1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADERS([config.h]) 22AC_PROG_CC([cc gcc clang]) 23 24# XXX relax this after reimplementing logit() etc. 25AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 26AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 27int f(int a, int b, int c) { return a + b + c; } 28#define F(a, ...) f(a, __VA_ARGS__) 29]], [[return F(1, 2, -3);]])], 30 [ AC_MSG_RESULT([yes]) ], 31 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 32) 33 34AC_CANONICAL_HOST 35AC_C_BIGENDIAN 36 37# Checks for programs. 38AC_PROG_AWK 39AC_PROG_CPP 40AC_PROG_RANLIB 41AC_PROG_INSTALL 42AC_PROG_EGREP 43AC_PROG_MKDIR_P 44AC_CHECK_TOOLS([AR], [ar]) 45AC_PATH_PROG([CAT], [cat]) 46AC_PATH_PROG([KILL], [kill]) 47AC_PATH_PROG([SED], [sed]) 48AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 49AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 50AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 51AC_PATH_PROG([SH], [sh]) 52AC_PATH_PROG([GROFF], [groff]) 53AC_PATH_PROG([NROFF], [nroff awf]) 54AC_PATH_PROG([MANDOC], [mandoc]) 55AC_SUBST([TEST_SHELL], [sh]) 56 57dnl select manpage formatter to be used to build "cat" format pages. 58if test "x$MANDOC" != "x" ; then 59 MANFMT="$MANDOC" 60elif test "x$NROFF" != "x" ; then 61 MANFMT="$NROFF -mandoc" 62elif test "x$GROFF" != "x" ; then 63 MANFMT="$GROFF -mandoc -Tascii" 64else 65 AC_MSG_WARN([no manpage formatter found]) 66 MANFMT="false" 67fi 68AC_SUBST([MANFMT]) 69 70dnl for buildpkg.sh 71AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 72 [/usr/sbin${PATH_SEPARATOR}/etc]) 73AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 74 [/usr/sbin${PATH_SEPARATOR}/etc]) 75AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 76if test -x /sbin/sh; then 77 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 78else 79 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 80fi 81 82# System features 83AC_SYS_LARGEFILE 84 85if test -z "$AR" ; then 86 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 87fi 88 89AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 90if test ! -z "$PATH_PASSWD_PROG" ; then 91 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 92 [Full path of your "passwd" program]) 93fi 94 95dnl Since autoconf doesn't support it very well, we no longer allow users to 96dnl override LD, however keeping the hook here for now in case there's a use 97dnl use case we overlooked and someone needs to re-enable it. Unless a good 98dnl reason is found we'll be removing this in future. 99LD="$CC" 100AC_SUBST([LD]) 101 102AC_C_INLINE 103 104AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 105AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 106AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 107 #include <sys/types.h> 108 #include <sys/param.h> 109 #include <dev/systrace.h> 110]) 111AC_CHECK_DECL([RLIMIT_NPROC], 112 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 113 #include <sys/types.h> 114 #include <sys/resource.h> 115]) 116AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 117 #include <sys/types.h> 118 #include <linux/prctl.h> 119]) 120 121openssl=yes 122AC_ARG_WITH([openssl], 123 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 124 [ if test "x$withval" = "xno" ; then 125 openssl=no 126 fi 127 ] 128) 129AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 130if test "x$openssl" = "xyes" ; then 131 AC_MSG_RESULT([yes]) 132 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 133else 134 AC_MSG_RESULT([no]) 135fi 136 137use_stack_protector=1 138use_toolchain_hardening=1 139AC_ARG_WITH([stackprotect], 140 [ --without-stackprotect Don't use compiler's stack protection], [ 141 if test "x$withval" = "xno"; then 142 use_stack_protector=0 143 fi ]) 144AC_ARG_WITH([hardening], 145 [ --without-hardening Don't use toolchain hardening flags], [ 146 if test "x$withval" = "xno"; then 147 use_toolchain_hardening=0 148 fi ]) 149 150# We use -Werror for the tests only so that we catch warnings like "this is 151# on by default" for things like -fPIE. 152AC_MSG_CHECKING([if $CC supports -Werror]) 153saved_CFLAGS="$CFLAGS" 154CFLAGS="$CFLAGS -Werror" 155AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 