1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133openssl_bin=openssl 134AC_ARG_WITH([openssl], 135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 136 [ if test "x$withval" = "xno" ; then 137 openssl=no 138 openssl_bin="" 139 fi 140 ] 141) 142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 143if test "x$openssl" = "xyes" ; then 144 AC_MSG_RESULT([yes]) 145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 146else 147 AC_MSG_RESULT([no]) 148fi 149 150use_stack_protector=1 151use_toolchain_hardening=1 152use_retpoline=1 153AC_ARG_WITH([stackprotect], 154 [ --without-stackprotect Don't use compiler's stack protection], [ 155 if test "x$withval" = "xno"; then 156 use_stack_protector=0 157 fi ]) 158AC_ARG_WITH([hardening], 159 [ --without-hardening Don't use toolchain hardening flags], [ 160 if test "x$withval" = "xno"; then 161 use_toolchain_hardening=0 162 fi ]) 163AC_ARG_WITH([retpoline], 164 [ --without-retpoline Enable retpoline spectre mitigation], [ 165 if test "x$withval" = "xno"; then 166 use_retpoline=0 167 fi ]) 168 169# We use -Werror for the tests only so that we catch warnings like "this is 170# on by default" for things like -fPIE. 171AC_MSG_CHECKING([if $CC supports -Werror]) 172saved_CFLAGS="$CFLAGS" 173CFLAGS="$CFLAGS -Werror" 174AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 175 [ AC_MSG_RESULT([yes]) 176 WERROR="-Werror"], 177 [ AC_MSG_RESULT([no]) 178 WERROR="" ] 179) 180CFLAGS="$saved_CFLAGS" 181 182if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 183 AC_MSG_CHECKING([gcc version]) 184 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 185 case "$GCC_VER" in 186 1.*) no_attrib_nonnull=1 ;; 187 2.8* | 2.9*) 188 no_attrib_nonnull=1 189 ;; 190 2.*) no_attrib_nonnull=1 ;; 191 *) ;; 192 esac 193 AC_MSG_RESULT([$GCC_VER]) 194 195 AC_MSG_CHECKING([clang version]) 196 ver="`$CC -v 2>&1`" 197 if echo "$ver" | grep "Apple" >/dev/null; then 198 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \ 199 $SED 's/.*clang version //g' | $AWK '{print $1}'` 200 else 201 CLANG_VER=`echo "$ver" | grep 'clang version' | \ 202 $SED 's/.*clang version //g' | $AWK '{print $1}'` 203 fi 204 AC_MSG_RESULT([$CLANG_VER]) 205 206 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 209 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 210 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 211 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 212 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 213 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 214 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 215 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 216 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 217 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 218 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 219 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 220 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 221 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 222 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 223 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 224 if test "x$use_toolchain_hardening" = "x1"; then 225 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 226 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 227 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 228 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 229 # NB. -ftrapv expects certain support functions to be present in 230 # the compiler library (libgcc or similar) to detect integer operations 231 # that can overflow. We must check that the result of enabling it 232 # actually links. The test program compiled/linked includes a number 233 # of integer operations that should exercise this. 234 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 235 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 236 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 237 # https://github.com/llvm/llvm-project/issues/59242 238 # clang 17 has a different bug that causes an ICE when using this 239 # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) 240 case "$CLANG_VER" in 241 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 242 17*) ;; 243 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 244 esac 245 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 246 fi 247 if test "x$use_retpoline" = "x1"; then 248 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 249 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 250 fi 251 252 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 253 saved_CFLAGS="$CFLAGS" 254 CFLAGS="$CFLAGS -fno-builtin-memset" 255 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 256 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 257 [ AC_MSG_RESULT([yes]) ], 258 [ AC_MSG_RESULT([no]) 259 CFLAGS="$saved_CFLAGS" ] 260 ) 261 262 # -fstack-protector-all doesn't always work for some GCC versions 263 # and/or platforms, so we test if we can. If it's not supported 264 # on a given platform gcc will emit a warning so we use -Werror. 265 if test "x$use_stack_protector" = "x1"; then 266 for t in -fstack-protector-strong -fstack-protector-all \ 267 -fstack-protector; do 268 AC_MSG_CHECKING([if $CC supports $t]) 269 saved_CFLAGS="$CFLAGS" 270 saved_LDFLAGS="$LDFLAGS" 271 CFLAGS="$CFLAGS $t -Werror" 272 LDFLAGS="$LDFLAGS $t -Werror" 273 AC_LINK_IFELSE( 274 [AC_LANG_PROGRAM([[ 275 #include <stdio.h> 276 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 277 ]], 278 [[ 279 char x[256]; 280 snprintf(x, sizeof(x), "XXX%d", func(1)); 281 ]])], 282 [ AC_MSG_RESULT([yes]) 283 CFLAGS="$saved_CFLAGS $t" 284 LDFLAGS="$saved_LDFLAGS $t" 285 AC_MSG_CHECKING([if $t works]) 286 AC_RUN_IFELSE( 287 [AC_LANG_PROGRAM([[ 288 #include <stdio.h> 289 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 290 ]], 291 [[ 292 char x[256]; 293 snprintf(x, sizeof(x), "XXX%d", func(1)); 294 ]])], 295 [ AC_MSG_RESULT([yes]) 296 break ], 297 [ AC_MSG_RESULT([no]) ], 298 [ AC_MSG_WARN([cross compiling: cannot test]) 299 break ] 300 ) 301 ], 302 [ AC_MSG_RESULT([no]) ] 303 ) 304 CFLAGS="$saved_CFLAGS" 305 LDFLAGS="$saved_LDFLAGS" 306 done 307 fi 308 309 if test -z "$have_llong_max"; then 310 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 311 unset ac_cv_have_decl_LLONG_MAX 312 saved_CFLAGS="$CFLAGS" 313 CFLAGS="$CFLAGS -std=gnu99" 314 AC_CHECK_DECL([LLONG_MAX], 315 [have_llong_max=1], 316 [CFLAGS="$saved_CFLAGS"], 317 [#include <limits.h>] 318 ) 319 fi 320fi 321 322AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 323AC_COMPILE_IFELSE( 324 [AC_LANG_PROGRAM([[ 325#include <stdlib.h> 326__attribute__((__unused__)) static void foo(void){return;}]], 327 [[ exit(0); ]])], 328 [ AC_MSG_RESULT([yes]) ], 329 [ AC_MSG_RESULT([no]) 330 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 331 [compiler does not accept __attribute__ on return types]) ] 332) 333 334AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 335AC_COMPILE_IFELSE( 336 [AC_LANG_PROGRAM([[ 337#include <stdlib.h> 338typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 339 [[ exit(0); ]])], 340 [ AC_MSG_RESULT([yes]) ], 341 [ AC_MSG_RESULT([no]) 342 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 343 [compiler does not accept __attribute__ on prototype args]) ] 344) 345 346AC_MSG_CHECKING([if compiler supports variable length arrays]) 347AC_COMPILE_IFELSE( 348 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 349 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 350 [ AC_MSG_RESULT([yes]) 351 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 352 [compiler supports variable length arrays]) ], 353 [ AC_MSG_RESULT([no]) ] 354) 355 356AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 357AC_COMPILE_IFELSE( 358 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 359 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 360 [ AC_MSG_RESULT([yes]) 361 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 362 [compiler variable declarations after code]) ], 363 [ AC_MSG_RESULT([no]) ] 364) 365 366if test "x$no_attrib_nonnull" != "x1" ; then 367 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 368fi 369 370AC_ARG_WITH([rpath], 371 [ --without-rpath Disable auto-added -R linker paths], 372 [ 373 if test "x$withval" = "xno" ; then 374 rpath_opt="" 375 elif test "x$withval" = "xyes" ; then 376 rpath_opt="-R" 377 else 378 rpath_opt="$withval" 379 fi 380 ] 381) 382 383# Allow user to specify flags 384AC_ARG_WITH([cflags], 385 [ --with-cflags Specify additional flags to pass to compiler], 386 [ 387 if test -n "$withval" && test "x$withval" != "xno" && \ 388 test "x${withval}" != "xyes"; then 389 CFLAGS="$CFLAGS $withval" 390 fi 391 ] 392) 393 394AC_ARG_WITH([cflags-after], 395 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 396 [ 397 if test -n "$withval" && test "x$withval" != "xno" && \ 398 test "x${withval}" != "xyes"; then 399 CFLAGS_AFTER="$withval" 400 fi 401 ] 402) 403AC_ARG_WITH([cppflags], 404 [ --with-cppflags Specify additional flags to pass to preprocessor] , 405 [ 406 if test -n "$withval" && test "x$withval" != "xno" && \ 407 test "x${withval}" != "xyes"; then 408 CPPFLAGS="$CPPFLAGS $withval" 409 fi 410 ] 411) 412AC_ARG_WITH([ldflags], 413 [ --with-ldflags Specify additional flags to pass to linker], 414 [ 415 if test -n "$withval" && test "x$withval" != "xno" && \ 416 test "x${withval}" != "xyes"; then 417 LDFLAGS="$LDFLAGS $withval" 418 fi 419 ] 420) 421AC_ARG_WITH([ldflags-after], 422 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 423 [ 424 if test -n "$withval" && test "x$withval" != "xno" && \ 425 test "x${withval}" != "xyes"; then 426 LDFLAGS_AFTER="$withval" 427 fi 428 ] 429) 430AC_ARG_WITH([libs], 431 [ --with-libs Specify additional libraries to link with], 432 [ 433 if test -n "$withval" && test "x$withval" != "xno" && \ 434 test "x${withval}" != "xyes"; then 435 LIBS="$LIBS $withval" 436 fi 437 ] 438) 439AC_ARG_WITH([Werror], 440 [ --with-Werror Build main code with -Werror], 441 [ 442 if test -n "$withval" && test "x$withval" != "xno"; then 443 werror_flags="-Werror" 444 if test "x${withval}" != "xyes"; then 445 werror_flags="$withval" 446 fi 447 fi 448 ] 449) 450 451dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 452dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 453dnl haven't detected it, recheck. 454if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 455 unset ac_cv_header_sys_stat_h 456 AC_CHECK_HEADERS([sys/stat.h]) 457fi 458 459AC_CHECK_HEADERS([ \ 460 blf.h \ 461 bstring.h \ 462 crypt.h \ 463 crypto/sha2.h \ 464 dirent.h \ 465 endian.h \ 466 elf.h \ 467 err.h \ 468 features.h \ 469 fcntl.h \ 470 floatingpoint.h \ 471 fnmatch.h \ 472 getopt.h \ 473 glob.h \ 474 ia.h \ 475 iaf.h \ 476 ifaddrs.h \ 477 inttypes.h \ 478 langinfo.h \ 479 limits.h \ 480 locale.h \ 481 login.h \ 482 maillock.h \ 483 ndir.h \ 484 net/if_tun.h \ 485 netdb.h \ 486 netgroup.h \ 487 pam/pam_appl.h \ 488 paths.h \ 489 poll.h \ 490 pty.h \ 491 readpassphrase.h \ 492 rpc/types.h \ 493 security/pam_appl.h \ 494 sha2.h \ 495 shadow.h \ 496 stddef.h \ 497 stdint.h \ 498 string.h \ 499 strings.h \ 500 sys/bitypes.h \ 501 sys/byteorder.h \ 502 sys/bsdtty.h \ 503 sys/cdefs.h \ 504 sys/dir.h \ 505 sys/file.h \ 506 sys/mman.h \ 507 sys/label.h \ 508 sys/ndir.h \ 509 sys/param.h \ 510 sys/poll.h \ 511 sys/prctl.h \ 512 sys/procctl.h \ 513 sys/pstat.h \ 514 sys/ptrace.h \ 515 sys/random.h \ 516 sys/select.h \ 517 sys/stream.h \ 518 sys/stropts.h \ 519 sys/strtio.h \ 520 sys/statvfs.h \ 521 sys/sysmacros.h \ 522 sys/time.h \ 523 sys/timers.h \ 524 sys/vfs.h \ 525 time.h \ 526 tmpdir.h \ 527 ttyent.h \ 528 ucred.h \ 529 unistd.h \ 530 usersec.h \ 531 util.h \ 532 utime.h \ 533 utmp.h \ 534 utmpx.h \ 535 vis.h \ 536 wchar.h \ 537]) 538 539# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 540# to be included first. 541AC_CHECK_HEADERS([sys/audit.h], [], [], [ 542#ifdef HAVE_SYS_TIME_H 543# include <sys/time.h> 544#endif 545#ifdef HAVE_SYS_TYPES_H 546# include <sys/types.h> 547#endif 548#ifdef HAVE_SYS_LABEL_H 549# include <sys/label.h> 550#endif 551]) 552 553# sys/capsicum.h requires sys/types.h 554AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 555#ifdef HAVE_SYS_TYPES_H 556# include <sys/types.h> 557#endif 558]) 559 560AC_MSG_CHECKING([for caph_cache_tzdata]) 561AC_LINK_IFELSE( 562 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 563 [[caph_cache_tzdata();]])], 564 [ 565 AC_MSG_RESULT([yes]) 566 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 567 [Define if you have caph_cache_tzdata]) 568 ], 569 [ AC_MSG_RESULT([no]) ] 570) 571 572# net/route.h requires sys/socket.h and sys/types.h. 573# sys/sysctl.h also requires sys/param.h 574AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 575#ifdef HAVE_SYS_TYPES_H 576# include <sys/types.h> 577#endif 578#include <sys/param.h> 579#include <sys/socket.h> 580]) 581 582# lastlog.h requires sys/time.h to be included first on Solaris 583AC_CHECK_HEADERS([lastlog.h], [], [], [ 584#ifdef HAVE_SYS_TIME_H 585# include <sys/time.h> 586#endif 587]) 588 589# sys/ptms.h requires sys/stream.h to be included first on Solaris 590AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 591#ifdef HAVE_SYS_STREAM_H 592# include <sys/stream.h> 593#endif 594]) 595 596# login_cap.h requires sys/types.h on NetBSD 597AC_CHECK_HEADERS([login_cap.h], [], [], [ 598#include <sys/types.h> 599]) 600 601# older BSDs need sys/param.h before sys/mount.h 602AC_CHECK_HEADERS([sys/mount.h], [], [], [ 603#include <sys/param.h> 604]) 605 606# Android requires sys/socket.h to be included before sys/un.h 607AC_CHECK_HEADERS([sys/un.h], [], [], [ 608#include <sys/types.h> 609#include <sys/socket.h> 610]) 611 612# Messages for features tested for in target-specific section 613SIA_MSG="no" 614SPC_MSG="no" 615SP_MSG="no" 616SPP_MSG="no" 617 618# Support for Solaris/Illumos privileges (this test is used by both 619# the --with-solaris-privs option and --with-sandbox=solaris). 620SOLARIS_PRIVS="no" 621 622# Check for some target-specific stuff 623case "$host" in 624*-*-aix*) 625 # Some versions of VAC won't allow macro redefinitions at 626 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 627 # particularly with older versions of vac or xlc. 628 # It also throws errors about null macro arguments, but these are 629 # not fatal. 630 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 631 AC_COMPILE_IFELSE( 632 [AC_LANG_PROGRAM([[ 633#define testmacro foo 634#define testmacro bar]], 635 [[ exit(0); ]])], 636 [ AC_MSG_RESULT([yes]) ], 637 [ AC_MSG_RESULT([no]) 638 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 639 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 640 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 641 ] 642 ) 643 644 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 645 if (test -z "$blibpath"); then 646 blibpath="/usr/lib:/lib" 647 fi 648 saved_LDFLAGS="$LDFLAGS" 649 if test "$GCC" = "yes"; then 650 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 651 else 652 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 653 fi 654 for tryflags in $flags ;do 655 if (test -z "$blibflags"); then 656 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 657 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 658 [blibflags=$tryflags], []) 659 fi 660 done 661 if (test -z "$blibflags"); then 662 AC_MSG_RESULT([not found]) 663 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 664 else 665 AC_MSG_RESULT([$blibflags]) 666 fi 667 LDFLAGS="$saved_LDFLAGS" 668 dnl Check for authenticate. Might be in libs.a on older AIXes 669 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 670 [Define if you want to enable AIX4's authenticate function])], 671 [AC_CHECK_LIB([s], [authenticate], 672 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 673 LIBS="$LIBS -ls" 674 ]) 675 ]) 676 dnl Check for various auth function declarations in headers. 677 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 678 passwdexpired, setauthdb], , , [#include <usersec.h>]) 679 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 680 AC_CHECK_DECLS([loginfailed], 681 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 682 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 683 [[ (void)loginfailed("user","host","tty",0); ]])], 684 [AC_MSG_RESULT([yes]) 685 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 686 [Define if your AIX loginfailed() function 687 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 688 ])], 689 [], 690 [#include <usersec.h>] 691 ) 692 AC_CHECK_FUNCS([getgrset setauthdb]) 693 AC_CHECK_DECL([F_CLOSEM], 694 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 695 [], 696 [ #include <limits.h> 697 #include <fcntl.h> ] 698 ) 699 check_for_aix_broken_getaddrinfo=1 700 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 701 [Define if your platform breaks doing a seteuid before a setuid]) 702 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 703 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 704 dnl AIX handles lastlog as part of its login message 705 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 706 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 707 [Some systems need a utmpx entry for /bin/login to work]) 708 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 709 [Define to a Set Process Title type if your system is 710 supported by bsd-setproctitle.c]) 711 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 712 [AIX 5.2 and 5.3 (and presumably newer) require this]) 713 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 714 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 715 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 716 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 717 ;; 718*-*-android*) 719 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 720 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 721 ;; 722*-*-cygwin*) 723 LIBS="$LIBS /usr/lib/textreadmode.o" 724 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 725 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 726 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 727 [Define to disable UID restoration test]) 728 AC_DEFINE([DISABLE_SHADOW], [1], 729 [Define if you want to disable shadow passwords]) 730 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 731 [Define if X11 doesn't support AF_UNIX sockets on that system]) 732 AC_DEFINE([DISABLE_FD_PASSING], [1], 733 [Define if your platform needs to skip post auth 734 file descriptor passing]) 735 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 736 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 737 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 738 # reasons which cause compile warnings, so we disable those warnings. 739 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 740 ;; 741*-*-dgux*) 742 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 743 [Define if your system choked on IP TOS setting]) 744 AC_DEFINE([SETEUID_BREAKS_SETUID]) 745 AC_DEFINE([BROKEN_SETREUID]) 746 AC_DEFINE([BROKEN_SETREGID]) 747 ;; 748*-*-darwin*) 749 use_pie=auto 750 AC_MSG_CHECKING([if we have working getaddrinfo]) 751 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 752#include <mach-o/dyld.h> 753#include <stdlib.h> 754int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 755 exit(0); 756 else 757 exit(1); 758} 759 ]])], 760 [AC_MSG_RESULT([working])], 761 [AC_MSG_RESULT([buggy]) 762 AC_DEFINE([BROKEN_GETADDRINFO], [1], 763 [getaddrinfo is broken (if present)]) 764 ], 765 [AC_MSG_RESULT([assume it is working])]) 766 AC_DEFINE([SETEUID_BREAKS_SETUID]) 767 AC_DEFINE([BROKEN_SETREUID]) 768 AC_DEFINE([BROKEN_SETREGID]) 769 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 770 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 771 [Define if your resolver libs need this for getrrsetbyname]) 772 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 773 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 774 [Use tunnel device compatibility to OpenBSD]) 775 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 776 [Prepend the address family to IP tunnel traffic]) 777 m4_pattern_allow([AU_IPv]) 778 AC_CHECK_DECL([AU_IPv4], [], 779 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 780 [#include <bsm/audit.h>] 781 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 782 [Define if pututxline updates lastlog too]) 783 ) 784 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 785 [Define to a Set Process Title type if your system is 786 supported by bsd-setproctitle.c]) 787 AC_CHECK_FUNCS([sandbox_init]) 788 AC_CHECK_HEADERS([sandbox.h]) 789 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 790 SSHDLIBS="$SSHDLIBS -lsandbox" 791 ]) 792 # proc_pidinfo()-based closefrom() replacement. 793 AC_CHECK_HEADERS([libproc.h]) 794 AC_CHECK_FUNCS([proc_pidinfo]) 795 # poll(2) is broken for character-special devices (at least). 