1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133AC_ARG_WITH([openssl], 134 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 135 [ if test "x$withval" = "xno" ; then 136 openssl=no 137 fi 138 ] 139) 140AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 141if test "x$openssl" = "xyes" ; then 142 AC_MSG_RESULT([yes]) 143 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 144else 145 AC_MSG_RESULT([no]) 146fi 147 148use_stack_protector=1 149use_toolchain_hardening=1 150AC_ARG_WITH([stackprotect], 151 [ --without-stackprotect Don't use compiler's stack protection], [ 152 if test "x$withval" = "xno"; then 153 use_stack_protector=0 154 fi ]) 155AC_ARG_WITH([hardening], 156 [ --without-hardening Don't use toolchain hardening flags], [ 157 if test "x$withval" = "xno"; then 158 use_toolchain_hardening=0 159 fi ]) 160 161# We use -Werror for the tests only so that we catch warnings like "this is 162# on by default" for things like -fPIE. 163AC_MSG_CHECKING([if $CC supports -Werror]) 164saved_CFLAGS="$CFLAGS" 165CFLAGS="$CFLAGS -Werror" 166AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 167 [ AC_MSG_RESULT([yes]) 168 WERROR="-Werror"], 169 [ AC_MSG_RESULT([no]) 170 WERROR="" ] 171) 172CFLAGS="$saved_CFLAGS" 173 174if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 175 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 178 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 179 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 180 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 181 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 182 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 183 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 184 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 185 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 186 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 187 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 188 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 189 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 190 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 191 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 192 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 193 if test "x$use_toolchain_hardening" = "x1"; then 194 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 195 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 196 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 197 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 198 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 199 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 200 # NB. -ftrapv expects certain support functions to be present in 201 # the compiler library (libgcc or similar) to detect integer operations 202 # that can overflow. We must check that the result of enabling it 203 # actually links. The test program compiled/linked includes a number 204 # of integer operations that should exercise this. 205 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 206 OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) 207 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 208 fi 209 AC_MSG_CHECKING([gcc version]) 210 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 211 case $GCC_VER in 212 1.*) no_attrib_nonnull=1 ;; 213 2.8* | 2.9*) 214 no_attrib_nonnull=1 215 ;; 216 2.*) no_attrib_nonnull=1 ;; 217 *) ;; 218 esac 219 AC_MSG_RESULT([$GCC_VER]) 220 221 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 222 saved_CFLAGS="$CFLAGS" 223 CFLAGS="$CFLAGS -fno-builtin-memset" 224 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 225 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 226 [ AC_MSG_RESULT([yes]) ], 227 [ AC_MSG_RESULT([no]) 228 CFLAGS="$saved_CFLAGS" ] 229 ) 230 231 # -fstack-protector-all doesn't always work for some GCC versions 232 # and/or platforms, so we test if we can. If it's not supported 233 # on a given platform gcc will emit a warning so we use -Werror. 234 if test "x$use_stack_protector" = "x1"; then 235 for t in -fstack-protector-strong -fstack-protector-all \ 236 -fstack-protector; do 237 AC_MSG_CHECKING([if $CC supports $t]) 238 saved_CFLAGS="$CFLAGS" 239 saved_LDFLAGS="$LDFLAGS" 240 CFLAGS="$CFLAGS $t -Werror" 241 LDFLAGS="$LDFLAGS $t -Werror" 242 AC_LINK_IFELSE( 243 [AC_LANG_PROGRAM([[ 244 #include <stdio.h> 245 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 246 ]], 247 [[ 248 char x[256]; 249 snprintf(x, sizeof(x), "XXX%d", func(1)); 250 ]])], 251 [ AC_MSG_RESULT([yes]) 252 CFLAGS="$saved_CFLAGS $t" 253 LDFLAGS="$saved_LDFLAGS $t" 254 AC_MSG_CHECKING([if $t works]) 255 AC_RUN_IFELSE( 256 [AC_LANG_PROGRAM([[ 257 #include <stdio.h> 258 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 259 ]], 260 [[ 261 char x[256]; 262 snprintf(x, sizeof(x), "XXX%d", func(1)); 263 ]])], 264 [ AC_MSG_RESULT([yes]) 265 break ], 266 [ AC_MSG_RESULT([no]) ], 267 [ AC_MSG_WARN([cross compiling: cannot test]) 268 break ] 269 ) 270 ], 271 [ AC_MSG_RESULT([no]) ] 272 ) 273 CFLAGS="$saved_CFLAGS" 274 LDFLAGS="$saved_LDFLAGS" 275 done 276 fi 277 278 if test -z "$have_llong_max"; then 279 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 280 unset ac_cv_have_decl_LLONG_MAX 281 saved_CFLAGS="$CFLAGS" 282 CFLAGS="$CFLAGS -std=gnu99" 283 AC_CHECK_DECL([LLONG_MAX], 284 [have_llong_max=1], 285 [CFLAGS="$saved_CFLAGS"], 286 [#include <limits.h>] 287 ) 288 fi 289fi 290 291AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 292AC_COMPILE_IFELSE( 293 [AC_LANG_PROGRAM([[ 294#include <stdlib.h> 295__attribute__((__unused__)) static void foo(void){return;}]], 296 [[ exit(0); ]])], 297 [ AC_MSG_RESULT([yes]) ], 298 [ AC_MSG_RESULT([no]) 299 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 300 [compiler does not accept __attribute__ on return types]) ] 301) 302 303AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 304AC_COMPILE_IFELSE( 305 [AC_LANG_PROGRAM([[ 306#include <stdlib.h> 307typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 308 [[ exit(0); ]])], 309 [ AC_MSG_RESULT([yes]) ], 310 [ AC_MSG_RESULT([no]) 311 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 312 [compiler does not accept __attribute__ on prototype args]) ] 313) 314 315AC_MSG_CHECKING([if compiler supports variable length arrays]) 316AC_COMPILE_IFELSE( 317 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 318 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 319 [ AC_MSG_RESULT([yes]) 320 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 321 [compiler supports variable length arrays]) ], 322 [ AC_MSG_RESULT([no]) ] 323) 324 325AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 326AC_COMPILE_IFELSE( 327 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 328 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 329 [ AC_MSG_RESULT([yes]) 330 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 331 [compiler variable declarations after code]) ], 332 [ AC_MSG_RESULT([no]) ] 333) 334 335if test "x$no_attrib_nonnull" != "x1" ; then 336 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 337fi 338 339AC_ARG_WITH([rpath], 340 [ --without-rpath Disable auto-added -R linker paths], 341 [ 342 if test "x$withval" = "xno" ; then 343 rpath_opt="" 344 elif test "x$withval" = "xyes" ; then 345 rpath_opt="-R" 346 else 347 rpath_opt="$withval" 348 fi 349 ] 350) 351 352# Allow user to specify flags 353AC_ARG_WITH([cflags], 354 [ --with-cflags Specify additional flags to pass to compiler], 355 [ 356 if test -n "$withval" && test "x$withval" != "xno" && \ 357 test "x${withval}" != "xyes"; then 358 CFLAGS="$CFLAGS $withval" 359 fi 360 ] 361) 362 363AC_ARG_WITH([cflags-after], 364 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 365 [ 366 if test -n "$withval" && test "x$withval" != "xno" && \ 367 test "x${withval}" != "xyes"; then 368 CFLAGS_AFTER="$withval" 369 fi 370 ] 371) 372AC_ARG_WITH([cppflags], 373 [ --with-cppflags Specify additional flags to pass to preprocessor] , 374 [ 375 if test -n "$withval" && test "x$withval" != "xno" && \ 376 test "x${withval}" != "xyes"; then 377 CPPFLAGS="$CPPFLAGS $withval" 378 fi 379 ] 380) 381AC_ARG_WITH([ldflags], 382 [ --with-ldflags Specify additional flags to pass to linker], 383 [ 384 if test -n "$withval" && test "x$withval" != "xno" && \ 385 test "x${withval}" != "xyes"; then 386 LDFLAGS="$LDFLAGS $withval" 387 fi 388 ] 389) 390AC_ARG_WITH([ldflags-after], 391 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 392 [ 393 if test -n "$withval" && test "x$withval" != "xno" && \ 394 test "x${withval}" != "xyes"; then 395 LDFLAGS_AFTER="$withval" 396 fi 397 ] 398) 399AC_ARG_WITH([libs], 400 [ --with-libs Specify additional libraries to link with], 401 [ 402 if test -n "$withval" && test "x$withval" != "xno" && \ 403 test "x${withval}" != "xyes"; then 404 LIBS="$LIBS $withval" 405 fi 406 ] 407) 408AC_ARG_WITH([Werror], 409 [ --with-Werror Build main code with -Werror], 410 [ 411 if test -n "$withval" && test "x$withval" != "xno"; then 412 werror_flags="-Werror" 413 if test "x${withval}" != "xyes"; then 414 werror_flags="$withval" 415 fi 416 fi 417 ] 418) 419 420AC_CHECK_HEADERS([ \ 421 blf.h \ 422 bstring.h \ 423 crypt.h \ 424 crypto/sha2.h \ 425 dirent.h \ 426 endian.h \ 427 elf.h \ 428 err.h \ 429 features.h \ 430 fcntl.h \ 431 floatingpoint.h \ 432 fnmatch.h \ 433 getopt.h \ 434 glob.h \ 435 ia.h \ 436 iaf.h \ 437 ifaddrs.h \ 438 inttypes.h \ 439 langinfo.h \ 440 limits.h \ 441 locale.h \ 442 login.h \ 443 maillock.h \ 444 ndir.h \ 445 net/if_tun.h \ 446 netdb.h \ 447 netgroup.h \ 448 pam/pam_appl.h \ 449 paths.h \ 450 poll.h \ 451 pty.h \ 452 readpassphrase.h \ 453 rpc/types.h \ 454 security/pam_appl.h \ 455 sha2.h \ 456 shadow.h \ 457 stddef.h \ 458 stdint.h \ 459 string.h \ 460 strings.h \ 461 sys/bitypes.h \ 462 sys/byteorder.h \ 463 sys/bsdtty.h \ 464 sys/cdefs.h \ 465 sys/dir.h \ 466 sys/file.h \ 467 sys/mman.h \ 468 sys/label.h \ 469 sys/ndir.h \ 470 sys/param.h \ 471 sys/poll.h \ 472 sys/prctl.h \ 473 sys/procctl.h \ 474 sys/pstat.h \ 475 sys/ptrace.h \ 476 sys/random.h \ 477 sys/select.h \ 478 sys/stat.h \ 479 sys/stream.h \ 480 sys/stropts.h \ 481 sys/strtio.h \ 482 sys/statvfs.h \ 483 sys/sysmacros.h \ 484 sys/time.h \ 485 sys/timers.h \ 486 sys/vfs.h \ 487 time.h \ 488 tmpdir.h \ 489 ttyent.h \ 490 ucred.h \ 491 unistd.h \ 492 usersec.h \ 493 util.h \ 494 utime.h \ 495 utmp.h \ 496 utmpx.h \ 497 vis.h \ 498 wchar.h \ 499]) 500 501# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 502# to be included first. 503AC_CHECK_HEADERS([sys/audit.h], [], [], [ 504#ifdef HAVE_SYS_TIME_H 505# include <sys/time.h> 506#endif 507#ifdef HAVE_SYS_TYPES_H 508# include <sys/types.h> 509#endif 510#ifdef HAVE_SYS_LABEL_H 511# include <sys/label.h> 512#endif 513]) 514 515# sys/capsicum.h requires sys/types.h 516AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 517#ifdef HAVE_SYS_TYPES_H 518# include <sys/types.h> 519#endif 520]) 521 522AC_MSG_CHECKING([for caph_cache_tzdata]) 523AC_LINK_IFELSE( 524 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 525 [[caph_cache_tzdata();]])], 526 [ 527 AC_MSG_RESULT([yes]) 528 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 529 [Define if you have caph_cache_tzdata]) 530 ], 531 [ AC_MSG_RESULT([no]) ] 532) 533 534# net/route.h requires sys/socket.h and sys/types.h. 535# sys/sysctl.h also requires sys/param.h 536AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 537#ifdef HAVE_SYS_TYPES_H 538# include <sys/types.h> 539#endif 540#include <sys/param.h> 541#include <sys/socket.h> 542]) 543 544# lastlog.h requires sys/time.h to be included first on Solaris 545AC_CHECK_HEADERS([lastlog.h], [], [], [ 546#ifdef HAVE_SYS_TIME_H 547# include <sys/time.h> 548#endif 549]) 550 551# sys/ptms.h requires sys/stream.h to be included first on Solaris 552AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 553#ifdef HAVE_SYS_STREAM_H 554# include <sys/stream.h> 555#endif 556]) 557 558# login_cap.h requires sys/types.h on NetBSD 559AC_CHECK_HEADERS([login_cap.h], [], [], [ 560#include <sys/types.h> 561]) 562 563# older BSDs need sys/param.h before sys/mount.h 564AC_CHECK_HEADERS([sys/mount.h], [], [], [ 565#include <sys/param.h> 566]) 567 568# Android requires sys/socket.h to be included before sys/un.h 569AC_CHECK_HEADERS([sys/un.h], [], [], [ 570#include <sys/types.h> 571#include <sys/socket.h> 572]) 573 574# Messages for features tested for in target-specific section 575SIA_MSG="no" 576SPC_MSG="no" 577SP_MSG="no" 578SPP_MSG="no" 579 580# Support for Solaris/Illumos privileges (this test is used by both 581# the --with-solaris-privs option and --with-sandbox=solaris). 582SOLARIS_PRIVS="no" 583 584# Check for some target-specific stuff 585case "$host" in 586*-*-aix*) 587 # Some versions of VAC won't allow macro redefinitions at 588 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 589 # particularly with older versions of vac or xlc. 590 # It also throws errors about null macro arguments, but these are 591 # not fatal. 592 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 593 AC_COMPILE_IFELSE( 594 [AC_LANG_PROGRAM([[ 595#define testmacro foo 596#define testmacro bar]], 597 [[ exit(0); ]])], 598 [ AC_MSG_RESULT([yes]) ], 599 [ AC_MSG_RESULT([no]) 600 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 601 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 602 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 603 ] 604 ) 605 606 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 607 if (test -z "$blibpath"); then 608 blibpath="/usr/lib:/lib" 609 fi 610 saved_LDFLAGS="$LDFLAGS" 611 if test "$GCC" = "yes"; then 612 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 613 else 614 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 615 fi 616 for tryflags in $flags ;do 617 if (test -z "$blibflags"); then 618 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 619 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 620 [blibflags=$tryflags], []) 621 fi 622 done 623 if (test -z "$blibflags"); then 624 AC_MSG_RESULT([not found]) 625 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 626 else 627 AC_MSG_RESULT([$blibflags]) 628 fi 629 LDFLAGS="$saved_LDFLAGS" 630 dnl Check for authenticate. Might be in libs.a on older AIXes 631 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 632 [Define if you want to enable AIX4's authenticate function])], 633 [AC_CHECK_LIB([s], [authenticate], 634 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 635 LIBS="$LIBS -ls" 636 ]) 637 ]) 638 dnl Check for various auth function declarations in headers. 639 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 640 passwdexpired, setauthdb], , , [#include <usersec.h>]) 641 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 642 AC_CHECK_DECLS([loginfailed], 643 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 644 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 645 [[ (void)loginfailed("user","host","tty",0); ]])], 646 [AC_MSG_RESULT([yes]) 647 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 648 [Define if your AIX loginfailed() function 649 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 650 ])], 651 [], 652 [#include <usersec.h>] 653 ) 654 AC_CHECK_FUNCS([getgrset setauthdb]) 655 AC_CHECK_DECL([F_CLOSEM], 656 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 657 [], 658 [ #include <limits.h> 659 #include <fcntl.h> ] 660 ) 661 check_for_aix_broken_getaddrinfo=1 662 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 663 [Define if your platform breaks doing a seteuid before a setuid]) 664 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 665 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 666 dnl AIX handles lastlog as part of its login message 667 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 668 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 669 [Some systems need a utmpx entry for /bin/login to work]) 670 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 671 [Define to a Set Process Title type if your system is 672 supported by bsd-setproctitle.c]) 673 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 674 [AIX 5.2 and 5.3 (and presumably newer) require this]) 675 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 676 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 677 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 678 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 679 ;; 680*-*-android*) 681 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 682 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 683 ;; 684*-*-cygwin*) 685 LIBS="$LIBS /usr/lib/textreadmode.o" 686 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 687 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 688 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 689 [Define to disable UID restoration test]) 690 AC_DEFINE([DISABLE_SHADOW], [1], 691 [Define if you want to disable shadow passwords]) 692 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 693 [Define if X11 doesn't support AF_UNIX sockets on that system]) 694 AC_DEFINE([DISABLE_FD_PASSING], [1], 695 [Define if your platform needs to skip post auth 696 file descriptor passing]) 697 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 698 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 699 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 700 # reasons which cause compile warnings, so we disable those warnings. 701 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 702 ;; 703*-*-dgux*) 704 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 705 [Define if your system choked on IP TOS setting]) 706 AC_DEFINE([SETEUID_BREAKS_SETUID]) 707 AC_DEFINE([BROKEN_SETREUID]) 708 AC_DEFINE([BROKEN_SETREGID]) 709 ;; 710*-*-darwin*) 711 use_pie=auto 712 AC_MSG_CHECKING([if we have working getaddrinfo]) 713 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 714#include <mach-o/dyld.h> 715#include <stdlib.h> 716main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 717 exit(0); 718 else 719 exit(1); 720} 721 ]])], 722 [AC_MSG_RESULT([working])], 723 [AC_MSG_RESULT([buggy]) 724 AC_DEFINE([BROKEN_GETADDRINFO], [1], 725 [getaddrinfo is broken (if present)]) 726 ], 727 [AC_MSG_RESULT([assume it is working])]) 728 AC_DEFINE([SETEUID_BREAKS_SETUID]) 729 AC_DEFINE([BROKEN_SETREUID]) 730 AC_DEFINE([BROKEN_SETREGID]) 731 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 732 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 733 [Define if your resolver libs need this for getrrsetbyname]) 734 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 735 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 736 [Use tunnel device compatibility to OpenBSD]) 737 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 738 [Prepend the address family to IP tunnel traffic]) 739 m4_pattern_allow([AU_IPv]) 740 AC_CHECK_DECL([AU_IPv4], [], 741 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 742 [#include <bsm/audit.h>] 743 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 744 [Define if pututxline updates lastlog too]) 745 ) 746 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 747 [Define to a Set Process Title type if your system is 748 supported by bsd-setproctitle.c]) 749 AC_CHECK_FUNCS([sandbox_init]) 750 AC_CHECK_HEADERS([sandbox.h]) 751 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 752 SSHDLIBS="$SSHDLIBS -lsandbox" 753 ]) 754 # proc_pidinfo()-based closefrom() replacement. 755 AC_CHECK_HEADERS([libproc.h]) 756 AC_CHECK_FUNCS([proc_pidinfo]) 757 # poll(2) is broken for character-special devices (at least). 