenUNIX 8 1220*-*-sysv5*) 1221 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1222 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1223 AC_DEFINE([USE_PIPES]) 1224 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1225 AC_DEFINE([BROKEN_GETADDRINFO]) 1226 AC_DEFINE([BROKEN_SETREUID]) 1227 AC_DEFINE([BROKEN_SETREGID]) 1228 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1229 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1230 TEST_SHELL=$SHELL # let configure find us a capable shell 1231 case "$host" in 1232 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1233 maildir=/var/spool/mail 1234 AC_DEFINE([BROKEN_UPDWTMPX]) 1235 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1236 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1237 ], , ) 1238 ;; 1239 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1240 ;; 1241 esac 1242 ;; 1243*-*-sysv*) 1244 ;; 1245# SCO UNIX and OEM versions of SCO UNIX 1246*-*-sco3.2v4*) 1247 AC_MSG_ERROR("This Platform is no longer supported.") 1248 ;; 1249# SCO OpenServer 5.x 1250*-*-sco3.2v5*) 1251 if test -z "$GCC"; then 1252 CFLAGS="$CFLAGS -belf" 1253 fi 1254 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1255 no_dev_ptmx=1 1256 AC_DEFINE([USE_PIPES]) 1257 AC_DEFINE([HAVE_SECUREWARE]) 1258 AC_DEFINE([DISABLE_SHADOW]) 1259 AC_DEFINE([DISABLE_FD_PASSING]) 1260 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1261 AC_DEFINE([BROKEN_GETADDRINFO]) 1262 AC_DEFINE([BROKEN_SETREUID]) 1263 AC_DEFINE([BROKEN_SETREGID]) 1264 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1265 AC_DEFINE([BROKEN_UPDWTMPX]) 1266 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1267 AC_CHECK_FUNCS([getluid setluid]) 1268 MANTYPE=man 1269 TEST_SHELL=$SHELL # let configure find us a capable shell 1270 SKIP_DISABLE_LASTLOG_DEFINE=yes 1271 ;; 1272*-dec-osf*) 1273 AC_MSG_CHECKING([for Digital Unix SIA]) 1274 no_osfsia="" 1275 AC_ARG_WITH([osfsia], 1276 [ --with-osfsia Enable Digital Unix SIA], 1277 [ 1278 if test "x$withval" = "xno" ; then 1279 AC_MSG_RESULT([disabled]) 1280 no_osfsia=1 1281 fi 1282 ], 1283 ) 1284 if test -z "$no_osfsia" ; then 1285 if test -f /etc/sia/matrix.conf; then 1286 AC_MSG_RESULT([yes]) 1287 AC_DEFINE([HAVE_OSF_SIA], [1], 1288 [Define if you have Digital Unix Security 1289 Integration Architecture]) 1290 AC_DEFINE([DISABLE_LOGIN], [1], 1291 [Define if you don't want to use your 1292 system's login() call]) 1293 AC_DEFINE([DISABLE_FD_PASSING]) 1294 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1295 SIA_MSG="yes" 1296 else 1297 AC_MSG_RESULT([no]) 1298 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1299 [String used in /etc/passwd to denote locked account]) 1300 fi 1301 fi 1302 AC_DEFINE([BROKEN_GETADDRINFO]) 1303 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1304 AC_DEFINE([BROKEN_SETREUID]) 1305 AC_DEFINE([BROKEN_SETREGID]) 1306 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1307 ;; 1308 1309*-*-nto-qnx*) 1310 AC_DEFINE([USE_PIPES]) 1311 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1312 AC_DEFINE([DISABLE_LASTLOG]) 1313 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1314 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1315 enable_etc_default_login=no # has incompatible /etc/default/login 1316 case "$host" in 1317 *-*-nto-qnx6*) 1318 AC_DEFINE([DISABLE_FD_PASSING]) 1319 ;; 1320 esac 1321 ;; 1322 1323*-*-ultrix*) 1324 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1325 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1326 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1327 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1328 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1329 # don't get a controlling tty. 1330 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1331 # On Ultrix some headers are not protected against multiple includes, 1332 # so we create wrappers and put it where the compiler will find it. 1333 AC_MSG_WARN([creating compat wrappers for headers]) 1334 mkdir -p netinet 1335 for header in netinet/ip.h netdb.h resolv.h; do 1336 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1337 cat >$header <<EOD 1338#ifndef _SSH_COMPAT_${name} 1339#define _SSH_COMPAT_${name} 1340#include "/usr/include/${header}" 1341#endif 1342EOD 1343 done 1344 ;; 1345 1346*-*-lynxos) 1347 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1348 AC_DEFINE([BROKEN_SETVBUF], [1], 1349 [LynxOS has broken setvbuf() implementation]) 1350 ;; 1351esac 1352 1353AC_MSG_CHECKING([compiler and flags for sanity]) 1354AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1355 [ AC_MSG_RESULT([yes]) ], 1356 [ 1357 AC_MSG_RESULT([no]) 1358 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1359 ], 1360 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1361) 1362 1363dnl Checks for header files. 1364# Checks for libraries. 1365AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1366 1367dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1368AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1369 AC_CHECK_LIB([gen], [dirname], [ 1370 AC_CACHE_CHECK([for broken dirname], 1371 ac_cv_have_broken_dirname, [ 1372 save_LIBS="$LIBS" 1373 LIBS="$LIBS -lgen" 1374 AC_RUN_IFELSE( 1375 [AC_LANG_SOURCE([[ 1376#include <libgen.h> 1377#include <string.h> 1378#include <stdlib.h> 1379 1380int main(int argc, char **argv) { 1381 char *s, buf[32]; 1382 1383 strncpy(buf,"/etc", 32); 1384 s = dirname(buf); 1385 if (!s || strncmp(s, "/", 32) != 0) { 1386 exit(1); 1387 } else { 1388 exit(0); 1389 } 1390} 1391 ]])], 1392 [ ac_cv_have_broken_dirname="no" ], 1393 [ ac_cv_have_broken_dirname="yes" ], 1394 [ ac_cv_have_broken_dirname="no" ], 1395 ) 1396 LIBS="$save_LIBS" 1397 ]) 1398 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1399 LIBS="$LIBS -lgen" 1400 AC_DEFINE([HAVE_DIRNAME]) 1401 AC_CHECK_HEADERS([libgen.h]) 1402 fi 1403 ]) 1404]) 1405 1406AC_CHECK_FUNC([getspnam], , 1407 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1408AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1409 [Define if you have the basename function.])]) 1410 1411dnl zlib defaults to enabled 1412zlib=yes 1413AC_ARG_WITH([zlib], 1414 [ --with-zlib=PATH Use zlib in PATH], 1415 [ if test "x$withval" = "xno" ; then 1416 zlib=no 1417 elif test "x$withval" != "xyes"; then 1418 if test -d "$withval/lib"; then 1419 if test -n "${rpath_opt}"; then 1420 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1421 else 1422 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1423 fi 1424 else 1425 if test -n "${rpath_opt}"; then 1426 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1427 else 1428 LDFLAGS="-L${withval} ${LDFLAGS}" 1429 fi 1430 fi 1431 if test -d "$withval/include"; then 1432 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1433 else 1434 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1435 fi 1436 fi ] 1437) 1438 1439# These libraries are needed for anything that links in the channel code. 1440CHANNELLIBS="" 1441AC_MSG_CHECKING([for zlib]) 1442if test "x${zlib}" = "xno"; then 1443 AC_MSG_RESULT([no]) 1444else 1445 saved_LIBS="$LIBS" 1446 CHANNELLIBS="$CHANNELLIBS -lz" 1447 AC_MSG_RESULT([yes]) 1448 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1449 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1450 AC_CHECK_LIB([z], [deflate], [], 1451 [ 1452 saved_CPPFLAGS="$CPPFLAGS" 1453 saved_LDFLAGS="$LDFLAGS" 1454 dnl Check default zlib install dir 1455 if test -n "${rpath_opt}"; then 1456 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1457 else 1458 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1459 fi 1460 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1461 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1462 [ 1463 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1464 ] 1465 ) 1466 ] 1467 ) 1468 1469 AC_ARG_WITH([zlib-version-check], 1470 [ --without-zlib-version-check Disable zlib version check], 1471 [ if test "x$withval" = "xno" ; then 1472 zlib_check_nonfatal=1 1473 fi 1474 ] 1475 ) 1476 1477 AC_MSG_CHECKING([for possibly buggy zlib]) 1478 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1479#include <stdio.h> 1480#include <stdlib.h> 1481#include <zlib.h> 1482 ]], 1483 [[ 1484 int a=0, b=0, c=0, d=0, n, v; 1485 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1486 if (n < 1) 1487 exit(1); 1488 v = a*1000000 + b*10000 + c*100 + d; 1489 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1490 1491 /* 1.1.4 is OK */ 1492 if (a == 1 && b == 1 && c >= 4) 1493 exit(0); 1494 1495 /* 1.2.3 and up are OK */ 1496 if (v >= 1020300) 1497 exit(0); 1498 1499 exit(2); 1500 ]])], 1501 AC_MSG_RESULT([no]), 1502 [ AC_MSG_RESULT([yes]) 1503 if test -z "$zlib_check_nonfatal" ; then 1504 AC_MSG_ERROR([*** zlib too old - check config.log *** 1505Your reported zlib version has known security problems. It's possible your 1506vendor has fixed these problems without changing the version number. If you 1507are sure this is the case, you can disable the check by running 1508"./configure --without-zlib-version-check". 1509If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1510See http://www.gzip.org/zlib/ for details.]) 1511 else 1512 AC_MSG_WARN([zlib version may have security problems]) 1513 fi 1514 ], 1515 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1516 ) 1517 LIBS="$saved_LIBS" 1518fi 1519 1520dnl UnixWare 2.x 1521AC_CHECK_FUNC([strcasecmp], 1522 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1523) 1524AC_CHECK_FUNCS([utimes], 1525 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1526 LIBS="$LIBS -lc89"]) ] 1527) 1528 1529dnl Checks for libutil functions 1530AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1531AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1532AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1533AC_SEARCH_LIBS([login], [util bsd]) 1534AC_SEARCH_LIBS([logout], [util bsd]) 1535AC_SEARCH_LIBS([logwtmp], [util bsd]) 1536AC_SEARCH_LIBS([openpty], [util bsd]) 1537AC_SEARCH_LIBS([updwtmp], [util bsd]) 1538AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1539 1540# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1541# or libnsl. 1542AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1543AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1544 1545# Some Linux distribtions ship the BSD libc hashing functions in 1546# separate libraries. 1547AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1548 1549# "Particular Function Checks" 1550# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1551AC_FUNC_STRFTIME 1552AC_FUNC_MALLOC 1553AC_FUNC_REALLOC 1554# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1555AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1556AC_RUN_IFELSE( 1557 [AC_LANG_PROGRAM( 1558 [[ #include <stdlib.h> ]], 1559 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1560 )], 1561 [ func_calloc_0_nonnull=yes ], 1562 [ func_calloc_0_nonnull=no ], 1563 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1564 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1565) 1566AC_MSG_RESULT([$func_calloc_0_nonnull]) 1567 1568if test "x$func_calloc_0_nonnull" = "xyes"; then 1569 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1570else 1571 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1572 AC_DEFINE(calloc, rpl_calloc, 1573 [Define to rpl_calloc if the replacement function should be used.]) 1574fi 1575 1576# Check for ALTDIRFUNC glob() extension 1577AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1578AC_EGREP_CPP([FOUNDIT], 1579 [ 1580 #include <glob.h> 1581 #ifdef GLOB_ALTDIRFUNC 1582 FOUNDIT 1583 #endif 1584 ], 1585 [ 1586 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1587 [Define if your system glob() function has 1588 the GLOB_ALTDIRFUNC extension]) 1589 AC_MSG_RESULT([yes]) 1590 ], 1591 [ 1592 AC_MSG_RESULT([no]) 1593 ] 1594) 1595 1596# Check for g.gl_matchc glob() extension 1597AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1598AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1599 [[ glob_t g; g.gl_matchc = 1; ]])], 1600 [ 1601 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1602 [Define if your system glob() function has 1603 gl_matchc options in glob_t]) 1604 AC_MSG_RESULT([yes]) 1605 ], [ 1606 AC_MSG_RESULT([no]) 1607]) 1608 1609# Check for g.gl_statv glob() extension 1610AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1611AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1612#ifndef GLOB_KEEPSTAT 1613#error "glob does not support GLOB_KEEPSTAT extension" 1614#endif 1615glob_t g; 1616g.gl_statv = NULL; 1617]])], 1618 [ 1619 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1620 [Define if your system glob() function has 1621 gl_statv options in glob_t]) 1622 AC_MSG_RESULT([yes]) 1623 ], [ 1624 AC_MSG_RESULT([no]) 1625 1626]) 1627 1628AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1629 1630AC_CHECK_DECL([VIS_ALL], , 1631 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1632 1633AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1634AC_RUN_IFELSE( 1635 [AC_LANG_PROGRAM([[ 1636#include <sys/types.h> 1637#include <dirent.h> 1638#include <stdlib.h> 1639 ]], 1640 [[ 1641 struct dirent d; 1642 exit(sizeof(d.d_name)<=sizeof(char)); 1643 ]])], 1644 [AC_MSG_RESULT([yes])], 1645 [ 1646 AC_MSG_RESULT([no]) 1647 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1648 [Define if your struct dirent expects you to 1649 allocate extra space for d_name]) 1650 ], 1651 [ 1652 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1653 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1654 ] 1655) 1656 1657AC_MSG_CHECKING([for /proc/pid/fd directory]) 1658if test -d "/proc/$$/fd" ; then 1659 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1660 AC_MSG_RESULT([yes]) 1661else 1662 AC_MSG_RESULT([no]) 1663fi 1664 1665# Check whether user wants TCP wrappers support 1666TCPW_MSG="no" 1667AC_ARG_WITH([tcp-wrappers], 1668 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1669 [ 1670 if test "x$withval" != "xno" ; then 1671 saved_LIBS="$LIBS" 1672 saved_LDFLAGS="$LDFLAGS" 1673 saved_CPPFLAGS="$CPPFLAGS" 1674 if test -n "${withval}" && \ 1675 test "x${withval}" != "xyes"; then 1676 if test -d "${withval}/lib"; then 1677 if test -n "${need_dash_r}"; then 1678 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1679 else 1680 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1681 fi 1682 else 1683 if test -n "${need_dash_r}"; then 1684 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1685 else 1686 LDFLAGS="-L${withval} ${LDFLAGS}" 1687 fi 1688 fi 1689 if test -d "${withval}/include"; then 1690 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1691 else 1692 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1693 fi 1694 fi 1695 LIBS="-lwrap $LIBS" 1696 AC_MSG_CHECKING([for libwrap]) 1697 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1698#include <sys/types.h> 1699#include <sys/socket.h> 1700#include <netinet/in.h> 1701#include <tcpd.h> 1702int deny_severity = 0, allow_severity = 0; 1703 ]], [[ 1704 hosts_access(0); 1705 ]])], [ 1706 AC_MSG_RESULT([yes]) 1707 AC_DEFINE([LIBWRAP], [1], 1708 [Define if you want 1709 TCP Wrappers support]) 1710 SSHDLIBS="$SSHDLIBS -lwrap" 1711 TCPW_MSG="yes" 1712 ], [ 1713 AC_MSG_ERROR([*** libwrap missing]) 1714 ]) 1715 LIBS="$saved_LIBS" 1716 fi 1717 ] 1718) 1719 1720# Check whether user wants to use ldns 1721LDNS_MSG="no" 1722AC_ARG_WITH(ldns, 1723 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1724 [ 1725 ldns="" 1726 if test "x$withval" = "xyes" ; then 1727 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1728 if test "x$LDNSCONFIG" = "xno"; then 1729 LIBS="-lldns $LIBS" 1730 ldns=yes 1731 else 1732 LIBS="$LIBS `$LDNSCONFIG --libs`" 1733 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1734 ldns=yes 1735 fi 1736 elif test "x$withval" != "xno" ; then 1737 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1738 LDFLAGS="$LDFLAGS -L${withval}/lib" 1739 LIBS="-lldns $LIBS" 1740 ldns=yes 1741 fi 1742 1743 # Verify that it works. 