156 [ AC_MSG_RESULT([yes]) 157 WERROR="-Werror"], 158 [ AC_MSG_RESULT([no]) 159 WERROR="" ] 160) 161CFLAGS="$saved_CFLAGS" 162 163if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 164 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 167 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 169 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 170 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 171 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 172 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 173 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 174 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 175 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 178 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 179 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 180 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 181 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 182 if test "x$use_toolchain_hardening" = "x1"; then 183 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 184 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 185 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 186 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 187 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 188 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 189 # NB. -ftrapv expects certain support functions to be present in 190 # the compiler library (libgcc or similar) to detect integer operations 191 # that can overflow. We must check that the result of enabling it 192 # actually links. The test program compiled/linked includes a number 193 # of integer operations that should exercise this. 194 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 195 OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) 196 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 197 fi 198 AC_MSG_CHECKING([gcc version]) 199 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 200 case $GCC_VER in 201 1.*) no_attrib_nonnull=1 ;; 202 2.8* | 2.9*) 203 no_attrib_nonnull=1 204 ;; 205 2.*) no_attrib_nonnull=1 ;; 206 *) ;; 207 esac 208 AC_MSG_RESULT([$GCC_VER]) 209 210 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 211 saved_CFLAGS="$CFLAGS" 212 CFLAGS="$CFLAGS -fno-builtin-memset" 213 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 214 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 215 [ AC_MSG_RESULT([yes]) ], 216 [ AC_MSG_RESULT([no]) 217 CFLAGS="$saved_CFLAGS" ] 218 ) 219 220 # -fstack-protector-all doesn't always work for some GCC versions 221 # and/or platforms, so we test if we can. If it's not supported 222 # on a given platform gcc will emit a warning so we use -Werror. 223 if test "x$use_stack_protector" = "x1"; then 224 for t in -fstack-protector-strong -fstack-protector-all \ 225 -fstack-protector; do 226 AC_MSG_CHECKING([if $CC supports $t]) 227 saved_CFLAGS="$CFLAGS" 228 saved_LDFLAGS="$LDFLAGS" 229 CFLAGS="$CFLAGS $t -Werror" 230 LDFLAGS="$LDFLAGS $t -Werror" 231 AC_LINK_IFELSE( 232 [AC_LANG_PROGRAM([[ 233 #include <stdio.h> 234 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 235 ]], 236 [[ 237 char x[256]; 238 snprintf(x, sizeof(x), "XXX%d", func(1)); 239 ]])], 240 [ AC_MSG_RESULT([yes]) 241 CFLAGS="$saved_CFLAGS $t" 242 LDFLAGS="$saved_LDFLAGS $t" 243 AC_MSG_CHECKING([if $t works]) 244 AC_RUN_IFELSE( 245 [AC_LANG_PROGRAM([[ 246 #include <stdio.h> 247 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 248 ]], 249 [[ 250 char x[256]; 251 snprintf(x, sizeof(x), "XXX%d", func(1)); 252 ]])], 253 [ AC_MSG_RESULT([yes]) 254 break ], 255 [ AC_MSG_RESULT([no]) ], 256 [ AC_MSG_WARN([cross compiling: cannot test]) 257 break ] 258 ) 259 ], 260 [ AC_MSG_RESULT([no]) ] 261 ) 262 CFLAGS="$saved_CFLAGS" 263 LDFLAGS="$saved_LDFLAGS" 264 done 265 fi 266 267 if test -z "$have_llong_max"; then 268 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 269 unset ac_cv_have_decl_LLONG_MAX 270 saved_CFLAGS="$CFLAGS" 271 CFLAGS="$CFLAGS -std=gnu99" 272 AC_CHECK_DECL([LLONG_MAX], 273 [have_llong_max=1], 274 [CFLAGS="$saved_CFLAGS"], 275 [#include <limits.h>] 276 ) 277 fi 278fi 279 280AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 281AC_COMPILE_IFELSE( 