1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([RLIMIT_NPROC], 118 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 119 #include <sys/types.h> 120 #include <sys/resource.h> 121]) 122AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 123 #include <sys/types.h> 124 #include <linux/prctl.h> 125]) 126 127openssl=yes 128openssl_bin=openssl 129AC_ARG_WITH([openssl], 130 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 131 [ if test "x$withval" = "xno" ; then 132 openssl=no 133 openssl_bin="" 134 fi 135 ] 136) 137AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 138if test "x$openssl" = "xyes" ; then 139 AC_MSG_RESULT([yes]) 140 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 141else 142 AC_MSG_RESULT([no]) 143fi 144 145use_stack_protector=1 146use_toolchain_hardening=1 147use_retpoline=1 148AC_ARG_WITH([stackprotect], 149 [ --without-stackprotect Don't use compiler's stack protection], [ 150 if test "x$withval" = "xno"; then 151 use_stack_protector=0 152 fi ]) 153AC_ARG_WITH([hardening], 154 [ --without-hardening Don't use toolchain hardening flags], [ 155 if test "x$withval" = "xno"; then 156 use_toolchain_hardening=0 157 fi ]) 158AC_ARG_WITH([retpoline], 159 [ --without-retpoline Enable retpoline spectre mitigation], [ 160 if test "x$withval" = "xno"; then 161 use_retpoline=0 162 fi ]) 163 164# We use -Werror for the tests only so that we catch warnings like "this is 165# on by default" for things like -fPIE. 166AC_MSG_CHECKING([if $CC supports -Werror]) 167saved_CFLAGS="$CFLAGS" 168CFLAGS="$CFLAGS -Werror" 169AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 170 [ AC_MSG_RESULT([yes]) 171 WERROR="-Werror"], 172 [ AC_MSG_RESULT([no]) 173 WERROR="" ] 174) 175CFLAGS="$saved_CFLAGS" 176 177if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 178 AC_MSG_CHECKING([gcc version]) 179 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 180 case "$GCC_VER" in 181 1.*) no_attrib_nonnull=1 ;; 182 2.8* | 2.9*) 183 no_attrib_nonnull=1 184 ;; 185 2.*) no_attrib_nonnull=1 ;; 186 *) ;; 187 esac 188 AC_MSG_RESULT([$GCC_VER]) 189 190 AC_MSG_CHECKING([clang version]) 191 ver="`$CC -v 2>&1`" 192 if echo "$ver" | grep "Apple" >/dev/null; then 193 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \ 194 $SED 's/.*clang version //g' | $AWK '{print $1}'` 195 else 196 CLANG_VER=`echo "$ver" | grep 'clang version' | \ 197 $SED 's/.*clang version //g' | $AWK '{print $1}'` 198 fi 199 AC_MSG_RESULT([$CLANG_VER]) 200 201 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 202 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 203 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 204 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 205 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 206 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 209 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 210 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 211 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 212 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 213 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 214 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 215 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 216 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 217 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 218 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 219 if test "x$use_toolchain_hardening" = "x1"; then 220 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 221 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 222 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 223 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 224 # NB. -ftrapv expects certain support functions to be present in 225 # the compiler library (libgcc or similar) to detect integer operations 226 # that can overflow. We must check that the result of enabling it 227 # actually links. The test program compiled/linked includes a number 228 # of integer operations that should exercise this. 229 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 230 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 231 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 232 # https://github.com/llvm/llvm-project/issues/59242 233 # clang 17 has a different bug that causes an ICE when using this 234 # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) 235 case "$CLANG_VER" in 236 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 237 17*) ;; 238 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 239 esac 240 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 241 fi 242 if test "x$use_retpoline" = "x1"; then 243 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 244 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 245 fi 246 247 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 248 saved_CFLAGS="$CFLAGS" 249 CFLAGS="$CFLAGS -fno-builtin-memset" 250 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 251 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 252 [ AC_MSG_RESULT([yes]) ], 253 [ AC_MSG_RESULT([no]) 254 CFLAGS="$saved_CFLAGS" ] 255 ) 256 257 # -fstack-protector-all doesn't always work for some GCC versions 258 # and/or platforms, so we test if we can. If it's not supported 259 # on a given platform gcc will emit a warning so we use -Werror. 260 if test "x$use_stack_protector" = "x1"; then 261 for t in -fstack-protector-strong -fstack-protector-all \ 262 -fstack-protector; do 263 AC_MSG_CHECKING([if $CC supports $t]) 264 saved_CFLAGS="$CFLAGS" 265 saved_LDFLAGS="$LDFLAGS" 266 CFLAGS="$CFLAGS $t -Werror" 267 LDFLAGS="$LDFLAGS $t -Werror" 268 AC_LINK_IFELSE( 269 [AC_LANG_PROGRAM([[ 270 #include <stdio.h> 271 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 272 ]], 273 [[ 274 char x[256]; 275 snprintf(x, sizeof(x), "XXX%d", func(1)); 276 ]])], 277 [ AC_MSG_RESULT([yes]) 278 CFLAGS="$saved_CFLAGS $t" 279 LDFLAGS="$saved_LDFLAGS $t" 280 AC_MSG_CHECKING([if $t works]) 281 AC_RUN_IFELSE( 282 [AC_LANG_PROGRAM([[ 283 #include <stdio.h> 284 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 285 ]], 286 [[ 287 char x[256]; 288 snprintf(x, sizeof(x), "XXX%d", func(1)); 289 ]])], 290 [ AC_MSG_RESULT([yes]) 291 break ], 292 [ AC_MSG_RESULT([no]) ], 293 [ AC_MSG_WARN([cross compiling: cannot test]) 294 break ] 295 ) 296 ], 297 [ AC_MSG_RESULT([no]) ] 298 ) 299 CFLAGS="$saved_CFLAGS" 300 LDFLAGS="$saved_LDFLAGS" 301 done 302 fi 303 304 if test -z "$have_llong_max"; then 305 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 306 unset ac_cv_have_decl_LLONG_MAX 307 saved_CFLAGS="$CFLAGS" 308 CFLAGS="$CFLAGS -std=gnu99" 309 AC_CHECK_DECL([LLONG_MAX], 310 [have_llong_max=1], 311 [CFLAGS="$saved_CFLAGS"], 312 [#include <limits.h>] 313 ) 314 fi 315fi 316 317AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 318AC_COMPILE_IFELSE( 319 [AC_LANG_PROGRAM([[ 320#include <stdlib.h> 321__attribute__((__unused__)) static void foo(void){return;}]], 322 [[ exit(0); ]])], 323 [ AC_MSG_RESULT([yes]) ], 324 [ AC_MSG_RESULT([no]) 325 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 326 [compiler does not accept __attribute__ on return types]) ] 327) 328 329AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 330AC_COMPILE_IFELSE( 331 [AC_LANG_PROGRAM([[ 332#include <stdlib.h> 333typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 334 [[ exit(0); ]])], 335 [ AC_MSG_RESULT([yes]) ], 336 [ AC_MSG_RESULT([no]) 337 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 338 [compiler does not accept __attribute__ on prototype args]) ] 339) 340 341AC_MSG_CHECKING([if compiler supports variable length arrays]) 342AC_COMPILE_IFELSE( 343 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 344 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 345 [ AC_MSG_RESULT([yes]) 346 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 347 [compiler supports variable length arrays]) ], 348 [ AC_MSG_RESULT([no]) ] 349) 350 351AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 352AC_COMPILE_IFELSE( 353 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 354 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 355 [ AC_MSG_RESULT([yes]) 356 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 357 [compiler variable declarations after code]) ], 358 [ AC_MSG_RESULT([no]) ] 359) 360 361if test "x$no_attrib_nonnull" != "x1" ; then 362 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 363fi 364 365AC_ARG_WITH([rpath], 366 [ --without-rpath Disable auto-added -R linker paths], 367 [ 368 if test "x$withval" = "xno" ; then 369 rpath_opt="" 370 elif test "x$withval" = "xyes" ; then 371 rpath_opt="-R" 372 else 373 rpath_opt="$withval" 374 fi 375 ] 376) 377 378# Allow user to specify flags 379AC_ARG_WITH([cflags], 380 [ --with-cflags Specify additional flags to pass to compiler], 381 [ 382 if test -n "$withval" && test "x$withval" != "xno" && \ 383 test "x${withval}" != "xyes"; then 384 CFLAGS="$CFLAGS $withval" 385 fi 386 ] 387) 388 389AC_ARG_WITH([cflags-after], 390 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 391 [ 392 if test -n "$withval" && test "x$withval" != "xno" && \ 393 test "x${withval}" != "xyes"; then 394 CFLAGS_AFTER="$withval" 395 fi 396 ] 397) 398AC_ARG_WITH([cppflags], 399 [ --with-cppflags Specify additional flags to pass to preprocessor] , 400 [ 401 if test -n "$withval" && test "x$withval" != "xno" && \ 402 test "x${withval}" != "xyes"; then 403 CPPFLAGS="$CPPFLAGS $withval" 404 fi 405 ] 406) 407AC_ARG_WITH([ldflags], 408 [ --with-ldflags Specify additional flags to pass to linker], 409 [ 410 if test -n "$withval" && test "x$withval" != "xno" && \ 411 test "x${withval}" != "xyes"; then 412 LDFLAGS="$LDFLAGS $withval" 413 fi 414 ] 415) 416AC_ARG_WITH([ldflags-after], 417 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 418 [ 419 if test -n "$withval" && test "x$withval" != "xno" && \ 420 test "x${withval}" != "xyes"; then 421 LDFLAGS_AFTER="$withval" 422 fi 423 ] 424) 425AC_ARG_WITH([libs], 426 [ --with-libs Specify additional libraries to link with], 427 [ 428 if test -n "$withval" && test "x$withval" != "xno" && \ 429 test "x${withval}" != "xyes"; then 430 LIBS="$LIBS $withval" 431 fi 432 ] 433) 434AC_ARG_WITH([Werror], 435 [ --with-Werror Build main code with -Werror], 436 [ 437 if test -n "$withval" && test "x$withval" != "xno"; then 438 werror_flags="-Werror" 439 if test "x${withval}" != "xyes"; then 440 werror_flags="$withval" 441 fi 442 fi 443 ] 444) 445 446dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 447dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 448dnl haven't detected it, recheck. 449if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 450 unset ac_cv_header_sys_stat_h 451 AC_CHECK_HEADERS([sys/stat.h]) 452fi 453 454AC_CHECK_HEADERS([ \ 455 blf.h \ 456 bstring.h \ 457 crypt.h \ 458 crypto/sha2.h \ 459 dirent.h \ 460 endian.h \ 461 elf.h \ 462 err.h \ 463 features.h \ 464 fcntl.h \ 465 floatingpoint.h \ 466 fnmatch.h \ 467 getopt.h \ 468 glob.h \ 469 ia.h \ 470 iaf.h \ 471 ifaddrs.h \ 472 inttypes.h \ 473 langinfo.h \ 474 limits.h \ 475 locale.h \ 476 login.h \ 477 maillock.h \ 478 ndir.h \ 479 net/if_tun.h \ 480 netdb.h \ 481 netgroup.h \ 482 pam/pam_appl.h \ 483 paths.h \ 484 poll.h \ 485 pty.h \ 486 readpassphrase.h \ 487 rpc/types.h \ 488 security/pam_appl.h \ 489 sha2.h \ 490 shadow.h \ 491 stddef.h \ 492 stdint.h \ 493 string.h \ 494 strings.h \ 495 sys/bitypes.h \ 496 sys/byteorder.h \ 497 sys/bsdtty.h \ 498 sys/cdefs.h \ 499 sys/dir.h \ 500 sys/file.h \ 501 sys/mman.h \ 502 sys/label.h \ 503 sys/ndir.h \ 504 sys/param.h \ 505 sys/poll.h \ 506 sys/prctl.h \ 507 sys/procctl.h \ 508 sys/pstat.h \ 509 sys/ptrace.h \ 510 sys/random.h \ 511 sys/select.h \ 512 sys/stream.h \ 513 sys/stropts.h \ 514 sys/strtio.h \ 515 sys/statvfs.h \ 516 sys/sysmacros.h \ 517 sys/time.h \ 518 sys/timers.h \ 519 sys/vfs.h \ 520 time.h \ 521 tmpdir.h \ 522 ttyent.h \ 523 ucred.h \ 524 unistd.h \ 525 usersec.h \ 526 util.h \ 527 utime.h \ 528 utmp.h \ 529 utmpx.h \ 530 vis.h \ 531 wchar.h \ 532]) 533 534AC_CHECK_DECLS([le32toh, le64toh, htole64], [], [], [ 535#ifdef HAVE_SYS_TYPES_H 536# include <sys/types.h> 537#endif 538#ifdef HAVE_STDINT_H 539# include <stdint.h> 540#endif 541#ifdef HAVE_ENDIAN_H 542# include <endian.h> 543#endif 544]) 545 546# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 547# to be included first. 548AC_CHECK_HEADERS([sys/audit.h], [], [], [ 549#ifdef HAVE_SYS_TIME_H 550# include <sys/time.h> 551#endif 552#ifdef HAVE_SYS_TYPES_H 553# include <sys/types.h> 554#endif 555#ifdef HAVE_SYS_LABEL_H 556# include <sys/label.h> 557#endif 558]) 559 560# sys/capsicum.h requires sys/types.h 561AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 562#ifdef HAVE_SYS_TYPES_H 563# include <sys/types.h> 564#endif 565]) 566 567AC_MSG_CHECKING([for caph_cache_tzdata]) 568AC_LINK_IFELSE( 569 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 570 [[caph_cache_tzdata();]])], 571 [ 572 AC_MSG_RESULT([yes]) 573 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 574 [Define if you have caph_cache_tzdata]) 575 ], 576 [ AC_MSG_RESULT([no]) ] 577) 578 579# net/route.h requires sys/socket.h and sys/types.h. 580# sys/sysctl.h also requires sys/param.h 581AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 582#ifdef HAVE_SYS_TYPES_H 583# include <sys/types.h> 584#endif 585#include <sys/param.h> 586#include <sys/socket.h> 587]) 588 589# lastlog.h requires sys/time.h to be included first on Solaris 590AC_CHECK_HEADERS([lastlog.h], [], [], [ 591#ifdef HAVE_SYS_TIME_H 592# include <sys/time.h> 593#endif 594]) 595 596# sys/ptms.h requires sys/stream.h to be included first on Solaris 597AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 598#ifdef HAVE_SYS_STREAM_H 599# include <sys/stream.h> 600#endif 601]) 602 603# login_cap.h requires sys/types.h on NetBSD 604AC_CHECK_HEADERS([login_cap.h], [], [], [ 605#include <sys/types.h> 606]) 607 608# older BSDs need sys/param.h before sys/mount.h 609AC_CHECK_HEADERS([sys/mount.h], [], [], [ 610#include <sys/param.h> 611]) 612 613# Android requires sys/socket.h to be included before sys/un.h 614AC_CHECK_HEADERS([sys/un.h], [], [], [ 615#include <sys/types.h> 616#include <sys/socket.h> 617]) 618 619# Messages for features tested for in target-specific section 620SIA_MSG="no" 621SPC_MSG="no" 622SP_MSG="no" 623SPP_MSG="no" 624 625# Support for Solaris/Illumos privileges (this test is used by both 626# the --with-solaris-privs option and --with-sandbox=solaris). 627SOLARIS_PRIVS="no" 628 629# Default shared library extension 630SHLIBEXT=".so" 631 632# Check for some target-specific stuff 633case "$host" in 634*-*-aix*) 635 # Some versions of VAC won't allow macro redefinitions at 636 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 637 # particularly with older versions of vac or xlc. 638 # It also throws errors about null macro arguments, but these are 639 # not fatal. 640 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 641 AC_COMPILE_IFELSE( 642 [AC_LANG_PROGRAM([[ 643#include <stdlib.h> 644#define testmacro foo 645#define testmacro bar]], 646 [[ exit(0); ]])], 647 [ AC_MSG_RESULT([yes]) ], 648 [ AC_MSG_RESULT([no]) 649 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 650 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 651 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 652 ] 653 ) 654 655 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 656 if (test -z "$blibpath"); then 657 blibpath="/usr/lib:/lib" 658 fi 659 saved_LDFLAGS="$LDFLAGS" 660 if test "$GCC" = "yes"; then 661 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 662 else 663 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 664 fi 665 for tryflags in $flags ;do 666 if (test -z "$blibflags"); then 667 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 668 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 669 [blibflags=$tryflags], []) 670 fi 671 done 672 if (test -z "$blibflags"); then 673 AC_MSG_RESULT([not found]) 674 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 675 else 676 AC_MSG_RESULT([$blibflags]) 677 fi 678 LDFLAGS="$saved_LDFLAGS" 679 dnl Check for authenticate. Might be in libs.a on older AIXes 680 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 681 [Define if you want to enable AIX4's authenticate function])], 682 [AC_CHECK_LIB([s], [authenticate], 683 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 684 LIBS="$LIBS -ls" 685 ]) 686 ]) 687 dnl Check for various auth function declarations in headers. 688 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 689 passwdexpired, setauthdb], , , [#include <usersec.h>]) 690 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 691 AC_CHECK_DECLS([loginfailed], 692 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 693 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 694 [[ (void)loginfailed("user","host","tty",0); ]])], 695 [AC_MSG_RESULT([yes]) 696 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 697 [Define if your AIX loginfailed() function 698 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 699 ])], 700 [], 701 [#include <usersec.h>] 702 ) 703 AC_CHECK_FUNCS([getgrset setauthdb]) 704 AC_CHECK_DECL([F_CLOSEM], 705 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 706 [], 707 [ #include <limits.h> 708 #include <fcntl.h> ] 709 ) 710 check_for_aix_broken_getaddrinfo=1 711 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 712 [Define if your platform breaks doing a seteuid before a setuid]) 713 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 714 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 715 dnl AIX handles lastlog as part of its login message 716 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 717 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 718 [Some systems need a utmpx entry for /bin/login to work]) 719 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 720 [Define to a Set Process Title type if your system is 721 supported by bsd-setproctitle.c]) 722 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 723 [AIX 5.2 and 5.3 (and presumably newer) require this]) 724 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 725 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 726 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 727 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 728 ;; 729*-*-android*) 730 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 731 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 732 ;; 733*-*-cygwin*) 734 LIBS="$LIBS /usr/lib/textreadmode.o" 735 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 736 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 737 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 738 [Define to disable UID restoration test]) 739 AC_DEFINE([DISABLE_SHADOW], [1], 740 [Define if you want to disable shadow passwords]) 741 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 742 [Define if X11 doesn't support AF_UNIX sockets on that system]) 743 AC_DEFINE([DISABLE_FD_PASSING], [1], 744 [Define if your platform needs to skip post auth 745 file descriptor passing]) 746 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 747 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 748 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 749 # reasons which cause compile warnings, so we disable those warnings. 750 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 751 SHLIBEXT=".dll" 752 ;; 753*-*-dgux*) 754 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 755 [Define if your system choked on IP TOS setting]) 756 AC_DEFINE([SETEUID_BREAKS_SETUID]) 757 AC_DEFINE([BROKEN_SETREUID]) 758 AC_DEFINE([BROKEN_SETREGID]) 759 ;; 760*-*-darwin*) 761 use_pie=auto 762 AC_MSG_CHECKING([if we have working getaddrinfo]) 763 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 764#include <mach-o/dyld.h> 765#include <stdlib.h> 766int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 767 exit(0); 768 else 769 exit(1); 770} 771 ]])], 772 [AC_MSG_RESULT([working])], 773 [AC_MSG_RESULT([buggy]) 774 AC_DEFINE([BROKEN_GETADDRINFO], [1], 775 [getaddrinfo is broken (if present)]) 776 ], 777 [AC_MSG_RESULT([assume it is working])]) 778 AC_DEFINE([SETEUID_BREAKS_SETUID]) 779 AC_DEFINE([BROKEN_SETREUID]) 780 AC_DEFINE([BROKEN_SETREGID]) 781 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 782 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 783 [Define if your resolver libs need this for getrrsetbyname]) 784 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 785 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 786 [Use tunnel device compatibility to OpenBSD]) 787 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 788 [Prepend the address family to IP tunnel traffic]) 789 m4_pattern_allow([AU_IPv]) 790 AC_CHECK_DECL([AU_IPv4], [], 791 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 792 [#include <bsm/audit.h>] 793 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 794 [Define if pututxline updates lastlog too]) 795 ) 796 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 797 [Define to a Set Process Title type if your system is 798 supported by bsd-setproctitle.c]) 799 AC_CHECK_FUNCS([sandbox_init]) 800 AC_CHECK_HEADERS([sandbox.h]) 801 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 802 SSHDLIBS="$SSHDLIBS -lsandbox" 803 ]) 804 # proc_pidinfo()-based closefrom() replacement. 805 AC_CHECK_HEADERS([libproc.h]) 806 AC_CHECK_FUNCS([proc_pidinfo]) 807 # poll(2) is broken for character-special devices (at least). 