1744 if test "x$ldns" = "xyes" ; then 1745 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1746 LDNS_MSG="yes" 1747 AC_MSG_CHECKING([for ldns support]) 1748 AC_LINK_IFELSE( 1749 [AC_LANG_SOURCE([[ 1750#include <stdio.h> 1751#include <stdlib.h> 1752#ifdef HAVE_STDINT_H 1753# include <stdint.h> 1754#endif 1755#include <ldns/ldns.h> 1756int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1757 ]]) 1758 ], 1759 [AC_MSG_RESULT(yes)], 1760 [ 1761 AC_MSG_RESULT(no) 1762 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1763 ]) 1764 fi 1765]) 1766 1767# Check whether user wants libedit support 1768LIBEDIT_MSG="no" 1769AC_ARG_WITH([libedit], 1770 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1771 [ if test "x$withval" != "xno" ; then 1772 if test "x$withval" = "xyes" ; then 1773 if test "x$PKGCONFIG" != "xno"; then 1774 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1775 if "$PKGCONFIG" libedit; then 1776 AC_MSG_RESULT([yes]) 1777 use_pkgconfig_for_libedit=yes 1778 else 1779 AC_MSG_RESULT([no]) 1780 fi 1781 fi 1782 else 1783 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1784 if test -n "${rpath_opt}"; then 1785 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1786 else 1787 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1788 fi 1789 fi 1790 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1791 LIBEDIT=`$PKGCONFIG --libs libedit` 1792 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1793 else 1794 LIBEDIT="-ledit -lcurses" 1795 fi 1796 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1797 AC_CHECK_LIB([edit], [el_init], 1798 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1799 LIBEDIT_MSG="yes" 1800 AC_SUBST([LIBEDIT]) 1801 ], 1802 [ AC_MSG_ERROR([libedit not found]) ], 1803 [ $OTHERLIBS ] 1804 ) 1805 AC_MSG_CHECKING([if libedit version is compatible]) 1806 AC_COMPILE_IFELSE( 1807 [AC_LANG_PROGRAM([[ 1808#include <histedit.h> 1809#include <stdlib.h> 1810 ]], 1811 [[ 1812 int i = H_SETSIZE; 1813 el_init("", NULL, NULL, NULL); 1814 exit(0); 1815 ]])], 1816 [ AC_MSG_RESULT([yes]) ], 1817 [ AC_MSG_RESULT([no]) 1818 AC_MSG_ERROR([libedit version is not compatible]) ] 1819 ) 1820 fi ] 1821) 1822 1823AUDIT_MODULE=none 1824AC_ARG_WITH([audit], 1825 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1826 [ 1827 AC_MSG_CHECKING([for supported audit module]) 1828 case "$withval" in 1829 bsm) 1830 AC_MSG_RESULT([bsm]) 1831 AUDIT_MODULE=bsm 1832 dnl Checks for headers, libs and functions 1833 AC_CHECK_HEADERS([bsm/audit.h], [], 1834 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1835 [ 1836#ifdef HAVE_TIME_H 1837# include <time.h> 1838#endif 1839 ] 1840) 1841 AC_CHECK_LIB([bsm], [getaudit], [], 1842 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1843 AC_CHECK_FUNCS([getaudit], [], 1844 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1845 # These are optional 1846 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1847 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1848 if test "$sol2ver" -ge 11; then 1849 SSHDLIBS="$SSHDLIBS -lscf" 1850 AC_DEFINE([BROKEN_BSM_API], [1], 1851 [The system has incomplete BSM API]) 1852 fi 1853 ;; 1854 linux) 1855 AC_MSG_RESULT([linux]) 1856 AUDIT_MODULE=linux 1857 dnl Checks for headers, libs and functions 1858 AC_CHECK_HEADERS([libaudit.h]) 1859 SSHDLIBS="$SSHDLIBS -laudit" 1860 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1861 ;; 1862 debug) 1863 AUDIT_MODULE=debug 1864 AC_MSG_RESULT([debug]) 1865 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1866 ;; 1867 no) 1868 AC_MSG_RESULT([no]) 1869 ;; 1870 *) 1871 AC_MSG_ERROR([Unknown audit module $withval]) 1872 ;; 1873 esac ] 1874) 1875 1876AC_ARG_WITH([pie], 1877 [ --with-pie Build Position Independent Executables if possible], [ 1878 if test "x$withval" = "xno"; then 1879 use_pie=no 1880 fi 1881 if test "x$withval" = "xyes"; then 1882 use_pie=yes 1883 fi 1884 ] 1885) 1886if test "x$use_pie" = "x"; then 1887 use_pie=no 1888fi 1889if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1890 # Turn off automatic PIE when toolchain hardening is off. 1891 use_pie=no 1892fi 1893if test "x$use_pie" = "xauto"; then 1894 # Automatic PIE requires gcc >= 4.x 1895 AC_MSG_CHECKING([for gcc >= 4.x]) 1896 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1897#if !defined(__GNUC__) || __GNUC__ < 4 1898#error gcc is too old 1899#endif 1900]])], 1901 [ AC_MSG_RESULT([yes]) ], 1902 [ AC_MSG_RESULT([no]) 1903 use_pie=no ] 1904) 1905fi 1906if test "x$use_pie" != "xno"; then 1907 SAVED_CFLAGS="$CFLAGS" 1908 SAVED_LDFLAGS="$LDFLAGS" 1909 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1910 OSSH_CHECK_LDFLAG_LINK([-pie]) 1911 # We use both -fPIE and -pie or neither. 1912 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1913 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1914 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1915 AC_MSG_RESULT([yes]) 1916 else 1917 AC_MSG_RESULT([no]) 1918 CFLAGS="$SAVED_CFLAGS" 1919 LDFLAGS="$SAVED_LDFLAGS" 1920 fi 1921fi 1922 1923AC_MSG_CHECKING([whether -fPIC is accepted]) 1924SAVED_CFLAGS="$CFLAGS" 1925CFLAGS="$CFLAGS -fPIC" 1926AC_COMPILE_IFELSE( 1927 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1928 [AC_MSG_RESULT([yes]) 1929 PICFLAG="-fPIC"; ], 1930 [AC_MSG_RESULT([no]) 1931 PICFLAG=""; ]) 1932CFLAGS="$SAVED_CFLAGS" 1933AC_SUBST([PICFLAG]) 1934 1935dnl Checks for library functions. Please keep in alphabetical order 1936AC_CHECK_FUNCS([ \ 1937 auth_hostok \ 1938 auth_timeok \ 1939 Blowfish_initstate \ 1940 Blowfish_expandstate \ 1941 Blowfish_expand0state \ 1942 Blowfish_stream2word \ 1943 SHA256Update \ 1944 SHA384Update \ 1945 SHA512Update \ 1946 asprintf \ 1947 b64_ntop \ 1948 __b64_ntop \ 1949 b64_pton \ 1950 __b64_pton \ 1951 bcopy \ 1952 bcrypt_pbkdf \ 1953 bindresvport_sa \ 1954 blf_enc \ 1955 bzero \ 1956 cap_rights_limit \ 1957 clock \ 1958 closefrom \ 1959 close_range \ 1960 dirfd \ 1961 endgrent \ 1962 err \ 1963 errx \ 1964 explicit_bzero \ 1965 explicit_memset \ 1966 fchmod \ 1967 fchmodat \ 1968 fchown \ 1969 fchownat \ 1970 flock \ 1971 fnmatch \ 1972 freeaddrinfo \ 1973 freezero \ 1974 fstatfs \ 1975 fstatvfs \ 1976 futimes \ 1977 getaddrinfo \ 1978 getcwd \ 1979 getentropy \ 1980 getgrouplist \ 1981 getline \ 1982 getnameinfo \ 1983 getopt \ 1984 getpagesize \ 1985 getpeereid \ 1986 getpeerucred \ 1987 getpgid \ 1988 _getpty \ 1989 getrlimit \ 1990 getrandom \ 1991 getsid \ 1992 getttyent \ 1993 glob \ 1994 group_from_gid \ 1995 inet_aton \ 1996 inet_ntoa \ 1997 inet_ntop \ 1998 innetgr \ 1999 killpg \ 2000 llabs \ 2001 localtime_r \ 2002 login_getcapbool \ 2003 login_getpwclass \ 2004 memmem \ 2005 memmove \ 2006 memset_s \ 2007 mkdtemp \ 2008 ngetaddrinfo \ 2009 nsleep \ 2010 ogetaddrinfo \ 2011 openlog_r \ 2012 pledge \ 2013 poll \ 2014 ppoll \ 2015 prctl \ 2016 procctl \ 2017 pselect \ 2018 pstat \ 2019 raise \ 2020 readpassphrase \ 2021 reallocarray \ 2022 realpath \ 2023 recvmsg \ 2024 recallocarray \ 2025 rresvport_af \ 2026 sendmsg \ 2027 setdtablesize \ 2028 setegid \ 2029 setenv \ 2030 seteuid \ 2031 setgroupent \ 2032 setgroups \ 2033 setlinebuf \ 2034 setlogin \ 2035 setpassent\ 2036 setpcred \ 2037 setproctitle \ 2038 setregid \ 2039 setreuid \ 2040 setrlimit \ 2041 setsid \ 2042 setvbuf \ 2043 sigaction \ 2044 sigvec \ 2045 snprintf \ 2046 socketpair \ 2047 statfs \ 2048 statvfs \ 2049 strcasestr \ 2050 strdup \ 2051 strerror \ 2052 strlcat \ 2053 strlcpy \ 2054 strmode \ 2055 strndup \ 2056 strnlen \ 2057 strnvis \ 2058 strptime \ 2059 strsignal \ 2060 strtonum \ 2061 strtoll \ 2062 strtoul \ 2063 strtoull \ 2064 swap32 \ 2065 sysconf \ 2066 tcgetpgrp \ 2067 timegm \ 2068 timingsafe_bcmp \ 2069 truncate \ 2070 unsetenv \ 2071 updwtmpx \ 2072 utimensat \ 2073 user_from_uid \ 2074 usleep \ 2075 vasprintf \ 2076 vsnprintf \ 2077 waitpid \ 2078 warn \ 2079]) 2080 2081AC_CHECK_DECLS([bzero, memmem]) 2082 2083dnl Wide character support. 2084AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2085 2086TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2087AC_MSG_CHECKING([for utf8 locale support]) 2088AC_RUN_IFELSE( 2089 [AC_LANG_PROGRAM([[ 2090#include <locale.h> 2091#include <stdlib.h> 2092 ]], [[ 2093 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2094 if (loc != NULL) 2095 exit(0); 2096 exit(1); 2097 ]])], 2098 AC_MSG_RESULT(yes), 2099 [AC_MSG_RESULT(no) 2100 TEST_SSH_UTF8=no], 2101 AC_MSG_WARN([cross compiling: assuming yes]) 2102) 2103 2104AC_LINK_IFELSE( 2105 [AC_LANG_PROGRAM( 2106 [[ #include <ctype.h> ]], 2107 [[ return (isblank('a')); ]])], 2108 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2109]) 2110 2111disable_pkcs11= 2112AC_ARG_ENABLE([pkcs11], 2113 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2114 [ 2115 if test "x$enableval" = "xno" ; then 2116 disable_pkcs11=1 2117 fi 2118 ] 2119) 2120 2121disable_sk= 2122AC_ARG_ENABLE([security-key], 2123 [ --disable-security-key disable U2F/FIDO support code [no]], 2124 [ 2125 if test "x$enableval" = "xno" ; then 2126 disable_sk=1 2127 fi 2128 ] 2129) 2130enable_sk_internal= 2131AC_ARG_WITH([security-key-builtin], 2132 [ --with-security-key-builtin include builtin U2F/FIDO support], 2133 [ enable_sk_internal=$withval ] 2134) 2135 2136disable_ecdsa= 2137AC_ARG_ENABLE([dsa-keys], 2138 [ --disable-dsa-keys disable DSA key support [no]], 2139 [ 2140 if test "x$enableval" = "xno" ; then 2141 disable_ecdsa=1 2142 fi 2143 ] 2144) 2145test -z "$disable_ecdsa" && 2146 AC_DEFINE([WITH_DSA], [1], [Define if to enable DSA keys.]) 2147 2148AC_SEARCH_LIBS([dlopen], [dl]) 2149AC_CHECK_FUNCS([dlopen]) 2150AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2151 2152# IRIX has a const char return value for gai_strerror() 2153AC_CHECK_FUNCS([gai_strerror], [ 2154 AC_DEFINE([HAVE_GAI_STRERROR]) 2155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2156#include <sys/types.h> 2157#include <sys/socket.h> 2158#include <netdb.h> 2159 2160const char *gai_strerror(int); 2161 ]], [[ 2162 char *str; 2163 str = gai_strerror(0); 2164 ]])], [ 2165 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2166 [Define if gai_strerror() returns const char *])], [])]) 2167 2168AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2169 [Some systems put nanosleep outside of libc])]) 2170 2171AC_SEARCH_LIBS([clock_gettime], [rt], 2172 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2173 2174dnl check if we need -D_REENTRANT for localtime_r declaration. 2175AC_CHECK_DECL([localtime_r], [], 2176 [ saved_CPPFLAGS="$CPPFLAGS" 2177 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2178 unset ac_cv_have_decl_localtime_r 2179 AC_CHECK_DECL([localtime_r], [], 2180 [ CPPFLAGS="$saved_CPPFLAGS" ], 2181 [ #include <time.h> ] 2182 ) 2183 ], 2184 [ #include <time.h> ] 2185) 2186 2187dnl Make sure prototypes are defined for these before using them. 2188AC_CHECK_DECL([strsep], 2189 [AC_CHECK_FUNCS([strsep])], 2190 [], 2191 [ 2192#ifdef HAVE_STRING_H 2193# include <string.h> 2194#endif 2195 ]) 2196 2197dnl tcsendbreak might be a macro 2198AC_CHECK_DECL([tcsendbreak], 2199 [AC_DEFINE([HAVE_TCSENDBREAK])], 2200 [AC_CHECK_FUNCS([tcsendbreak])], 2201 [#include <termios.h>] 2202) 2203 2204AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2205 2206AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2207 [ 2208#include <sys/types.h> 2209#include <sys/socket.h> 2210#include <unistd.h> 2211 ]) 2212 2213AC_CHECK_DECLS([O_NONBLOCK], , , 2214 [ 2215#include <sys/types.h> 2216#ifdef HAVE_SYS_STAT_H 2217# include <sys/stat.h> 2218#endif 2219#ifdef HAVE_FCNTL_H 2220# include <fcntl.h> 2221#endif 2222 ]) 2223 2224AC_CHECK_DECLS([ftruncate, getentropy], , , 2225 [ 2226#include <sys/types.h> 2227#include <unistd.h> 2228 ]) 2229 2230AC_CHECK_DECLS([readv, writev], , , [ 2231#include <sys/types.h> 2232#include <sys/uio.h> 2233#include <unistd.h> 2234 ]) 2235 2236AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2237#include <sys/param.h> 2238 ]) 2239 2240AC_CHECK_DECLS([offsetof], , , [ 2241#include <stddef.h> 2242 ]) 2243 2244# extra bits for select(2) 2245AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2246#include <sys/param.h> 2247#include <sys/types.h> 2248#ifdef HAVE_SYS_SYSMACROS_H 2249#include <sys/sysmacros.h> 2250#endif 2251#ifdef HAVE_SYS_SELECT_H 2252#include <sys/select.h> 2253#endif 2254#ifdef HAVE_SYS_TIME_H 2255#include <sys/time.h> 2256#endif 2257#ifdef HAVE_UNISTD_H 2258#include <unistd.h> 2259#endif 2260 ]]) 2261AC_CHECK_TYPES([fd_mask], [], [], [[ 2262#include <sys/param.h> 2263#include <sys/types.h> 2264#ifdef HAVE_SYS_SELECT_H 2265#include <sys/select.h> 2266#endif 2267#ifdef HAVE_SYS_TIME_H 2268#include <sys/time.h> 2269#endif 2270#ifdef HAVE_UNISTD_H 2271#include <unistd.h> 2272#endif 2273 ]]) 2274 2275AC_CHECK_FUNCS([setresuid], [ 2276 dnl Some platorms have setresuid that isn't implemented, test for this 2277 AC_MSG_CHECKING([if setresuid seems to work]) 2278 AC_RUN_IFELSE( 2279 [AC_LANG_PROGRAM([[ 2280#include <errno.h> 2281#include <stdlib.h> 2282#include <unistd.h> 2283 ]], [[ 2284 errno=0; 2285 setresuid(0,0,0); 2286 if (errno==ENOSYS) 2287 exit(1); 2288 else 2289 exit(0); 2290 ]])], 2291 [AC_MSG_RESULT([yes])], 2292 [AC_DEFINE([BROKEN_SETRESUID], [1], 2293 [Define if your setresuid() is broken]) 2294 AC_MSG_RESULT([not implemented])], 2295 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2296 ) 2297]) 2298 2299AC_CHECK_FUNCS([setresgid], [ 2300 dnl Some platorms have setresgid that isn't implemented, test for this 2301 AC_MSG_CHECKING([if setresgid seems to work]) 2302 AC_RUN_IFELSE( 2303 [AC_LANG_PROGRAM([[ 2304#include <errno.h> 2305#include <stdlib.h> 2306#include <unistd.h> 2307 ]], [[ 2308 errno=0; 2309 setresgid(0,0,0); 2310 if (errno==ENOSYS) 2311 exit(1); 2312 else 2313 exit(0); 2314 ]])], 2315 [AC_MSG_RESULT([yes])], 2316 [AC_DEFINE([BROKEN_SETRESGID], [1], 2317 [Define if your setresgid() is broken]) 2318 AC_MSG_RESULT([not implemented])], 2319 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2320 ) 2321]) 2322 2323AC_MSG_CHECKING([for working fflush(NULL)]) 2324AC_RUN_IFELSE( 2325 [AC_LANG_PROGRAM([[ 2326#include <stdio.h> 2327#include <stdlib.h> 2328 ]], 2329 [[fflush(NULL); exit(0);]])], 2330 AC_MSG_RESULT([yes]), 2331 [AC_MSG_RESULT([no]) 2332 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2333 [define if fflush(NULL) does not work])], 2334 AC_MSG_WARN([cross compiling: assuming working]) 2335) 2336 2337dnl Checks for time functions 2338AC_CHECK_FUNCS([gettimeofday time]) 2339dnl Checks for utmp functions 2340AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2341AC_CHECK_FUNCS([utmpname]) 2342dnl Checks for utmpx functions 2343AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2344AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2345dnl Checks for lastlog functions 2346AC_CHECK_FUNCS([getlastlogxbyname]) 2347 2348AC_CHECK_FUNC([daemon], 2349 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2350 [AC_CHECK_LIB([bsd], [daemon], 2351 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2352) 2353 2354AC_CHECK_FUNC([getpagesize], 2355 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2356 [Define if your libraries define getpagesize()])], 2357 [AC_CHECK_LIB([ucb], [getpagesize], 2358 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2359) 2360 2361# Check for broken snprintf 2362if test "x$ac_cv_func_snprintf" = "xyes" ; then 2363 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2364 AC_RUN_IFELSE( 2365 [AC_LANG_PROGRAM([[ 2366#include <stdio.h> 2367#include <stdlib.h> 2368 ]], 2369 [[ 2370 char b[5]; 2371 snprintf(b,5,"123456789"); 2372 exit(b[4]!='\0'); 2373 ]])], 2374 [AC_MSG_RESULT([yes])], 2375 [ 2376 AC_MSG_RESULT([no]) 2377 AC_DEFINE([BROKEN_SNPRINTF], [1], 2378 [Define if your snprintf is busted]) 2379 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2380 ], 2381 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2382 ) 2383fi 2384 2385if test "x$ac_cv_func_snprintf" = "xyes" ; then 2386 AC_MSG_CHECKING([whether snprintf understands %zu]) 2387 AC_RUN_IFELSE( 2388 [AC_LANG_PROGRAM([[ 2389#include <sys/types.h> 2390#include <stdio.h> 2391#include <stdlib.h> 2392#include <string.h> 2393 ]], 2394 [[ 2395 size_t a = 1, b = 2; 2396 char z[128]; 2397 snprintf(z, sizeof z, "%zu%zu", a, b); 2398 exit(strcmp(z, "12")); 2399 ]])], 2400 [AC_MSG_RESULT([yes])], 2401 [ 2402 AC_MSG_RESULT([no]) 2403 AC_DEFINE([BROKEN_SNPRINTF], [1], 2404 [snprintf does not understand %zu]) 2405 ], 2406 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2407 ) 2408fi 2409 2410# We depend on vsnprintf returning the right thing on overflow: the 2411# number of characters it tried to create (as per SUSv3) 2412if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2413 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2414 AC_RUN_IFELSE( 2415 [AC_LANG_PROGRAM([[ 2416#include <sys/types.h> 2417#include <stdio.h> 2418#include <stdarg.h> 2419 2420int x_snprintf(char *str, size_t count, const char *fmt, ...) 2421{ 2422 size_t ret; 2423 va_list ap; 2424 2425 va_start(ap, fmt); 2426 ret = vsnprintf(str, count, fmt, ap); 2427 va_end(ap); 2428 return ret; 2429} 2430 ]], [[ 2431char x[1]; 2432if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2433 return 1; 2434if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2435 return 1; 2436return 0; 2437 ]])], 2438 [AC_MSG_RESULT([yes])], 2439 [ 2440 AC_MSG_RESULT([no]) 2441 AC_DEFINE([BROKEN_SNPRINTF], [1], 2442 [Define if your snprintf is busted]) 2443 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2444 ], 2445 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2446 ) 2447fi 2448 2449# On systems where [v]snprintf is broken, but is declared in stdio, 2450# check that the fmt argument is const char * or just char *. 