758 # cf. Apple bug 3710161 (not public, but searchable) 759 AC_DEFINE([BROKEN_POLL], [1], 760 [System poll(2) implementation is broken]) 761 ;; 762*-*-dragonfly*) 763 SSHDLIBS="$SSHDLIBS" 764 TEST_MALLOC_OPTIONS="AFGJPRX" 765 ;; 766*-*-haiku*) 767 LIBS="$LIBS -lbsd " 768 CFLAGS="$CFLAGS -D_BSD_SOURCE" 769 AC_CHECK_LIB([network], [socket]) 770 AC_DEFINE([HAVE_U_INT64_T]) 771 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 772 MANTYPE=man 773 ;; 774*-*-hpux*) 775 # first we define all of the options common to all HP-UX releases 776 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 777 IPADDR_IN_DISPLAY=yes 778 AC_DEFINE([USE_PIPES]) 779 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 780 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 781 [String used in /etc/passwd to denote locked account]) 782 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 783 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 784 maildir="/var/mail" 785 LIBS="$LIBS -lsec" 786 AC_CHECK_LIB([xnet], [t_error], , 787 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 788 789 # next, we define all of the options specific to major releases 790 case "$host" in 791 *-*-hpux10*) 792 if test -z "$GCC"; then 793 CFLAGS="$CFLAGS -Ae" 794 fi 795 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 796 ;; 797 *-*-hpux11*) 798 AC_DEFINE([PAM_SUN_CODEBASE], [1], 799 [Define if you are using Solaris-derived PAM which 800 passes pam_messages to the conversation function 801 with an extra level of indirection]) 802 AC_DEFINE([DISABLE_UTMP], [1], 803 [Define if you don't want to use utmp]) 804 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 805 check_for_hpux_broken_getaddrinfo=1 806 check_for_conflicting_getspnam=1 807 ;; 808 esac 809 810 # lastly, we define options specific to minor releases 811 case "$host" in 812 *-*-hpux10.26) 813 AC_DEFINE([HAVE_SECUREWARE], [1], 814 [Define if you have SecureWare-based 815 protected password database]) 816 disable_ptmx_check=yes 817 LIBS="$LIBS -lsecpw" 818 ;; 819 esac 820 ;; 821*-*-irix5*) 822 PATH="$PATH:/usr/etc" 823 AC_DEFINE([BROKEN_INET_NTOA], [1], 824 [Define if you system's inet_ntoa is busted 825 (e.g. Irix gcc issue)]) 826 AC_DEFINE([SETEUID_BREAKS_SETUID]) 827 AC_DEFINE([BROKEN_SETREUID]) 828 AC_DEFINE([BROKEN_SETREGID]) 829 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 830 [Define if you shouldn't strip 'tty' from your 831 ttyname in [uw]tmp]) 832 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 833 ;; 834*-*-irix6*) 835 PATH="$PATH:/usr/etc" 836 AC_DEFINE([WITH_IRIX_ARRAY], [1], 837 [Define if you have/want arrays 838 (cluster-wide session management, not C arrays)]) 839 AC_DEFINE([WITH_IRIX_PROJECT], [1], 840 [Define if you want IRIX project management]) 841 AC_DEFINE([WITH_IRIX_AUDIT], [1], 842 [Define if you want IRIX audit trails]) 843 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 844 [Define if you want IRIX kernel jobs])]) 845 AC_DEFINE([BROKEN_INET_NTOA]) 846 AC_DEFINE([SETEUID_BREAKS_SETUID]) 847 AC_DEFINE([BROKEN_SETREUID]) 848 AC_DEFINE([BROKEN_SETREGID]) 849 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 850 AC_DEFINE([WITH_ABBREV_NO_TTY]) 851 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 852 ;; 853*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 854 AC_DEFINE([PAM_TTY_KLUDGE]) 855 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 856 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 857 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 858 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 859 ;; 860*-*-linux*) 861 no_dev_ptmx=1 862 use_pie=auto 863 check_for_openpty_ctty_bug=1 864 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 865 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 866 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 867 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 868 AC_DEFINE([PAM_TTY_KLUDGE], [1], 869 [Work around problematic Linux PAM modules handling of PAM_TTY]) 870 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 871 [String used in /etc/passwd to denote locked account]) 872 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 873 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 874 [Define to whatever link() returns for "not supported" 875 if it doesn't return EOPNOTSUPP.]) 876 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 877 AC_DEFINE([USE_BTMP]) 878 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 879 inet6_default_4in6=yes 880 case `uname -r` in 881 1.*|2.0.*) 882 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 883 [Define if cmsg_type is not passed correctly]) 884 ;; 885 esac 886 # tun(4) forwarding compat code 887 AC_CHECK_HEADERS([linux/if_tun.h]) 888 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 889 AC_DEFINE([SSH_TUN_LINUX], [1], 890 [Open tunnel devices the Linux tun/tap way]) 891 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 892 [Use tunnel device compatibility to OpenBSD]) 893 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 894 [Prepend the address family to IP tunnel traffic]) 895 fi 896 AC_CHECK_HEADER([linux/if.h], 897 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 898 [Support routing domains using Linux VRF]), [], [ 899#ifdef HAVE_SYS_TYPES_H 900# include <sys/types.h> 901#endif 902 ]) 903 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 904 [], [#include <linux/types.h>]) 905 # Obtain MIPS ABI 906 case "$host" in 907 mips*) 908 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 909#if _MIPS_SIM != _ABIO32 910#error 911#endif 912 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 913#if _MIPS_SIM != _ABIN32 914#error 915#endif 916 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 917#if _MIPS_SIM != _ABI64 918#error 919#endif 920 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 921 ]) 922 ]) 923 ]) 924 ;; 925 esac 926 AC_MSG_CHECKING([for seccomp architecture]) 927 seccomp_audit_arch= 928 case "$host" in 929 x86_64-*) 930 seccomp_audit_arch=AUDIT_ARCH_X86_64 931 ;; 932 i*86-*) 933 seccomp_audit_arch=AUDIT_ARCH_I386 934 ;; 935 arm*-*) 936 seccomp_audit_arch=AUDIT_ARCH_ARM 937 ;; 938 aarch64*-*) 939 seccomp_audit_arch=AUDIT_ARCH_AARCH64 940 ;; 941 s390x-*) 942 seccomp_audit_arch=AUDIT_ARCH_S390X 943 ;; 944 s390-*) 945 seccomp_audit_arch=AUDIT_ARCH_S390 946 ;; 947 powerpc-*) 948 seccomp_audit_arch=AUDIT_ARCH_PPC 949 ;; 950 powerpc64-*) 951 seccomp_audit_arch=AUDIT_ARCH_PPC64 952 ;; 953 powerpc64le-*) 954 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 955 ;; 956 mips-*) 957 seccomp_audit_arch=AUDIT_ARCH_MIPS 958 ;; 959 mipsel-*) 960 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 961 ;; 962 mips64-*) 963 case "$mips_abi" in 964 "n32") 965 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 966 ;; 967 "n64") 968 seccomp_audit_arch=AUDIT_ARCH_MIPS64 969 ;; 970 esac 971 ;; 972 mips64el-*) 973 case "$mips_abi" in 974 "n32") 975 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 976 ;; 977 "n64") 978 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 979 ;; 980 esac 981 ;; 982 riscv64-*) 983 seccomp_audit_arch=AUDIT_ARCH_RISCV64 984 ;; 985 esac 986 if test "x$seccomp_audit_arch" != "x" ; then 987 AC_MSG_RESULT(["$seccomp_audit_arch"]) 988 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 989 [Specify the system call convention in use]) 990 else 991 AC_MSG_RESULT([architecture not supported]) 992 fi 993 ;; 994*-*-minix) 995 AC_DEFINE([SETEUID_BREAKS_SETUID]) 996 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 997 AC_DEFINE([BROKEN_POLL], [1], 998 [System poll(2) implementation is broken]) 999 ;; 1000mips-sony-bsd|mips-sony-newsos4) 1001 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1002 SONY=1 1003 ;; 1004*-*-netbsd*) 1005 if test "x$withval" != "xno" ; then 1006 rpath_opt="-R" 1007 fi 1008 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1009 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1010 AC_CHECK_HEADER([net/if_tap.h], , 1011 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1012 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1013 [Prepend the address family to IP tunnel traffic]) 1014 TEST_MALLOC_OPTIONS="AJRX" 1015 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1016 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1017 ;; 1018*-*-freebsd*) 1019 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1020 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1021 AC_CHECK_HEADER([net/if_tap.h], , 1022 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1023 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1024 TEST_MALLOC_OPTIONS="AJRX" 1025 # Preauth crypto occasionally uses file descriptors for crypto offload 1026 # and will crash if they cannot be opened. 1027 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1028 [define if setrlimit RLIMIT_NOFILE breaks things]) 1029 case "$host" in 1030 *-*-freebsd9.*|*-*-freebsd10.*) 1031 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1032 disable_capsicum=yes 1033 esac 1034 ;; 1035*-*-bsdi*) 1036 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1037 AC_DEFINE([BROKEN_SETREUID]) 1038 AC_DEFINE([BROKEN_SETREGID]) 1039 ;; 1040*-next-*) 1041 conf_lastlog_location="/usr/adm/lastlog" 1042 conf_utmp_location=/etc/utmp 1043 conf_wtmp_location=/usr/adm/wtmp 1044 maildir=/usr/spool/mail 1045 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1046 AC_DEFINE([USE_PIPES]) 1047 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1048 ;; 1049*-*-openbsd*) 1050 use_pie=auto 1051 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1052 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1053 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1054 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1055 [syslog_r function is safe to use in in a signal handler]) 1056 TEST_MALLOC_OPTIONS="AFGJPRX" 1057 ;; 1058*-*-solaris*) 1059 if test "x$withval" != "xno" ; then 1060 rpath_opt="-R" 1061 fi 1062 AC_DEFINE([PAM_SUN_CODEBASE]) 1063 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1064 AC_DEFINE([PAM_TTY_KLUDGE]) 1065 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1066 [Define if pam_chauthtok wants real uid set 1067 to the unpriv'ed user]) 1068 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1069 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1070 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1071 [Define if sshd somehow reacquires a controlling TTY 1072 after setsid()]) 1073 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1074 in case the name is longer than 8 chars]) 1075 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1076 external_path_file=/etc/default/login 1077 # hardwire lastlog location (can't detect it on some versions) 1078 conf_lastlog_location="/var/adm/lastlog" 1079 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1080 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1081 if test "$sol2ver" -ge 8; then 1082 AC_MSG_RESULT([yes]) 1083 AC_DEFINE([DISABLE_UTMP]) 1084 AC_DEFINE([DISABLE_WTMP], [1], 1085 [Define if you don't want to use wtmp]) 1086 else 1087 AC_MSG_RESULT([no]) 1088 fi 1089 AC_CHECK_FUNCS([setpflags]) 1090 AC_CHECK_FUNCS([setppriv]) 1091 AC_CHECK_FUNCS([priv_basicset]) 1092 AC_CHECK_HEADERS([priv.h]) 1093 AC_ARG_WITH([solaris-contracts], 1094 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1095 [ 1096 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1097 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1098 [Define if you have Solaris process contracts]) 1099 LIBS="$LIBS -lcontract" 1100 SPC_MSG="yes" ], ) 1101 ], 1102 ) 1103 AC_ARG_WITH([solaris-projects], 1104 [ --with-solaris-projects Enable Solaris projects (experimental)], 1105 [ 1106 AC_CHECK_LIB([project], [setproject], 1107 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1108 [Define if you have Solaris projects]) 1109 LIBS="$LIBS -lproject" 1110 SP_MSG="yes" ], ) 1111 ], 1112 ) 1113 AC_ARG_WITH([solaris-privs], 1114 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1115 [ 1116 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1117 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1118 "x$ac_cv_header_priv_h" = "xyes" ; then 1119 SOLARIS_PRIVS=yes 1120 AC_MSG_RESULT([found]) 1121 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1122 [Define to disable UID restoration test]) 1123 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1124 [Define if you have Solaris privileges]) 1125 SPP_MSG="yes" 1126 else 1127 AC_MSG_RESULT([not found]) 1128 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1129 fi 1130 ], 1131 ) 1132 TEST_SHELL=$SHELL # let configure find us a capable shell 1133 ;; 1134*-*-sunos4*) 1135 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1136 AC_CHECK_FUNCS([getpwanam]) 1137 AC_DEFINE([PAM_SUN_CODEBASE]) 1138 conf_utmp_location=/etc/utmp 1139 conf_wtmp_location=/var/adm/wtmp 1140 conf_lastlog_location=/var/adm/lastlog 1141 AC_DEFINE([USE_PIPES]) 1142 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1143 ;; 1144*-ncr-sysv*) 1145 LIBS="$LIBS -lc89" 1146 AC_DEFINE([USE_PIPES]) 1147 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1148 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1149 AC_DEFINE([BROKEN_SETREUID]) 1150 AC_DEFINE([BROKEN_SETREGID]) 1151 ;; 1152*-sni-sysv*) 1153 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1154 AC_CHECK_LIB([dl], [dlsym], ,) 1155 # -lresolv needs to be at the end of LIBS or DNS lookups break 1156 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1157 IPADDR_IN_DISPLAY=yes 1158 AC_DEFINE([USE_PIPES]) 1159 AC_DEFINE([IP_TOS_IS_BROKEN]) 1160 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1161 AC_DEFINE([BROKEN_SETREUID]) 1162 AC_DEFINE([BROKEN_SETREGID]) 1163 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1164 external_path_file=/etc/default/login 1165 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1166 # Attention: always take care to bind libsocket and libnsl before libc, 1167 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1168 ;; 1169# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1170*-*-sysv4.2*) 1171 AC_DEFINE([USE_PIPES]) 1172 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1173 AC_DEFINE([BROKEN_SETREUID]) 1174 AC_DEFINE([BROKEN_SETREGID]) 1175 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1176 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1177 TEST_SHELL=$SHELL # let configure find us a capable shell 1178 ;; 1179# UnixWare 7.x, OpenUNIX 8 1180*-*-sysv5*) 1181 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1182 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1183 AC_DEFINE([USE_PIPES]) 1184 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1185 AC_DEFINE([BROKEN_GETADDRINFO]) 1186 AC_DEFINE([BROKEN_SETREUID]) 1187 AC_DEFINE([BROKEN_SETREGID]) 1188 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1189 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1190 TEST_SHELL=$SHELL # let configure find us a capable shell 1191 case "$host" in 1192 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1193 maildir=/var/spool/mail 1194 AC_DEFINE([BROKEN_UPDWTMPX]) 1195 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1196 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1197 ], , ) 1198 ;; 1199 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1200 ;; 1201 esac 1202 ;; 1203*-*-sysv*) 1204 ;; 1205# SCO UNIX and OEM versions of SCO UNIX 1206*-*-sco3.2v4*) 1207 AC_MSG_ERROR("This Platform is no longer supported.") 1208 ;; 1209# SCO OpenServer 5.x 1210*-*-sco3.2v5*) 1211 if test -z "$GCC"; then 1212 CFLAGS="$CFLAGS -belf" 1213 fi 1214 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1215 no_dev_ptmx=1 1216 AC_DEFINE([USE_PIPES]) 1217 AC_DEFINE([HAVE_SECUREWARE]) 1218 AC_DEFINE([DISABLE_SHADOW]) 1219 AC_DEFINE([DISABLE_FD_PASSING]) 1220 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1221 AC_DEFINE([BROKEN_GETADDRINFO]) 1222 AC_DEFINE([BROKEN_SETREUID]) 1223 AC_DEFINE([BROKEN_SETREGID]) 1224 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1225 AC_DEFINE([BROKEN_UPDWTMPX]) 1226 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1227 AC_CHECK_FUNCS([getluid setluid]) 1228 MANTYPE=man 1229 TEST_SHELL=$SHELL # let configure find us a capable shell 1230 SKIP_DISABLE_LASTLOG_DEFINE=yes 1231 ;; 1232*-dec-osf*) 1233 AC_MSG_CHECKING([for Digital Unix SIA]) 1234 no_osfsia="" 1235 AC_ARG_WITH([osfsia], 1236 [ --with-osfsia Enable Digital Unix SIA], 1237 [ 1238 if test "x$withval" = "xno" ; then 1239 AC_MSG_RESULT([disabled]) 1240 no_osfsia=1 1241 fi 1242 ], 1243 ) 1244 if test -z "$no_osfsia" ; then 1245 if test -f /etc/sia/matrix.conf; then 1246 AC_MSG_RESULT([yes]) 1247 AC_DEFINE([HAVE_OSF_SIA], [1], 1248 [Define if you have Digital Unix Security 1249 Integration Architecture]) 1250 AC_DEFINE([DISABLE_LOGIN], [1], 1251 [Define if you don't want to use your 1252 system's login() call]) 1253 AC_DEFINE([DISABLE_FD_PASSING]) 1254 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1255 SIA_MSG="yes" 1256 else 1257 AC_MSG_RESULT([no]) 1258 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1259 [String used in /etc/passwd to denote locked account]) 1260 fi 1261 fi 1262 AC_DEFINE([BROKEN_GETADDRINFO]) 1263 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1264 AC_DEFINE([BROKEN_SETREUID]) 1265 AC_DEFINE([BROKEN_SETREGID]) 1266 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1267 ;; 1268 1269*-*-nto-qnx*) 1270 AC_DEFINE([USE_PIPES]) 1271 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1272 AC_DEFINE([DISABLE_LASTLOG]) 1273 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1274 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1275 enable_etc_default_login=no # has incompatible /etc/default/login 1276 case "$host" in 1277 *-*-nto-qnx6*) 1278 AC_DEFINE([DISABLE_FD_PASSING]) 1279 ;; 1280 esac 1281 ;; 1282 1283*-*-ultrix*) 1284 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1285 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1286 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1287 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1288 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1289 # don't get a controlling tty. 1290 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1291 # On Ultrix some headers are not protected against multiple includes, 1292 # so we create wrappers and put it where the compiler will find it. 1293 AC_MSG_WARN([creating compat wrappers for headers]) 1294 mkdir -p netinet 1295 for header in netinet/ip.h netdb.h resolv.h; do 1296 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1297 cat >$header <<EOD 1298#ifndef _SSH_COMPAT_${name} 1299#define _SSH_COMPAT_${name} 1300#include "/usr/include/${header}" 1301#endif 1302EOD 1303 done 1304 ;; 1305 1306*-*-lynxos) 1307 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1308 AC_DEFINE([BROKEN_SETVBUF], [1], 1309 [LynxOS has broken setvbuf() implementation]) 1310 ;; 1311esac 1312 1313AC_MSG_CHECKING([compiler and flags for sanity]) 1314AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1315 [ AC_MSG_RESULT([yes]) ], 1316 [ 1317 AC_MSG_RESULT([no]) 1318 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1319 ], 1320 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1321) 1322 1323dnl Checks for header files. 1324# Checks for libraries. 1325AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1326 1327dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1328AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1329 AC_CHECK_LIB([gen], [dirname], [ 1330 AC_CACHE_CHECK([for broken dirname], 1331 ac_cv_have_broken_dirname, [ 1332 save_LIBS="$LIBS" 1333 LIBS="$LIBS -lgen" 1334 AC_RUN_IFELSE( 1335 [AC_LANG_SOURCE([[ 1336#include <libgen.h> 1337#include <string.h> 1338#include <stdlib.h> 1339 1340int main(int argc, char **argv) { 1341 char *s, buf[32]; 1342 1343 strncpy(buf,"/etc", 32); 1344 s = dirname(buf); 1345 if (!s || strncmp(s, "/", 32) != 0) { 1346 exit(1); 1347 } else { 1348 exit(0); 1349 } 1350} 1351 ]])], 1352 [ ac_cv_have_broken_dirname="no" ], 1353 [ ac_cv_have_broken_dirname="yes" ], 1354 [ ac_cv_have_broken_dirname="no" ], 1355 ) 1356 LIBS="$save_LIBS" 1357 ]) 1358 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1359 LIBS="$LIBS -lgen" 1360 AC_DEFINE([HAVE_DIRNAME]) 1361 AC_CHECK_HEADERS([libgen.h]) 1362 fi 1363 ]) 1364]) 1365 1366AC_CHECK_FUNC([getspnam], , 1367 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1368AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1369 [Define if you have the basename function.])]) 1370 1371dnl zlib defaults to enabled 1372zlib=yes 1373AC_ARG_WITH([zlib], 1374 [ --with-zlib=PATH Use zlib in PATH], 1375 [ if test "x$withval" = "xno" ; then 1376 zlib=no 1377 elif test "x$withval" != "xyes"; then 1378 if test -d "$withval/lib"; then 1379 if test -n "${rpath_opt}"; then 1380 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1381 else 1382 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1383 fi 1384 else 1385 if test -n "${rpath_opt}"; then 1386 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1387 else 1388 LDFLAGS="-L${withval} ${LDFLAGS}" 1389 fi 1390 fi 1391 if test -d "$withval/include"; then 1392 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1393 else 1394 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1395 fi 1396 fi ] 1397) 1398 1399# These libraries are needed for anything that links in the channel code. 1400CHANNELLIBS="" 1401AC_MSG_CHECKING([for zlib]) 1402if test "x${zlib}" = "xno"; then 1403 AC_MSG_RESULT([no]) 1404else 1405 saved_LIBS="$LIBS" 1406 CHANNELLIBS="$CHANNELLIBS -lz" 1407 AC_MSG_RESULT([yes]) 1408 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1409 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1410 AC_CHECK_LIB([z], [deflate], [], 1411 [ 1412 saved_CPPFLAGS="$CPPFLAGS" 1413 saved_LDFLAGS="$LDFLAGS" 1414 dnl Check default zlib install dir 1415 if test -n "${rpath_opt}"; then 1416 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1417 else 1418 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1419 fi 1420 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1421 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1422 [ 1423 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1424 ] 1425 ) 1426 ] 1427 ) 1428 1429 AC_ARG_WITH([zlib-version-check], 1430 [ --without-zlib-version-check Disable zlib version check], 1431 [ if test "x$withval" = "xno" ; then 1432 zlib_check_nonfatal=1 1433 fi 1434 ] 1435 ) 1436 1437 AC_MSG_CHECKING([for possibly buggy zlib]) 1438 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1439#include <stdio.h> 1440#include <stdlib.h> 1441#include <zlib.h> 1442 ]], 1443 [[ 1444 int a=0, b=0, c=0, d=0, n, v; 1445 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1446 if (n != 3 && n != 4) 1447 exit(1); 1448 v = a*1000000 + b*10000 + c*100 + d; 1449 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1450 1451 /* 1.1.4 is OK */ 1452 if (a == 1 && b == 1 && c >= 4) 1453 exit(0); 1454 1455 /* 1.2.3 and up are OK */ 1456 if (v >= 1020300) 1457 exit(0); 1458 1459 exit(2); 1460 ]])], 1461 AC_MSG_RESULT([no]), 1462 [ AC_MSG_RESULT([yes]) 1463 if test -z "$zlib_check_nonfatal" ; then 1464 AC_MSG_ERROR([*** zlib too old - check config.log *** 1465Your reported zlib version has known security problems. It's possible your 1466vendor has fixed these problems without changing the version number. If you 1467are sure this is the case, you can disable the check by running 1468"./configure --without-zlib-version-check". 