808 # cf. Apple bug 3710161 (not public, but searchable) 809 AC_DEFINE([BROKEN_POLL], [1], 810 [System poll(2) implementation is broken]) 811 SHLIBEXT=".dylib" 812 ;; 813*-*-dragonfly*) 814 SSHDLIBS="$SSHDLIBS" 815 TEST_MALLOC_OPTIONS="AFGJPRX" 816 ;; 817*-*-haiku*) 818 LIBS="$LIBS -lbsd " 819 CFLAGS="$CFLAGS -D_BSD_SOURCE" 820 AC_CHECK_LIB([network], [socket]) 821 AC_DEFINE([HAVE_U_INT64_T]) 822 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 823 MANTYPE=man 824 ;; 825*-*-hpux*) 826 # first we define all of the options common to all HP-UX releases 827 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 828 IPADDR_IN_DISPLAY=yes 829 AC_DEFINE([USE_PIPES]) 830 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 831 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 832 [String used in /etc/passwd to denote locked account]) 833 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 834 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 835 maildir="/var/mail" 836 LIBS="$LIBS -lsec" 837 AC_CHECK_LIB([xnet], [t_error], , 838 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 839 840 # next, we define all of the options specific to major releases 841 case "$host" in 842 *-*-hpux10*) 843 if test -z "$GCC"; then 844 CFLAGS="$CFLAGS -Ae" 845 fi 846 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 847 ;; 848 *-*-hpux11*) 849 AC_DEFINE([PAM_SUN_CODEBASE], [1], 850 [Define if you are using Solaris-derived PAM which 851 passes pam_messages to the conversation function 852 with an extra level of indirection]) 853 AC_DEFINE([DISABLE_UTMP], [1], 854 [Define if you don't want to use utmp]) 855 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 856 check_for_hpux_broken_getaddrinfo=1 857 check_for_conflicting_getspnam=1 858 ;; 859 esac 860 861 # lastly, we define options specific to minor releases 862 case "$host" in 863 *-*-hpux10.26) 864 AC_DEFINE([HAVE_SECUREWARE], [1], 865 [Define if you have SecureWare-based 866 protected password database]) 867 disable_ptmx_check=yes 868 LIBS="$LIBS -lsecpw" 869 ;; 870 esac 871 ;; 872*-*-irix5*) 873 PATH="$PATH:/usr/etc" 874 AC_DEFINE([BROKEN_INET_NTOA], [1], 875 [Define if you system's inet_ntoa is busted 876 (e.g. Irix gcc issue)]) 877 AC_DEFINE([SETEUID_BREAKS_SETUID]) 878 AC_DEFINE([BROKEN_SETREUID]) 879 AC_DEFINE([BROKEN_SETREGID]) 880 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 881 [Define if you shouldn't strip 'tty' from your 882 ttyname in [uw]tmp]) 883 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 884 ;; 885*-*-irix6*) 886 PATH="$PATH:/usr/etc" 887 AC_DEFINE([WITH_IRIX_ARRAY], [1], 888 [Define if you have/want arrays 889 (cluster-wide session management, not C arrays)]) 890 AC_DEFINE([WITH_IRIX_PROJECT], [1], 891 [Define if you want IRIX project management]) 892 AC_DEFINE([WITH_IRIX_AUDIT], [1], 893 [Define if you want IRIX audit trails]) 894 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 895 [Define if you want IRIX kernel jobs])]) 896 AC_DEFINE([BROKEN_INET_NTOA]) 897 AC_DEFINE([SETEUID_BREAKS_SETUID]) 898 AC_DEFINE([BROKEN_SETREUID]) 899 AC_DEFINE([BROKEN_SETREGID]) 900 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 901 AC_DEFINE([WITH_ABBREV_NO_TTY]) 902 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 903 ;; 904*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 905 AC_DEFINE([PAM_TTY_KLUDGE]) 906 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 907 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 908 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 909 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 910 ;; 911*-*-linux*) 912 no_dev_ptmx=1 913 use_pie=auto 914 check_for_openpty_ctty_bug=1 915 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 916 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 917 dnl _GNU_SOURCE is needed for setres*id prototypes. 918 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 919 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 920 AC_DEFINE([PAM_TTY_KLUDGE], [1], 921 [Work around problematic Linux PAM modules handling of PAM_TTY]) 922 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 923 [String used in /etc/passwd to denote locked account]) 924 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 925 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 926 [Define to whatever link() returns for "not supported" 927 if it doesn't return EOPNOTSUPP.]) 928 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 929 AC_DEFINE([USE_BTMP]) 930 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 931 AC_ARG_WITH([linux-memlock-onfault], 932 [ --with-linux-memlock-onfault Enables memory locking on Linux], 933 [ 934 if test "x$withval" != "xno" ; then 935 AC_MSG_CHECKING([for MCL_ONFAULT]) 936 AC_COMPILE_IFELSE([AC_LANG_PROGRAM( 937 [[ #include <sys/mman.h> ]], 938 [[ mlockall(MCL_FUTURE | MCL_ONFAULT); ]], 939 )], 940 [ 941 AC_MSG_RESULT([supported]) 942 AC_DEFINE([LINUX_MEMLOCK_ONFAULT], [1], 943 [Lock all memory to protect sshd against Linux kcompactd] )], 944 [ 945 AC_MSG_RESULT([not supported]) 946 AC_MSG_ERROR([MCL_ONFAULT is not available on your system]) 947 ]) 948 fi 949 ], 950 ) 951 952 AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload]) 953 inet6_default_4in6=yes 954 case `uname -r` in 955 1.*|2.0.*) 956 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 957 [Define if cmsg_type is not passed correctly]) 958 ;; 959 esac 960 # tun(4) forwarding compat code 961 AC_CHECK_HEADERS([linux/if_tun.h]) 962 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 963 AC_DEFINE([SSH_TUN_LINUX], [1], 964 [Open tunnel devices the Linux tun/tap way]) 965 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 966 [Use tunnel device compatibility to OpenBSD]) 967 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 968 [Prepend the address family to IP tunnel traffic]) 969 fi 970 AC_CHECK_HEADER([linux/if.h], 971 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 972 [Support routing domains using Linux VRF]), [], [ 973#ifdef HAVE_SYS_TYPES_H 974# include <sys/types.h> 975#endif 976 ]) 977 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 978 [], [#include <linux/types.h>]) 979 # Obtain MIPS ABI 980 case "$host" in 981 mips*) 982 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 983#if _MIPS_SIM != _ABIO32 984#error 985#endif 986 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 987#if _MIPS_SIM != _ABIN32 988#error 989#endif 990 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 991#if _MIPS_SIM != _ABI64 992#error 993#endif 994 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 995 ]) 996 ]) 997 ]) 998 ;; 999 esac 1000 AC_MSG_CHECKING([for seccomp architecture]) 1001 seccomp_audit_arch= 1002 case "$host" in 1003 x86_64-*) 1004 seccomp_audit_arch=AUDIT_ARCH_X86_64 1005 ;; 1006 i*86-*) 1007 seccomp_audit_arch=AUDIT_ARCH_I386 1008 ;; 1009 arm*-*) 1010 seccomp_audit_arch=AUDIT_ARCH_ARM 1011 ;; 1012 aarch64*-*) 1013 seccomp_audit_arch=AUDIT_ARCH_AARCH64 1014 ;; 1015 s390x-*) 1016 seccomp_audit_arch=AUDIT_ARCH_S390X 1017 ;; 1018 s390-*) 1019 seccomp_audit_arch=AUDIT_ARCH_S390 1020 ;; 1021 powerpc-*) 1022 seccomp_audit_arch=AUDIT_ARCH_PPC 1023 ;; 1024 powerpc64-*) 1025 seccomp_audit_arch=AUDIT_ARCH_PPC64 1026 ;; 1027 powerpc64le-*) 1028 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 1029 ;; 1030 mips-*) 1031 seccomp_audit_arch=AUDIT_ARCH_MIPS 1032 ;; 1033 mipsel-*) 1034 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 1035 ;; 1036 mips64-*) 1037 case "$mips_abi" in 1038 "n32") 1039 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 1040 ;; 1041 "n64") 1042 seccomp_audit_arch=AUDIT_ARCH_MIPS64 1043 ;; 1044 esac 1045 ;; 1046 mips64el-*) 1047 case "$mips_abi" in 1048 "n32") 1049 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 1050 ;; 1051 "n64") 1052 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1053 ;; 1054 esac 1055 ;; 1056 riscv64-*) 1057 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1058 ;; 1059 esac 1060 if test "x$seccomp_audit_arch" != "x" ; then 1061 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1062 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1063 [Specify the system call convention in use]) 1064 else 1065 AC_MSG_RESULT([architecture not supported]) 1066 fi 1067 ;; 1068*-*-minix) 1069 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1070 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1071 AC_DEFINE([BROKEN_POLL], [1], 1072 [System poll(2) implementation is broken]) 1073 ;; 1074mips-sony-bsd|mips-sony-newsos4) 1075 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1076 SONY=1 1077 ;; 1078*-*-netbsd*) 1079 if test "x$withval" != "xno" ; then 1080 rpath_opt="-R" 1081 fi 1082 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1083 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1084 AC_CHECK_HEADER([net/if_tap.h], , 1085 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1086 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1087 [Prepend the address family to IP tunnel traffic]) 1088 TEST_MALLOC_OPTIONS="AJRX" 1089 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1090 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1091 ;; 1092*-*-freebsd*) 1093 SKIP_DISABLE_LASTLOG_DEFINE=yes 1094 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1095 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1096 AC_CHECK_HEADER([net/if_tap.h], , 1097 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1098 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1099 TEST_MALLOC_OPTIONS="AJRX" 1100 # Preauth crypto occasionally uses file descriptors for crypto offload 1101 # and will crash if they cannot be opened. 1102 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1103 [define if setrlimit RLIMIT_NOFILE breaks things]) 1104 case "$host" in 1105 *-*-freebsd9.*|*-*-freebsd10.*) 1106 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1107 disable_capsicum=yes 1108 esac 1109 ;; 1110*-*-bsdi*) 1111 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1112 AC_DEFINE([BROKEN_SETREUID]) 1113 AC_DEFINE([BROKEN_SETREGID]) 1114 ;; 1115*-next-*) 1116 conf_lastlog_location="/usr/adm/lastlog" 1117 conf_utmp_location=/etc/utmp 1118 conf_wtmp_location=/usr/adm/wtmp 1119 maildir=/usr/spool/mail 1120 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1121 AC_DEFINE([USE_PIPES]) 1122 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1123 ;; 1124*-*-openbsd*) 1125 use_pie=auto 1126 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1127 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1128 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1129 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1130 [syslog_r function is safe to use in in a signal handler]) 1131 TEST_MALLOC_OPTIONS="SJRU" 1132 ;; 1133*-*-solaris*) 1134 if test "x$withval" != "xno" ; then 1135 rpath_opt="-R" 1136 fi 1137 AC_DEFINE([PAM_SUN_CODEBASE]) 1138 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1139 AC_DEFINE([PAM_TTY_KLUDGE]) 1140 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1141 [Define if pam_chauthtok wants real uid set 1142 to the unpriv'ed user]) 1143 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1144 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1145 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1146 [Define if sshd somehow reacquires a controlling TTY 1147 after setsid()]) 1148 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1149 in case the name is longer than 8 chars]) 1150 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1151 external_path_file=/etc/default/login 1152 # hardwire lastlog location (can't detect it on some versions) 1153 conf_lastlog_location="/var/adm/lastlog" 1154 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1155 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1156 if test "$sol2ver" -ge 8; then 1157 AC_MSG_RESULT([yes]) 1158 AC_DEFINE([DISABLE_UTMP]) 1159 AC_DEFINE([DISABLE_WTMP], [1], 1160 [Define if you don't want to use wtmp]) 1161 else 1162 AC_MSG_RESULT([no]) 1163 fi 1164 AC_CHECK_FUNCS([setpflags]) 1165 AC_CHECK_FUNCS([setppriv]) 1166 AC_CHECK_FUNCS([priv_basicset]) 1167 AC_CHECK_HEADERS([priv.h]) 1168 AC_ARG_WITH([solaris-contracts], 1169 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1170 [ 1171 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1172 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1173 [Define if you have Solaris process contracts]) 1174 LIBS="$LIBS -lcontract" 1175 SPC_MSG="yes" ], ) 1176 ], 1177 ) 1178 AC_ARG_WITH([solaris-projects], 1179 [ --with-solaris-projects Enable Solaris projects (experimental)], 1180 [ 1181 AC_CHECK_LIB([project], [setproject], 1182 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1183 [Define if you have Solaris projects]) 1184 LIBS="$LIBS -lproject" 1185 SP_MSG="yes" ], ) 1186 ], 1187 ) 1188 AC_ARG_WITH([solaris-privs], 1189 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1190 [ 1191 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1192 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1193 "x$ac_cv_header_priv_h" = "xyes" ; then 1194 SOLARIS_PRIVS=yes 1195 AC_MSG_RESULT([found]) 1196 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1197 [Define to disable UID restoration test]) 1198 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1199 [Define if you have Solaris privileges]) 1200 SPP_MSG="yes" 1201 else 1202 AC_MSG_RESULT([not found]) 1203 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1204 fi 1205 ], 1206 ) 1207 TEST_SHELL=$SHELL # let configure find us a capable shell 1208 ;; 1209*-*-sunos4*) 1210 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1211 AC_CHECK_FUNCS([getpwanam]) 1212 AC_DEFINE([PAM_SUN_CODEBASE]) 1213 conf_utmp_location=/etc/utmp 1214 conf_wtmp_location=/var/adm/wtmp 1215 conf_lastlog_location=/var/adm/lastlog 1216 AC_DEFINE([USE_PIPES]) 1217 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1218 ;; 1219*-ncr-sysv*) 1220 LIBS="$LIBS -lc89" 1221 AC_DEFINE([USE_PIPES]) 1222 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1223 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1224 AC_DEFINE([BROKEN_SETREUID]) 1225 AC_DEFINE([BROKEN_SETREGID]) 1226 ;; 1227*-sni-sysv*) 1228 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1229 AC_CHECK_LIB([dl], [dlsym], ,) 1230 # -lresolv needs to be at the end of LIBS or DNS lookups break 1231 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1232 IPADDR_IN_DISPLAY=yes 1233 AC_DEFINE([USE_PIPES]) 1234 AC_DEFINE([IP_TOS_IS_BROKEN]) 1235 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1236 AC_DEFINE([BROKEN_SETREUID]) 1237 AC_DEFINE([BROKEN_SETREGID]) 1238 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1239 external_path_file=/etc/default/login 1240 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1241 # Attention: always take care to bind libsocket and libnsl before libc, 1242 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1243 ;; 1244# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1245*-*-sysv4.2*) 1246 AC_DEFINE([USE_PIPES]) 1247 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1248 AC_DEFINE([BROKEN_SETREUID]) 1249 AC_DEFINE([BROKEN_SETREGID]) 1250 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1251 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1252 TEST_SHELL=$SHELL # let configure find us a capable shell 1253 ;; 1254# UnixWare 7.x, OpenUNIX 8 1255*-*-sysv5*) 1256 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1257 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1258 AC_DEFINE([USE_PIPES]) 1259 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1260 AC_DEFINE([BROKEN_GETADDRINFO]) 1261 AC_DEFINE([BROKEN_SETREUID]) 1262 AC_DEFINE([BROKEN_SETREGID]) 1263 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1264 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1265 TEST_SHELL=$SHELL # let configure find us a capable shell 1266 case "$host" in 1267 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1268 maildir=/var/spool/mail 1269 AC_DEFINE([BROKEN_UPDWTMPX]) 1270 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1271 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1272 ], , ) 1273 ;; 1274 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1275 ;; 1276 esac 1277 ;; 1278*-*-sysv*) 1279 ;; 1280# SCO UNIX and OEM versions of SCO UNIX 1281*-*-sco3.2v4*) 1282 AC_MSG_ERROR("This Platform is no longer supported.") 1283 ;; 1284# SCO OpenServer 5.x 1285*-*-sco3.2v5*) 1286 if test -z "$GCC"; then 1287 CFLAGS="$CFLAGS -belf" 1288 fi 1289 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1290 no_dev_ptmx=1 1291 AC_DEFINE([USE_PIPES]) 1292 AC_DEFINE([HAVE_SECUREWARE]) 1293 AC_DEFINE([DISABLE_SHADOW]) 1294 AC_DEFINE([DISABLE_FD_PASSING]) 1295 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1296 AC_DEFINE([BROKEN_GETADDRINFO]) 1297 AC_DEFINE([BROKEN_SETREUID]) 1298 AC_DEFINE([BROKEN_SETREGID]) 1299 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1300 AC_DEFINE([BROKEN_UPDWTMPX]) 1301 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1302 AC_CHECK_FUNCS([getluid setluid]) 1303 MANTYPE=man 1304 TEST_SHELL=$SHELL # let configure find us a capable shell 1305 SKIP_DISABLE_LASTLOG_DEFINE=yes 1306 ;; 1307*-dec-osf*) 1308 AC_MSG_CHECKING([for Digital Unix SIA]) 1309 no_osfsia="" 1310 AC_ARG_WITH([osfsia], 1311 [ --with-osfsia Enable Digital Unix SIA], 1312 [ 1313 if test "x$withval" = "xno" ; then 1314 AC_MSG_RESULT([disabled]) 1315 no_osfsia=1 1316 fi 1317 ], 1318 ) 1319 if test -z "$no_osfsia" ; then 1320 if test -f /etc/sia/matrix.conf; then 1321 AC_MSG_RESULT([yes]) 1322 AC_DEFINE([HAVE_OSF_SIA], [1], 1323 [Define if you have Digital Unix Security 1324 Integration Architecture]) 1325 AC_DEFINE([DISABLE_LOGIN], [1], 1326 [Define if you don't want to use your 1327 system's login() call]) 1328 AC_DEFINE([DISABLE_FD_PASSING]) 1329 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1330 SIA_MSG="yes" 1331 else 1332 AC_MSG_RESULT([no]) 1333 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1334 [String used in /etc/passwd to denote locked account]) 1335 fi 1336 fi 1337 AC_DEFINE([BROKEN_GETADDRINFO]) 1338 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1339 AC_DEFINE([BROKEN_SETREUID]) 1340 AC_DEFINE([BROKEN_SETREGID]) 1341 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1342 ;; 1343 1344*-*-nto-qnx*) 1345 AC_DEFINE([USE_PIPES]) 1346 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1347 AC_DEFINE([DISABLE_LASTLOG]) 1348 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1349 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1350 enable_etc_default_login=no # has incompatible /etc/default/login 1351 case "$host" in 1352 *-*-nto-qnx6*) 1353 AC_DEFINE([DISABLE_FD_PASSING]) 1354 ;; 1355 esac 1356 ;; 1357 1358*-*-ultrix*) 1359 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1360 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1361 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1362 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1363 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1364 # don't get a controlling tty. 1365 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1366 # On Ultrix some headers are not protected against multiple includes, 1367 # so we create wrappers and put it where the compiler will find it. 1368 AC_MSG_WARN([creating compat wrappers for headers]) 1369 mkdir -p netinet 1370 for header in netinet/ip.h netdb.h resolv.h; do 1371 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1372 cat >$header <<EOD 1373#ifndef _SSH_COMPAT_${name} 1374#define _SSH_COMPAT_${name} 1375#include "/usr/include/${header}" 1376#endif 1377EOD 1378 done 1379 ;; 1380 1381*-*-lynxos) 1382 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1383 AC_DEFINE([BROKEN_SETVBUF], [1], 1384 [LynxOS has broken setvbuf() implementation]) 1385 ;; 1386*-*-gnu*) 1387 dnl GNU Hurd. Needs to be after the linux and the other *-gnu entries. 1388 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 1389 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 1390 dnl _GNU_SOURCE is needed for setres*id prototypes. 1391 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 1392 ;; 1393esac 1394 1395AC_MSG_CHECKING([compiler and flags for sanity]) 1396AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1397 [ AC_MSG_RESULT([yes]) ], 1398 [ 1399 AC_MSG_RESULT([no]) 1400 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1401 ], 1402 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1403) 1404 1405dnl Checks for header files. 1406# Checks for libraries. 1407AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1408 1409dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1410AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1411 AC_CHECK_LIB([gen], [dirname], [ 1412 AC_CACHE_CHECK([for broken dirname], 1413 ac_cv_have_broken_dirname, [ 1414 save_LIBS="$LIBS" 1415 LIBS="$LIBS -lgen" 1416 AC_RUN_IFELSE( 1417 [AC_LANG_SOURCE([[ 1418#include <libgen.h> 1419#include <string.h> 1420#include <stdlib.h> 1421 1422int main(int argc, char **argv) { 1423 char *s, buf[32]; 1424 1425 strncpy(buf,"/etc", 32); 1426 s = dirname(buf); 1427 if (!s || strncmp(s, "/", 32) != 0) { 1428 exit(1); 1429 } else { 1430 exit(0); 1431 } 1432} 1433 ]])], 1434 [ ac_cv_have_broken_dirname="no" ], 1435 [ ac_cv_have_broken_dirname="yes" ], 1436 [ ac_cv_have_broken_dirname="no" ], 1437 ) 1438 LIBS="$save_LIBS" 1439 ]) 1440 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1441 LIBS="$LIBS -lgen" 1442 AC_DEFINE([HAVE_DIRNAME]) 1443 AC_CHECK_HEADERS([libgen.h]) 1444 fi 1445 ]) 1446]) 1447 1448AC_CHECK_FUNC([getspnam], , 1449 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1450AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1451 [Define if you have the basename function.])]) 