282 [AC_LANG_PROGRAM([[ 283#include <stdlib.h> 284__attribute__((__unused__)) static void foo(void){return;}]], 285 [[ exit(0); ]])], 286 [ AC_MSG_RESULT([yes]) ], 287 [ AC_MSG_RESULT([no]) 288 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 289 [compiler does not accept __attribute__ on return types]) ] 290) 291 292AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 293AC_COMPILE_IFELSE( 294 [AC_LANG_PROGRAM([[ 295#include <stdlib.h> 296typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 297 [[ exit(0); ]])], 298 [ AC_MSG_RESULT([yes]) ], 299 [ AC_MSG_RESULT([no]) 300 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 301 [compiler does not accept __attribute__ on prototype args]) ] 302) 303 304AC_MSG_CHECKING([if compiler supports variable length arrays]) 305AC_COMPILE_IFELSE( 306 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 307 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 308 [ AC_MSG_RESULT([yes]) 309 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 310 [compiler supports variable length arrays]) ], 311 [ AC_MSG_RESULT([no]) ] 312) 313 314AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 315AC_COMPILE_IFELSE( 316 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 317 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 318 [ AC_MSG_RESULT([yes]) 319 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 320 [compiler variable declarations after code]) ], 321 [ AC_MSG_RESULT([no]) ] 322) 323 324if test "x$no_attrib_nonnull" != "x1" ; then 325 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 326fi 327 328AC_ARG_WITH([rpath], 329 [ --without-rpath Disable auto-added -R linker paths], 330 [ 331 if test "x$withval" = "xno" ; then 332 rpath_opt="" 333 elif test "x$withval" = "xyes" ; then 334 rpath_opt="-R" 335 else 336 rpath_opt="$withval" 337 fi 338 ] 339) 340 341# Allow user to specify flags 342AC_ARG_WITH([cflags], 343 [ --with-cflags Specify additional flags to pass to compiler], 344 [ 345 if test -n "$withval" && test "x$withval" != "xno" && \ 346 test "x${withval}" != "xyes"; then 347 CFLAGS="$CFLAGS $withval" 348 fi 349 ] 350) 351 352AC_ARG_WITH([cflags-after], 353 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 354 [ 355 if test -n "$withval" && test "x$withval" != "xno" && \ 356 test "x${withval}" != "xyes"; then 357 CFLAGS_AFTER="$withval" 358 fi 359 ] 360) 361AC_ARG_WITH([cppflags], 362 [ --with-cppflags Specify additional flags to pass to preprocessor] , 363 [ 364 if test -n "$withval" && test "x$withval" != "xno" && \ 365 test "x${withval}" != "xyes"; then 366 CPPFLAGS="$CPPFLAGS $withval" 367 fi 368 ] 369) 370AC_ARG_WITH([ldflags], 371 [ --with-ldflags Specify additional flags to pass to linker], 372 [ 373 if test -n "$withval" && test "x$withval" != "xno" && \ 374 test "x${withval}" != "xyes"; then 375 LDFLAGS="$LDFLAGS $withval" 376 fi 377 ] 378) 379AC_ARG_WITH([ldflags-after], 380 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 381 [ 382 if test -n "$withval" && test "x$withval" != "xno" && \ 383 test "x${withval}" != "xyes"; then 384 LDFLAGS_AFTER="$withval" 385 fi 386 ] 387) 388AC_ARG_WITH([libs], 389 [ --with-libs Specify additional libraries to link with], 390 [ 391 if test -n "$withval" && test "x$withval" != "xno" && \ 392 test "x${withval}" != "xyes"; then 393 LIBS="$LIBS $withval" 394 fi 395 ] 396) 397AC_ARG_WITH([Werror], 398 [ --with-Werror Build main code with -Werror], 399 [ 400 if test -n "$withval" && test "x$withval" != "xno"; then 401 werror_flags="-Werror" 402 if test "x${withval}" != "xyes"; then 403 werror_flags="$withval" 404 fi 405 fi 406 ] 407) 408 409AC_CHECK_HEADERS([ \ 410 blf.h \ 411 bstring.h \ 412 crypt.h \ 413 crypto/sha2.h \ 414 dirent.h \ 415 endian.h \ 416 elf.h \ 417 err.h \ 418 features.h \ 419 fcntl.h \ 420 floatingpoint.h \ 421 fnmatch.h \ 422 getopt.h \ 423 glob.h \ 424 ia.h \ 425 iaf.h \ 426 ifaddrs.h \ 427 inttypes.h \ 428 langinfo.h \ 429 limits.h \ 430 locale.h \ 431 login.h \ 432 maillock.h \ 433 ndir.h \ 434 net/if_tun.h \ 435 netdb.h \ 436 netgroup.h \ 437 pam/pam_appl.h \ 438 paths.h \ 439 poll.h \ 440 pty.h \ 441 readpassphrase.h \ 442 rpc/types.h \ 443 security/pam_appl.h \ 444 