1469If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1470See http://www.gzip.org/zlib/ for details.]) 1471 else 1472 AC_MSG_WARN([zlib version may have security problems]) 1473 fi 1474 ], 1475 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1476 ) 1477 LIBS="$saved_LIBS" 1478fi 1479 1480dnl UnixWare 2.x 1481AC_CHECK_FUNC([strcasecmp], 1482 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1483) 1484AC_CHECK_FUNCS([utimes], 1485 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1486 LIBS="$LIBS -lc89"]) ] 1487) 1488 1489dnl Checks for libutil functions 1490AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1491AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1492AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1493AC_SEARCH_LIBS([login], [util bsd]) 1494AC_SEARCH_LIBS([logout], [util bsd]) 1495AC_SEARCH_LIBS([logwtmp], [util bsd]) 1496AC_SEARCH_LIBS([openpty], [util bsd]) 1497AC_SEARCH_LIBS([updwtmp], [util bsd]) 1498AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1499 1500# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1501# or libnsl. 1502AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1503AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1504 1505# Some Linux distribtions ship the BSD libc hashing functions in 1506# separate libraries. 1507AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1508 1509# "Particular Function Checks" 1510# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1511AC_FUNC_STRFTIME 1512AC_FUNC_MALLOC 1513AC_FUNC_REALLOC 1514# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1515AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1516AC_RUN_IFELSE( 1517 [AC_LANG_PROGRAM( 1518 [[ #include <stdlib.h> ]], 1519 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1520 )], 1521 [ func_calloc_0_nonnull=yes ], 1522 [ func_calloc_0_nonnull=no ], 1523 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1524 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1525) 1526AC_MSG_RESULT([$func_calloc_0_nonnull]) 1527 1528if test "x$func_calloc_0_nonnull" = "xyes"; then 1529 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1530else 1531 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1532 AC_DEFINE(calloc, rpl_calloc, 1533 [Define to rpl_calloc if the replacement function should be used.]) 1534fi 1535 1536# Check for ALTDIRFUNC glob() extension 1537AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1538AC_EGREP_CPP([FOUNDIT], 1539 [ 1540 #include <glob.h> 1541 #ifdef GLOB_ALTDIRFUNC 1542 FOUNDIT 1543 #endif 1544 ], 1545 [ 1546 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1547 [Define if your system glob() function has 1548 the GLOB_ALTDIRFUNC extension]) 1549 AC_MSG_RESULT([yes]) 1550 ], 1551 [ 1552 AC_MSG_RESULT([no]) 1553 ] 1554) 1555 1556# Check for g.gl_matchc glob() extension 1557AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1558AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1559 [[ glob_t g; g.gl_matchc = 1; ]])], 1560 [ 1561 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1562 [Define if your system glob() function has 1563 gl_matchc options in glob_t]) 1564 AC_MSG_RESULT([yes]) 1565 ], [ 1566 AC_MSG_RESULT([no]) 1567]) 1568 1569# Check for g.gl_statv glob() extension 1570AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1571AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1572#ifndef GLOB_KEEPSTAT 1573#error "glob does not support GLOB_KEEPSTAT extension" 1574#endif 1575glob_t g; 1576g.gl_statv = NULL; 1577]])], 1578 [ 1579 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1580 [Define if your system glob() function has 1581 gl_statv options in glob_t]) 1582 AC_MSG_RESULT([yes]) 1583 ], [ 1584 AC_MSG_RESULT([no]) 1585 1586]) 1587 1588AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1589 1590AC_CHECK_DECL([VIS_ALL], , 1591 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1592 1593AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1594AC_RUN_IFELSE( 1595 [AC_LANG_PROGRAM([[ 1596#include <sys/types.h> 1597#include <dirent.h> 1598#include <stdlib.h> 1599 ]], 1600 [[ 1601 struct dirent d; 1602 exit(sizeof(d.d_name)<=sizeof(char)); 1603 ]])], 1604 [AC_MSG_RESULT([yes])], 1605 [ 1606 AC_MSG_RESULT([no]) 1607 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1608 [Define if your struct dirent expects you to 1609 allocate extra space for d_name]) 1610 ], 1611 [ 1612 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1613 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1614 ] 1615) 1616 1617AC_MSG_CHECKING([for /proc/pid/fd directory]) 1618if test -d "/proc/$$/fd" ; then 1619 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1620 AC_MSG_RESULT([yes]) 1621else 1622 AC_MSG_RESULT([no]) 1623fi 1624 1625# Check whether user wants TCP wrappers support 1626TCPW_MSG="no" 1627AC_ARG_WITH([tcp-wrappers], 1628 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1629 [ 1630 if test "x$withval" != "xno" ; then 1631 saved_LIBS="$LIBS" 1632 saved_LDFLAGS="$LDFLAGS" 1633 saved_CPPFLAGS="$CPPFLAGS" 1634 if test -n "${withval}" && \ 1635 test "x${withval}" != "xyes"; then 1636 if test -d "${withval}/lib"; then 1637 if test -n "${need_dash_r}"; then 1638 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1639 else 1640 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1641 fi 1642 else 1643 if test -n "${need_dash_r}"; then 1644 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1645 else 1646 LDFLAGS="-L${withval} ${LDFLAGS}" 1647 fi 1648 fi 1649 if test -d "${withval}/include"; then 1650 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1651 else 1652 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1653 fi 1654 fi 1655 LIBS="-lwrap $LIBS" 1656 AC_MSG_CHECKING([for libwrap]) 1657 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1658#include <sys/types.h> 1659#include <sys/socket.h> 1660#include <netinet/in.h> 1661#include <tcpd.h> 1662int deny_severity = 0, allow_severity = 0; 1663 ]], [[ 1664 hosts_access(0); 1665 ]])], [ 1666 AC_MSG_RESULT([yes]) 1667 AC_DEFINE([LIBWRAP], [1], 1668 [Define if you want 1669 TCP Wrappers support]) 1670 SSHDLIBS="$SSHDLIBS -lwrap" 1671 TCPW_MSG="yes" 1672 ], [ 1673 AC_MSG_ERROR([*** libwrap missing]) 1674 ]) 1675 LIBS="$saved_LIBS" 1676 fi 1677 ] 1678) 1679 1680# Check whether user wants to use ldns 1681LDNS_MSG="no" 1682AC_ARG_WITH(ldns, 1683 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1684 [ 1685 ldns="" 1686 if test "x$withval" = "xyes" ; then 1687 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1688 if test "x$LDNSCONFIG" = "xno"; then 1689 LIBS="-lldns $LIBS" 1690 ldns=yes 1691 else 1692 LIBS="$LIBS `$LDNSCONFIG --libs`" 1693 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1694 ldns=yes 1695 fi 1696 elif test "x$withval" != "xno" ; then 1697 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1698 LDFLAGS="$LDFLAGS -L${withval}/lib" 1699 LIBS="-lldns $LIBS" 1700 ldns=yes 1701 fi 1702 1703 # Verify that it works. 1704 if test "x$ldns" = "xyes" ; then 1705 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1706 LDNS_MSG="yes" 1707 AC_MSG_CHECKING([for ldns support]) 1708 AC_LINK_IFELSE( 1709 [AC_LANG_SOURCE([[ 1710#include <stdio.h> 1711#include <stdlib.h> 1712#ifdef HAVE_STDINT_H 1713# include <stdint.h> 1714#endif 1715#include <ldns/ldns.h> 1716int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1717 ]]) 1718 ], 1719 [AC_MSG_RESULT(yes)], 1720 [ 1721 AC_MSG_RESULT(no) 1722 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1723 ]) 1724 fi 1725]) 1726 1727# Check whether user wants libedit support 1728LIBEDIT_MSG="no" 1729AC_ARG_WITH([libedit], 1730 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1731 [ if test "x$withval" != "xno" ; then 1732 if test "x$withval" = "xyes" ; then 1733 if test "x$PKGCONFIG" != "xno"; then 1734 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1735 if "$PKGCONFIG" libedit; then 1736 AC_MSG_RESULT([yes]) 1737 use_pkgconfig_for_libedit=yes 1738 else 1739 AC_MSG_RESULT([no]) 1740 fi 1741 fi 1742 else 1743 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1744 if test -n "${rpath_opt}"; then 1745 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1746 else 1747 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1748 fi 1749 fi 1750 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1751 LIBEDIT=`$PKGCONFIG --libs libedit` 1752 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1753 else 1754 LIBEDIT="-ledit -lcurses" 1755 fi 1756 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1757 AC_CHECK_LIB([edit], [el_init], 1758 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1759 LIBEDIT_MSG="yes" 1760 AC_SUBST([LIBEDIT]) 1761 ], 1762 [ AC_MSG_ERROR([libedit not found]) ], 1763 [ $OTHERLIBS ] 1764 ) 1765 AC_MSG_CHECKING([if libedit version is compatible]) 1766 AC_COMPILE_IFELSE( 1767 [AC_LANG_PROGRAM([[ 1768#include <histedit.h> 1769#include <stdlib.h> 1770 ]], 1771 [[ 1772 int i = H_SETSIZE; 1773 el_init("", NULL, NULL, NULL); 1774 exit(0); 1775 ]])], 1776 [ AC_MSG_RESULT([yes]) ], 1777 [ AC_MSG_RESULT([no]) 1778 AC_MSG_ERROR([libedit version is not compatible]) ] 1779 ) 1780 fi ] 1781) 1782 1783AUDIT_MODULE=none 1784AC_ARG_WITH([audit], 1785 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1786 [ 1787 AC_MSG_CHECKING([for supported audit module]) 1788 case "$withval" in 1789 bsm) 1790 AC_MSG_RESULT([bsm]) 1791 AUDIT_MODULE=bsm 1792 dnl Checks for headers, libs and functions 1793 AC_CHECK_HEADERS([bsm/audit.h], [], 1794 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1795 [ 1796#ifdef HAVE_TIME_H 1797# include <time.h> 1798#endif 1799 ] 1800) 1801 AC_CHECK_LIB([bsm], [getaudit], [], 1802 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1803 AC_CHECK_FUNCS([getaudit], [], 1804 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1805 # These are optional 1806 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1807 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1808 if test "$sol2ver" -ge 11; then 1809 SSHDLIBS="$SSHDLIBS -lscf" 1810 AC_DEFINE([BROKEN_BSM_API], [1], 1811 [The system has incomplete BSM API]) 1812 fi 1813 ;; 1814 linux) 1815 AC_MSG_RESULT([linux]) 1816 AUDIT_MODULE=linux 1817 dnl Checks for headers, libs and functions 1818 AC_CHECK_HEADERS([libaudit.h]) 1819 SSHDLIBS="$SSHDLIBS -laudit" 1820 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1821 ;; 1822 debug) 1823 AUDIT_MODULE=debug 1824 AC_MSG_RESULT([debug]) 1825 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1826 ;; 1827 no) 1828 AC_MSG_RESULT([no]) 1829 ;; 1830 *) 1831 AC_MSG_ERROR([Unknown audit module $withval]) 1832 ;; 1833 esac ] 1834) 1835 1836AC_ARG_WITH([pie], 1837 [ --with-pie Build Position Independent Executables if possible], [ 1838 if test "x$withval" = "xno"; then 1839 use_pie=no 1840 fi 1841 if test "x$withval" = "xyes"; then 1842 use_pie=yes 1843 fi 1844 ] 1845) 1846if test "x$use_pie" = "x"; then 1847 use_pie=no 1848fi 1849if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1850 # Turn off automatic PIE when toolchain hardening is off. 1851 use_pie=no 1852fi 1853if test "x$use_pie" = "xauto"; then 1854 # Automatic PIE requires gcc >= 4.x 1855 AC_MSG_CHECKING([for gcc >= 4.x]) 1856 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1857#if !defined(__GNUC__) || __GNUC__ < 4 1858#error gcc is too old 1859#endif 1860]])], 1861 [ AC_MSG_RESULT([yes]) ], 1862 [ AC_MSG_RESULT([no]) 1863 use_pie=no ] 1864) 1865fi 1866if test "x$use_pie" != "xno"; then 1867 SAVED_CFLAGS="$CFLAGS" 1868 SAVED_LDFLAGS="$LDFLAGS" 1869 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1870 OSSH_CHECK_LDFLAG_LINK([-pie]) 1871 # We use both -fPIE and -pie or neither. 1872 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1873 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1874 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1875 AC_MSG_RESULT([yes]) 1876 else 1877 AC_MSG_RESULT([no]) 1878 CFLAGS="$SAVED_CFLAGS" 1879 LDFLAGS="$SAVED_LDFLAGS" 1880 fi 1881fi 1882 1883AC_MSG_CHECKING([whether -fPIC is accepted]) 1884SAVED_CFLAGS="$CFLAGS" 1885CFLAGS="$CFLAGS -fPIC" 1886AC_COMPILE_IFELSE( 1887 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1888 [AC_MSG_RESULT([yes]) 1889 PICFLAG="-fPIC"; ], 1890 [AC_MSG_RESULT([no]) 1891 PICFLAG=""; ]) 1892CFLAGS="$SAVED_CFLAGS" 1893AC_SUBST([PICFLAG]) 1894 1895dnl Checks for library functions. Please keep in alphabetical order 1896AC_CHECK_FUNCS([ \ 1897 auth_hostok \ 1898 auth_timeok \ 1899 Blowfish_initstate \ 1900 Blowfish_expandstate \ 1901 Blowfish_expand0state \ 1902 Blowfish_stream2word \ 1903 SHA256Update \ 1904 SHA384Update \ 1905 SHA512Update \ 1906 asprintf \ 1907 b64_ntop \ 1908 __b64_ntop \ 1909 b64_pton \ 1910 __b64_pton \ 1911 bcopy \ 1912 bcrypt_pbkdf \ 1913 bindresvport_sa \ 1914 blf_enc \ 1915 bzero \ 1916 cap_rights_limit \ 1917 clock \ 1918 closefrom \ 1919 close_range \ 1920 dirfd \ 1921 endgrent \ 1922 err \ 1923 errx \ 1924 explicit_bzero \ 1925 explicit_memset \ 1926 fchmod \ 1927 fchmodat \ 1928 fchown \ 1929 fchownat \ 1930 flock \ 1931 fnmatch \ 1932 freeaddrinfo \ 1933 freezero \ 1934 fstatfs \ 1935 fstatvfs \ 1936 futimes \ 1937 getaddrinfo \ 1938 getcwd \ 1939 getentropy \ 1940 getgrouplist \ 1941 getline \ 1942 getnameinfo \ 1943 getopt \ 1944 getpagesize \ 1945 getpeereid \ 1946 getpeerucred \ 1947 getpgid \ 1948 _getpty \ 1949 getrlimit \ 1950 getrandom \ 1951 getsid \ 1952 getttyent \ 1953 glob \ 1954 group_from_gid \ 1955 inet_aton \ 1956 inet_ntoa \ 1957 inet_ntop \ 1958 innetgr \ 1959 killpg \ 1960 llabs \ 1961 localtime_r \ 1962 login_getcapbool \ 1963 login_getpwclass \ 1964 memmem \ 1965 memmove \ 1966 memset_s \ 1967 mkdtemp \ 1968 ngetaddrinfo \ 1969 nsleep \ 1970 ogetaddrinfo \ 1971 openlog_r \ 1972 pledge \ 1973 poll \ 1974 ppoll \ 1975 prctl \ 1976 procctl \ 1977 pselect \ 1978 pstat \ 1979 raise \ 1980 readpassphrase \ 1981 reallocarray \ 1982 realpath \ 1983 recvmsg \ 1984 recallocarray \ 1985 rresvport_af \ 1986 sendmsg \ 1987 setdtablesize \ 1988 setegid \ 1989 setenv \ 1990 seteuid \ 1991 setgroupent \ 1992 setgroups \ 1993 setlinebuf \ 1994 setlogin \ 1995 setpassent\ 1996 setpcred \ 1997 setproctitle \ 1998 setregid \ 1999 setreuid \ 2000 setrlimit \ 2001 setsid \ 2002 setvbuf \ 2003 sigaction \ 2004 sigvec \ 2005 snprintf \ 2006 socketpair \ 2007 statfs \ 2008 statvfs \ 2009 strcasestr \ 2010 strdup \ 2011 strerror \ 2012 strlcat \ 2013 strlcpy \ 2014 strmode \ 2015 strndup \ 2016 strnlen \ 2017 strnvis \ 2018 strptime \ 2019 strsignal \ 2020 strtonum \ 2021 strtoll \ 2022 strtoul \ 2023 strtoull \ 2024 swap32 \ 2025 sysconf \ 2026 tcgetpgrp \ 2027 timegm \ 2028 timingsafe_bcmp \ 2029 truncate \ 2030 unsetenv \ 2031 updwtmpx \ 2032 utimensat \ 2033 user_from_uid \ 2034 usleep \ 2035 vasprintf \ 2036 vsnprintf \ 2037 waitpid \ 2038 warn \ 2039]) 2040 2041AC_CHECK_DECLS([bzero, memmem]) 2042 2043dnl Wide character support. 2044AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2045 2046TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2047AC_MSG_CHECKING([for utf8 locale support]) 2048AC_RUN_IFELSE( 2049 [AC_LANG_PROGRAM([[ 2050#include <locale.h> 2051#include <stdlib.h> 2052 ]], [[ 2053 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2054 if (loc != NULL) 2055 exit(0); 2056 exit(1); 2057 ]])], 2058 AC_MSG_RESULT(yes), 2059 [AC_MSG_RESULT(no) 2060 TEST_SSH_UTF8=no], 2061 AC_MSG_WARN([cross compiling: assuming yes]) 2062) 2063 2064AC_LINK_IFELSE( 2065 [AC_LANG_PROGRAM( 2066 [[ #include <ctype.h> ]], 2067 [[ return (isblank('a')); ]])], 2068 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2069]) 2070 2071disable_pkcs11= 2072AC_ARG_ENABLE([pkcs11], 2073 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2074 [ 2075 if test "x$enableval" = "xno" ; then 2076 disable_pkcs11=1 2077 fi 2078 ] 2079) 2080 2081disable_sk= 2082AC_ARG_ENABLE([security-key], 2083 [ --disable-security-key disable U2F/FIDO support code [no]], 2084 [ 2085 if test "x$enableval" = "xno" ; then 2086 disable_sk=1 2087 fi 2088 ] 2089) 2090enable_sk_internal= 2091AC_ARG_WITH([security-key-builtin], 2092 [ --with-security-key-builtin include builtin U2F/FIDO support], 2093 [ enable_sk_internal=$withval ] 2094) 2095 2096AC_SEARCH_LIBS([dlopen], [dl]) 2097AC_CHECK_FUNCS([dlopen]) 2098AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2099 2100# IRIX has a const char return value for gai_strerror() 2101AC_CHECK_FUNCS([gai_strerror], [ 2102 AC_DEFINE([HAVE_GAI_STRERROR]) 2103 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2104#include <sys/types.h> 2105#include <sys/socket.h> 2106#include <netdb.h> 2107 2108const char *gai_strerror(int); 2109 ]], [[ 2110 char *str; 2111 str = gai_strerror(0); 2112 ]])], [ 2113 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2114 [Define if gai_strerror() returns const char *])], [])]) 2115 2116AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2117 [Some systems put nanosleep outside of libc])]) 2118 2119AC_SEARCH_LIBS([clock_gettime], [rt], 2120 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2121 2122dnl check if we need -D_REENTRANT for localtime_r declaration. 