1452 1453dnl zlib defaults to enabled 1454zlib=yes 1455AC_ARG_WITH([zlib], 1456 [ --with-zlib=PATH Use zlib in PATH], 1457 [ if test "x$withval" = "xno" ; then 1458 zlib=no 1459 elif test "x$withval" != "xyes"; then 1460 if test -d "$withval/lib"; then 1461 if test -n "${rpath_opt}"; then 1462 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1463 else 1464 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1465 fi 1466 else 1467 if test -n "${rpath_opt}"; then 1468 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1469 else 1470 LDFLAGS="-L${withval} ${LDFLAGS}" 1471 fi 1472 fi 1473 if test -d "$withval/include"; then 1474 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1475 else 1476 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1477 fi 1478 fi ] 1479) 1480 1481# These libraries are needed for anything that links in the channel code. 1482CHANNELLIBS="" 1483AC_MSG_CHECKING([for zlib]) 1484if test "x${zlib}" = "xno"; then 1485 AC_MSG_RESULT([no]) 1486else 1487 saved_LIBS="$LIBS" 1488 CHANNELLIBS="$CHANNELLIBS -lz" 1489 AC_MSG_RESULT([yes]) 1490 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1491 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1492 AC_CHECK_LIB([z], [deflate], [], 1493 [ 1494 saved_CPPFLAGS="$CPPFLAGS" 1495 saved_LDFLAGS="$LDFLAGS" 1496 dnl Check default zlib install dir 1497 if test -n "${rpath_opt}"; then 1498 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1499 else 1500 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1501 fi 1502 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1503 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1504 [ 1505 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1506 ] 1507 ) 1508 ] 1509 ) 1510 1511 AC_ARG_WITH([zlib-version-check], 1512 [ --without-zlib-version-check Disable zlib version check], 1513 [ if test "x$withval" = "xno" ; then 1514 zlib_check_nonfatal=1 1515 fi 1516 ] 1517 ) 1518 1519 AC_MSG_CHECKING([for possibly buggy zlib]) 1520 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1521#include <stdio.h> 1522#include <stdlib.h> 1523#include <zlib.h> 1524 ]], 1525 [[ 1526 int a=0, b=0, c=0, d=0, n, v; 1527 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1528 if (n < 1) 1529 exit(1); 1530 v = a*1000000 + b*10000 + c*100 + d; 1531 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1532 1533 /* 1.1.4 is OK */ 1534 if (a == 1 && b == 1 && c >= 4) 1535 exit(0); 1536 1537 /* 1.2.3 and up are OK */ 1538 if (v >= 1020300) 1539 exit(0); 1540 1541 exit(2); 1542 ]])], 1543 AC_MSG_RESULT([no]), 1544 [ AC_MSG_RESULT([yes]) 1545 if test -z "$zlib_check_nonfatal" ; then 1546 AC_MSG_ERROR([*** zlib too old - check config.log *** 1547Your reported zlib version has known security problems. It's possible your 1548vendor has fixed these problems without changing the version number. If you 1549are sure this is the case, you can disable the check by running 1550"./configure --without-zlib-version-check". 1551If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1552See http://www.gzip.org/zlib/ for details.]) 1553 else 1554 AC_MSG_WARN([zlib version may have security problems]) 1555 fi 1556 ], 1557 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1558 ) 1559 LIBS="$saved_LIBS" 1560fi 1561 1562dnl UnixWare 2.x 1563AC_CHECK_FUNC([strcasecmp], 1564 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1565) 1566AC_CHECK_FUNCS([utimes], 1567 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1568 LIBS="$LIBS -lc89"]) ] 1569) 1570 1571dnl Checks for libutil functions 1572AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1573AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1574AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1575AC_SEARCH_LIBS([login], [util bsd]) 1576AC_SEARCH_LIBS([logout], [util bsd]) 1577AC_SEARCH_LIBS([logwtmp], [util bsd]) 1578AC_SEARCH_LIBS([openpty], [util bsd]) 1579AC_SEARCH_LIBS([updwtmp], [util bsd]) 1580AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1581 1582# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1583# or libnsl. 1584AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1585AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1586 1587# Some Linux distribtions ship the BSD libc hashing functions in 1588# separate libraries. 1589AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1590 1591# "Particular Function Checks" 1592# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1593AC_FUNC_STRFTIME 1594AC_FUNC_MALLOC 1595AC_FUNC_REALLOC 1596# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1597AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1598AC_RUN_IFELSE( 1599 [AC_LANG_PROGRAM( 1600 [[ #include <stdlib.h> ]], 1601 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1602 )], 1603 [ func_calloc_0_nonnull=yes ], 1604 [ func_calloc_0_nonnull=no ], 1605 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1606 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1607) 1608AC_MSG_RESULT([$func_calloc_0_nonnull]) 1609 1610if test "x$func_calloc_0_nonnull" = "xyes"; then 1611 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1612else 1613 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1614 AC_DEFINE(calloc, rpl_calloc, 1615 [Define to rpl_calloc if the replacement function should be used.]) 1616fi 1617 1618# Check for ALTDIRFUNC glob() extension 1619AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1620AC_EGREP_CPP([FOUNDIT], 1621 [ 1622 #include <glob.h> 1623 #ifdef GLOB_ALTDIRFUNC 1624 FOUNDIT 1625 #endif 1626 ], 1627 [ 1628 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1629 [Define if your system glob() function has 1630 the GLOB_ALTDIRFUNC extension]) 1631 AC_MSG_RESULT([yes]) 1632 ], 1633 [ 1634 AC_MSG_RESULT([no]) 1635 ] 1636) 1637 1638# Check for g.gl_matchc glob() extension 1639AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1640AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1641 [[ glob_t g; g.gl_matchc = 1; ]])], 1642 [ 1643 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1644 [Define if your system glob() function has 1645 gl_matchc options in glob_t]) 1646 AC_MSG_RESULT([yes]) 1647 ], [ 1648 AC_MSG_RESULT([no]) 1649]) 1650 1651# Check for g.gl_statv glob() extension 1652AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1653AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1654#ifndef GLOB_KEEPSTAT 1655#error "glob does not support GLOB_KEEPSTAT extension" 1656#endif 1657glob_t g; 1658g.gl_statv = NULL; 1659]])], 1660 [ 1661 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1662 [Define if your system glob() function has 1663 gl_statv options in glob_t]) 1664 AC_MSG_RESULT([yes]) 1665 ], [ 1666 AC_MSG_RESULT([no]) 1667 1668]) 1669 1670AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1671 1672AC_CHECK_DECL([VIS_ALL], , 1673 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1674 1675AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1676AC_RUN_IFELSE( 1677 [AC_LANG_PROGRAM([[ 1678#include <sys/types.h> 1679#include <dirent.h> 1680#include <stdlib.h> 1681 ]], 1682 [[ 1683 struct dirent d; 1684 exit(sizeof(d.d_name)<=sizeof(char)); 1685 ]])], 1686 [AC_MSG_RESULT([yes])], 1687 [ 1688 AC_MSG_RESULT([no]) 1689 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1690 [Define if your struct dirent expects you to 1691 allocate extra space for d_name]) 1692 ], 1693 [ 1694 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1695 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1696 ] 1697) 1698 1699AC_MSG_CHECKING([for /proc/pid/fd directory]) 1700if test -d "/proc/$$/fd" ; then 1701 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1702 AC_MSG_RESULT([yes]) 1703else 1704 AC_MSG_RESULT([no]) 1705fi 1706 1707# Check whether user wants TCP wrappers support 1708TCPW_MSG="no" 1709AC_ARG_WITH([tcp-wrappers], 1710 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1711 [ 1712 if test "x$withval" != "xno" ; then 1713 saved_LIBS="$LIBS" 1714 saved_LDFLAGS="$LDFLAGS" 1715 saved_CPPFLAGS="$CPPFLAGS" 1716 if test -n "${withval}" && \ 1717 test "x${withval}" != "xyes"; then 1718 if test -d "${withval}/lib"; then 1719 if test -n "${need_dash_r}"; then 1720 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1721 else 1722 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1723 fi 1724 else 1725 if test -n "${need_dash_r}"; then 1726 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1727 else 1728 LDFLAGS="-L${withval} ${LDFLAGS}" 1729 fi 1730 fi 1731 if test -d "${withval}/include"; then 1732 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1733 else 1734 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1735 fi 1736 fi 1737 LIBS="-lwrap $LIBS" 1738 AC_MSG_CHECKING([for libwrap]) 1739 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1740#include <sys/types.h> 1741#include <sys/socket.h> 1742#include <netinet/in.h> 1743#include <tcpd.h> 1744int deny_severity = 0, allow_severity = 0; 1745 ]], [[ 1746 hosts_access(0); 1747 ]])], [ 1748 AC_MSG_RESULT([yes]) 1749 AC_DEFINE([LIBWRAP], [1], 1750 [Define if you want 1751 TCP Wrappers support]) 1752 SSHDLIBS="$SSHDLIBS -lwrap" 1753 TCPW_MSG="yes" 1754 ], [ 1755 AC_MSG_ERROR([*** libwrap missing]) 1756 ]) 1757 LIBS="$saved_LIBS" 1758 fi 1759 ] 1760) 1761 1762# Check whether user wants to use ldns 1763LDNS_MSG="no" 1764AC_ARG_WITH(ldns, 1765 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1766 [ 1767 ldns="" 1768 if test "x$withval" = "xyes" ; then 1769 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1770 if test "x$LDNSCONFIG" = "xno"; then 1771 LIBS="-lldns $LIBS" 1772 ldns=yes 1773 else 1774 LIBS="$LIBS `$LDNSCONFIG --libs`" 1775 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1776 ldns=yes 1777 fi 1778 elif test "x$withval" != "xno" ; then 1779 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1780 LDFLAGS="$LDFLAGS -L${withval}/lib" 1781 LIBS="-lldns $LIBS" 1782 ldns=yes 1783 fi 1784 1785 # Verify that it works. 1786 if test "x$ldns" = "xyes" ; then 1787 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1788 LDNS_MSG="yes" 1789 AC_MSG_CHECKING([for ldns support]) 1790 AC_LINK_IFELSE( 1791 [AC_LANG_SOURCE([[ 1792#include <stdio.h> 1793#include <stdlib.h> 1794#ifdef HAVE_STDINT_H 1795# include <stdint.h> 1796#endif 1797#include <ldns/ldns.h> 1798int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1799 ]]) 1800 ], 1801 [AC_MSG_RESULT(yes)], 1802 [ 1803 AC_MSG_RESULT(no) 1804 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1805 ]) 1806 fi 1807]) 1808 1809# Check whether user wants libedit support 1810LIBEDIT_MSG="no" 1811AC_ARG_WITH([libedit], 1812 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1813 [ if test "x$withval" != "xno" ; then 1814 if test "x$withval" = "xyes" ; then 1815 if test "x$PKGCONFIG" != "xno"; then 1816 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1817 if "$PKGCONFIG" libedit; then 1818 AC_MSG_RESULT([yes]) 1819 use_pkgconfig_for_libedit=yes 1820 else 1821 AC_MSG_RESULT([no]) 1822 fi 1823 fi 1824 else 1825 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1826 if test -n "${rpath_opt}"; then 1827 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1828 else 1829 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1830 fi 1831 fi 1832 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1833 LIBEDIT=`$PKGCONFIG --libs libedit` 1834 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1835 else 1836 LIBEDIT="-ledit -lcurses" 1837 fi 1838 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1839 AC_CHECK_LIB([edit], [el_init], 1840 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1841 LIBEDIT_MSG="yes" 1842 AC_SUBST([LIBEDIT]) 1843 ], 1844 [ AC_MSG_ERROR([libedit not found]) ], 1845 [ $OTHERLIBS ] 1846 ) 1847 AC_MSG_CHECKING([if libedit version is compatible]) 1848 AC_COMPILE_IFELSE( 1849 [AC_LANG_PROGRAM([[ 1850#include <histedit.h> 1851#include <stdlib.h> 1852 ]], 1853 [[ 1854 int i = H_SETSIZE; 1855 el_init("", NULL, NULL, NULL); 1856 exit(0); 1857 ]])], 1858 [ AC_MSG_RESULT([yes]) ], 1859 [ AC_MSG_RESULT([no]) 1860 AC_MSG_ERROR([libedit version is not compatible]) ] 1861 ) 1862 fi ] 1863) 1864 1865# Check whether user wants wtmpdb support 1866WTMPDB_MSG="no" 1867AC_ARG_WITH([wtmpdb], 1868 [ --with-wtmpdb[[=PATH]] Enable wtmpdb support for sshd], 1869 [ if test "x$withval" != "xno" ; then 1870 if test "x$withval" = "xyes" ; then 1871 if test "x$PKGCONFIG" != "xno"; then 1872 AC_MSG_CHECKING([if $PKGCONFIG knows about wtmpdb]) 1873 if "$PKGCONFIG" libwtmpdb; then 1874 AC_MSG_RESULT([yes]) 1875 use_pkgconfig_for_libwtmpdb=yes 1876 else 1877 AC_MSG_RESULT([no]) 1878 fi 1879 fi 1880 else 1881 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1882 if test -n "${rpath_opt}"; then 1883 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1884 else 1885 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1886 fi 1887 fi 1888 if test "x$use_pkgconfig_for_libwtmpdb" = "xyes"; then 1889 LIBWTMPDB=`$PKGCONFIG --libs libwtmpdb` 1890 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libwtmpdb`" 1891 else 1892 LIBWTMPDB="-lwtmpdb" 1893 fi 1894 OTHERLIBS=`echo $LIBWTMPDB | sed 's/-lwtmpdb//'` 1895 AC_CHECK_LIB([wtmpdb], [wtmpdb_login], 1896 [ AC_DEFINE([USE_WTMPDB], [1], [Use libwtmpdb for sshd]) 1897 WTMPDB_MSG="yes" 1898 AC_SUBST([LIBWTMPDB]) 1899 ], 1900 [ AC_MSG_ERROR([libwtmpdb not found]) ], 1901 [ $OTHERLIBS ] 1902 ) 1903 fi ] 1904) 1905 1906 1907AUDIT_MODULE=none 1908AC_ARG_WITH([audit], 1909 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1910 [ 1911 AC_MSG_CHECKING([for supported audit module]) 1912 case "$withval" in 1913 bsm) 1914 AC_MSG_RESULT([bsm]) 1915 AUDIT_MODULE=bsm 1916 dnl Checks for headers, libs and functions 1917 AC_CHECK_HEADERS([bsm/audit.h], [], 1918 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1919 [ 1920#ifdef HAVE_TIME_H 1921# include <time.h> 1922#endif 1923 ] 1924) 1925 AC_CHECK_LIB([bsm], [getaudit], [], 1926 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1927 AC_CHECK_FUNCS([getaudit], [], 1928 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1929 # These are optional 1930 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1931 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1932 if test "$sol2ver" -ge 11; then 1933 SSHDLIBS="$SSHDLIBS -lscf" 1934 AC_DEFINE([BROKEN_BSM_API], [1], 1935 [The system has incomplete BSM API]) 1936 fi 1937 ;; 1938 linux) 1939 AC_MSG_RESULT([linux]) 1940 AUDIT_MODULE=linux 1941 dnl Checks for headers, libs and functions 1942 AC_CHECK_HEADERS([libaudit.h]) 1943 SSHDLIBS="$SSHDLIBS -laudit" 1944 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1945 ;; 1946 debug) 1947 AUDIT_MODULE=debug 1948 AC_MSG_RESULT([debug]) 1949 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1950 ;; 1951 no) 1952 AC_MSG_RESULT([no]) 1953 ;; 1954 *) 1955 AC_MSG_ERROR([Unknown audit module $withval]) 1956 ;; 1957 esac ] 1958) 1959 1960AC_ARG_WITH([pie], 1961 [ --with-pie Build Position Independent Executables if possible], [ 1962 if test "x$withval" = "xno"; then 1963 use_pie=no 1964 fi 1965 if test "x$withval" = "xyes"; then 1966 use_pie=yes 1967 fi 1968 ] 1969) 1970if test "x$use_pie" = "x"; then 1971 use_pie=no 1972fi 1973if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1974 # Turn off automatic PIE when toolchain hardening is off. 1975 use_pie=no 1976fi 1977if test "x$use_pie" = "xauto"; then 1978 # Automatic PIE requires gcc >= 4.x 1979 AC_MSG_CHECKING([for gcc >= 4.x]) 1980 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1981#if !defined(__GNUC__) || __GNUC__ < 4 1982#error gcc is too old 1983#endif 1984]])], 1985 [ AC_MSG_RESULT([yes]) ], 1986 [ AC_MSG_RESULT([no]) 1987 use_pie=no ] 1988) 1989fi 1990if test "x$use_pie" != "xno"; then 1991 SAVED_CFLAGS="$CFLAGS" 1992 SAVED_LDFLAGS="$LDFLAGS" 1993 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1994 OSSH_CHECK_LDFLAG_LINK([-pie]) 1995 # We use both -fPIE and -pie or neither. 1996 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1997 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1998 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1999 AC_MSG_RESULT([yes]) 2000 else 2001 AC_MSG_RESULT([no]) 2002 CFLAGS="$SAVED_CFLAGS" 2003 LDFLAGS="$SAVED_LDFLAGS" 2004 fi 2005fi 2006 2007AC_MSG_CHECKING([whether -fPIC is accepted]) 2008SAVED_CFLAGS="$CFLAGS" 2009CFLAGS="$CFLAGS -fPIC" 2010AC_COMPILE_IFELSE( 2011 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 2012 [AC_MSG_RESULT([yes]) 2013 PICFLAG="-fPIC"; ], 2014 [AC_MSG_RESULT([no]) 2015 PICFLAG=""; ]) 2016CFLAGS="$SAVED_CFLAGS" 2017AC_SUBST([PICFLAG]) 2018 2019dnl Checks for library functions. Please keep in alphabetical order 2020AC_CHECK_FUNCS([ \ 2021 auth_hostok \ 2022 auth_timeok \ 2023 Blowfish_initstate \ 2024 Blowfish_expandstate \ 2025 Blowfish_expand0state \ 2026 Blowfish_stream2word \ 2027 SHA256Update \ 2028 SHA384Update \ 2029 SHA512Update \ 2030 asprintf \ 2031 b64_ntop \ 2032 __b64_ntop \ 2033 b64_pton \ 2034 __b64_pton \ 2035 bcopy \ 2036 bcrypt_pbkdf \ 2037 bindresvport_sa \ 2038 blf_enc \ 2039 bzero \ 2040 cap_rights_limit \ 2041 clock \ 2042 closefrom \ 2043 close_range \ 2044 dirfd \ 2045 endgrent \ 2046 err \ 2047 errx \ 2048 explicit_bzero \ 2049 explicit_memset \ 2050 fchmod \ 2051 fchmodat \ 2052 fchown \ 2053 fchownat \ 2054 flock \ 2055 fnmatch \ 2056 freeaddrinfo \ 2057 freezero \ 2058 fstatfs \ 2059 fstatvfs \ 2060 futimes \ 2061 getaddrinfo \ 2062 getcwd \ 2063 getentropy \ 2064 getgrouplist \ 2065 getline \ 2066 getnameinfo \ 2067 getopt \ 2068 getpagesize \ 2069 getpeereid \ 2070 getpeerucred \ 2071 getpgid \ 2072 _getpty \ 2073 getrlimit \ 2074 getrandom \ 2075 getsid \ 2076 getttyent \ 2077 glob \ 2078 group_from_gid \ 2079 inet_aton \ 2080 inet_ntoa \ 2081 inet_ntop \ 2082 innetgr \ 2083 killpg \ 2084 llabs \ 2085 localtime_r \ 2086 login_getcapbool \ 2087 login_getpwclass \ 2088 memmem \ 2089 memmove \ 2090 memset_s \ 2091 mkdtemp \ 2092 ngetaddrinfo \ 2093 nsleep \ 2094 ogetaddrinfo \ 2095 openlog_r \ 2096 pledge \ 2097 poll \ 2098 ppoll \ 2099 prctl \ 2100 procctl \ 2101 pselect \ 2102 pstat \ 2103 raise \ 2104 readpassphrase \ 2105 reallocarray \ 2106 realpath \ 2107 recvmsg \ 2108 recallocarray \ 2109 rresvport_af \ 2110 sendmsg \ 2111 setdtablesize \ 2112 setegid \ 2113 setenv \ 2114 seteuid \ 2115 setgroupent \ 2116 setgroups \ 2117 setlinebuf \ 2118 setlogin \ 2119 setpassent\ 2120 setpcred \ 2121 setproctitle \ 2122 setregid \ 2123 setreuid \ 2124 setrlimit \ 2125 setsid \ 2126 setvbuf \ 2127 sigaction \ 2128 sigvec \ 2129 snprintf \ 2130 socketpair \ 2131 statfs \ 2132 statvfs \ 2133 strcasestr \ 2134 strdup \ 2135 strerror \ 2136 strlcat \ 2137 strlcpy \ 2138 strmode \ 2139 strndup \ 2140 strnlen \ 2141 strnvis \ 2142 strptime \ 2143 strsignal \ 2144 strtonum \ 2145 strtoll \ 2146 strtoul \ 2147 strtoull \ 2148 sysconf \ 2149 tcgetpgrp \ 2150 timegm \ 2151 timingsafe_bcmp \ 2152 truncate \ 2153 unsetenv \ 2154 updwtmpx \ 2155 utimensat \ 2156 user_from_uid \ 2157 usleep \ 2158 vasprintf \ 2159 vsnprintf \ 2160 waitpid \ 2161 warn \ 2162]) 2163 2164AC_MSG_CHECKING([whether compiler supports __builtin_popcount]) 2165AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 2166 #include <stdlib.h> 2167 ]], 2168 [[ int x = 123, y; 2169 y = __builtin_popcount(123); 2170 exit(y == 6 ? 0 : -1); ]])], 2171 [ AC_MSG_RESULT([yes]) ], [ 2172 AC_MSG_RESULT([no]) 2173 AC_DEFINE([MISSING_BUILTIN_POPCOUNT], [1], [Define if your compiler lacks __builtin_popcount]) 2174 ] 2175) 2176 2177AC_CHECK_DECLS([bzero, memmem]) 2178 2179dnl Wide character support. 2180AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2181 2182TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2183AC_MSG_CHECKING([for utf8 locale support]) 2184AC_RUN_IFELSE( 2185 [AC_LANG_PROGRAM([[ 2186#include <locale.h> 2187#include <stdlib.h> 2188 ]], [[ 2189 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2190 if (loc != NULL) 2191 exit(0); 2192 exit(1); 2193 ]])], 2194 AC_MSG_RESULT(yes), 2195 [AC_MSG_RESULT(no) 2196 TEST_SSH_UTF8=no], 2197 AC_MSG_WARN([cross compiling: assuming yes]) 2198) 2199 2200AC_LINK_IFELSE( 2201 [AC_LANG_PROGRAM( 2202 [[ #include <ctype.h> ]], 2203 [[ return (isblank('a')); ]])], 2204 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2205]) 2206 2207disable_pkcs11= 2208AC_ARG_ENABLE([pkcs11], 2209 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2210 [ 2211 if test "x$enableval" = "xno" ; then 2212 disable_pkcs11=1 2213 fi 2214 ] 2215) 2216 2217disable_sk= 2218AC_ARG_ENABLE([security-key], 2219 [ --disable-security-key disable U2F/FIDO support code [no]], 2220 [ 2221 if test "x$enableval" = "xno" ; then 2222 disable_sk=1 2223 fi 2224 ] 2225) 2226enable_sk_internal= 2227AC_ARG_WITH([security-key-builtin], 2228 [ --with-security-key-builtin include builtin U2F/FIDO support], 2229 [ enable_sk_internal=$withval ] 2230) 2231 2232enable_sk_standalone= 2233AC_ARG_WITH([security-key-standalone], 2234 [ --with-security-key-standalone build standalone sk-libfido2 SecurityKeyProvider], 2235 [ enable_sk_standalone=$withval ] 2236) 2237 2238AC_SEARCH_LIBS([dlopen], [dl]) 2239AC_CHECK_FUNCS([dlopen]) 2240AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2241 2242# IRIX has a const char return value for gai_strerror() 2243AC_CHECK_FUNCS([gai_strerror], [ 2244 AC_DEFINE([HAVE_GAI_STRERROR]) 2245 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2246#include <sys/types.h> 2247#include <sys/socket.h> 2248#include <netdb.h> 2249 2250const char *gai_strerror(int); 2251 ]], [[ 2252 char *str; 2253 str = gai_strerror(0); 2254 ]])], [ 2255 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2256 [Define if gai_strerror() returns const char *])], [])]) 2257 2258AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2259 [Some systems put nanosleep outside of libc])]) 2260 2261AC_SEARCH_LIBS([clock_gettime], [rt], 2262 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2263 2264dnl check if we need -D_REENTRANT for localtime_r declaration. 