sha2.h \ 445 shadow.h \ 446 stddef.h \ 447 stdint.h \ 448 string.h \ 449 strings.h \ 450 sys/bitypes.h \ 451 sys/byteorder.h \ 452 sys/bsdtty.h \ 453 sys/cdefs.h \ 454 sys/dir.h \ 455 sys/file.h \ 456 sys/mman.h \ 457 sys/label.h \ 458 sys/ndir.h \ 459 sys/param.h \ 460 sys/poll.h \ 461 sys/prctl.h \ 462 sys/procctl.h \ 463 sys/pstat.h \ 464 sys/ptrace.h \ 465 sys/random.h \ 466 sys/select.h \ 467 sys/stat.h \ 468 sys/stream.h \ 469 sys/stropts.h \ 470 sys/strtio.h \ 471 sys/statvfs.h \ 472 sys/sysmacros.h \ 473 sys/time.h \ 474 sys/timers.h \ 475 sys/vfs.h \ 476 time.h \ 477 tmpdir.h \ 478 ttyent.h \ 479 ucred.h \ 480 unistd.h \ 481 usersec.h \ 482 util.h \ 483 utime.h \ 484 utmp.h \ 485 utmpx.h \ 486 vis.h \ 487 wchar.h \ 488]) 489 490# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 491# to be included first. 492AC_CHECK_HEADERS([sys/audit.h], [], [], [ 493#ifdef HAVE_SYS_TIME_H 494# include <sys/time.h> 495#endif 496#ifdef HAVE_SYS_TYPES_H 497# include <sys/types.h> 498#endif 499#ifdef HAVE_SYS_LABEL_H 500# include <sys/label.h> 501#endif 502]) 503 504# sys/capsicum.h requires sys/types.h 505AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 506#ifdef HAVE_SYS_TYPES_H 507# include <sys/types.h> 508#endif 509]) 510 511# net/route.h requires sys/socket.h and sys/types.h. 512# sys/sysctl.h also requires sys/param.h 513AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 514#ifdef HAVE_SYS_TYPES_H 515# include <sys/types.h> 516#endif 517#include <sys/param.h> 518#include <sys/socket.h> 519]) 520 521# lastlog.h requires sys/time.h to be included first on Solaris 522AC_CHECK_HEADERS([lastlog.h], [], [], [ 523#ifdef HAVE_SYS_TIME_H 524# include <sys/time.h> 525#endif 526]) 527 528# sys/ptms.h requires sys/stream.h to be included first on Solaris 529AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 530#ifdef HAVE_SYS_STREAM_H 531# include <sys/stream.h> 532#endif 533]) 534 535# login_cap.h requires sys/types.h on NetBSD 536AC_CHECK_HEADERS([login_cap.h], [], [], [ 537#include <sys/types.h> 538]) 539 540# older BSDs need sys/param.h before sys/mount.h 541AC_CHECK_HEADERS([sys/mount.h], [], [], [ 542#include <sys/param.h> 543]) 544 545# Android requires sys/socket.h to be included before sys/un.h 546AC_CHECK_HEADERS([sys/un.h], [], [], [ 547#include <sys/types.h> 548#include <sys/socket.h> 549]) 550 551# Messages for features tested for in target-specific section 552SIA_MSG="no" 553SPC_MSG="no" 554SP_MSG="no" 555SPP_MSG="no" 556 557# Support for Solaris/Illumos privileges (this test is used by both 558# the --with-solaris-privs option and --with-sandbox=solaris). 559SOLARIS_PRIVS="no" 560 561# Check for some target-specific stuff 562case "$host" in 563*-*-aix*) 564 # Some versions of VAC won't allow macro redefinitions at 565 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 566 # particularly with older versions of vac or xlc. 567 # It also throws errors about null macro arguments, but these are 568 # not fatal. 569 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 570 AC_COMPILE_IFELSE( 571 [AC_LANG_PROGRAM([[ 572#define testmacro foo 573#define testmacro bar]], 574 [[ exit(0); ]])], 575 [ AC_MSG_RESULT([yes]) ], 576 [ AC_MSG_RESULT([no]) 577 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 578 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 579 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 580 ] 581 ) 582 583 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 584 if (test -z "$blibpath"); then 585 blibpath="/usr/lib:/lib" 586 fi 587 saved_LDFLAGS="$LDFLAGS" 588 if test "$GCC" = "yes"; then 589 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 590 else 591 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 592 fi 593 for tryflags in $flags ;do 594 if (test -z "$blibflags"); then 595 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 596 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 597 [blibflags=$tryflags], []) 598 fi 599 done 600 if (test -z "$blibflags"); then 601 AC_MSG_RESULT([not found]) 602 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 603 else 604 AC_MSG_RESULT([$blibflags]) 605 fi 606 LDFLAGS="$saved_LDFLAGS" 607 dnl Check for authenticate. Might be in libs.a on older AIXes 608 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 609 [Define if you want to enable AIX4's authenticate function])], 610 [AC_CHECK_LIB([s], [authenticate], 611 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 612 LIBS="$LIBS -ls" 613 ]) 614 ]) 615 dnl Check for various auth function declarations in headers. 