2451# This is only useful for when BROKEN_SNPRINTF 2452AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2453AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2454#include <stdio.h> 2455int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2456 ]], [[ 2457 snprintf(0, 0, 0); 2458 ]])], 2459 [AC_MSG_RESULT([yes]) 2460 AC_DEFINE([SNPRINTF_CONST], [const], 2461 [Define as const if snprintf() can declare const char *fmt])], 2462 [AC_MSG_RESULT([no]) 2463 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2464 2465# Check for missing getpeereid (or equiv) support 2466NO_PEERCHECK="" 2467if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2468 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2469 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2470#include <sys/types.h> 2471#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2472 [ AC_MSG_RESULT([yes]) 2473 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2474 ], [AC_MSG_RESULT([no]) 2475 NO_PEERCHECK=1 2476 ]) 2477fi 2478 2479dnl make sure that openpty does not reacquire controlling terminal 2480if test ! -z "$check_for_openpty_ctty_bug"; then 2481 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2482 AC_RUN_IFELSE( 2483 [AC_LANG_PROGRAM([[ 2484#include <stdio.h> 2485#include <stdlib.h> 2486#include <unistd.h> 2487#ifdef HAVE_PTY_H 2488# include <pty.h> 2489#endif 2490#include <sys/fcntl.h> 2491#include <sys/types.h> 2492#include <sys/wait.h> 2493 ]], [[ 2494 pid_t pid; 2495 int fd, ptyfd, ttyfd, status; 2496 2497 pid = fork(); 2498 if (pid < 0) { /* failed */ 2499 exit(1); 2500 } else if (pid > 0) { /* parent */ 2501 waitpid(pid, &status, 0); 2502 if (WIFEXITED(status)) 2503 exit(WEXITSTATUS(status)); 2504 else 2505 exit(2); 2506 } else { /* child */ 2507 close(0); close(1); close(2); 2508 setsid(); 2509 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2510 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2511 if (fd >= 0) 2512 exit(3); /* Acquired ctty: broken */ 2513 else 2514 exit(0); /* Did not acquire ctty: OK */ 2515 } 2516 ]])], 2517 [ 2518 AC_MSG_RESULT([yes]) 2519 ], 2520 [ 2521 AC_MSG_RESULT([no]) 2522 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2523 ], 2524 [ 2525 AC_MSG_RESULT([cross-compiling, assuming yes]) 2526 ] 2527 ) 2528fi 2529 2530if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2531 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2532 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2533 AC_RUN_IFELSE( 2534 [AC_LANG_PROGRAM([[ 2535#include <stdio.h> 2536#include <stdlib.h> 2537#include <sys/socket.h> 2538#include <netdb.h> 2539#include <errno.h> 2540#include <netinet/in.h> 2541 2542#define TEST_PORT "2222" 2543 ]], [[ 2544 int err, sock; 2545 struct addrinfo *gai_ai, *ai, hints; 2546 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2547 2548 memset(&hints, 0, sizeof(hints)); 2549 hints.ai_family = PF_UNSPEC; 2550 hints.ai_socktype = SOCK_STREAM; 2551 hints.ai_flags = AI_PASSIVE; 2552 2553 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2554 if (err != 0) { 2555 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2556 exit(1); 2557 } 2558 2559 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2560 if (ai->ai_family != AF_INET6) 2561 continue; 2562 2563 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2564 sizeof(ntop), strport, sizeof(strport), 2565 NI_NUMERICHOST|NI_NUMERICSERV); 2566 2567 if (err != 0) { 2568 if (err == EAI_SYSTEM) 2569 perror("getnameinfo EAI_SYSTEM"); 2570 else 2571 fprintf(stderr, "getnameinfo failed: %s\n", 2572 gai_strerror(err)); 2573 exit(2); 2574 } 2575 2576 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2577 if (sock < 0) 2578 perror("socket"); 2579 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2580 if (errno == EBADF) 2581 exit(3); 2582 } 2583 } 2584 exit(0); 2585 ]])], 2586 [ 2587 AC_MSG_RESULT([yes]) 2588 ], 2589 [ 2590 AC_MSG_RESULT([no]) 2591 AC_DEFINE([BROKEN_GETADDRINFO]) 2592 ], 2593 [ 2594 AC_MSG_RESULT([cross-compiling, assuming yes]) 2595 ] 2596 ) 2597fi 2598 2599if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2600 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2601 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2602 AC_RUN_IFELSE( 2603 [AC_LANG_PROGRAM([[ 2604#include <stdio.h> 2605#include <stdlib.h> 2606#include <sys/socket.h> 2607#include <netdb.h> 2608#include <errno.h> 2609#include <netinet/in.h> 2610 2611#define TEST_PORT "2222" 2612 ]], [[ 2613 int err, sock; 2614 struct addrinfo *gai_ai, *ai, hints; 2615 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2616 2617 memset(&hints, 0, sizeof(hints)); 2618 hints.ai_family = PF_UNSPEC; 2619 hints.ai_socktype = SOCK_STREAM; 2620 hints.ai_flags = AI_PASSIVE; 2621 2622 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2623 if (err != 0) { 2624 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2625 exit(1); 2626 } 2627 2628 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2629 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2630 continue; 2631 2632 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2633 sizeof(ntop), strport, sizeof(strport), 2634 NI_NUMERICHOST|NI_NUMERICSERV); 2635 2636 if (ai->ai_family == AF_INET && err != 0) { 2637 perror("getnameinfo"); 2638 exit(2); 2639 } 2640 } 2641 exit(0); 2642 ]])], 2643 [ 2644 AC_MSG_RESULT([yes]) 2645 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2646 [Define if you have a getaddrinfo that fails 2647 for the all-zeros IPv6 address]) 2648 ], 2649 [ 2650 AC_MSG_RESULT([no]) 2651 AC_DEFINE([BROKEN_GETADDRINFO]) 2652 ], 2653 [ 2654 AC_MSG_RESULT([cross-compiling, assuming no]) 2655 ] 2656 ) 2657fi 2658 2659if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2660 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2661 [#include <sys/types.h> 2662 #include <sys/socket.h> 2663 #include <netdb.h>]) 2664fi 2665 2666if test "x$check_for_conflicting_getspnam" = "x1"; then 2667 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2668 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2669#include <shadow.h> 2670#include <stdlib.h> 2671 ]], 2672 [[ exit(0); ]])], 2673 [ 2674 AC_MSG_RESULT([no]) 2675 ], 2676 [ 2677 AC_MSG_RESULT([yes]) 2678 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2679 [Conflicting defs for getspnam]) 2680 ] 2681 ) 2682fi 2683 2684dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2685dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2686dnl for over ten years). Despite this incompatibility being reported during 2687dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2688dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2689dnl implementation. Try to detect this mess, and assume the only safe option 2690dnl if we're cross compiling. 2691dnl 2692dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2693dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2694if test "x$ac_cv_func_strnvis" = "xyes"; then 2695 AC_MSG_CHECKING([for working strnvis]) 2696 AC_RUN_IFELSE( 2697 [AC_LANG_PROGRAM([[ 2698#include <signal.h> 2699#include <stdlib.h> 2700#include <string.h> 2701#include <unistd.h> 2702#include <vis.h> 2703static void sighandler(int sig) { _exit(1); } 2704 ]], [[ 2705 char dst[16]; 2706 2707 signal(SIGSEGV, sighandler); 2708 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2709 exit(0); 2710 exit(1) 2711 ]])], 2712 [AC_MSG_RESULT([yes])], 2713 [AC_MSG_RESULT([no]) 2714 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2715 [AC_MSG_WARN([cross compiling: assuming broken]) 2716 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2717 ) 2718fi 2719 2720AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2721AC_RUN_IFELSE( 2722 [AC_LANG_PROGRAM([[ 2723#ifdef HAVE_SYS_SELECT 2724# include <sys/select.h> 2725#endif 2726#include <sys/types.h> 2727#include <sys/time.h> 2728#include <stdlib.h> 2729#include <signal.h> 2730#include <unistd.h> 2731static void sighandler(int sig) { } 2732 ]], [[ 2733 int r; 2734 pid_t pid; 2735 struct sigaction sa; 2736 2737 sa.sa_handler = sighandler; 2738 sa.sa_flags = SA_RESTART; 2739 (void)sigaction(SIGTERM, &sa, NULL); 2740 if ((pid = fork()) == 0) { /* child */ 2741 pid = getppid(); 2742 sleep(1); 2743 kill(pid, SIGTERM); 2744 sleep(1); 2745 if (getppid() == pid) /* if parent did not exit, shoot it */ 2746 kill(pid, SIGKILL); 2747 exit(0); 2748 } else { /* parent */ 2749 r = select(0, NULL, NULL, NULL, NULL); 2750 } 2751 exit(r == -1 ? 0 : 1); 2752 ]])], 2753 [AC_MSG_RESULT([yes])], 2754 [AC_MSG_RESULT([no]) 2755 AC_DEFINE([NO_SA_RESTART], [1], 2756 [SA_RESTARTed signals do no interrupt select])], 2757 [AC_MSG_WARN([cross compiling: assuming yes])] 2758) 2759 2760AC_CHECK_FUNCS([getpgrp],[ 2761 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2762 AC_COMPILE_IFELSE( 2763 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2764 [ AC_MSG_RESULT([yes]) 2765 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2766 [ AC_MSG_RESULT([no]) 2767 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2768 ) 2769]) 2770 2771# Search for OpenSSL 2772saved_CPPFLAGS="$CPPFLAGS" 2773saved_LDFLAGS="$LDFLAGS" 2774openssl_bin_PATH="$PATH" 2775AC_ARG_WITH([ssl-dir], 2776 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2777 [ 2778 if test "x$openssl" = "xno" ; then 2779 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2780 fi 2781 if test "x$withval" != "xno" ; then 2782 case "$withval" in 2783 # Relative paths 2784 ./*|../*) withval="`pwd`/$withval" 2785 esac 2786 if test -d "$withval/lib"; then 2787 libcrypto_path="${withval}/lib" 2788 elif test -d "$withval/lib64"; then 2789 libcrypto_path="$withval/lib64" 2790 else 2791 # Built but not installed 2792 libcrypto_path="${withval}" 2793 fi 2794 if test -n "${rpath_opt}"; then 2795 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2796 else 2797 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2798 fi 2799 if test -d "$withval/include"; then 2800 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2801 else 2802 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2803 fi 2804 dnl Ensure specified openssl binary works, eg it can 2805 dnl find its runtime libraries, before trying to use. 2806 if test -x "${withval}/bin/openssl" && \ 2807 "${withval}/bin/openssl" version >/dev/null 2>&1; then 2808 openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" 2809 elif test -x "${withval}/apps/openssl" && \ 2810 "${withval}/apps/openssl" version >/dev/null 2>&1; then 2811 openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" 2812 fi 2813 fi 2814 ] 2815) 2816AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2817AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2818 2819AC_ARG_WITH([openssl-header-check], 2820 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2821 [ 2822 if test "x$withval" = "xno" ; then 2823 openssl_check_nonfatal=1 2824 fi 2825 ] 2826) 2827 2828openssl_engine=no 2829AC_ARG_WITH([ssl-engine], 2830 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2831 [ 2832 if test "x$withval" != "xno" ; then 2833 if test "x$openssl" = "xno" ; then 2834 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2835 fi 2836 openssl_engine=yes 2837 fi 2838 ] 2839) 2840 2841nocrypto_saved_LIBS="$LIBS" 2842if test "x$openssl" = "xyes" ; then 2843 LIBS="-lcrypto $LIBS" 2844 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2845 AC_TRY_LINK_FUNC([RAND_add], , 2846 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2847 AC_CHECK_HEADER([openssl/opensslv.h], , 2848 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2849 2850 # Determine OpenSSL header version 2851 AC_MSG_CHECKING([OpenSSL header version]) 2852 AC_RUN_IFELSE( 2853 [AC_LANG_PROGRAM([[ 2854 #include <stdlib.h> 2855 #include <stdio.h> 2856 #include <string.h> 2857 #include <openssl/opensslv.h> 2858 #define DATA "conftest.sslincver" 2859 ]], [[ 2860 FILE *fd; 2861 int rc; 2862 2863 fd = fopen(DATA,"w"); 2864 if(fd == NULL) 2865 exit(1); 2866 2867 if ((rc = fprintf(fd, "%08lx (%s)\n", 2868 (unsigned long)OPENSSL_VERSION_NUMBER, 2869 OPENSSL_VERSION_TEXT)) < 0) 2870 exit(1); 2871 2872 exit(0); 2873 ]])], 2874 [ 2875 ssl_header_ver=`cat conftest.sslincver` 2876 AC_MSG_RESULT([$ssl_header_ver]) 2877 ], 2878 [ 2879 AC_MSG_RESULT([failed]) 2880 AC_MSG_ERROR([OpenSSL version test program failed.]) 2881 ], 2882 [ 2883 AC_MSG_WARN([cross compiling: not checking]) 2884 ] 2885 ) 2886 2887 # Determining OpenSSL library version is version dependent. 2888 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2889 2890 # Determine OpenSSL library version 2891 AC_MSG_CHECKING([OpenSSL library version]) 2892 AC_RUN_IFELSE( 2893 [AC_LANG_PROGRAM([[ 2894 #include <stdio.h> 2895 #include <stdlib.h> 2896 #include <string.h> 2897 #include <openssl/opensslv.h> 2898 #include <openssl/crypto.h> 2899 #define DATA "conftest.ssllibver" 2900 ]], [[ 2901 FILE *f; 2902 /* We need these legacy bits to warn for old libcrypto */ 2903 #ifndef OPENSSL_VERSION 2904 # define OPENSSL_VERSION SSLEAY_VERSION 2905 #endif 2906 #ifndef HAVE_OPENSSL_VERSION 2907 # define OpenSSL_version SSLeay_version 2908 #endif 2909 #ifndef HAVE_OPENSSL_VERSION_NUM 2910 # define OpenSSL_version_num SSLeay 2911 #endif 2912 if ((f = fopen(DATA, "w")) == NULL) 2913 exit(1); 2914 if (fprintf(f, "%08lx (%s)", 2915 (unsigned long)OpenSSL_version_num(), 2916 OpenSSL_version(OPENSSL_VERSION)) < 0) 2917 exit(1); 2918#ifdef LIBRESSL_VERSION_NUMBER 2919 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) 2920 exit(1); 2921#endif 2922 if (fputc('\n', f) == EOF || fclose(f) == EOF) 2923 exit(1); 2924 exit(0); 2925 ]])], 2926 [ 2927 sslver=`cat conftest.ssllibver` 2928 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` 2929 # Check version is supported. 2930 case "$sslver" in 2931 100*|10100*) # 1.0.x, 1.1.0x 2932 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) 2933 ;; 2934 101*) ;; # 1.1.x 2935 200*) # LibreSSL 2936 lver=`echo "$sslver" | sed 's/.*libressl-//'` 2937 case "$lver" in 2938 2*|300*) # 2.x, 3.0.0 2939 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) 2940 ;; 2941 *) ;; # Assume all other versions are good. 2942 esac 2943 ;; 2944 300*) 2945 # OpenSSL 3; we use the 1.1x API 2946 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2947 ;; 2948 301*|302*|303*) 2949 # OpenSSL development branch; request 1.1x API 2950 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2951 ;; 2952 *) 2953 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) 2954 ;; 2955 esac 2956 AC_MSG_RESULT([$ssl_showver]) 2957 ], 2958 [ 2959 AC_MSG_RESULT([not found]) 2960 AC_MSG_ERROR([OpenSSL library not found.]) 2961 ], 2962 [ 2963 AC_MSG_WARN([cross compiling: not checking]) 2964 ] 2965 ) 2966 2967 case "$host" in 2968 x86_64-*) 2969 case "$sslver" in 2970 3000004*) 2971 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2972 ;; 2973 esac 2974 esac 2975 2976 # Sanity check OpenSSL headers 2977 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2978 AC_RUN_IFELSE( 2979 [AC_LANG_PROGRAM([[ 2980 #include <stdlib.h> 2981 #include <string.h> 2982 #include <openssl/opensslv.h> 2983 #include <openssl/crypto.h> 2984 ]], [[ 2985 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2986 ]])], 2987 [ 2988 AC_MSG_RESULT([yes]) 2989 ], 2990 [ 2991 AC_MSG_RESULT([no]) 2992 if test "x$openssl_check_nonfatal" = "x"; then 2993 AC_MSG_ERROR([Your OpenSSL headers do not match your 2994 library. Check config.log for details. 2995 If you are sure your installation is consistent, you can disable the check 2996 by running "./configure --without-openssl-header-check". 2997 Also see contrib/findssl.sh for help identifying header/library mismatches. 2998 ]) 2999 else 3000 AC_MSG_WARN([Your OpenSSL headers do not match your 3001 library. Check config.log for details. 3002 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 3003 fi 3004 ], 3005 [ 3006 AC_MSG_WARN([cross compiling: not checking]) 3007 ] 3008 ) 3009 3010 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 3011 AC_LINK_IFELSE( 3012 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3013 [[ ERR_load_crypto_strings(); ]])], 3014 [ 3015 AC_MSG_RESULT([yes]) 3016 ], 3017 [ 3018 AC_MSG_RESULT([no]) 3019 LIBS="$LIBS -ldl" 3020 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 3021 AC_LINK_IFELSE( 3022 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3023 [[ ERR_load_crypto_strings(); ]])], 3024 [ 3025 AC_MSG_RESULT([yes]) 3026 CHANNELLIBS="$CHANNELLIBS -ldl" 3027 ], 3028 [ 3029 AC_MSG_RESULT([no]) 3030 ] 3031 ) 3032 ] 3033 ) 3034 3035 AC_CHECK_FUNCS([ \ 3036 BN_is_prime_ex \ 3037 DES_crypt \ 3038 DSA_generate_parameters_ex \ 3039 EVP_DigestFinal_ex \ 3040 EVP_DigestInit_ex \ 3041 EVP_MD_CTX_cleanup \ 3042 EVP_MD_CTX_copy_ex \ 3043 EVP_MD_CTX_init \ 3044 HMAC_CTX_init \ 3045 RSA_generate_key_ex \ 3046 RSA_get_default_method \ 3047 ]) 3048 3049 # OpenSSL_add_all_algorithms may be a macro. 