2265AC_CHECK_DECL([localtime_r], [], 2266 [ saved_CPPFLAGS="$CPPFLAGS" 2267 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2268 unset ac_cv_have_decl_localtime_r 2269 AC_CHECK_DECL([localtime_r], [], 2270 [ CPPFLAGS="$saved_CPPFLAGS" ], 2271 [ #include <time.h> ] 2272 ) 2273 ], 2274 [ #include <time.h> ] 2275) 2276 2277dnl Make sure prototypes are defined for these before using them. 2278AC_CHECK_DECL([strsep], 2279 [AC_CHECK_FUNCS([strsep])], 2280 [], 2281 [ 2282#ifdef HAVE_STRING_H 2283# include <string.h> 2284#endif 2285 ]) 2286 2287dnl tcsendbreak might be a macro 2288AC_CHECK_DECL([tcsendbreak], 2289 [AC_DEFINE([HAVE_TCSENDBREAK])], 2290 [AC_CHECK_FUNCS([tcsendbreak])], 2291 [#include <termios.h>] 2292) 2293 2294AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2295 2296AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2297 [ 2298#include <sys/types.h> 2299#include <sys/socket.h> 2300#include <unistd.h> 2301 ]) 2302 2303AC_CHECK_DECLS([O_NONBLOCK], , , 2304 [ 2305#include <sys/types.h> 2306#ifdef HAVE_SYS_STAT_H 2307# include <sys/stat.h> 2308#endif 2309#ifdef HAVE_FCNTL_H 2310# include <fcntl.h> 2311#endif 2312 ]) 2313 2314AC_CHECK_DECLS([ftruncate, getentropy], , , 2315 [ 2316#include <sys/types.h> 2317#include <unistd.h> 2318 ]) 2319 2320AC_CHECK_DECLS([readv, writev], , , [ 2321#include <sys/types.h> 2322#include <sys/uio.h> 2323#include <unistd.h> 2324 ]) 2325 2326AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2327#include <sys/param.h> 2328 ]) 2329 2330AC_CHECK_DECLS([offsetof], , , [ 2331#include <stddef.h> 2332 ]) 2333 2334# extra bits for select(2) 2335AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2336#include <sys/param.h> 2337#include <sys/types.h> 2338#ifdef HAVE_SYS_SYSMACROS_H 2339#include <sys/sysmacros.h> 2340#endif 2341#ifdef HAVE_SYS_SELECT_H 2342#include <sys/select.h> 2343#endif 2344#ifdef HAVE_SYS_TIME_H 2345#include <sys/time.h> 2346#endif 2347#ifdef HAVE_UNISTD_H 2348#include <unistd.h> 2349#endif 2350 ]]) 2351AC_CHECK_TYPES([fd_mask], [], [], [[ 2352#include <sys/param.h> 2353#include <sys/types.h> 2354#ifdef HAVE_SYS_SELECT_H 2355#include <sys/select.h> 2356#endif 2357#ifdef HAVE_SYS_TIME_H 2358#include <sys/time.h> 2359#endif 2360#ifdef HAVE_UNISTD_H 2361#include <unistd.h> 2362#endif 2363 ]]) 2364 2365AC_CHECK_FUNCS([setresuid], [ 2366 dnl Some platorms have setresuid that isn't implemented, test for this 2367 AC_MSG_CHECKING([if setresuid seems to work]) 2368 AC_RUN_IFELSE( 2369 [AC_LANG_PROGRAM([[ 2370#include <errno.h> 2371#include <stdlib.h> 2372#include <unistd.h> 2373 ]], [[ 2374 errno=0; 2375 setresuid(0,0,0); 2376 if (errno==ENOSYS) 2377 exit(1); 2378 else 2379 exit(0); 2380 ]])], 2381 [AC_MSG_RESULT([yes])], 2382 [AC_DEFINE([BROKEN_SETRESUID], [1], 2383 [Define if your setresuid() is broken]) 2384 AC_MSG_RESULT([not implemented])], 2385 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2386 ) 2387]) 2388 2389AC_CHECK_FUNCS([setresgid], [ 2390 dnl Some platorms have setresgid that isn't implemented, test for this 2391 AC_MSG_CHECKING([if setresgid seems to work]) 2392 AC_RUN_IFELSE( 2393 [AC_LANG_PROGRAM([[ 2394#include <errno.h> 2395#include <stdlib.h> 2396#include <unistd.h> 2397 ]], [[ 2398 errno=0; 2399 setresgid(0,0,0); 2400 if (errno==ENOSYS) 2401 exit(1); 2402 else 2403 exit(0); 2404 ]])], 2405 [AC_MSG_RESULT([yes])], 2406 [AC_DEFINE([BROKEN_SETRESGID], [1], 2407 [Define if your setresgid() is broken]) 2408 AC_MSG_RESULT([not implemented])], 2409 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2410 ) 2411]) 2412 2413AC_MSG_CHECKING([for working fflush(NULL)]) 2414AC_RUN_IFELSE( 2415 [AC_LANG_PROGRAM([[ 2416#include <stdio.h> 2417#include <stdlib.h> 2418 ]], 2419 [[fflush(NULL); exit(0);]])], 2420 AC_MSG_RESULT([yes]), 2421 [AC_MSG_RESULT([no]) 2422 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2423 [define if fflush(NULL) does not work])], 2424 AC_MSG_WARN([cross compiling: assuming working]) 2425) 2426 2427dnl Checks for time functions 2428AC_CHECK_FUNCS([gettimeofday time]) 2429dnl Checks for utmp functions 2430AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2431AC_CHECK_FUNCS([utmpname]) 2432dnl Checks for utmpx functions 2433AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2434AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2435dnl Checks for lastlog functions 2436AC_CHECK_FUNCS([getlastlogxbyname]) 2437 2438AC_CHECK_FUNC([daemon], 2439 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2440 [AC_CHECK_LIB([bsd], [daemon], 2441 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2442) 2443 2444AC_CHECK_FUNC([getpagesize], 2445 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2446 [Define if your libraries define getpagesize()])], 2447 [AC_CHECK_LIB([ucb], [getpagesize], 2448 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2449) 2450 2451# Check for broken snprintf 2452if test "x$ac_cv_func_snprintf" = "xyes" ; then 2453 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2454 AC_RUN_IFELSE( 2455 [AC_LANG_PROGRAM([[ 2456#include <stdio.h> 2457#include <stdlib.h> 2458 ]], 2459 [[ 2460 char b[5]; 2461 snprintf(b,5,"123456789"); 2462 exit(b[4]!='\0'); 2463 ]])], 2464 [AC_MSG_RESULT([yes])], 2465 [ 2466 AC_MSG_RESULT([no]) 2467 AC_DEFINE([BROKEN_SNPRINTF], [1], 2468 [Define if your snprintf is busted]) 2469 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2470 ], 2471 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2472 ) 2473fi 2474 2475if test "x$ac_cv_func_snprintf" = "xyes" ; then 2476 AC_MSG_CHECKING([whether snprintf understands %zu]) 2477 AC_RUN_IFELSE( 2478 [AC_LANG_PROGRAM([[ 2479#include <sys/types.h> 2480#include <stdio.h> 2481#include <stdlib.h> 2482#include <string.h> 2483 ]], 2484 [[ 2485 size_t a = 1, b = 2; 2486 char z[128]; 2487 snprintf(z, sizeof z, "%zu%zu", a, b); 2488 exit(strcmp(z, "12")); 2489 ]])], 2490 [AC_MSG_RESULT([yes])], 2491 [ 2492 AC_MSG_RESULT([no]) 2493 AC_DEFINE([BROKEN_SNPRINTF], [1], 2494 [snprintf does not understand %zu]) 2495 ], 2496 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2497 ) 2498fi 2499 2500# We depend on vsnprintf returning the right thing on overflow: the 2501# number of characters it tried to create (as per SUSv3) 2502if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2503 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2504 AC_RUN_IFELSE( 2505 [AC_LANG_PROGRAM([[ 2506#include <sys/types.h> 2507#include <stdio.h> 2508#include <stdarg.h> 2509 2510int x_snprintf(char *str, size_t count, const char *fmt, ...) 2511{ 2512 size_t ret; 2513 va_list ap; 2514 2515 va_start(ap, fmt); 2516 ret = vsnprintf(str, count, fmt, ap); 2517 va_end(ap); 2518 return ret; 2519} 2520 ]], [[ 2521char x[1]; 2522if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2523 return 1; 2524if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2525 return 1; 2526return 0; 2527 ]])], 2528 [AC_MSG_RESULT([yes])], 2529 [ 2530 AC_MSG_RESULT([no]) 2531 AC_DEFINE([BROKEN_SNPRINTF], [1], 2532 [Define if your snprintf is busted]) 2533 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2534 ], 2535 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2536 ) 2537fi 2538 2539# On systems where [v]snprintf is broken, but is declared in stdio, 2540# check that the fmt argument is const char * or just char *. 2541# This is only useful for when BROKEN_SNPRINTF 2542AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2543AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2544#include <stdio.h> 2545int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2546 ]], [[ 2547 snprintf(0, 0, 0); 2548 ]])], 2549 [AC_MSG_RESULT([yes]) 2550 AC_DEFINE([SNPRINTF_CONST], [const], 2551 [Define as const if snprintf() can declare const char *fmt])], 2552 [AC_MSG_RESULT([no]) 2553 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2554 2555# Check for missing getpeereid (or equiv) support 2556NO_PEERCHECK="" 2557if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2558 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2559 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2560#include <sys/types.h> 2561#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2562 [ AC_MSG_RESULT([yes]) 2563 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2564 ], [AC_MSG_RESULT([no]) 2565 NO_PEERCHECK=1 2566 ]) 2567fi 2568 2569dnl make sure that openpty does not reacquire controlling terminal 2570if test ! -z "$check_for_openpty_ctty_bug"; then 2571 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2572 AC_RUN_IFELSE( 2573 [AC_LANG_PROGRAM([[ 2574#include <stdio.h> 2575#include <stdlib.h> 2576#include <unistd.h> 2577#ifdef HAVE_PTY_H 2578# include <pty.h> 2579#endif 2580#include <sys/fcntl.h> 2581#include <sys/types.h> 2582#include <sys/wait.h> 2583 ]], [[ 2584 pid_t pid; 2585 int fd, ptyfd, ttyfd, status; 2586 2587 pid = fork(); 2588 if (pid < 0) { /* failed */ 2589 exit(1); 2590 } else if (pid > 0) { /* parent */ 2591 waitpid(pid, &status, 0); 2592 if (WIFEXITED(status)) 2593 exit(WEXITSTATUS(status)); 2594 else 2595 exit(2); 2596 } else { /* child */ 2597 close(0); close(1); close(2); 2598 setsid(); 2599 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2600 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2601 if (fd >= 0) 2602 exit(3); /* Acquired ctty: broken */ 2603 else 2604 exit(0); /* Did not acquire ctty: OK */ 2605 } 2606 ]])], 2607 [ 2608 AC_MSG_RESULT([yes]) 2609 ], 2610 [ 2611 AC_MSG_RESULT([no]) 2612 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2613 ], 2614 [ 2615 AC_MSG_RESULT([cross-compiling, assuming yes]) 2616 ] 2617 ) 2618fi 2619 2620if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2621 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2622 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2623 AC_RUN_IFELSE( 2624 [AC_LANG_PROGRAM([[ 2625#include <stdio.h> 2626#include <stdlib.h> 2627#include <sys/socket.h> 2628#include <netdb.h> 2629#include <errno.h> 2630#include <netinet/in.h> 2631 2632#define TEST_PORT "2222" 2633 ]], [[ 2634 int err, sock; 2635 struct addrinfo *gai_ai, *ai, hints; 2636 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2637 2638 memset(&hints, 0, sizeof(hints)); 2639 hints.ai_family = PF_UNSPEC; 2640 hints.ai_socktype = SOCK_STREAM; 2641 hints.ai_flags = AI_PASSIVE; 2642 2643 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2644 if (err != 0) { 2645 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2646 exit(1); 2647 } 2648 2649 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2650 if (ai->ai_family != AF_INET6) 2651 continue; 2652 2653 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2654 sizeof(ntop), strport, sizeof(strport), 2655 NI_NUMERICHOST|NI_NUMERICSERV); 2656 2657 if (err != 0) { 2658 if (err == EAI_SYSTEM) 2659 perror("getnameinfo EAI_SYSTEM"); 2660 else 2661 fprintf(stderr, "getnameinfo failed: %s\n", 2662 gai_strerror(err)); 2663 exit(2); 2664 } 2665 2666 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2667 if (sock < 0) 2668 perror("socket"); 2669 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2670 if (errno == EBADF) 2671 exit(3); 2672 } 2673 } 2674 exit(0); 2675 ]])], 2676 [ 2677 AC_MSG_RESULT([yes]) 2678 ], 2679 [ 2680 AC_MSG_RESULT([no]) 2681 AC_DEFINE([BROKEN_GETADDRINFO]) 2682 ], 2683 [ 2684 AC_MSG_RESULT([cross-compiling, assuming yes]) 2685 ] 2686 ) 2687fi 2688 2689if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2690 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2691 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2692 AC_RUN_IFELSE( 2693 [AC_LANG_PROGRAM([[ 2694#include <stdio.h> 2695#include <stdlib.h> 2696#include <sys/socket.h> 2697#include <netdb.h> 2698#include <errno.h> 2699#include <netinet/in.h> 2700 2701#define TEST_PORT "2222" 2702 ]], [[ 2703 int err, sock; 2704 struct addrinfo *gai_ai, *ai, hints; 2705 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2706 2707 memset(&hints, 0, sizeof(hints)); 2708 hints.ai_family = PF_UNSPEC; 2709 hints.ai_socktype = SOCK_STREAM; 2710 hints.ai_flags = AI_PASSIVE; 2711 2712 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2713 if (err != 0) { 2714 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2715 exit(1); 2716 } 2717 2718 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2719 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2720 continue; 2721 2722 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2723 sizeof(ntop), strport, sizeof(strport), 2724 NI_NUMERICHOST|NI_NUMERICSERV); 2725 2726 if (ai->ai_family == AF_INET && err != 0) { 2727 perror("getnameinfo"); 2728 exit(2); 2729 } 2730 } 2731 exit(0); 2732 ]])], 2733 [ 2734 AC_MSG_RESULT([yes]) 2735 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2736 [Define if you have a getaddrinfo that fails 2737 for the all-zeros IPv6 address]) 2738 ], 2739 [ 2740 AC_MSG_RESULT([no]) 2741 AC_DEFINE([BROKEN_GETADDRINFO]) 2742 ], 2743 [ 2744 AC_MSG_RESULT([cross-compiling, assuming no]) 2745 ] 2746 ) 2747fi 2748 2749if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2750 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2751 [#include <sys/types.h> 2752 #include <sys/socket.h> 2753 #include <netdb.h>]) 2754fi 2755 2756if test "x$check_for_conflicting_getspnam" = "x1"; then 2757 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2758 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2759#include <shadow.h> 2760#include <stdlib.h> 2761 ]], 2762 [[ exit(0); ]])], 2763 [ 2764 AC_MSG_RESULT([no]) 2765 ], 2766 [ 2767 AC_MSG_RESULT([yes]) 2768 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2769 [Conflicting defs for getspnam]) 2770 ] 2771 ) 2772fi 2773 2774dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2775dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2776dnl for over ten years). Despite this incompatibility being reported during 2777dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2778dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2779dnl implementation. Try to detect this mess, and assume the only safe option 2780dnl if we're cross compiling. 2781dnl 2782dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2783dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2784if test "x$ac_cv_func_strnvis" = "xyes"; then 2785 AC_MSG_CHECKING([for working strnvis]) 2786 AC_RUN_IFELSE( 2787 [AC_LANG_PROGRAM([[ 2788#include <signal.h> 2789#include <stdlib.h> 2790#include <string.h> 2791#include <unistd.h> 2792#include <vis.h> 2793static void sighandler(int sig) { _exit(1); } 2794 ]], [[ 2795 char dst[16]; 2796 2797 signal(SIGSEGV, sighandler); 2798 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2799 exit(0); 2800 exit(1) 2801 ]])], 2802 [AC_MSG_RESULT([yes])], 2803 [AC_MSG_RESULT([no]) 2804 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2805 [AC_MSG_WARN([cross compiling: assuming broken]) 2806 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2807 ) 2808fi 2809 2810AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2811AC_RUN_IFELSE( 2812 [AC_LANG_PROGRAM([[ 2813#ifdef HAVE_SYS_SELECT 2814# include <sys/select.h> 2815#endif 2816#include <sys/types.h> 2817#include <sys/time.h> 2818#include <stdlib.h> 2819#include <signal.h> 2820#include <unistd.h> 2821static void sighandler(int sig) { } 2822 ]], [[ 2823 int r; 2824 pid_t pid; 2825 struct sigaction sa; 2826 2827 sa.sa_handler = sighandler; 2828 sa.sa_flags = SA_RESTART; 2829 (void)sigaction(SIGTERM, &sa, NULL); 2830 if ((pid = fork()) == 0) { /* child */ 2831 pid = getppid(); 2832 sleep(1); 2833 kill(pid, SIGTERM); 2834 sleep(1); 2835 if (getppid() == pid) /* if parent did not exit, shoot it */ 2836 kill(pid, SIGKILL); 2837 exit(0); 2838 } else { /* parent */ 2839 r = select(0, NULL, NULL, NULL, NULL); 2840 } 2841 exit(r == -1 ? 0 : 1); 2842 ]])], 2843 [AC_MSG_RESULT([yes])], 2844 [AC_MSG_RESULT([no]) 2845 AC_DEFINE([NO_SA_RESTART], [1], 2846 [SA_RESTARTed signals do no interrupt select])], 2847 [AC_MSG_WARN([cross compiling: assuming yes])] 2848) 2849 2850AC_CHECK_FUNCS([getpgrp],[ 2851 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2852 AC_COMPILE_IFELSE( 2853 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2854 [ AC_MSG_RESULT([yes]) 2855 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2856 [ AC_MSG_RESULT([no]) 2857 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2858 ) 2859]) 2860 2861# Search for OpenSSL 2862saved_CPPFLAGS="$CPPFLAGS" 2863saved_LDFLAGS="$LDFLAGS" 2864openssl_bin_PATH="$PATH" 2865AC_ARG_WITH([ssl-dir], 2866 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2867 [ 2868 if test "x$openssl" = "xno" ; then 2869 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2870 fi 2871 if test "x$withval" != "xno" ; then 2872 case "$withval" in 2873 # Relative paths 2874 ./*|../*) withval="`pwd`/$withval" 2875 esac 2876 if test -d "$withval/lib"; then 2877 libcrypto_path="${withval}/lib" 2878 elif test -d "$withval/lib64"; then 2879 libcrypto_path="$withval/lib64" 2880 else 2881 # Built but not installed 2882 libcrypto_path="${withval}" 2883 fi 2884 if test -n "${rpath_opt}"; then 2885 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2886 else 2887 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2888 fi 2889 if test -d "$withval/include"; then 2890 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2891 else 2892 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2893 fi 2894 dnl Ensure specified openssl binary works, eg it can 2895 dnl find its runtime libraries, before trying to use. 2896 if test -x "${withval}/bin/openssl" && \ 2897 "${withval}/bin/openssl" version >/dev/null 2>&1; then 2898 openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" 2899 elif test -x "${withval}/apps/openssl" && \ 2900 "${withval}/apps/openssl" version >/dev/null 2>&1; then 2901 openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" 2902 fi 2903 fi 2904 ] 2905) 2906AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2907AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2908 2909AC_ARG_WITH([openssl-header-check], 2910 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2911 [ 2912 if test "x$withval" = "xno" ; then 2913 openssl_check_nonfatal=1 2914 fi 2915 ] 2916) 2917 2918openssl_engine=no 2919AC_ARG_WITH([ssl-engine], 2920 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2921 [ 2922 if test "x$withval" != "xno" ; then 2923 if test "x$openssl" = "xno" ; then 2924 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2925 fi 2926 openssl_engine=yes 2927 fi 2928 ] 2929) 2930 2931nocrypto_saved_LIBS="$LIBS" 2932if test "x$openssl" = "xyes" ; then 2933 LIBS="-lcrypto $LIBS" 2934 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2935 AC_TRY_LINK_FUNC([RAND_add], , 2936 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2937 AC_CHECK_HEADER([openssl/opensslv.h], , 2938 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2939 2940 # Determine OpenSSL header version 2941 AC_MSG_CHECKING([OpenSSL header version]) 2942 AC_RUN_IFELSE( 2943 [AC_LANG_PROGRAM([[ 2944 #include <stdlib.h> 2945 #include <stdio.h> 2946 #include <string.h> 2947 #include <openssl/opensslv.h> 2948 #define DATA "conftest.sslincver" 2949 ]], [[ 2950 FILE *fd; 2951 int rc; 2952 2953 fd = fopen(DATA,"w"); 2954 if(fd == NULL) 2955 exit(1); 2956 2957 if ((rc = fprintf(fd, "%08lx (%s)\n", 2958 (unsigned long)OPENSSL_VERSION_NUMBER, 2959 OPENSSL_VERSION_TEXT)) < 0) 2960 exit(1); 2961 2962 exit(0); 2963 ]])], 2964 [ 2965 ssl_header_ver=`cat conftest.sslincver` 2966 AC_MSG_RESULT([$ssl_header_ver]) 2967 ], 2968 [ 2969 AC_MSG_RESULT([failed]) 2970 AC_MSG_ERROR([OpenSSL version test program failed.]) 2971 ], 2972 [ 2973 AC_MSG_WARN([cross compiling: not checking]) 2974 ] 2975 ) 2976 2977 # Determining OpenSSL library version is version dependent. 2978 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2979 2980 # Determine OpenSSL library version 2981 AC_MSG_CHECKING([OpenSSL library version]) 2982 AC_RUN_IFELSE( 2983 [AC_LANG_PROGRAM([[ 2984 #include <stdio.h> 2985 #include <stdlib.h> 2986 #include <string.h> 2987 #include <openssl/opensslv.h> 2988 #include <openssl/crypto.h> 2989 #define DATA "conftest.ssllibver" 2990 ]], [[ 2991 FILE *f; 2992 /* We need these legacy bits to warn for old libcrypto */ 2993 #ifndef OPENSSL_VERSION 2994 # define OPENSSL_VERSION SSLEAY_VERSION 2995 #endif 2996 #ifndef HAVE_OPENSSL_VERSION 2997 # define OpenSSL_version SSLeay_version 2998 #endif 2999 #ifndef HAVE_OPENSSL_VERSION_NUM 3000 # define OpenSSL_version_num SSLeay 3001 #endif 3002 if ((f = fopen(DATA, "w")) == NULL) 3003 exit(1); 3004 if (fprintf(f, "%08lx (%s)", 3005 (unsigned long)OpenSSL_version_num(), 3006 OpenSSL_version(OPENSSL_VERSION)) < 0) 3007 exit(1); 3008#ifdef LIBRESSL_VERSION_NUMBER 3009 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) 3010 exit(1); 3011#endif 3012 if (fputc('\n', f) == EOF || fclose(f) == EOF) 3013 exit(1); 3014 exit(0); 3015 ]])], 3016 [ 3017 sslver=`cat conftest.ssllibver` 3018 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` 3019 # Check version is supported. 3020 case "$sslver" in 3021 100*|10100*) # 1.0.x, 1.1.0x 3022 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) 3023 ;; 3024 101*) ;; # 1.1.x 3025 200*) # LibreSSL 3026 lver=`echo "$sslver" | sed 's/.*libressl-//'` 3027 case "$lver" in 3028 2*|300*) # 2.x, 3.0.0 3029 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) 3030 ;; 3031 *) ;; # Assume all other versions are good. 3032 esac 3033 ;; 3034 30*) 3035 # OpenSSL 3; we use the 1.1x API 3036 # https://openssl.org/policies/general/versioning-policy.html 3037 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 3038 ;; 3039 *) 3040 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) 3041 ;; 3042 esac 3043 AC_MSG_RESULT([$ssl_showver]) 3044 ], 3045 [ 3046 AC_MSG_RESULT([not found]) 3047 AC_MSG_ERROR([OpenSSL library not found.]) 