616 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 617 passwdexpired, setauthdb], , , [#include <usersec.h>]) 618 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 619 AC_CHECK_DECLS([loginfailed], 620 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 621 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 622 [[ (void)loginfailed("user","host","tty",0); ]])], 623 [AC_MSG_RESULT([yes]) 624 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 625 [Define if your AIX loginfailed() function 626 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 627 ])], 628 [], 629 [#include <usersec.h>] 630 ) 631 AC_CHECK_FUNCS([getgrset setauthdb]) 632 AC_CHECK_DECL([F_CLOSEM], 633 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 634 [], 635 [ #include <limits.h> 636 #include <fcntl.h> ] 637 ) 638 check_for_aix_broken_getaddrinfo=1 639 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 640 [Define if your platform breaks doing a seteuid before a setuid]) 641 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 642 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 643 dnl AIX handles lastlog as part of its login message 644 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 645 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 646 [Some systems need a utmpx entry for /bin/login to work]) 647 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 648 [Define to a Set Process Title type if your system is 649 supported by bsd-setproctitle.c]) 650 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 651 [AIX 5.2 and 5.3 (and presumably newer) require this]) 652 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 653 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 654 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 655 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 656 ;; 657*-*-android*) 658 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 659 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 660 ;; 661*-*-cygwin*) 662 check_for_libcrypt_later=1 663 LIBS="$LIBS /usr/lib/textreadmode.o" 664 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 665 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 666 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 667 [Define to disable UID restoration test]) 668 AC_DEFINE([DISABLE_SHADOW], [1], 669 [Define if you want to disable shadow passwords]) 670 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 671 [Define if X11 doesn't support AF_UNIX sockets on that system]) 672 AC_DEFINE([DISABLE_FD_PASSING], [1], 673 [Define if your platform needs to skip post auth 674 file descriptor passing]) 675 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 676 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 677 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 678 # reasons which cause compile warnings, so we disable those warnings. 679 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 680 ;; 681*-*-dgux*) 682 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 683 [Define if your system choked on IP TOS setting]) 684 AC_DEFINE([SETEUID_BREAKS_SETUID]) 685 AC_DEFINE([BROKEN_SETREUID]) 686 AC_DEFINE([BROKEN_SETREGID]) 687 ;; 688*-*-darwin*) 689 use_pie=auto 690 AC_MSG_CHECKING([if we have working getaddrinfo]) 691 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 692#include <mach-o/dyld.h> 693#include <stdlib.h> 694main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 695 exit(0); 696 else 697 exit(1); 698} 699 ]])], 700 [AC_MSG_RESULT([working])], 701 [AC_MSG_RESULT([buggy]) 702 AC_DEFINE([BROKEN_GETADDRINFO], [1], 703 [getaddrinfo is broken (if present)]) 704 ], 705 [AC_MSG_RESULT([assume it is working])]) 706 AC_DEFINE([SETEUID_BREAKS_SETUID]) 707 AC_DEFINE([BROKEN_SETREUID]) 708 AC_DEFINE([BROKEN_SETREGID]) 709 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 