3050 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 3051 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 3052 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 3053 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 3054 [[#include <openssl/evp.h>]] 3055 ) 3056 ) 3057 3058 # LibreSSL/OpenSSL API differences 3059 AC_CHECK_FUNCS([ \ 3060 EVP_CIPHER_CTX_iv \ 3061 EVP_CIPHER_CTX_iv_noconst \ 3062 EVP_CIPHER_CTX_get_iv \ 3063 EVP_CIPHER_CTX_get_updated_iv \ 3064 EVP_CIPHER_CTX_set_iv \ 3065 ]) 3066 3067 if test "x$openssl_engine" = "xyes" ; then 3068 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3069 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3070 #include <openssl/engine.h> 3071 ]], [[ 3072 ENGINE_load_builtin_engines(); 3073 ENGINE_register_all_complete(); 3074 ]])], 3075 [ AC_MSG_RESULT([yes]) 3076 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3077 [Enable OpenSSL engine support]) 3078 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3079 ]) 3080 fi 3081 3082 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3083 AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256]) 3084 AC_LINK_IFELSE( 3085 [AC_LANG_PROGRAM([[ 3086 #include <stdlib.h> 3087 #include <string.h> 3088 #include <openssl/evp.h> 3089 ]], [[ 3090 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3091 ]])], 3092 [ 3093 AC_MSG_RESULT([no]) 3094 ], 3095 [ 3096 AC_MSG_RESULT([yes]) 3097 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3098 [libcrypto is missing AES 192 and 256 bit functions]) 3099 ] 3100 ) 3101 3102 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3103 AC_LINK_IFELSE( 3104 [AC_LANG_PROGRAM([[ 3105 #include <stdlib.h> 3106 #include <string.h> 3107 #include <openssl/evp.h> 3108 ]], [[ 3109 if(EVP_DigestUpdate(NULL, NULL,0)) 3110 exit(0); 3111 ]])], 3112 [ 3113 AC_MSG_RESULT([yes]) 3114 ], 3115 [ 3116 AC_MSG_RESULT([no]) 3117 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3118 [Define if EVP_DigestUpdate returns void]) 3119 ] 3120 ) 3121 3122 # Check for various EVP support in OpenSSL 3123 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) 3124 3125 # Check complete ECC support in OpenSSL 3126 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3127 AC_LINK_IFELSE( 3128 [AC_LANG_PROGRAM([[ 3129 #include <openssl/ec.h> 3130 #include <openssl/ecdh.h> 3131 #include <openssl/ecdsa.h> 3132 #include <openssl/evp.h> 3133 #include <openssl/objects.h> 3134 #include <openssl/opensslv.h> 3135 ]], [[ 3136 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3137 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3138 ]])], 3139 [ AC_MSG_RESULT([yes]) 3140 enable_nistp256=1 ], 3141 [ AC_MSG_RESULT([no]) ] 3142 ) 3143 3144 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3145 AC_LINK_IFELSE( 3146 [AC_LANG_PROGRAM([[ 3147 #include <openssl/ec.h> 3148 #include <openssl/ecdh.h> 3149 #include <openssl/ecdsa.h> 3150 #include <openssl/evp.h> 3151 #include <openssl/objects.h> 3152 #include <openssl/opensslv.h> 3153 ]], [[ 3154 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3155 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3156 ]])], 3157 [ AC_MSG_RESULT([yes]) 3158 enable_nistp384=1 ], 3159 [ AC_MSG_RESULT([no]) ] 3160 ) 3161 3162 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3163 AC_LINK_IFELSE( 3164 [AC_LANG_PROGRAM([[ 3165 #include <openssl/ec.h> 3166 #include <openssl/ecdh.h> 3167 #include <openssl/ecdsa.h> 3168 #include <openssl/evp.h> 3169 #include <openssl/objects.h> 3170 #include <openssl/opensslv.h> 3171 ]], [[ 3172 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3173 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3174 ]])], 3175 [ AC_MSG_RESULT([yes]) 3176 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3177 AC_RUN_IFELSE( 3178 [AC_LANG_PROGRAM([[ 3179 #include <stdlib.h> 3180 #include <openssl/ec.h> 3181 #include <openssl/ecdh.h> 3182 #include <openssl/ecdsa.h> 3183 #include <openssl/evp.h> 3184 #include <openssl/objects.h> 3185 #include <openssl/opensslv.h> 3186 ]],[[ 3187 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3188 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3189 exit(e == NULL || m == NULL); 3190 ]])], 3191 [ AC_MSG_RESULT([yes]) 3192 enable_nistp521=1 ], 3193 [ AC_MSG_RESULT([no]) ], 3194 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3195 enable_nistp521=1 ] 3196 )], 3197 AC_MSG_RESULT([no]) 3198 ) 3199 3200 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3201 test x$enable_nistp521 = x1; then 3202 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3203 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3204 openssl_ecc=yes 3205 else 3206 openssl_ecc=no 3207 fi 3208 if test x$enable_nistp256 = x1; then 3209 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3210 [libcrypto has NID_X9_62_prime256v1]) 3211 else 3212 unsupported_algorithms="$unsupported_algorithms \ 3213 ecdsa-sha2-nistp256 \ 3214 ecdh-sha2-nistp256 \ 3215 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3216 fi 3217 if test x$enable_nistp384 = x1; then 3218 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3219 else 3220 unsupported_algorithms="$unsupported_algorithms \ 3221 ecdsa-sha2-nistp384 \ 3222 ecdh-sha2-nistp384 \ 3223 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3224 fi 3225 if test x$enable_nistp521 = x1; then 3226 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3227 else 3228 unsupported_algorithms="$unsupported_algorithms \ 3229 ecdh-sha2-nistp521 \ 3230 ecdsa-sha2-nistp521 \ 3231 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3232 fi 3233 3234 # Check libcrypto ED25519 support 3235 AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key]) 3236 AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key]) 3237 AC_MSG_CHECKING([whether OpenSSL has ED25519 support]) 3238 AC_LINK_IFELSE( 3239 [AC_LANG_PROGRAM([[ 3240 #include <string.h> 3241 #include <openssl/evp.h> 3242 ]], [[ 3243 unsigned char buf[64]; 3244 memset(buf, 0, sizeof(buf)); 3245 exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, 3246 buf, sizeof(buf)) == NULL); 3247 ]])], 3248 [ 3249 AC_MSG_RESULT([yes]) 3250 AC_DEFINE([OPENSSL_HAS_ED25519], [1], 3251 [libcrypto has ed25519 support]) 3252 ], 3253 [ 3254 AC_MSG_RESULT([no]) 3255 ] 3256 ) 3257fi 3258 3259# PKCS11/U2F depend on OpenSSL and dlopen(). 3260enable_pkcs11=yes 3261enable_sk=yes 3262if test "x$openssl" != "xyes" ; then 3263 enable_pkcs11="disabled; missing libcrypto" 3264fi 3265if test "x$ac_cv_func_dlopen" != "xyes" ; then 3266 enable_pkcs11="disabled; missing dlopen(3)" 3267 enable_sk="disabled; missing dlopen(3)" 3268fi 3269if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3270 enable_pkcs11="disabled; missing RTLD_NOW" 3271 enable_sk="disabled; missing RTLD_NOW" 3272fi 3273if test ! -z "$disable_pkcs11" ; then 3274 enable_pkcs11="disabled by user" 3275fi 3276if test ! -z "$disable_sk" ; then 3277 enable_sk="disabled by user" 3278fi 3279 3280AC_MSG_CHECKING([whether to enable PKCS11]) 3281if test "x$enable_pkcs11" = "xyes" ; then 3282 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3283fi 3284AC_MSG_RESULT([$enable_pkcs11]) 3285 3286AC_MSG_CHECKING([whether to enable U2F]) 3287if test "x$enable_sk" = "xyes" ; then 3288 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3289 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3290else 3291 # Do not try to build sk-dummy library. 3292 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3293fi 3294AC_MSG_RESULT([$enable_sk]) 3295 3296# Now check for built-in security key support. 3297if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3298 use_pkgconfig_for_libfido2= 3299 if test "x$PKGCONFIG" != "xno"; then 3300 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3301 if "$PKGCONFIG" libfido2; then 3302 AC_MSG_RESULT([yes]) 3303 use_pkgconfig_for_libfido2=yes 3304 else 3305 AC_MSG_RESULT([no]) 3306 fi 3307 fi 3308 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3309 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3310 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3311 else 3312 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3313 fi 3314 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3315 fido2_error= 3316 AC_CHECK_LIB([privatefido2], [fido_init], 3317 [ ], 3318 [ fido2_error="missing/unusable libfido2" ], 3319 [ $OTHERLIBS ] 3320 ) 3321 AC_CHECK_HEADER([fido.h], [], 3322 [ fido2_error="missing fido.h from libfido2" ]) 3323 AC_CHECK_HEADER([fido/credman.h], [], 3324 [ fido2_error="missing fido/credman.h from libfido2" ], 3325 [ #include <fido.h> ] 3326 ) 3327 AC_MSG_CHECKING([for usable libfido2 installation]) 3328 if test ! -z "$fido2_error" ; then 3329 AC_MSG_RESULT([$fido2_error]) 3330 if test "x$enable_sk_internal" = "xyes" ; then 3331 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3332 fi 3333 LIBFIDO2="" 3334 else 3335 AC_MSG_RESULT([yes]) 3336 AC_SUBST([LIBFIDO2]) 3337 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3338 [Enable for built-in U2F/FIDO support]) 3339 enable_sk="built-in" 3340 saved_LIBS="$LIBS" 3341 LIBS="$LIBFIDO2 $LIBS" 3342 AC_CHECK_FUNCS([ \ 3343 fido_assert_set_clientdata \ 3344 fido_cred_prot \ 3345 fido_cred_set_prot \ 3346 fido_cred_set_clientdata \ 3347 fido_dev_get_touch_begin \ 3348 fido_dev_get_touch_status \ 3349 fido_dev_supports_cred_prot \ 3350 fido_dev_is_winhello \ 3351 ]) 3352 LIBS="$saved_LIBS" 3353 fi 3354fi 3355 3356AC_CHECK_FUNCS([ \ 3357 arc4random \ 3358 arc4random_buf \ 3359 arc4random_stir \ 3360 arc4random_uniform \ 3361]) 3362### Configure cryptographic random number support 3363 3364# Check whether OpenSSL seeds itself 3365if test "x$openssl" = "xyes" ; then 3366 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3367 AC_RUN_IFELSE( 3368 [AC_LANG_PROGRAM([[ 3369 #include <stdlib.h> 3370 #include <string.h> 3371 #include <openssl/rand.h> 3372 ]], [[ 3373 exit(RAND_status() == 1 ? 0 : 1); 3374 ]])], 3375 [ 3376 OPENSSL_SEEDS_ITSELF=yes 3377 AC_MSG_RESULT([yes]) 3378 ], 3379 [ 3380 AC_MSG_RESULT([no]) 3381 ], 3382 [ 3383 AC_MSG_WARN([cross compiling: assuming yes]) 3384 # This is safe, since we will fatal() at runtime if 3385 # OpenSSL is not seeded correctly. 3386 OPENSSL_SEEDS_ITSELF=yes 3387 ] 3388 ) 3389fi 3390 3391# PRNGD TCP socket 3392AC_ARG_WITH([prngd-port], 3393 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3394 [ 3395 case "$withval" in 3396 no) 3397 withval="" 3398 ;; 3399 [[0-9]]*) 3400 ;; 3401 *) 3402 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3403 ;; 3404 esac 3405 if test ! -z "$withval" ; then 3406 PRNGD_PORT="$withval" 3407 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3408 [Port number of PRNGD/EGD random number socket]) 3409 fi 3410 ] 3411) 3412 3413# PRNGD Unix domain socket 3414AC_ARG_WITH([prngd-socket], 3415 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3416 [ 3417 case "$withval" in 3418 yes) 3419 withval="/var/run/egd-pool" 3420 ;; 3421 no) 3422 withval="" 3423 ;; 3424 /*) 3425 ;; 3426 *) 3427 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3428 ;; 3429 esac 3430 3431 if test ! -z "$withval" ; then 3432 if test ! -z "$PRNGD_PORT" ; then 3433 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3434 fi 3435 if test ! -r "$withval" ; then 3436 AC_MSG_WARN([Entropy socket is not readable]) 3437 fi 3438 PRNGD_SOCKET="$withval" 3439 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3440 [Location of PRNGD/EGD random number socket]) 3441 fi 3442 ], 3443 [ 3444 # Check for existing socket only if we don't have a random device already 3445 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3446 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3447 # Insert other locations here 3448 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3449 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3450 PRNGD_SOCKET="$sock" 3451 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3452 break; 3453 fi 3454 done 3455 if test ! -z "$PRNGD_SOCKET" ; then 3456 AC_MSG_RESULT([$PRNGD_SOCKET]) 3457 else 3458 AC_MSG_RESULT([not found]) 3459 fi 3460 fi 3461 ] 3462) 3463 3464# Which randomness source do we use? 3465if test ! -z "$PRNGD_PORT" ; then 3466 RAND_MSG="PRNGd port $PRNGD_PORT" 3467elif test ! -z "$PRNGD_SOCKET" ; then 3468 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3469elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3470 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3471 [Define if you want the OpenSSL internally seeded PRNG only]) 3472 RAND_MSG="OpenSSL internal ONLY" 3473elif test "x$openssl" = "xno" ; then 3474 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3475else 3476 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3477fi 3478LIBS="$nocrypto_saved_LIBS" 3479 3480saved_LIBS="$LIBS" 3481AC_CHECK_LIB([iaf], [ia_openinfo], [ 3482 LIBS="$LIBS -liaf" 3483 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3484 AC_DEFINE([HAVE_LIBIAF], [1], 3485 [Define if system has libiaf that supports set_id]) 3486 ]) 3487]) 3488LIBS="$saved_LIBS" 3489 3490# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3491saved_LIBS="$LIBS" 3492AC_CHECK_LIB([crypt], [crypt], [ 3493 LIBS="-lcrypt $LIBS" 3494 SSHDLIBS="-lcrypt $SSHDLIBS" 3495]) 3496AC_CHECK_FUNCS([crypt]) 3497LIBS="$saved_LIBS" 3498 3499# Check for PAM libs 3500PAM_MSG="no" 3501AC_ARG_WITH([pam], 3502 [ --with-pam Enable PAM support ], 3503 [ 3504 if test "x$withval" != "xno" ; then 3505 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3506 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3507 AC_MSG_ERROR([PAM headers not found]) 3508 fi 3509 3510 saved_LIBS="$LIBS" 3511 AC_CHECK_LIB([dl], [dlopen], , ) 3512 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3513 AC_CHECK_FUNCS([pam_getenvlist]) 3514 AC_CHECK_FUNCS([pam_putenv]) 3515 LIBS="$saved_LIBS" 3516 3517 PAM_MSG="yes" 3518 3519 SSHDLIBS="$SSHDLIBS -lpam" 3520 AC_DEFINE([USE_PAM], [1], 3521 [Define if you want to enable PAM support]) 3522 3523 if test $ac_cv_lib_dl_dlopen = yes; then 3524 case "$LIBS" in 3525 *-ldl*) 3526 # libdl already in LIBS 3527 ;; 3528 *) 3529 SSHDLIBS="$SSHDLIBS -ldl" 3530 ;; 3531 esac 3532 fi 3533 fi 3534 ] 3535) 3536 3537AC_ARG_WITH([pam-service], 3538 [ --with-pam-service=name Specify PAM service name ], 3539 [ 3540 if test "x$withval" != "xno" && \ 3541 test "x$withval" != "xyes" ; then 3542 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3543 ["$withval"], [sshd PAM service name]) 3544 fi 3545 ] 3546) 3547 3548# Check for older PAM 3549if test "x$PAM_MSG" = "xyes" ; then 3550 # Check PAM strerror arguments (old PAM) 3551 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3552 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3553#include <stdlib.h> 3554#if defined(HAVE_SECURITY_PAM_APPL_H) 3555#include <security/pam_appl.h> 3556#elif defined (HAVE_PAM_PAM_APPL_H) 3557#include <pam/pam_appl.h> 3558#endif 3559 ]], [[ 3560(void)pam_strerror((pam_handle_t *)NULL, -1); 3561 ]])], [AC_MSG_RESULT([no])], [ 3562 AC_DEFINE([HAVE_OLD_PAM], [1], 3563 [Define if you have an old version of PAM 3564 which takes only one argument to pam_strerror]) 3565 AC_MSG_RESULT([yes]) 3566 PAM_MSG="yes (old library)" 3567 3568 ]) 3569fi 3570 3571case "$host" in 3572*-*-cygwin*) 3573 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3574 ;; 3575*) 3576 SSH_PRIVSEP_USER=sshd 3577 ;; 3578esac 3579AC_ARG_WITH([privsep-user], 3580 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3581 [ 3582 if test -n "$withval" && test "x$withval" != "xno" && \ 3583 test "x${withval}" != "xyes"; then 3584 SSH_PRIVSEP_USER=$withval 3585 fi 3586 ] 3587) 3588if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3589 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3590 [Cygwin function to fetch non-privileged user for privilege separation]) 3591else 3592 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3593 [non-privileged user for privilege separation]) 3594fi 3595AC_SUBST([SSH_PRIVSEP_USER]) 3596 3597if test "x$have_linux_no_new_privs" = "x1" ; then 3598AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3599 #include <sys/types.h> 3600 #include <linux/seccomp.h> 3601]) 3602fi 3603if test "x$have_seccomp_filter" = "x1" ; then 3604AC_MSG_CHECKING([kernel for seccomp_filter support]) 3605AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3606 #include <errno.h> 3607 #include <elf.h> 3608 #include <linux/audit.h> 3609 #include <linux/seccomp.h> 3610 #include <stdlib.h> 3611 #include <sys/prctl.h> 3612 ]], 3613 [[ int i = $seccomp_audit_arch; 3614 errno = 0; 3615 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3616 exit(errno == EFAULT ? 