3048 ], 3049 [ 3050 AC_MSG_WARN([cross compiling: not checking]) 3051 ] 3052 ) 3053 3054 case "$host" in 3055 x86_64-*) 3056 case "$sslver" in 3057 3000004*) 3058 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 3059 ;; 3060 esac 3061 esac 3062 3063 # Sanity check OpenSSL headers 3064 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 3065 AC_RUN_IFELSE( 3066 [AC_LANG_PROGRAM([[ 3067 #include <stdlib.h> 3068 #include <string.h> 3069 #include <openssl/opensslv.h> 3070 #include <openssl/crypto.h> 3071 ]], [[ 3072 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 3073 ]])], 3074 [ 3075 AC_MSG_RESULT([yes]) 3076 ], 3077 [ 3078 AC_MSG_RESULT([no]) 3079 if test "x$openssl_check_nonfatal" = "x"; then 3080 AC_MSG_ERROR([Your OpenSSL headers do not match your 3081 library. Check config.log for details. 3082 If you are sure your installation is consistent, you can disable the check 3083 by running "./configure --without-openssl-header-check". 3084 Also see contrib/findssl.sh for help identifying header/library mismatches. 3085 ]) 3086 else 3087 AC_MSG_WARN([Your OpenSSL headers do not match your 3088 library. Check config.log for details. 3089 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 3090 fi 3091 ], 3092 [ 3093 AC_MSG_WARN([cross compiling: not checking]) 3094 ] 3095 ) 3096 3097 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 3098 AC_LINK_IFELSE( 3099 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3100 [[ ERR_load_crypto_strings(); ]])], 3101 [ 3102 AC_MSG_RESULT([yes]) 3103 ], 3104 [ 3105 AC_MSG_RESULT([no]) 3106 LIBS="$LIBS -ldl" 3107 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 3108 AC_LINK_IFELSE( 3109 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3110 [[ ERR_load_crypto_strings(); ]])], 3111 [ 3112 AC_MSG_RESULT([yes]) 3113 CHANNELLIBS="$CHANNELLIBS -ldl" 3114 ], 3115 [ 3116 AC_MSG_RESULT([no]) 3117 ] 3118 ) 3119 ] 3120 ) 3121 3122 AC_CHECK_FUNCS([ \ 3123 BN_is_prime_ex \ 3124 DES_crypt \ 3125 DSA_generate_parameters_ex \ 3126 EVP_DigestSign \ 3127 EVP_DigestVerify \ 3128 EVP_DigestFinal_ex \ 3129 EVP_DigestInit_ex \ 3130 EVP_MD_CTX_cleanup \ 3131 EVP_MD_CTX_copy_ex \ 3132 EVP_MD_CTX_init \ 3133 HMAC_CTX_init \ 3134 RSA_generate_key_ex \ 3135 RSA_get_default_method \ 3136 ]) 3137 3138 # OpenSSL_add_all_algorithms may be a macro. 3139 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 3140 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 3141 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 3142 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 3143 [[#include <openssl/evp.h>]] 3144 ) 3145 ) 3146 3147 # LibreSSL/OpenSSL API differences 3148 AC_CHECK_FUNCS([ \ 3149 EVP_CIPHER_CTX_iv \ 3150 EVP_CIPHER_CTX_iv_noconst \ 3151 EVP_CIPHER_CTX_get_iv \ 3152 EVP_CIPHER_CTX_get_updated_iv \ 3153 EVP_CIPHER_CTX_set_iv \ 3154 ]) 3155 3156 if test "x$openssl_engine" = "xyes" ; then 3157 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3158 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3159 #include <openssl/engine.h> 3160 ]], [[ 3161 ENGINE_load_builtin_engines(); 3162 ENGINE_register_all_complete(); 3163 ]])], 3164 [ AC_MSG_RESULT([yes]) 3165 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3166 [Enable OpenSSL engine support]) 3167 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3168 ]) 3169 fi 3170 3171 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3172 AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256]) 3173 AC_LINK_IFELSE( 3174 [AC_LANG_PROGRAM([[ 3175 #include <stdlib.h> 3176 #include <string.h> 3177 #include <openssl/evp.h> 3178 ]], [[ 3179 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3180 ]])], 3181 [ 3182 AC_MSG_RESULT([no]) 3183 ], 3184 [ 3185 AC_MSG_RESULT([yes]) 3186 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3187 [libcrypto is missing AES 192 and 256 bit functions]) 3188 ] 3189 ) 3190 3191 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3192 AC_LINK_IFELSE( 3193 [AC_LANG_PROGRAM([[ 3194 #include <stdlib.h> 3195 #include <string.h> 3196 #include <openssl/evp.h> 3197 ]], [[ 3198 if(EVP_DigestUpdate(NULL, NULL,0)) 3199 exit(0); 3200 ]])], 3201 [ 3202 AC_MSG_RESULT([yes]) 3203 ], 3204 [ 3205 AC_MSG_RESULT([no]) 3206 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3207 [Define if EVP_DigestUpdate returns void]) 3208 ] 3209 ) 3210 3211 # Check for various EVP support in OpenSSL 3212 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) 3213 3214 # Check complete ECC support in OpenSSL 3215 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3216 AC_LINK_IFELSE( 3217 [AC_LANG_PROGRAM([[ 3218 #include <openssl/ec.h> 3219 #include <openssl/ecdh.h> 3220 #include <openssl/ecdsa.h> 3221 #include <openssl/evp.h> 3222 #include <openssl/objects.h> 3223 #include <openssl/opensslv.h> 3224 ]], [[ 3225 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3226 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3227 ]])], 3228 [ AC_MSG_RESULT([yes]) 3229 enable_nistp256=1 ], 3230 [ AC_MSG_RESULT([no]) ] 3231 ) 3232 3233 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3234 AC_LINK_IFELSE( 3235 [AC_LANG_PROGRAM([[ 3236 #include <openssl/ec.h> 3237 #include <openssl/ecdh.h> 3238 #include <openssl/ecdsa.h> 3239 #include <openssl/evp.h> 3240 #include <openssl/objects.h> 3241 #include <openssl/opensslv.h> 3242 ]], [[ 3243 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3244 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3245 ]])], 3246 [ AC_MSG_RESULT([yes]) 3247 enable_nistp384=1 ], 3248 [ AC_MSG_RESULT([no]) ] 3249 ) 3250 3251 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3252 AC_LINK_IFELSE( 3253 [AC_LANG_PROGRAM([[ 3254 #include <openssl/ec.h> 3255 #include <openssl/ecdh.h> 3256 #include <openssl/ecdsa.h> 3257 #include <openssl/evp.h> 3258 #include <openssl/objects.h> 3259 #include <openssl/opensslv.h> 3260 ]], [[ 3261 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3262 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3263 ]])], 3264 [ AC_MSG_RESULT([yes]) 3265 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3266 AC_RUN_IFELSE( 3267 [AC_LANG_PROGRAM([[ 3268 #include <stdlib.h> 3269 #include <openssl/ec.h> 3270 #include <openssl/ecdh.h> 3271 #include <openssl/ecdsa.h> 3272 #include <openssl/evp.h> 3273 #include <openssl/objects.h> 3274 #include <openssl/opensslv.h> 3275 ]],[[ 3276 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3277 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3278 exit(e == NULL || m == NULL); 3279 ]])], 3280 [ AC_MSG_RESULT([yes]) 3281 enable_nistp521=1 ], 3282 [ AC_MSG_RESULT([no]) ], 3283 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3284 enable_nistp521=1 ] 3285 )], 3286 AC_MSG_RESULT([no]) 3287 ) 3288 3289 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3290 test x$enable_nistp521 = x1; then 3291 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3292 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3293 openssl_ecc=yes 3294 else 3295 openssl_ecc=no 3296 fi 3297 if test x$enable_nistp256 = x1; then 3298 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3299 [libcrypto has NID_X9_62_prime256v1]) 3300 else 3301 unsupported_algorithms="$unsupported_algorithms \ 3302 ecdsa-sha2-nistp256 \ 3303 ecdh-sha2-nistp256 \ 3304 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3305 fi 3306 if test x$enable_nistp384 = x1; then 3307 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3308 else 3309 unsupported_algorithms="$unsupported_algorithms \ 3310 ecdsa-sha2-nistp384 \ 3311 ecdh-sha2-nistp384 \ 3312 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3313 fi 3314 if test x$enable_nistp521 = x1; then 3315 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3316 else 3317 unsupported_algorithms="$unsupported_algorithms \ 3318 ecdh-sha2-nistp521 \ 3319 ecdsa-sha2-nistp521 \ 3320 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3321 fi 3322 3323 # Check libcrypto ED25519 support 3324 AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key]) 3325 AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key]) 3326 AC_MSG_CHECKING([whether OpenSSL has ED25519 support]) 3327 AC_LINK_IFELSE( 3328 [AC_LANG_PROGRAM([[ 3329 #include <string.h> 3330 #include <openssl/evp.h> 3331 ]], [[ 3332 unsigned char buf[64]; 3333 memset(buf, 0, sizeof(buf)); 3334 exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL, 3335 buf, sizeof(buf)) == NULL); 3336 ]])], 3337 [ 3338 AC_MSG_RESULT([yes]) 3339 AC_DEFINE([OPENSSL_HAS_ED25519], [1], 3340 [libcrypto has ed25519 support]) 3341 ], 3342 [ 3343 AC_MSG_RESULT([no]) 3344 ] 3345 ) 3346fi 3347 3348# PKCS11/U2F depend on OpenSSL and dlopen(). 3349enable_pkcs11=yes 3350enable_sk=yes 3351 3352AC_CHECK_DECL([OPENSSL_IS_AWSLC], 3353 [enable_pkcs11="disabled; PKCS#11 not supported with AWS-LC"], 3354 [], 3355 [#include <openssl/base.h>] 3356) 3357if test "x$openssl" != "xyes" ; then 3358 enable_pkcs11="disabled; missing libcrypto" 3359fi 3360if test "x$ac_cv_func_dlopen" != "xyes" ; then 3361 enable_pkcs11="disabled; missing dlopen(3)" 3362 enable_sk="disabled; missing dlopen(3)" 3363fi 3364if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3365 enable_pkcs11="disabled; missing RTLD_NOW" 3366 enable_sk="disabled; missing RTLD_NOW" 3367fi 3368if test ! -z "$disable_pkcs11" ; then 3369 enable_pkcs11="disabled by user" 3370fi 3371if test ! -z "$disable_sk" ; then 3372 enable_sk="disabled by user" 3373fi 3374 3375AC_MSG_CHECKING([whether to enable PKCS11]) 3376if test "x$enable_pkcs11" = "xyes" ; then 3377 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3378fi 3379AC_MSG_RESULT([$enable_pkcs11]) 3380 3381AC_MSG_CHECKING([whether to enable U2F]) 3382if test "x$enable_sk" = "xyes" ; then 3383 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3384 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3385else 3386 # Do not try to build sk-dummy library. 3387 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3388fi 3389AC_MSG_RESULT([$enable_sk]) 3390 3391# Now check for built-in security key support. 3392if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3393 use_pkgconfig_for_libfido2= 3394 if test "x$PKGCONFIG" != "xno"; then 3395 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3396 if "$PKGCONFIG" libfido2; then 3397 AC_MSG_RESULT([yes]) 3398 use_pkgconfig_for_libfido2=yes 3399 else 3400 AC_MSG_RESULT([no]) 3401 fi 3402 fi 3403 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3404 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3405 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3406 else 3407 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3408 fi 3409 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3410 fido2_error= 3411 AC_CHECK_LIB([privatefido2], [fido_init], 3412 [ ], 3413 [ fido2_error="missing/unusable libfido2" ], 3414 [ $OTHERLIBS ] 3415 ) 3416 AC_CHECK_HEADER([fido.h], [], 3417 [ fido2_error="missing fido.h from libfido2" ]) 3418 AC_CHECK_HEADER([fido/credman.h], [], 3419 [ fido2_error="missing fido/credman.h from libfido2" ], 3420 [ #include <fido.h> ] 3421 ) 3422 AC_MSG_CHECKING([for usable libfido2 installation]) 3423 if test ! -z "$fido2_error" ; then 3424 AC_MSG_RESULT([$fido2_error]) 3425 if test "x$enable_sk_internal" = "xyes" ; then 3426 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3427 fi 3428 LIBFIDO2="" 3429 else 3430 AC_MSG_RESULT([yes]) 3431 AC_SUBST([LIBFIDO2]) 3432 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3433 [Enable for built-in U2F/FIDO support]) 3434 enable_sk="built-in" 3435 saved_LIBS="$LIBS" 3436 LIBS="$LIBFIDO2 $LIBS" 3437 AC_CHECK_FUNCS([ \ 3438 fido_assert_set_clientdata \ 3439 fido_cred_prot \ 3440 fido_cred_set_prot \ 3441 fido_cred_set_clientdata \ 3442 fido_dev_get_touch_begin \ 3443 fido_dev_get_touch_status \ 3444 fido_dev_supports_cred_prot \ 3445 fido_dev_is_winhello \ 3446 ]) 3447 LIBS="$saved_LIBS" 3448 fi 3449fi 3450 3451# Check for standalone SecurityKeyProvider 3452AC_MSG_CHECKING([whether to build standalone sk-libfido2]) 3453if test "x$enable_sk_standalone" = "xyes" ; then 3454 AC_MSG_RESULT([yes]) 3455 AC_SUBST([SK_STANDALONE], [sk-libfido2$SHLIBEXT]) 3456else 3457 AC_MSG_RESULT([no]) 3458 AC_SUBST([SK_STANDALONE], [""]) 3459fi 3460 3461AC_CHECK_FUNCS([ \ 3462 arc4random \ 3463 arc4random_buf \ 3464 arc4random_stir \ 3465 arc4random_uniform \ 3466]) 3467### Configure cryptographic random number support 3468 3469# Check whether OpenSSL seeds itself 3470if test "x$openssl" = "xyes" ; then 3471 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3472 AC_RUN_IFELSE( 3473 [AC_LANG_PROGRAM([[ 3474 #include <stdlib.h> 3475 #include <string.h> 3476 #include <openssl/rand.h> 3477 ]], [[ 3478 exit(RAND_status() == 1 ? 0 : 1); 3479 ]])], 3480 [ 3481 OPENSSL_SEEDS_ITSELF=yes 3482 AC_MSG_RESULT([yes]) 3483 ], 3484 [ 3485 AC_MSG_RESULT([no]) 3486 ], 3487 [ 3488 AC_MSG_WARN([cross compiling: assuming yes]) 3489 # This is safe, since we will fatal() at runtime if 3490 # OpenSSL is not seeded correctly. 3491 OPENSSL_SEEDS_ITSELF=yes 3492 ] 3493 ) 3494fi 3495 3496# PRNGD TCP socket 3497AC_ARG_WITH([prngd-port], 3498 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3499 [ 3500 case "$withval" in 3501 no) 3502 withval="" 3503 ;; 3504 [[0-9]]*) 3505 ;; 3506 *) 3507 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3508 ;; 3509 esac 3510 if test ! -z "$withval" ; then 3511 PRNGD_PORT="$withval" 3512 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3513 [Port number of PRNGD/EGD random number socket]) 3514 fi 3515 ] 3516) 3517 3518# PRNGD Unix domain socket 3519AC_ARG_WITH([prngd-socket], 3520 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3521 [ 3522 case "$withval" in 3523 yes) 3524 withval="/var/run/egd-pool" 3525 ;; 3526 no) 3527 withval="" 3528 ;; 3529 /*) 3530 ;; 3531 *) 3532 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3533 ;; 3534 esac 3535 3536 if test ! -z "$withval" ; then 3537 if test ! -z "$PRNGD_PORT" ; then 3538 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3539 fi 3540 if test ! -r "$withval" ; then 3541 AC_MSG_WARN([Entropy socket is not readable]) 3542 fi 3543 PRNGD_SOCKET="$withval" 3544 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3545 [Location of PRNGD/EGD random number socket]) 3546 fi 3547 ], 3548 [ 3549 # Check for existing socket only if we don't have a random device already 3550 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3551 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3552 # Insert other locations here 3553 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3554 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3555 PRNGD_SOCKET="$sock" 3556 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3557 break; 3558 fi 3559 done 3560 if test ! -z "$PRNGD_SOCKET" ; then 3561 AC_MSG_RESULT([$PRNGD_SOCKET]) 3562 else 3563 AC_MSG_RESULT([not found]) 3564 fi 3565 fi 3566 ] 3567) 3568 3569# Which randomness source do we use? 3570if test ! -z "$PRNGD_PORT" ; then 3571 RAND_MSG="PRNGd port $PRNGD_PORT" 3572elif test ! -z "$PRNGD_SOCKET" ; then 3573 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3574elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3575 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3576 [Define if you want the OpenSSL internally seeded PRNG only]) 3577 RAND_MSG="OpenSSL internal ONLY" 3578elif test "x$openssl" = "xno" ; then 3579 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3580else 3581 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3582fi 3583LIBS="$nocrypto_saved_LIBS" 3584 3585saved_LIBS="$LIBS" 3586AC_CHECK_LIB([iaf], [ia_openinfo], [ 3587 LIBS="$LIBS -liaf" 3588 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3589 AC_DEFINE([HAVE_LIBIAF], [1], 3590 [Define if system has libiaf that supports set_id]) 3591 ]) 3592]) 3593LIBS="$saved_LIBS" 3594 3595# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3596saved_LIBS="$LIBS" 3597AC_CHECK_LIB([crypt], [crypt], [ 3598 LIBS="-lcrypt $LIBS" 3599 SSHDLIBS="-lcrypt $SSHDLIBS" 3600]) 3601AC_CHECK_FUNCS([crypt]) 3602LIBS="$saved_LIBS" 3603 3604# Check for PAM libs 3605PAM_MSG="no" 3606AC_ARG_WITH([pam], 3607 [ --with-pam Enable PAM support ], 3608 [ 3609 if test "x$withval" != "xno" ; then 3610 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3611 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3612 AC_MSG_ERROR([PAM headers not found]) 3613 fi 3614 3615 saved_LIBS="$LIBS" 3616 AC_CHECK_LIB([dl], [dlopen], , ) 3617 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3618 AC_CHECK_FUNCS([pam_getenvlist]) 3619 AC_CHECK_FUNCS([pam_putenv]) 3620 LIBS="$saved_LIBS" 3621 3622 PAM_MSG="yes" 3623 3624 SSHDLIBS="$SSHDLIBS -lpam" 3625 AC_DEFINE([USE_PAM], [1], 3626 [Define if you want to enable PAM support]) 3627 3628 if test $ac_cv_lib_dl_dlopen = yes; then 3629 case "$LIBS" in 3630 *-ldl*) 3631 # libdl already in LIBS 3632 ;; 3633 *) 3634 SSHDLIBS="$SSHDLIBS -ldl" 3635 ;; 3636 esac 3637 fi 3638 fi 3639 ] 3640) 3641 3642AC_ARG_WITH([pam-service], 3643 [ --with-pam-service=name Specify PAM service name ], 3644 [ 3645 if test "x$withval" != "xno" && \ 3646 test "x$withval" != "xyes" ; then 3647 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3648 ["$withval"], [sshd PAM service name]) 3649 fi 3650 ] 3651) 3652 3653# Check for older PAM 3654if test "x$PAM_MSG" = "xyes" ; then 3655 # Check PAM strerror arguments (old PAM) 3656 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3657 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3658#include <stdlib.h> 3659#if defined(HAVE_SECURITY_PAM_APPL_H) 3660#include <security/pam_appl.h> 3661#elif defined (HAVE_PAM_PAM_APPL_H) 3662#include <pam/pam_appl.h> 3663#endif 3664 ]], [[ 3665(void)pam_strerror((pam_handle_t *)NULL, -1); 3666 ]])], [AC_MSG_RESULT([no])], [ 3667 AC_DEFINE([HAVE_OLD_PAM], [1], 3668 [Define if you have an old version of PAM 3669 which takes only one argument to pam_strerror]) 3670 AC_MSG_RESULT([yes]) 3671 PAM_MSG="yes (old library)" 3672 3673 ]) 3674fi 3675 3676case "$host" in 3677*-*-cygwin*) 3678 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3679 ;; 3680*) 3681 SSH_PRIVSEP_USER=sshd 3682 ;; 3683esac 3684AC_ARG_WITH([privsep-user], 3685 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3686 [ 3687 if test -n "$withval" && test "x$withval" != "xno" && \ 3688 test "x${withval}" != "xyes"; then 3689 SSH_PRIVSEP_USER=$withval 3690 fi 3691 ] 3692) 3693if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3694 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3695 [Cygwin function to fetch non-privileged user for privilege separation]) 3696else 3697 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3698 [non-privileged user for privilege separation]) 3699fi 3700AC_SUBST([SSH_PRIVSEP_USER]) 3701 3702if test "x$have_linux_no_new_privs" = "x1" ; then 3703AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3704 #include <sys/types.h> 3705 #include <linux/seccomp.h> 3706]) 3707fi 3708if test "x$have_seccomp_filter" = "x1" ; then 3709AC_MSG_CHECKING([kernel for seccomp_filter support]) 3710AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3711 #include <errno.h> 3712 #include <elf.h> 3713 #include <linux/audit.h> 3714 #include <linux/seccomp.h> 3715 #include <stdlib.h> 3716 #include <sys/prctl.h> 3717 ]], 3718 [[ int i = $seccomp_audit_arch; 3719 errno = 0; 3720 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3721 exit(errno == EFAULT ? 0 : 1); ]])], 3722 [ AC_MSG_RESULT([yes]) ], [ 3723 AC_MSG_RESULT([no]) 3724 # Disable seccomp filter as a target 3725 have_seccomp_filter=0 3726 ] 3727) 3728fi 3729 3730AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3731#include <sys/types.h> 3732#ifdef HAVE_POLL_H 3733#include <poll.h> 3734#endif 3735#ifdef HAVE_SYS_POLL_H 3736#include <sys/poll.h> 3737#endif 3738]]) 3739 3740AC_CHECK_TYPES([nfds_t], , , [ 3741#include <sys/types.h> 3742#ifdef HAVE_POLL_H 3743#include <poll.h> 3744#endif 3745#ifdef HAVE_SYS_POLL_H 3746#include <sys/poll.h> 3747#endif 3748]) 3749 3750# Decide which sandbox style to use 3751sandbox_arg="" 3752AC_ARG_WITH([sandbox], 3753 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter)], 3754 [ 3755 if test "x$withval" = "xyes" ; then 3756 sandbox_arg="" 3757 else 3758 sandbox_arg="$withval" 3759 fi 3760 ] 3761) 3762 3763if test "x$sandbox_arg" != "xno"; then 3764# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3765# is greater than OPEN_MAX". On some platforms that includes implementions 3766# of select in userspace on top of poll() so check both work with rlimit 3767# NOFILES so check that both work before enabling the rlimit sandbox. 3768 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3769 AC_RUN_IFELSE( 3770 [AC_LANG_PROGRAM([[ 3771#include <sys/types.h> 3772#ifdef HAVE_SYS_TIME_H 3773# include <sys/time.h> 3774#endif 3775#include <sys/resource.h> 3776#ifdef HAVE_SYS_SELECT_H 3777# include <sys/select.h> 3778#endif 3779#ifdef HAVE_POLL_H 3780# include <poll.h> 3781#elif HAVE_SYS_POLL_H 3782# include <sys/poll.h> 3783#endif 3784#include <errno.h> 3785#include <fcntl.h> 3786#include <stdlib.h> 3787 ]],[[ 3788 struct rlimit rl_zero; 3789 int fd, r; 3790 fd_set fds; 3791 struct timeval tv; 3792#ifdef HAVE_POLL 3793 struct pollfd pfd; 3794#endif 3795 3796 fd = open("/dev/null", O_RDONLY); 3797 FD_ZERO(&fds); 3798 FD_SET(fd, &fds); 3799 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3800 setrlimit(RLIMIT_FSIZE, &rl_zero); 3801 setrlimit(RLIMIT_NOFILE, &rl_zero); 3802 tv.tv_sec = 1; 3803 tv.tv_usec = 0; 3804 r = select(fd+1, &fds, NULL, NULL, &tv); 3805 if (r == -1) 3806 exit(1); 3807#ifdef HAVE_POLL 3808 pfd.fd = fd; 3809 pfd.events = POLLIN; 3810 r = poll(&pfd, 1, 1); 3811 if (r == -1) 3812 exit(2); 3813#endif 3814 exit(0); 3815 ]])], 3816 [AC_MSG_RESULT([yes]) 3817 select_works_with_rlimit=yes], 3818 [AC_MSG_RESULT([no]) 3819 select_works_with_rlimit=no], 3820 [AC_MSG_WARN([cross compiling: assuming no]) 3821 select_works_with_rlimit=no] 3822 ) 3823 3824 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3825 AC_RUN_IFELSE( 3826 [AC_LANG_PROGRAM([[ 3827#include <sys/types.h> 3828#ifdef HAVE_SYS_TIME_H 3829# include <sys/time.h> 3830#endif 3831#include <sys/resource.h> 3832#include <errno.h> 3833#include <stdlib.h> 3834 ]],[[ 3835 struct rlimit rl_zero; 3836 int r; 3837 3838 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3839 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3840 exit (r == -1 ? 