2123AC_CHECK_DECL([localtime_r], [], 2124 [ saved_CPPFLAGS="$CPPFLAGS" 2125 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2126 unset ac_cv_have_decl_localtime_r 2127 AC_CHECK_DECL([localtime_r], [], 2128 [ CPPFLAGS="$saved_CPPFLAGS" ], 2129 [ #include <time.h> ] 2130 ) 2131 ], 2132 [ #include <time.h> ] 2133) 2134 2135dnl Make sure prototypes are defined for these before using them. 2136AC_CHECK_DECL([strsep], 2137 [AC_CHECK_FUNCS([strsep])], 2138 [], 2139 [ 2140#ifdef HAVE_STRING_H 2141# include <string.h> 2142#endif 2143 ]) 2144 2145dnl tcsendbreak might be a macro 2146AC_CHECK_DECL([tcsendbreak], 2147 [AC_DEFINE([HAVE_TCSENDBREAK])], 2148 [AC_CHECK_FUNCS([tcsendbreak])], 2149 [#include <termios.h>] 2150) 2151 2152AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2153 2154AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2155 [ 2156#include <sys/types.h> 2157#include <sys/socket.h> 2158#include <unistd.h> 2159 ]) 2160 2161AC_CHECK_DECLS([O_NONBLOCK], , , 2162 [ 2163#include <sys/types.h> 2164#ifdef HAVE_SYS_STAT_H 2165# include <sys/stat.h> 2166#endif 2167#ifdef HAVE_FCNTL_H 2168# include <fcntl.h> 2169#endif 2170 ]) 2171 2172AC_CHECK_DECLS([ftruncate, getentropy], , , 2173 [ 2174#include <sys/types.h> 2175#include <unistd.h> 2176 ]) 2177 2178AC_CHECK_DECLS([readv, writev], , , [ 2179#include <sys/types.h> 2180#include <sys/uio.h> 2181#include <unistd.h> 2182 ]) 2183 2184AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2185#include <sys/param.h> 2186 ]) 2187 2188AC_CHECK_DECLS([offsetof], , , [ 2189#include <stddef.h> 2190 ]) 2191 2192# extra bits for select(2) 2193AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2194#include <sys/param.h> 2195#include <sys/types.h> 2196#ifdef HAVE_SYS_SYSMACROS_H 2197#include <sys/sysmacros.h> 2198#endif 2199#ifdef HAVE_SYS_SELECT_H 2200#include <sys/select.h> 2201#endif 2202#ifdef HAVE_SYS_TIME_H 2203#include <sys/time.h> 2204#endif 2205#ifdef HAVE_UNISTD_H 2206#include <unistd.h> 2207#endif 2208 ]]) 2209AC_CHECK_TYPES([fd_mask], [], [], [[ 2210#include <sys/param.h> 2211#include <sys/types.h> 2212#ifdef HAVE_SYS_SELECT_H 2213#include <sys/select.h> 2214#endif 2215#ifdef HAVE_SYS_TIME_H 2216#include <sys/time.h> 2217#endif 2218#ifdef HAVE_UNISTD_H 2219#include <unistd.h> 2220#endif 2221 ]]) 2222 2223AC_CHECK_FUNCS([setresuid], [ 2224 dnl Some platorms have setresuid that isn't implemented, test for this 2225 AC_MSG_CHECKING([if setresuid seems to work]) 2226 AC_RUN_IFELSE( 2227 [AC_LANG_PROGRAM([[ 2228#include <stdlib.h> 2229#include <errno.h> 2230 ]], [[ 2231 errno=0; 2232 setresuid(0,0,0); 2233 if (errno==ENOSYS) 2234 exit(1); 2235 else 2236 exit(0); 2237 ]])], 2238 [AC_MSG_RESULT([yes])], 2239 [AC_DEFINE([BROKEN_SETRESUID], [1], 2240 [Define if your setresuid() is broken]) 2241 AC_MSG_RESULT([not implemented])], 2242 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2243 ) 2244]) 2245 2246AC_CHECK_FUNCS([setresgid], [ 2247 dnl Some platorms have setresgid that isn't implemented, test for this 2248 AC_MSG_CHECKING([if setresgid seems to work]) 2249 AC_RUN_IFELSE( 2250 [AC_LANG_PROGRAM([[ 2251#include <stdlib.h> 2252#include <errno.h> 2253 ]], [[ 2254 errno=0; 2255 setresgid(0,0,0); 2256 if (errno==ENOSYS) 2257 exit(1); 2258 else 2259 exit(0); 2260 ]])], 2261 [AC_MSG_RESULT([yes])], 2262 [AC_DEFINE([BROKEN_SETRESGID], [1], 2263 [Define if your setresgid() is broken]) 2264 AC_MSG_RESULT([not implemented])], 2265 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2266 ) 2267]) 2268 2269AC_MSG_CHECKING([for working fflush(NULL)]) 2270AC_RUN_IFELSE( 2271 [AC_LANG_PROGRAM([[ 2272#include <stdio.h> 2273#include <stdlib.h> 2274 ]], 2275 [[fflush(NULL); exit(0);]])], 2276 AC_MSG_RESULT([yes]), 2277 [AC_MSG_RESULT([no]) 2278 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2279 [define if fflush(NULL) does not work])], 2280 AC_MSG_WARN([cross compiling: assuming working]) 2281) 2282 2283dnl Checks for time functions 2284AC_CHECK_FUNCS([gettimeofday time]) 2285dnl Checks for utmp functions 2286AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2287AC_CHECK_FUNCS([utmpname]) 2288dnl Checks for utmpx functions 2289AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2290AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2291dnl Checks for lastlog functions 2292AC_CHECK_FUNCS([getlastlogxbyname]) 2293 2294AC_CHECK_FUNC([daemon], 2295 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2296 [AC_CHECK_LIB([bsd], [daemon], 2297 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2298) 2299 2300AC_CHECK_FUNC([getpagesize], 2301 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2302 [Define if your libraries define getpagesize()])], 2303 [AC_CHECK_LIB([ucb], [getpagesize], 2304 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2305) 2306 2307# Check for broken snprintf 2308if test "x$ac_cv_func_snprintf" = "xyes" ; then 2309 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2310 AC_RUN_IFELSE( 2311 [AC_LANG_PROGRAM([[ 2312#include <stdio.h> 2313#include <stdlib.h> 2314 ]], 2315 [[ 2316 char b[5]; 2317 snprintf(b,5,"123456789"); 2318 exit(b[4]!='\0'); 2319 ]])], 2320 [AC_MSG_RESULT([yes])], 2321 [ 2322 AC_MSG_RESULT([no]) 2323 AC_DEFINE([BROKEN_SNPRINTF], [1], 2324 [Define if your snprintf is busted]) 2325 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2326 ], 2327 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2328 ) 2329fi 2330 2331if test "x$ac_cv_func_snprintf" = "xyes" ; then 2332 AC_MSG_CHECKING([whether snprintf understands %zu]) 2333 AC_RUN_IFELSE( 2334 [AC_LANG_PROGRAM([[ 2335#include <sys/types.h> 2336#include <stdio.h> 2337#include <stdlib.h> 2338#include <string.h> 2339 ]], 2340 [[ 2341 size_t a = 1, b = 2; 2342 char z[128]; 2343 snprintf(z, sizeof z, "%zu%zu", a, b); 2344 exit(strcmp(z, "12")); 2345 ]])], 2346 [AC_MSG_RESULT([yes])], 2347 [ 2348 AC_MSG_RESULT([no]) 2349 AC_DEFINE([BROKEN_SNPRINTF], [1], 2350 [snprintf does not understand %zu]) 2351 ], 2352 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2353 ) 2354fi 2355 2356# We depend on vsnprintf returning the right thing on overflow: the 2357# number of characters it tried to create (as per SUSv3) 2358if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2359 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2360 AC_RUN_IFELSE( 2361 [AC_LANG_PROGRAM([[ 2362#include <sys/types.h> 2363#include <stdio.h> 2364#include <stdarg.h> 2365 2366int x_snprintf(char *str, size_t count, const char *fmt, ...) 2367{ 2368 size_t ret; 2369 va_list ap; 2370 2371 va_start(ap, fmt); 2372 ret = vsnprintf(str, count, fmt, ap); 2373 va_end(ap); 2374 return ret; 2375} 2376 ]], [[ 2377char x[1]; 2378if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2379 return 1; 2380if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2381 return 1; 2382return 0; 2383 ]])], 2384 [AC_MSG_RESULT([yes])], 2385 [ 2386 AC_MSG_RESULT([no]) 2387 AC_DEFINE([BROKEN_SNPRINTF], [1], 2388 [Define if your snprintf is busted]) 2389 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2390 ], 2391 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2392 ) 2393fi 2394 2395# On systems where [v]snprintf is broken, but is declared in stdio, 2396# check that the fmt argument is const char * or just char *. 2397# This is only useful for when BROKEN_SNPRINTF 2398AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2399AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2400#include <stdio.h> 2401int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2402 ]], [[ 2403 snprintf(0, 0, 0); 2404 ]])], 2405 [AC_MSG_RESULT([yes]) 2406 AC_DEFINE([SNPRINTF_CONST], [const], 2407 [Define as const if snprintf() can declare const char *fmt])], 2408 [AC_MSG_RESULT([no]) 2409 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2410 2411# Check for missing getpeereid (or equiv) support 2412NO_PEERCHECK="" 2413if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2414 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2415 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2416#include <sys/types.h> 2417#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2418 [ AC_MSG_RESULT([yes]) 2419 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2420 ], [AC_MSG_RESULT([no]) 2421 NO_PEERCHECK=1 2422 ]) 2423fi 2424 2425dnl make sure that openpty does not reacquire controlling terminal 2426if test ! -z "$check_for_openpty_ctty_bug"; then 2427 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2428 AC_RUN_IFELSE( 2429 [AC_LANG_PROGRAM([[ 2430#include <stdio.h> 2431#include <stdlib.h> 2432#include <unistd.h> 2433#include <sys/fcntl.h> 2434#include <sys/types.h> 2435#include <sys/wait.h> 2436 ]], [[ 2437 pid_t pid; 2438 int fd, ptyfd, ttyfd, status; 2439 2440 pid = fork(); 2441 if (pid < 0) { /* failed */ 2442 exit(1); 2443 } else if (pid > 0) { /* parent */ 2444 waitpid(pid, &status, 0); 2445 if (WIFEXITED(status)) 2446 exit(WEXITSTATUS(status)); 2447 else 2448 exit(2); 2449 } else { /* child */ 2450 close(0); close(1); close(2); 2451 setsid(); 2452 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2453 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2454 if (fd >= 0) 2455 exit(3); /* Acquired ctty: broken */ 2456 else 2457 exit(0); /* Did not acquire ctty: OK */ 2458 } 2459 ]])], 2460 [ 2461 AC_MSG_RESULT([yes]) 2462 ], 2463 [ 2464 AC_MSG_RESULT([no]) 2465 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2466 ], 2467 [ 2468 AC_MSG_RESULT([cross-compiling, assuming yes]) 2469 ] 2470 ) 2471fi 2472 2473if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2474 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2475 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2476 AC_RUN_IFELSE( 2477 [AC_LANG_PROGRAM([[ 2478#include <stdio.h> 2479#include <stdlib.h> 2480#include <sys/socket.h> 2481#include <netdb.h> 2482#include <errno.h> 2483#include <netinet/in.h> 2484 2485#define TEST_PORT "2222" 2486 ]], [[ 2487 int err, sock; 2488 struct addrinfo *gai_ai, *ai, hints; 2489 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2490 2491 memset(&hints, 0, sizeof(hints)); 2492 hints.ai_family = PF_UNSPEC; 2493 hints.ai_socktype = SOCK_STREAM; 2494 hints.ai_flags = AI_PASSIVE; 2495 2496 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2497 if (err != 0) { 2498 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2499 exit(1); 2500 } 2501 2502 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2503 if (ai->ai_family != AF_INET6) 2504 continue; 2505 2506 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2507 sizeof(ntop), strport, sizeof(strport), 2508 NI_NUMERICHOST|NI_NUMERICSERV); 2509 2510 if (err != 0) { 2511 if (err == EAI_SYSTEM) 2512 perror("getnameinfo EAI_SYSTEM"); 2513 else 2514 fprintf(stderr, "getnameinfo failed: %s\n", 2515 gai_strerror(err)); 2516 exit(2); 2517 } 2518 2519 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2520 if (sock < 0) 2521 perror("socket"); 2522 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2523 if (errno == EBADF) 2524 exit(3); 2525 } 2526 } 2527 exit(0); 2528 ]])], 2529 [ 2530 AC_MSG_RESULT([yes]) 2531 ], 2532 [ 2533 AC_MSG_RESULT([no]) 2534 AC_DEFINE([BROKEN_GETADDRINFO]) 2535 ], 2536 [ 2537 AC_MSG_RESULT([cross-compiling, assuming yes]) 2538 ] 2539 ) 2540fi 2541 2542if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2543 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2544 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2545 AC_RUN_IFELSE( 2546 [AC_LANG_PROGRAM([[ 2547#include <stdio.h> 2548#include <stdlib.h> 2549#include <sys/socket.h> 2550#include <netdb.h> 2551#include <errno.h> 2552#include <netinet/in.h> 2553 2554#define TEST_PORT "2222" 2555 ]], [[ 2556 int err, sock; 2557 struct addrinfo *gai_ai, *ai, hints; 2558 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2559 2560 memset(&hints, 0, sizeof(hints)); 2561 hints.ai_family = PF_UNSPEC; 2562 hints.ai_socktype = SOCK_STREAM; 2563 hints.ai_flags = AI_PASSIVE; 2564 2565 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2566 if (err != 0) { 2567 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2568 exit(1); 2569 } 2570 2571 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2572 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2573 continue; 2574 2575 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2576 sizeof(ntop), strport, sizeof(strport), 2577 NI_NUMERICHOST|NI_NUMERICSERV); 2578 2579 if (ai->ai_family == AF_INET && err != 0) { 2580 perror("getnameinfo"); 2581 exit(2); 2582 } 2583 } 2584 exit(0); 2585 ]])], 2586 [ 2587 AC_MSG_RESULT([yes]) 2588 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2589 [Define if you have a getaddrinfo that fails 2590 for the all-zeros IPv6 address]) 2591 ], 2592 [ 2593 AC_MSG_RESULT([no]) 2594 AC_DEFINE([BROKEN_GETADDRINFO]) 2595 ], 2596 [ 2597 AC_MSG_RESULT([cross-compiling, assuming no]) 2598 ] 2599 ) 2600fi 2601 2602if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2603 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2604 [#include <sys/types.h> 2605 #include <sys/socket.h> 2606 #include <netdb.h>]) 2607fi 2608 2609if test "x$check_for_conflicting_getspnam" = "x1"; then 2610 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2611 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2612#include <shadow.h> 2613#include <stdlib.h> 2614 ]], 2615 [[ exit(0); ]])], 2616 [ 2617 AC_MSG_RESULT([no]) 2618 ], 2619 [ 2620 AC_MSG_RESULT([yes]) 2621 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2622 [Conflicting defs for getspnam]) 2623 ] 2624 ) 2625fi 2626 2627dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2628dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2629dnl for over ten years). Despite this incompatibility being reported during 2630dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2631dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2632dnl implementation. Try to detect this mess, and assume the only safe option 2633dnl if we're cross compiling. 2634dnl 2635dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2636dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2637if test "x$ac_cv_func_strnvis" = "xyes"; then 2638 AC_MSG_CHECKING([for working strnvis]) 2639 AC_RUN_IFELSE( 2640 [AC_LANG_PROGRAM([[ 2641#include <signal.h> 2642#include <stdlib.h> 2643#include <string.h> 2644#include <unistd.h> 2645#include <vis.h> 2646static void sighandler(int sig) { _exit(1); } 2647 ]], [[ 2648 char dst[16]; 2649 2650 signal(SIGSEGV, sighandler); 2651 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2652 exit(0); 2653 exit(1) 2654 ]])], 2655 [AC_MSG_RESULT([yes])], 2656 [AC_MSG_RESULT([no]) 2657 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2658 [AC_MSG_WARN([cross compiling: assuming broken]) 2659 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2660 ) 2661fi 2662 2663AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2664AC_RUN_IFELSE( 2665 [AC_LANG_PROGRAM([[ 2666#ifdef HAVE_SYS_SELECT 2667# include <sys/select.h> 2668#endif 2669#include <sys/types.h> 2670#include <sys/time.h> 2671#include <stdlib.h> 2672#include <signal.h> 2673#include <unistd.h> 2674static void sighandler(int sig) { } 2675 ]], [[ 2676 int r; 2677 pid_t pid; 2678 struct sigaction sa; 2679 2680 sa.sa_handler = sighandler; 2681 sa.sa_flags = SA_RESTART; 2682 (void)sigaction(SIGTERM, &sa, NULL); 2683 if ((pid = fork()) == 0) { /* child */ 2684 pid = getppid(); 2685 sleep(1); 2686 kill(pid, SIGTERM); 2687 sleep(1); 2688 if (getppid() == pid) /* if parent did not exit, shoot it */ 2689 kill(pid, SIGKILL); 2690 exit(0); 2691 } else { /* parent */ 2692 r = select(0, NULL, NULL, NULL, NULL); 2693 } 2694 exit(r == -1 ? 0 : 1); 2695 ]])], 2696 [AC_MSG_RESULT([yes])], 2697 [AC_MSG_RESULT([no]) 2698 AC_DEFINE([NO_SA_RESTART], [1], 2699 [SA_RESTARTed signals do no interrupt select])], 2700 [AC_MSG_WARN([cross compiling: assuming yes])] 2701) 2702 2703AC_CHECK_FUNCS([getpgrp],[ 2704 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2705 AC_COMPILE_IFELSE( 2706 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2707 [ AC_MSG_RESULT([yes]) 2708 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2709 [ AC_MSG_RESULT([no]) 2710 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2711 ) 2712]) 2713 2714# Search for OpenSSL 2715saved_CPPFLAGS="$CPPFLAGS" 2716saved_LDFLAGS="$LDFLAGS" 2717AC_ARG_WITH([ssl-dir], 2718 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2719 [ 2720 if test "x$openssl" = "xno" ; then 2721 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2722 fi 2723 if test "x$withval" != "xno" ; then 2724 case "$withval" in 2725 # Relative paths 2726 ./*|../*) withval="`pwd`/$withval" 2727 esac 2728 if test -d "$withval/lib"; then 2729 libcrypto_path="${withval}/lib" 2730 elif test -d "$withval/lib64"; then 2731 libcrypto_path="$withval/lib64" 2732 else 2733 # Built but not installed 2734 libcrypto_path="${withval}" 2735 fi 2736 if test -n "${rpath_opt}"; then 2737 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2738 else 2739 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2740 fi 2741 if test -d "$withval/include"; then 2742 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2743 else 2744 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2745 fi 2746 fi 2747 ] 2748) 2749 2750AC_ARG_WITH([openssl-header-check], 2751 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2752 [ 2753 if test "x$withval" = "xno" ; then 2754 openssl_check_nonfatal=1 2755 fi 2756 ] 2757) 2758 2759openssl_engine=no 2760AC_ARG_WITH([ssl-engine], 2761 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2762 [ 2763 if test "x$withval" != "xno" ; then 2764 if test "x$openssl" = "xno" ; then 2765 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2766 fi 2767 openssl_engine=yes 2768 fi 2769 ] 2770) 2771 2772nocrypto_saved_LIBS="$LIBS" 2773if test "x$openssl" = "xyes" ; then 2774 LIBS="-lcrypto $LIBS" 2775 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2776 AC_TRY_LINK_FUNC([RAND_add], , 2777 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2778 AC_CHECK_HEADER([openssl/opensslv.h], , 2779 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2780 2781 # Determine OpenSSL header version 2782 AC_MSG_CHECKING([OpenSSL header version]) 2783 AC_RUN_IFELSE( 2784 [AC_LANG_PROGRAM([[ 2785 #include <stdlib.h> 2786 #include <stdio.h> 2787 #include <string.h> 2788 #include <openssl/opensslv.h> 2789 #define DATA "conftest.sslincver" 2790 ]], [[ 2791 FILE *fd; 2792 int rc; 2793 2794 fd = fopen(DATA,"w"); 2795 if(fd == NULL) 2796 exit(1); 2797 2798 if ((rc = fprintf(fd, "%08lx (%s)\n", 2799 (unsigned long)OPENSSL_VERSION_NUMBER, 2800 OPENSSL_VERSION_TEXT)) < 0) 2801 exit(1); 2802 2803 exit(0); 2804 ]])], 2805 [ 2806 ssl_header_ver=`cat conftest.sslincver` 2807 AC_MSG_RESULT([$ssl_header_ver]) 2808 ], 2809 [ 2810 AC_MSG_RESULT([not found]) 2811 AC_MSG_ERROR([OpenSSL version header not found.]) 2812 ], 2813 [ 2814 AC_MSG_WARN([cross compiling: not checking]) 2815 ] 2816 ) 2817 2818 # Determining OpenSSL library version is version dependent. 2819 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2820 2821 # Determine OpenSSL library version 2822 AC_MSG_CHECKING([OpenSSL library version]) 2823 AC_RUN_IFELSE( 2824 [AC_LANG_PROGRAM([[ 2825 #include <stdio.h> 2826 #include <stdlib.h> 2827 #include <string.h> 2828 #include <openssl/opensslv.h> 2829 #include <openssl/crypto.h> 2830 #define DATA "conftest.ssllibver" 2831 ]], [[ 2832 FILE *fd; 2833 int rc; 2834 2835 fd = fopen(DATA,"w"); 2836 if(fd == NULL) 2837 exit(1); 2838#ifndef OPENSSL_VERSION 2839# define OPENSSL_VERSION SSLEAY_VERSION 2840#endif 2841#ifndef HAVE_OPENSSL_VERSION 2842# define OpenSSL_version SSLeay_version 2843#endif 2844#ifndef HAVE_OPENSSL_VERSION_NUM 2845# define OpenSSL_version_num SSLeay 2846#endif 2847 if ((rc = fprintf(fd, "%08lx (%s)\n", 2848 (unsigned long)OpenSSL_version_num(), 2849 OpenSSL_version(OPENSSL_VERSION))) < 0) 2850 exit(1); 2851 2852 exit(0); 2853 ]])], 2854 [ 2855 ssl_library_ver=`cat conftest.ssllibver` 2856 # Check version is supported. 2857 case "$ssl_library_ver" in 2858 10000*|0*) 2859 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2860 ;; 2861 100*) ;; # 1.0.x 2862 101000[[0123456]]*) 2863 # https://github.com/openssl/openssl/pull/4613 2864 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2865 ;; 2866 101*) ;; # 1.1.x 2867 200*) ;; # LibreSSL 2868 300*) 2869 # OpenSSL 3; we use the 1.1x API 2870 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2871 ;; 2872 301*) 2873 # OpenSSL development branch; request 1.1x API 2874 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2875 ;; 2876 *) 2877 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2878 ;; 2879 esac 2880 AC_MSG_RESULT([$ssl_library_ver]) 2881 ], 2882 [ 2883 AC_MSG_RESULT([not found]) 2884 AC_MSG_ERROR([OpenSSL library not found.]) 2885 ], 2886 [ 2887 AC_MSG_WARN([cross compiling: not checking]) 2888 ] 2889 ) 2890 2891 case "$host" in 2892 x86_64-*) 2893 case "$ssl_library_ver" in 2894 3000004*) 2895 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2896 ;; 2897 esac 2898 esac 2899 2900 # Sanity check OpenSSL headers 2901 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2902 AC_RUN_IFELSE( 2903 [AC_LANG_PROGRAM([[ 2904 #include <stdlib.h> 2905 #include <string.h> 2906 #include <openssl/opensslv.h> 2907 #include <openssl/crypto.h> 2908 ]], [[ 2909#ifndef HAVE_OPENSSL_VERSION_NUM 2910# define OpenSSL_version_num SSLeay 2911#endif 2912 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2913 ]])], 2914 [ 2915 AC_MSG_RESULT([yes]) 2916 ], 2917 [ 2918 AC_MSG_RESULT([no]) 2919 if test "x$openssl_check_nonfatal" = "x"; then 2920 AC_MSG_ERROR([Your OpenSSL headers do not match your 2921 library. Check config.log for details. 2922 If you are sure your installation is consistent, you can disable the check 2923 by running "./configure --without-openssl-header-check". 2924 Also see contrib/findssl.sh for help identifying header/library mismatches. 2925 ]) 2926 else 2927 AC_MSG_WARN([Your OpenSSL headers do not match your 2928 library. Check config.log for details. 2929 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2930 fi 2931 ], 2932 [ 2933 AC_MSG_WARN([cross compiling: not checking]) 2934 ] 2935 ) 2936 2937 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2938 AC_LINK_IFELSE( 2939 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2940 [[ ERR_load_crypto_strings(); ]])], 2941 [ 2942 AC_MSG_RESULT([yes]) 2943 ], 2944 [ 2945 AC_MSG_RESULT([no]) 2946 LIBS="$LIBS -ldl" 2947 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2948 AC_LINK_IFELSE( 2949 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2950 [[ ERR_load_crypto_strings(); ]])], 2951 [ 2952 AC_MSG_RESULT([yes]) 2953 CHANNELLIBS="$CHANNELLIBS -ldl" 2954 ], 2955 [ 2956 AC_MSG_RESULT([no]) 2957 ] 2958 ) 2959 ] 2960 ) 2961 2962 AC_CHECK_FUNCS([ \ 2963 BN_is_prime_ex \ 2964 DES_crypt \ 2965 DSA_generate_parameters_ex \ 2966 EVP_DigestFinal_ex \ 2967 EVP_DigestInit_ex \ 2968 EVP_MD_CTX_cleanup \ 2969 EVP_MD_CTX_copy_ex \ 2970 EVP_MD_CTX_init \ 2971 HMAC_CTX_init \ 2972 RSA_generate_key_ex \ 2973 RSA_get_default_method \ 2974 ]) 2975 2976 # OpenSSL_add_all_algorithms may be a macro. 