0 : 1); ]])], 3617 [ AC_MSG_RESULT([yes]) ], [ 3618 AC_MSG_RESULT([no]) 3619 # Disable seccomp filter as a target 3620 have_seccomp_filter=0 3621 ] 3622) 3623fi 3624 3625AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3626#include <sys/types.h> 3627#ifdef HAVE_POLL_H 3628#include <poll.h> 3629#endif 3630#ifdef HAVE_SYS_POLL_H 3631#include <sys/poll.h> 3632#endif 3633]]) 3634 3635AC_CHECK_TYPES([nfds_t], , , [ 3636#include <sys/types.h> 3637#ifdef HAVE_POLL_H 3638#include <poll.h> 3639#endif 3640#ifdef HAVE_SYS_POLL_H 3641#include <sys/poll.h> 3642#endif 3643]) 3644 3645# Decide which sandbox style to use 3646sandbox_arg="" 3647AC_ARG_WITH([sandbox], 3648 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3649 [ 3650 if test "x$withval" = "xyes" ; then 3651 sandbox_arg="" 3652 else 3653 sandbox_arg="$withval" 3654 fi 3655 ] 3656) 3657 3658if test "x$sandbox_arg" != "xno"; then 3659# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3660# is greater than OPEN_MAX". On some platforms that includes implementions 3661# of select in userspace on top of poll() so check both work with rlimit 3662# NOFILES so check that both work before enabling the rlimit sandbox. 3663 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3664 AC_RUN_IFELSE( 3665 [AC_LANG_PROGRAM([[ 3666#include <sys/types.h> 3667#ifdef HAVE_SYS_TIME_H 3668# include <sys/time.h> 3669#endif 3670#include <sys/resource.h> 3671#ifdef HAVE_SYS_SELECT_H 3672# include <sys/select.h> 3673#endif 3674#ifdef HAVE_POLL_H 3675# include <poll.h> 3676#elif HAVE_SYS_POLL_H 3677# include <sys/poll.h> 3678#endif 3679#include <errno.h> 3680#include <fcntl.h> 3681#include <stdlib.h> 3682 ]],[[ 3683 struct rlimit rl_zero; 3684 int fd, r; 3685 fd_set fds; 3686 struct timeval tv; 3687#ifdef HAVE_POLL 3688 struct pollfd pfd; 3689#endif 3690 3691 fd = open("/dev/null", O_RDONLY); 3692 FD_ZERO(&fds); 3693 FD_SET(fd, &fds); 3694 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3695 setrlimit(RLIMIT_FSIZE, &rl_zero); 3696 setrlimit(RLIMIT_NOFILE, &rl_zero); 3697 tv.tv_sec = 1; 3698 tv.tv_usec = 0; 3699 r = select(fd+1, &fds, NULL, NULL, &tv); 3700 if (r == -1) 3701 exit(1); 3702#ifdef HAVE_POLL 3703 pfd.fd = fd; 3704 pfd.events = POLLIN; 3705 r = poll(&pfd, 1, 1); 3706 if (r == -1) 3707 exit(2); 3708#endif 3709 exit(0); 3710 ]])], 3711 [AC_MSG_RESULT([yes]) 3712 select_works_with_rlimit=yes], 3713 [AC_MSG_RESULT([no]) 3714 select_works_with_rlimit=no], 3715 [AC_MSG_WARN([cross compiling: assuming no]) 3716 select_works_with_rlimit=no] 3717 ) 3718 3719 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3720 AC_RUN_IFELSE( 3721 [AC_LANG_PROGRAM([[ 3722#include <sys/types.h> 3723#ifdef HAVE_SYS_TIME_H 3724# include <sys/time.h> 3725#endif 3726#include <sys/resource.h> 3727#include <errno.h> 3728#include <stdlib.h> 3729 ]],[[ 3730 struct rlimit rl_zero; 3731 int r; 3732 3733 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3734 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3735 exit (r == -1 ? 1 : 0); 3736 ]])], 3737 [AC_MSG_RESULT([yes]) 3738 rlimit_nofile_zero_works=yes], 3739 [AC_MSG_RESULT([no]) 3740 rlimit_nofile_zero_works=no], 3741 [AC_MSG_WARN([cross compiling: assuming yes]) 3742 rlimit_nofile_zero_works=yes] 3743 ) 3744 3745 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3746 AC_RUN_IFELSE( 3747 [AC_LANG_PROGRAM([[ 3748#include <sys/types.h> 3749#include <sys/resource.h> 3750#include <stdlib.h> 3751 ]],[[ 3752 struct rlimit rl_zero; 3753 3754 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3755 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3756 ]])], 3757 [AC_MSG_RESULT([yes])], 3758 [AC_MSG_RESULT([no]) 3759 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3760 [setrlimit RLIMIT_FSIZE works])], 3761 [AC_MSG_WARN([cross compiling: assuming yes])] 3762 ) 3763fi 3764 3765if test "x$sandbox_arg" = "xpledge" || \ 3766 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3767 test "x$ac_cv_func_pledge" != "xyes" && \ 3768 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3769 SANDBOX_STYLE="pledge" 3770 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3771elif test "x$sandbox_arg" = "xsystrace" || \ 3772 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3773 test "x$have_systr_policy_kill" != "x1" && \ 3774 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3775 SANDBOX_STYLE="systrace" 3776 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3777elif test "x$sandbox_arg" = "xdarwin" || \ 3778 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3779 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3780 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3781 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3782 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3783 SANDBOX_STYLE="darwin" 3784 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3785elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3786 ( test -z "$sandbox_arg" && \ 3787 test "x$have_seccomp_filter" = "x1" && \ 3788 test "x$ac_cv_header_elf_h" = "xyes" && \ 3789 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3790 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3791 test "x$seccomp_audit_arch" != "x" && \ 3792 test "x$have_linux_no_new_privs" = "x1" && \ 3793 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3794 test "x$seccomp_audit_arch" = "x" && \ 3795 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3796 test "x$have_linux_no_new_privs" != "x1" && \ 3797 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3798 test "x$have_seccomp_filter" != "x1" && \ 3799 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3800 test "x$ac_cv_func_prctl" != "xyes" && \ 3801 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3802 SANDBOX_STYLE="seccomp_filter" 3803 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3804elif test "x$sandbox_arg" = "xcapsicum" || \ 3805 ( test -z "$sandbox_arg" && \ 3806 test "x$disable_capsicum" != "xyes" && \ 3807 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3808 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3809 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3810 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3811 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3812 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3813 SANDBOX_STYLE="capsicum" 3814 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3815elif test "x$sandbox_arg" = "xrlimit" || \ 3816 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3817 test "x$select_works_with_rlimit" = "xyes" && \ 3818 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3819 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3820 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3821 test "x$select_works_with_rlimit" != "xyes" && \ 3822 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3823 SANDBOX_STYLE="rlimit" 3824 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3825elif test "x$sandbox_arg" = "xsolaris" || \ 3826 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3827 SANDBOX_STYLE="solaris" 3828 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3829elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3830 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3831 SANDBOX_STYLE="none" 3832 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3833else 3834 AC_MSG_ERROR([unsupported --with-sandbox]) 3835fi 3836 3837# Cheap hack to ensure NEWS-OS libraries are arranged right. 3838if test ! -z "$SONY" ; then 3839 LIBS="$LIBS -liberty"; 3840fi 3841 3842# Check for long long datatypes 3843AC_CHECK_TYPES([long long, unsigned long long, long double]) 3844 3845# Check datatype sizes 3846AC_CHECK_SIZEOF([short int]) 3847AC_CHECK_SIZEOF([int]) 3848AC_CHECK_SIZEOF([long int]) 3849AC_CHECK_SIZEOF([long long int]) 3850AC_CHECK_SIZEOF([time_t], [], [[ 3851 #include <sys/types.h> 3852 #ifdef HAVE_SYS_TIME_H 3853 # include <sys/time.h> 3854 #endif 3855 #ifdef HAVE_TIME_H 3856 # include <time.h> 3857 #endif 3858 ]] 3859) 3860 3861# Sanity check long long for some platforms (AIX) 3862if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3863 ac_cv_sizeof_long_long_int=0 3864fi 3865 3866# compute LLONG_MIN and LLONG_MAX if we don't know them. 3867if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3868 AC_MSG_CHECKING([for max value of long long]) 3869 AC_RUN_IFELSE( 3870 [AC_LANG_PROGRAM([[ 3871#include <stdio.h> 3872#include <stdlib.h> 3873/* Why is this so damn hard? */ 3874#ifdef __GNUC__ 3875# undef __GNUC__ 3876#endif 3877#define __USE_ISOC99 3878#include <limits.h> 3879#define DATA "conftest.llminmax" 3880#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3881 3882/* 3883 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3884 * we do this the hard way. 3885 */ 3886static int 3887fprint_ll(FILE *f, long long n) 3888{ 3889 unsigned int i; 3890 int l[sizeof(long long) * 8]; 3891 3892 if (n < 0) 3893 if (fprintf(f, "-") < 0) 3894 return -1; 3895 for (i = 0; n != 0; i++) { 3896 l[i] = my_abs(n % 10); 3897 n /= 10; 3898 } 3899 do { 3900 if (fprintf(f, "%d", l[--i]) < 0) 3901 return -1; 3902 } while (i != 0); 3903 if (fprintf(f, " ") < 0) 3904 return -1; 3905 return 0; 3906} 3907 ]], [[ 3908 FILE *f; 3909 long long i, llmin, llmax = 0; 3910 3911 if((f = fopen(DATA,"w")) == NULL) 3912 exit(1); 3913 3914#if defined(LLONG_MIN) && defined(LLONG_MAX) 3915 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3916 llmin = LLONG_MIN; 3917 llmax = LLONG_MAX; 3918#else 3919 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3920 /* This will work on one's complement and two's complement */ 3921 for (i = 1; i > llmax; i <<= 1, i++) 3922 llmax = i; 3923 llmin = llmax + 1LL; /* wrap */ 3924#endif 3925 3926 /* Sanity check */ 3927 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3928 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3929 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3930 fprintf(f, "unknown unknown\n"); 3931 exit(2); 3932 } 3933 3934 if (fprint_ll(f, llmin) < 0) 3935 exit(3); 3936 if (fprint_ll(f, llmax) < 0) 3937 exit(4); 3938 if (fclose(f) < 0) 3939 exit(5); 3940 exit(0); 3941 ]])], 3942 [ 3943 llong_min=`$AWK '{print $1}' conftest.llminmax` 3944 llong_max=`$AWK '{print $2}' conftest.llminmax` 3945 3946 AC_MSG_RESULT([$llong_max]) 3947 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3948 [max value of long long calculated by configure]) 3949 AC_MSG_CHECKING([for min value of long long]) 3950 AC_MSG_RESULT([$llong_min]) 3951 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3952 [min value of long long calculated by configure]) 3953 ], 3954 [ 3955 AC_MSG_RESULT([not found]) 3956 ], 3957 [ 3958 AC_MSG_WARN([cross compiling: not checking]) 3959 ] 3960 ) 3961fi 3962 3963AC_CHECK_DECLS([UINT32_MAX], , , [[ 3964#ifdef HAVE_SYS_LIMITS_H 3965# include <sys/limits.h> 3966#endif 3967#ifdef HAVE_LIMITS_H 3968# include <limits.h> 3969#endif 3970#ifdef HAVE_STDINT_H 3971# include <stdint.h> 3972#endif 3973]]) 3974 3975# More checks for data types 3976AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3977 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3978 [[ u_int a; a = 1;]])], 3979 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3980 ]) 3981]) 3982if test "x$ac_cv_have_u_int" = "xyes" ; then 3983 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3984 have_u_int=1 3985fi 3986 3987AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3988 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3989 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3990 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3991 ]) 3992]) 3993if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3994 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3995 have_intxx_t=1 3996fi 3997 3998if (test -z "$have_intxx_t" && \ 3999 test "x$ac_cv_header_stdint_h" = "xyes") 4000then 4001 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 4002 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4003 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 4004 [ 4005 AC_DEFINE([HAVE_INTXX_T]) 4006 AC_MSG_RESULT([yes]) 4007 ], [ AC_MSG_RESULT([no]) 4008 ]) 4009fi 4010 4011AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 4012 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4013#include <sys/types.h> 4014#ifdef HAVE_STDINT_H 4015# include <stdint.h> 4016#endif 4017#include <sys/socket.h> 4018#ifdef HAVE_SYS_BITYPES_H 4019# include <sys/bitypes.h> 4020#endif 4021 ]], [[ 4022int64_t a; a = 1; 4023 ]])], 4024 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 4025 ]) 4026]) 4027if test "x$ac_cv_have_int64_t" = "xyes" ; then 4028 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 4029fi 4030 4031AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 4032 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4033 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4034 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 4035 ]) 4036]) 4037if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 4038 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 4039 have_u_intxx_t=1 4040fi 4041 4042if test -z "$have_u_intxx_t" ; then 4043 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 4045 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4046 [ 4047 AC_DEFINE([HAVE_U_INTXX_T]) 4048 AC_MSG_RESULT([yes]) 4049 ], [ AC_MSG_RESULT([no]) 4050 ]) 4051fi 4052 4053AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4054 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4055 [[ u_int64_t a; a = 1;]])], 4056 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4057 ]) 4058]) 4059if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4060 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4061 have_u_int64_t=1 4062fi 4063 4064if (test -z "$have_u_int64_t" && \ 4065 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4066then 4067 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4068 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4069 [[ u_int64_t a; a = 1]])], 4070 [ 4071 AC_DEFINE([HAVE_U_INT64_T]) 4072 AC_MSG_RESULT([yes]) 4073 ], [ AC_MSG_RESULT([no]) 4074 ]) 4075fi 4076 4077if test -z "$have_u_intxx_t" ; then 4078 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4079 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4080#include <sys/types.h> 4081 ]], [[ 4082 uint8_t a; 4083 uint16_t b; 4084 uint32_t c; 4085 a = b = c = 1; 4086 ]])], 4087 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4088 ]) 4089 ]) 4090 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4091 AC_DEFINE([HAVE_UINTXX_T], [1], 4092 [define if you have uintxx_t data type]) 4093 fi 4094fi 4095 4096if (test -z "$have_uintxx_t" && \ 4097 test "x$ac_cv_header_stdint_h" = "xyes") 4098then 4099 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4100 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4101 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4102 [ 4103 AC_DEFINE([HAVE_UINTXX_T]) 4104 AC_MSG_RESULT([yes]) 4105 ], [ AC_MSG_RESULT([no]) 4106 ]) 4107fi 4108 4109if (test -z "$have_uintxx_t" && \ 4110 test "x$ac_cv_header_inttypes_h" = "xyes") 4111then 4112 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4113 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4114 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4115 [ 4116 AC_DEFINE([HAVE_UINTXX_T]) 4117 AC_MSG_RESULT([yes]) 4118 ], [ AC_MSG_RESULT([no]) 4119 ]) 4120fi 4121 4122if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4123 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4124then 4125 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4126 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4127#include <sys/bitypes.h> 4128 ]], [[ 4129 int8_t a; int16_t b; int32_t c; 4130 u_int8_t e; u_int16_t f; u_int32_t g; 4131 a = b = c = e = f = g = 1; 4132 ]])], 4133 [ 4134 AC_DEFINE([HAVE_U_INTXX_T]) 4135 AC_DEFINE([HAVE_INTXX_T]) 4136 AC_MSG_RESULT([yes]) 4137 ], [AC_MSG_RESULT([no]) 4138 ]) 4139fi 4140 4141 4142AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4143 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4144 [[ u_char foo; foo = 125; ]])], 4145 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4146 ]) 4147]) 4148if test "x$ac_cv_have_u_char" = "xyes" ; then 4149 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4150fi 4151 4152AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4153#include <sys/types.h> 4154#ifdef HAVE_STDINT_H 4155# include <stdint.h> 4156#endif 4157]) 4158 4159TYPE_SOCKLEN_T 4160 4161AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4162AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4163#include <sys/types.h> 4164#ifdef HAVE_SYS_BITYPES_H 4165#include <sys/bitypes.h> 4166#endif 4167#ifdef HAVE_SYS_STATFS_H 4168#include <sys/statfs.h> 4169#endif 4170#ifdef HAVE_SYS_STATVFS_H 4171#include <sys/statvfs.h> 4172#endif 4173]) 4174 4175AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4176#include <sys/param.h> 4177#include <sys/types.h> 4178#ifdef HAVE_SYS_BITYPES_H 4179#include <sys/bitypes.h> 4180#endif 4181#ifdef HAVE_SYS_STATFS_H 4182#include <sys/statfs.h> 4183#endif 4184#ifdef HAVE_SYS_STATVFS_H 4185#include <sys/statvfs.h> 4186#endif 4187#ifdef