1 : 0); 3841 ]])], 3842 [AC_MSG_RESULT([yes]) 3843 rlimit_nofile_zero_works=yes], 3844 [AC_MSG_RESULT([no]) 3845 rlimit_nofile_zero_works=no], 3846 [AC_MSG_WARN([cross compiling: assuming yes]) 3847 rlimit_nofile_zero_works=yes] 3848 ) 3849 3850 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3851 AC_RUN_IFELSE( 3852 [AC_LANG_PROGRAM([[ 3853#include <sys/types.h> 3854#include <sys/resource.h> 3855#include <stdlib.h> 3856 ]],[[ 3857 struct rlimit rl_zero; 3858 3859 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3860 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3861 ]])], 3862 [AC_MSG_RESULT([yes])], 3863 [AC_MSG_RESULT([no]) 3864 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3865 [setrlimit RLIMIT_FSIZE works])], 3866 [AC_MSG_WARN([cross compiling: assuming yes])] 3867 ) 3868fi 3869 3870if test "x$sandbox_arg" = "xdarwin" || \ 3871 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3872 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3873 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3874 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3875 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3876 SANDBOX_STYLE="darwin" 3877 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3878elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3879 ( test -z "$sandbox_arg" && \ 3880 test "x$have_seccomp_filter" = "x1" && \ 3881 test "x$ac_cv_header_elf_h" = "xyes" && \ 3882 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3883 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3884 test "x$seccomp_audit_arch" != "x" && \ 3885 test "x$have_linux_no_new_privs" = "x1" && \ 3886 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3887 test "x$seccomp_audit_arch" = "x" && \ 3888 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3889 test "x$have_linux_no_new_privs" != "x1" && \ 3890 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3891 test "x$have_seccomp_filter" != "x1" && \ 3892 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3893 test "x$ac_cv_func_prctl" != "xyes" && \ 3894 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3895 SANDBOX_STYLE="seccomp_filter" 3896 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3897elif test "x$sandbox_arg" = "xcapsicum" || \ 3898 ( test -z "$sandbox_arg" && \ 3899 test "x$disable_capsicum" != "xyes" && \ 3900 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3901 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3902 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3903 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3904 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3905 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3906 SANDBOX_STYLE="capsicum" 3907 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3908elif test "x$sandbox_arg" = "xrlimit" || \ 3909 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3910 test "x$select_works_with_rlimit" = "xyes" && \ 3911 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3912 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3913 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3914 test "x$select_works_with_rlimit" != "xyes" && \ 3915 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3916 SANDBOX_STYLE="rlimit" 3917 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3918elif test "x$sandbox_arg" = "xsolaris" || \ 3919 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3920 SANDBOX_STYLE="solaris" 3921 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3922elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3923 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3924 SANDBOX_STYLE="none" 3925 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3926else 3927 AC_MSG_ERROR([unsupported --with-sandbox]) 3928fi 3929 3930# Cheap hack to ensure NEWS-OS libraries are arranged right. 3931if test ! -z "$SONY" ; then 3932 LIBS="$LIBS -liberty"; 3933fi 3934 3935# Check for long long datatypes 3936AC_CHECK_TYPES([long long, unsigned long long, long double]) 3937 3938# Check datatype sizes 3939AC_CHECK_SIZEOF([short int]) 3940AC_CHECK_SIZEOF([int]) 3941AC_CHECK_SIZEOF([long int]) 3942AC_CHECK_SIZEOF([long long int]) 3943AC_CHECK_SIZEOF([time_t], [], [[ 3944 #include <sys/types.h> 3945 #ifdef HAVE_SYS_TIME_H 3946 # include <sys/time.h> 3947 #endif 3948 #ifdef HAVE_TIME_H 3949 # include <time.h> 3950 #endif 3951 ]] 3952) 3953 3954# Sanity check long long for some platforms (AIX) 3955if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3956 ac_cv_sizeof_long_long_int=0 3957fi 3958 3959# compute LLONG_MIN and LLONG_MAX if we don't know them. 3960if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3961 AC_MSG_CHECKING([for max value of long long]) 3962 AC_RUN_IFELSE( 3963 [AC_LANG_PROGRAM([[ 3964#include <stdio.h> 3965#include <stdlib.h> 3966/* Why is this so damn hard? */ 3967#ifdef __GNUC__ 3968# undef __GNUC__ 3969#endif 3970#define __USE_ISOC99 3971#include <limits.h> 3972#define DATA "conftest.llminmax" 3973#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3974 3975/* 3976 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3977 * we do this the hard way. 3978 */ 3979static int 3980fprint_ll(FILE *f, long long n) 3981{ 3982 unsigned int i; 3983 int l[sizeof(long long) * 8]; 3984 3985 if (n < 0) 3986 if (fprintf(f, "-") < 0) 3987 return -1; 3988 for (i = 0; n != 0; i++) { 3989 l[i] = my_abs(n % 10); 3990 n /= 10; 3991 } 3992 do { 3993 if (fprintf(f, "%d", l[--i]) < 0) 3994 return -1; 3995 } while (i != 0); 3996 if (fprintf(f, " ") < 0) 3997 return -1; 3998 return 0; 3999} 4000 ]], [[ 4001 FILE *f; 4002 long long i, llmin, llmax = 0; 4003 4004 if((f = fopen(DATA,"w")) == NULL) 4005 exit(1); 4006 4007#if defined(LLONG_MIN) && defined(LLONG_MAX) 4008 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 4009 llmin = LLONG_MIN; 4010 llmax = LLONG_MAX; 4011#else 4012 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 4013 /* This will work on one's complement and two's complement */ 4014 for (i = 1; i > llmax; i <<= 1, i++) 4015 llmax = i; 4016 llmin = llmax + 1LL; /* wrap */ 4017#endif 4018 4019 /* Sanity check */ 4020 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 4021 || llmax - 1 > llmax || llmin == llmax || llmin == 0 4022 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 4023 fprintf(f, "unknown unknown\n"); 4024 exit(2); 4025 } 4026 4027 if (fprint_ll(f, llmin) < 0) 4028 exit(3); 4029 if (fprint_ll(f, llmax) < 0) 4030 exit(4); 4031 if (fclose(f) < 0) 4032 exit(5); 4033 exit(0); 4034 ]])], 4035 [ 4036 llong_min=`$AWK '{print $1}' conftest.llminmax` 4037 llong_max=`$AWK '{print $2}' conftest.llminmax` 4038 4039 AC_MSG_RESULT([$llong_max]) 4040 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 4041 [max value of long long calculated by configure]) 4042 AC_MSG_CHECKING([for min value of long long]) 4043 AC_MSG_RESULT([$llong_min]) 4044 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 4045 [min value of long long calculated by configure]) 4046 ], 4047 [ 4048 AC_MSG_RESULT([not found]) 4049 ], 4050 [ 4051 AC_MSG_WARN([cross compiling: not checking]) 4052 ] 4053 ) 4054fi 4055 4056AC_CHECK_DECLS([UINT32_MAX], , , [[ 4057#ifdef HAVE_SYS_LIMITS_H 4058# include <sys/limits.h> 4059#endif 4060#ifdef HAVE_LIMITS_H 4061# include <limits.h> 4062#endif 4063#ifdef HAVE_STDINT_H 4064# include <stdint.h> 4065#endif 4066]]) 4067 4068# More checks for data types 4069AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 4070 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4071 [[ u_int a; a = 1;]])], 4072 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 4073 ]) 4074]) 4075if test "x$ac_cv_have_u_int" = "xyes" ; then 4076 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 4077 have_u_int=1 4078fi 4079 4080AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 4081 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4082 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 4083 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 4084 ]) 4085]) 4086if test "x$ac_cv_have_intxx_t" = "xyes" ; then 4087 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 4088 have_intxx_t=1 4089fi 4090 4091if (test -z "$have_intxx_t" && \ 4092 test "x$ac_cv_header_stdint_h" = "xyes") 4093then 4094 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 4095 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4096 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 4097 [ 4098 AC_DEFINE([HAVE_INTXX_T]) 4099 AC_MSG_RESULT([yes]) 4100 ], [ AC_MSG_RESULT([no]) 4101 ]) 4102fi 4103 4104AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 4105 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4106#include <sys/types.h> 4107#ifdef HAVE_STDINT_H 4108# include <stdint.h> 4109#endif 4110#include <sys/socket.h> 4111#ifdef HAVE_SYS_BITYPES_H 4112# include <sys/bitypes.h> 4113#endif 4114 ]], [[ 4115int64_t a; a = 1; 4116 ]])], 4117 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 4118 ]) 4119]) 4120if test "x$ac_cv_have_int64_t" = "xyes" ; then 4121 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 4122fi 4123 4124AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 4125 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4126 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4127 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 4128 ]) 4129]) 4130if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 4131 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 4132 have_u_intxx_t=1 4133fi 4134 4135if test -z "$have_u_intxx_t" ; then 4136 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 4137 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 4138 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4139 [ 4140 AC_DEFINE([HAVE_U_INTXX_T]) 4141 AC_MSG_RESULT([yes]) 4142 ], [ AC_MSG_RESULT([no]) 4143 ]) 4144fi 4145 4146AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4147 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4148 [[ u_int64_t a; a = 1;]])], 4149 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4150 ]) 4151]) 4152if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4153 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4154 have_u_int64_t=1 4155fi 4156 4157if (test -z "$have_u_int64_t" && \ 4158 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4159then 4160 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4161 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4162 [[ u_int64_t a; a = 1]])], 4163 [ 4164 AC_DEFINE([HAVE_U_INT64_T]) 4165 AC_MSG_RESULT([yes]) 4166 ], [ AC_MSG_RESULT([no]) 4167 ]) 4168fi 4169 4170if test -z "$have_u_intxx_t" ; then 4171 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4172 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4173#include <sys/types.h> 4174 ]], [[ 4175 uint8_t a; 4176 uint16_t b; 4177 uint32_t c; 4178 a = b = c = 1; 4179 ]])], 4180 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4181 ]) 4182 ]) 4183 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4184 AC_DEFINE([HAVE_UINTXX_T], [1], 4185 [define if you have uintxx_t data type]) 4186 fi 4187fi 4188 4189if (test -z "$have_uintxx_t" && \ 4190 test "x$ac_cv_header_stdint_h" = "xyes") 4191then 4192 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4193 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4194 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4195 [ 4196 AC_DEFINE([HAVE_UINTXX_T]) 4197 AC_MSG_RESULT([yes]) 4198 ], [ AC_MSG_RESULT([no]) 4199 ]) 4200fi 4201 4202if (test -z "$have_uintxx_t" && \ 4203 test "x$ac_cv_header_inttypes_h" = "xyes") 4204then 4205 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4206 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4207 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4208 [ 4209 AC_DEFINE([HAVE_UINTXX_T]) 4210 AC_MSG_RESULT([yes]) 4211 ], [ AC_MSG_RESULT([no]) 4212 ]) 4213fi 4214 4215if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4216 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4217then 4218 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4219 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4220#include <sys/bitypes.h> 4221 ]], [[ 4222 int8_t a; int16_t b; int32_t c; 4223 u_int8_t e; u_int16_t f; u_int32_t g; 4224 a = b = c = e = f = g = 1; 4225 ]])], 4226 [ 4227 AC_DEFINE([HAVE_U_INTXX_T]) 4228 AC_DEFINE([HAVE_INTXX_T]) 4229 AC_MSG_RESULT([yes]) 4230 ], [AC_MSG_RESULT([no]) 4231 ]) 4232fi 4233 4234 4235AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4236 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4237 [[ u_char foo; foo = 125; ]])], 4238 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4239 ]) 4240]) 4241if test "x$ac_cv_have_u_char" = "xyes" ; then 4242 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4243fi 4244 4245AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4246#include <sys/types.h> 4247#ifdef HAVE_STDINT_H 4248# include <stdint.h> 4249#endif 4250]) 4251 4252TYPE_SOCKLEN_T 4253 4254AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4255AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4256#include <sys/types.h> 4257#ifdef HAVE_SYS_BITYPES_H 4258#include <sys/bitypes.h> 4259#endif 4260#ifdef HAVE_SYS_STATFS_H 4261#include <sys/statfs.h> 4262#endif 4263#ifdef HAVE_SYS_STATVFS_H 4264#include <sys/statvfs.h> 4265#endif 4266]) 4267 4268AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4269#include <sys/param.h> 4270#include <sys/types.h> 4271#ifdef HAVE_SYS_BITYPES_H 4272#include <sys/bitypes.h> 4273#endif 4274#ifdef HAVE_SYS_STATFS_H 4275#include <sys/statfs.h> 4276#endif 4277#ifdef HAVE_SYS_STATVFS_H 4278#include <sys/statvfs.h> 4279#endif 4280#ifdef HAVE_SYS_VFS_H 4281#include <sys/vfs.h> 4282#endif 4283#ifdef HAVE_SYS_MOUNT_H 4284#include <sys/mount.h> 4285#endif 4286]]) 4287 4288 4289AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4290[#include <sys/types.h> 4291#include <netinet/in.h>]) 4292 4293AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4294 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4295 [[ size_t foo; foo = 1235; ]])], 4296 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4297 ]) 4298]) 4299if test "x$ac_cv_have_size_t" = "xyes" ; then 4300 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4301fi 4302 4303AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4304 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4305 [[ ssize_t foo; foo = 1235; ]])], 4306 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4307 ]) 4308]) 4309if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4310 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4311fi 4312 4313AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4314 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4315 [[ clock_t foo; foo = 1235; ]])], 4316 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4317 ]) 4318]) 4319if test "x$ac_cv_have_clock_t" = "xyes" ; then 4320 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4321fi 4322 4323AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4324 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4325#include <sys/types.h> 4326#include <sys/socket.h> 4327 ]], [[ sa_family_t foo; foo = 1235; ]])], 4328 [ ac_cv_have_sa_family_t="yes" ], 4329 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4330#include <sys/types.h> 4331#include <sys/socket.h> 4332#include <netinet/in.h> 4333 ]], [[ sa_family_t foo; foo = 1235; ]])], 4334 [ ac_cv_have_sa_family_t="yes" ], 4335 [ ac_cv_have_sa_family_t="no" ] 4336 ) 4337 ]) 4338]) 4339if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4340 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4341 [define if you have sa_family_t data type]) 4342fi 4343 4344AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4345 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4346 [[ pid_t foo; foo = 1235; ]])], 4347 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4348 ]) 4349]) 4350if test "x$ac_cv_have_pid_t" = "xyes" ; then 4351 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4352fi 4353 4354AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4355 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4356 [[ mode_t foo; foo = 1235; ]])], 4357 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4358 ]) 4359]) 4360if test "x$ac_cv_have_mode_t" = "xyes" ; then 4361 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4362fi 4363 4364 4365AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4366 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4367#include <sys/types.h> 4368#include <sys/socket.h> 4369 ]], [[ struct sockaddr_storage s; ]])], 4370 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4371 [ ac_cv_have_struct_sockaddr_storage="no" 4372 ]) 4373]) 4374if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4375 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4376 [define if you have struct sockaddr_storage data type]) 4377fi 4378 4379AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4380 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4381#include <sys/types.h> 4382#include <netinet/in.h> 4383 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4384 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4385 [ ac_cv_have_struct_sockaddr_in6="no" 4386 ]) 4387]) 4388if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4389 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4390 [define if you have struct sockaddr_in6 data type]) 4391fi 4392 4393AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4394 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4395#include <sys/types.h> 4396#include <netinet/in.h> 4397 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4398 [ ac_cv_have_struct_in6_addr="yes" ], 4399 [ ac_cv_have_struct_in6_addr="no" 4400 ]) 4401]) 4402if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4403 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4404 [define if you have struct in6_addr data type]) 4405 4406dnl Now check for sin6_scope_id 4407 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4408 [ 4409#ifdef HAVE_SYS_TYPES_H 4410#include <sys/types.h> 4411#endif 4412#include <netinet/in.h> 4413 ]) 4414fi 4415 4416AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4417 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4418#include <sys/types.h> 4419#include <sys/socket.h> 4420#include <netdb.h> 4421 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4422 [ ac_cv_have_struct_addrinfo="yes" ], 4423 [ ac_cv_have_struct_addrinfo="no" 4424 ]) 4425]) 4426if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4427 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4428 [define if you have struct addrinfo data type]) 4429fi 4430 4431AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4432 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4433 [[ struct timeval tv; tv.tv_sec = 1;]])], 4434 [ ac_cv_have_struct_timeval="yes" ], 4435 [ ac_cv_have_struct_timeval="no" 4436 ]) 4437]) 4438if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4439 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4440 have_struct_timeval=1 4441fi 4442 4443AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4444 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4445 #ifdef HAVE_SYS_TIME_H 4446 # include <sys/time.h> 4447 #endif 4448 #ifdef HAVE_TIME_H 4449 # include <time.h> 4450 #endif 4451 ]], 4452 [[ struct timespec ts; ts.tv_sec = 1;]])], 4453 [ ac_cv_have_struct_timespec="yes" ], 4454 [ ac_cv_have_struct_timespec="no" 4455 ]) 4456]) 4457if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4458 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4459 have_struct_timespec=1 4460fi 4461 4462# We need int64_t or else certain parts of the compile will fail. 4463if test "x$ac_cv_have_int64_t" = "xno" && \ 4464 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4465 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4466 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4467 echo "an alternative compiler (I.E., GCC) before continuing." 