796 # cf. Apple bug 3710161 (not public, but searchable) 797 AC_DEFINE([BROKEN_POLL], [1], 798 [System poll(2) implementation is broken]) 799 ;; 800*-*-dragonfly*) 801 SSHDLIBS="$SSHDLIBS" 802 TEST_MALLOC_OPTIONS="AFGJPRX" 803 ;; 804*-*-haiku*) 805 LIBS="$LIBS -lbsd " 806 CFLAGS="$CFLAGS -D_BSD_SOURCE" 807 AC_CHECK_LIB([network], [socket]) 808 AC_DEFINE([HAVE_U_INT64_T]) 809 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 810 MANTYPE=man 811 ;; 812*-*-hpux*) 813 # first we define all of the options common to all HP-UX releases 814 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 815 IPADDR_IN_DISPLAY=yes 816 AC_DEFINE([USE_PIPES]) 817 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 818 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 819 [String used in /etc/passwd to denote locked account]) 820 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 821 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 822 maildir="/var/mail" 823 LIBS="$LIBS -lsec" 824 AC_CHECK_LIB([xnet], [t_error], , 825 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 826 827 # next, we define all of the options specific to major releases 828 case "$host" in 829 *-*-hpux10*) 830 if test -z "$GCC"; then 831 CFLAGS="$CFLAGS -Ae" 832 fi 833 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 834 ;; 835 *-*-hpux11*) 836 AC_DEFINE([PAM_SUN_CODEBASE], [1], 837 [Define if you are using Solaris-derived PAM which 838 passes pam_messages to the conversation function 839 with an extra level of indirection]) 840 AC_DEFINE([DISABLE_UTMP], [1], 841 [Define if you don't want to use utmp]) 842 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 843 check_for_hpux_broken_getaddrinfo=1 844 check_for_conflicting_getspnam=1 845 ;; 846 esac 847 848 # lastly, we define options specific to minor releases 849 case "$host" in 850 *-*-hpux10.26) 851 AC_DEFINE([HAVE_SECUREWARE], [1], 852 [Define if you have SecureWare-based 853 protected password database]) 854 disable_ptmx_check=yes 855 LIBS="$LIBS -lsecpw" 856 ;; 857 esac 858 ;; 859*-*-irix5*) 860 PATH="$PATH:/usr/etc" 861 AC_DEFINE([BROKEN_INET_NTOA], [1], 862 [Define if you system's inet_ntoa is busted 863 (e.g. Irix gcc issue)]) 864 AC_DEFINE([SETEUID_BREAKS_SETUID]) 865 AC_DEFINE([BROKEN_SETREUID]) 866 AC_DEFINE([BROKEN_SETREGID]) 867 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 868 [Define if you shouldn't strip 'tty' from your 869 ttyname in [uw]tmp]) 870 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 871 ;; 872*-*-irix6*) 873 PATH="$PATH:/usr/etc" 874 AC_DEFINE([WITH_IRIX_ARRAY], [1], 875 [Define if you have/want arrays 876 (cluster-wide session management, not C arrays)]) 877 AC_DEFINE([WITH_IRIX_PROJECT], [1], 878 [Define if you want IRIX project management]) 879 AC_DEFINE([WITH_IRIX_AUDIT], [1], 880 [Define if you want IRIX audit trails]) 881 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 882 [Define if you want IRIX kernel jobs])]) 883 AC_DEFINE([BROKEN_INET_NTOA]) 884 AC_DEFINE([SETEUID_BREAKS_SETUID]) 885 AC_DEFINE([BROKEN_SETREUID]) 886 AC_DEFINE([BROKEN_SETREGID]) 887 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 888 AC_DEFINE([WITH_ABBREV_NO_TTY]) 889 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 890 ;; 891*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 892 AC_DEFINE([PAM_TTY_KLUDGE]) 893 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 894 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 895 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 896 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 897 ;; 898*-*-linux*) 899 no_dev_ptmx=1 900 use_pie=auto 901 check_for_openpty_ctty_bug=1 902 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 903 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 904 dnl _GNU_SOURCE is needed for setres*id prototypes. 905 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 906 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 907 AC_DEFINE([PAM_TTY_KLUDGE], [1], 908 [Work around problematic Linux PAM modules handling of PAM_TTY]) 909 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 910 [String used in /etc/passwd to denote locked account]) 911 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 912 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 913 [Define to whatever link() returns for "not supported" 914 if it doesn't return EOPNOTSUPP.]) 915 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 916 AC_DEFINE([USE_BTMP]) 917 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 918 AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload]) 919 inet6_default_4in6=yes 920 case `uname -r` in 921 1.*|2.0.*) 922 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 923 [Define if cmsg_type is not passed correctly]) 924 ;; 925 esac 926 # tun(4) forwarding compat code 927 AC_CHECK_HEADERS([linux/if_tun.h]) 928 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 929 AC_DEFINE([SSH_TUN_LINUX], [1], 930 [Open tunnel devices the Linux tun/tap way]) 931 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 932 [Use tunnel device compatibility to OpenBSD]) 933 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 934 [Prepend the address family to IP tunnel traffic]) 935 fi 936 AC_CHECK_HEADER([linux/if.h], 937 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 938 [Support routing domains using Linux VRF]), [], [ 939#ifdef HAVE_SYS_TYPES_H 940# include <sys/types.h> 941#endif 942 ]) 943 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 944 [], [#include <linux/types.h>]) 945 # Obtain MIPS ABI 946 case "$host" in 947 mips*) 948 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 949#if _MIPS_SIM != _ABIO32 950#error 951#endif 952 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 953#if _MIPS_SIM != _ABIN32 954#error 955#endif 956 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 957#if _MIPS_SIM != _ABI64 958#error 959#endif 960 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 961 ]) 962 ]) 963 ]) 964 ;; 965 esac 966 AC_MSG_CHECKING([for seccomp architecture]) 967 seccomp_audit_arch= 968 case "$host" in 969 x86_64-*) 970 seccomp_audit_arch=AUDIT_ARCH_X86_64 971 ;; 972 i*86-*) 973 seccomp_audit_arch=AUDIT_ARCH_I386 974 ;; 975 arm*-*) 976 seccomp_audit_arch=AUDIT_ARCH_ARM 977 ;; 978 aarch64*-*) 979 seccomp_audit_arch=AUDIT_ARCH_AARCH64 980 ;; 981 s390x-*) 982 seccomp_audit_arch=AUDIT_ARCH_S390X 983 ;; 984 s390-*) 985 seccomp_audit_arch=AUDIT_ARCH_S390 986 ;; 987 powerpc-*) 988 seccomp_audit_arch=AUDIT_ARCH_PPC 989 ;; 990 powerpc64-*) 991 seccomp_audit_arch=AUDIT_ARCH_PPC64 992 ;; 993 powerpc64le-*) 994 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 995 ;; 996 mips-*) 997 seccomp_audit_arch=AUDIT_ARCH_MIPS 998 ;; 999 mipsel-*) 1000 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 1001 ;; 1002 mips64-*) 1003 case "$mips_abi" in 1004 "n32") 1005 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 1006 ;; 1007 "n64") 1008 seccomp_audit_arch=AUDIT_ARCH_MIPS64 1009 ;; 1010 esac 1011 ;; 1012 mips64el-*) 1013 case "$mips_abi" in 1014 "n32") 1015 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 1016 ;; 1017 "n64") 1018 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1019 ;; 1020 esac 1021 ;; 1022 riscv64-*) 1023 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1024 ;; 1025 esac 1026 if test "x$seccomp_audit_arch" != "x" ; then 1027 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1028 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1029 [Specify the system call convention in use]) 1030 else 1031 AC_MSG_RESULT([architecture not supported]) 1032 fi 1033 ;; 1034*-*-minix) 1035 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1036 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1037 AC_DEFINE([BROKEN_POLL], [1], 1038 [System poll(2) implementation is broken]) 1039 ;; 1040mips-sony-bsd|mips-sony-newsos4) 1041 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1042 SONY=1 1043 ;; 1044*-*-netbsd*) 1045 if test "x$withval" != "xno" ; then 1046 rpath_opt="-R" 1047 fi 1048 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1049 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1050 AC_CHECK_HEADER([net/if_tap.h], , 1051 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1052 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1053 [Prepend the address family to IP tunnel traffic]) 1054 TEST_MALLOC_OPTIONS="AJRX" 1055 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1056 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1057 ;; 1058*-*-freebsd*) 1059 SKIP_DISABLE_LASTLOG_DEFINE=yes 1060 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1061 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1062 AC_CHECK_HEADER([net/if_tap.h], , 1063 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1064 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1065 TEST_MALLOC_OPTIONS="AJRX" 1066 # Preauth crypto occasionally uses file descriptors for crypto offload 1067 # and will crash if they cannot be opened. 1068 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1069 [define if setrlimit RLIMIT_NOFILE breaks things]) 1070 case "$host" in 1071 *-*-freebsd9.*|*-*-freebsd10.*) 1072 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1073 disable_capsicum=yes 1074 esac 1075 ;; 1076*-*-bsdi*) 1077 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1078 AC_DEFINE([BROKEN_SETREUID]) 1079 AC_DEFINE([BROKEN_SETREGID]) 1080 ;; 1081*-next-*) 1082 conf_lastlog_location="/usr/adm/lastlog" 1083 conf_utmp_location=/etc/utmp 1084 conf_wtmp_location=/usr/adm/wtmp 1085 maildir=/usr/spool/mail 1086 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1087 AC_DEFINE([USE_PIPES]) 1088 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1089 ;; 1090*-*-openbsd*) 1091 use_pie=auto 1092 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1093 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1094 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1095 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1096 [syslog_r function is safe to use in in a signal handler]) 1097 TEST_MALLOC_OPTIONS="SJRU" 1098 ;; 1099*-*-solaris*) 1100 if test "x$withval" != "xno" ; then 1101 rpath_opt="-R" 1102 fi 1103 AC_DEFINE([PAM_SUN_CODEBASE]) 1104 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1105 AC_DEFINE([PAM_TTY_KLUDGE]) 1106 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1107 [Define if pam_chauthtok wants real uid set 1108 to the unpriv'ed user]) 1109 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1110 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1111 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1112 [Define if sshd somehow reacquires a controlling TTY 1113 after setsid()]) 1114 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1115 in case the name is longer than 8 chars]) 1116 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1117 external_path_file=/etc/default/login 1118 # hardwire lastlog location (can't detect it on some versions) 1119 conf_lastlog_location="/var/adm/lastlog" 1120 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1121 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1122 if test "$sol2ver" -ge 8; then 1123 AC_MSG_RESULT([yes]) 1124 AC_DEFINE([DISABLE_UTMP]) 1125 AC_DEFINE([DISABLE_WTMP], [1], 1126 [Define if you don't want to use wtmp]) 1127 else 1128 AC_MSG_RESULT([no]) 1129 fi 1130 AC_CHECK_FUNCS([setpflags]) 1131 AC_CHECK_FUNCS([setppriv]) 1132 AC_CHECK_FUNCS([priv_basicset]) 1133 AC_CHECK_HEADERS([priv.h]) 1134 AC_ARG_WITH([solaris-contracts], 1135 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1136 [ 1137 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1138 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1139 [Define if you have Solaris process contracts]) 1140 LIBS="$LIBS -lcontract" 1141 SPC_MSG="yes" ], ) 1142 ], 1143 ) 1144 AC_ARG_WITH([solaris-projects], 1145 [ --with-solaris-projects Enable Solaris projects (experimental)], 1146 [ 1147 AC_CHECK_LIB([project], [setproject], 1148 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1149 [Define if you have Solaris projects]) 1150 LIBS="$LIBS -lproject" 1151 SP_MSG="yes" ], ) 1152 ], 1153 ) 1154 AC_ARG_WITH([solaris-privs], 1155 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1156 [ 1157 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1158 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1159 "x$ac_cv_header_priv_h" = "xyes" ; then 1160 SOLARIS_PRIVS=yes 1161 AC_MSG_RESULT([found]) 1162 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1163 [Define to disable UID restoration test]) 1164 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1165 [Define if you have Solaris privileges]) 1166 SPP_MSG="yes" 1167 else 1168 AC_MSG_RESULT([not found]) 1169 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1170 fi 1171 ], 1172 ) 1173 TEST_SHELL=$SHELL # let configure find us a capable shell 1174 ;; 1175*-*-sunos4*) 1176 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1177 AC_CHECK_FUNCS([getpwanam]) 1178 AC_DEFINE([PAM_SUN_CODEBASE]) 1179 conf_utmp_location=/etc/utmp 1180 conf_wtmp_location=/var/adm/wtmp 1181 conf_lastlog_location=/var/adm/lastlog 1182 AC_DEFINE([USE_PIPES]) 1183 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1184 ;; 1185*-ncr-sysv*) 1186 LIBS="$LIBS -lc89" 1187 AC_DEFINE([USE_PIPES]) 1188 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1189 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1190 AC_DEFINE([BROKEN_SETREUID]) 1191 AC_DEFINE([BROKEN_SETREGID]) 1192 ;; 1193*-sni-sysv*) 1194 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1195 AC_CHECK_LIB([dl], [dlsym], ,) 1196 # -lresolv needs to be at the end of LIBS or DNS lookups break 1197 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1198 IPADDR_IN_DISPLAY=yes 1199 AC_DEFINE([USE_PIPES]) 1200 AC_DEFINE([IP_TOS_IS_BROKEN]) 1201 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1202 AC_DEFINE([BROKEN_SETREUID]) 1203 AC_DEFINE([BROKEN_SETREGID]) 1204 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1205 external_path_file=/etc/default/login 1206 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1207 # Attention: always take care to bind libsocket and libnsl before libc, 1208 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1209 ;; 1210# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1211*-*-sysv4.2*) 1212 AC_DEFINE([USE_PIPES]) 1213 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1214 AC_DEFINE([BROKEN_SETREUID]) 1215 AC_DEFINE([BROKEN_SETREGID]) 1216 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1217 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1218 TEST_SHELL=$SHELL # let configure find us a capable shell 1219 ;; 1220# UnixWare 7.x, OpenUNIX 8 1221*-*-sysv5*) 1222 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1223 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1224 AC_DEFINE([USE_PIPES]) 1225 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1226 AC_DEFINE([BROKEN_GETADDRINFO]) 1227 AC_DEFINE([BROKEN_SETREUID]) 1228 AC_DEFINE([BROKEN_SETREGID]) 1229 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1230 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1231 TEST_SHELL=$SHELL # let configure find us a capable shell 1232 case "$host" in 1233 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1234 maildir=/var/spool/mail 1235 AC_DEFINE([BROKEN_UPDWTMPX]) 1236 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1237 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1238 ], , ) 1239 ;; 1240 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1241 ;; 1242 esac 1243 ;; 1244*-*-sysv*) 1245 ;; 1246# SCO UNIX and OEM versions of SCO UNIX 1247*-*-sco3.2v4*) 1248 AC_MSG_ERROR("This Platform is no longer supported.") 1249 ;; 1250# SCO OpenServer 5.x 1251*-*-sco3.2v5*) 1252 if test -z "$GCC"; then 1253 CFLAGS="$CFLAGS -belf" 1254 fi 1255 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1256 no_dev_ptmx=1 1257 AC_DEFINE([USE_PIPES]) 1258 AC_DEFINE([HAVE_SECUREWARE]) 1259 AC_DEFINE([DISABLE_SHADOW]) 1260 AC_DEFINE([DISABLE_FD_PASSING]) 1261 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1262 AC_DEFINE([BROKEN_GETADDRINFO]) 1263 AC_DEFINE([BROKEN_SETREUID]) 1264 AC_DEFINE([BROKEN_SETREGID]) 1265 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1266 AC_DEFINE([BROKEN_UPDWTMPX]) 1267 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1268 AC_CHECK_FUNCS([getluid setluid]) 1269 MANTYPE=man 1270 TEST_SHELL=$SHELL # let configure find us a capable shell 1271 SKIP_DISABLE_LASTLOG_DEFINE=yes 1272 ;; 1273*-dec-osf*) 1274 AC_MSG_CHECKING([for Digital Unix SIA]) 1275 no_osfsia="" 1276 AC_ARG_WITH([osfsia], 1277 [ --with-osfsia Enable Digital Unix SIA], 1278 [ 1279 if test "x$withval" = "xno" ; then 1280 AC_MSG_RESULT([disabled]) 1281 no_osfsia=1 1282 fi 1283 ], 1284 ) 1285 if test -z "$no_osfsia" ; then 1286 if test -f /etc/sia/matrix.conf; then 1287 AC_MSG_RESULT([yes]) 1288 AC_DEFINE([HAVE_OSF_SIA], [1], 1289 [Define if you have Digital Unix Security 1290 Integration Architecture]) 1291 AC_DEFINE([DISABLE_LOGIN], [1], 1292 [Define if you don't want to use your 1293 system's login() call]) 1294 AC_DEFINE([DISABLE_FD_PASSING]) 1295 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1296 SIA_MSG="yes" 1297 else 1298 AC_MSG_RESULT([no]) 1299 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1300 [String used in /etc/passwd to denote locked account]) 1301 fi 1302 fi 1303 AC_DEFINE([BROKEN_GETADDRINFO]) 1304 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1305 AC_DEFINE([BROKEN_SETREUID]) 1306 AC_DEFINE([BROKEN_SETREGID]) 1307 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1308 ;; 1309 1310*-*-nto-qnx*) 1311 AC_DEFINE([USE_PIPES]) 1312 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1313 AC_DEFINE([DISABLE_LASTLOG]) 1314 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1315 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1316 enable_etc_default_login=no # has incompatible /etc/default/login 1317 case "$host" in 1318 *-*-nto-qnx6*) 1319 AC_DEFINE([DISABLE_FD_PASSING]) 1320 ;; 1321 esac 1322 ;; 1323 1324*-*-ultrix*) 1325 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1326 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1327 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1328 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1329 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1330 # don't get a controlling tty. 1331 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1332 # On Ultrix some headers are not protected against multiple includes, 1333 # so we create wrappers and put it where the compiler will find it. 1334 AC_MSG_WARN([creating compat wrappers for headers]) 1335 mkdir -p netinet 1336 for header in netinet/ip.h netdb.h resolv.h; do 1337 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1338 cat >$header <<EOD 1339#ifndef _SSH_COMPAT_${name} 1340#define _SSH_COMPAT_${name} 1341#include "/usr/include/${header}" 1342#endif 1343EOD 1344 done 1345 ;; 1346 1347*-*-lynxos) 1348 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1349 AC_DEFINE([BROKEN_SETVBUF], [1], 1350 [LynxOS has broken setvbuf() implementation]) 1351 ;; 1352*-*-gnu*) 1353 dnl GNU Hurd. Needs to be after the linux and the other *-gnu entries. 1354 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 1355 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 1356 dnl _GNU_SOURCE is needed for setres*id prototypes. 1357 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 1358 ;; 1359esac 1360 1361AC_MSG_CHECKING([compiler and flags for sanity]) 1362AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1363 [ AC_MSG_RESULT([yes]) ], 1364 [ 1365 AC_MSG_RESULT([no]) 1366 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1367 ], 1368 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1369) 1370 1371dnl Checks for header files. 1372# Checks for libraries. 1373AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1374 1375dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1376AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1377 AC_CHECK_LIB([gen], [dirname], [ 1378 AC_CACHE_CHECK([for broken dirname], 1379 ac_cv_have_broken_dirname, [ 1380 save_LIBS="$LIBS" 1381 LIBS="$LIBS -lgen" 1382 AC_RUN_IFELSE( 1383 [AC_LANG_SOURCE([[ 1384#include <libgen.h> 1385#include <string.h> 1386#include <stdlib.h> 1387 1388int main(int argc, char **argv) { 1389 char *s, buf[32]; 1390 1391 strncpy(buf,"/etc", 32); 1392 s = dirname(buf); 1393 if (!s || strncmp(s, "/", 32) != 0) { 1394 exit(1); 1395 } else { 1396 exit(0); 1397 } 1398} 1399 ]])], 1400 [ ac_cv_have_broken_dirname="no" ], 1401 [ ac_cv_have_broken_dirname="yes" ], 1402 [ ac_cv_have_broken_dirname="no" ], 1403 ) 1404 LIBS="$save_LIBS" 1405 ]) 1406 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1407 LIBS="$LIBS -lgen" 1408 AC_DEFINE([HAVE_DIRNAME]) 1409 AC_CHECK_HEADERS([libgen.h]) 1410 fi 1411 ]) 1412]) 1413 1414AC_CHECK_FUNC([getspnam], , 1415 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1416AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1417 [Define if you have the basename function.])]) 