HAVE_SYS_VFS_H 4188#include <sys/vfs.h> 4189#endif 4190#ifdef HAVE_SYS_MOUNT_H 4191#include <sys/mount.h> 4192#endif 4193]]) 4194 4195 4196AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4197[#include <sys/types.h> 4198#include <netinet/in.h>]) 4199 4200AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4201 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4202 [[ size_t foo; foo = 1235; ]])], 4203 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4204 ]) 4205]) 4206if test "x$ac_cv_have_size_t" = "xyes" ; then 4207 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4208fi 4209 4210AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4211 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4212 [[ ssize_t foo; foo = 1235; ]])], 4213 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4214 ]) 4215]) 4216if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4217 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4218fi 4219 4220AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4221 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4222 [[ clock_t foo; foo = 1235; ]])], 4223 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4224 ]) 4225]) 4226if test "x$ac_cv_have_clock_t" = "xyes" ; then 4227 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4228fi 4229 4230AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4231 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4232#include <sys/types.h> 4233#include <sys/socket.h> 4234 ]], [[ sa_family_t foo; foo = 1235; ]])], 4235 [ ac_cv_have_sa_family_t="yes" ], 4236 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4237#include <sys/types.h> 4238#include <sys/socket.h> 4239#include <netinet/in.h> 4240 ]], [[ sa_family_t foo; foo = 1235; ]])], 4241 [ ac_cv_have_sa_family_t="yes" ], 4242 [ ac_cv_have_sa_family_t="no" ] 4243 ) 4244 ]) 4245]) 4246if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4247 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4248 [define if you have sa_family_t data type]) 4249fi 4250 4251AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4252 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4253 [[ pid_t foo; foo = 1235; ]])], 4254 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4255 ]) 4256]) 4257if test "x$ac_cv_have_pid_t" = "xyes" ; then 4258 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4259fi 4260 4261AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4262 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4263 [[ mode_t foo; foo = 1235; ]])], 4264 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4265 ]) 4266]) 4267if test "x$ac_cv_have_mode_t" = "xyes" ; then 4268 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4269fi 4270 4271 4272AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4273 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4274#include <sys/types.h> 4275#include <sys/socket.h> 4276 ]], [[ struct sockaddr_storage s; ]])], 4277 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4278 [ ac_cv_have_struct_sockaddr_storage="no" 4279 ]) 4280]) 4281if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4282 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4283 [define if you have struct sockaddr_storage data type]) 4284fi 4285 4286AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4287 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4288#include <sys/types.h> 4289#include <netinet/in.h> 4290 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4291 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4292 [ ac_cv_have_struct_sockaddr_in6="no" 4293 ]) 4294]) 4295if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4296 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4297 [define if you have struct sockaddr_in6 data type]) 4298fi 4299 4300AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4301 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4302#include <sys/types.h> 4303#include <netinet/in.h> 4304 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4305 [ ac_cv_have_struct_in6_addr="yes" ], 4306 [ ac_cv_have_struct_in6_addr="no" 4307 ]) 4308]) 4309if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4310 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4311 [define if you have struct in6_addr data type]) 4312 4313dnl Now check for sin6_scope_id 4314 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4315 [ 4316#ifdef HAVE_SYS_TYPES_H 4317#include <sys/types.h> 4318#endif 4319#include <netinet/in.h> 4320 ]) 4321fi 4322 4323AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4324 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4325#include <sys/types.h> 4326#include <sys/socket.h> 4327#include <netdb.h> 4328 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4329 [ ac_cv_have_struct_addrinfo="yes" ], 4330 [ ac_cv_have_struct_addrinfo="no" 4331 ]) 4332]) 4333if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4334 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4335 [define if you have struct addrinfo data type]) 4336fi 4337 4338AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4339 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4340 [[ struct timeval tv; tv.tv_sec = 1;]])], 4341 [ ac_cv_have_struct_timeval="yes" ], 4342 [ ac_cv_have_struct_timeval="no" 4343 ]) 4344]) 4345if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4346 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4347 have_struct_timeval=1 4348fi 4349 4350AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4351 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4352 #ifdef HAVE_SYS_TIME_H 4353 # include <sys/time.h> 4354 #endif 4355 #ifdef HAVE_TIME_H 4356 # include <time.h> 4357 #endif 4358 ]], 4359 [[ struct timespec ts; ts.tv_sec = 1;]])], 4360 [ ac_cv_have_struct_timespec="yes" ], 4361 [ ac_cv_have_struct_timespec="no" 4362 ]) 4363]) 4364if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4365 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4366 have_struct_timespec=1 4367fi 4368 4369# We need int64_t or else certain parts of the compile will fail. 4370if test "x$ac_cv_have_int64_t" = "xno" && \ 4371 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4372 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4373 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4374 echo "an alternative compiler (I.E., GCC) before continuing." 4375 echo "" 4376 exit 1; 4377else 4378dnl test snprintf (broken on SCO w/gcc) 4379 AC_RUN_IFELSE( 4380 [AC_LANG_SOURCE([[ 4381#include <stdio.h> 4382#include <stdlib.h> 4383#include <string.h> 4384#ifdef HAVE_SNPRINTF 4385int main(void) 4386{ 4387 char buf[50]; 4388 char expected_out[50]; 4389 int mazsize = 50 ; 4390#if (SIZEOF_LONG_INT == 8) 4391 long int num = 0x7fffffffffffffff; 4392#else 4393 long long num = 0x7fffffffffffffffll; 4394#endif 4395 strcpy(expected_out, "9223372036854775807"); 4396 snprintf(buf, mazsize, "%lld", num); 4397 if(strcmp(buf, expected_out) != 0) 4398 exit(1); 4399 exit(0); 4400} 4401#else 4402int main(void) { exit(0); } 4403#endif 4404 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4405 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4406 ) 4407fi 4408 4409dnl Checks for structure members 4410OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4411OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4412OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4413OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4414OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4415OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4416OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4417OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4418OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4419OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4420OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4421OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4422OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4423OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4424OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4425OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4426OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4427OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4428 4429AC_CHECK_MEMBERS([struct stat.st_blksize]) 4430AC_CHECK_MEMBERS([struct stat.st_mtim]) 4431AC_CHECK_MEMBERS([struct stat.st_mtime]) 4432AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4433struct passwd.pw_change, struct passwd.pw_expire], 4434[], [], [[ 4435#include <sys/types.h> 4436#include <pwd.h> 4437]]) 4438 4439AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4440 [Define if we don't have struct __res_state in resolv.h])], 4441[[ 4442#include <stdio.h> 4443#if HAVE_SYS_TYPES_H 4444# include <sys/types.h> 4445#endif 4446#include <netinet/in.h> 4447#include <arpa/nameser.h> 4448#include <resolv.h> 4449]]) 4450 4451AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4452 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4453 [], 4454 [AC_LANG_SOURCE([[ 4455#include <sys/types.h> 4456#include <sys/socket.h> 4457#include <netinet/in.h> 4458 ]])] 4459) 4460 4461AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4462 ac_cv_have_ss_family_in_struct_ss, [ 4463 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4464#include <sys/types.h> 4465#include <sys/socket.h> 4466 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4467 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4468 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4469]) 4470if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4471 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4472fi 4473 4474AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4475 ac_cv_have___ss_family_in_struct_ss, [ 4476 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4477#include <sys/types.h> 4478#include <sys/socket.h> 4479 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4480 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4481 [ ac_cv_have___ss_family_in_struct_ss="no" 4482 ]) 4483]) 4484if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4485 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4486 [Fields in struct sockaddr_storage]) 4487fi 4488 4489dnl make sure we're using the real structure members and not defines 4490AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4491 ac_cv_have_accrights_in_msghdr, [ 4492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4493#include <sys/types.h> 4494#include <sys/socket.h> 4495#include <sys/uio.h> 4496#include <stdlib.h> 4497 ]], [[ 4498#ifdef msg_accrights 4499#error "msg_accrights is a macro" 4500exit(1); 4501#endif 4502struct msghdr m; 4503m.msg_accrights = 0; 4504exit(0); 4505 ]])], 4506 [ ac_cv_have_accrights_in_msghdr="yes" ], 4507 [ ac_cv_have_accrights_in_msghdr="no" ] 4508 ) 4509]) 4510if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4511 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4512 [Define if your system uses access rights style 4513 file descriptor passing]) 4514fi 4515 4516AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4517AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4518#include <sys/param.h> 4519#include <sys/stat.h> 4520#ifdef HAVE_SYS_TIME_H 4521# include <sys/time.h> 4522#endif 4523#ifdef HAVE_SYS_MOUNT_H 4524#include <sys/mount.h> 4525#endif 4526#ifdef HAVE_SYS_STATVFS_H 4527#include <sys/statvfs.h> 4528#endif 4529 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4530 [ AC_MSG_RESULT([yes]) ], 4531 [ AC_MSG_RESULT([no]) 4532 4533 AC_MSG_CHECKING([if fsid_t has member val]) 4534 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4535#include <sys/types.h> 4536#include <sys/statvfs.h> 4537 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4538 [ AC_MSG_RESULT([yes]) 4539 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4540 [ AC_MSG_RESULT([no]) ]) 4541 4542 AC_MSG_CHECKING([if f_fsid has member __val]) 4543 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4544#include <sys/types.h> 4545#include <sys/statvfs.h> 4546 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4547 [ AC_MSG_RESULT([yes]) 4548 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4549 [ AC_MSG_RESULT([no]) ]) 4550]) 4551 4552AC_CACHE_CHECK([for msg_control field in struct msghdr], 4553 ac_cv_have_control_in_msghdr, [ 4554 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4555#include <sys/types.h> 4556#include <sys/socket.h> 4557#include <sys/uio.h> 4558#include <stdlib.h> 4559 ]], [[ 4560#ifdef msg_control 4561#error "msg_control is a macro" 4562exit(1); 4563#endif 4564struct msghdr m; 4565m.msg_control = 0; 4566exit(0); 4567 ]])], 4568 [ ac_cv_have_control_in_msghdr="yes" ], 4569 [ ac_cv_have_control_in_msghdr="no" ] 4570 ) 4571]) 4572if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4573 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4574 [Define if your system uses ancillary data style 4575 file descriptor passing]) 4576fi 4577 4578AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4579 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4580 [[ extern char *__progname; printf("%s", __progname); ]])], 4581 [ ac_cv_libc_defines___progname="yes" ], 4582 [ ac_cv_libc_defines___progname="no" 4583 ]) 4584]) 4585if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4586 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4587fi 4588 4589AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4590 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4591 [[ printf("%s", __FUNCTION__); ]])], 4592 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4593 [ ac_cv_cc_implements___FUNCTION__="no" 4594 ]) 4595]) 4596if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4597 AC_DEFINE([HAVE___FUNCTION__], [1], 4598 [Define if compiler implements __FUNCTION__]) 4599fi 4600 4601AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4602 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4603 [[ printf("%s", __func__); ]])], 4604 [ ac_cv_cc_implements___func__="yes" ], 4605 [ ac_cv_cc_implements___func__="no" 4606 ]) 4607]) 4608if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4609 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4610fi 4611 4612AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4613 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4614#include <stdarg.h> 4615va_list x,y; 4616 ]], [[ va_copy(x,y); ]])], 4617 [ ac_cv_have_va_copy="yes" ], 4618 [ ac_cv_have_va_copy="no" 4619 ]) 4620]) 4621if test "x$ac_cv_have_va_copy" = "xyes" ; then 4622 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4623fi 4624 4625AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4626 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4627#include <stdarg.h> 4628va_list x,y; 4629 ]], [[ __va_copy(x,y); ]])], 4630 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4631 ]) 4632]) 4633if test "x$ac_cv_have___va_copy" = "xyes" ; then 4634 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4635fi 4636 4637AC_CACHE_CHECK([whether getopt has optreset support], 4638 ac_cv_have_getopt_optreset, [ 4639 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4640 [[ extern int optreset; optreset = 0; ]])], 4641 [ ac_cv_have_getopt_optreset="yes" ], 4642 [ ac_cv_have_getopt_optreset="no" 4643 ]) 4644]) 4645if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4646 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4647 [Define if your getopt(3) defines and uses optreset]) 4648fi 4649 4650AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4651 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4652[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4653 [ ac_cv_libc_defines_sys_errlist="yes" ], 4654 [ ac_cv_libc_defines_sys_errlist="no" 4655 ]) 4656]) 4657if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4658 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4659 [Define if your system defines sys_errlist[]]) 4660fi 4661 4662 4663AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4664 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4665[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4666 [ ac_cv_libc_defines_sys_nerr="yes" ], 4667 [ ac_cv_libc_defines_sys_nerr="no" 4668 ]) 4669]) 4670if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4671 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4672fi 4673 4674# Check libraries needed by DNS fingerprint support 4675AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4676 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4677 [Define if getrrsetbyname() exists])], 4678 [ 4679 # Needed by our getrrsetbyname() 4680 AC_SEARCH_LIBS([res_query], [resolv]) 4681 AC_SEARCH_LIBS([dn_expand], [resolv]) 4682 AC_MSG_CHECKING([if res_query will link]) 4683 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4684#include <sys/types.h> 4685#include <netinet/in.h> 4686#include <arpa/nameser.h> 4687#include <netdb.h> 4688#include <resolv.h> 4689 ]], [[ 4690 res_query (0, 0, 0, 0, 0); 4691 ]])], 4692 AC_MSG_RESULT([yes]), 4693 [AC_MSG_RESULT([no]) 4694 saved_LIBS="$LIBS" 4695 LIBS="$LIBS -lresolv" 4696 AC_MSG_CHECKING([for res_query in -lresolv]) 4697 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4698#include <sys/types.h> 4699#include <netinet/in.h> 4700#include <arpa/nameser.h> 4701#include <netdb.h> 4702#include <resolv.h> 4703 ]], [[ 4704 res_query (0, 0, 0, 0, 0); 4705 ]])], 4706 [AC_MSG_RESULT([yes])], 4707 [LIBS="$saved_LIBS" 4708 AC_MSG_RESULT([no])]) 4709 ]) 4710 AC_CHECK_FUNCS([_getshort _getlong]) 4711 AC_CHECK_DECLS([_getshort, _getlong], , , 4712 [#include <sys/types.h> 4713 #include <arpa/nameser.h>]) 4714 AC_CHECK_MEMBER([HEADER.ad], 4715 [AC_DEFINE([HAVE_HEADER_AD], [1], 4716 [Define if HEADER.ad exists in arpa/nameser.h])], , 4717 [#include <arpa/nameser.h>]) 4718 ]) 4719 4720AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4721AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4722#include <stdio.h> 4723#if HAVE_SYS_TYPES_H 4724# include <sys/types.h> 4725#endif 4726#include <netinet/in.h> 4727#include <arpa/nameser.h> 4728#include <resolv.h> 4729extern struct __res_state _res; 4730 ]], [[ 4731struct __res_state *volatile p = &_res; /* force resolution of _res */ 4732return 0; 4733 ]],)], 4734 [AC_MSG_RESULT([yes]) 4735 AC_DEFINE([HAVE__RES_EXTERN], [1], 4736 [Define if you have struct __res_state _res as an extern]) 4737 ], 4738 [ AC_MSG_RESULT([no]) ] 4739) 4740 4741# Check whether user wants SELinux support 4742SELINUX_MSG="no" 4743LIBSELINUX="" 4744AC_ARG_WITH([selinux], 4745 [ --with-selinux Enable SELinux support], 4746 [ if test "x$withval" != "xno" ; then 4747 save_LIBS="$LIBS" 4748 AC_DEFINE([WITH_SELINUX], [1], 4749 [Define if you want SELinux support.]) 