2977 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2978 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2979 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2980 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2981 [[#include <openssl/evp.h>]] 2982 ) 2983 ) 2984 2985 # LibreSSL/OpenSSL 1.1x API 2986 AC_CHECK_FUNCS([ \ 2987 OPENSSL_init_crypto \ 2988 DH_get0_key \ 2989 DH_get0_pqg \ 2990 DH_set0_key \ 2991 DH_set_length \ 2992 DH_set0_pqg \ 2993 DSA_get0_key \ 2994 DSA_get0_pqg \ 2995 DSA_set0_key \ 2996 DSA_set0_pqg \ 2997 DSA_SIG_get0 \ 2998 DSA_SIG_set0 \ 2999 ECDSA_SIG_get0 \ 3000 ECDSA_SIG_set0 \ 3001 EVP_CIPHER_CTX_iv \ 3002 EVP_CIPHER_CTX_iv_noconst \ 3003 EVP_CIPHER_CTX_get_iv \ 3004 EVP_CIPHER_CTX_get_updated_iv \ 3005 EVP_CIPHER_CTX_set_iv \ 3006 RSA_get0_crt_params \ 3007 RSA_get0_factors \ 3008 RSA_get0_key \ 3009 RSA_set0_crt_params \ 3010 RSA_set0_factors \ 3011 RSA_set0_key \ 3012 RSA_meth_free \ 3013 RSA_meth_dup \ 3014 RSA_meth_set1_name \ 3015 RSA_meth_get_finish \ 3016 RSA_meth_set_priv_enc \ 3017 RSA_meth_set_priv_dec \ 3018 RSA_meth_set_finish \ 3019 EVP_PKEY_get0_RSA \ 3020 EVP_MD_CTX_new \ 3021 EVP_MD_CTX_free \ 3022 EVP_chacha20 \ 3023 ]) 3024 3025 if test "x$openssl_engine" = "xyes" ; then 3026 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3027 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3028 #include <openssl/engine.h> 3029 ]], [[ 3030 ENGINE_load_builtin_engines(); 3031 ENGINE_register_all_complete(); 3032 ]])], 3033 [ AC_MSG_RESULT([yes]) 3034 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3035 [Enable OpenSSL engine support]) 3036 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3037 ]) 3038 fi 3039 3040 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3041 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 3042 AC_LINK_IFELSE( 3043 [AC_LANG_PROGRAM([[ 3044 #include <stdlib.h> 3045 #include <string.h> 3046 #include <openssl/evp.h> 3047 ]], [[ 3048 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3049 ]])], 3050 [ 3051 AC_MSG_RESULT([no]) 3052 ], 3053 [ 3054 AC_MSG_RESULT([yes]) 3055 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3056 [libcrypto is missing AES 192 and 256 bit functions]) 3057 ] 3058 ) 3059 3060 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3061 AC_LINK_IFELSE( 3062 [AC_LANG_PROGRAM([[ 3063 #include <stdlib.h> 3064 #include <string.h> 3065 #include <openssl/evp.h> 3066 ]], [[ 3067 if(EVP_DigestUpdate(NULL, NULL,0)) 3068 exit(0); 3069 ]])], 3070 [ 3071 AC_MSG_RESULT([yes]) 3072 ], 3073 [ 3074 AC_MSG_RESULT([no]) 3075 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3076 [Define if EVP_DigestUpdate returns void]) 3077 ] 3078 ) 3079 3080 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3081 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3082 3083 # Check complete ECC support in OpenSSL 3084 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3085 AC_LINK_IFELSE( 3086 [AC_LANG_PROGRAM([[ 3087 #include <openssl/ec.h> 3088 #include <openssl/ecdh.h> 3089 #include <openssl/ecdsa.h> 3090 #include <openssl/evp.h> 3091 #include <openssl/objects.h> 3092 #include <openssl/opensslv.h> 3093 ]], [[ 3094 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3095 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3096 ]])], 3097 [ AC_MSG_RESULT([yes]) 3098 enable_nistp256=1 ], 3099 [ AC_MSG_RESULT([no]) ] 3100 ) 3101 3102 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3103 AC_LINK_IFELSE( 3104 [AC_LANG_PROGRAM([[ 3105 #include <openssl/ec.h> 3106 #include <openssl/ecdh.h> 3107 #include <openssl/ecdsa.h> 3108 #include <openssl/evp.h> 3109 #include <openssl/objects.h> 3110 #include <openssl/opensslv.h> 3111 ]], [[ 3112 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3113 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3114 ]])], 3115 [ AC_MSG_RESULT([yes]) 3116 enable_nistp384=1 ], 3117 [ AC_MSG_RESULT([no]) ] 3118 ) 3119 3120 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3121 AC_LINK_IFELSE( 3122 [AC_LANG_PROGRAM([[ 3123 #include <openssl/ec.h> 3124 #include <openssl/ecdh.h> 3125 #include <openssl/ecdsa.h> 3126 #include <openssl/evp.h> 3127 #include <openssl/objects.h> 3128 #include <openssl/opensslv.h> 3129 ]], [[ 3130 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3131 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3132 ]])], 3133 [ AC_MSG_RESULT([yes]) 3134 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3135 AC_RUN_IFELSE( 3136 [AC_LANG_PROGRAM([[ 3137 #include <stdlib.h> 3138 #include <openssl/ec.h> 3139 #include <openssl/ecdh.h> 3140 #include <openssl/ecdsa.h> 3141 #include <openssl/evp.h> 3142 #include <openssl/objects.h> 3143 #include <openssl/opensslv.h> 3144 ]],[[ 3145 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3146 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3147 exit(e == NULL || m == NULL); 3148 ]])], 3149 [ AC_MSG_RESULT([yes]) 3150 enable_nistp521=1 ], 3151 [ AC_MSG_RESULT([no]) ], 3152 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3153 enable_nistp521=1 ] 3154 )], 3155 AC_MSG_RESULT([no]) 3156 ) 3157 3158 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3159 test x$enable_nistp521 = x1; then 3160 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3161 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3162 openssl_ecc=yes 3163 else 3164 openssl_ecc=no 3165 fi 3166 if test x$enable_nistp256 = x1; then 3167 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3168 [libcrypto has NID_X9_62_prime256v1]) 3169 else 3170 unsupported_algorithms="$unsupported_algorithms \ 3171 ecdsa-sha2-nistp256 \ 3172 ecdh-sha2-nistp256 \ 3173 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3174 fi 3175 if test x$enable_nistp384 = x1; then 3176 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3177 else 3178 unsupported_algorithms="$unsupported_algorithms \ 3179 ecdsa-sha2-nistp384 \ 3180 ecdh-sha2-nistp384 \ 3181 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3182 fi 3183 if test x$enable_nistp521 = x1; then 3184 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3185 else 3186 unsupported_algorithms="$unsupported_algorithms \ 3187 ecdh-sha2-nistp521 \ 3188 ecdsa-sha2-nistp521 \ 3189 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3190 fi 3191fi 3192 3193# PKCS11/U2F depend on OpenSSL and dlopen(). 3194enable_pkcs11=yes 3195enable_sk=yes 3196if test "x$openssl" != "xyes" ; then 3197 enable_pkcs11="disabled; missing libcrypto" 3198fi 3199if test "x$ac_cv_func_dlopen" != "xyes" ; then 3200 enable_pkcs11="disabled; missing dlopen(3)" 3201 enable_sk="disabled; missing dlopen(3)" 3202fi 3203if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3204 enable_pkcs11="disabled; missing RTLD_NOW" 3205 enable_sk="disabled; missing RTLD_NOW" 3206fi 3207if test ! -z "$disable_pkcs11" ; then 3208 enable_pkcs11="disabled by user" 3209fi 3210if test ! -z "$disable_sk" ; then 3211 enable_sk="disabled by user" 3212fi 3213 3214AC_MSG_CHECKING([whether to enable PKCS11]) 3215if test "x$enable_pkcs11" = "xyes" ; then 3216 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3217fi 3218AC_MSG_RESULT([$enable_pkcs11]) 3219 3220AC_MSG_CHECKING([whether to enable U2F]) 3221if test "x$enable_sk" = "xyes" ; then 3222 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3223 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3224else 3225 # Do not try to build sk-dummy library. 3226 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3227fi 3228AC_MSG_RESULT([$enable_sk]) 3229 3230# Now check for built-in security key support. 3231if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3232 use_pkgconfig_for_libfido2= 3233 if test "x$PKGCONFIG" != "xno"; then 3234 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3235 if "$PKGCONFIG" libfido2; then 3236 AC_MSG_RESULT([yes]) 3237 use_pkgconfig_for_libfido2=yes 3238 else 3239 AC_MSG_RESULT([no]) 3240 fi 3241 fi 3242 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3243 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3244 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3245 else 3246 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3247 fi 3248 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3249 fido2_error= 3250 AC_CHECK_LIB([privatefido2], [fido_init], 3251 [ ], 3252 [ fido2_error="missing/unusable libfido2" ], 3253 [ $OTHERLIBS ] 3254 ) 3255 AC_CHECK_HEADER([fido.h], [], 3256 [ fido2_error="missing fido.h from libfido2" ]) 3257 AC_CHECK_HEADER([fido/credman.h], [], 3258 [ fido2_error="missing fido/credman.h from libfido2" ], 3259 [ #include <fido.h> ] 3260 ) 3261 AC_MSG_CHECKING([for usable libfido2 installation]) 3262 if test ! -z "$fido2_error" ; then 3263 AC_MSG_RESULT([$fido2_error]) 3264 if test "x$enable_sk_internal" = "xyes" ; then 3265 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3266 fi 3267 LIBFIDO2="" 3268 else 3269 AC_MSG_RESULT([yes]) 3270 AC_SUBST([LIBFIDO2]) 3271 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3272 [Enable for built-in U2F/FIDO support]) 3273 enable_sk="built-in" 3274 saved_LIBS="$LIBS" 3275 LIBS="$LIBS $LIBFIDO2" 3276 AC_CHECK_FUNCS([ \ 3277 fido_assert_set_clientdata \ 3278 fido_cred_prot \ 3279 fido_cred_set_prot \ 3280 fido_cred_set_clientdata \ 3281 fido_dev_get_touch_begin \ 3282 fido_dev_get_touch_status \ 3283 fido_dev_supports_cred_prot \ 3284 fido_dev_is_winhello \ 3285 ]) 3286 LIBS="$saved_LIBS" 3287 fi 3288fi 3289 3290AC_CHECK_FUNCS([ \ 3291 arc4random \ 3292 arc4random_buf \ 3293 arc4random_stir \ 3294 arc4random_uniform \ 3295]) 3296### Configure cryptographic random number support 3297 3298# Check whether OpenSSL seeds itself 3299if test "x$openssl" = "xyes" ; then 3300 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3301 AC_RUN_IFELSE( 3302 [AC_LANG_PROGRAM([[ 3303 #include <stdlib.h> 3304 #include <string.h> 3305 #include <openssl/rand.h> 3306 ]], [[ 3307 exit(RAND_status() == 1 ? 0 : 1); 3308 ]])], 3309 [ 3310 OPENSSL_SEEDS_ITSELF=yes 3311 AC_MSG_RESULT([yes]) 3312 ], 3313 [ 3314 AC_MSG_RESULT([no]) 3315 ], 3316 [ 3317 AC_MSG_WARN([cross compiling: assuming yes]) 3318 # This is safe, since we will fatal() at runtime if 3319 # OpenSSL is not seeded correctly. 3320 OPENSSL_SEEDS_ITSELF=yes 3321 ] 3322 ) 3323fi 3324 3325# PRNGD TCP socket 3326AC_ARG_WITH([prngd-port], 3327 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3328 [ 3329 case "$withval" in 3330 no) 3331 withval="" 3332 ;; 3333 [[0-9]]*) 3334 ;; 3335 *) 3336 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3337 ;; 3338 esac 3339 if test ! -z "$withval" ; then 3340 PRNGD_PORT="$withval" 3341 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3342 [Port number of PRNGD/EGD random number socket]) 3343 fi 3344 ] 3345) 3346 3347# PRNGD Unix domain socket 3348AC_ARG_WITH([prngd-socket], 3349 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3350 [ 3351 case "$withval" in 3352 yes) 3353 withval="/var/run/egd-pool" 3354 ;; 3355 no) 3356 withval="" 3357 ;; 3358 /*) 3359 ;; 3360 *) 3361 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3362 ;; 3363 esac 3364 3365 if test ! -z "$withval" ; then 3366 if test ! -z "$PRNGD_PORT" ; then 3367 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3368 fi 3369 if test ! -r "$withval" ; then 3370 AC_MSG_WARN([Entropy socket is not readable]) 3371 fi 3372 PRNGD_SOCKET="$withval" 3373 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3374 [Location of PRNGD/EGD random number socket]) 3375 fi 3376 ], 3377 [ 3378 # Check for existing socket only if we don't have a random device already 3379 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3380 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3381 # Insert other locations here 3382 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3383 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3384 PRNGD_SOCKET="$sock" 3385 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3386 break; 3387 fi 3388 done 3389 if test ! -z "$PRNGD_SOCKET" ; then 3390 AC_MSG_RESULT([$PRNGD_SOCKET]) 3391 else 3392 AC_MSG_RESULT([not found]) 3393 fi 3394 fi 3395 ] 3396) 3397 3398# Which randomness source do we use? 3399if test ! -z "$PRNGD_PORT" ; then 3400 RAND_MSG="PRNGd port $PRNGD_PORT" 3401elif test ! -z "$PRNGD_SOCKET" ; then 3402 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3403elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3404 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3405 [Define if you want the OpenSSL internally seeded PRNG only]) 3406 RAND_MSG="OpenSSL internal ONLY" 3407elif test "x$openssl" = "xno" ; then 3408 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3409else 3410 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3411fi 3412LIBS="$nocrypto_saved_LIBS" 3413 3414saved_LIBS="$LIBS" 3415AC_CHECK_LIB([iaf], [ia_openinfo], [ 3416 LIBS="$LIBS -liaf" 3417 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3418 AC_DEFINE([HAVE_LIBIAF], [1], 3419 [Define if system has libiaf that supports set_id]) 3420 ]) 3421]) 3422LIBS="$saved_LIBS" 3423 3424# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3425saved_LIBS="$LIBS" 3426AC_CHECK_LIB([crypt], [crypt], [ 3427 LIBS="-lcrypt $LIBS" 3428 SSHDLIBS="-lcrypt $SSHDLIBS" 3429]) 3430AC_CHECK_FUNCS([crypt]) 3431LIBS="$saved_LIBS" 3432 3433# Check for PAM libs 3434PAM_MSG="no" 3435AC_ARG_WITH([pam], 3436 [ --with-pam Enable PAM support ], 3437 [ 3438 if test "x$withval" != "xno" ; then 3439 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3440 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3441 AC_MSG_ERROR([PAM headers not found]) 3442 fi 3443 3444 saved_LIBS="$LIBS" 3445 AC_CHECK_LIB([dl], [dlopen], , ) 3446 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3447 AC_CHECK_FUNCS([pam_getenvlist]) 3448 AC_CHECK_FUNCS([pam_putenv]) 3449 LIBS="$saved_LIBS" 3450 3451 PAM_MSG="yes" 3452 3453 SSHDLIBS="$SSHDLIBS -lpam" 3454 AC_DEFINE([USE_PAM], [1], 3455 [Define if you want to enable PAM support]) 3456 3457 if test $ac_cv_lib_dl_dlopen = yes; then 3458 case "$LIBS" in 3459 *-ldl*) 3460 # libdl already in LIBS 3461 ;; 3462 *) 3463 SSHDLIBS="$SSHDLIBS -ldl" 3464 ;; 3465 esac 3466 fi 3467 fi 3468 ] 3469) 3470 3471AC_ARG_WITH([pam-service], 3472 [ --with-pam-service=name Specify PAM service name ], 3473 [ 3474 if test "x$withval" != "xno" && \ 3475 test "x$withval" != "xyes" ; then 3476 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3477 ["$withval"], [sshd PAM service name]) 3478 fi 3479 ] 3480) 3481 3482# Check for older PAM 3483if test "x$PAM_MSG" = "xyes" ; then 3484 # Check PAM strerror arguments (old PAM) 3485 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3486 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3487#include <stdlib.h> 3488#if defined(HAVE_SECURITY_PAM_APPL_H) 3489#include <security/pam_appl.h> 3490#elif defined (HAVE_PAM_PAM_APPL_H) 3491#include <pam/pam_appl.h> 3492#endif 3493 ]], [[ 3494(void)pam_strerror((pam_handle_t *)NULL, -1); 3495 ]])], [AC_MSG_RESULT([no])], [ 3496 AC_DEFINE([HAVE_OLD_PAM], [1], 3497 [Define if you have an old version of PAM 3498 which takes only one argument to pam_strerror]) 3499 AC_MSG_RESULT([yes]) 3500 PAM_MSG="yes (old library)" 3501 3502 ]) 3503fi 3504 3505case "$host" in 3506*-*-cygwin*) 3507 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3508 ;; 3509*) 3510 SSH_PRIVSEP_USER=sshd 3511 ;; 3512esac 3513AC_ARG_WITH([privsep-user], 3514 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3515 [ 3516 if test -n "$withval" && test "x$withval" != "xno" && \ 3517 test "x${withval}" != "xyes"; then 3518 SSH_PRIVSEP_USER=$withval 3519 fi 3520 ] 3521) 3522if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3523 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3524 [Cygwin function to fetch non-privileged user for privilege separation]) 3525else 3526 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3527 [non-privileged user for privilege separation]) 3528fi 3529AC_SUBST([SSH_PRIVSEP_USER]) 3530 3531if test "x$have_linux_no_new_privs" = "x1" ; then 3532AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3533 #include <sys/types.h> 3534 #include <linux/seccomp.h> 3535]) 3536fi 3537if test "x$have_seccomp_filter" = "x1" ; then 3538AC_MSG_CHECKING([kernel for seccomp_filter support]) 3539AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3540 #include <errno.h> 3541 #include <elf.h> 3542 #include <linux/audit.h> 3543 #include <linux/seccomp.h> 3544 #include <stdlib.h> 3545 #include <sys/prctl.h> 3546 ]], 3547 [[ int i = $seccomp_audit_arch; 3548 errno = 0; 3549 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3550 exit(errno == EFAULT ? 0 : 1); ]])], 3551 [ AC_MSG_RESULT([yes]) ], [ 3552 AC_MSG_RESULT([no]) 3553 # Disable seccomp filter as a target 3554 have_seccomp_filter=0 3555 ] 3556) 3557fi 3558 3559AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3560#include <sys/types.h> 3561#ifdef HAVE_POLL_H 3562#include <poll.h> 3563#endif 3564#ifdef HAVE_SYS_POLL_H 3565#include <sys/poll.h> 3566#endif 3567]]) 3568 3569AC_CHECK_TYPES([nfds_t], , , [ 3570#include <sys/types.h> 3571#ifdef HAVE_POLL_H 3572#include <poll.h> 3573#endif 3574#ifdef HAVE_SYS_POLL_H 3575#include <sys/poll.h> 3576#endif 3577]) 3578 3579# Decide which sandbox style to use 3580sandbox_arg="" 3581AC_ARG_WITH([sandbox], 3582 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3583 [ 3584 if test "x$withval" = "xyes" ; then 3585 sandbox_arg="" 3586 else 3587 sandbox_arg="$withval" 3588 fi 3589 ] 3590) 3591 3592if test "x$sandbox_arg" != "xno"; then 3593# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3594# is greater than OPEN_MAX". On some platforms that includes implementions 3595# of select in userspace on top of poll() so check both work with rlimit 3596# NOFILES so check that both work before enabling the rlimit sandbox. 3597 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3598 AC_RUN_IFELSE( 3599 [AC_LANG_PROGRAM([[ 3600#include <sys/types.h> 3601#ifdef HAVE_SYS_TIME_H 3602# include <sys/time.h> 3603#endif 3604#include <sys/resource.h> 3605#ifdef HAVE_SYS_SELECT_H 3606# include <sys/select.h> 3607#endif 3608#ifdef HAVE_POLL_H 3609# include <poll.h> 3610#elif HAVE_SYS_POLL_H 3611# include <sys/poll.h> 3612#endif 3613#include <errno.h> 3614#include <fcntl.h> 3615#include <stdlib.h> 3616 ]],[[ 3617 struct rlimit rl_zero; 3618 int fd, r; 3619 fd_set fds; 3620 struct timeval tv; 3621#ifdef HAVE_POLL 3622 struct pollfd pfd; 3623#endif 3624 3625 fd = open("/dev/null", O_RDONLY); 3626 FD_ZERO(&fds); 3627 FD_SET(fd, &fds); 3628 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3629 setrlimit(RLIMIT_FSIZE, &rl_zero); 3630 setrlimit(RLIMIT_NOFILE, &rl_zero); 3631 tv.tv_sec = 1; 3632 tv.tv_usec = 0; 3633 r = select(fd+1, &fds, NULL, NULL, &tv); 3634 if (r == -1) 3635 exit(1); 3636#ifdef HAVE_POLL 3637 pfd.fd = fd; 3638 pfd.events = POLLIN; 3639 r = poll(&pfd, 1, 1); 3640 if (r == -1) 3641 exit(2); 3642#endif 3643 exit(0); 3644 ]])], 3645 [AC_MSG_RESULT([yes]) 3646 select_works_with_rlimit=yes], 3647 [AC_MSG_RESULT([no]) 3648 select_works_with_rlimit=no], 3649 [AC_MSG_WARN([cross compiling: assuming no]) 3650 select_works_with_rlimit=no] 3651 ) 3652 3653 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3654 AC_RUN_IFELSE( 3655 [AC_LANG_PROGRAM([[ 3656#include <sys/types.h> 3657#ifdef HAVE_SYS_TIME_H 3658# include <sys/time.h> 3659#endif 3660#include <sys/resource.h> 3661#include <errno.h> 3662#include <stdlib.h> 3663 ]],[[ 3664 struct rlimit rl_zero; 3665 int r; 3666 3667 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3668 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3669 exit (r == -1 ? 