1418 1419dnl zlib defaults to enabled 1420zlib=yes 1421AC_ARG_WITH([zlib], 1422 [ --with-zlib=PATH Use zlib in PATH], 1423 [ if test "x$withval" = "xno" ; then 1424 zlib=no 1425 elif test "x$withval" != "xyes"; then 1426 if test -d "$withval/lib"; then 1427 if test -n "${rpath_opt}"; then 1428 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1429 else 1430 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1431 fi 1432 else 1433 if test -n "${rpath_opt}"; then 1434 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1435 else 1436 LDFLAGS="-L${withval} ${LDFLAGS}" 1437 fi 1438 fi 1439 if test -d "$withval/include"; then 1440 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1441 else 1442 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1443 fi 1444 fi ] 1445) 1446 1447# These libraries are needed for anything that links in the channel code. 1448CHANNELLIBS="" 1449AC_MSG_CHECKING([for zlib]) 1450if test "x${zlib}" = "xno"; then 1451 AC_MSG_RESULT([no]) 1452else 1453 saved_LIBS="$LIBS" 1454 CHANNELLIBS="$CHANNELLIBS -lz" 1455 AC_MSG_RESULT([yes]) 1456 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1457 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1458 AC_CHECK_LIB([z], [deflate], [], 1459 [ 1460 saved_CPPFLAGS="$CPPFLAGS" 1461 saved_LDFLAGS="$LDFLAGS" 1462 dnl Check default zlib install dir 1463 if test -n "${rpath_opt}"; then 1464 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1465 else 1466 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1467 fi 1468 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1469 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1470 [ 1471 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1472 ] 1473 ) 1474 ] 1475 ) 1476 1477 AC_ARG_WITH([zlib-version-check], 1478 [ --without-zlib-version-check Disable zlib version check], 1479 [ if test "x$withval" = "xno" ; then 1480 zlib_check_nonfatal=1 1481 fi 1482 ] 1483 ) 1484 1485 AC_MSG_CHECKING([for possibly buggy zlib]) 1486 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1487#include <stdio.h> 1488#include <stdlib.h> 1489#include <zlib.h> 1490 ]], 1491 [[ 1492 int a=0, b=0, c=0, d=0, n, v; 1493 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1494 if (n < 1) 1495 exit(1); 1496 v = a*1000000 + b*10000 + c*100 + d; 1497 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1498 1499 /* 1.1.4 is OK */ 1500 if (a == 1 && b == 1 && c >= 4) 1501 exit(0); 1502 1503 /* 1.2.3 and up are OK */ 1504 if (v >= 1020300) 1505 exit(0); 1506 1507 exit(2); 1508 ]])], 1509 AC_MSG_RESULT([no]), 1510 [ AC_MSG_RESULT([yes]) 1511 if test -z "$zlib_check_nonfatal" ; then 1512 AC_MSG_ERROR([*** zlib too old - check config.log *** 1513Your reported zlib version has known security problems. It's possible your 1514vendor has fixed these problems without changing the version number. If you 1515are sure this is the case, you can disable the check by running 1516"./configure --without-zlib-version-check". 1517If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1518See http://www.gzip.org/zlib/ for details.]) 1519 else 1520 AC_MSG_WARN([zlib version may have security problems]) 1521 fi 1522 ], 1523 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1524 ) 1525 LIBS="$saved_LIBS" 1526fi 1527 1528dnl UnixWare 2.x 1529AC_CHECK_FUNC([strcasecmp], 1530 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1531) 1532AC_CHECK_FUNCS([utimes], 1533 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1534 LIBS="$LIBS -lc89"]) ] 1535) 1536 1537dnl Checks for libutil functions 1538AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1539AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1540AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1541AC_SEARCH_LIBS([login], [util bsd]) 1542AC_SEARCH_LIBS([logout], [util bsd]) 1543AC_SEARCH_LIBS([logwtmp], [util bsd]) 1544AC_SEARCH_LIBS([openpty], [util bsd]) 1545AC_SEARCH_LIBS([updwtmp], [util bsd]) 1546AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1547 1548# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1549# or libnsl. 1550AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1551AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1552 1553# Some Linux distribtions ship the BSD libc hashing functions in 1554# separate libraries. 1555AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1556 1557# "Particular Function Checks" 1558# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1559AC_FUNC_STRFTIME 1560AC_FUNC_MALLOC 1561AC_FUNC_REALLOC 1562# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1563AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1564AC_RUN_IFELSE( 1565 [AC_LANG_PROGRAM( 1566 [[ #include <stdlib.h> ]], 1567 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1568 )], 1569 [ func_calloc_0_nonnull=yes ], 1570 [ func_calloc_0_nonnull=no ], 1571 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1572 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1573) 1574AC_MSG_RESULT([$func_calloc_0_nonnull]) 1575 1576if test "x$func_calloc_0_nonnull" = "xyes"; then 1577 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1578else 1579 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1580 AC_DEFINE(calloc, rpl_calloc, 1581 [Define to rpl_calloc if the replacement function should be used.]) 1582fi 1583 1584# Check for ALTDIRFUNC glob() extension 1585AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1586AC_EGREP_CPP([FOUNDIT], 1587 [ 1588 #include <glob.h> 1589 #ifdef GLOB_ALTDIRFUNC 1590 FOUNDIT 1591 #endif 1592 ], 1593 [ 1594 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1595 [Define if your system glob() function has 1596 the GLOB_ALTDIRFUNC extension]) 1597 AC_MSG_RESULT([yes]) 1598 ], 1599 [ 1600 AC_MSG_RESULT([no]) 1601 ] 1602) 1603 1604# Check for g.gl_matchc glob() extension 1605AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1606AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1607 [[ glob_t g; g.gl_matchc = 1; ]])], 1608 [ 1609 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1610 [Define if your system glob() function has 1611 gl_matchc options in glob_t]) 1612 AC_MSG_RESULT([yes]) 1613 ], [ 1614 AC_MSG_RESULT([no]) 1615]) 1616 1617# Check for g.gl_statv glob() extension 1618AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1619AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1620#ifndef GLOB_KEEPSTAT 1621#error "glob does not support GLOB_KEEPSTAT extension" 1622#endif 1623glob_t g; 1624g.gl_statv = NULL; 1625]])], 1626 [ 1627 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1628 [Define if your system glob() function has 1629 gl_statv options in glob_t]) 1630 AC_MSG_RESULT([yes]) 1631 ], [ 1632 AC_MSG_RESULT([no]) 1633 1634]) 1635 1636AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1637 1638AC_CHECK_DECL([VIS_ALL], , 1639 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1640 1641AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1642AC_RUN_IFELSE( 1643 [AC_LANG_PROGRAM([[ 1644#include <sys/types.h> 1645#include <dirent.h> 1646#include <stdlib.h> 1647 ]], 1648 [[ 1649 struct dirent d; 1650 exit(sizeof(d.d_name)<=sizeof(char)); 1651 ]])], 1652 [AC_MSG_RESULT([yes])], 1653 [ 1654 AC_MSG_RESULT([no]) 1655 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1656 [Define if your struct dirent expects you to 1657 allocate extra space for d_name]) 1658 ], 1659 [ 1660 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1661 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1662 ] 1663) 1664 1665AC_MSG_CHECKING([for /proc/pid/fd directory]) 1666if test -d "/proc/$$/fd" ; then 1667 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1668 AC_MSG_RESULT([yes]) 1669else 1670 AC_MSG_RESULT([no]) 1671fi 1672 1673# Check whether user wants TCP wrappers support 1674TCPW_MSG="no" 1675AC_ARG_WITH([tcp-wrappers], 1676 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1677 [ 1678 if test "x$withval" != "xno" ; then 1679 saved_LIBS="$LIBS" 1680 saved_LDFLAGS="$LDFLAGS" 1681 saved_CPPFLAGS="$CPPFLAGS" 1682 if test -n "${withval}" && \ 1683 test "x${withval}" != "xyes"; then 1684 if test -d "${withval}/lib"; then 1685 if test -n "${need_dash_r}"; then 1686 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1687 else 1688 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1689 fi 1690 else 1691 if test -n "${need_dash_r}"; then 1692 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1693 else 1694 LDFLAGS="-L${withval} ${LDFLAGS}" 1695 fi 1696 fi 1697 if test -d "${withval}/include"; then 1698 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1699 else 1700 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1701 fi 1702 fi 1703 LIBS="-lwrap $LIBS" 1704 AC_MSG_CHECKING([for libwrap]) 1705 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1706#include <sys/types.h> 1707#include <sys/socket.h> 1708#include <netinet/in.h> 1709#include <tcpd.h> 1710int deny_severity = 0, allow_severity = 0; 1711 ]], [[ 1712 hosts_access(0); 1713 ]])], [ 1714 AC_MSG_RESULT([yes]) 1715 AC_DEFINE([LIBWRAP], [1], 1716 [Define if you want 1717 TCP Wrappers support]) 1718 SSHDLIBS="$SSHDLIBS -lwrap" 1719 TCPW_MSG="yes" 1720 ], [ 1721 AC_MSG_ERROR([*** libwrap missing]) 1722 ]) 1723 LIBS="$saved_LIBS" 1724 fi 1725 ] 1726) 1727 1728# Check whether user wants to use ldns 1729LDNS_MSG="no" 1730AC_ARG_WITH(ldns, 1731 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1732 [ 1733 ldns="" 1734 if test "x$withval" = "xyes" ; then 1735 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1736 if test "x$LDNSCONFIG" = "xno"; then 1737 LIBS="-lldns $LIBS" 1738 ldns=yes 1739 else 1740 LIBS="$LIBS `$LDNSCONFIG --libs`" 1741 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1742 ldns=yes 1743 fi 1744 elif test "x$withval" != "xno" ; then 1745 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1746 LDFLAGS="$LDFLAGS -L${withval}/lib" 1747 LIBS="-lldns $LIBS" 1748 ldns=yes 1749 fi 1750 1751 # Verify that it works. 1752 if test "x$ldns" = "xyes" ; then 1753 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1754 LDNS_MSG="yes" 1755 AC_MSG_CHECKING([for ldns support]) 1756 AC_LINK_IFELSE( 1757 [AC_LANG_SOURCE([[ 1758#include <stdio.h> 1759#include <stdlib.h> 1760#ifdef HAVE_STDINT_H 1761# include <stdint.h> 1762#endif 1763#include <ldns/ldns.h> 1764int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1765 ]]) 1766 ], 1767 [AC_MSG_RESULT(yes)], 1768 [ 1769 AC_MSG_RESULT(no) 1770 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1771 ]) 1772 fi 1773]) 1774 1775# Check whether user wants libedit support 1776LIBEDIT_MSG="no" 1777AC_ARG_WITH([libedit], 1778 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1779 [ if test "x$withval" != "xno" ; then 1780 if test "x$withval" = "xyes" ; then 1781 if test "x$PKGCONFIG" != "xno"; then 1782 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1783 if "$PKGCONFIG" libedit; then 1784 AC_MSG_RESULT([yes]) 1785 use_pkgconfig_for_libedit=yes 1786 else 1787 AC_MSG_RESULT([no]) 1788 fi 1789 fi 1790 else 1791 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1792 if test -n "${rpath_opt}"; then 1793 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1794 else 1795 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1796 fi 1797 fi 1798 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1799 LIBEDIT=`$PKGCONFIG --libs libedit` 1800 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1801 else 1802 LIBEDIT="-ledit -lcurses" 1803 fi 1804 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1805 AC_CHECK_LIB([edit], [el_init], 1806 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1807 LIBEDIT_MSG="yes" 1808 AC_SUBST([LIBEDIT]) 1809 ], 1810 [ AC_MSG_ERROR([libedit not found]) ], 1811 [ $OTHERLIBS ] 1812 ) 1813 AC_MSG_CHECKING([if libedit version is compatible]) 1814 AC_COMPILE_IFELSE( 1815 [AC_LANG_PROGRAM([[ 1816#include <histedit.h> 1817#include <stdlib.h> 1818 ]], 1819 [[ 1820 int i = H_SETSIZE; 1821 el_init("", NULL, NULL, NULL); 1822 exit(0); 1823 ]])], 1824 [ AC_MSG_RESULT([yes]) ], 1825 [ AC_MSG_RESULT([no]) 1826 AC_MSG_ERROR([libedit version is not compatible]) ] 1827 ) 1828 fi ] 1829) 1830 1831AUDIT_MODULE=none 1832AC_ARG_WITH([audit], 1833 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1834 [ 1835 AC_MSG_CHECKING([for supported audit module]) 1836 case "$withval" in 1837 bsm) 1838 AC_MSG_RESULT([bsm]) 1839 AUDIT_MODULE=bsm 1840 dnl Checks for headers, libs and functions 1841 AC_CHECK_HEADERS([bsm/audit.h], [], 1842 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1843 [ 1844#ifdef HAVE_TIME_H 1845# include <time.h> 1846#endif 1847 ] 1848) 1849 AC_CHECK_LIB([bsm], [getaudit], [], 1850 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1851 AC_CHECK_FUNCS([getaudit], [], 1852 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1853 # These are optional 1854 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1855 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1856 if test "$sol2ver" -ge 11; then 1857 SSHDLIBS="$SSHDLIBS -lscf" 1858 AC_DEFINE([BROKEN_BSM_API], [1], 1859 [The system has incomplete BSM API]) 1860 fi 1861 ;; 1862 linux) 1863 AC_MSG_RESULT([linux]) 1864 AUDIT_MODULE=linux 1865 dnl Checks for headers, libs and functions 1866 AC_CHECK_HEADERS([libaudit.h]) 1867 SSHDLIBS="$SSHDLIBS -laudit" 1868 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1869 ;; 1870 debug) 1871 AUDIT_MODULE=debug 1872 AC_MSG_RESULT([debug]) 1873 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1874 ;; 1875 no) 1876 AC_MSG_RESULT([no]) 1877 ;; 1878 *) 1879 AC_MSG_ERROR([Unknown audit module $withval]) 1880 ;; 1881 esac ] 1882) 1883 1884AC_ARG_WITH([pie], 1885 [ --with-pie Build Position Independent Executables if possible], [ 1886 if test "x$withval" = "xno"; then 1887 use_pie=no 1888 fi 1889 if test "x$withval" = "xyes"; then 1890 use_pie=yes 1891 fi 1892 ] 1893) 1894if test "x$use_pie" = "x"; then 1895 use_pie=no 1896fi 1897if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1898 # Turn off automatic PIE when toolchain hardening is off. 1899 use_pie=no 1900fi 1901if test "x$use_pie" = "xauto"; then 1902 # Automatic PIE requires gcc >= 4.x 1903 AC_MSG_CHECKING([for gcc >= 4.x]) 1904 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1905#if !defined(__GNUC__) || __GNUC__ < 4 1906#error gcc is too old 1907#endif 1908]])], 1909 [ AC_MSG_RESULT([yes]) ], 1910 [ AC_MSG_RESULT([no]) 1911 use_pie=no ] 1912) 1913fi 1914if test "x$use_pie" != "xno"; then 1915 SAVED_CFLAGS="$CFLAGS" 1916 SAVED_LDFLAGS="$LDFLAGS" 1917 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1918 OSSH_CHECK_LDFLAG_LINK([-pie]) 1919 # We use both -fPIE and -pie or neither. 1920 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1921 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1922 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1923 AC_MSG_RESULT([yes]) 1924 else 1925 AC_MSG_RESULT([no]) 1926 CFLAGS="$SAVED_CFLAGS" 1927 LDFLAGS="$SAVED_LDFLAGS" 1928 fi 1929fi 1930 1931AC_MSG_CHECKING([whether -fPIC is accepted]) 1932SAVED_CFLAGS="$CFLAGS" 1933CFLAGS="$CFLAGS -fPIC" 1934AC_COMPILE_IFELSE( 1935 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1936 [AC_MSG_RESULT([yes]) 1937 PICFLAG="-fPIC"; ], 1938 [AC_MSG_RESULT([no]) 1939 PICFLAG=""; ]) 1940CFLAGS="$SAVED_CFLAGS" 1941AC_SUBST([PICFLAG]) 1942 1943dnl Checks for library functions. Please keep in alphabetical order 1944AC_CHECK_FUNCS([ \ 1945 auth_hostok \ 1946 auth_timeok \ 1947 Blowfish_initstate \ 1948 Blowfish_expandstate \ 1949 Blowfish_expand0state \ 1950 Blowfish_stream2word \ 1951 SHA256Update \ 1952 SHA384Update \ 1953 SHA512Update \ 1954 asprintf \ 1955 b64_ntop \ 1956 __b64_ntop \ 1957 b64_pton \ 1958 __b64_pton \ 1959 bcopy \ 1960 bcrypt_pbkdf \ 1961 bindresvport_sa \ 1962 blf_enc \ 1963 bzero \ 1964 cap_rights_limit \ 1965 clock \ 1966 closefrom \ 1967 close_range \ 1968 dirfd \ 1969 endgrent \ 1970 err \ 1971 errx \ 1972 explicit_bzero \ 1973 explicit_memset \ 1974 fchmod \ 1975 fchmodat \ 1976 fchown \ 1977 fchownat \ 1978 flock \ 1979 fnmatch \ 1980 freeaddrinfo \ 1981 freezero \ 1982 fstatfs \ 1983 fstatvfs \ 1984 futimes \ 1985 getaddrinfo \ 1986 getcwd \ 1987 getentropy \ 1988 getgrouplist \ 1989 getline \ 1990 getnameinfo \ 1991 getopt \ 1992 getpagesize \ 1993 getpeereid \ 1994 getpeerucred \ 1995 getpgid \ 1996 _getpty \ 1997 getrlimit \ 1998 getrandom \ 1999 getsid \ 2000 getttyent \ 2001 glob \ 2002 group_from_gid \ 2003 inet_aton \ 2004 inet_ntoa \ 2005 inet_ntop \ 2006 innetgr \ 2007 killpg \ 2008 llabs \ 2009 localtime_r \ 2010 login_getcapbool \ 2011 login_getpwclass \ 2012 memmem \ 2013 memmove \ 2014 memset_s \ 2015 mkdtemp \ 2016 ngetaddrinfo \ 2017 nsleep \ 2018 ogetaddrinfo \ 2019 openlog_r \ 2020 pledge \ 2021 poll \ 2022 ppoll \ 2023 prctl \ 2024 procctl \ 2025 pselect \ 2026 pstat \ 2027 raise \ 2028 readpassphrase \ 2029 reallocarray \ 2030 realpath \ 2031 recvmsg \ 2032 recallocarray \ 2033 rresvport_af \ 2034 sendmsg \ 2035 setdtablesize \ 2036 setegid \ 2037 setenv \ 2038 seteuid \ 2039 setgroupent \ 2040 setgroups \ 2041 setlinebuf \ 2042 setlogin \ 2043 setpassent\ 2044 setpcred \ 2045 setproctitle \ 2046 setregid \ 2047 setreuid \ 2048 setrlimit \ 2049 setsid \ 2050 setvbuf \ 2051 sigaction \ 2052 sigvec \ 2053 snprintf \ 2054 socketpair \ 2055 statfs \ 2056 statvfs \ 2057 strcasestr \ 2058 strdup \ 2059 strerror \ 2060 strlcat \ 2061 strlcpy \ 2062 strmode \ 2063 strndup \ 2064 strnlen \ 2065 strnvis \ 2066 strptime \ 2067 strsignal \ 2068 strtonum \ 2069 strtoll \ 2070 strtoul \ 2071 strtoull \ 2072 sysconf \ 2073 tcgetpgrp \ 2074 timegm \ 2075 timingsafe_bcmp \ 2076 truncate \ 2077 unsetenv \ 2078 updwtmpx \ 2079 utimensat \ 2080 user_from_uid \ 2081 usleep \ 2082 vasprintf \ 2083 vsnprintf \ 2084 waitpid \ 2085 warn \ 2086]) 2087 2088AC_CHECK_DECLS([bzero, memmem]) 2089 2090dnl Wide character support. 2091AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2092 2093TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2094AC_MSG_CHECKING([for utf8 locale support]) 2095AC_RUN_IFELSE( 2096 [AC_LANG_PROGRAM([[ 2097#include <locale.h> 2098#include <stdlib.h> 2099 ]], [[ 2100 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2101 if (loc != NULL) 2102 exit(0); 2103 exit(1); 2104 ]])], 2105 AC_MSG_RESULT(yes), 2106 [AC_MSG_RESULT(no) 2107 TEST_SSH_UTF8=no], 2108 AC_MSG_WARN([cross compiling: assuming yes]) 2109) 2110 2111AC_LINK_IFELSE( 2112 [AC_LANG_PROGRAM( 2113 [[ #include <ctype.h> ]], 2114 [[ return (isblank('a')); ]])], 2115 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2116]) 2117 2118disable_pkcs11= 2119AC_ARG_ENABLE([pkcs11], 2120 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2121 [ 2122 if test "x$enableval" = "xno" ; then 2123 disable_pkcs11=1 2124 fi 2125 ] 2126) 2127 2128disable_sk= 2129AC_ARG_ENABLE([security-key], 2130 [ --disable-security-key disable U2F/FIDO support code [no]], 2131 [ 2132 if test "x$enableval" = "xno" ; then 2133 disable_sk=1 2134 fi 2135 ] 2136) 2137enable_sk_internal= 2138AC_ARG_WITH([security-key-builtin], 2139 [ --with-security-key-builtin include builtin U2F/FIDO support], 2140 [ enable_sk_internal=$withval ] 2141) 2142 2143enable_dsa= 2144AC_ARG_ENABLE([dsa-keys], 2145 [ --enable-dsa-keys enable DSA key support [no]], 2146 [ 2147 if test "x$enableval" != "xno" ; then 2148 enable_dsa=1 2149 fi 2150 ] 2151) 2152 2153AC_SEARCH_LIBS([dlopen], [dl]) 2154AC_CHECK_FUNCS([dlopen]) 2155AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2156 2157# IRIX has a const char return value for gai_strerror() 2158AC_CHECK_FUNCS([gai_strerror], [ 2159 AC_DEFINE([HAVE_GAI_STRERROR]) 2160 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2161#include <sys/types.h> 2162#include <sys/socket.h> 2163#include <netdb.h> 2164 2165const char *gai_strerror(int); 2166 ]], [[ 2167 char *str; 2168 str = gai_strerror(0); 2169 ]])], [ 2170 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2171 [Define if gai_strerror() returns const char *])], [])]) 2172 2173AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2174 [Some systems put nanosleep outside of libc])]) 2175 2176AC_SEARCH_LIBS([clock_gettime], [rt], 2177 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2178 2179dnl check if we need -D_REENTRANT for localtime_r declaration. 