4468 echo "" 4469 exit 1; 4470else 4471dnl test snprintf (broken on SCO w/gcc) 4472 AC_RUN_IFELSE( 4473 [AC_LANG_SOURCE([[ 4474#include <stdio.h> 4475#include <stdlib.h> 4476#include <string.h> 4477#ifdef HAVE_SNPRINTF 4478int main(void) 4479{ 4480 char buf[50]; 4481 char expected_out[50]; 4482 int mazsize = 50 ; 4483#if (SIZEOF_LONG_INT == 8) 4484 long int num = 0x7fffffffffffffff; 4485#else 4486 long long num = 0x7fffffffffffffffll; 4487#endif 4488 strcpy(expected_out, "9223372036854775807"); 4489#if (SIZEOF_LONG_INT == 8) 4490 snprintf(buf, mazsize, "%ld", num); 4491#else 4492 snprintf(buf, mazsize, "%lld", num); 4493#endif 4494 if(strcmp(buf, expected_out) != 0) 4495 exit(1); 4496 exit(0); 4497} 4498#else 4499int main(void) { exit(0); } 4500#endif 4501 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4502 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4503 ) 4504fi 4505 4506dnl Checks for structure members 4507OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4508OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4509OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4510OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4511OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4512OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4513OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4514OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4515OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4516OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4517OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4518OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4519OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4520OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4521OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4522OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4523OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4524OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4525 4526AC_CHECK_MEMBERS([struct stat.st_blksize]) 4527AC_CHECK_MEMBERS([struct stat.st_mtim]) 4528AC_CHECK_MEMBERS([struct stat.st_mtime]) 4529AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4530struct passwd.pw_change, struct passwd.pw_expire], 4531[], [], [[ 4532#include <sys/types.h> 4533#include <pwd.h> 4534]]) 4535 4536AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4537 [Define if we don't have struct __res_state in resolv.h])], 4538[[ 4539#include <stdio.h> 4540#if HAVE_SYS_TYPES_H 4541# include <sys/types.h> 4542#endif 4543#include <netinet/in.h> 4544#include <arpa/nameser.h> 4545#include <resolv.h> 4546]]) 4547 4548AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4549 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4550 [], 4551 [AC_LANG_SOURCE([[ 4552#include <sys/types.h> 4553#include <sys/socket.h> 4554#include <netinet/in.h> 4555 ]])] 4556) 4557 4558AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4559 ac_cv_have_ss_family_in_struct_ss, [ 4560 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4561#include <sys/types.h> 4562#include <sys/socket.h> 4563 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4564 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4565 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4566]) 4567if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4568 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4569fi 4570 4571AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4572 ac_cv_have___ss_family_in_struct_ss, [ 4573 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4574#include <sys/types.h> 4575#include <sys/socket.h> 4576 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4577 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4578 [ ac_cv_have___ss_family_in_struct_ss="no" 4579 ]) 4580]) 4581if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4582 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4583 [Fields in struct sockaddr_storage]) 4584fi 4585 4586dnl make sure we're using the real structure members and not defines 4587AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4588 ac_cv_have_accrights_in_msghdr, [ 4589 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4590#include <sys/types.h> 4591#include <sys/socket.h> 4592#include <sys/uio.h> 4593#include <stdlib.h> 4594 ]], [[ 4595#ifdef msg_accrights 4596#error "msg_accrights is a macro" 4597exit(1); 4598#endif 4599struct msghdr m; 4600m.msg_accrights = 0; 4601exit(0); 4602 ]])], 4603 [ ac_cv_have_accrights_in_msghdr="yes" ], 4604 [ ac_cv_have_accrights_in_msghdr="no" ] 4605 ) 4606]) 4607if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4608 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4609 [Define if your system uses access rights style 4610 file descriptor passing]) 4611fi 4612 4613AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4614AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4615#include <sys/param.h> 4616#include <sys/stat.h> 4617#ifdef HAVE_SYS_TIME_H 4618# include <sys/time.h> 4619#endif 4620#ifdef HAVE_SYS_MOUNT_H 4621#include <sys/mount.h> 4622#endif 4623#ifdef HAVE_SYS_STATVFS_H 4624#include <sys/statvfs.h> 4625#endif 4626 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4627 [ AC_MSG_RESULT([yes]) ], 4628 [ AC_MSG_RESULT([no]) 4629 4630 AC_MSG_CHECKING([if fsid_t has member val]) 4631 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4632#include <sys/types.h> 4633#include <sys/statvfs.h> 4634 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4635 [ AC_MSG_RESULT([yes]) 4636 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4637 [ AC_MSG_RESULT([no]) ]) 4638 4639 AC_MSG_CHECKING([if f_fsid has member __val]) 4640 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4641#include <sys/types.h> 4642#include <sys/statvfs.h> 4643 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4644 [ AC_MSG_RESULT([yes]) 4645 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4646 [ AC_MSG_RESULT([no]) ]) 4647]) 4648 4649AC_CACHE_CHECK([for msg_control field in struct msghdr], 4650 ac_cv_have_control_in_msghdr, [ 4651 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4652#include <sys/types.h> 4653#include <sys/socket.h> 4654#include <sys/uio.h> 4655#include <stdlib.h> 4656 ]], [[ 4657#ifdef msg_control 4658#error "msg_control is a macro" 4659exit(1); 4660#endif 4661struct msghdr m; 4662m.msg_control = 0; 4663exit(0); 4664 ]])], 4665 [ ac_cv_have_control_in_msghdr="yes" ], 4666 [ ac_cv_have_control_in_msghdr="no" ] 4667 ) 4668]) 4669if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4670 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4671 [Define if your system uses ancillary data style 4672 file descriptor passing]) 4673fi 4674 4675AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4676 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4677 [[ extern char *__progname; printf("%s", __progname); ]])], 4678 [ ac_cv_libc_defines___progname="yes" ], 4679 [ ac_cv_libc_defines___progname="no" 4680 ]) 4681]) 4682if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4683 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4684fi 4685 4686AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4687 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4688 [[ printf("%s", __FUNCTION__); ]])], 4689 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4690 [ ac_cv_cc_implements___FUNCTION__="no" 4691 ]) 4692]) 4693if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4694 AC_DEFINE([HAVE___FUNCTION__], [1], 4695 [Define if compiler implements __FUNCTION__]) 4696fi 4697 4698AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4699 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4700 [[ printf("%s", __func__); ]])], 4701 [ ac_cv_cc_implements___func__="yes" ], 4702 [ ac_cv_cc_implements___func__="no" 4703 ]) 4704]) 4705if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4706 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4707fi 4708 4709AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4710 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4711#include <stdarg.h> 4712va_list x,y; 4713 ]], [[ va_copy(x,y); ]])], 4714 [ ac_cv_have_va_copy="yes" ], 4715 [ ac_cv_have_va_copy="no" 4716 ]) 4717]) 4718if test "x$ac_cv_have_va_copy" = "xyes" ; then 4719 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4720fi 4721 4722AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4723 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4724#include <stdarg.h> 4725va_list x,y; 4726 ]], [[ __va_copy(x,y); ]])], 4727 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4728 ]) 4729]) 4730if test "x$ac_cv_have___va_copy" = "xyes" ; then 4731 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4732fi 4733 4734AC_CACHE_CHECK([whether getopt has optreset support], 4735 ac_cv_have_getopt_optreset, [ 4736 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4737 [[ extern int optreset; optreset = 0; ]])], 4738 [ ac_cv_have_getopt_optreset="yes" ], 4739 [ ac_cv_have_getopt_optreset="no" 4740 ]) 4741]) 4742if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4743 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4744 [Define if your getopt(3) defines and uses optreset]) 4745fi 4746 4747AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4748 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4749[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4750 [ ac_cv_libc_defines_sys_errlist="yes" ], 4751 [ ac_cv_libc_defines_sys_errlist="no" 4752 ]) 4753]) 4754if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4755 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4756 [Define if your system defines sys_errlist[]]) 4757fi 4758 4759 4760AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4761 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4762[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4763 [ ac_cv_libc_defines_sys_nerr="yes" ], 4764 [ ac_cv_libc_defines_sys_nerr="no" 4765 ]) 4766]) 4767if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4768 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4769fi 4770 4771# Check libraries needed by DNS fingerprint support 4772AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4773 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4774 [Define if getrrsetbyname() exists])], 4775 [ 4776 # Needed by our getrrsetbyname() 4777 AC_SEARCH_LIBS([res_query], [resolv]) 4778 AC_SEARCH_LIBS([dn_expand], [resolv]) 4779 AC_MSG_CHECKING([if res_query will link]) 4780 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4781#include <sys/types.h> 4782#include <netinet/in.h> 4783#include <arpa/nameser.h> 4784#include <netdb.h> 4785#include <resolv.h> 4786 ]], [[ 4787 res_query (0, 0, 0, 0, 0); 4788 ]])], 4789 AC_MSG_RESULT([yes]), 4790 [AC_MSG_RESULT([no]) 4791 saved_LIBS="$LIBS" 4792 LIBS="$LIBS -lresolv" 4793 AC_MSG_CHECKING([for res_query in -lresolv]) 4794 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4795#include <sys/types.h> 4796#include <netinet/in.h> 4797#include <arpa/nameser.h> 4798#include <netdb.h> 4799#include <resolv.h> 4800 ]], [[ 4801 res_query (0, 0, 0, 0, 0); 4802 ]])], 4803 [AC_MSG_RESULT([yes])], 4804 [LIBS="$saved_LIBS" 4805 AC_MSG_RESULT([no])]) 4806 ]) 4807 AC_CHECK_FUNCS([_getshort _getlong]) 4808 AC_CHECK_DECLS([_getshort, _getlong], , , 4809 [#include <sys/types.h> 4810 #include <arpa/nameser.h>]) 4811 AC_CHECK_MEMBER([HEADER.ad], 4812 [AC_DEFINE([HAVE_HEADER_AD], [1], 4813 [Define if HEADER.ad exists in arpa/nameser.h])], , 4814 [#include <arpa/nameser.h>]) 4815 ]) 4816 4817AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4818AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4819#include <stdio.h> 4820#if HAVE_SYS_TYPES_H 4821# include <sys/types.h> 4822#endif 4823#include <netinet/in.h> 4824#include <arpa/nameser.h> 4825#include <resolv.h> 4826extern struct __res_state _res; 4827 ]], [[ 4828struct __res_state *volatile p = &_res; /* force resolution of _res */ 4829return 0; 4830 ]],)], 4831 [AC_MSG_RESULT([yes]) 4832 AC_DEFINE([HAVE__RES_EXTERN], [1], 4833 [Define if you have struct __res_state _res as an extern]) 4834 ], 4835 [ AC_MSG_RESULT([no]) ] 4836) 4837 4838# Check whether user wants SELinux support 4839SELINUX_MSG="no" 4840LIBSELINUX="" 4841AC_ARG_WITH([selinux], 4842 [ --with-selinux Enable SELinux support], 4843 [ if test "x$withval" != "xno" ; then 4844 save_LIBS="$LIBS" 4845 AC_DEFINE([WITH_SELINUX], [1], 4846 [Define if you want SELinux support.]) 4847 SELINUX_MSG="yes" 4848 AC_CHECK_HEADER([selinux/selinux.h], , 4849 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4850 AC_CHECK_LIB([selinux], [setexeccon], 4851 [ LIBSELINUX="-lselinux" 4852 LIBS="$LIBS -lselinux" 4853 ], 4854 AC_MSG_ERROR([SELinux support requires libselinux library])) 4855 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4856 LIBS="$save_LIBS $LIBSELINUX" 4857 fi ] 4858) 4859AC_SUBST([SSHDLIBS]) 4860 4861# Check whether user wants Kerberos 5 support 4862KRB5_MSG="no" 4863AC_ARG_WITH([kerberos5], 4864 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4865 [ if test "x$withval" != "xno" ; then 4866 if test "x$withval" = "xyes" ; then 4867 KRB5ROOT="/usr/local" 4868 else 4869 KRB5ROOT=${withval} 4870 fi 4871 4872 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4873 KRB5_MSG="yes" 4874 4875 use_pkgconfig_for_krb5= 4876 if test "x$PKGCONFIG" != "xno"; then 4877 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4878 if "$PKGCONFIG" krb5; then 4879 AC_MSG_RESULT([yes]) 4880 use_pkgconfig_for_krb5=yes 4881 else 4882 AC_MSG_RESULT([no]) 4883 fi 4884 fi 4885 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4886 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4887 K5LIBS=`$PKGCONFIG --libs krb5` 4888 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4889 4890 AC_MSG_CHECKING([for gssapi support]) 4891 if "$PKGCONFIG" krb5-gssapi; then 4892 AC_MSG_RESULT([yes]) 4893 AC_DEFINE([GSSAPI], [1], 4894 [Define this if you want GSSAPI 4895 support in the version 2 protocol]) 4896 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4897 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4898 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4899 else 4900 AC_MSG_RESULT([no]) 4901 fi 4902 AC_MSG_CHECKING([whether we are using Heimdal]) 4903 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4904 ]], [[ char *tmp = heimdal_version; ]])], 4905 [ AC_MSG_RESULT([yes]) 4906 AC_DEFINE([HEIMDAL], [1], 4907 [Define this if you are using the Heimdal 4908 version of Kerberos V5]) ], 4909 [AC_MSG_RESULT([no]) 4910 ]) 4911 else 4912 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4913 [$KRB5ROOT/bin/krb5-config], 4914 [$KRB5ROOT/bin:$PATH]) 4915 if test -x $KRB5CONF ; then 4916 K5CFLAGS="`$KRB5CONF --cflags`" 4917 K5LIBS="`$KRB5CONF --libs`" 4918 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4919 4920 AC_MSG_CHECKING([for gssapi support]) 4921 if $KRB5CONF | grep gssapi >/dev/null ; then 4922 AC_MSG_RESULT([yes]) 4923 AC_DEFINE([GSSAPI], [1], 4924 [Define this if you want GSSAPI 4925 support in the version 2 protocol]) 4926 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4927 GSSLIBS="`$KRB5CONF --libs gssapi`" 4928 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4929 else 4930 AC_MSG_RESULT([no]) 4931 fi 4932 AC_MSG_CHECKING([whether we are using Heimdal]) 4933 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4934 ]], [[ char *tmp = heimdal_version; ]])], 4935 [ AC_MSG_RESULT([yes]) 4936 AC_DEFINE([HEIMDAL], [1], 4937 [Define this if you are using the Heimdal 4938 version of Kerberos V5]) ], 4939 [AC_MSG_RESULT([no]) 4940 ]) 4941 else 4942 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4943 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4944 AC_MSG_CHECKING([whether we are using Heimdal]) 4945 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4946 ]], [[ char *tmp = heimdal_version; ]])], 4947 [ AC_MSG_RESULT([yes]) 4948 AC_DEFINE([HEIMDAL]) 4949 K5LIBS="-lkrb5" 4950 K5LIBS="$K5LIBS -lcom_err -lasn1" 4951 AC_CHECK_LIB([roken], [net_write], 4952 [K5LIBS="$K5LIBS -lroken"]) 4953 AC_CHECK_LIB([des], [des_cbc_encrypt], 4954 [K5LIBS="$K5LIBS -ldes"]) 4955 ], [ AC_MSG_RESULT([no]) 4956 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4957 ]) 4958 AC_SEARCH_LIBS([dn_expand], [resolv]) 4959 4960 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4961 [ AC_DEFINE([GSSAPI]) 4962 GSSLIBS="-lgssapi_krb5" ], 4963 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4964 [ AC_DEFINE([GSSAPI]) 4965 GSSLIBS="-lgssapi" ], 4966 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4967 [ AC_DEFINE([GSSAPI]) 4968 GSSLIBS="-lgss" ], 4969 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4970 ]) 4971 ]) 4972 4973 AC_CHECK_HEADER([gssapi.h], , 4974 [ unset ac_cv_header_gssapi_h 4975 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4976 AC_CHECK_HEADERS([gssapi.h], , 4977 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4978 ) 4979 ] 4980 ) 4981 4982 oldCPP="$CPPFLAGS" 4983 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4984 AC_CHECK_HEADER([gssapi_krb5.h], , 4985 [ CPPFLAGS="$oldCPP" ]) 4986 4987 fi 4988 fi 4989 if test -n "${rpath_opt}" ; then 4990 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4991 fi 4992 if test ! -z "$blibpath" ; then 4993 blibpath="$blibpath:${KRB5ROOT}/lib" 4994 fi 4995 4996 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4997 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4998 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4999 5000 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 5001 [Define this if you want to use libkafs' AFS support])]) 5002 5003 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 5004#ifdef HAVE_GSSAPI_H 5005# include <gssapi.h> 5006#elif defined(HAVE_GSSAPI_GSSAPI_H) 5007# include <gssapi/gssapi.h> 5008#endif 5009 5010#ifdef HAVE_GSSAPI_GENERIC_H 5011# include <gssapi_generic.h> 5012#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 5013# include <gssapi/gssapi_generic.h> 5014#endif 5015 ]]) 5016 saved_LIBS="$LIBS" 5017 LIBS="$LIBS $K5LIBS" 5018 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 5019 LIBS="$saved_LIBS" 5020 5021 fi 5022 ] 5023) 5024AC_SUBST([GSSLIBS]) 5025AC_SUBST([K5LIBS]) 5026AC_SUBST([CHANNELLIBS]) 5027 5028# Looking for programs, paths and files 5029 5030PRIVSEP_PATH=/var/empty 5031AC_ARG_WITH([privsep-path], 5032 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 5033 [ 5034 if test -n "$withval" && test "x$withval" != "xno" && \ 5035 test "x${withval}" != "xyes"; then 5036 PRIVSEP_PATH=$withval 5037 fi 5038 ] 5039) 5040AC_SUBST([PRIVSEP_PATH]) 5041 5042AC_ARG_WITH([xauth], 5043 [ --with-xauth=PATH Specify path to xauth program ], 5044 [ 5045 if test -n "$withval" && test "x$withval" != "xno" && \ 5046 test "x${withval}" != "xyes"; then 5047 xauth_path=$withval 5048 fi 5049 ], 5050 [ 5051 TestPath="$PATH" 5052 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 5053 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 5054 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 5055 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 5056 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 5057 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 5058 xauth_path="/usr/openwin/bin/xauth" 5059 fi 5060 ] 5061) 5062 5063STRIP_OPT=-s 5064AC_ARG_ENABLE([strip], 5065 [ --disable-strip Disable calling strip(1) on install], 5066 [ 5067 if test "x$enableval" = "xno" ; then 5068 STRIP_OPT= 5069 fi 5070 ] 5071) 5072AC_SUBST([STRIP_OPT]) 5073 5074if test -z "$xauth_path" ; then 5075 XAUTH_PATH="undefined" 5076 AC_SUBST([XAUTH_PATH]) 5077else 5078 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 5079 [Define if xauth is found in your path]) 5080 XAUTH_PATH=$xauth_path 5081 AC_SUBST([XAUTH_PATH]) 5082fi 5083 5084dnl # --with-maildir=/path/to/mail gets top priority. 5085dnl # if maildir is set in the platform case statement above we use that. 5086dnl # Otherwise we run a program to get the dir from system headers. 