1 : 0); 3670 ]])], 3671 [AC_MSG_RESULT([yes]) 3672 rlimit_nofile_zero_works=yes], 3673 [AC_MSG_RESULT([no]) 3674 rlimit_nofile_zero_works=no], 3675 [AC_MSG_WARN([cross compiling: assuming yes]) 3676 rlimit_nofile_zero_works=yes] 3677 ) 3678 3679 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3680 AC_RUN_IFELSE( 3681 [AC_LANG_PROGRAM([[ 3682#include <sys/types.h> 3683#include <sys/resource.h> 3684#include <stdlib.h> 3685 ]],[[ 3686 struct rlimit rl_zero; 3687 3688 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3689 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3690 ]])], 3691 [AC_MSG_RESULT([yes])], 3692 [AC_MSG_RESULT([no]) 3693 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3694 [setrlimit RLIMIT_FSIZE works])], 3695 [AC_MSG_WARN([cross compiling: assuming yes])] 3696 ) 3697fi 3698 3699if test "x$sandbox_arg" = "xpledge" || \ 3700 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3701 test "x$ac_cv_func_pledge" != "xyes" && \ 3702 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3703 SANDBOX_STYLE="pledge" 3704 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3705elif test "x$sandbox_arg" = "xsystrace" || \ 3706 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3707 test "x$have_systr_policy_kill" != "x1" && \ 3708 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3709 SANDBOX_STYLE="systrace" 3710 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3711elif test "x$sandbox_arg" = "xdarwin" || \ 3712 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3713 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3714 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3715 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3716 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3717 SANDBOX_STYLE="darwin" 3718 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3719elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3720 ( test -z "$sandbox_arg" && \ 3721 test "x$have_seccomp_filter" = "x1" && \ 3722 test "x$ac_cv_header_elf_h" = "xyes" && \ 3723 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3724 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3725 test "x$seccomp_audit_arch" != "x" && \ 3726 test "x$have_linux_no_new_privs" = "x1" && \ 3727 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3728 test "x$seccomp_audit_arch" = "x" && \ 3729 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3730 test "x$have_linux_no_new_privs" != "x1" && \ 3731 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3732 test "x$have_seccomp_filter" != "x1" && \ 3733 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3734 test "x$ac_cv_func_prctl" != "xyes" && \ 3735 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3736 SANDBOX_STYLE="seccomp_filter" 3737 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3738elif test "x$sandbox_arg" = "xcapsicum" || \ 3739 ( test -z "$sandbox_arg" && \ 3740 test "x$disable_capsicum" != "xyes" && \ 3741 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3742 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3743 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3744 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3745 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3746 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3747 SANDBOX_STYLE="capsicum" 3748 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3749elif test "x$sandbox_arg" = "xrlimit" || \ 3750 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3751 test "x$select_works_with_rlimit" = "xyes" && \ 3752 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3753 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3754 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3755 test "x$select_works_with_rlimit" != "xyes" && \ 3756 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3757 SANDBOX_STYLE="rlimit" 3758 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3759elif test "x$sandbox_arg" = "xsolaris" || \ 3760 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3761 SANDBOX_STYLE="solaris" 3762 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3763elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3764 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3765 SANDBOX_STYLE="none" 3766 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3767else 3768 AC_MSG_ERROR([unsupported --with-sandbox]) 3769fi 3770 3771# Cheap hack to ensure NEWS-OS libraries are arranged right. 3772if test ! -z "$SONY" ; then 3773 LIBS="$LIBS -liberty"; 3774fi 3775 3776# Check for long long datatypes 3777AC_CHECK_TYPES([long long, unsigned long long, long double]) 3778 3779# Check datatype sizes 3780AC_CHECK_SIZEOF([short int]) 3781AC_CHECK_SIZEOF([int]) 3782AC_CHECK_SIZEOF([long int]) 3783AC_CHECK_SIZEOF([long long int]) 3784AC_CHECK_SIZEOF([time_t], [], [[ 3785 #include <sys/types.h> 3786 #ifdef HAVE_SYS_TIME_H 3787 # include <sys/time.h> 3788 #endif 3789 #ifdef HAVE_TIME_H 3790 # include <time.h> 3791 #endif 3792 ]] 3793) 3794 3795# Sanity check long long for some platforms (AIX) 3796if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3797 ac_cv_sizeof_long_long_int=0 3798fi 3799 3800# compute LLONG_MIN and LLONG_MAX if we don't know them. 3801if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3802 AC_MSG_CHECKING([for max value of long long]) 3803 AC_RUN_IFELSE( 3804 [AC_LANG_PROGRAM([[ 3805#include <stdio.h> 3806#include <stdlib.h> 3807/* Why is this so damn hard? */ 3808#ifdef __GNUC__ 3809# undef __GNUC__ 3810#endif 3811#define __USE_ISOC99 3812#include <limits.h> 3813#define DATA "conftest.llminmax" 3814#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3815 3816/* 3817 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3818 * we do this the hard way. 3819 */ 3820static int 3821fprint_ll(FILE *f, long long n) 3822{ 3823 unsigned int i; 3824 int l[sizeof(long long) * 8]; 3825 3826 if (n < 0) 3827 if (fprintf(f, "-") < 0) 3828 return -1; 3829 for (i = 0; n != 0; i++) { 3830 l[i] = my_abs(n % 10); 3831 n /= 10; 3832 } 3833 do { 3834 if (fprintf(f, "%d", l[--i]) < 0) 3835 return -1; 3836 } while (i != 0); 3837 if (fprintf(f, " ") < 0) 3838 return -1; 3839 return 0; 3840} 3841 ]], [[ 3842 FILE *f; 3843 long long i, llmin, llmax = 0; 3844 3845 if((f = fopen(DATA,"w")) == NULL) 3846 exit(1); 3847 3848#if defined(LLONG_MIN) && defined(LLONG_MAX) 3849 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3850 llmin = LLONG_MIN; 3851 llmax = LLONG_MAX; 3852#else 3853 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3854 /* This will work on one's complement and two's complement */ 3855 for (i = 1; i > llmax; i <<= 1, i++) 3856 llmax = i; 3857 llmin = llmax + 1LL; /* wrap */ 3858#endif 3859 3860 /* Sanity check */ 3861 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3862 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3863 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3864 fprintf(f, "unknown unknown\n"); 3865 exit(2); 3866 } 3867 3868 if (fprint_ll(f, llmin) < 0) 3869 exit(3); 3870 if (fprint_ll(f, llmax) < 0) 3871 exit(4); 3872 if (fclose(f) < 0) 3873 exit(5); 3874 exit(0); 3875 ]])], 3876 [ 3877 llong_min=`$AWK '{print $1}' conftest.llminmax` 3878 llong_max=`$AWK '{print $2}' conftest.llminmax` 3879 3880 AC_MSG_RESULT([$llong_max]) 3881 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3882 [max value of long long calculated by configure]) 3883 AC_MSG_CHECKING([for min value of long long]) 3884 AC_MSG_RESULT([$llong_min]) 3885 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3886 [min value of long long calculated by configure]) 3887 ], 3888 [ 3889 AC_MSG_RESULT([not found]) 3890 ], 3891 [ 3892 AC_MSG_WARN([cross compiling: not checking]) 3893 ] 3894 ) 3895fi 3896 3897AC_CHECK_DECLS([UINT32_MAX], , , [[ 3898#ifdef HAVE_SYS_LIMITS_H 3899# include <sys/limits.h> 3900#endif 3901#ifdef HAVE_LIMITS_H 3902# include <limits.h> 3903#endif 3904#ifdef HAVE_STDINT_H 3905# include <stdint.h> 3906#endif 3907]]) 3908 3909# More checks for data types 3910AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3911 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3912 [[ u_int a; a = 1;]])], 3913 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3914 ]) 3915]) 3916if test "x$ac_cv_have_u_int" = "xyes" ; then 3917 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3918 have_u_int=1 3919fi 3920 3921AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3922 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3923 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3924 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3925 ]) 3926]) 3927if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3928 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3929 have_intxx_t=1 3930fi 3931 3932if (test -z "$have_intxx_t" && \ 3933 test "x$ac_cv_header_stdint_h" = "xyes") 3934then 3935 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3936 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3937 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3938 [ 3939 AC_DEFINE([HAVE_INTXX_T]) 3940 AC_MSG_RESULT([yes]) 3941 ], [ AC_MSG_RESULT([no]) 3942 ]) 3943fi 3944 3945AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3947#include <sys/types.h> 3948#ifdef HAVE_STDINT_H 3949# include <stdint.h> 3950#endif 3951#include <sys/socket.h> 3952#ifdef HAVE_SYS_BITYPES_H 3953# include <sys/bitypes.h> 3954#endif 3955 ]], [[ 3956int64_t a; a = 1; 3957 ]])], 3958 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3959 ]) 3960]) 3961if test "x$ac_cv_have_int64_t" = "xyes" ; then 3962 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3963fi 3964 3965AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3966 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3967 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3968 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3969 ]) 3970]) 3971if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3972 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3973 have_u_intxx_t=1 3974fi 3975 3976if test -z "$have_u_intxx_t" ; then 3977 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3978 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3979 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3980 [ 3981 AC_DEFINE([HAVE_U_INTXX_T]) 3982 AC_MSG_RESULT([yes]) 3983 ], [ AC_MSG_RESULT([no]) 3984 ]) 3985fi 3986 3987AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3988 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3989 [[ u_int64_t a; a = 1;]])], 3990 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3991 ]) 3992]) 3993if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3994 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3995 have_u_int64_t=1 3996fi 3997 3998if (test -z "$have_u_int64_t" && \ 3999 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4000then 4001 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4002 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4003 [[ u_int64_t a; a = 1]])], 4004 [ 4005 AC_DEFINE([HAVE_U_INT64_T]) 4006 AC_MSG_RESULT([yes]) 4007 ], [ AC_MSG_RESULT([no]) 4008 ]) 4009fi 4010 4011if test -z "$have_u_intxx_t" ; then 4012 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4013 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4014#include <sys/types.h> 4015 ]], [[ 4016 uint8_t a; 4017 uint16_t b; 4018 uint32_t c; 4019 a = b = c = 1; 4020 ]])], 4021 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4022 ]) 4023 ]) 4024 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4025 AC_DEFINE([HAVE_UINTXX_T], [1], 4026 [define if you have uintxx_t data type]) 4027 fi 4028fi 4029 4030if (test -z "$have_uintxx_t" && \ 4031 test "x$ac_cv_header_stdint_h" = "xyes") 4032then 4033 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4034 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4035 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4036 [ 4037 AC_DEFINE([HAVE_UINTXX_T]) 4038 AC_MSG_RESULT([yes]) 4039 ], [ AC_MSG_RESULT([no]) 4040 ]) 4041fi 4042 4043if (test -z "$have_uintxx_t" && \ 4044 test "x$ac_cv_header_inttypes_h" = "xyes") 4045then 4046 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4047 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4048 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4049 [ 4050 AC_DEFINE([HAVE_UINTXX_T]) 4051 AC_MSG_RESULT([yes]) 4052 ], [ AC_MSG_RESULT([no]) 4053 ]) 4054fi 4055 4056if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4057 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4058then 4059 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4060 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4061#include <sys/bitypes.h> 4062 ]], [[ 4063 int8_t a; int16_t b; int32_t c; 4064 u_int8_t e; u_int16_t f; u_int32_t g; 4065 a = b = c = e = f = g = 1; 4066 ]])], 4067 [ 4068 AC_DEFINE([HAVE_U_INTXX_T]) 4069 AC_DEFINE([HAVE_INTXX_T]) 4070 AC_MSG_RESULT([yes]) 4071 ], [AC_MSG_RESULT([no]) 4072 ]) 4073fi 4074 4075 4076AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4077 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4078 [[ u_char foo; foo = 125; ]])], 4079 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4080 ]) 4081]) 4082if test "x$ac_cv_have_u_char" = "xyes" ; then 4083 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4084fi 4085 4086AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4087#include <sys/types.h> 4088#ifdef HAVE_STDINT_H 4089# include <stdint.h> 4090#endif 4091]) 4092 4093TYPE_SOCKLEN_T 4094 4095AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4096AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4097#include <sys/types.h> 4098#ifdef HAVE_SYS_BITYPES_H 4099#include <sys/bitypes.h> 4100#endif 4101#ifdef HAVE_SYS_STATFS_H 4102#include <sys/statfs.h> 4103#endif 4104#ifdef HAVE_SYS_STATVFS_H 4105#include <sys/statvfs.h> 4106#endif 4107]) 4108 4109AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4110#include <sys/param.h> 4111#include <sys/types.h> 4112#ifdef HAVE_SYS_BITYPES_H 4113#include <sys/bitypes.h> 4114#endif 4115#ifdef HAVE_SYS_STATFS_H 4116#include <sys/statfs.h> 4117#endif 4118#ifdef HAVE_SYS_STATVFS_H 4119#include <sys/statvfs.h> 4120#endif 4121#ifdef HAVE_SYS_VFS_H 4122#include <sys/vfs.h> 4123#endif 4124#ifdef HAVE_SYS_MOUNT_H 4125#include <sys/mount.h> 4126#endif 4127]]) 4128 4129 4130AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4131[#include <sys/types.h> 4132#include <netinet/in.h>]) 4133 4134AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4135 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4136 [[ size_t foo; foo = 1235; ]])], 4137 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4138 ]) 4139]) 4140if test "x$ac_cv_have_size_t" = "xyes" ; then 4141 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4142fi 4143 4144AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4145 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4146 [[ ssize_t foo; foo = 1235; ]])], 4147 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4148 ]) 4149]) 4150if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4151 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4152fi 4153 4154AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4156 [[ clock_t foo; foo = 1235; ]])], 4157 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4158 ]) 4159]) 4160if test "x$ac_cv_have_clock_t" = "xyes" ; then 4161 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4162fi 4163 4164AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4165 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4166#include <sys/types.h> 4167#include <sys/socket.h> 4168 ]], [[ sa_family_t foo; foo = 1235; ]])], 4169 [ ac_cv_have_sa_family_t="yes" ], 4170 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4171#include <sys/types.h> 4172#include <sys/socket.h> 4173#include <netinet/in.h> 4174 ]], [[ sa_family_t foo; foo = 1235; ]])], 4175 [ ac_cv_have_sa_family_t="yes" ], 4176 [ ac_cv_have_sa_family_t="no" ] 4177 ) 4178 ]) 4179]) 4180if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4181 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4182 [define if you have sa_family_t data type]) 4183fi 4184 4185AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4186 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4187 [[ pid_t foo; foo = 1235; ]])], 4188 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4189 ]) 4190]) 4191if test "x$ac_cv_have_pid_t" = "xyes" ; then 4192 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4193fi 4194 4195AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4196 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4197 [[ mode_t foo; foo = 1235; ]])], 4198 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4199 ]) 4200]) 4201if test "x$ac_cv_have_mode_t" = "xyes" ; then 4202 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4203fi 4204 4205 4206AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4207 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4208#include <sys/types.h> 4209#include <sys/socket.h> 4210 ]], [[ struct sockaddr_storage s; ]])], 4211 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4212 [ ac_cv_have_struct_sockaddr_storage="no" 4213 ]) 4214]) 4215if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4216 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4217 [define if you have struct sockaddr_storage data type]) 4218fi 4219 4220AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4221 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4222#include <sys/types.h> 4223#include <netinet/in.h> 4224 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4225 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4226 [ ac_cv_have_struct_sockaddr_in6="no" 4227 ]) 4228]) 4229if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4230 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4231 [define if you have struct sockaddr_in6 data type]) 4232fi 4233 4234AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4235 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4236#include <sys/types.h> 4237#include <netinet/in.h> 4238 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4239 [ ac_cv_have_struct_in6_addr="yes" ], 4240 [ ac_cv_have_struct_in6_addr="no" 4241 ]) 4242]) 4243if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4244 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4245 [define if you have struct in6_addr data type]) 4246 4247dnl Now check for sin6_scope_id 4248 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4249 [ 4250#ifdef HAVE_SYS_TYPES_H 4251#include <sys/types.h> 4252#endif 4253#include <netinet/in.h> 4254 ]) 4255fi 4256 4257AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4258 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4259#include <sys/types.h> 4260#include <sys/socket.h> 4261#include <netdb.h> 4262 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4263 [ ac_cv_have_struct_addrinfo="yes" ], 4264 [ ac_cv_have_struct_addrinfo="no" 4265 ]) 4266]) 4267if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4268 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4269 [define if you have struct addrinfo data type]) 4270fi 4271 4272AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4273 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4274 [[ struct timeval tv; tv.tv_sec = 1;]])], 4275 [ ac_cv_have_struct_timeval="yes" ], 4276 [ ac_cv_have_struct_timeval="no" 4277 ]) 4278]) 4279if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4280 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4281 have_struct_timeval=1 4282fi 4283 4284AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4285 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4286 #ifdef HAVE_SYS_TIME_H 4287 # include <sys/time.h> 4288 #endif 4289 #ifdef HAVE_TIME_H 4290 # include <time.h> 4291 #endif 4292 ]], 4293 [[ struct timespec ts; ts.tv_sec = 1;]])], 4294 [ ac_cv_have_struct_timespec="yes" ], 4295 [ ac_cv_have_struct_timespec="no" 4296 ]) 4297]) 4298if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4299 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4300 have_struct_timespec=1 4301fi 4302 4303# We need int64_t or else certain parts of the compile will fail. 4304if test "x$ac_cv_have_int64_t" = "xno" && \ 4305 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4306 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4307 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4308 echo "an alternative compiler (I.E., GCC) before continuing." 