2180AC_CHECK_DECL([localtime_r], [], 2181 [ saved_CPPFLAGS="$CPPFLAGS" 2182 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2183 unset ac_cv_have_decl_localtime_r 2184 AC_CHECK_DECL([localtime_r], [], 2185 [ CPPFLAGS="$saved_CPPFLAGS" ], 2186 [ #include <time.h> ] 2187 ) 2188 ], 2189 [ #include <time.h> ] 2190) 2191 2192dnl Make sure prototypes are defined for these before using them. 2193AC_CHECK_DECL([strsep], 2194 [AC_CHECK_FUNCS([strsep])], 2195 [], 2196 [ 2197#ifdef HAVE_STRING_H 2198# include <string.h> 2199#endif 2200 ]) 2201 2202dnl tcsendbreak might be a macro 2203AC_CHECK_DECL([tcsendbreak], 2204 [AC_DEFINE([HAVE_TCSENDBREAK])], 2205 [AC_CHECK_FUNCS([tcsendbreak])], 2206 [#include <termios.h>] 2207) 2208 2209AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2210 2211AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2212 [ 2213#include <sys/types.h> 2214#include <sys/socket.h> 2215#include <unistd.h> 2216 ]) 2217 2218AC_CHECK_DECLS([O_NONBLOCK], , , 2219 [ 2220#include <sys/types.h> 2221#ifdef HAVE_SYS_STAT_H 2222# include <sys/stat.h> 2223#endif 2224#ifdef HAVE_FCNTL_H 2225# include <fcntl.h> 2226#endif 2227 ]) 2228 2229AC_CHECK_DECLS([ftruncate, getentropy], , , 2230 [ 2231#include <sys/types.h> 2232#include <unistd.h> 2233 ]) 2234 2235AC_CHECK_DECLS([readv, writev], , , [ 2236#include <sys/types.h> 2237#include <sys/uio.h> 2238#include <unistd.h> 2239 ]) 2240 2241AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2242#include <sys/param.h> 2243 ]) 2244 2245AC_CHECK_DECLS([offsetof], , , [ 2246#include <stddef.h> 2247 ]) 2248 2249# extra bits for select(2) 2250AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2251#include <sys/param.h> 2252#include <sys/types.h> 2253#ifdef HAVE_SYS_SYSMACROS_H 2254#include <sys/sysmacros.h> 2255#endif 2256#ifdef HAVE_SYS_SELECT_H 2257#include <sys/select.h> 2258#endif 2259#ifdef HAVE_SYS_TIME_H 2260#include <sys/time.h> 2261#endif 2262#ifdef HAVE_UNISTD_H 2263#include <unistd.h> 2264#endif 2265 ]]) 2266AC_CHECK_TYPES([fd_mask], [], [], [[ 2267#include <sys/param.h> 2268#include <sys/types.h> 2269#ifdef HAVE_SYS_SELECT_H 2270#include <sys/select.h> 2271#endif 2272#ifdef HAVE_SYS_TIME_H 2273#include <sys/time.h> 2274#endif 2275#ifdef HAVE_UNISTD_H 2276#include <unistd.h> 2277#endif 2278 ]]) 2279 2280AC_CHECK_FUNCS([setresuid], [ 2281 dnl Some platorms have setresuid that isn't implemented, test for this 2282 AC_MSG_CHECKING([if setresuid seems to work]) 2283 AC_RUN_IFELSE( 2284 [AC_LANG_PROGRAM([[ 2285#include <errno.h> 2286#include <stdlib.h> 2287#include <unistd.h> 2288 ]], [[ 2289 errno=0; 2290 setresuid(0,0,0); 2291 if (errno==ENOSYS) 2292 exit(1); 2293 else 2294 exit(0); 2295 ]])], 2296 [AC_MSG_RESULT([yes])], 2297 [AC_DEFINE([BROKEN_SETRESUID], [1], 2298 [Define if your setresuid() is broken]) 2299 AC_MSG_RESULT([not implemented])], 2300 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2301 ) 2302]) 2303 2304AC_CHECK_FUNCS([setresgid], [ 2305 dnl Some platorms have setresgid that isn't implemented, test for this 2306 AC_MSG_CHECKING([if setresgid seems to work]) 2307 AC_RUN_IFELSE( 2308 [AC_LANG_PROGRAM([[ 2309#include <errno.h> 2310#include <stdlib.h> 2311#include <unistd.h> 2312 ]], [[ 2313 errno=0; 2314 setresgid(0,0,0); 2315 if (errno==ENOSYS) 2316 exit(1); 2317 else 2318 exit(0); 2319 ]])], 2320 [AC_MSG_RESULT([yes])], 2321 [AC_DEFINE([BROKEN_SETRESGID], [1], 2322 [Define if your setresgid() is broken]) 2323 AC_MSG_RESULT([not implemented])], 2324 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2325 ) 2326]) 2327 2328AC_MSG_CHECKING([for working fflush(NULL)]) 2329AC_RUN_IFELSE( 2330 [AC_LANG_PROGRAM([[ 2331#include <stdio.h> 2332#include <stdlib.h> 2333 ]], 2334 [[fflush(NULL); exit(0);]])], 2335 AC_MSG_RESULT([yes]), 2336 [AC_MSG_RESULT([no]) 2337 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2338 [define if fflush(NULL) does not work])], 2339 AC_MSG_WARN([cross compiling: assuming working]) 2340) 2341 2342dnl Checks for time functions 2343AC_CHECK_FUNCS([gettimeofday time]) 2344dnl Checks for utmp functions 2345AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2346AC_CHECK_FUNCS([utmpname]) 2347dnl Checks for utmpx functions 2348AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2349AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2350dnl Checks for lastlog functions 2351AC_CHECK_FUNCS([getlastlogxbyname]) 2352 2353AC_CHECK_FUNC([daemon], 2354 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2355 [AC_CHECK_LIB([bsd], [daemon], 2356 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2357) 2358 2359AC_CHECK_FUNC([getpagesize], 2360 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2361 [Define if your libraries define getpagesize()])], 2362 [AC_CHECK_LIB([ucb], [getpagesize], 2363 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2364) 2365 2366# Check for broken snprintf 2367if test "x$ac_cv_func_snprintf" = "xyes" ; then 2368 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2369 AC_RUN_IFELSE( 2370 [AC_LANG_PROGRAM([[ 2371#include <stdio.h> 2372#include <stdlib.h> 2373 ]], 2374 [[ 2375 char b[5]; 2376 snprintf(b,5,"123456789"); 2377 exit(b[4]!='\0'); 2378 ]])], 2379 [AC_MSG_RESULT([yes])], 2380 [ 2381 AC_MSG_RESULT([no]) 2382 AC_DEFINE([BROKEN_SNPRINTF], [1], 2383 [Define if your snprintf is busted]) 2384 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2385 ], 2386 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2387 ) 2388fi 2389 2390if test "x$ac_cv_func_snprintf" = "xyes" ; then 2391 AC_MSG_CHECKING([whether snprintf understands %zu]) 2392 AC_RUN_IFELSE( 2393 [AC_LANG_PROGRAM([[ 2394#include <sys/types.h> 2395#include <stdio.h> 2396#include <stdlib.h> 2397#include <string.h> 2398 ]], 2399 [[ 2400 size_t a = 1, b = 2; 2401 char z[128]; 2402 snprintf(z, sizeof z, "%zu%zu", a, b); 2403 exit(strcmp(z, "12")); 2404 ]])], 2405 [AC_MSG_RESULT([yes])], 2406 [ 2407 AC_MSG_RESULT([no]) 2408 AC_DEFINE([BROKEN_SNPRINTF], [1], 2409 [snprintf does not understand %zu]) 2410 ], 2411 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2412 ) 2413fi 2414 2415# We depend on vsnprintf returning the right thing on overflow: the 2416# number of characters it tried to create (as per SUSv3) 2417if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2418 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2419 AC_RUN_IFELSE( 2420 [AC_LANG_PROGRAM([[ 2421#include <sys/types.h> 2422#include <stdio.h> 2423#include <stdarg.h> 2424 2425int x_snprintf(char *str, size_t count, const char *fmt, ...) 2426{ 2427 size_t ret; 2428 va_list ap; 2429 2430 va_start(ap, fmt); 2431 ret = vsnprintf(str, count, fmt, ap); 2432 va_end(ap); 2433 return ret; 2434} 2435 ]], [[ 2436char x[1]; 2437if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2438 return 1; 2439if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2440 return 1; 2441return 0; 2442 ]])], 2443 [AC_MSG_RESULT([yes])], 2444 [ 2445 AC_MSG_RESULT([no]) 2446 AC_DEFINE([BROKEN_SNPRINTF], [1], 2447 [Define if your snprintf is busted]) 2448 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2449 ], 2450 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2451 ) 2452fi 2453 2454# On systems where [v]snprintf is broken, but is declared in stdio, 2455# check that the fmt argument is const char * or just char *. 2456# This is only useful for when BROKEN_SNPRINTF 2457AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2458AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2459#include <stdio.h> 2460int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2461 ]], [[ 2462 snprintf(0, 0, 0); 2463 ]])], 2464 [AC_MSG_RESULT([yes]) 2465 AC_DEFINE([SNPRINTF_CONST], [const], 2466 [Define as const if snprintf() can declare const char *fmt])], 2467 [AC_MSG_RESULT([no]) 2468 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2469 2470# Check for missing getpeereid (or equiv) support 2471NO_PEERCHECK="" 2472if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2473 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2474 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2475#include <sys/types.h> 2476#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2477 [ AC_MSG_RESULT([yes]) 2478 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2479 ], [AC_MSG_RESULT([no]) 2480 NO_PEERCHECK=1 2481 ]) 2482fi 2483 2484dnl make sure that openpty does not reacquire controlling terminal 2485if test ! -z "$check_for_openpty_ctty_bug"; then 2486 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2487 AC_RUN_IFELSE( 2488 [AC_LANG_PROGRAM([[ 2489#include <stdio.h> 2490#include <stdlib.h> 2491#include <unistd.h> 2492#ifdef HAVE_PTY_H 2493# include <pty.h> 2494#endif 2495#include <sys/fcntl.h> 2496#include <sys/types.h> 2497#include <sys/wait.h> 2498 ]], [[ 2499 pid_t pid; 2500 int fd, ptyfd, ttyfd, status; 2501 2502 pid = fork(); 2503 if (pid < 0) { /* failed */ 2504 exit(1); 2505 } else if (pid > 0) { /* parent */ 2506 waitpid(pid, &status, 0); 2507 if (WIFEXITED(status)) 2508 exit(WEXITSTATUS(status)); 2509 else 2510 exit(2); 2511 } else { /* child */ 2512 close(0); close(1); close(2); 2513 setsid(); 2514 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2515 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2516 if (fd >= 0) 2517 exit(3); /* Acquired ctty: broken */ 2518 else 2519 exit(0); /* Did not acquire ctty: OK */ 2520 } 2521 ]])], 2522 [ 2523 AC_MSG_RESULT([yes]) 2524 ], 2525 [ 2526 AC_MSG_RESULT([no]) 2527 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2528 ], 2529 [ 2530 AC_MSG_RESULT([cross-compiling, assuming yes]) 2531 ] 2532 ) 2533fi 2534 2535if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2536 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2537 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2538 AC_RUN_IFELSE( 2539 [AC_LANG_PROGRAM([[ 2540#include <stdio.h> 2541#include <stdlib.h> 2542#include <sys/socket.h> 2543#include <netdb.h> 2544#include <errno.h> 2545#include <netinet/in.h> 2546 2547#define TEST_PORT "2222" 2548 ]], [[ 2549 int err, sock; 2550 struct addrinfo *gai_ai, *ai, hints; 2551 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2552 2553 memset(&hints, 0, sizeof(hints)); 2554 hints.ai_family = PF_UNSPEC; 2555 hints.ai_socktype = SOCK_STREAM; 2556 hints.ai_flags = AI_PASSIVE; 2557 2558 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2559 if (err != 0) { 2560 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2561 exit(1); 2562 } 2563 2564 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2565 if (ai->ai_family != AF_INET6) 2566 continue; 2567 2568 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2569 sizeof(ntop), strport, sizeof(strport), 2570 NI_NUMERICHOST|NI_NUMERICSERV); 2571 2572 if (err != 0) { 2573 if (err == EAI_SYSTEM) 2574 perror("getnameinfo EAI_SYSTEM"); 2575 else 2576 fprintf(stderr, "getnameinfo failed: %s\n", 2577 gai_strerror(err)); 2578 exit(2); 2579 } 2580 2581 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2582 if (sock < 0) 2583 perror("socket"); 2584 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2585 if (errno == EBADF) 2586 exit(3); 2587 } 2588 } 2589 exit(0); 2590 ]])], 2591 [ 2592 AC_MSG_RESULT([yes]) 2593 ], 2594 [ 2595 AC_MSG_RESULT([no]) 2596 AC_DEFINE([BROKEN_GETADDRINFO]) 2597 ], 2598 [ 2599 AC_MSG_RESULT([cross-compiling, assuming yes]) 2600 ] 2601 ) 2602fi 2603 2604if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2605 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2606 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2607 AC_RUN_IFELSE( 2608 [AC_LANG_PROGRAM([[ 2609#include <stdio.h> 2610#include <stdlib.h> 2611#include <sys/socket.h> 2612#include <netdb.h> 2613#include <errno.h> 2614#include <netinet/in.h> 2615 2616#define TEST_PORT "2222" 2617 ]], [[ 2618 int err, sock; 2619 struct addrinfo *gai_ai, *ai, hints; 2620 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2621 2622 memset(&hints, 0, sizeof(hints)); 2623 hints.ai_family = PF_UNSPEC; 2624 hints.ai_socktype = SOCK_STREAM; 2625 hints.ai_flags = AI_PASSIVE; 2626 2627 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2628 if (err != 0) { 2629 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2630 exit(1); 2631 } 2632 2633 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2634 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2635 continue; 2636 2637 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2638 sizeof(ntop), strport, sizeof(strport), 2639 NI_NUMERICHOST|NI_NUMERICSERV); 2640 2641 if (ai->ai_family == AF_INET && err != 0) { 2642 perror("getnameinfo"); 2643 exit(2); 2644 } 2645 } 2646 exit(0); 2647 ]])], 2648 [ 2649 AC_MSG_RESULT([yes]) 2650 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2651 [Define if you have a getaddrinfo that fails 2652 for the all-zeros IPv6 address]) 2653 ], 2654 [ 2655 AC_MSG_RESULT([no]) 2656 AC_DEFINE([BROKEN_GETADDRINFO]) 2657 ], 2658 [ 2659 AC_MSG_RESULT([cross-compiling, assuming no]) 2660 ] 2661 ) 2662fi 2663 2664if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2665 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2666 [#include <sys/types.h> 2667 #include <sys/socket.h> 2668 #include <netdb.h>]) 2669fi 2670 2671if test "x$check_for_conflicting_getspnam" = "x1"; then 2672 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2673 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2674#include <shadow.h> 2675#include <stdlib.h> 2676 ]], 2677 [[ exit(0); ]])], 2678 [ 2679 AC_MSG_RESULT([no]) 2680 ], 2681 [ 2682 AC_MSG_RESULT([yes]) 2683 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2684 [Conflicting defs for getspnam]) 2685 ] 2686 ) 2687fi 2688 2689dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2690dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2691dnl for over ten years). Despite this incompatibility being reported during 2692dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2693dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2694dnl implementation. Try to detect this mess, and assume the only safe option 2695dnl if we're cross compiling. 2696dnl 2697dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2698dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2699if test "x$ac_cv_func_strnvis" = "xyes"; then 2700 AC_MSG_CHECKING([for working strnvis]) 2701 AC_RUN_IFELSE( 2702 [AC_LANG_PROGRAM([[ 2703#include <signal.h> 2704#include <stdlib.h> 2705#include <string.h> 2706#include <unistd.h> 2707#include <vis.h> 2708static void sighandler(int sig) { _exit(1); } 2709 ]], [[ 2710 char dst[16]; 2711 2712 signal(SIGSEGV, sighandler); 2713 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2714 exit(0); 2715 exit(1) 2716 ]])], 2717 [AC_MSG_RESULT([yes])], 2718 [AC_MSG_RESULT([no]) 2719 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2720 [AC_MSG_WARN([cross compiling: assuming broken]) 2721 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2722 ) 2723fi 2724 2725AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2726AC_RUN_IFELSE( 2727 [AC_LANG_PROGRAM([[ 2728#ifdef HAVE_SYS_SELECT 2729# include <sys/select.h> 2730#endif 2731#include <sys/types.h> 2732#include <sys/time.h> 2733#include <stdlib.h> 2734#include <signal.h> 2735#include <unistd.h> 2736static void sighandler(int sig) { } 2737 ]], [[ 2738 int r; 2739 pid_t pid; 2740 struct sigaction sa; 2741 2742 sa.sa_handler = sighandler; 2743 sa.sa_flags = SA_RESTART; 2744 (void)sigaction(SIGTERM, &sa, NULL); 2745 if ((pid = fork()) == 0) { /* child */ 2746 pid = getppid(); 2747 sleep(1); 2748 kill(pid, SIGTERM); 2749 sleep(1); 2750 if (getppid() == pid) /* if parent did not exit, shoot it */ 2751 kill(pid, SIGKILL); 2752 exit(0); 2753 } else { /* parent */ 2754 r = select(0, NULL, NULL, NULL, NULL); 2755 } 2756 exit(r == -1 ? 0 : 1); 2757 ]])], 2758 [AC_MSG_RESULT([yes])], 2759 [AC_MSG_RESULT([no]) 2760 AC_DEFINE([NO_SA_RESTART], [1], 2761 [SA_RESTARTed signals do no interrupt select])], 2762 [AC_MSG_WARN([cross compiling: assuming yes])] 2763) 2764 2765AC_CHECK_FUNCS([getpgrp],[ 2766 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2767 AC_COMPILE_IFELSE( 2768 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2769 [ AC_MSG_RESULT([yes]) 2770 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2771 [ AC_MSG_RESULT([no]) 2772 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2773 ) 2774]) 2775 2776# Search for OpenSSL 2777saved_CPPFLAGS="$CPPFLAGS" 2778saved_LDFLAGS="$LDFLAGS" 2779openssl_bin_PATH="$PATH" 2780AC_ARG_WITH([ssl-dir], 2781 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2782 [ 2783 if test "x$openssl" = "xno" ; then 2784 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2785 fi 2786 if test "x$withval" != "xno" ; then 2787 case "$withval" in 2788 # Relative paths 2789 ./*|../*) withval="`pwd`/$withval" 2790 esac 2791 if test -d "$withval/lib"; then 2792 libcrypto_path="${withval}/lib" 2793 elif test -d "$withval/lib64"; then 2794 libcrypto_path="$withval/lib64" 2795 else 2796 # Built but not installed 2797 libcrypto_path="${withval}" 2798 fi 2799 if test -n "${rpath_opt}"; then 2800 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2801 else 2802 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2803 fi 2804 if test -d "$withval/include"; then 2805 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2806 else 2807 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2808 fi 2809 dnl Ensure specified openssl binary works, eg it can 2810 dnl find its runtime libraries, before trying to use. 2811 if test -x "${withval}/bin/openssl" && \ 2812 "${withval}/bin/openssl" version >/dev/null 2>&1; then 2813 openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" 2814 elif test -x "${withval}/apps/openssl" && \ 2815 "${withval}/apps/openssl" version >/dev/null 2>&1; then 2816 openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" 2817 fi 2818 fi 2819 ] 2820) 2821AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2822AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2823 2824AC_ARG_WITH([openssl-header-check], 2825 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2826 [ 2827 if test "x$withval" = "xno" ; then 2828 openssl_check_nonfatal=1 2829 fi 2830 ] 2831) 2832 2833openssl_engine=no 2834AC_ARG_WITH([ssl-engine], 2835 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2836 [ 2837 if test "x$withval" != "xno" ; then 2838 if test "x$openssl" = "xno" ; then 2839 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2840 fi 2841 openssl_engine=yes 2842 fi 2843 ] 2844) 2845 2846nocrypto_saved_LIBS="$LIBS" 2847if test "x$openssl" = "xyes" ; then 2848 LIBS="-lcrypto $LIBS" 2849 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2850 AC_TRY_LINK_FUNC([RAND_add], , 2851 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2852 AC_CHECK_HEADER([openssl/opensslv.h], , 2853 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2854 2855 # Determine OpenSSL header version 2856 AC_MSG_CHECKING([OpenSSL header version]) 2857 AC_RUN_IFELSE( 2858 [AC_LANG_PROGRAM([[ 2859 #include <stdlib.h> 2860 #include <stdio.h> 2861 #include <string.h> 2862 #include <openssl/opensslv.h> 2863 #define DATA "conftest.sslincver" 2864 ]], [[ 2865 FILE *fd; 2866 int rc; 2867 2868 fd = fopen(DATA,"w"); 2869 if(fd == NULL) 2870 exit(1); 2871 2872 if ((rc = fprintf(fd, "%08lx (%s)\n", 2873 (unsigned long)OPENSSL_VERSION_NUMBER, 2874 OPENSSL_VERSION_TEXT)) < 0) 2875 exit(1); 2876 2877 exit(0); 2878 ]])], 2879 [ 2880 ssl_header_ver=`cat conftest.sslincver` 2881 AC_MSG_RESULT([$ssl_header_ver]) 2882 ], 2883 [ 2884 AC_MSG_RESULT([failed]) 2885 AC_MSG_ERROR([OpenSSL version test program failed.]) 2886 ], 2887 [ 2888 AC_MSG_WARN([cross compiling: not checking]) 2889 ] 2890 ) 2891 2892 # Determining OpenSSL library version is version dependent. 2893 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2894 2895 # Determine OpenSSL library version 2896 AC_MSG_CHECKING([OpenSSL library version]) 2897 AC_RUN_IFELSE( 2898 [AC_LANG_PROGRAM([[ 2899 #include <stdio.h> 2900 #include <stdlib.h> 2901 #include <string.h> 2902 #include <openssl/opensslv.h> 2903 #include <openssl/crypto.h> 2904 #define DATA "conftest.ssllibver" 2905 ]], [[ 2906 FILE *f; 2907 /* We need these legacy bits to warn for old libcrypto */ 2908 #ifndef OPENSSL_VERSION 2909 # define OPENSSL_VERSION SSLEAY_VERSION 2910 #endif 2911 #ifndef HAVE_OPENSSL_VERSION 2912 # define OpenSSL_version SSLeay_version 2913 #endif 2914 #ifndef HAVE_OPENSSL_VERSION_NUM 2915 # define OpenSSL_version_num SSLeay 2916 #endif 2917 if ((f = fopen(DATA, "w")) == NULL) 2918 exit(1); 2919 if (fprintf(f, "%08lx (%s)", 2920 (unsigned long)OpenSSL_version_num(), 2921 OpenSSL_version(OPENSSL_VERSION)) < 0) 2922 exit(1); 2923#ifdef LIBRESSL_VERSION_NUMBER 2924 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) 2925 exit(1); 2926#endif 2927 if (fputc('\n', f) == EOF || fclose(f) == EOF) 2928 exit(1); 2929 exit(0); 2930 ]])], 2931 [ 2932 sslver=`cat conftest.ssllibver` 2933 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` 2934 # Check version is supported. 2935 case "$sslver" in 2936 100*|10100*) # 1.0.x, 1.1.0x 2937 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) 2938 ;; 2939 101*) ;; # 1.1.x 2940 200*) # LibreSSL 2941 lver=`echo "$sslver" | sed 's/.*libressl-//'` 2942 case "$lver" in 2943 2*|300*) # 2.x, 3.0.0 2944 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) 2945 ;; 2946 *) ;; # Assume all other versions are good. 2947 esac 2948 ;; 2949 30*) 2950 # OpenSSL 3; we use the 1.1x API 2951 # https://openssl.org/policies/general/versioning-policy.html 2952 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2953 ;; 2954 *) 2955 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) 2956 ;; 2957 esac 2958 AC_MSG_RESULT([$ssl_showver]) 2959 ], 2960 [ 2961 AC_MSG_RESULT([not found]) 2962 AC_MSG_ERROR([OpenSSL library not found.]) 2963 ], 2964 [ 2965 AC_MSG_WARN([cross compiling: not checking]) 2966 ] 2967 ) 2968 2969 case "$host" in 2970 x86_64-*) 2971 case "$sslver" in 2972 3000004*) 2973 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2974 ;; 2975 esac 2976 esac 2977 2978 # Sanity check OpenSSL headers 2979 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2980 AC_RUN_IFELSE( 2981 [AC_LANG_PROGRAM([[ 2982 #include <stdlib.h> 2983 #include <string.h> 2984 #include <openssl/opensslv.h> 2985 #include <openssl/crypto.h> 2986 ]], [[ 2987 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2988 ]])], 2989 [ 2990 AC_MSG_RESULT([yes]) 2991 ], 2992 [ 2993 AC_MSG_RESULT([no]) 2994 if test "x$openssl_check_nonfatal" = "x"; then 2995 AC_MSG_ERROR([Your OpenSSL headers do not match your 2996 library. Check config.log for details. 2997 If you are sure your installation is consistent, you can disable the check 2998 by running "./configure --without-openssl-header-check". 2999 Also see contrib/findssl.sh for help identifying header/library mismatches. 3000 ]) 3001 else 3002 AC_MSG_WARN([Your OpenSSL headers do not match your 3003 library. Check config.log for details. 