4750 SELINUX_MSG="yes" 4751 AC_CHECK_HEADER([selinux/selinux.h], , 4752 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4753 AC_CHECK_LIB([selinux], [setexeccon], 4754 [ LIBSELINUX="-lselinux" 4755 LIBS="$LIBS -lselinux" 4756 ], 4757 AC_MSG_ERROR([SELinux support requires libselinux library])) 4758 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4759 LIBS="$save_LIBS $LIBSELINUX" 4760 fi ] 4761) 4762AC_SUBST([SSHDLIBS]) 4763 4764# Check whether user wants Kerberos 5 support 4765KRB5_MSG="no" 4766AC_ARG_WITH([kerberos5], 4767 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4768 [ if test "x$withval" != "xno" ; then 4769 if test "x$withval" = "xyes" ; then 4770 KRB5ROOT="/usr/local" 4771 else 4772 KRB5ROOT=${withval} 4773 fi 4774 4775 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4776 KRB5_MSG="yes" 4777 4778 use_pkgconfig_for_krb5= 4779 if test "x$PKGCONFIG" != "xno"; then 4780 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4781 if "$PKGCONFIG" krb5; then 4782 AC_MSG_RESULT([yes]) 4783 use_pkgconfig_for_krb5=yes 4784 else 4785 AC_MSG_RESULT([no]) 4786 fi 4787 fi 4788 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4789 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4790 K5LIBS=`$PKGCONFIG --libs krb5` 4791 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4792 4793 AC_MSG_CHECKING([for gssapi support]) 4794 if "$PKGCONFIG" krb5-gssapi; then 4795 AC_MSG_RESULT([yes]) 4796 AC_DEFINE([GSSAPI], [1], 4797 [Define this if you want GSSAPI 4798 support in the version 2 protocol]) 4799 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4800 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4801 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4802 else 4803 AC_MSG_RESULT([no]) 4804 fi 4805 AC_MSG_CHECKING([whether we are using Heimdal]) 4806 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4807 ]], [[ char *tmp = heimdal_version; ]])], 4808 [ AC_MSG_RESULT([yes]) 4809 AC_DEFINE([HEIMDAL], [1], 4810 [Define this if you are using the Heimdal 4811 version of Kerberos V5]) ], 4812 [AC_MSG_RESULT([no]) 4813 ]) 4814 else 4815 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4816 [$KRB5ROOT/bin/krb5-config], 4817 [$KRB5ROOT/bin:$PATH]) 4818 if test -x $KRB5CONF ; then 4819 K5CFLAGS="`$KRB5CONF --cflags`" 4820 K5LIBS="`$KRB5CONF --libs`" 4821 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4822 4823 AC_MSG_CHECKING([for gssapi support]) 4824 if $KRB5CONF | grep gssapi >/dev/null ; then 4825 AC_MSG_RESULT([yes]) 4826 AC_DEFINE([GSSAPI], [1], 4827 [Define this if you want GSSAPI 4828 support in the version 2 protocol]) 4829 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4830 GSSLIBS="`$KRB5CONF --libs gssapi`" 4831 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4832 else 4833 AC_MSG_RESULT([no]) 4834 fi 4835 AC_MSG_CHECKING([whether we are using Heimdal]) 4836 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4837 ]], [[ char *tmp = heimdal_version; ]])], 4838 [ AC_MSG_RESULT([yes]) 4839 AC_DEFINE([HEIMDAL], [1], 4840 [Define this if you are using the Heimdal 4841 version of Kerberos V5]) ], 4842 [AC_MSG_RESULT([no]) 4843 ]) 4844 else 4845 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4846 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4847 AC_MSG_CHECKING([whether we are using Heimdal]) 4848 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4849 ]], [[ char *tmp = heimdal_version; ]])], 4850 [ AC_MSG_RESULT([yes]) 4851 AC_DEFINE([HEIMDAL]) 4852 K5LIBS="-lkrb5" 4853 K5LIBS="$K5LIBS -lcom_err -lasn1" 4854 AC_CHECK_LIB([roken], [net_write], 4855 [K5LIBS="$K5LIBS -lroken"]) 4856 AC_CHECK_LIB([des], [des_cbc_encrypt], 4857 [K5LIBS="$K5LIBS -ldes"]) 4858 ], [ AC_MSG_RESULT([no]) 4859 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4860 ]) 4861 AC_SEARCH_LIBS([dn_expand], [resolv]) 4862 4863 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4864 [ AC_DEFINE([GSSAPI]) 4865 GSSLIBS="-lgssapi_krb5" ], 4866 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4867 [ AC_DEFINE([GSSAPI]) 4868 GSSLIBS="-lgssapi" ], 4869 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4870 [ AC_DEFINE([GSSAPI]) 4871 GSSLIBS="-lgss" ], 4872 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4873 ]) 4874 ]) 4875 4876 AC_CHECK_HEADER([gssapi.h], , 4877 [ unset ac_cv_header_gssapi_h 4878 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4879 AC_CHECK_HEADERS([gssapi.h], , 4880 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4881 ) 4882 ] 4883 ) 4884 4885 oldCPP="$CPPFLAGS" 4886 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4887 AC_CHECK_HEADER([gssapi_krb5.h], , 4888 [ CPPFLAGS="$oldCPP" ]) 4889 4890 fi 4891 fi 4892 if test -n "${rpath_opt}" ; then 4893 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4894 fi 4895 if test ! -z "$blibpath" ; then 4896 blibpath="$blibpath:${KRB5ROOT}/lib" 4897 fi 4898 4899 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4900 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4901 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4902 4903 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4904 [Define this if you want to use libkafs' AFS support])]) 4905 4906 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4907#ifdef HAVE_GSSAPI_H 4908# include <gssapi.h> 4909#elif defined(HAVE_GSSAPI_GSSAPI_H) 4910# include <gssapi/gssapi.h> 4911#endif 4912 4913#ifdef HAVE_GSSAPI_GENERIC_H 4914# include <gssapi_generic.h> 4915#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4916# include <gssapi/gssapi_generic.h> 4917#endif 4918 ]]) 4919 saved_LIBS="$LIBS" 4920 LIBS="$LIBS $K5LIBS" 4921 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4922 LIBS="$saved_LIBS" 4923 4924 fi 4925 ] 4926) 4927AC_SUBST([GSSLIBS]) 4928AC_SUBST([K5LIBS]) 4929AC_SUBST([CHANNELLIBS]) 4930 4931# Looking for programs, paths and files 4932 4933PRIVSEP_PATH=/var/empty 4934AC_ARG_WITH([privsep-path], 4935 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4936 [ 4937 if test -n "$withval" && test "x$withval" != "xno" && \ 4938 test "x${withval}" != "xyes"; then 4939 PRIVSEP_PATH=$withval 4940 fi 4941 ] 4942) 4943AC_SUBST([PRIVSEP_PATH]) 4944 4945AC_ARG_WITH([xauth], 4946 [ --with-xauth=PATH Specify path to xauth program ], 4947 [ 4948 if test -n "$withval" && test "x$withval" != "xno" && \ 4949 test "x${withval}" != "xyes"; then 4950 xauth_path=$withval 4951 fi 4952 ], 4953 [ 4954 TestPath="$PATH" 4955 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4956 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4957 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4958 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4959 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4960 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4961 xauth_path="/usr/openwin/bin/xauth" 4962 fi 4963 ] 4964) 4965 4966STRIP_OPT=-s 4967AC_ARG_ENABLE([strip], 4968 [ --disable-strip Disable calling strip(1) on install], 4969 [ 4970 if test "x$enableval" = "xno" ; then 4971 STRIP_OPT= 4972 fi 4973 ] 4974) 4975AC_SUBST([STRIP_OPT]) 4976 4977if test -z "$xauth_path" ; then 4978 XAUTH_PATH="undefined" 4979 AC_SUBST([XAUTH_PATH]) 4980else 4981 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4982 [Define if xauth is found in your path]) 4983 XAUTH_PATH=$xauth_path 4984 AC_SUBST([XAUTH_PATH]) 4985fi 4986 4987dnl # --with-maildir=/path/to/mail gets top priority. 4988dnl # if maildir is set in the platform case statement above we use that. 4989dnl # Otherwise we run a program to get the dir from system headers. 4990dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4991dnl # If we find _PATH_MAILDIR we do nothing because that is what 4992dnl # session.c expects anyway. Otherwise we set to the value found 4993dnl # stripping any trailing slash. If for some strage reason our program 4994dnl # does not find what it needs, we default to /var/spool/mail. 4995# Check for mail directory 4996AC_ARG_WITH([maildir], 4997 [ --with-maildir=/path/to/mail Specify your system mail directory], 4998 [ 4999 if test "X$withval" != X && test "x$withval" != xno && \ 5000 test "x${withval}" != xyes; then 5001 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 5002 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 5003 fi 5004 ],[ 5005 if test "X$maildir" != "X"; then 5006 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5007 else 5008 AC_MSG_CHECKING([Discovering system mail directory]) 5009 AC_RUN_IFELSE( 5010 [AC_LANG_PROGRAM([[ 5011#include <stdio.h> 5012#include <stdlib.h> 5013#include <string.h> 5014#ifdef HAVE_PATHS_H 5015#include <paths.h> 5016#endif 5017#ifdef HAVE_MAILLOCK_H 5018#include <maillock.h> 5019#endif 5020#define DATA "conftest.maildir" 5021 ]], [[ 5022 FILE *fd; 5023 int rc; 5024 5025 fd = fopen(DATA,"w"); 5026 if(fd == NULL) 5027 exit(1); 5028 5029#if defined (_PATH_MAILDIR) 5030 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 5031 exit(1); 5032#elif defined (MAILDIR) 5033 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 5034 exit(1); 5035#elif defined (_PATH_MAIL) 5036 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 5037 exit(1); 5038#else 5039 exit (2); 5040#endif 5041 5042 exit(0); 5043 ]])], 5044 [ 5045 maildir_what=`awk -F: '{print $1}' conftest.maildir` 5046 maildir=`awk -F: '{print $2}' conftest.maildir \ 5047 | sed 's|/$||'` 5048 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 5049 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 5050 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5051 fi 5052 ], 5053 [ 5054 if test "X$ac_status" = "X2";then 5055# our test program didn't find it. Default to /var/spool/mail 5056 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5057 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5058 else 5059 AC_MSG_RESULT([*** not found ***]) 5060 fi 5061 ], 5062 [ 5063 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5064 ] 5065 ) 5066 fi 5067 ] 5068) # maildir 5069 5070if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5071 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5072 disable_ptmx_check=yes 5073fi 5074if test -z "$no_dev_ptmx" ; then 5075 if test "x$disable_ptmx_check" != "xyes" ; then 5076 AC_CHECK_FILE(["/dev/ptmx"], 5077 [ 5078 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5079 [Define if you have /dev/ptmx]) 5080 have_dev_ptmx=1 5081 ] 5082 ) 5083 fi 5084fi 5085 5086if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5087 AC_CHECK_FILE(["/dev/ptc"], 5088 [ 5089 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5090 [Define if you have /dev/ptc]) 5091 have_dev_ptc=1 5092 ] 5093 ) 5094else 5095 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5096fi 5097 5098# Options from here on. Some of these are preset by platform above 5099AC_ARG_WITH([mantype], 5100 [ --with-mantype=man|cat|doc Set man page type], 5101 [ 5102 case "$withval" in 5103 man|cat|doc) 5104 MANTYPE=$withval 5105 ;; 5106 *) 5107 AC_MSG_ERROR([invalid man type: $withval]) 5108 ;; 5109 esac 5110 ] 5111) 5112if test -z "$MANTYPE"; then 5113 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5114 MANTYPE=doc 5115 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5116 MANTYPE=doc 5117 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5118 MANTYPE=man 5119 else 5120 MANTYPE=cat 5121 fi 5122fi 5123AC_SUBST([MANTYPE]) 5124if test "$MANTYPE" = "doc"; then 5125 mansubdir=man; 5126else 5127 mansubdir=$MANTYPE; 5128fi 5129AC_SUBST([mansubdir]) 5130 5131# Whether to disable shadow password support 5132AC_ARG_WITH([shadow], 5133 [ --without-shadow Disable shadow password support], 5134 [ 5135 if test "x$withval" = "xno" ; then 5136 AC_DEFINE([DISABLE_SHADOW]) 5137 disable_shadow=yes 5138 fi 5139 ] 5140) 5141 5142if test -z "$disable_shadow" ; then 5143 AC_MSG_CHECKING([if the systems has expire shadow information]) 5144 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5145#include <sys/types.h> 5146#include <shadow.h> 5147struct spwd sp; 5148 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5149 [ sp_expire_available=yes ], [ 5150 ]) 5151 5152 if test "x$sp_expire_available" = "xyes" ; then 5153 AC_MSG_RESULT([yes]) 5154 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5155 [Define if you want to use shadow password expire field]) 5156 else 5157 AC_MSG_RESULT([no]) 5158 fi 5159fi 5160 5161# Use ip address instead of hostname in $DISPLAY 5162if test ! -z "$IPADDR_IN_DISPLAY" ; then 5163 DISPLAY_HACK_MSG="yes" 5164 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5165 [Define if you need to use IP address 5166 instead of hostname in $DISPLAY]) 5167else 5168 DISPLAY_HACK_MSG="no" 5169 AC_ARG_WITH([ipaddr-display], 5170 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5171 [ 5172 if test "x$withval" != "xno" ; then 5173 AC_DEFINE([IPADDR_IN_DISPLAY]) 5174 DISPLAY_HACK_MSG="yes" 5175 fi 5176 ] 5177 ) 5178fi 5179 5180# check for /etc/default/login and use it if present. 5181AC_ARG_ENABLE([etc-default-login], 5182 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5183 [ if test "x$enableval" = "xno"; then 5184 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5185 etc_default_login=no 5186 else 5187 etc_default_login=yes 5188 fi ], 5189 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5190 then 5191 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5192 etc_default_login=no 5193 else 5194 etc_default_login=yes 5195 fi ] 5196) 5197 5198if test "x$etc_default_login" != "xno"; then 5199 AC_CHECK_FILE(["/etc/default/login"], 5200 [ external_path_file=/etc/default/login ]) 5201 if test "x$external_path_file" = "x/etc/default/login"; then 5202 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5203 [Define if your system has /etc/default/login]) 5204 fi 5205fi 5206 5207dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5208if test $ac_cv_func_login_getcapbool = "yes" && \ 5209 test $ac_cv_header_login_cap_h = "yes" ; then 5210 external_path_file=/etc/login.conf 5211fi 5212 5213# Whether to mess with the default path 5214SERVER_PATH_MSG="(default)" 5215AC_ARG_WITH([default-path], 5216 [ --with-default-path= Specify default $PATH environment for server], 5217 [ 5218 if test "x$external_path_file" = "x/etc/login.conf" ; then 5219 AC_MSG_WARN([ 5220--with-default-path=PATH has no effect on this system. 5221Edit /etc/login.conf instead.]) 5222 elif test "x$withval" != "xno" ; then 5223 if test ! -z "$external_path_file" ; then 5224 AC_MSG_WARN([ 5225--with-default-path=PATH will only be used if PATH is not defined in 5226$external_path_file .]) 