4309 echo "" 4310 exit 1; 4311else 4312dnl test snprintf (broken on SCO w/gcc) 4313 AC_RUN_IFELSE( 4314 [AC_LANG_SOURCE([[ 4315#include <stdio.h> 4316#include <stdlib.h> 4317#include <string.h> 4318#ifdef HAVE_SNPRINTF 4319main() 4320{ 4321 char buf[50]; 4322 char expected_out[50]; 4323 int mazsize = 50 ; 4324#if (SIZEOF_LONG_INT == 8) 4325 long int num = 0x7fffffffffffffff; 4326#else 4327 long long num = 0x7fffffffffffffffll; 4328#endif 4329 strcpy(expected_out, "9223372036854775807"); 4330 snprintf(buf, mazsize, "%lld", num); 4331 if(strcmp(buf, expected_out) != 0) 4332 exit(1); 4333 exit(0); 4334} 4335#else 4336main() { exit(0); } 4337#endif 4338 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4339 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4340 ) 4341fi 4342 4343dnl Checks for structure members 4344OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4345OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4346OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4347OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4348OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4349OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4350OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4351OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4352OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4353OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4354OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4355OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4356OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4357OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4358OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4359OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4360OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4361OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4362 4363AC_CHECK_MEMBERS([struct stat.st_blksize]) 4364AC_CHECK_MEMBERS([struct stat.st_mtim]) 4365AC_CHECK_MEMBERS([struct stat.st_mtime]) 4366AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4367struct passwd.pw_change, struct passwd.pw_expire], 4368[], [], [[ 4369#include <sys/types.h> 4370#include <pwd.h> 4371]]) 4372 4373AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4374 [Define if we don't have struct __res_state in resolv.h])], 4375[[ 4376#include <stdio.h> 4377#if HAVE_SYS_TYPES_H 4378# include <sys/types.h> 4379#endif 4380#include <netinet/in.h> 4381#include <arpa/nameser.h> 4382#include <resolv.h> 4383]]) 4384 4385AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4386 ac_cv_have_ss_family_in_struct_ss, [ 4387 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4388#include <sys/types.h> 4389#include <sys/socket.h> 4390 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4391 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4392 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4393]) 4394if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4395 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4396fi 4397 4398AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4399 ac_cv_have___ss_family_in_struct_ss, [ 4400 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4401#include <sys/types.h> 4402#include <sys/socket.h> 4403 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4404 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4405 [ ac_cv_have___ss_family_in_struct_ss="no" 4406 ]) 4407]) 4408if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4409 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4410 [Fields in struct sockaddr_storage]) 4411fi 4412 4413dnl make sure we're using the real structure members and not defines 4414AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4415 ac_cv_have_accrights_in_msghdr, [ 4416 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4417#include <sys/types.h> 4418#include <sys/socket.h> 4419#include <sys/uio.h> 4420#include <stdlib.h> 4421 ]], [[ 4422#ifdef msg_accrights 4423#error "msg_accrights is a macro" 4424exit(1); 4425#endif 4426struct msghdr m; 4427m.msg_accrights = 0; 4428exit(0); 4429 ]])], 4430 [ ac_cv_have_accrights_in_msghdr="yes" ], 4431 [ ac_cv_have_accrights_in_msghdr="no" ] 4432 ) 4433]) 4434if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4435 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4436 [Define if your system uses access rights style 4437 file descriptor passing]) 4438fi 4439 4440AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4441AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4442#include <sys/param.h> 4443#include <sys/stat.h> 4444#ifdef HAVE_SYS_TIME_H 4445# include <sys/time.h> 4446#endif 4447#ifdef HAVE_SYS_MOUNT_H 4448#include <sys/mount.h> 4449#endif 4450#ifdef HAVE_SYS_STATVFS_H 4451#include <sys/statvfs.h> 4452#endif 4453 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4454 [ AC_MSG_RESULT([yes]) ], 4455 [ AC_MSG_RESULT([no]) 4456 4457 AC_MSG_CHECKING([if fsid_t has member val]) 4458 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4459#include <sys/types.h> 4460#include <sys/statvfs.h> 4461 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4462 [ AC_MSG_RESULT([yes]) 4463 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4464 [ AC_MSG_RESULT([no]) ]) 4465 4466 AC_MSG_CHECKING([if f_fsid has member __val]) 4467 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4468#include <sys/types.h> 4469#include <sys/statvfs.h> 4470 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4471 [ AC_MSG_RESULT([yes]) 4472 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4473 [ AC_MSG_RESULT([no]) ]) 4474]) 4475 4476AC_CACHE_CHECK([for msg_control field in struct msghdr], 4477 ac_cv_have_control_in_msghdr, [ 4478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4479#include <sys/types.h> 4480#include <sys/socket.h> 4481#include <sys/uio.h> 4482#include <stdlib.h> 4483 ]], [[ 4484#ifdef msg_control 4485#error "msg_control is a macro" 4486exit(1); 4487#endif 4488struct msghdr m; 4489m.msg_control = 0; 4490exit(0); 4491 ]])], 4492 [ ac_cv_have_control_in_msghdr="yes" ], 4493 [ ac_cv_have_control_in_msghdr="no" ] 4494 ) 4495]) 4496if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4497 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4498 [Define if your system uses ancillary data style 4499 file descriptor passing]) 4500fi 4501 4502AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4503 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4504 [[ extern char *__progname; printf("%s", __progname); ]])], 4505 [ ac_cv_libc_defines___progname="yes" ], 4506 [ ac_cv_libc_defines___progname="no" 4507 ]) 4508]) 4509if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4510 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4511fi 4512 4513AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4514 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4515 [[ printf("%s", __FUNCTION__); ]])], 4516 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4517 [ ac_cv_cc_implements___FUNCTION__="no" 4518 ]) 4519]) 4520if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4521 AC_DEFINE([HAVE___FUNCTION__], [1], 4522 [Define if compiler implements __FUNCTION__]) 4523fi 4524 4525AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4526 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4527 [[ printf("%s", __func__); ]])], 4528 [ ac_cv_cc_implements___func__="yes" ], 4529 [ ac_cv_cc_implements___func__="no" 4530 ]) 4531]) 4532if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4533 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4534fi 4535 4536AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4537 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4538#include <stdarg.h> 4539va_list x,y; 4540 ]], [[ va_copy(x,y); ]])], 4541 [ ac_cv_have_va_copy="yes" ], 4542 [ ac_cv_have_va_copy="no" 4543 ]) 4544]) 4545if test "x$ac_cv_have_va_copy" = "xyes" ; then 4546 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4547fi 4548 4549AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4550 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4551#include <stdarg.h> 4552va_list x,y; 4553 ]], [[ __va_copy(x,y); ]])], 4554 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4555 ]) 4556]) 4557if test "x$ac_cv_have___va_copy" = "xyes" ; then 4558 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4559fi 4560 4561AC_CACHE_CHECK([whether getopt has optreset support], 4562 ac_cv_have_getopt_optreset, [ 4563 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4564 [[ extern int optreset; optreset = 0; ]])], 4565 [ ac_cv_have_getopt_optreset="yes" ], 4566 [ ac_cv_have_getopt_optreset="no" 4567 ]) 4568]) 4569if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4570 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4571 [Define if your getopt(3) defines and uses optreset]) 4572fi 4573 4574AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4575 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4576[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4577 [ ac_cv_libc_defines_sys_errlist="yes" ], 4578 [ ac_cv_libc_defines_sys_errlist="no" 4579 ]) 4580]) 4581if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4582 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4583 [Define if your system defines sys_errlist[]]) 4584fi 4585 4586 4587AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4588 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4589[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4590 [ ac_cv_libc_defines_sys_nerr="yes" ], 4591 [ ac_cv_libc_defines_sys_nerr="no" 4592 ]) 4593]) 4594if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4595 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4596fi 4597 4598# Check libraries needed by DNS fingerprint support 4599AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4600 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4601 [Define if getrrsetbyname() exists])], 4602 [ 4603 # Needed by our getrrsetbyname() 4604 AC_SEARCH_LIBS([res_query], [resolv]) 4605 AC_SEARCH_LIBS([dn_expand], [resolv]) 4606 AC_MSG_CHECKING([if res_query will link]) 4607 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4608#include <sys/types.h> 4609#include <netinet/in.h> 4610#include <arpa/nameser.h> 4611#include <netdb.h> 4612#include <resolv.h> 4613 ]], [[ 4614 res_query (0, 0, 0, 0, 0); 4615 ]])], 4616 AC_MSG_RESULT([yes]), 4617 [AC_MSG_RESULT([no]) 4618 saved_LIBS="$LIBS" 4619 LIBS="$LIBS -lresolv" 4620 AC_MSG_CHECKING([for res_query in -lresolv]) 4621 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4622#include <sys/types.h> 4623#include <netinet/in.h> 4624#include <arpa/nameser.h> 4625#include <netdb.h> 4626#include <resolv.h> 4627 ]], [[ 4628 res_query (0, 0, 0, 0, 0); 4629 ]])], 4630 [AC_MSG_RESULT([yes])], 4631 [LIBS="$saved_LIBS" 4632 AC_MSG_RESULT([no])]) 4633 ]) 4634 AC_CHECK_FUNCS([_getshort _getlong]) 4635 AC_CHECK_DECLS([_getshort, _getlong], , , 4636 [#include <sys/types.h> 4637 #include <arpa/nameser.h>]) 4638 AC_CHECK_MEMBER([HEADER.ad], 4639 [AC_DEFINE([HAVE_HEADER_AD], [1], 4640 [Define if HEADER.ad exists in arpa/nameser.h])], , 4641 [#include <arpa/nameser.h>]) 4642 ]) 4643 4644AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4645AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4646#include <stdio.h> 4647#if HAVE_SYS_TYPES_H 4648# include <sys/types.h> 4649#endif 4650#include <netinet/in.h> 4651#include <arpa/nameser.h> 4652#include <resolv.h> 4653extern struct __res_state _res; 4654 ]], [[ 4655struct __res_state *volatile p = &_res; /* force resolution of _res */ 4656return 0; 4657 ]],)], 4658 [AC_MSG_RESULT([yes]) 4659 AC_DEFINE([HAVE__RES_EXTERN], [1], 4660 [Define if you have struct __res_state _res as an extern]) 4661 ], 4662 [ AC_MSG_RESULT([no]) ] 4663) 4664 4665# Check whether user wants SELinux support 4666SELINUX_MSG="no" 4667LIBSELINUX="" 4668AC_ARG_WITH([selinux], 4669 [ --with-selinux Enable SELinux support], 4670 [ if test "x$withval" != "xno" ; then 4671 save_LIBS="$LIBS" 4672 AC_DEFINE([WITH_SELINUX], [1], 4673 [Define if you want SELinux support.]) 4674 SELINUX_MSG="yes" 4675 AC_CHECK_HEADER([selinux/selinux.h], , 4676 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4677 AC_CHECK_LIB([selinux], [setexeccon], 4678 [ LIBSELINUX="-lselinux" 4679 LIBS="$LIBS -lselinux" 4680 ], 4681 AC_MSG_ERROR([SELinux support requires libselinux library])) 4682 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4683 LIBS="$save_LIBS $LIBSELINUX" 4684 fi ] 4685) 4686AC_SUBST([SSHDLIBS]) 4687 4688# Check whether user wants Kerberos 5 support 4689KRB5_MSG="no" 4690AC_ARG_WITH([kerberos5], 4691 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4692 [ if test "x$withval" != "xno" ; then 4693 if test "x$withval" = "xyes" ; then 4694 KRB5ROOT="/usr/local" 4695 else 4696 KRB5ROOT=${withval} 4697 fi 4698 4699 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4700 KRB5_MSG="yes" 4701 4702 use_pkgconfig_for_krb5= 4703 if test "x$PKGCONFIG" != "xno"; then 4704 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4705 if "$PKGCONFIG" krb5; then 4706 AC_MSG_RESULT([yes]) 4707 use_pkgconfig_for_krb5=yes 4708 else 4709 AC_MSG_RESULT([no]) 4710 fi 4711 fi 4712 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4713 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4714 K5LIBS=`$PKGCONFIG --libs krb5` 4715 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4716 4717 AC_MSG_CHECKING([for gssapi support]) 4718 if "$PKGCONFIG" krb5-gssapi; then 4719 AC_MSG_RESULT([yes]) 4720 AC_DEFINE([GSSAPI], [1], 4721 [Define this if you want GSSAPI 4722 support in the version 2 protocol]) 4723 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4724 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4725 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4726 else 4727 AC_MSG_RESULT([no]) 4728 fi 4729 AC_MSG_CHECKING([whether we are using Heimdal]) 4730 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4731 ]], [[ char *tmp = heimdal_version; ]])], 4732 [ AC_MSG_RESULT([yes]) 4733 AC_DEFINE([HEIMDAL], [1], 4734 [Define this if you are using the Heimdal 4735 version of Kerberos V5]) ], 4736 [AC_MSG_RESULT([no]) 4737 ]) 4738 else 4739 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4740 [$KRB5ROOT/bin/krb5-config], 4741 [$KRB5ROOT/bin:$PATH]) 4742 if test -x $KRB5CONF ; then 4743 K5CFLAGS="`$KRB5CONF --cflags`" 4744 K5LIBS="`$KRB5CONF --libs`" 4745 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4746 4747 AC_MSG_CHECKING([for gssapi support]) 4748 if $KRB5CONF | grep gssapi >/dev/null ; then 4749 AC_MSG_RESULT([yes]) 4750 AC_DEFINE([GSSAPI], [1], 4751 [Define this if you want GSSAPI 4752 support in the version 2 protocol]) 4753 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4754 GSSLIBS="`$KRB5CONF --libs gssapi`" 4755 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4756 else 4757 AC_MSG_RESULT([no]) 4758 fi 4759 AC_MSG_CHECKING([whether we are using Heimdal]) 4760 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4761 ]], [[ char *tmp = heimdal_version; ]])], 4762 [ AC_MSG_RESULT([yes]) 4763 AC_DEFINE([HEIMDAL], [1], 4764 [Define this if you are using the Heimdal 4765 version of Kerberos V5]) ], 4766 [AC_MSG_RESULT([no]) 4767 ]) 4768 else 4769 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4770 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4771 AC_MSG_CHECKING([whether we are using Heimdal]) 4772 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4773 ]], [[ char *tmp = heimdal_version; ]])], 4774 [ AC_MSG_RESULT([yes]) 4775 AC_DEFINE([HEIMDAL]) 4776 K5LIBS="-lkrb5" 4777 K5LIBS="$K5LIBS -lcom_err -lasn1" 4778 AC_CHECK_LIB([roken], [net_write], 4779 [K5LIBS="$K5LIBS -lroken"]) 4780 AC_CHECK_LIB([des], [des_cbc_encrypt], 4781 [K5LIBS="$K5LIBS -ldes"]) 4782 ], [ AC_MSG_RESULT([no]) 4783 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4784 ]) 4785 AC_SEARCH_LIBS([dn_expand], [resolv]) 4786 4787 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4788 [ AC_DEFINE([GSSAPI]) 4789 GSSLIBS="-lgssapi_krb5" ], 4790 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4791 [ AC_DEFINE([GSSAPI]) 4792 GSSLIBS="-lgssapi" ], 4793 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4794 [ AC_DEFINE([GSSAPI]) 4795 GSSLIBS="-lgss" ], 4796 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4797 ]) 4798 ]) 4799 4800 AC_CHECK_HEADER([gssapi.h], , 4801 [ unset ac_cv_header_gssapi_h 4802 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4803 AC_CHECK_HEADERS([gssapi.h], , 4804 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4805 ) 4806 ] 4807 ) 4808 4809 oldCPP="$CPPFLAGS" 4810 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4811 AC_CHECK_HEADER([gssapi_krb5.h], , 4812 [ CPPFLAGS="$oldCPP" ]) 4813 4814 fi 4815 fi 4816 if test -n "${rpath_opt}" ; then 4817 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4818 fi 4819 if test ! -z "$blibpath" ; then 4820 blibpath="$blibpath:${KRB5ROOT}/lib" 4821 fi 4822 4823 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4824 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4825 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4826 4827 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4828 [Define this if you want to use libkafs' AFS support])]) 4829 4830 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4831#ifdef HAVE_GSSAPI_H 4832# include <gssapi.h> 4833#elif defined(HAVE_GSSAPI_GSSAPI_H) 4834# include <gssapi/gssapi.h> 4835#endif 4836 4837#ifdef HAVE_GSSAPI_GENERIC_H 4838# include <gssapi_generic.h> 4839#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4840# include <gssapi/gssapi_generic.h> 4841#endif 4842 ]]) 4843 saved_LIBS="$LIBS" 4844 LIBS="$LIBS $K5LIBS" 4845 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4846 LIBS="$saved_LIBS" 4847 4848 fi 4849 ] 4850) 4851AC_SUBST([GSSLIBS]) 4852AC_SUBST([K5LIBS]) 4853AC_SUBST([CHANNELLIBS]) 4854 4855# Looking for programs, paths and files 4856 4857PRIVSEP_PATH=/var/empty 4858AC_ARG_WITH([privsep-path], 4859 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4860 [ 4861 if test -n "$withval" && test "x$withval" != "xno" && \ 4862 test "x${withval}" != "xyes"; then 4863 PRIVSEP_PATH=$withval 4864 fi 4865 ] 4866) 4867AC_SUBST([PRIVSEP_PATH]) 4868 4869AC_ARG_WITH([xauth], 4870 [ --with-xauth=PATH Specify path to xauth program ], 4871 [ 4872 if test -n "$withval" && test "x$withval" != "xno" && \ 4873 test "x${withval}" != "xyes"; then 4874 xauth_path=$withval 4875 fi 4876 ], 4877 [ 4878 TestPath="$PATH" 4879 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4880 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4881 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4882 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4883 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4884 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4885 xauth_path="/usr/openwin/bin/xauth" 4886 fi 4887 ] 4888) 4889 4890STRIP_OPT=-s 4891AC_ARG_ENABLE([strip], 4892 [ --disable-strip Disable calling strip(1) on install], 4893 [ 4894 if test "x$enableval" = "xno" ; then 4895 STRIP_OPT= 4896 fi 4897 ] 4898) 4899AC_SUBST([STRIP_OPT]) 4900 4901if test -z "$xauth_path" ; then 4902 XAUTH_PATH="undefined" 4903 AC_SUBST([XAUTH_PATH]) 4904else 4905 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4906 [Define if xauth is found in your path]) 4907 XAUTH_PATH=$xauth_path 4908 AC_SUBST([XAUTH_PATH]) 4909fi 4910 4911dnl # --with-maildir=/path/to/mail gets top priority. 4912dnl # if maildir is set in the platform case statement above we use that. 4913dnl # Otherwise we run a program to get the dir from system headers. 4914dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4915dnl # If we find _PATH_MAILDIR we do nothing because that is what 4916dnl # session.c expects anyway. Otherwise we set to the value found 4917dnl # stripping any trailing slash. If for some strage reason our program 4918dnl # does not find what it needs, we default to /var/spool/mail. 4919# Check for mail directory 4920AC_ARG_WITH([maildir], 4921 [ --with-maildir=/path/to/mail Specify your system mail directory], 4922 [ 4923 if test "X$withval" != X && test "x$withval" != xno && \ 4924 test "x${withval}" != xyes; then 4925 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4926 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4927 fi 4928 ],[ 4929 if test "X$maildir" != "X"; then 4930 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4931 else 4932 AC_MSG_CHECKING([Discovering system mail directory]) 4933 AC_RUN_IFELSE( 4934 [AC_LANG_PROGRAM([[ 4935#include <stdio.h> 4936#include <stdlib.h> 4937#include <string.h> 4938#ifdef HAVE_PATHS_H 4939#include <paths.h> 4940#endif 4941#ifdef HAVE_MAILLOCK_H 4942#include <maillock.h> 4943#endif 4944#define DATA "conftest.maildir" 4945 ]], [[ 4946 FILE *fd; 4947 int rc; 4948 4949 fd = fopen(DATA,"w"); 4950 if(fd == NULL) 4951 exit(1); 4952 4953#if defined (_PATH_MAILDIR) 4954 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4955 exit(1); 4956#elif defined (MAILDIR) 4957 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4958 exit(1); 4959#elif defined (_PATH_MAIL) 4960 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4961 exit(1); 4962#else 4963 exit (2); 4964#endif 4965 4966 exit(0); 4967 ]])], 4968 [ 4969 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4970 maildir=`awk -F: '{print $2}' conftest.maildir \ 4971 | sed 's|/$||'` 4972 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4973 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4974 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4975 fi 4976 ], 4977 [ 4978 if test "X$ac_status" = "X2";then 4979# our test program didn't find it. Default to /var/spool/mail 4980 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4981 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4982 else 4983 AC_MSG_RESULT([*** not found ***]) 4984 fi 4985 ], 4986 [ 4987 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4988 ] 4989 ) 4990 fi 4991 ] 4992) # maildir 4993 4994if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4995 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4996 disable_ptmx_check=yes 4997fi 4998if test -z "$no_dev_ptmx" ; then 4999 if test "x$disable_ptmx_check" != "xyes" ; then 5000 AC_CHECK_FILE(["/dev/ptmx"], 5001 [ 5002 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5003 [Define if you have /dev/ptmx]) 5004 have_dev_ptmx=1 5005 ] 5006 ) 5007 fi 5008fi 5009 5010if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5011 AC_CHECK_FILE(["/dev/ptc"], 5012 [ 5013 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5014 [Define if you have /dev/ptc]) 5015 have_dev_ptc=1 5016 ] 5017 ) 5018else 5019 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5020fi 5021 5022# Options from here on. Some of these are preset by platform above 5023AC_ARG_WITH([mantype], 5024 [ --with-mantype=man|cat|doc Set man page type], 5025 [ 5026 case "$withval" in 5027 man|cat|doc) 5028 MANTYPE=$withval 5029 ;; 5030 *) 5031 AC_MSG_ERROR([invalid man type: $withval]) 5032 ;; 5033 esac 5034 ] 5035) 5036if test -z "$MANTYPE"; then 5037 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5038 MANTYPE=doc 5039 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5040 MANTYPE=doc 5041 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5042 MANTYPE=man 5043 else 5044 MANTYPE=cat 5045 fi 5046fi 5047AC_SUBST([MANTYPE]) 5048if test "$MANTYPE" = "doc"; then 5049 mansubdir=man; 5050else 5051 mansubdir=$MANTYPE; 5052fi 5053AC_SUBST([mansubdir]) 5054 5055# Whether to disable shadow password support 5056AC_ARG_WITH([shadow], 5057 [ --without-shadow Disable shadow password support], 5058 [ 5059 if test "x$withval" = "xno" ; then 5060 AC_DEFINE([DISABLE_SHADOW]) 5061 disable_shadow=yes 5062 fi 5063 ] 5064) 5065 5066if test -z "$disable_shadow" ; then 5067 AC_MSG_CHECKING([if the systems has expire shadow information]) 5068 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5069#include <sys/types.h> 5070#include <shadow.h> 5071struct spwd sp; 5072 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5073 [ sp_expire_available=yes ], [ 5074 ]) 5075 5076 if test "x$sp_expire_available" = "xyes" ; then 5077 AC_MSG_RESULT([yes]) 5078 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5079 [Define if you want to use shadow password expire field]) 5080 else 5081 AC_MSG_RESULT([no]) 5082 fi 5083fi 5084 5085# Use ip address instead of hostname in $DISPLAY 5086if test ! -z "$IPADDR_IN_DISPLAY" ; then 5087 DISPLAY_HACK_MSG="yes" 5088 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5089 [Define if you need to use IP address 5090 instead of hostname in $DISPLAY]) 5091else 5092 DISPLAY_HACK_MSG="no" 5093 AC_ARG_WITH([ipaddr-display], 5094 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5095 [ 5096 if test "x$withval" != "xno" ; then 5097 AC_DEFINE([IPADDR_IN_DISPLAY]) 5098 DISPLAY_HACK_MSG="yes" 5099 fi 5100 ] 5101 ) 5102fi 5103 5104# check for /etc/default/login and use it if present. 