3004 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 3005 fi 3006 ], 3007 [ 3008 AC_MSG_WARN([cross compiling: not checking]) 3009 ] 3010 ) 3011 3012 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 3013 AC_LINK_IFELSE( 3014 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3015 [[ ERR_load_crypto_strings(); ]])], 3016 [ 3017 AC_MSG_RESULT([yes]) 3018 ], 3019 [ 3020 AC_MSG_RESULT([no]) 3021 LIBS="$LIBS -ldl" 3022 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 3023 AC_LINK_IFELSE( 3024 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 3025 [[ ERR_load_crypto_strings(); ]])], 3026 [ 3027 AC_MSG_RESULT([yes]) 3028 CHANNELLIBS="$CHANNELLIBS -ldl" 3029 ], 3030 [ 3031 AC_MSG_RESULT([no]) 3032 ] 3033 ) 3034 ] 3035 ) 3036 3037 AC_CHECK_FUNCS([ \ 3038 BN_is_prime_ex \ 3039 DES_crypt \ 3040 DSA_generate_parameters_ex \ 3041 EVP_DigestSign \ 3042 EVP_DigestVerify \ 3043 EVP_DigestFinal_ex \ 3044 EVP_DigestInit_ex \ 3045 EVP_MD_CTX_cleanup \ 3046 EVP_MD_CTX_copy_ex \ 3047 EVP_MD_CTX_init \ 3048 HMAC_CTX_init \ 3049 RSA_generate_key_ex \ 3050 RSA_get_default_method \ 3051 ]) 3052 3053 # OpenSSL_add_all_algorithms may be a macro. 3054 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 3055 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 3056 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 3057 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 3058 [[#include <openssl/evp.h>]] 3059 ) 3060 ) 3061 3062 # LibreSSL/OpenSSL API differences 3063 AC_CHECK_FUNCS([ \ 3064 EVP_CIPHER_CTX_iv \ 3065 EVP_CIPHER_CTX_iv_noconst \ 3066 EVP_CIPHER_CTX_get_iv \ 3067 EVP_CIPHER_CTX_get_updated_iv \ 3068 EVP_CIPHER_CTX_set_iv \ 3069 ]) 3070 3071 if test "x$openssl_engine" = "xyes" ; then 3072 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3073 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3074 #include <openssl/engine.h> 3075 ]], [[ 3076 ENGINE_load_builtin_engines(); 3077 ENGINE_register_all_complete(); 3078 ]])], 3079 [ AC_MSG_RESULT([yes]) 3080 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3081 [Enable OpenSSL engine support]) 3082 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3083 ]) 3084 fi 3085 3086 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3087 AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256]) 3088 AC_LINK_IFELSE( 3089 [AC_LANG_PROGRAM([[ 3090 #include <stdlib.h> 3091 #include <string.h> 3092 #include <openssl/evp.h> 3093 ]], [[ 3094 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3095 ]])], 3096 [ 3097 AC_MSG_RESULT([no]) 3098 ], 3099 [ 3100 AC_MSG_RESULT([yes]) 3101 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3102 [libcrypto is missing AES 192 and 256 bit functions]) 3103 ] 3104 ) 3105 3106 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3107 AC_LINK_IFELSE( 3108 [AC_LANG_PROGRAM([[ 3109 #include <stdlib.h> 3110 #include <string.h> 3111 #include <openssl/evp.h> 3112 ]], [[ 3113 if(EVP_DigestUpdate(NULL, NULL,0)) 3114 exit(0); 3115 ]])], 3116 [ 3117 AC_MSG_RESULT([yes]) 3118 ], 3119 [ 3120 AC_MSG_RESULT([no]) 3121 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3122 [Define if EVP_DigestUpdate returns void]) 3123 ] 3124 ) 3125 3126 # Check for various EVP support in OpenSSL 3127 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) 3128 3129 # Check complete ECC support in OpenSSL 3130 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3131 AC_LINK_IFELSE( 3132 [AC_LANG_PROGRAM([[ 3133 #include <openssl/ec.h> 3134 #include <openssl/ecdh.h> 3135 #include <openssl/ecdsa.h> 3136 #include <openssl/evp.h> 3137 #include <openssl/objects.h> 3138 #include <openssl/opensslv.h> 3139 ]], [[ 3140 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3141 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3142 ]])], 3143 [ AC_MSG_RESULT([yes]) 3144 enable_nistp256=1 ], 3145 [ AC_MSG_RESULT([no]) ] 3146 ) 3147 3148 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3149 AC_LINK_IFELSE( 3150 [AC_LANG_PROGRAM([[ 3151 #include <openssl/ec.h> 3152 #include <openssl/ecdh.h> 3153 #include <openssl/ecdsa.h> 3154 #include <openssl/evp.h> 3155 #include <openssl/objects.h> 3156 #include <openssl/opensslv.h> 3157 ]], [[ 3158 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3159 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3160 ]])], 3161 [ AC_MSG_RESULT([yes]) 3162 enable_nistp384=1 ], 3163 [ AC_MSG_RESULT([no]) ] 3164 ) 3165 3166 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3167 AC_LINK_IFELSE( 3168 [AC_LANG_PROGRAM([[ 3169 #include <openssl/ec.h> 3170 #include <openssl/ecdh.h> 3171 #include <openssl/ecdsa.h> 3172 #include <openssl/evp.h> 3173 #include <openssl/objects.h> 3174 #include <openssl/opensslv.h> 3175 ]], [[ 3176 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3177 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3178 ]])], 3179 [ AC_MSG_RESULT([yes]) 3180 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3181 AC_RUN_IFELSE( 3182 [AC_LANG_PROGRAM([[ 3183 #include <stdlib.h> 3184 #include <openssl/ec.h> 3185 #include <openssl/ecdh.h> 3186 #include <openssl/ecdsa.h> 3187 #include <openssl/evp.h> 3188 #include <openssl/objects.h> 3189 #include <openssl/opensslv.h> 3190 ]],[[ 3191 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3192 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3193 exit(e == NULL || m == NULL); 3194 ]])], 3195 [ AC_MSG_RESULT([yes]) 3196 enable_nistp521=1 ], 3197 [ AC_MSG_RESULT([no]) ], 3198 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3199 enable_nistp521=1 ] 3200 )], 3201 AC_MSG_RESULT([no]) 3202 ) 3203 3204 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3205 test x$enable_nistp521 = x1; then 3206 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3207 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3208 openssl_ecc=yes 3209 else 3210 openssl_ecc=no 3211 fi 3212 if test x$enable_nistp256 = x1; then 3213 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3214 [libcrypto has NID_X9_62_prime256v1]) 3215 else 3216 unsupported_algorithms="$unsupported_algorithms \ 3217 ecdsa-sha2-nistp256 \ 3218 ecdh-sha2-nistp256 \ 3219 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3220 fi 3221 if test x$enable_nistp384 = x1; then 3222 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3223 else 3224 unsupported_algorithms="$unsupported_algorithms \ 3225 ecdsa-sha2-nistp384 \ 3226 ecdh-sha2-nistp384 \ 3227 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3228 fi 3229 if test x$enable_nistp521 = x1; then 3230 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3231 else 3232 unsupported_algorithms="$unsupported_algorithms \ 3233 ecdh-sha2-nistp521 \ 3234 ecdsa-sha2-nistp521 \ 3235 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3236 fi 3237 3238 # Check libcrypto ED25519 support 3239 AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key]) 3240 AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key]) 3241 AC_MSG_CHECKING([whether OpenSSL has ED25519 support]) 3242 AC_LINK_IFELSE( 3243 [AC_LANG_PROGRAM([[ 3244 #include <string.h> 3245 #include <openssl/evp.h> 3246 ]], [[ 3247 unsigned char buf[64]; 3248 memset(buf, 0, sizeof(buf)); 3249 exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL, 3250 buf, sizeof(buf)) == NULL); 3251 ]])], 3252 [ 3253 AC_MSG_RESULT([yes]) 3254 AC_DEFINE([OPENSSL_HAS_ED25519], [1], 3255 [libcrypto has ed25519 support]) 3256 ], 3257 [ 3258 AC_MSG_RESULT([no]) 3259 ] 3260 ) 3261 3262 openssl_dsa=no 3263 if test ! -z "$enable_dsa" ; then 3264 AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [ 3265 AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [], 3266 [ openssl_dsa=yes ], 3267 [ #include <openssl/opensslconf.h> ] 3268 ) 3269 ], 3270 [ #include <openssl/opensslconf.h> ] 3271 ) 3272 AC_MSG_CHECKING([whether to enable DSA key support]) 3273 if test "x$openssl_dsa" = "xno"; then 3274 AC_MSG_ERROR([DSA requested but not supported by OpenSSL]) 3275 else 3276 AC_MSG_RESULT([yes]) 3277 AC_DEFINE([WITH_DSA], [1], 3278 [DSA keys explicitly enabled]) 3279 fi 3280 fi 3281fi 3282 3283# PKCS11/U2F depend on OpenSSL and dlopen(). 3284enable_pkcs11=yes 3285enable_sk=yes 3286if test "x$openssl" != "xyes" ; then 3287 enable_pkcs11="disabled; missing libcrypto" 3288fi 3289if test "x$ac_cv_func_dlopen" != "xyes" ; then 3290 enable_pkcs11="disabled; missing dlopen(3)" 3291 enable_sk="disabled; missing dlopen(3)" 3292fi 3293if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3294 enable_pkcs11="disabled; missing RTLD_NOW" 3295 enable_sk="disabled; missing RTLD_NOW" 3296fi 3297if test ! -z "$disable_pkcs11" ; then 3298 enable_pkcs11="disabled by user" 3299fi 3300if test ! -z "$disable_sk" ; then 3301 enable_sk="disabled by user" 3302fi 3303 3304AC_MSG_CHECKING([whether to enable PKCS11]) 3305if test "x$enable_pkcs11" = "xyes" ; then 3306 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3307fi 3308AC_MSG_RESULT([$enable_pkcs11]) 3309 3310AC_MSG_CHECKING([whether to enable U2F]) 3311if test "x$enable_sk" = "xyes" ; then 3312 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3313 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3314else 3315 # Do not try to build sk-dummy library. 3316 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3317fi 3318AC_MSG_RESULT([$enable_sk]) 3319 3320# Now check for built-in security key support. 3321if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3322 use_pkgconfig_for_libfido2= 3323 if test "x$PKGCONFIG" != "xno"; then 3324 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3325 if "$PKGCONFIG" libfido2; then 3326 AC_MSG_RESULT([yes]) 3327 use_pkgconfig_for_libfido2=yes 3328 else 3329 AC_MSG_RESULT([no]) 3330 fi 3331 fi 3332 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3333 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3334 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3335 else 3336 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3337 fi 3338 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3339 fido2_error= 3340 AC_CHECK_LIB([privatefido2], [fido_init], 3341 [ ], 3342 [ fido2_error="missing/unusable libfido2" ], 3343 [ $OTHERLIBS ] 3344 ) 3345 AC_CHECK_HEADER([fido.h], [], 3346 [ fido2_error="missing fido.h from libfido2" ]) 3347 AC_CHECK_HEADER([fido/credman.h], [], 3348 [ fido2_error="missing fido/credman.h from libfido2" ], 3349 [ #include <fido.h> ] 3350 ) 3351 AC_MSG_CHECKING([for usable libfido2 installation]) 3352 if test ! -z "$fido2_error" ; then 3353 AC_MSG_RESULT([$fido2_error]) 3354 if test "x$enable_sk_internal" = "xyes" ; then 3355 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3356 fi 3357 LIBFIDO2="" 3358 else 3359 AC_MSG_RESULT([yes]) 3360 AC_SUBST([LIBFIDO2]) 3361 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3362 [Enable for built-in U2F/FIDO support]) 3363 enable_sk="built-in" 3364 saved_LIBS="$LIBS" 3365 LIBS="$LIBFIDO2 $LIBS" 3366 AC_CHECK_FUNCS([ \ 3367 fido_assert_set_clientdata \ 3368 fido_cred_prot \ 3369 fido_cred_set_prot \ 3370 fido_cred_set_clientdata \ 3371 fido_dev_get_touch_begin \ 3372 fido_dev_get_touch_status \ 3373 fido_dev_supports_cred_prot \ 3374 fido_dev_is_winhello \ 3375 ]) 3376 LIBS="$saved_LIBS" 3377 fi 3378fi 3379 3380AC_CHECK_FUNCS([ \ 3381 arc4random \ 3382 arc4random_buf \ 3383 arc4random_stir \ 3384 arc4random_uniform \ 3385]) 3386### Configure cryptographic random number support 3387 3388# Check whether OpenSSL seeds itself 3389if test "x$openssl" = "xyes" ; then 3390 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3391 AC_RUN_IFELSE( 3392 [AC_LANG_PROGRAM([[ 3393 #include <stdlib.h> 3394 #include <string.h> 3395 #include <openssl/rand.h> 3396 ]], [[ 3397 exit(RAND_status() == 1 ? 0 : 1); 3398 ]])], 3399 [ 3400 OPENSSL_SEEDS_ITSELF=yes 3401 AC_MSG_RESULT([yes]) 3402 ], 3403 [ 3404 AC_MSG_RESULT([no]) 3405 ], 3406 [ 3407 AC_MSG_WARN([cross compiling: assuming yes]) 3408 # This is safe, since we will fatal() at runtime if 3409 # OpenSSL is not seeded correctly. 3410 OPENSSL_SEEDS_ITSELF=yes 3411 ] 3412 ) 3413fi 3414 3415# PRNGD TCP socket 3416AC_ARG_WITH([prngd-port], 3417 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3418 [ 3419 case "$withval" in 3420 no) 3421 withval="" 3422 ;; 3423 [[0-9]]*) 3424 ;; 3425 *) 3426 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3427 ;; 3428 esac 3429 if test ! -z "$withval" ; then 3430 PRNGD_PORT="$withval" 3431 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3432 [Port number of PRNGD/EGD random number socket]) 3433 fi 3434 ] 3435) 3436 3437# PRNGD Unix domain socket 3438AC_ARG_WITH([prngd-socket], 3439 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3440 [ 3441 case "$withval" in 3442 yes) 3443 withval="/var/run/egd-pool" 3444 ;; 3445 no) 3446 withval="" 3447 ;; 3448 /*) 3449 ;; 3450 *) 3451 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3452 ;; 3453 esac 3454 3455 if test ! -z "$withval" ; then 3456 if test ! -z "$PRNGD_PORT" ; then 3457 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3458 fi 3459 if test ! -r "$withval" ; then 3460 AC_MSG_WARN([Entropy socket is not readable]) 3461 fi 3462 PRNGD_SOCKET="$withval" 3463 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3464 [Location of PRNGD/EGD random number socket]) 3465 fi 3466 ], 3467 [ 3468 # Check for existing socket only if we don't have a random device already 3469 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3470 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3471 # Insert other locations here 3472 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3473 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3474 PRNGD_SOCKET="$sock" 3475 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3476 break; 3477 fi 3478 done 3479 if test ! -z "$PRNGD_SOCKET" ; then 3480 AC_MSG_RESULT([$PRNGD_SOCKET]) 3481 else 3482 AC_MSG_RESULT([not found]) 3483 fi 3484 fi 3485 ] 3486) 3487 3488# Which randomness source do we use? 3489if test ! -z "$PRNGD_PORT" ; then 3490 RAND_MSG="PRNGd port $PRNGD_PORT" 3491elif test ! -z "$PRNGD_SOCKET" ; then 3492 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3493elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3494 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3495 [Define if you want the OpenSSL internally seeded PRNG only]) 3496 RAND_MSG="OpenSSL internal ONLY" 3497elif test "x$openssl" = "xno" ; then 3498 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3499else 3500 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3501fi 3502LIBS="$nocrypto_saved_LIBS" 3503 3504saved_LIBS="$LIBS" 3505AC_CHECK_LIB([iaf], [ia_openinfo], [ 3506 LIBS="$LIBS -liaf" 3507 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3508 AC_DEFINE([HAVE_LIBIAF], [1], 3509 [Define if system has libiaf that supports set_id]) 3510 ]) 3511]) 3512LIBS="$saved_LIBS" 3513 3514# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3515saved_LIBS="$LIBS" 3516AC_CHECK_LIB([crypt], [crypt], [ 3517 LIBS="-lcrypt $LIBS" 3518 SSHDLIBS="-lcrypt $SSHDLIBS" 3519]) 3520AC_CHECK_FUNCS([crypt]) 3521LIBS="$saved_LIBS" 3522 3523# Check for PAM libs 3524PAM_MSG="no" 3525AC_ARG_WITH([pam], 3526 [ --with-pam Enable PAM support ], 3527 [ 3528 if test "x$withval" != "xno" ; then 3529 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3530 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3531 AC_MSG_ERROR([PAM headers not found]) 3532 fi 3533 3534 saved_LIBS="$LIBS" 3535 AC_CHECK_LIB([dl], [dlopen], , ) 3536 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3537 AC_CHECK_FUNCS([pam_getenvlist]) 3538 AC_CHECK_FUNCS([pam_putenv]) 3539 LIBS="$saved_LIBS" 3540 3541 PAM_MSG="yes" 3542 3543 SSHDLIBS="$SSHDLIBS -lpam" 3544 AC_DEFINE([USE_PAM], [1], 3545 [Define if you want to enable PAM support]) 3546 3547 if test $ac_cv_lib_dl_dlopen = yes; then 3548 case "$LIBS" in 3549 *-ldl*) 3550 # libdl already in LIBS 3551 ;; 3552 *) 3553 SSHDLIBS="$SSHDLIBS -ldl" 3554 ;; 3555 esac 3556 fi 3557 fi 3558 ] 3559) 3560 3561AC_ARG_WITH([pam-service], 3562 [ --with-pam-service=name Specify PAM service name ], 3563 [ 3564 if test "x$withval" != "xno" && \ 3565 test "x$withval" != "xyes" ; then 3566 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3567 ["$withval"], [sshd PAM service name]) 3568 fi 3569 ] 3570) 3571 3572# Check for older PAM 3573if test "x$PAM_MSG" = "xyes" ; then 3574 # Check PAM strerror arguments (old PAM) 3575 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3576 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3577#include <stdlib.h> 3578#if defined(HAVE_SECURITY_PAM_APPL_H) 3579#include <security/pam_appl.h> 3580#elif defined (HAVE_PAM_PAM_APPL_H) 3581#include <pam/pam_appl.h> 3582#endif 3583 ]], [[ 3584(void)pam_strerror((pam_handle_t *)NULL, -1); 3585 ]])], [AC_MSG_RESULT([no])], [ 3586 AC_DEFINE([HAVE_OLD_PAM], [1], 3587 [Define if you have an old version of PAM 3588 which takes only one argument to pam_strerror]) 3589 AC_MSG_RESULT([yes]) 3590 PAM_MSG="yes (old library)" 3591 3592 ]) 3593fi 3594 3595case "$host" in 3596*-*-cygwin*) 3597 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3598 ;; 3599*) 3600 SSH_PRIVSEP_USER=sshd 3601 ;; 3602esac 3603AC_ARG_WITH([privsep-user], 3604 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3605 [ 3606 if test -n "$withval" && test "x$withval" != "xno" && \ 3607 test "x${withval}" != "xyes"; then 3608 SSH_PRIVSEP_USER=$withval 3609 fi 3610 ] 3611) 3612if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3613 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3614 [Cygwin function to fetch non-privileged user for privilege separation]) 3615else 3616 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3617 [non-privileged user for privilege separation]) 3618fi 3619AC_SUBST([SSH_PRIVSEP_USER]) 3620 3621if test "x$have_linux_no_new_privs" = "x1" ; then 3622AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3623 #include <sys/types.h> 3624 #include <linux/seccomp.h> 3625]) 3626fi 3627if test "x$have_seccomp_filter" = "x1" ; then 3628AC_MSG_CHECKING([kernel for seccomp_filter support]) 3629AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3630 #include <errno.h> 3631 #include <elf.h> 3632 #include <linux/audit.h> 3633 #include <linux/seccomp.h> 3634 #include <stdlib.h> 3635 #include <sys/prctl.h> 3636 ]], 3637 [[ int i = $seccomp_audit_arch; 3638 errno = 0; 3639 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3640 exit(errno == EFAULT ? 0 : 1); ]])], 3641 [ AC_MSG_RESULT([yes]) ], [ 3642 AC_MSG_RESULT([no]) 3643 # Disable seccomp filter as a target 3644 have_seccomp_filter=0 3645 ] 3646) 3647fi 3648 3649AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3650#include <sys/types.h> 3651#ifdef HAVE_POLL_H 3652#include <poll.h> 3653#endif 3654#ifdef HAVE_SYS_POLL_H 3655#include <sys/poll.h> 3656#endif 3657]]) 3658 3659AC_CHECK_TYPES([nfds_t], , , [ 3660#include <sys/types.h> 3661#ifdef HAVE_POLL_H 3662#include <poll.h> 3663#endif 3664#ifdef HAVE_SYS_POLL_H 3665#include <sys/poll.h> 3666#endif 3667]) 3668 3669# Decide which sandbox style to use 3670sandbox_arg="" 3671AC_ARG_WITH([sandbox], 3672 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3673 [ 3674 if test "x$withval" = "xyes" ; then 3675 sandbox_arg="" 3676 else 3677 sandbox_arg="$withval" 3678 fi 3679 ] 3680) 3681 3682if test "x$sandbox_arg" != "xno"; then 3683# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3684# is greater than OPEN_MAX". On some platforms that includes implementions 3685# of select in userspace on top of poll() so check both work with rlimit 3686# NOFILES so check that both work before enabling the rlimit sandbox. 3687 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3688 AC_RUN_IFELSE( 3689 [AC_LANG_PROGRAM([[ 3690#include <sys/types.h> 3691#ifdef HAVE_SYS_TIME_H 3692# include <sys/time.h> 3693#endif 3694#include <sys/resource.h> 3695#ifdef HAVE_SYS_SELECT_H 3696# include <sys/select.h> 3697#endif 3698#ifdef HAVE_POLL_H 3699# include <poll.h> 3700#elif HAVE_SYS_POLL_H 3701# include <sys/poll.h> 3702#endif 3703#include <errno.h> 3704#include <fcntl.h> 3705#include <stdlib.h> 3706 ]],[[ 3707 struct rlimit rl_zero; 3708 int fd, r; 3709 fd_set fds; 3710 struct timeval tv; 3711#ifdef HAVE_POLL 3712 struct pollfd pfd; 3713#endif 3714 3715 fd = open("/dev/null", O_RDONLY); 3716 FD_ZERO(&fds); 3717 FD_SET(fd, &fds); 3718 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3719 setrlimit(RLIMIT_FSIZE, &rl_zero); 3720 setrlimit(RLIMIT_NOFILE, &rl_zero); 3721 tv.tv_sec = 1; 3722 tv.tv_usec = 0; 3723 r = select(fd+1, &fds, NULL, NULL, &tv); 3724 if (r == -1) 3725 exit(1); 3726#ifdef HAVE_POLL 3727 pfd.fd = fd; 3728 pfd.events = POLLIN; 3729 r = poll(&pfd, 1, 1); 3730 if (r == -1) 3731 exit(2); 3732#endif 3733 exit(0); 3734 ]])], 3735 [AC_MSG_RESULT([yes]) 3736 select_works_with_rlimit=yes], 3737 [AC_MSG_RESULT([no]) 3738 select_works_with_rlimit=no], 3739 [AC_MSG_WARN([cross compiling: assuming no]) 3740 select_works_with_rlimit=no] 3741 ) 3742 3743 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3744 AC_RUN_IFELSE( 3745 [AC_LANG_PROGRAM([[ 3746#include <sys/types.h> 3747#ifdef HAVE_SYS_TIME_H 3748# include <sys/time.h> 3749#endif 3750#include <sys/resource.h> 3751#include <errno.h> 3752#include <stdlib.h> 3753 ]],[[ 3754 struct rlimit rl_zero; 3755 int r; 3756 3757 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3758 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3759 exit (r == -1 ? 