5227 fi 5228 user_path="$withval" 5229 SERVER_PATH_MSG="$withval" 5230 fi 5231 ], 5232 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5233 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5234 else 5235 if test ! -z "$external_path_file" ; then 5236 AC_MSG_WARN([ 5237If PATH is defined in $external_path_file, ensure the path to scp is included, 5238otherwise scp will not work.]) 5239 fi 5240 AC_RUN_IFELSE( 5241 [AC_LANG_PROGRAM([[ 5242/* find out what STDPATH is */ 5243#include <stdio.h> 5244#include <stdlib.h> 5245#ifdef HAVE_PATHS_H 5246# include <paths.h> 5247#endif 5248#ifndef _PATH_STDPATH 5249# ifdef _PATH_USERPATH /* Irix */ 5250# define _PATH_STDPATH _PATH_USERPATH 5251# else 5252# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5253# endif 5254#endif 5255#include <sys/types.h> 5256#include <sys/stat.h> 5257#include <fcntl.h> 5258#define DATA "conftest.stdpath" 5259 ]], [[ 5260 FILE *fd; 5261 int rc; 5262 5263 fd = fopen(DATA,"w"); 5264 if(fd == NULL) 5265 exit(1); 5266 5267 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5268 exit(1); 5269 5270 exit(0); 5271 ]])], 5272 [ user_path=`cat conftest.stdpath` ], 5273 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5274 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5275 ) 5276# make sure $bindir is in USER_PATH so scp will work 5277 t_bindir="${bindir}" 5278 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5279 t_bindir=`eval echo ${t_bindir}` 5280 case $t_bindir in 5281 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5282 esac 5283 case $t_bindir in 5284 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5285 esac 5286 done 5287 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5288 if test $? -ne 0 ; then 5289 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5290 if test $? -ne 0 ; then 5291 user_path=$user_path:$t_bindir 5292 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5293 fi 5294 fi 5295 fi ] 5296) 5297if test "x$external_path_file" != "x/etc/login.conf" ; then 5298 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5299 AC_SUBST([user_path]) 5300fi 5301 5302# Set superuser path separately to user path 5303AC_ARG_WITH([superuser-path], 5304 [ --with-superuser-path= Specify different path for super-user], 5305 [ 5306 if test -n "$withval" && test "x$withval" != "xno" && \ 5307 test "x${withval}" != "xyes"; then 5308 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5309 [Define if you want a different $PATH 5310 for the superuser]) 5311 superuser_path=$withval 5312 fi 5313 ] 5314) 5315 5316 5317AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5318IPV4_IN6_HACK_MSG="no" 5319AC_ARG_WITH(4in6, 5320 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5321 [ 5322 if test "x$withval" != "xno" ; then 5323 AC_MSG_RESULT([yes]) 5324 AC_DEFINE([IPV4_IN_IPV6], [1], 5325 [Detect IPv4 in IPv6 mapped addresses 5326 and treat as IPv4]) 5327 IPV4_IN6_HACK_MSG="yes" 5328 else 5329 AC_MSG_RESULT([no]) 5330 fi 5331 ], [ 5332 if test "x$inet6_default_4in6" = "xyes"; then 5333 AC_MSG_RESULT([yes (default)]) 5334 AC_DEFINE([IPV4_IN_IPV6]) 5335 IPV4_IN6_HACK_MSG="yes" 5336 else 5337 AC_MSG_RESULT([no (default)]) 5338 fi 5339 ] 5340) 5341 5342# Whether to enable BSD auth support 5343BSD_AUTH_MSG=no 5344AC_ARG_WITH([bsd-auth], 5345 [ --with-bsd-auth Enable BSD auth support], 5346 [ 5347 if test "x$withval" != "xno" ; then 5348 AC_DEFINE([BSD_AUTH], [1], 5349 [Define if you have BSD auth support]) 5350 BSD_AUTH_MSG=yes 5351 fi 5352 ] 5353) 5354 5355# Where to place sshd.pid 5356piddir=/var/run 5357# make sure the directory exists 5358if test ! -d $piddir ; then 5359 piddir=`eval echo ${sysconfdir}` 5360 case $piddir in 5361 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5362 esac 5363fi 5364 5365AC_ARG_WITH([pid-dir], 5366 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5367 [ 5368 if test -n "$withval" && test "x$withval" != "xno" && \ 5369 test "x${withval}" != "xyes"; then 5370 piddir=$withval 5371 if test ! -d $piddir ; then 5372 AC_MSG_WARN([** no $piddir directory on this system **]) 5373 fi 5374 fi 5375 ] 5376) 5377 5378AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5379 [Specify location of ssh.pid]) 5380AC_SUBST([piddir]) 5381 5382 5383AC_ARG_ENABLE([fd-passing], 5384 [ --disable-fd-passing disable file descriptor passsing [no]], 5385 [ 5386 if test "x$enableval" = "xno" ; then 5387 AC_DEFINE([DISABLE_FD_PASSING]) 5388 fi 5389 ] 5390) 5391 5392dnl allow user to disable some login recording features 5393AC_ARG_ENABLE([lastlog], 5394 [ --disable-lastlog disable use of lastlog even if detected [no]], 5395 [ 5396 if test "x$enableval" = "xno" ; then 5397 AC_DEFINE([DISABLE_LASTLOG]) 5398 fi 5399 ] 5400) 5401AC_ARG_ENABLE([utmp], 5402 [ --disable-utmp disable use of utmp even if detected [no]], 5403 [ 5404 if test "x$enableval" = "xno" ; then 5405 AC_DEFINE([DISABLE_UTMP]) 5406 fi 5407 ] 5408) 5409AC_ARG_ENABLE([utmpx], 5410 [ --disable-utmpx disable use of utmpx even if detected [no]], 5411 [ 5412 if test "x$enableval" = "xno" ; then 5413 AC_DEFINE([DISABLE_UTMPX], [1], 5414 [Define if you don't want to use utmpx]) 5415 fi 5416 ] 5417) 5418AC_ARG_ENABLE([wtmp], 5419 [ --disable-wtmp disable use of wtmp even if detected [no]], 5420 [ 5421 if test "x$enableval" = "xno" ; then 5422 AC_DEFINE([DISABLE_WTMP]) 5423 fi 5424 ] 5425) 5426AC_ARG_ENABLE([wtmpx], 5427 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5428 [ 5429 if test "x$enableval" = "xno" ; then 5430 AC_DEFINE([DISABLE_WTMPX], [1], 5431 [Define if you don't want to use wtmpx]) 5432 fi 5433 ] 5434) 5435AC_ARG_ENABLE([libutil], 5436 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5437 [ 5438 if test "x$enableval" = "xno" ; then 5439 AC_DEFINE([DISABLE_LOGIN]) 5440 fi 5441 ] 5442) 5443AC_ARG_ENABLE([pututline], 5444 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5445 [ 5446 if test "x$enableval" = "xno" ; then 5447 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5448 [Define if you don't want to use pututline() 5449 etc. to write [uw]tmp]) 5450 fi 5451 ] 5452) 5453AC_ARG_ENABLE([pututxline], 5454 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5455 [ 5456 if test "x$enableval" = "xno" ; then 5457 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5458 [Define if you don't want to use pututxline() 5459 etc. to write [uw]tmpx]) 5460 fi 5461 ] 5462) 5463AC_ARG_WITH([lastlog], 5464 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5465 [ 5466 if test "x$withval" = "xno" ; then 5467 AC_DEFINE([DISABLE_LASTLOG]) 5468 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5469 conf_lastlog_location=$withval 5470 fi 5471 ] 5472) 5473 5474dnl lastlog, [uw]tmpx? detection 5475dnl NOTE: set the paths in the platform section to avoid the 5476dnl need for command-line parameters 5477dnl lastlog and [uw]tmp are subject to a file search if all else fails 5478 5479dnl lastlog detection 5480dnl NOTE: the code itself will detect if lastlog is a directory 5481AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5482AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5483#include <sys/types.h> 5484#include <utmp.h> 5485#ifdef HAVE_LASTLOG_H 5486# include <lastlog.h> 5487#endif 5488#ifdef HAVE_PATHS_H 5489# include <paths.h> 5490#endif 5491#ifdef HAVE_LOGIN_H 5492# include <login.h> 5493#endif 5494 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5495 [ AC_MSG_RESULT([yes]) ], 5496 [ 5497 AC_MSG_RESULT([no]) 5498 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5499 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5500#include <sys/types.h> 5501#include <utmp.h> 5502#ifdef HAVE_LASTLOG_H 5503# include <lastlog.h> 5504#endif 5505#ifdef HAVE_PATHS_H 5506# include <paths.h> 5507#endif 5508 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5509 [ AC_MSG_RESULT([yes]) ], 5510 [ 5511 AC_MSG_RESULT([no]) 5512 system_lastlog_path=no 5513 ]) 5514]) 5515 5516if test -z "$conf_lastlog_location"; then 5517 if test x"$system_lastlog_path" = x"no" ; then 5518 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5519 if (test -d "$f" || test -f "$f") ; then 5520 conf_lastlog_location=$f 5521 fi 5522 done 5523 if test -z "$conf_lastlog_location"; then 5524 AC_MSG_WARN([** Cannot find lastlog **]) 5525 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5526 fi 5527 fi 5528fi 5529 5530if test -n "$conf_lastlog_location"; then 5531 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5532 [Define if you want to specify the path to your lastlog file]) 5533fi 5534 5535dnl utmp detection 5536AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5537AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5538#include <sys/types.h> 5539#include <utmp.h> 5540#ifdef HAVE_PATHS_H 5541# include <paths.h> 5542#endif 5543 ]], [[ char *utmp = UTMP_FILE; ]])], 5544 [ AC_MSG_RESULT([yes]) ], 5545 [ AC_MSG_RESULT([no]) 5546 system_utmp_path=no 5547]) 5548if test -z "$conf_utmp_location"; then 5549 if test x"$system_utmp_path" = x"no" ; then 5550 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5551 if test -f $f ; then 5552 conf_utmp_location=$f 5553 fi 5554 done 5555 if test -z "$conf_utmp_location"; then 5556 AC_DEFINE([DISABLE_UTMP]) 5557 fi 5558 fi 5559fi 5560if test -n "$conf_utmp_location"; then 5561 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5562 [Define if you want to specify the path to your utmp file]) 5563fi 5564 5565dnl wtmp detection 5566AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5567AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5568#include <sys/types.h> 5569#include <utmp.h> 5570#ifdef HAVE_PATHS_H 5571# include <paths.h> 5572#endif 5573 ]], [[ char *wtmp = WTMP_FILE; ]])], 5574 [ AC_MSG_RESULT([yes]) ], 5575 [ AC_MSG_RESULT([no]) 5576 system_wtmp_path=no 5577]) 5578if test -z "$conf_wtmp_location"; then 5579 if test x"$system_wtmp_path" = x"no" ; then 5580 for f in /usr/adm/wtmp /var/log/wtmp; do 5581 if test -f $f ; then 5582 conf_wtmp_location=$f 5583 fi 5584 done 5585 if test -z "$conf_wtmp_location"; then 5586 AC_DEFINE([DISABLE_WTMP]) 5587 fi 5588 fi 5589fi 5590if test -n "$conf_wtmp_location"; then 5591 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5592 [Define if you want to specify the path to your wtmp file]) 5593fi 5594 5595dnl wtmpx detection 5596AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5597AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5598#include <sys/types.h> 5599#include <utmp.h> 5600#ifdef HAVE_UTMPX_H 5601#include <utmpx.h> 5602#endif 5603#ifdef HAVE_PATHS_H 5604# include <paths.h> 5605#endif 5606 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5607 [ AC_MSG_RESULT([yes]) ], 5608 [ AC_MSG_RESULT([no]) 5609 system_wtmpx_path=no 5610]) 5611if test -z "$conf_wtmpx_location"; then 5612 if test x"$system_wtmpx_path" = x"no" ; then 5613 AC_DEFINE([DISABLE_WTMPX]) 5614 fi 5615else 5616 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5617 [Define if you want to specify the path to your wtmpx file]) 5618fi 5619 5620 5621if test ! -z "$blibpath" ; then 5622 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5623 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5624fi 5625 5626AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5627 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5628 AC_DEFINE([DISABLE_LASTLOG]) 5629 fi 5630 ], [ 5631#ifdef HAVE_SYS_TYPES_H 5632#include <sys/types.h> 5633#endif 5634#ifdef HAVE_UTMP_H 5635#include <utmp.h> 5636#endif 5637#ifdef HAVE_UTMPX_H 5638#include <utmpx.h> 5639#endif 5640#ifdef HAVE_LASTLOG_H 5641#include <lastlog.h> 5642#endif 5643 ]) 5644 5645AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5646 AC_DEFINE([DISABLE_UTMP]) 5647 AC_DEFINE([DISABLE_WTMP]) 5648 ], [ 5649#ifdef HAVE_SYS_TYPES_H 5650#include <sys/types.h> 5651#endif 5652#ifdef HAVE_UTMP_H 5653#include <utmp.h> 5654#endif 5655#ifdef HAVE_UTMPX_H 5656#include <utmpx.h> 5657#endif 5658#ifdef HAVE_LASTLOG_H 5659#include <lastlog.h> 5660#endif 5661 ]) 5662 5663dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5664dnl Add now. 5665CFLAGS="$CFLAGS $werror_flags" 5666 5667if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5668 TEST_SSH_IPV6=no 5669else 5670 TEST_SSH_IPV6=yes 5671fi 5672AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5673AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5674AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5675AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5676AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5677AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5678 5679# Binaries for interop tests. 5680AC_PATH_PROG([PLINK], [plink]) 5681AC_PATH_PROG([PUTTYGEN], [puttygen]) 5682AC_PATH_PROG([CONCH], [conch]) 5683AC_PATH_PROG([DROPBEAR], [dropbear]) 5684AC_PATH_PROG([DBCLIENT], [dbclient]) 5685AC_PATH_PROG([DROPBEARKEY], [dropbearkey]) 5686AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert]) 5687 5688CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5689LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5690 5691# Make a copy of CFLAGS/LDFLAGS without PIE options. 5692LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5693CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5694AC_SUBST([LDFLAGS_NOPIE]) 5695AC_SUBST([CFLAGS_NOPIE]) 5696 5697AC_EXEEXT 5698AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5699 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5700 survey.sh]) 5701AC_OUTPUT 5702 5703# Print summary of options 5704 5705# Someone please show me a better way :) 5706A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5707B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5708C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5709D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5710E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5711F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5712G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5713H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5714I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5715J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5716 5717echo "" 5718echo "OpenSSH has been configured with the following options:" 5719echo " User binaries: $B" 5720echo " System binaries: $C" 5721echo " Configuration files: $D" 5722echo " Askpass program: $E" 5723echo " Manual pages: $F" 5724echo " PID file: $G" 5725echo " Privilege separation chroot path: $H" 5726if test "x$external_path_file" = "x/etc/login.conf" ; then 5727echo " At runtime, sshd will use the path defined in $external_path_file" 5728echo " Make sure the path to scp is present, otherwise scp will not work" 5729else 5730echo " sshd default user PATH: $I" 5731 if test ! -z "$external_path_file"; then 5732echo " (If PATH is set in $external_path_file it will be used instead. If" 5733echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5734 fi 5735fi 5736if test ! -z "$superuser_path" ; then 5737echo " sshd superuser user PATH: $J" 5738fi 5739echo " Manpage format: $MANTYPE" 5740echo " PAM support: $PAM_MSG" 5741echo " OSF SIA support: $SIA_MSG" 5742echo " KerberosV support: $KRB5_MSG" 5743echo " SELinux support: $SELINUX_MSG" 5744echo " TCP Wrappers support: $TCPW_MSG" 5745echo " libedit support: $LIBEDIT_MSG" 5746echo " libldns support: $LDNS_MSG" 5747echo " Solaris process contract support: $SPC_MSG" 5748echo " Solaris project support: $SP_MSG" 5749echo " Solaris privilege support: $SPP_MSG" 5750echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5751echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5752echo " BSD Auth support: $BSD_AUTH_MSG" 5753echo " Random number source: $RAND_MSG" 5754echo " Privsep sandbox style: $SANDBOX_STYLE" 5755echo " PKCS#11 support: $enable_pkcs11" 5756echo " U2F/FIDO support: $enable_sk" 5757 5758echo "" 5759 5760echo " Host: ${host}" 5761echo " Compiler: ${CC}" 5762echo " Compiler flags: ${CFLAGS}" 5763echo "Preprocessor flags: ${CPPFLAGS}" 5764echo " Linker flags: ${LDFLAGS}" 5765echo " Libraries: ${LIBS}" 5766if test ! -z "${CHANNELLIBS}"; then 5767echo " +for channels: ${CHANNELLIBS}" 5768fi 5769if test ! -z "${LIBFIDO2}"; then 5770echo " +for FIDO2: ${LIBFIDO2}" 5771fi 5772if test ! -z "${SSHDLIBS}"; then 5773echo " +for sshd: ${SSHDLIBS}" 5774fi 5775 5776echo "" 5777 5778if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5779 echo "SVR4 style packages are supported with \"make package\"" 5780 echo "" 5781fi 5782 5783if test "x$PAM_MSG" = "xyes" ; then 5784 echo "PAM is enabled. You may need to install a PAM control file " 5785 echo "for sshd, otherwise password authentication may fail. " 5786 echo "Example PAM control files can be found in the contrib/ " 5787 echo "subdirectory" 5788 echo "" 5789fi 5790 5791if test ! -z "$NO_PEERCHECK" ; then 5792 echo "WARNING: the operating system that you are using does not" 5793 echo "appear to support getpeereid(), getpeerucred() or the" 5794 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5795 echo "enforce security checks to prevent unauthorised connections to" 5796 echo "ssh-agent. Their absence increases the risk that a malicious" 5797 echo "user can connect to your agent." 5798 echo "" 5799fi 5800 5801if test "$AUDIT_MODULE" = "bsm" ; then 5802 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5803 echo "See the Solaris section in README.platform for details." 5804fi 5805