5087dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 5088dnl # If we find _PATH_MAILDIR we do nothing because that is what 5089dnl # session.c expects anyway. Otherwise we set to the value found 5090dnl # stripping any trailing slash. If for some strage reason our program 5091dnl # does not find what it needs, we default to /var/spool/mail. 5092# Check for mail directory 5093AC_ARG_WITH([maildir], 5094 [ --with-maildir=/path/to/mail Specify your system mail directory], 5095 [ 5096 if test "X$withval" != X && test "x$withval" != xno && \ 5097 test "x${withval}" != xyes; then 5098 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 5099 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 5100 fi 5101 ],[ 5102 if test "X$maildir" != "X"; then 5103 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5104 else 5105 AC_MSG_CHECKING([Discovering system mail directory]) 5106 AC_RUN_IFELSE( 5107 [AC_LANG_PROGRAM([[ 5108#include <stdio.h> 5109#include <stdlib.h> 5110#include <string.h> 5111#ifdef HAVE_PATHS_H 5112#include <paths.h> 5113#endif 5114#ifdef HAVE_MAILLOCK_H 5115#include <maillock.h> 5116#endif 5117#define DATA "conftest.maildir" 5118 ]], [[ 5119 FILE *fd; 5120 int rc; 5121 5122 fd = fopen(DATA,"w"); 5123 if(fd == NULL) 5124 exit(1); 5125 5126#if defined (_PATH_MAILDIR) 5127 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 5128 exit(1); 5129#elif defined (MAILDIR) 5130 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 5131 exit(1); 5132#elif defined (_PATH_MAIL) 5133 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 5134 exit(1); 5135#else 5136 exit (2); 5137#endif 5138 5139 exit(0); 5140 ]])], 5141 [ 5142 maildir_what=`awk -F: '{print $1}' conftest.maildir` 5143 maildir=`awk -F: '{print $2}' conftest.maildir \ 5144 | sed 's|/$||'` 5145 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 5146 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 5147 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5148 fi 5149 ], 5150 [ 5151 if test "X$ac_status" = "X2";then 5152# our test program didn't find it. Default to /var/spool/mail 5153 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5154 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5155 else 5156 AC_MSG_RESULT([*** not found ***]) 5157 fi 5158 ], 5159 [ 5160 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5161 ] 5162 ) 5163 fi 5164 ] 5165) # maildir 5166 5167if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5168 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5169 disable_ptmx_check=yes 5170fi 5171if test -z "$no_dev_ptmx" ; then 5172 if test "x$disable_ptmx_check" != "xyes" ; then 5173 AC_CHECK_FILE(["/dev/ptmx"], 5174 [ 5175 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5176 [Define if you have /dev/ptmx]) 5177 have_dev_ptmx=1 5178 ] 5179 ) 5180 fi 5181fi 5182 5183if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5184 AC_CHECK_FILE(["/dev/ptc"], 5185 [ 5186 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5187 [Define if you have /dev/ptc]) 5188 have_dev_ptc=1 5189 ] 5190 ) 5191else 5192 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5193fi 5194 5195# Options from here on. Some of these are preset by platform above 5196AC_ARG_WITH([mantype], 5197 [ --with-mantype=man|cat|doc Set man page type], 5198 [ 5199 case "$withval" in 5200 man|cat|doc) 5201 MANTYPE=$withval 5202 ;; 5203 *) 5204 AC_MSG_ERROR([invalid man type: $withval]) 5205 ;; 5206 esac 5207 ] 5208) 5209if test -z "$MANTYPE"; then 5210 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5211 MANTYPE=doc 5212 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5213 MANTYPE=doc 5214 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5215 MANTYPE=man 5216 else 5217 MANTYPE=cat 5218 fi 5219fi 5220AC_SUBST([MANTYPE]) 5221if test "$MANTYPE" = "doc"; then 5222 mansubdir=man; 5223else 5224 mansubdir=$MANTYPE; 5225fi 5226AC_SUBST([mansubdir]) 5227 5228# Whether to disable shadow password support 5229AC_ARG_WITH([shadow], 5230 [ --without-shadow Disable shadow password support], 5231 [ 5232 if test "x$withval" = "xno" ; then 5233 AC_DEFINE([DISABLE_SHADOW]) 5234 disable_shadow=yes 5235 fi 5236 ] 5237) 5238 5239if test -z "$disable_shadow" ; then 5240 AC_MSG_CHECKING([if the systems has expire shadow information]) 5241 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5242#include <sys/types.h> 5243#include <shadow.h> 5244struct spwd sp; 5245 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5246 [ sp_expire_available=yes ], [ 5247 ]) 5248 5249 if test "x$sp_expire_available" = "xyes" ; then 5250 AC_MSG_RESULT([yes]) 5251 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5252 [Define if you want to use shadow password expire field]) 5253 else 5254 AC_MSG_RESULT([no]) 5255 fi 5256fi 5257 5258# Use ip address instead of hostname in $DISPLAY 5259if test ! -z "$IPADDR_IN_DISPLAY" ; then 5260 DISPLAY_HACK_MSG="yes" 5261 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5262 [Define if you need to use IP address 5263 instead of hostname in $DISPLAY]) 5264else 5265 DISPLAY_HACK_MSG="no" 5266 AC_ARG_WITH([ipaddr-display], 5267 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5268 [ 5269 if test "x$withval" != "xno" ; then 5270 AC_DEFINE([IPADDR_IN_DISPLAY]) 5271 DISPLAY_HACK_MSG="yes" 5272 fi 5273 ] 5274 ) 5275fi 5276 5277# check for /etc/default/login and use it if present. 5278AC_ARG_ENABLE([etc-default-login], 5279 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5280 [ if test "x$enableval" = "xno"; then 5281 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5282 etc_default_login=no 5283 else 5284 etc_default_login=yes 5285 fi ], 5286 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5287 then 5288 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5289 etc_default_login=no 5290 else 5291 etc_default_login=yes 5292 fi ] 5293) 5294 5295if test "x$etc_default_login" != "xno"; then 5296 AC_CHECK_FILE(["/etc/default/login"], 5297 [ external_path_file=/etc/default/login ]) 5298 if test "x$external_path_file" = "x/etc/default/login"; then 5299 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5300 [Define if your system has /etc/default/login]) 5301 fi 5302fi 5303 5304dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5305if test $ac_cv_func_login_getcapbool = "yes" && \ 5306 test $ac_cv_header_login_cap_h = "yes" ; then 5307 external_path_file=/etc/login.conf 5308fi 5309 5310# Whether to mess with the default path 5311SERVER_PATH_MSG="(default)" 5312AC_ARG_WITH([default-path], 5313 [ --with-default-path= Specify default $PATH environment for server], 5314 [ 5315 if test "x$external_path_file" = "x/etc/login.conf" ; then 5316 AC_MSG_WARN([ 5317--with-default-path=PATH has no effect on this system. 5318Edit /etc/login.conf instead.]) 5319 elif test "x$withval" != "xno" ; then 5320 if test ! -z "$external_path_file" ; then 5321 AC_MSG_WARN([ 5322--with-default-path=PATH will only be used if PATH is not defined in 5323$external_path_file .]) 5324 fi 5325 user_path="$withval" 5326 SERVER_PATH_MSG="$withval" 5327 fi 5328 ], 5329 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5330 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5331 else 5332 if test ! -z "$external_path_file" ; then 5333 AC_MSG_WARN([ 5334If PATH is defined in $external_path_file, ensure the path to scp is included, 5335otherwise scp will not work.]) 5336 fi 5337 AC_RUN_IFELSE( 5338 [AC_LANG_PROGRAM([[ 5339/* find out what STDPATH is */ 5340#include <stdio.h> 5341#include <stdlib.h> 5342#ifdef HAVE_PATHS_H 5343# include <paths.h> 5344#endif 5345#ifndef _PATH_STDPATH 5346# ifdef _PATH_USERPATH /* Irix */ 5347# define _PATH_STDPATH _PATH_USERPATH 5348# else 5349# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5350# endif 5351#endif 5352#include <sys/types.h> 5353#include <sys/stat.h> 5354#include <fcntl.h> 5355#define DATA "conftest.stdpath" 5356 ]], [[ 5357 FILE *fd; 5358 int rc; 5359 5360 fd = fopen(DATA,"w"); 5361 if(fd == NULL) 5362 exit(1); 5363 5364 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5365 exit(1); 5366 5367 exit(0); 5368 ]])], 5369 [ user_path=`cat conftest.stdpath` ], 5370 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5371 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5372 ) 5373# make sure $bindir is in USER_PATH so scp will work 5374 t_bindir="${bindir}" 5375 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5376 t_bindir=`eval echo ${t_bindir}` 5377 case $t_bindir in 5378 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5379 esac 5380 case $t_bindir in 5381 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5382 esac 5383 done 5384 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5385 if test $? -ne 0 ; then 5386 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5387 if test $? -ne 0 ; then 5388 user_path=$user_path:$t_bindir 5389 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5390 fi 5391 fi 5392 fi ] 5393) 5394if test "x$external_path_file" != "x/etc/login.conf" ; then 5395 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5396 AC_SUBST([user_path]) 5397fi 5398 5399# Set superuser path separately to user path 5400AC_ARG_WITH([superuser-path], 5401 [ --with-superuser-path= Specify different path for super-user], 5402 [ 5403 if test -n "$withval" && test "x$withval" != "xno" && \ 5404 test "x${withval}" != "xyes"; then 5405 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5406 [Define if you want a different $PATH 5407 for the superuser]) 5408 superuser_path=$withval 5409 fi 5410 ] 5411) 5412 5413 5414AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5415IPV4_IN6_HACK_MSG="no" 5416AC_ARG_WITH(4in6, 5417 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5418 [ 5419 if test "x$withval" != "xno" ; then 5420 AC_MSG_RESULT([yes]) 5421 AC_DEFINE([IPV4_IN_IPV6], [1], 5422 [Detect IPv4 in IPv6 mapped addresses 5423 and treat as IPv4]) 5424 IPV4_IN6_HACK_MSG="yes" 5425 else 5426 AC_MSG_RESULT([no]) 5427 fi 5428 ], [ 5429 if test "x$inet6_default_4in6" = "xyes"; then 5430 AC_MSG_RESULT([yes (default)]) 5431 AC_DEFINE([IPV4_IN_IPV6]) 5432 IPV4_IN6_HACK_MSG="yes" 5433 else 5434 AC_MSG_RESULT([no (default)]) 5435 fi 5436 ] 5437) 5438 5439# Whether to enable BSD auth support 5440BSD_AUTH_MSG=no 5441AC_ARG_WITH([bsd-auth], 5442 [ --with-bsd-auth Enable BSD auth support], 5443 [ 5444 if test "x$withval" != "xno" ; then 5445 AC_DEFINE([BSD_AUTH], [1], 5446 [Define if you have BSD auth support]) 5447 BSD_AUTH_MSG=yes 5448 fi 5449 ] 5450) 5451 5452# Where to place sshd.pid 5453piddir=/var/run 5454# make sure the directory exists 5455if test ! -d $piddir ; then 5456 piddir=`eval echo ${sysconfdir}` 5457 case $piddir in 5458 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5459 esac 5460fi 5461 5462AC_ARG_WITH([pid-dir], 5463 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5464 [ 5465 if test -n "$withval" && test "x$withval" != "xno" && \ 5466 test "x${withval}" != "xyes"; then 5467 piddir=$withval 5468 if test ! -d $piddir ; then 5469 AC_MSG_WARN([** no $piddir directory on this system **]) 5470 fi 5471 fi 5472 ] 5473) 5474 5475AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5476 [Specify location of ssh.pid]) 5477AC_SUBST([piddir]) 5478 5479 5480AC_ARG_ENABLE([fd-passing], 5481 [ --disable-fd-passing disable file descriptor passsing [no]], 5482 [ 5483 if test "x$enableval" = "xno" ; then 5484 AC_DEFINE([DISABLE_FD_PASSING]) 5485 fi 5486 ] 5487) 5488 5489dnl allow user to disable some login recording features 5490AC_ARG_ENABLE([lastlog], 5491 [ --disable-lastlog disable use of lastlog even if detected [no]], 5492 [ 5493 if test "x$enableval" = "xno" ; then 5494 AC_DEFINE([DISABLE_LASTLOG]) 5495 fi 5496 ] 5497) 5498AC_ARG_ENABLE([utmp], 5499 [ --disable-utmp disable use of utmp even if detected [no]], 5500 [ 5501 if test "x$enableval" = "xno" ; then 5502 AC_DEFINE([DISABLE_UTMP]) 5503 fi 5504 ] 5505) 5506AC_ARG_ENABLE([utmpx], 5507 [ --disable-utmpx disable use of utmpx even if detected [no]], 5508 [ 5509 if test "x$enableval" = "xno" ; then 5510 AC_DEFINE([DISABLE_UTMPX], [1], 5511 [Define if you don't want to use utmpx]) 5512 fi 5513 ] 5514) 5515AC_ARG_ENABLE([wtmp], 5516 [ --disable-wtmp disable use of wtmp even if detected [no]], 5517 [ 5518 if test "x$enableval" = "xno" ; then 5519 AC_DEFINE([DISABLE_WTMP]) 5520 fi 5521 ] 5522) 5523AC_ARG_ENABLE([wtmpx], 5524 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5525 [ 5526 if test "x$enableval" = "xno" ; then 5527 AC_DEFINE([DISABLE_WTMPX], [1], 5528 [Define if you don't want to use wtmpx]) 5529 fi 5530 ] 5531) 5532AC_ARG_ENABLE([libutil], 5533 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5534 [ 5535 if test "x$enableval" = "xno" ; then 5536 AC_DEFINE([DISABLE_LOGIN]) 5537 fi 5538 ] 5539) 5540AC_ARG_ENABLE([pututline], 5541 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5542 [ 5543 if test "x$enableval" = "xno" ; then 5544 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5545 [Define if you don't want to use pututline() 5546 etc. to write [uw]tmp]) 5547 fi 5548 ] 5549) 5550AC_ARG_ENABLE([pututxline], 5551 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5552 [ 5553 if test "x$enableval" = "xno" ; then 5554 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5555 [Define if you don't want to use pututxline() 5556 etc. to write [uw]tmpx]) 5557 fi 5558 ] 5559) 5560AC_ARG_WITH([lastlog], 5561 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5562 [ 5563 if test "x$withval" = "xno" ; then 5564 AC_DEFINE([DISABLE_LASTLOG]) 5565 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5566 conf_lastlog_location=$withval 5567 fi 5568 ] 5569) 5570 5571dnl lastlog, [uw]tmpx? detection 5572dnl NOTE: set the paths in the platform section to avoid the 5573dnl need for command-line parameters 5574dnl lastlog and [uw]tmp are subject to a file search if all else fails 5575 5576dnl lastlog detection 5577dnl NOTE: the code itself will detect if lastlog is a directory 5578AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5579AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5580#include <sys/types.h> 5581#include <utmp.h> 5582#ifdef HAVE_LASTLOG_H 5583# include <lastlog.h> 5584#endif 5585#ifdef HAVE_PATHS_H 5586# include <paths.h> 5587#endif 5588#ifdef HAVE_LOGIN_H 5589# include <login.h> 5590#endif 5591 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5592 [ AC_MSG_RESULT([yes]) ], 5593 [ 5594 AC_MSG_RESULT([no]) 5595 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5596 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5597#include <sys/types.h> 5598#include <utmp.h> 5599#ifdef HAVE_LASTLOG_H 5600# include <lastlog.h> 5601#endif 5602#ifdef HAVE_PATHS_H 5603# include <paths.h> 5604#endif 5605 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5606 [ AC_MSG_RESULT([yes]) ], 5607 [ 5608 AC_MSG_RESULT([no]) 5609 system_lastlog_path=no 5610 ]) 5611]) 5612 5613if test -z "$conf_lastlog_location"; then 5614 if test x"$system_lastlog_path" = x"no" ; then 5615 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5616 if (test -d "$f" || test -f "$f") ; then 5617 conf_lastlog_location=$f 5618 fi 5619 done 5620 if test -z "$conf_lastlog_location"; then 5621 AC_MSG_WARN([** Cannot find lastlog **]) 5622 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5623 fi 5624 fi 5625fi 5626 5627if test -n "$conf_lastlog_location"; then 5628 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5629 [Define if you want to specify the path to your lastlog file]) 5630fi 5631 5632dnl utmp detection 5633AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5634AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5635#include <sys/types.h> 5636#include <utmp.h> 5637#ifdef HAVE_PATHS_H 5638# include <paths.h> 5639#endif 5640 ]], [[ char *utmp = UTMP_FILE; ]])], 5641 [ AC_MSG_RESULT([yes]) ], 5642 [ AC_MSG_RESULT([no]) 5643 system_utmp_path=no 5644]) 5645if test -z "$conf_utmp_location"; then 5646 if test x"$system_utmp_path" = x"no" ; then 5647 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5648 if test -f $f ; then 5649 conf_utmp_location=$f 5650 fi 5651 done 5652 if test -z "$conf_utmp_location"; then 5653 AC_DEFINE([DISABLE_UTMP]) 5654 fi 5655 fi 5656fi 5657if test -n "$conf_utmp_location"; then 5658 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5659 [Define if you want to specify the path to your utmp file]) 5660fi 5661 5662dnl wtmp detection 5663AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5664AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5665#include <sys/types.h> 5666#include <utmp.h> 5667#ifdef HAVE_PATHS_H 5668# include <paths.h> 5669#endif 5670 ]], [[ char *wtmp = WTMP_FILE; ]])], 5671 [ AC_MSG_RESULT([yes]) ], 5672 [ AC_MSG_RESULT([no]) 5673 system_wtmp_path=no 5674]) 5675if test -z "$conf_wtmp_location"; then 5676 if test x"$system_wtmp_path" = x"no" ; then 5677 for f in /usr/adm/wtmp /var/log/wtmp; do 5678 if test -f $f ; then 5679 conf_wtmp_location=$f 5680 fi 5681 done 5682 if test -z "$conf_wtmp_location"; then 5683 AC_DEFINE([DISABLE_WTMP]) 5684 fi 5685 fi 5686fi 5687if test -n "$conf_wtmp_location"; then 5688 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5689 [Define if you want to specify the path to your wtmp file]) 5690fi 5691 5692dnl wtmpx detection 5693AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5694AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5695#include <sys/types.h> 5696#include <utmp.h> 5697#ifdef HAVE_UTMPX_H 5698#include <utmpx.h> 5699#endif 5700#ifdef HAVE_PATHS_H 5701# include <paths.h> 5702#endif 5703 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5704 [ AC_MSG_RESULT([yes]) ], 5705 [ AC_MSG_RESULT([no]) 5706 system_wtmpx_path=no 5707]) 5708if test -z "$conf_wtmpx_location"; then 5709 if test x"$system_wtmpx_path" = x"no" ; then 5710 AC_DEFINE([DISABLE_WTMPX]) 5711 fi 5712else 5713 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5714 [Define if you want to specify the path to your wtmpx file]) 5715fi 5716 5717 5718if test ! -z "$blibpath" ; then 5719 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5720 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5721fi 5722 5723AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5724 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5725 AC_DEFINE([DISABLE_LASTLOG]) 5726 fi 5727 ], [ 5728#ifdef HAVE_SYS_TYPES_H 5729#include <sys/types.h> 5730#endif 5731#ifdef HAVE_UTMP_H 5732#include <utmp.h> 5733#endif 5734#ifdef HAVE_UTMPX_H 5735#include <utmpx.h> 5736#endif 5737#ifdef HAVE_LASTLOG_H 5738#include <lastlog.h> 5739#endif 5740 ]) 5741 5742AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5743 AC_DEFINE([DISABLE_UTMP]) 5744 AC_DEFINE([DISABLE_WTMP]) 5745 ], [ 5746#ifdef HAVE_SYS_TYPES_H 5747#include <sys/types.h> 5748#endif 5749#ifdef HAVE_UTMP_H 5750#include <utmp.h> 5751#endif 5752#ifdef HAVE_UTMPX_H 5753#include <utmpx.h> 5754#endif 5755#ifdef HAVE_LASTLOG_H 5756#include <lastlog.h> 5757#endif 5758 ]) 5759 5760dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5761dnl Add now. 5762CFLAGS="$CFLAGS $werror_flags" 5763 5764if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5765 TEST_SSH_IPV6=no 5766else 5767 TEST_SSH_IPV6=yes 5768fi 5769AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5770AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5771AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5772AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5773AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5774AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5775 5776# Binaries for interop tests. 5777AC_PATH_PROG([PLINK], [plink]) 5778AC_PATH_PROG([PUTTYGEN], [puttygen]) 5779AC_PATH_PROG([CONCH], [conch]) 5780AC_PATH_PROG([DROPBEAR], [dropbear]) 5781AC_PATH_PROG([DBCLIENT], [dbclient]) 5782AC_PATH_PROG([DROPBEARKEY], [dropbearkey]) 5783AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert]) 5784 5785CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5786LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5787 5788# Make a copy of CFLAGS/LDFLAGS without PIE options. 5789LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/^-pie //;s/ -pie//g'` 5790CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/^-fPIE //;s/ -fPIE//g'` 5791AC_SUBST([LDFLAGS_NOPIE]) 5792AC_SUBST([CFLAGS_NOPIE]) 5793 5794AC_EXEEXT 5795AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5796 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5797 survey.sh]) 5798AC_OUTPUT 5799 5800# Print summary of options 5801 5802# Someone please show me a better way :) 5803A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5804B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5805C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5806D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5807E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5808F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5809G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5810H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5811I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5812J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5813 5814echo "" 5815echo "OpenSSH has been configured with the following options:" 5816echo " User binaries: $B" 5817echo " System binaries: $C" 5818echo " Configuration files: $D" 5819echo " Askpass program: $E" 5820echo " Manual pages: $F" 5821echo " PID file: $G" 5822echo " Privilege separation chroot path: $H" 5823if test "x$external_path_file" = "x/etc/login.conf" ; then 5824echo " At runtime, sshd will use the path defined in $external_path_file" 5825echo " Make sure the path to scp is present, otherwise scp will not work" 5826else 5827echo " sshd default user PATH: $I" 5828 if test ! -z "$external_path_file"; then 5829echo " (If PATH is set in $external_path_file it will be used instead. If" 5830echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5831 fi 5832fi 5833if test ! -z "$superuser_path" ; then 5834echo " sshd superuser user PATH: $J" 5835fi 5836echo " Manpage format: $MANTYPE" 5837echo " PAM support: $PAM_MSG" 5838echo " OSF SIA support: $SIA_MSG" 5839echo " KerberosV support: $KRB5_MSG" 5840echo " SELinux support: $SELINUX_MSG" 5841echo " TCP Wrappers support: $TCPW_MSG" 5842echo " libedit support: $LIBEDIT_MSG" 5843echo " libldns support: $LDNS_MSG" 5844echo " Solaris process contract support: $SPC_MSG" 5845echo " Solaris project support: $SP_MSG" 5846echo " Solaris privilege support: $SPP_MSG" 5847echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5848echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5849echo " BSD Auth support: $BSD_AUTH_MSG" 5850echo " Random number source: $RAND_MSG" 5851echo " Privsep sandbox style: $SANDBOX_STYLE" 5852echo " PKCS#11 support: $enable_pkcs11" 5853echo " U2F/FIDO support: $enable_sk" 5854 5855echo "" 5856 5857echo " Host: ${host}" 5858echo " Compiler: ${CC}" 5859echo " Compiler flags: ${CFLAGS}" 5860echo "Preprocessor flags: ${CPPFLAGS}" 5861echo " Linker flags: ${LDFLAGS}" 5862echo " Libraries: ${LIBS}" 5863if test ! -z "${CHANNELLIBS}"; then 5864echo " +for channels: ${CHANNELLIBS}" 5865fi 5866if test ! -z "${LIBFIDO2}"; then 5867echo " +for FIDO2: ${LIBFIDO2}" 5868fi 5869if test ! -z "${SSHDLIBS}"; then 5870echo " +for sshd: ${SSHDLIBS}" 5871fi 5872 5873echo "" 5874 5875if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5876 echo "SVR4 style packages are supported with \"make package\"" 5877 echo "" 5878fi 5879 5880if test "x$PAM_MSG" = "xyes" ; then 5881 echo "PAM is enabled. You may need to install a PAM control file " 5882 echo "for sshd, otherwise password authentication may fail. " 5883 echo "Example PAM control files can be found in the contrib/ " 5884 echo "subdirectory" 5885 echo "" 5886fi 5887 5888if test ! -z "$NO_PEERCHECK" ; then 5889 echo "WARNING: the operating system that you are using does not" 5890 echo "appear to support getpeereid(), getpeerucred() or the" 5891 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5892 echo "enforce security checks to prevent unauthorised connections to" 5893 echo "ssh-agent. Their absence increases the risk that a malicious" 5894 echo "user can connect to your agent." 5895 echo "" 5896fi 5897 5898if test "$AUDIT_MODULE" = "bsm" ; then 5899 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5900 echo "See the Solaris section in README.platform for details." 5901fi 5902