1 : 0); 3760 ]])], 3761 [AC_MSG_RESULT([yes]) 3762 rlimit_nofile_zero_works=yes], 3763 [AC_MSG_RESULT([no]) 3764 rlimit_nofile_zero_works=no], 3765 [AC_MSG_WARN([cross compiling: assuming yes]) 3766 rlimit_nofile_zero_works=yes] 3767 ) 3768 3769 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3770 AC_RUN_IFELSE( 3771 [AC_LANG_PROGRAM([[ 3772#include <sys/types.h> 3773#include <sys/resource.h> 3774#include <stdlib.h> 3775 ]],[[ 3776 struct rlimit rl_zero; 3777 3778 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3779 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3780 ]])], 3781 [AC_MSG_RESULT([yes])], 3782 [AC_MSG_RESULT([no]) 3783 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3784 [setrlimit RLIMIT_FSIZE works])], 3785 [AC_MSG_WARN([cross compiling: assuming yes])] 3786 ) 3787fi 3788 3789if test "x$sandbox_arg" = "xpledge" || \ 3790 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3791 test "x$ac_cv_func_pledge" != "xyes" && \ 3792 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3793 SANDBOX_STYLE="pledge" 3794 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3795elif test "x$sandbox_arg" = "xsystrace" || \ 3796 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3797 test "x$have_systr_policy_kill" != "x1" && \ 3798 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3799 SANDBOX_STYLE="systrace" 3800 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3801elif test "x$sandbox_arg" = "xdarwin" || \ 3802 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3803 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3804 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3805 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3806 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3807 SANDBOX_STYLE="darwin" 3808 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3809elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3810 ( test -z "$sandbox_arg" && \ 3811 test "x$have_seccomp_filter" = "x1" && \ 3812 test "x$ac_cv_header_elf_h" = "xyes" && \ 3813 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3814 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3815 test "x$seccomp_audit_arch" != "x" && \ 3816 test "x$have_linux_no_new_privs" = "x1" && \ 3817 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3818 test "x$seccomp_audit_arch" = "x" && \ 3819 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3820 test "x$have_linux_no_new_privs" != "x1" && \ 3821 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3822 test "x$have_seccomp_filter" != "x1" && \ 3823 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3824 test "x$ac_cv_func_prctl" != "xyes" && \ 3825 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3826 SANDBOX_STYLE="seccomp_filter" 3827 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3828elif test "x$sandbox_arg" = "xcapsicum" || \ 3829 ( test -z "$sandbox_arg" && \ 3830 test "x$disable_capsicum" != "xyes" && \ 3831 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3832 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3833 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3834 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3835 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3836 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3837 SANDBOX_STYLE="capsicum" 3838 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3839elif test "x$sandbox_arg" = "xrlimit" || \ 3840 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3841 test "x$select_works_with_rlimit" = "xyes" && \ 3842 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3843 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3844 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3845 test "x$select_works_with_rlimit" != "xyes" && \ 3846 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3847 SANDBOX_STYLE="rlimit" 3848 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3849elif test "x$sandbox_arg" = "xsolaris" || \ 3850 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3851 SANDBOX_STYLE="solaris" 3852 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3853elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3854 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3855 SANDBOX_STYLE="none" 3856 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3857else 3858 AC_MSG_ERROR([unsupported --with-sandbox]) 3859fi 3860 3861# Cheap hack to ensure NEWS-OS libraries are arranged right. 3862if test ! -z "$SONY" ; then 3863 LIBS="$LIBS -liberty"; 3864fi 3865 3866# Check for long long datatypes 3867AC_CHECK_TYPES([long long, unsigned long long, long double]) 3868 3869# Check datatype sizes 3870AC_CHECK_SIZEOF([short int]) 3871AC_CHECK_SIZEOF([int]) 3872AC_CHECK_SIZEOF([long int]) 3873AC_CHECK_SIZEOF([long long int]) 3874AC_CHECK_SIZEOF([time_t], [], [[ 3875 #include <sys/types.h> 3876 #ifdef HAVE_SYS_TIME_H 3877 # include <sys/time.h> 3878 #endif 3879 #ifdef HAVE_TIME_H 3880 # include <time.h> 3881 #endif 3882 ]] 3883) 3884 3885# Sanity check long long for some platforms (AIX) 3886if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3887 ac_cv_sizeof_long_long_int=0 3888fi 3889 3890# compute LLONG_MIN and LLONG_MAX if we don't know them. 3891if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3892 AC_MSG_CHECKING([for max value of long long]) 3893 AC_RUN_IFELSE( 3894 [AC_LANG_PROGRAM([[ 3895#include <stdio.h> 3896#include <stdlib.h> 3897/* Why is this so damn hard? */ 3898#ifdef __GNUC__ 3899# undef __GNUC__ 3900#endif 3901#define __USE_ISOC99 3902#include <limits.h> 3903#define DATA "conftest.llminmax" 3904#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3905 3906/* 3907 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3908 * we do this the hard way. 3909 */ 3910static int 3911fprint_ll(FILE *f, long long n) 3912{ 3913 unsigned int i; 3914 int l[sizeof(long long) * 8]; 3915 3916 if (n < 0) 3917 if (fprintf(f, "-") < 0) 3918 return -1; 3919 for (i = 0; n != 0; i++) { 3920 l[i] = my_abs(n % 10); 3921 n /= 10; 3922 } 3923 do { 3924 if (fprintf(f, "%d", l[--i]) < 0) 3925 return -1; 3926 } while (i != 0); 3927 if (fprintf(f, " ") < 0) 3928 return -1; 3929 return 0; 3930} 3931 ]], [[ 3932 FILE *f; 3933 long long i, llmin, llmax = 0; 3934 3935 if((f = fopen(DATA,"w")) == NULL) 3936 exit(1); 3937 3938#if defined(LLONG_MIN) && defined(LLONG_MAX) 3939 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3940 llmin = LLONG_MIN; 3941 llmax = LLONG_MAX; 3942#else 3943 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3944 /* This will work on one's complement and two's complement */ 3945 for (i = 1; i > llmax; i <<= 1, i++) 3946 llmax = i; 3947 llmin = llmax + 1LL; /* wrap */ 3948#endif 3949 3950 /* Sanity check */ 3951 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3952 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3953 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3954 fprintf(f, "unknown unknown\n"); 3955 exit(2); 3956 } 3957 3958 if (fprint_ll(f, llmin) < 0) 3959 exit(3); 3960 if (fprint_ll(f, llmax) < 0) 3961 exit(4); 3962 if (fclose(f) < 0) 3963 exit(5); 3964 exit(0); 3965 ]])], 3966 [ 3967 llong_min=`$AWK '{print $1}' conftest.llminmax` 3968 llong_max=`$AWK '{print $2}' conftest.llminmax` 3969 3970 AC_MSG_RESULT([$llong_max]) 3971 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3972 [max value of long long calculated by configure]) 3973 AC_MSG_CHECKING([for min value of long long]) 3974 AC_MSG_RESULT([$llong_min]) 3975 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3976 [min value of long long calculated by configure]) 3977 ], 3978 [ 3979 AC_MSG_RESULT([not found]) 3980 ], 3981 [ 3982 AC_MSG_WARN([cross compiling: not checking]) 3983 ] 3984 ) 3985fi 3986 3987AC_CHECK_DECLS([UINT32_MAX], , , [[ 3988#ifdef HAVE_SYS_LIMITS_H 3989# include <sys/limits.h> 3990#endif 3991#ifdef HAVE_LIMITS_H 3992# include <limits.h> 3993#endif 3994#ifdef HAVE_STDINT_H 3995# include <stdint.h> 3996#endif 3997]]) 3998 3999# More checks for data types 4000AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 4001 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4002 [[ u_int a; a = 1;]])], 4003 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 4004 ]) 4005]) 4006if test "x$ac_cv_have_u_int" = "xyes" ; then 4007 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 4008 have_u_int=1 4009fi 4010 4011AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 4012 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4013 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 4014 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 4015 ]) 4016]) 4017if test "x$ac_cv_have_intxx_t" = "xyes" ; then 4018 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 4019 have_intxx_t=1 4020fi 4021 4022if (test -z "$have_intxx_t" && \ 4023 test "x$ac_cv_header_stdint_h" = "xyes") 4024then 4025 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 4026 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4027 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 4028 [ 4029 AC_DEFINE([HAVE_INTXX_T]) 4030 AC_MSG_RESULT([yes]) 4031 ], [ AC_MSG_RESULT([no]) 4032 ]) 4033fi 4034 4035AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 4036 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4037#include <sys/types.h> 4038#ifdef HAVE_STDINT_H 4039# include <stdint.h> 4040#endif 4041#include <sys/socket.h> 4042#ifdef HAVE_SYS_BITYPES_H 4043# include <sys/bitypes.h> 4044#endif 4045 ]], [[ 4046int64_t a; a = 1; 4047 ]])], 4048 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 4049 ]) 4050]) 4051if test "x$ac_cv_have_int64_t" = "xyes" ; then 4052 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 4053fi 4054 4055AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 4056 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4057 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4058 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 4059 ]) 4060]) 4061if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 4062 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 4063 have_u_intxx_t=1 4064fi 4065 4066if test -z "$have_u_intxx_t" ; then 4067 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 4068 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 4069 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4070 [ 4071 AC_DEFINE([HAVE_U_INTXX_T]) 4072 AC_MSG_RESULT([yes]) 4073 ], [ AC_MSG_RESULT([no]) 4074 ]) 4075fi 4076 4077AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4078 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4079 [[ u_int64_t a; a = 1;]])], 4080 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4081 ]) 4082]) 4083if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4084 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4085 have_u_int64_t=1 4086fi 4087 4088if (test -z "$have_u_int64_t" && \ 4089 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4090then 4091 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4092 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4093 [[ u_int64_t a; a = 1]])], 4094 [ 4095 AC_DEFINE([HAVE_U_INT64_T]) 4096 AC_MSG_RESULT([yes]) 4097 ], [ AC_MSG_RESULT([no]) 4098 ]) 4099fi 4100 4101if test -z "$have_u_intxx_t" ; then 4102 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4103 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4104#include <sys/types.h> 4105 ]], [[ 4106 uint8_t a; 4107 uint16_t b; 4108 uint32_t c; 4109 a = b = c = 1; 4110 ]])], 4111 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4112 ]) 4113 ]) 4114 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4115 AC_DEFINE([HAVE_UINTXX_T], [1], 4116 [define if you have uintxx_t data type]) 4117 fi 4118fi 4119 4120if (test -z "$have_uintxx_t" && \ 4121 test "x$ac_cv_header_stdint_h" = "xyes") 4122then 4123 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4124 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4125 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4126 [ 4127 AC_DEFINE([HAVE_UINTXX_T]) 4128 AC_MSG_RESULT([yes]) 4129 ], [ AC_MSG_RESULT([no]) 4130 ]) 4131fi 4132 4133if (test -z "$have_uintxx_t" && \ 4134 test "x$ac_cv_header_inttypes_h" = "xyes") 4135then 4136 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4137 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4138 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4139 [ 4140 AC_DEFINE([HAVE_UINTXX_T]) 4141 AC_MSG_RESULT([yes]) 4142 ], [ AC_MSG_RESULT([no]) 4143 ]) 4144fi 4145 4146if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4147 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4148then 4149 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4150 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4151#include <sys/bitypes.h> 4152 ]], [[ 4153 int8_t a; int16_t b; int32_t c; 4154 u_int8_t e; u_int16_t f; u_int32_t g; 4155 a = b = c = e = f = g = 1; 4156 ]])], 4157 [ 4158 AC_DEFINE([HAVE_U_INTXX_T]) 4159 AC_DEFINE([HAVE_INTXX_T]) 4160 AC_MSG_RESULT([yes]) 4161 ], [AC_MSG_RESULT([no]) 4162 ]) 4163fi 4164 4165 4166AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4167 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4168 [[ u_char foo; foo = 125; ]])], 4169 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4170 ]) 4171]) 4172if test "x$ac_cv_have_u_char" = "xyes" ; then 4173 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4174fi 4175 4176AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4177#include <sys/types.h> 4178#ifdef HAVE_STDINT_H 4179# include <stdint.h> 4180#endif 4181]) 4182 4183TYPE_SOCKLEN_T 4184 4185AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4186AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4187#include <sys/types.h> 4188#ifdef HAVE_SYS_BITYPES_H 4189#include <sys/bitypes.h> 4190#endif 4191#ifdef HAVE_SYS_STATFS_H 4192#include <sys/statfs.h> 4193#endif 4194#ifdef HAVE_SYS_STATVFS_H 4195#include <sys/statvfs.h> 4196#endif 4197]) 4198 4199AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4200#include <sys/param.h> 4201#include <sys/types.h> 4202#ifdef HAVE_SYS_BITYPES_H 4203#include <sys/bitypes.h> 4204#endif 4205#ifdef HAVE_SYS_STATFS_H 4206#include <sys/statfs.h> 4207#endif 4208#ifdef HAVE_SYS_STATVFS_H 4209#include <sys/statvfs.h> 4210#endif 4211#ifdef HAVE_SYS_VFS_H 4212#include <sys/vfs.h> 4213#endif 4214#ifdef HAVE_SYS_MOUNT_H 4215#include <sys/mount.h> 4216#endif 4217]]) 4218 4219 4220AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4221[#include <sys/types.h> 4222#include <netinet/in.h>]) 4223 4224AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4225 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4226 [[ size_t foo; foo = 1235; ]])], 4227 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4228 ]) 4229]) 4230if test "x$ac_cv_have_size_t" = "xyes" ; then 4231 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4232fi 4233 4234AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4235 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4236 [[ ssize_t foo; foo = 1235; ]])], 4237 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4238 ]) 4239]) 4240if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4241 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4242fi 4243 4244AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4245 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4246 [[ clock_t foo; foo = 1235; ]])], 4247 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4248 ]) 4249]) 4250if test "x$ac_cv_have_clock_t" = "xyes" ; then 4251 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4252fi 4253 4254AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4255 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4256#include <sys/types.h> 4257#include <sys/socket.h> 4258 ]], [[ sa_family_t foo; foo = 1235; ]])], 4259 [ ac_cv_have_sa_family_t="yes" ], 4260 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4261#include <sys/types.h> 4262#include <sys/socket.h> 4263#include <netinet/in.h> 4264 ]], [[ sa_family_t foo; foo = 1235; ]])], 4265 [ ac_cv_have_sa_family_t="yes" ], 4266 [ ac_cv_have_sa_family_t="no" ] 4267 ) 4268 ]) 4269]) 4270if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4271 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4272 [define if you have sa_family_t data type]) 4273fi 4274 4275AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4276 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4277 [[ pid_t foo; foo = 1235; ]])], 4278 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4279 ]) 4280]) 4281if test "x$ac_cv_have_pid_t" = "xyes" ; then 4282 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4283fi 4284 4285AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4286 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4287 [[ mode_t foo; foo = 1235; ]])], 4288 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4289 ]) 4290]) 4291if test "x$ac_cv_have_mode_t" = "xyes" ; then 4292 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4293fi 4294 4295 4296AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4297 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4298#include <sys/types.h> 4299#include <sys/socket.h> 4300 ]], [[ struct sockaddr_storage s; ]])], 4301 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4302 [ ac_cv_have_struct_sockaddr_storage="no" 4303 ]) 4304]) 4305if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4306 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4307 [define if you have struct sockaddr_storage data type]) 4308fi 4309 4310AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4311 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4312#include <sys/types.h> 4313#include <netinet/in.h> 4314 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4315 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4316 [ ac_cv_have_struct_sockaddr_in6="no" 4317 ]) 4318]) 4319if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4320 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4321 [define if you have struct sockaddr_in6 data type]) 4322fi 4323 4324AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4325 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4326#include <sys/types.h> 4327#include <netinet/in.h> 4328 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4329 [ ac_cv_have_struct_in6_addr="yes" ], 4330 [ ac_cv_have_struct_in6_addr="no" 4331 ]) 4332]) 4333if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4334 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4335 [define if you have struct in6_addr data type]) 4336 4337dnl Now check for sin6_scope_id 4338 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4339 [ 4340#ifdef HAVE_SYS_TYPES_H 4341#include <sys/types.h> 4342#endif 4343#include <netinet/in.h> 4344 ]) 4345fi 4346 4347AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4348 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4349#include <sys/types.h> 4350#include <sys/socket.h> 4351#include <netdb.h> 4352 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4353 [ ac_cv_have_struct_addrinfo="yes" ], 4354 [ ac_cv_have_struct_addrinfo="no" 4355 ]) 4356]) 4357if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4358 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4359 [define if you have struct addrinfo data type]) 4360fi 4361 4362AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4363 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4364 [[ struct timeval tv; tv.tv_sec = 1;]])], 4365 [ ac_cv_have_struct_timeval="yes" ], 4366 [ ac_cv_have_struct_timeval="no" 4367 ]) 4368]) 4369if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4370 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4371 have_struct_timeval=1 4372fi 4373 4374AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4375 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4376 #ifdef HAVE_SYS_TIME_H 4377 # include <sys/time.h> 4378 #endif 4379 #ifdef HAVE_TIME_H 4380 # include <time.h> 4381 #endif 4382 ]], 4383 [[ struct timespec ts; ts.tv_sec = 1;]])], 4384 [ ac_cv_have_struct_timespec="yes" ], 4385 [ ac_cv_have_struct_timespec="no" 4386 ]) 4387]) 4388if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4389 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4390 have_struct_timespec=1 4391fi 4392 4393# We need int64_t or else certain parts of the compile will fail. 4394if test "x$ac_cv_have_int64_t" = "xno" && \ 4395 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4396 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4397 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4398 echo "an alternative compiler (I.E., GCC) before continuing." 