5105AC_ARG_ENABLE([etc-default-login], 5106 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5107 [ if test "x$enableval" = "xno"; then 5108 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5109 etc_default_login=no 5110 else 5111 etc_default_login=yes 5112 fi ], 5113 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5114 then 5115 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5116 etc_default_login=no 5117 else 5118 etc_default_login=yes 5119 fi ] 5120) 5121 5122if test "x$etc_default_login" != "xno"; then 5123 AC_CHECK_FILE(["/etc/default/login"], 5124 [ external_path_file=/etc/default/login ]) 5125 if test "x$external_path_file" = "x/etc/default/login"; then 5126 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5127 [Define if your system has /etc/default/login]) 5128 fi 5129fi 5130 5131dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5132if test $ac_cv_func_login_getcapbool = "yes" && \ 5133 test $ac_cv_header_login_cap_h = "yes" ; then 5134 external_path_file=/etc/login.conf 5135fi 5136 5137# Whether to mess with the default path 5138SERVER_PATH_MSG="(default)" 5139AC_ARG_WITH([default-path], 5140 [ --with-default-path= Specify default $PATH environment for server], 5141 [ 5142 if test "x$external_path_file" = "x/etc/login.conf" ; then 5143 AC_MSG_WARN([ 5144--with-default-path=PATH has no effect on this system. 5145Edit /etc/login.conf instead.]) 5146 elif test "x$withval" != "xno" ; then 5147 if test ! -z "$external_path_file" ; then 5148 AC_MSG_WARN([ 5149--with-default-path=PATH will only be used if PATH is not defined in 5150$external_path_file .]) 5151 fi 5152 user_path="$withval" 5153 SERVER_PATH_MSG="$withval" 5154 fi 5155 ], 5156 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5157 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5158 else 5159 if test ! -z "$external_path_file" ; then 5160 AC_MSG_WARN([ 5161If PATH is defined in $external_path_file, ensure the path to scp is included, 5162otherwise scp will not work.]) 5163 fi 5164 AC_RUN_IFELSE( 5165 [AC_LANG_PROGRAM([[ 5166/* find out what STDPATH is */ 5167#include <stdio.h> 5168#include <stdlib.h> 5169#ifdef HAVE_PATHS_H 5170# include <paths.h> 5171#endif 5172#ifndef _PATH_STDPATH 5173# ifdef _PATH_USERPATH /* Irix */ 5174# define _PATH_STDPATH _PATH_USERPATH 5175# else 5176# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5177# endif 5178#endif 5179#include <sys/types.h> 5180#include <sys/stat.h> 5181#include <fcntl.h> 5182#define DATA "conftest.stdpath" 5183 ]], [[ 5184 FILE *fd; 5185 int rc; 5186 5187 fd = fopen(DATA,"w"); 5188 if(fd == NULL) 5189 exit(1); 5190 5191 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5192 exit(1); 5193 5194 exit(0); 5195 ]])], 5196 [ user_path=`cat conftest.stdpath` ], 5197 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5198 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5199 ) 5200# make sure $bindir is in USER_PATH so scp will work 5201 t_bindir="${bindir}" 5202 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5203 t_bindir=`eval echo ${t_bindir}` 5204 case $t_bindir in 5205 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5206 esac 5207 case $t_bindir in 5208 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5209 esac 5210 done 5211 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5212 if test $? -ne 0 ; then 5213 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5214 if test $? -ne 0 ; then 5215 user_path=$user_path:$t_bindir 5216 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5217 fi 5218 fi 5219 fi ] 5220) 5221if test "x$external_path_file" != "x/etc/login.conf" ; then 5222 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5223 AC_SUBST([user_path]) 5224fi 5225 5226# Set superuser path separately to user path 5227AC_ARG_WITH([superuser-path], 5228 [ --with-superuser-path= Specify different path for super-user], 5229 [ 5230 if test -n "$withval" && test "x$withval" != "xno" && \ 5231 test "x${withval}" != "xyes"; then 5232 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5233 [Define if you want a different $PATH 5234 for the superuser]) 5235 superuser_path=$withval 5236 fi 5237 ] 5238) 5239 5240 5241AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5242IPV4_IN6_HACK_MSG="no" 5243AC_ARG_WITH(4in6, 5244 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5245 [ 5246 if test "x$withval" != "xno" ; then 5247 AC_MSG_RESULT([yes]) 5248 AC_DEFINE([IPV4_IN_IPV6], [1], 5249 [Detect IPv4 in IPv6 mapped addresses 5250 and treat as IPv4]) 5251 IPV4_IN6_HACK_MSG="yes" 5252 else 5253 AC_MSG_RESULT([no]) 5254 fi 5255 ], [ 5256 if test "x$inet6_default_4in6" = "xyes"; then 5257 AC_MSG_RESULT([yes (default)]) 5258 AC_DEFINE([IPV4_IN_IPV6]) 5259 IPV4_IN6_HACK_MSG="yes" 5260 else 5261 AC_MSG_RESULT([no (default)]) 5262 fi 5263 ] 5264) 5265 5266# Whether to enable BSD auth support 5267BSD_AUTH_MSG=no 5268AC_ARG_WITH([bsd-auth], 5269 [ --with-bsd-auth Enable BSD auth support], 5270 [ 5271 if test "x$withval" != "xno" ; then 5272 AC_DEFINE([BSD_AUTH], [1], 5273 [Define if you have BSD auth support]) 5274 BSD_AUTH_MSG=yes 5275 fi 5276 ] 5277) 5278 5279# Where to place sshd.pid 5280piddir=/var/run 5281# make sure the directory exists 5282if test ! -d $piddir ; then 5283 piddir=`eval echo ${sysconfdir}` 5284 case $piddir in 5285 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5286 esac 5287fi 5288 5289AC_ARG_WITH([pid-dir], 5290 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5291 [ 5292 if test -n "$withval" && test "x$withval" != "xno" && \ 5293 test "x${withval}" != "xyes"; then 5294 piddir=$withval 5295 if test ! -d $piddir ; then 5296 AC_MSG_WARN([** no $piddir directory on this system **]) 5297 fi 5298 fi 5299 ] 5300) 5301 5302AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5303 [Specify location of ssh.pid]) 5304AC_SUBST([piddir]) 5305 5306dnl allow user to disable some login recording features 5307AC_ARG_ENABLE([lastlog], 5308 [ --disable-lastlog disable use of lastlog even if detected [no]], 5309 [ 5310 if test "x$enableval" = "xno" ; then 5311 AC_DEFINE([DISABLE_LASTLOG]) 5312 fi 5313 ] 5314) 5315AC_ARG_ENABLE([utmp], 5316 [ --disable-utmp disable use of utmp even if detected [no]], 5317 [ 5318 if test "x$enableval" = "xno" ; then 5319 AC_DEFINE([DISABLE_UTMP]) 5320 fi 5321 ] 5322) 5323AC_ARG_ENABLE([utmpx], 5324 [ --disable-utmpx disable use of utmpx even if detected [no]], 5325 [ 5326 if test "x$enableval" = "xno" ; then 5327 AC_DEFINE([DISABLE_UTMPX], [1], 5328 [Define if you don't want to use utmpx]) 5329 fi 5330 ] 5331) 5332AC_ARG_ENABLE([wtmp], 5333 [ --disable-wtmp disable use of wtmp even if detected [no]], 5334 [ 5335 if test "x$enableval" = "xno" ; then 5336 AC_DEFINE([DISABLE_WTMP]) 5337 fi 5338 ] 5339) 5340AC_ARG_ENABLE([wtmpx], 5341 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5342 [ 5343 if test "x$enableval" = "xno" ; then 5344 AC_DEFINE([DISABLE_WTMPX], [1], 5345 [Define if you don't want to use wtmpx]) 5346 fi 5347 ] 5348) 5349AC_ARG_ENABLE([libutil], 5350 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5351 [ 5352 if test "x$enableval" = "xno" ; then 5353 AC_DEFINE([DISABLE_LOGIN]) 5354 fi 5355 ] 5356) 5357AC_ARG_ENABLE([pututline], 5358 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5359 [ 5360 if test "x$enableval" = "xno" ; then 5361 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5362 [Define if you don't want to use pututline() 5363 etc. to write [uw]tmp]) 5364 fi 5365 ] 5366) 5367AC_ARG_ENABLE([pututxline], 5368 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5369 [ 5370 if test "x$enableval" = "xno" ; then 5371 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5372 [Define if you don't want to use pututxline() 5373 etc. to write [uw]tmpx]) 5374 fi 5375 ] 5376) 5377AC_ARG_WITH([lastlog], 5378 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5379 [ 5380 if test "x$withval" = "xno" ; then 5381 AC_DEFINE([DISABLE_LASTLOG]) 5382 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5383 conf_lastlog_location=$withval 5384 fi 5385 ] 5386) 5387 5388dnl lastlog, [uw]tmpx? detection 5389dnl NOTE: set the paths in the platform section to avoid the 5390dnl need for command-line parameters 5391dnl lastlog and [uw]tmp are subject to a file search if all else fails 5392 5393dnl lastlog detection 5394dnl NOTE: the code itself will detect if lastlog is a directory 5395AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5396AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5397#include <sys/types.h> 5398#include <utmp.h> 5399#ifdef HAVE_LASTLOG_H 5400# include <lastlog.h> 5401#endif 5402#ifdef HAVE_PATHS_H 5403# include <paths.h> 5404#endif 5405#ifdef HAVE_LOGIN_H 5406# include <login.h> 5407#endif 5408 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5409 [ AC_MSG_RESULT([yes]) ], 5410 [ 5411 AC_MSG_RESULT([no]) 5412 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5413 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5414#include <sys/types.h> 5415#include <utmp.h> 5416#ifdef HAVE_LASTLOG_H 5417# include <lastlog.h> 5418#endif 5419#ifdef HAVE_PATHS_H 5420# include <paths.h> 5421#endif 5422 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5423 [ AC_MSG_RESULT([yes]) ], 5424 [ 5425 AC_MSG_RESULT([no]) 5426 system_lastlog_path=no 5427 ]) 5428]) 5429 5430if test -z "$conf_lastlog_location"; then 5431 if test x"$system_lastlog_path" = x"no" ; then 5432 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5433 if (test -d "$f" || test -f "$f") ; then 5434 conf_lastlog_location=$f 5435 fi 5436 done 5437 if test -z "$conf_lastlog_location"; then 5438 AC_MSG_WARN([** Cannot find lastlog **]) 5439 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5440 fi 5441 fi 5442fi 5443 5444if test -n "$conf_lastlog_location"; then 5445 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5446 [Define if you want to specify the path to your lastlog file]) 5447fi 5448 5449dnl utmp detection 5450AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5451AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5452#include <sys/types.h> 5453#include <utmp.h> 5454#ifdef HAVE_PATHS_H 5455# include <paths.h> 5456#endif 5457 ]], [[ char *utmp = UTMP_FILE; ]])], 5458 [ AC_MSG_RESULT([yes]) ], 5459 [ AC_MSG_RESULT([no]) 5460 system_utmp_path=no 5461]) 5462if test -z "$conf_utmp_location"; then 5463 if test x"$system_utmp_path" = x"no" ; then 5464 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5465 if test -f $f ; then 5466 conf_utmp_location=$f 5467 fi 5468 done 5469 if test -z "$conf_utmp_location"; then 5470 AC_DEFINE([DISABLE_UTMP]) 5471 fi 5472 fi 5473fi 5474if test -n "$conf_utmp_location"; then 5475 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5476 [Define if you want to specify the path to your utmp file]) 5477fi 5478 5479dnl wtmp detection 5480AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5481AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5482#include <sys/types.h> 5483#include <utmp.h> 5484#ifdef HAVE_PATHS_H 5485# include <paths.h> 5486#endif 5487 ]], [[ char *wtmp = WTMP_FILE; ]])], 5488 [ AC_MSG_RESULT([yes]) ], 5489 [ AC_MSG_RESULT([no]) 5490 system_wtmp_path=no 5491]) 5492if test -z "$conf_wtmp_location"; then 5493 if test x"$system_wtmp_path" = x"no" ; then 5494 for f in /usr/adm/wtmp /var/log/wtmp; do 5495 if test -f $f ; then 5496 conf_wtmp_location=$f 5497 fi 5498 done 5499 if test -z "$conf_wtmp_location"; then 5500 AC_DEFINE([DISABLE_WTMP]) 5501 fi 5502 fi 5503fi 5504if test -n "$conf_wtmp_location"; then 5505 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5506 [Define if you want to specify the path to your wtmp file]) 5507fi 5508 5509dnl wtmpx detection 5510AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5511AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5512#include <sys/types.h> 5513#include <utmp.h> 5514#ifdef HAVE_UTMPX_H 5515#include <utmpx.h> 5516#endif 5517#ifdef HAVE_PATHS_H 5518# include <paths.h> 5519#endif 5520 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5521 [ AC_MSG_RESULT([yes]) ], 5522 [ AC_MSG_RESULT([no]) 5523 system_wtmpx_path=no 5524]) 5525if test -z "$conf_wtmpx_location"; then 5526 if test x"$system_wtmpx_path" = x"no" ; then 5527 AC_DEFINE([DISABLE_WTMPX]) 5528 fi 5529else 5530 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5531 [Define if you want to specify the path to your wtmpx file]) 5532fi 5533 5534 5535if test ! -z "$blibpath" ; then 5536 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5537 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5538fi 5539 5540AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5541 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5542 AC_DEFINE([DISABLE_LASTLOG]) 5543 fi 5544 ], [ 5545#ifdef HAVE_SYS_TYPES_H 5546#include <sys/types.h> 5547#endif 5548#ifdef HAVE_UTMP_H 5549#include <utmp.h> 5550#endif 5551#ifdef HAVE_UTMPX_H 5552#include <utmpx.h> 5553#endif 5554#ifdef HAVE_LASTLOG_H 5555#include <lastlog.h> 5556#endif 5557 ]) 5558 5559AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5560 AC_DEFINE([DISABLE_UTMP]) 5561 AC_DEFINE([DISABLE_WTMP]) 5562 ], [ 5563#ifdef HAVE_SYS_TYPES_H 5564#include <sys/types.h> 5565#endif 5566#ifdef HAVE_UTMP_H 5567#include <utmp.h> 5568#endif 5569#ifdef HAVE_UTMPX_H 5570#include <utmpx.h> 5571#endif 5572#ifdef HAVE_LASTLOG_H 5573#include <lastlog.h> 5574#endif 5575 ]) 5576 5577dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5578dnl Add now. 5579CFLAGS="$CFLAGS $werror_flags" 5580 5581if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5582 TEST_SSH_IPV6=no 5583else 5584 TEST_SSH_IPV6=yes 5585fi 5586AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5587AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5588AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5589AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5590AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5591AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5592 5593CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5594LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5595 5596# Make a copy of CFLAGS/LDFLAGS without PIE options. 5597LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5598CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5599AC_SUBST([LDFLAGS_NOPIE]) 5600AC_SUBST([CFLAGS_NOPIE]) 5601 5602AC_EXEEXT 5603AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5604 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5605 survey.sh]) 5606AC_OUTPUT 5607 5608# Print summary of options 5609 5610# Someone please show me a better way :) 5611A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5612B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5613C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5614D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5615E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5616F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5617G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5618H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5619I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5620J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5621 5622echo "" 5623echo "OpenSSH has been configured with the following options:" 5624echo " User binaries: $B" 5625echo " System binaries: $C" 5626echo " Configuration files: $D" 5627echo " Askpass program: $E" 5628echo " Manual pages: $F" 5629echo " PID file: $G" 5630echo " Privilege separation chroot path: $H" 5631if test "x$external_path_file" = "x/etc/login.conf" ; then 5632echo " At runtime, sshd will use the path defined in $external_path_file" 5633echo " Make sure the path to scp is present, otherwise scp will not work" 5634else 5635echo " sshd default user PATH: $I" 5636 if test ! -z "$external_path_file"; then 5637echo " (If PATH is set in $external_path_file it will be used instead. If" 5638echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5639 fi 5640fi 5641if test ! -z "$superuser_path" ; then 5642echo " sshd superuser user PATH: $J" 5643fi 5644echo " Manpage format: $MANTYPE" 5645echo " PAM support: $PAM_MSG" 5646echo " OSF SIA support: $SIA_MSG" 5647echo " KerberosV support: $KRB5_MSG" 5648echo " SELinux support: $SELINUX_MSG" 5649echo " TCP Wrappers support: $TCPW_MSG" 5650echo " libedit support: $LIBEDIT_MSG" 5651echo " libldns support: $LDNS_MSG" 5652echo " Solaris process contract support: $SPC_MSG" 5653echo " Solaris project support: $SP_MSG" 5654echo " Solaris privilege support: $SPP_MSG" 5655echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5656echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5657echo " BSD Auth support: $BSD_AUTH_MSG" 5658echo " Random number source: $RAND_MSG" 5659echo " Privsep sandbox style: $SANDBOX_STYLE" 5660echo " PKCS#11 support: $enable_pkcs11" 5661echo " U2F/FIDO support: $enable_sk" 5662 5663echo "" 5664 5665echo " Host: ${host}" 5666echo " Compiler: ${CC}" 5667echo " Compiler flags: ${CFLAGS}" 5668echo "Preprocessor flags: ${CPPFLAGS}" 5669echo " Linker flags: ${LDFLAGS}" 5670echo " Libraries: ${LIBS}" 5671if test ! -z "${CHANNELLIBS}"; then 5672echo " +for channels: ${CHANNELLIBS}" 5673fi 5674if test ! -z "${LIBFIDO2}"; then 5675echo " +for FIDO2: ${LIBFIDO2}" 5676fi 5677if test ! -z "${SSHDLIBS}"; then 5678echo " +for sshd: ${SSHDLIBS}" 5679fi 5680 5681echo "" 5682 5683if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5684 echo "SVR4 style packages are supported with \"make package\"" 5685 echo "" 5686fi 5687 5688if test "x$PAM_MSG" = "xyes" ; then 5689 echo "PAM is enabled. You may need to install a PAM control file " 5690 echo "for sshd, otherwise password authentication may fail. " 5691 echo "Example PAM control files can be found in the contrib/ " 5692 echo "subdirectory" 5693 echo "" 5694fi 5695 5696if test ! -z "$NO_PEERCHECK" ; then 5697 echo "WARNING: the operating system that you are using does not" 5698 echo "appear to support getpeereid(), getpeerucred() or the" 5699 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5700 echo "enforce security checks to prevent unauthorised connections to" 5701 echo "ssh-agent. Their absence increases the risk that a malicious" 5702 echo "user can connect to your agent." 5703 echo "" 5704fi 5705 5706if test "$AUDIT_MODULE" = "bsm" ; then 5707 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5708 echo "See the Solaris section in README.platform for details." 5709fi 5710