4399 echo "" 4400 exit 1; 4401else 4402dnl test snprintf (broken on SCO w/gcc) 4403 AC_RUN_IFELSE( 4404 [AC_LANG_SOURCE([[ 4405#include <stdio.h> 4406#include <stdlib.h> 4407#include <string.h> 4408#ifdef HAVE_SNPRINTF 4409int main(void) 4410{ 4411 char buf[50]; 4412 char expected_out[50]; 4413 int mazsize = 50 ; 4414#if (SIZEOF_LONG_INT == 8) 4415 long int num = 0x7fffffffffffffff; 4416#else 4417 long long num = 0x7fffffffffffffffll; 4418#endif 4419 strcpy(expected_out, "9223372036854775807"); 4420 snprintf(buf, mazsize, "%lld", num); 4421 if(strcmp(buf, expected_out) != 0) 4422 exit(1); 4423 exit(0); 4424} 4425#else 4426int main(void) { exit(0); } 4427#endif 4428 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4429 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4430 ) 4431fi 4432 4433dnl Checks for structure members 4434OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4435OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4436OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4437OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4438OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4439OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4440OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4441OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4442OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4443OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4444OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4445OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4446OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4447OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4448OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4449OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4450OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4451OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4452 4453AC_CHECK_MEMBERS([struct stat.st_blksize]) 4454AC_CHECK_MEMBERS([struct stat.st_mtim]) 4455AC_CHECK_MEMBERS([struct stat.st_mtime]) 4456AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4457struct passwd.pw_change, struct passwd.pw_expire], 4458[], [], [[ 4459#include <sys/types.h> 4460#include <pwd.h> 4461]]) 4462 4463AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4464 [Define if we don't have struct __res_state in resolv.h])], 4465[[ 4466#include <stdio.h> 4467#if HAVE_SYS_TYPES_H 4468# include <sys/types.h> 4469#endif 4470#include <netinet/in.h> 4471#include <arpa/nameser.h> 4472#include <resolv.h> 4473]]) 4474 4475AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4476 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4477 [], 4478 [AC_LANG_SOURCE([[ 4479#include <sys/types.h> 4480#include <sys/socket.h> 4481#include <netinet/in.h> 4482 ]])] 4483) 4484 4485AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4486 ac_cv_have_ss_family_in_struct_ss, [ 4487 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4488#include <sys/types.h> 4489#include <sys/socket.h> 4490 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4491 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4492 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4493]) 4494if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4495 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4496fi 4497 4498AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4499 ac_cv_have___ss_family_in_struct_ss, [ 4500 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4501#include <sys/types.h> 4502#include <sys/socket.h> 4503 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4504 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4505 [ ac_cv_have___ss_family_in_struct_ss="no" 4506 ]) 4507]) 4508if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4509 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4510 [Fields in struct sockaddr_storage]) 4511fi 4512 4513dnl make sure we're using the real structure members and not defines 4514AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4515 ac_cv_have_accrights_in_msghdr, [ 4516 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4517#include <sys/types.h> 4518#include <sys/socket.h> 4519#include <sys/uio.h> 4520#include <stdlib.h> 4521 ]], [[ 4522#ifdef msg_accrights 4523#error "msg_accrights is a macro" 4524exit(1); 4525#endif 4526struct msghdr m; 4527m.msg_accrights = 0; 4528exit(0); 4529 ]])], 4530 [ ac_cv_have_accrights_in_msghdr="yes" ], 4531 [ ac_cv_have_accrights_in_msghdr="no" ] 4532 ) 4533]) 4534if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4535 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4536 [Define if your system uses access rights style 4537 file descriptor passing]) 4538fi 4539 4540AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4541AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4542#include <sys/param.h> 4543#include <sys/stat.h> 4544#ifdef HAVE_SYS_TIME_H 4545# include <sys/time.h> 4546#endif 4547#ifdef HAVE_SYS_MOUNT_H 4548#include <sys/mount.h> 4549#endif 4550#ifdef HAVE_SYS_STATVFS_H 4551#include <sys/statvfs.h> 4552#endif 4553 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4554 [ AC_MSG_RESULT([yes]) ], 4555 [ AC_MSG_RESULT([no]) 4556 4557 AC_MSG_CHECKING([if fsid_t has member val]) 4558 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4559#include <sys/types.h> 4560#include <sys/statvfs.h> 4561 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4562 [ AC_MSG_RESULT([yes]) 4563 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4564 [ AC_MSG_RESULT([no]) ]) 4565 4566 AC_MSG_CHECKING([if f_fsid has member __val]) 4567 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4568#include <sys/types.h> 4569#include <sys/statvfs.h> 4570 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4571 [ AC_MSG_RESULT([yes]) 4572 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4573 [ AC_MSG_RESULT([no]) ]) 4574]) 4575 4576AC_CACHE_CHECK([for msg_control field in struct msghdr], 4577 ac_cv_have_control_in_msghdr, [ 4578 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4579#include <sys/types.h> 4580#include <sys/socket.h> 4581#include <sys/uio.h> 4582#include <stdlib.h> 4583 ]], [[ 4584#ifdef msg_control 4585#error "msg_control is a macro" 4586exit(1); 4587#endif 4588struct msghdr m; 4589m.msg_control = 0; 4590exit(0); 4591 ]])], 4592 [ ac_cv_have_control_in_msghdr="yes" ], 4593 [ ac_cv_have_control_in_msghdr="no" ] 4594 ) 4595]) 4596if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4597 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4598 [Define if your system uses ancillary data style 4599 file descriptor passing]) 4600fi 4601 4602AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4603 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4604 [[ extern char *__progname; printf("%s", __progname); ]])], 4605 [ ac_cv_libc_defines___progname="yes" ], 4606 [ ac_cv_libc_defines___progname="no" 4607 ]) 4608]) 4609if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4610 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4611fi 4612 4613AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4614 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4615 [[ printf("%s", __FUNCTION__); ]])], 4616 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4617 [ ac_cv_cc_implements___FUNCTION__="no" 4618 ]) 4619]) 4620if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4621 AC_DEFINE([HAVE___FUNCTION__], [1], 4622 [Define if compiler implements __FUNCTION__]) 4623fi 4624 4625AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4626 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4627 [[ printf("%s", __func__); ]])], 4628 [ ac_cv_cc_implements___func__="yes" ], 4629 [ ac_cv_cc_implements___func__="no" 4630 ]) 4631]) 4632if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4633 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4634fi 4635 4636AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4637 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4638#include <stdarg.h> 4639va_list x,y; 4640 ]], [[ va_copy(x,y); ]])], 4641 [ ac_cv_have_va_copy="yes" ], 4642 [ ac_cv_have_va_copy="no" 4643 ]) 4644]) 4645if test "x$ac_cv_have_va_copy" = "xyes" ; then 4646 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4647fi 4648 4649AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4650 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4651#include <stdarg.h> 4652va_list x,y; 4653 ]], [[ __va_copy(x,y); ]])], 4654 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4655 ]) 4656]) 4657if test "x$ac_cv_have___va_copy" = "xyes" ; then 4658 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4659fi 4660 4661AC_CACHE_CHECK([whether getopt has optreset support], 4662 ac_cv_have_getopt_optreset, [ 4663 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4664 [[ extern int optreset; optreset = 0; ]])], 4665 [ ac_cv_have_getopt_optreset="yes" ], 4666 [ ac_cv_have_getopt_optreset="no" 4667 ]) 4668]) 4669if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4670 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4671 [Define if your getopt(3) defines and uses optreset]) 4672fi 4673 4674AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4675 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4676[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4677 [ ac_cv_libc_defines_sys_errlist="yes" ], 4678 [ ac_cv_libc_defines_sys_errlist="no" 4679 ]) 4680]) 4681if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4682 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4683 [Define if your system defines sys_errlist[]]) 4684fi 4685 4686 4687AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4688 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4689[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4690 [ ac_cv_libc_defines_sys_nerr="yes" ], 4691 [ ac_cv_libc_defines_sys_nerr="no" 4692 ]) 4693]) 4694if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4695 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4696fi 4697 4698# Check libraries needed by DNS fingerprint support 4699AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4700 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4701 [Define if getrrsetbyname() exists])], 4702 [ 4703 # Needed by our getrrsetbyname() 4704 AC_SEARCH_LIBS([res_query], [resolv]) 4705 AC_SEARCH_LIBS([dn_expand], [resolv]) 4706 AC_MSG_CHECKING([if res_query will link]) 4707 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4708#include <sys/types.h> 4709#include <netinet/in.h> 4710#include <arpa/nameser.h> 4711#include <netdb.h> 4712#include <resolv.h> 4713 ]], [[ 4714 res_query (0, 0, 0, 0, 0); 4715 ]])], 4716 AC_MSG_RESULT([yes]), 4717 [AC_MSG_RESULT([no]) 4718 saved_LIBS="$LIBS" 4719 LIBS="$LIBS -lresolv" 4720 AC_MSG_CHECKING([for res_query in -lresolv]) 4721 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4722#include <sys/types.h> 4723#include <netinet/in.h> 4724#include <arpa/nameser.h> 4725#include <netdb.h> 4726#include <resolv.h> 4727 ]], [[ 4728 res_query (0, 0, 0, 0, 0); 4729 ]])], 4730 [AC_MSG_RESULT([yes])], 4731 [LIBS="$saved_LIBS" 4732 AC_MSG_RESULT([no])]) 4733 ]) 4734 AC_CHECK_FUNCS([_getshort _getlong]) 4735 AC_CHECK_DECLS([_getshort, _getlong], , , 4736 [#include <sys/types.h> 4737 #include <arpa/nameser.h>]) 4738 AC_CHECK_MEMBER([HEADER.ad], 4739 [AC_DEFINE([HAVE_HEADER_AD], [1], 4740 [Define if HEADER.ad exists in arpa/nameser.h])], , 4741 [#include <arpa/nameser.h>]) 4742 ]) 4743 4744AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4745AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4746#include <stdio.h> 4747#if HAVE_SYS_TYPES_H 4748# include <sys/types.h> 4749#endif 4750#include <netinet/in.h> 4751#include <arpa/nameser.h> 4752#include <resolv.h> 4753extern struct __res_state _res; 4754 ]], [[ 4755struct __res_state *volatile p = &_res; /* force resolution of _res */ 4756return 0; 4757 ]],)], 4758 [AC_MSG_RESULT([yes]) 4759 AC_DEFINE([HAVE__RES_EXTERN], [1], 4760 [Define if you have struct __res_state _res as an extern]) 4761 ], 4762 [ AC_MSG_RESULT([no]) ] 4763) 4764 4765# Check whether user wants SELinux support 4766SELINUX_MSG="no" 4767LIBSELINUX="" 4768AC_ARG_WITH([selinux], 4769 [ --with-selinux Enable SELinux support], 4770 [ if test "x$withval" != "xno" ; then 4771 save_LIBS="$LIBS" 4772 AC_DEFINE([WITH_SELINUX], [1], 4773 [Define if you want SELinux support.]) 4774 SELINUX_MSG="yes" 4775 AC_CHECK_HEADER([selinux/selinux.h], , 4776 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4777 AC_CHECK_LIB([selinux], [setexeccon], 4778 [ LIBSELINUX="-lselinux" 4779 LIBS="$LIBS -lselinux" 4780 ], 4781 AC_MSG_ERROR([SELinux support requires libselinux library])) 4782 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4783 LIBS="$save_LIBS $LIBSELINUX" 4784 fi ] 4785) 4786AC_SUBST([SSHDLIBS]) 4787 4788# Check whether user wants Kerberos 5 support 4789KRB5_MSG="no" 4790AC_ARG_WITH([kerberos5], 4791 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4792 [ if test "x$withval" != "xno" ; then 4793 if test "x$withval" = "xyes" ; then 4794 KRB5ROOT="/usr/local" 4795 else 4796 KRB5ROOT=${withval} 4797 fi 4798 4799 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4800 KRB5_MSG="yes" 4801 4802 use_pkgconfig_for_krb5= 4803 if test "x$PKGCONFIG" != "xno"; then 4804 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4805 if "$PKGCONFIG" krb5; then 4806 AC_MSG_RESULT([yes]) 4807 use_pkgconfig_for_krb5=yes 4808 else 4809 AC_MSG_RESULT([no]) 4810 fi 4811 fi 4812 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4813 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4814 K5LIBS=`$PKGCONFIG --libs krb5` 4815 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4816 4817 AC_MSG_CHECKING([for gssapi support]) 4818 if "$PKGCONFIG" krb5-gssapi; then 4819 AC_MSG_RESULT([yes]) 4820 AC_DEFINE([GSSAPI], [1], 4821 [Define this if you want GSSAPI 4822 support in the version 2 protocol]) 4823 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4824 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4825 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4826 else 4827 AC_MSG_RESULT([no]) 4828 fi 4829 AC_MSG_CHECKING([whether we are using Heimdal]) 4830 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4831 ]], [[ char *tmp = heimdal_version; ]])], 4832 [ AC_MSG_RESULT([yes]) 4833 AC_DEFINE([HEIMDAL], [1], 4834 [Define this if you are using the Heimdal 4835 version of Kerberos V5]) ], 4836 [AC_MSG_RESULT([no]) 4837 ]) 4838 else 4839 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4840 [$KRB5ROOT/bin/krb5-config], 4841 [$KRB5ROOT/bin:$PATH]) 4842 if test -x $KRB5CONF ; then 4843 K5CFLAGS="`$KRB5CONF --cflags`" 4844 K5LIBS="`$KRB5CONF --libs`" 4845 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4846 4847 AC_MSG_CHECKING([for gssapi support]) 4848 if $KRB5CONF | grep gssapi >/dev/null ; then 4849 AC_MSG_RESULT([yes]) 4850 AC_DEFINE([GSSAPI], [1], 4851 [Define this if you want GSSAPI 4852 support in the version 2 protocol]) 4853 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4854 GSSLIBS="`$KRB5CONF --libs gssapi`" 4855 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4856 else 4857 AC_MSG_RESULT([no]) 4858 fi 4859 AC_MSG_CHECKING([whether we are using Heimdal]) 4860 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4861 ]], [[ char *tmp = heimdal_version; ]])], 4862 [ AC_MSG_RESULT([yes]) 4863 AC_DEFINE([HEIMDAL], [1], 4864 [Define this if you are using the Heimdal 4865 version of Kerberos V5]) ], 4866 [AC_MSG_RESULT([no]) 4867 ]) 4868 else 4869 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4870 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4871 AC_MSG_CHECKING([whether we are using Heimdal]) 4872 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4873 ]], [[ char *tmp = heimdal_version; ]])], 4874 [ AC_MSG_RESULT([yes]) 4875 AC_DEFINE([HEIMDAL]) 4876 K5LIBS="-lkrb5" 4877 K5LIBS="$K5LIBS -lcom_err -lasn1" 4878 AC_CHECK_LIB([roken], [net_write], 4879 [K5LIBS="$K5LIBS -lroken"]) 4880 AC_CHECK_LIB([des], [des_cbc_encrypt], 4881 [K5LIBS="$K5LIBS -ldes"]) 4882 ], [ AC_MSG_RESULT([no]) 4883 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4884 ]) 4885 AC_SEARCH_LIBS([dn_expand], [resolv]) 4886 4887 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4888 [ AC_DEFINE([GSSAPI]) 4889 GSSLIBS="-lgssapi_krb5" ], 4890 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4891 [ AC_DEFINE([GSSAPI]) 4892 GSSLIBS="-lgssapi" ], 4893 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4894 [ AC_DEFINE([GSSAPI]) 4895 GSSLIBS="-lgss" ], 4896 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4897 ]) 4898 ]) 4899 4900 AC_CHECK_HEADER([gssapi.h], , 4901 [ unset ac_cv_header_gssapi_h 4902 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4903 AC_CHECK_HEADERS([gssapi.h], , 4904 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4905 ) 4906 ] 4907 ) 4908 4909 oldCPP="$CPPFLAGS" 4910 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4911 AC_CHECK_HEADER([gssapi_krb5.h], , 4912 [ CPPFLAGS="$oldCPP" ]) 4913 4914 fi 4915 fi 4916 if test -n "${rpath_opt}" ; then 4917 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4918 fi 4919 if test ! -z "$blibpath" ; then 4920 blibpath="$blibpath:${KRB5ROOT}/lib" 4921 fi 4922 4923 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4924 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4925 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4926 4927 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4928 [Define this if you want to use libkafs' AFS support])]) 4929 4930 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4931#ifdef HAVE_GSSAPI_H 4932# include <gssapi.h> 4933#elif defined(HAVE_GSSAPI_GSSAPI_H) 4934# include <gssapi/gssapi.h> 4935#endif 4936 4937#ifdef HAVE_GSSAPI_GENERIC_H 4938# include <gssapi_generic.h> 4939#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4940# include <gssapi/gssapi_generic.h> 4941#endif 4942 ]]) 4943 saved_LIBS="$LIBS" 4944 LIBS="$LIBS $K5LIBS" 4945 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4946 LIBS="$saved_LIBS" 4947 4948 fi 4949 ] 4950) 4951AC_SUBST([GSSLIBS]) 4952AC_SUBST([K5LIBS]) 4953AC_SUBST([CHANNELLIBS]) 4954 4955# Looking for programs, paths and files 4956 4957PRIVSEP_PATH=/var/empty 4958AC_ARG_WITH([privsep-path], 4959 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4960 [ 4961 if test -n "$withval" && test "x$withval" != "xno" && \ 4962 test "x${withval}" != "xyes"; then 4963 PRIVSEP_PATH=$withval 4964 fi 4965 ] 4966) 4967AC_SUBST([PRIVSEP_PATH]) 4968 4969AC_ARG_WITH([xauth], 4970 [ --with-xauth=PATH Specify path to xauth program ], 4971 [ 4972 if test -n "$withval" && test "x$withval" != "xno" && \ 4973 test "x${withval}" != "xyes"; then 4974 xauth_path=$withval 4975 fi 4976 ], 4977 [ 4978 TestPath="$PATH" 4979 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4980 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4981 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4982 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4983 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4984 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4985 xauth_path="/usr/openwin/bin/xauth" 4986 fi 4987 ] 4988) 4989 4990STRIP_OPT=-s 4991AC_ARG_ENABLE([strip], 4992 [ --disable-strip Disable calling strip(1) on install], 4993 [ 4994 if test "x$enableval" = "xno" ; then 4995 STRIP_OPT= 4996 fi 4997 ] 4998) 4999AC_SUBST([STRIP_OPT]) 5000 5001if test -z "$xauth_path" ; then 5002 XAUTH_PATH="undefined" 5003 AC_SUBST([XAUTH_PATH]) 5004else 5005 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 5006 [Define if xauth is found in your path]) 5007 XAUTH_PATH=$xauth_path 5008 AC_SUBST([XAUTH_PATH]) 5009fi 5010 5011dnl # --with-maildir=/path/to/mail gets top priority. 5012dnl # if maildir is set in the platform case statement above we use that. 5013dnl # Otherwise we run a program to get the dir from system headers. 5014dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 5015dnl # If we find _PATH_MAILDIR we do nothing because that is what 5016dnl # session.c expects anyway. Otherwise we set to the value found 5017dnl # stripping any trailing slash. If for some strage reason our program 5018dnl # does not find what it needs, we default to /var/spool/mail. 5019# Check for mail directory 5020AC_ARG_WITH([maildir], 5021 [ --with-maildir=/path/to/mail Specify your system mail directory], 5022 [ 5023 if test "X$withval" != X && test "x$withval" != xno && \ 5024 test "x${withval}" != xyes; then 5025 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 5026 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 5027 fi 5028 ],[ 5029 if test "X$maildir" != "X"; then 5030 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5031 else 5032 AC_MSG_CHECKING([Discovering system mail directory]) 5033 AC_RUN_IFELSE( 5034 [AC_LANG_PROGRAM([[ 5035#include <stdio.h> 5036#include <stdlib.h> 5037#include <string.h> 5038#ifdef HAVE_PATHS_H 5039#include <paths.h> 5040#endif 5041#ifdef HAVE_MAILLOCK_H 5042#include <maillock.h> 5043#endif 5044#define DATA "conftest.maildir" 5045 ]], [[ 5046 FILE *fd; 5047 int rc; 5048 5049 fd = fopen(DATA,"w"); 5050 if(fd == NULL) 5051 exit(1); 5052 5053#if defined (_PATH_MAILDIR) 5054 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 5055 exit(1); 5056#elif defined (MAILDIR) 5057 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 5058 exit(1); 5059#elif defined (_PATH_MAIL) 5060 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 5061 exit(1); 5062#else 5063 exit (2); 5064#endif 5065 5066 exit(0); 5067 ]])], 5068 [ 5069 maildir_what=`awk -F: '{print $1}' conftest.maildir` 5070 maildir=`awk -F: '{print $2}' conftest.maildir \ 5071 | sed 's|/$||'` 5072 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 5073 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 5074 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5075 fi 5076 ], 5077 [ 5078 if test "X$ac_status" = "X2";then 5079# our test program didn't find it. Default to /var/spool/mail 5080 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5081 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5082 else 5083 AC_MSG_RESULT([*** not found ***]) 5084 fi 5085 ], 5086 [ 5087 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5088 ] 5089 ) 5090 fi 5091 ] 5092) # maildir 5093 5094if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5095 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5096 disable_ptmx_check=yes 5097fi 5098if test -z "$no_dev_ptmx" ; then 5099 if test "x$disable_ptmx_check" != "xyes" ; then 5100 AC_CHECK_FILE(["/dev/ptmx"], 5101 [ 5102 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5103 [Define if you have /dev/ptmx]) 5104 have_dev_ptmx=1 5105 ] 5106 ) 5107 fi 5108fi 5109 5110if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5111 AC_CHECK_FILE(["/dev/ptc"], 5112 [ 5113 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5114 [Define if you have /dev/ptc]) 5115 have_dev_ptc=1 5116 ] 5117 ) 5118else 5119 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5120fi 5121 5122# Options from here on. Some of these are preset by platform above 5123AC_ARG_WITH([mantype], 5124 [ --with-mantype=man|cat|doc Set man page type], 5125 [ 5126 case "$withval" in 5127 man|cat|doc) 5128 MANTYPE=$withval 5129 ;; 5130 *) 5131 AC_MSG_ERROR([invalid man type: $withval]) 5132 ;; 5133 esac 5134 ] 5135) 5136if test -z "$MANTYPE"; then 5137 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5138 MANTYPE=doc 5139 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5140 MANTYPE=doc 5141 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5142 MANTYPE=man 5143 else 5144 MANTYPE=cat 5145 fi 5146fi 5147AC_SUBST([MANTYPE]) 5148if test "$MANTYPE" = "doc"; then 5149 mansubdir=man; 5150else 5151 mansubdir=$MANTYPE; 5152fi 5153AC_SUBST([mansubdir]) 5154 5155# Whether to disable shadow password support 5156AC_ARG_WITH([shadow], 5157 [ --without-shadow Disable shadow password support], 5158 [ 5159 if test "x$withval" = "xno" ; then 5160 AC_DEFINE([DISABLE_SHADOW]) 5161 disable_shadow=yes 5162 fi 5163 ] 5164) 5165 5166if test -z "$disable_shadow" ; then 5167 AC_MSG_CHECKING([if the systems has expire shadow information]) 5168 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5169#include <sys/types.h> 5170#include <shadow.h> 5171struct spwd sp; 5172 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5173 [ sp_expire_available=yes ], [ 5174 ]) 5175 5176 if test "x$sp_expire_available" = "xyes" ; then 5177 AC_MSG_RESULT([yes]) 5178 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5179 [Define if you want to use shadow password expire field]) 5180 else 5181 AC_MSG_RESULT([no]) 5182 fi 5183fi 5184 5185# Use ip address instead of hostname in $DISPLAY 5186if test ! -z "$IPADDR_IN_DISPLAY" ; then 5187 DISPLAY_HACK_MSG="yes" 5188 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5189 [Define if you need to use IP address 5190 instead of hostname in $DISPLAY]) 5191else 5192 DISPLAY_HACK_MSG="no" 5193 AC_ARG_WITH([ipaddr-display], 5194 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5195 [ 5196 if test "x$withval" != "xno" ; then 5197 AC_DEFINE([IPADDR_IN_DISPLAY]) 5198 DISPLAY_HACK_MSG="yes" 5199 fi 5200 ] 5201 ) 5202fi 5203 5204# check for /etc/default/login and use it if present. 5205AC_ARG_ENABLE([etc-default-login], 5206 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5207 [ if test "x$enableval" = "xno"; then 5208 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5209 etc_default_login=no 5210 else 5211 etc_default_login=yes 5212 fi ], 5213 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5214 then 5215 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5216 etc_default_login=no 5217 else 5218 etc_default_login=yes 5219 fi ] 5220) 5221 5222if test "x$etc_default_login" != "xno"; then 5223 AC_CHECK_FILE(["/etc/default/login"], 5224 [ external_path_file=/etc/default/login ]) 5225 if test "x$external_path_file" = "x/etc/default/login"; then 5226 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5227 [Define if your system has /etc/default/login]) 5228 fi 5229fi 5230 5231dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5232if test $ac_cv_func_login_getcapbool = "yes" && \ 5233 test $ac_cv_header_login_cap_h = "yes" ; then 5234 external_path_file=/etc/login.conf 5235fi 5236 5237# Whether to mess with the default path 5238SERVER_PATH_MSG="(default)" 5239AC_ARG_WITH([default-path], 5240 [ --with-default-path= Specify default $PATH environment for server], 5241 [ 5242 if test "x$external_path_file" = "x/etc/login.conf" ; then 5243 AC_MSG_WARN([ 5244--with-default-path=PATH has no effect on this system. 5245Edit /etc/login.conf instead.]) 5246 elif test "x$withval" != "xno" ; then 5247 if test ! -z "$external_path_file" ; then 5248 AC_MSG_WARN([ 5249--with-default-path=PATH will only be used if PATH is not defined in 5250$external_path_file .]) 5251 fi 5252 user_path="$withval" 5253 SERVER_PATH_MSG="$withval" 5254 fi 5255 ], 5256 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5257 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5258 else 5259 if test ! -z "$external_path_file" ; then 5260 AC_MSG_WARN([ 5261If PATH is defined in $external_path_file, ensure the path to scp is included, 5262otherwise scp will not work.]) 5263 fi 5264 AC_RUN_IFELSE( 5265 [AC_LANG_PROGRAM([[ 5266/* find out what STDPATH is */ 5267#include <stdio.h> 5268#include <stdlib.h> 5269#ifdef HAVE_PATHS_H 5270# include <paths.h> 5271#endif 5272#ifndef _PATH_STDPATH 5273# ifdef _PATH_USERPATH /* Irix */ 5274# define _PATH_STDPATH _PATH_USERPATH 5275# else 5276# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5277# endif 5278#endif 5279#include <sys/types.h> 5280#include <sys/stat.h> 5281#include <fcntl.h> 5282#define DATA "conftest.stdpath" 5283 ]], [[ 5284 FILE *fd; 5285 int rc; 5286 5287 fd = fopen(DATA,"w"); 5288 if(fd == NULL) 5289 exit(1); 5290 5291 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5292 exit(1); 5293 5294 exit(0); 5295 ]])], 5296 [ user_path=`cat conftest.stdpath` ], 5297 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5298 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5299 ) 5300# make sure $bindir is in USER_PATH so scp will work 5301 t_bindir="${bindir}" 5302 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5303 t_bindir=`eval echo ${t_bindir}` 5304 case $t_bindir in 5305 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5306 esac 5307 case $t_bindir in 5308 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5309 esac 5310 done 5311 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5312 if test $? -ne 0 ; then 5313 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5314 if test $? -ne 0 ; then 5315 user_path=$user_path:$t_bindir 5316 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5317 fi 5318 fi 5319 fi ] 5320) 5321if test "x$external_path_file" != "x/etc/login.conf" ; then 5322 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5323 AC_SUBST([user_path]) 5324fi 5325 5326# Set superuser path separately to user path 5327AC_ARG_WITH([superuser-path], 5328 [ --with-superuser-path= Specify different path for super-user], 5329 [ 5330 if test -n "$withval" && test "x$withval" != "xno" && \ 5331 test "x${withval}" != "xyes"; then 5332 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5333 [Define if you want a different $PATH 5334 for the superuser]) 5335 superuser_path=$withval 5336 fi 5337 ] 5338) 5339 5340 5341AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5342IPV4_IN6_HACK_MSG="no" 5343AC_ARG_WITH(4in6, 5344 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5345 [ 5346 if test "x$withval" != "xno" ; then 5347 AC_MSG_RESULT([yes]) 5348 AC_DEFINE([IPV4_IN_IPV6], [1], 5349 [Detect IPv4 in IPv6 mapped addresses 5350 and treat as IPv4]) 5351 IPV4_IN6_HACK_MSG="yes" 5352 else 5353 AC_MSG_RESULT([no]) 5354 fi 5355 ], [ 5356 if test "x$inet6_default_4in6" = "xyes"; then 5357 AC_MSG_RESULT([yes (default)]) 5358 AC_DEFINE([IPV4_IN_IPV6]) 5359 IPV4_IN6_HACK_MSG="yes" 5360 else 5361 AC_MSG_RESULT([no (default)]) 5362 fi 5363 ] 5364) 5365 5366# Whether to enable BSD auth support 5367BSD_AUTH_MSG=no 5368AC_ARG_WITH([bsd-auth], 5369 [ --with-bsd-auth Enable BSD auth support], 5370 [ 5371 if test "x$withval" != "xno" ; then 5372 AC_DEFINE([BSD_AUTH], [1], 5373 [Define if you have BSD auth support]) 5374 BSD_AUTH_MSG=yes 5375 fi 5376 ] 5377) 5378 5379# Where to place sshd.pid 5380piddir=/var/run 5381# make sure the directory exists 5382if test ! -d $piddir ; then 5383 piddir=`eval echo ${sysconfdir}` 5384 case $piddir in 5385 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5386 esac 5387fi 5388 5389AC_ARG_WITH([pid-dir], 5390 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5391 [ 5392 if test -n "$withval" && test "x$withval" != "xno" && \ 5393 test "x${withval}" != "xyes"; then 5394 piddir=$withval 5395 if test ! -d $piddir ; then 5396 AC_MSG_WARN([** no $piddir directory on this system **]) 5397 fi 5398 fi 5399 ] 5400) 5401 5402AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5403 [Specify location of ssh.pid]) 5404AC_SUBST([piddir]) 5405 5406 5407AC_ARG_ENABLE([fd-passing], 5408 [ --disable-fd-passing disable file descriptor passsing [no]], 5409 [ 5410 if test "x$enableval" = "xno" ; then 5411 AC_DEFINE([DISABLE_FD_PASSING]) 5412 fi 5413 ] 5414) 5415 5416dnl allow user to disable some login recording features 5417AC_ARG_ENABLE([lastlog], 5418 [ --disable-lastlog disable use of lastlog even if detected [no]], 5419 [ 5420 if test "x$enableval" = "xno" ; then 5421 AC_DEFINE([DISABLE_LASTLOG]) 5422 fi 5423 ] 5424) 5425AC_ARG_ENABLE([utmp], 5426 [ --disable-utmp disable use of utmp even if detected [no]], 5427 [ 5428 if test "x$enableval" = "xno" ; then 5429 AC_DEFINE([DISABLE_UTMP]) 5430 fi 5431 ] 5432) 5433AC_ARG_ENABLE([utmpx], 5434 [ --disable-utmpx disable use of utmpx even if detected [no]], 5435 [ 5436 if test "x$enableval" = "xno" ; then 5437 AC_DEFINE([DISABLE_UTMPX], [1], 5438 [Define if you don't want to use utmpx]) 5439 fi 5440 ] 5441) 5442AC_ARG_ENABLE([wtmp], 5443 [ --disable-wtmp disable use of wtmp even if detected [no]], 5444 [ 5445 if test "x$enableval" = "xno" ; then 5446 AC_DEFINE([DISABLE_WTMP]) 5447 fi 5448 ] 5449) 5450AC_ARG_ENABLE([wtmpx], 5451 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5452 [ 5453 if test "x$enableval" = "xno" ; then 5454 AC_DEFINE([DISABLE_WTMPX], [1], 5455 [Define if you don't want to use wtmpx]) 5456 fi 5457 ] 5458) 5459AC_ARG_ENABLE([libutil], 5460 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5461 [ 5462 if test "x$enableval" = "xno" ; then 5463 AC_DEFINE([DISABLE_LOGIN]) 5464 fi 5465 ] 5466) 5467AC_ARG_ENABLE([pututline], 5468 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5469 [ 5470 if test "x$enableval" = "xno" ; then 5471 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5472 [Define if you don't want to use pututline() 5473 etc. to write [uw]tmp]) 5474 fi 5475 ] 5476) 5477AC_ARG_ENABLE([pututxline], 5478 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5479 [ 5480 if test "x$enableval" = "xno" ; then 5481 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5482 [Define if you don't want to use pututxline() 5483 etc. to write [uw]tmpx]) 5484 fi 5485 ] 5486) 5487AC_ARG_WITH([lastlog], 5488 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5489 [ 5490 if test "x$withval" = "xno" ; then 5491 AC_DEFINE([DISABLE_LASTLOG]) 5492 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5493 conf_lastlog_location=$withval 5494 fi 5495 ] 5496) 5497 5498dnl lastlog, [uw]tmpx? detection 5499dnl NOTE: set the paths in the platform section to avoid the 5500dnl need for command-line parameters 5501dnl lastlog and [uw]tmp are subject to a file search if all else fails 5502 5503dnl lastlog detection 5504dnl NOTE: the code itself will detect if lastlog is a directory 5505AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5506AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5507#include <sys/types.h> 5508#include <utmp.h> 5509#ifdef HAVE_LASTLOG_H 5510# include <lastlog.h> 5511#endif 5512#ifdef HAVE_PATHS_H 5513# include <paths.h> 5514#endif 5515#ifdef HAVE_LOGIN_H 5516# include <login.h> 5517#endif 5518 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5519 [ AC_MSG_RESULT([yes]) ], 5520 [ 5521 AC_MSG_RESULT([no]) 5522 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5523 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5524#include <sys/types.h> 5525#include <utmp.h> 5526#ifdef HAVE_LASTLOG_H 5527# include <lastlog.h> 5528#endif 5529#ifdef HAVE_PATHS_H 5530# include <paths.h> 5531#endif 5532 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5533 [ AC_MSG_RESULT([yes]) ], 5534 [ 5535 AC_MSG_RESULT([no]) 5536 system_lastlog_path=no 5537 ]) 5538]) 5539 5540if test -z "$conf_lastlog_location"; then 5541 if test x"$system_lastlog_path" = x"no" ; then 5542 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5543 if (test -d "$f" || test -f "$f") ; then 5544 conf_lastlog_location=$f 5545 fi 5546 done 5547 if test -z "$conf_lastlog_location"; then 5548 AC_MSG_WARN([** Cannot find lastlog **]) 5549 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5550 fi 5551 fi 5552fi 5553 5554if test -n "$conf_lastlog_location"; then 5555 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5556 [Define if you want to specify the path to your lastlog file]) 5557fi 5558 5559dnl utmp detection 5560AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5561AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5562#include <sys/types.h> 5563#include <utmp.h> 5564#ifdef HAVE_PATHS_H 5565# include <paths.h> 5566#endif 5567 ]], [[ char *utmp = UTMP_FILE; ]])], 5568 [ AC_MSG_RESULT([yes]) ], 5569 [ AC_MSG_RESULT([no]) 5570 system_utmp_path=no 5571]) 5572if test -z "$conf_utmp_location"; then 5573 if test x"$system_utmp_path" = x"no" ; then 5574 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5575 if test -f $f ; then 5576 conf_utmp_location=$f 5577 fi 5578 done 5579 if test -z "$conf_utmp_location"; then 5580 AC_DEFINE([DISABLE_UTMP]) 5581 fi 5582 fi 5583fi 5584if test -n "$conf_utmp_location"; then 5585 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5586 [Define if you want to specify the path to your utmp file]) 5587fi 5588 5589dnl wtmp detection 5590AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5591AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5592#include <sys/types.h> 5593#include <utmp.h> 5594#ifdef HAVE_PATHS_H 5595# include <paths.h> 5596#endif 5597 ]], [[ char *wtmp = WTMP_FILE; ]])], 5598 [ AC_MSG_RESULT([yes]) ], 5599 [ AC_MSG_RESULT([no]) 5600 system_wtmp_path=no 5601]) 5602if test -z "$conf_wtmp_location"; then 5603 if test x"$system_wtmp_path" = x"no" ; then 5604 for f in /usr/adm/wtmp /var/log/wtmp; do 5605 if test -f $f ; then 5606 conf_wtmp_location=$f 5607 fi 5608 done 5609 if test -z "$conf_wtmp_location"; then 5610 AC_DEFINE([DISABLE_WTMP]) 5611 fi 5612 fi 5613fi 5614if test -n "$conf_wtmp_location"; then 5615 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5616 [Define if you want to specify the path to your wtmp file]) 5617fi 5618 5619dnl wtmpx detection 5620AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5621AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5622#include <sys/types.h> 5623#include <utmp.h> 5624#ifdef HAVE_UTMPX_H 5625#include <utmpx.h> 5626#endif 5627#ifdef HAVE_PATHS_H 5628# include <paths.h> 5629#endif 5630 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5631 [ AC_MSG_RESULT([yes]) ], 5632 [ AC_MSG_RESULT([no]) 5633 system_wtmpx_path=no 5634]) 5635if test -z "$conf_wtmpx_location"; then 5636 if test x"$system_wtmpx_path" = x"no" ; then 5637 AC_DEFINE([DISABLE_WTMPX]) 5638 fi 5639else 5640 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5641 [Define if you want to specify the path to your wtmpx file]) 5642fi 5643 5644 5645if test ! -z "$blibpath" ; then 5646 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5647 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5648fi 5649 5650AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5651 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5652 AC_DEFINE([DISABLE_LASTLOG]) 5653 fi 5654 ], [ 5655#ifdef HAVE_SYS_TYPES_H 5656#include <sys/types.h> 5657#endif 5658#ifdef HAVE_UTMP_H 5659#include <utmp.h> 5660#endif 5661#ifdef HAVE_UTMPX_H 5662#include <utmpx.h> 5663#endif 5664#ifdef HAVE_LASTLOG_H 5665#include <lastlog.h> 5666#endif 5667 ]) 5668 5669AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5670 AC_DEFINE([DISABLE_UTMP]) 5671 AC_DEFINE([DISABLE_WTMP]) 5672 ], [ 5673#ifdef HAVE_SYS_TYPES_H 5674#include <sys/types.h> 5675#endif 5676#ifdef HAVE_UTMP_H 5677#include <utmp.h> 5678#endif 5679#ifdef HAVE_UTMPX_H 5680#include <utmpx.h> 5681#endif 5682#ifdef HAVE_LASTLOG_H 5683#include <lastlog.h> 5684#endif 5685 ]) 5686 5687dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5688dnl Add now. 5689CFLAGS="$CFLAGS $werror_flags" 5690 5691if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5692 TEST_SSH_IPV6=no 5693else 5694 TEST_SSH_IPV6=yes 5695fi 5696AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5697AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5698AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5699AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5700AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5701AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5702 5703# Binaries for interop tests. 5704AC_PATH_PROG([PLINK], [plink]) 5705AC_PATH_PROG([PUTTYGEN], [puttygen]) 5706AC_PATH_PROG([CONCH], [conch]) 5707AC_PATH_PROG([DROPBEAR], [dropbear]) 5708AC_PATH_PROG([DBCLIENT], [dbclient]) 5709AC_PATH_PROG([DROPBEARKEY], [dropbearkey]) 5710AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert]) 5711 5712CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5713LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5714 5715# Make a copy of CFLAGS/LDFLAGS without PIE options. 5716LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5717CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5718AC_SUBST([LDFLAGS_NOPIE]) 5719AC_SUBST([CFLAGS_NOPIE]) 5720 5721AC_EXEEXT 5722AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5723 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5724 survey.sh]) 5725AC_OUTPUT 5726 5727# Print summary of options 5728 5729# Someone please show me a better way :) 5730A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5731B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5732C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5733D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5734E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5735F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5736G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5737H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5738I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5739J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5740 5741echo "" 5742echo "OpenSSH has been configured with the following options:" 5743echo " User binaries: $B" 5744echo " System binaries: $C" 5745echo " Configuration files: $D" 5746echo " Askpass program: $E" 5747echo " Manual pages: $F" 5748echo " PID file: $G" 5749echo " Privilege separation chroot path: $H" 5750if test "x$external_path_file" = "x/etc/login.conf" ; then 5751echo " At runtime, sshd will use the path defined in $external_path_file" 5752echo " Make sure the path to scp is present, otherwise scp will not work" 5753else 5754echo " sshd default user PATH: $I" 5755 if test ! -z "$external_path_file"; then 5756echo " (If PATH is set in $external_path_file it will be used instead. If" 5757echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5758 fi 5759fi 5760if test ! -z "$superuser_path" ; then 5761echo " sshd superuser user PATH: $J" 5762fi 5763echo " Manpage format: $MANTYPE" 5764echo " PAM support: $PAM_MSG" 5765echo " OSF SIA support: $SIA_MSG" 5766echo " KerberosV support: $KRB5_MSG" 5767echo " SELinux support: $SELINUX_MSG" 5768echo " TCP Wrappers support: $TCPW_MSG" 5769echo " libedit support: $LIBEDIT_MSG" 5770echo " libldns support: $LDNS_MSG" 5771echo " Solaris process contract support: $SPC_MSG" 5772echo " Solaris project support: $SP_MSG" 5773echo " Solaris privilege support: $SPP_MSG" 5774echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5775echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5776echo " BSD Auth support: $BSD_AUTH_MSG" 5777echo " Random number source: $RAND_MSG" 5778echo " Privsep sandbox style: $SANDBOX_STYLE" 5779echo " PKCS#11 support: $enable_pkcs11" 5780echo " U2F/FIDO support: $enable_sk" 5781 5782echo "" 5783 5784echo " Host: ${host}" 5785echo " Compiler: ${CC}" 5786echo " Compiler flags: ${CFLAGS}" 5787echo "Preprocessor flags: ${CPPFLAGS}" 5788echo " Linker flags: ${LDFLAGS}" 5789echo " Libraries: ${LIBS}" 5790if test ! -z "${CHANNELLIBS}"; then 5791echo " +for channels: ${CHANNELLIBS}" 5792fi 5793if test ! -z "${LIBFIDO2}"; then 5794echo " +for FIDO2: ${LIBFIDO2}" 5795fi 5796if test ! -z "${SSHDLIBS}"; then 5797echo " +for sshd: ${SSHDLIBS}" 5798fi 5799 5800echo "" 5801 5802if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5803 echo "SVR4 style packages are supported with \"make package\"" 5804 echo "" 5805fi 5806 5807if test "x$PAM_MSG" = "xyes" ; then 5808 echo "PAM is enabled. You may need to install a PAM control file " 5809 echo "for sshd, otherwise password authentication may fail. " 5810 echo "Example PAM control files can be found in the contrib/ " 5811 echo "subdirectory" 5812 echo "" 5813fi 5814 5815if test ! -z "$NO_PEERCHECK" ; then 5816 echo "WARNING: the operating system that you are using does not" 5817 echo "appear to support getpeereid(), getpeerucred() or the" 5818 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5819 echo "enforce security checks to prevent unauthorised connections to" 5820 echo "ssh-agent. Their absence increases the risk that a malicious" 5821 echo "user can connect to your agent." 5822 echo "" 5823fi 5824 5825if test "$AUDIT_MODULE" = "bsm" ; then 5826 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5827 echo "See the Solaris section in README.platform for details." 5828fi 5829