710 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 711 [Define if your resolver libs need this for getrrsetbyname]) 712 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 713 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 714 [Use tunnel device compatibility to OpenBSD]) 715 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 716 [Prepend the address family to IP tunnel traffic]) 717 m4_pattern_allow([AU_IPv]) 718 AC_CHECK_DECL([AU_IPv4], [], 719 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 720 [#include <bsm/audit.h>] 721 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 722 [Define if pututxline updates lastlog too]) 723 ) 724 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 725 [Define to a Set Process Title type if your system is 726 supported by bsd-setproctitle.c]) 727 AC_CHECK_FUNCS([sandbox_init]) 728 AC_CHECK_HEADERS([sandbox.h]) 729 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 730 SSHDLIBS="$SSHDLIBS -lsandbox" 731 ]) 732 # proc_pidinfo()-based closefrom() replacement. 733 AC_CHECK_HEADERS([libproc.h]) 734 AC_CHECK_FUNCS([proc_pidinfo]) 735 # poll(2) is broken for character-special devices (at least). 736 # cf. Apple bug 3710161 (not public, but searchable) 737 AC_DEFINE([BROKEN_POLL], [1], 738 [System poll(2) implementation is broken]) 739 ;; 740*-*-dragonfly*) 741 SSHDLIBS="$SSHDLIBS -lcrypt" 742 TEST_MALLOC_OPTIONS="AFGJPRX" 743 ;; 744*-*-haiku*) 745 LIBS="$LIBS -lbsd " 746 CFLAGS="$CFLAGS -D_BSD_SOURCE" 747 AC_CHECK_LIB([network], [socket]) 748 AC_DEFINE([HAVE_U_INT64_T]) 749 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 750 MANTYPE=man 751 ;; 752*-*-hpux*) 753 # first we define all of the options common to all HP-UX releases 754 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 755 IPADDR_IN_DISPLAY=yes 756 AC_DEFINE([USE_PIPES]) 757 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 758 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 759 [String used in /etc/passwd to denote locked account]) 760 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 761 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 762 maildir="/var/mail" 763 LIBS="$LIBS -lsec" 764 AC_CHECK_LIB([xnet], [t_error], , 765 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 766 767 # next, we define all of the options specific to major releases 768 case "$host" in 769 *-*-hpux10*) 770 if test -z "$GCC"; then 771 CFLAGS="$CFLAGS -Ae" 772 fi 773 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 774 ;; 775 *-*-hpux11*) 776 AC_DEFINE([PAM_SUN_CODEBASE], [1], 777 [Define if you are using Solaris-derived PAM which 778 passes pam_messages to the conversation function 779 with an extra level of indirection]) 780 AC_DEFINE([DISABLE_UTMP], [1], 781 [Define if you don't want to use utmp]) 782 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 783 check_for_hpux_broken_getaddrinfo=1 784 check_for_conflicting_getspnam=1 785 ;; 786 esac 787 788 # lastly, we define options specific to minor releases 789 case "$host" in 790 *-*-hpux10.26) 791 AC_DEFINE([HAVE_SECUREWARE], [1], 792 [Define if you have SecureWare-based 793 protected password database]) 794 disable_ptmx_check=yes 795 LIBS="$LIBS -lsecpw" 796 ;; 797 esac 798 ;; 799*-*-irix5*) 800 PATH="$PATH:/usr/etc" 801 AC_DEFINE([BROKEN_INET_NTOA], [1], 802 [Define if you system's inet_ntoa is busted 803 (e.g. Irix gcc issue)]) 804 AC_DEFINE([SETEUID_BREAKS_SETUID]) 805 AC_DEFINE([BROKEN_SETREUID]) 806 AC_DEFINE([BROKEN_SETREGID]) 807 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 808 [Define if you shouldn't strip 'tty' from your 809 ttyname in [uw]tmp]) 810 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 811 ;; 812*-*-irix6*) 813 PATH="$PATH:/usr/etc" 814 AC_DEFINE([WITH_IRIX_ARRAY], [1], 815 [Define if you have/want arrays 816 (cluster-wide session management, not C arrays)]) 817 AC_DEFINE([WITH_IRIX_PROJECT], [1], 818 [Define if you want IRIX project management]) 819 AC_DEFINE([WITH_IRIX_AUDIT], [1], 820 [Define if you want IRIX audit trails]) 821 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 822 [Define if you want IRIX kernel jobs])]) 823 AC_DEFINE([BROKEN_INET_NTOA]) 824 AC_DEFINE([SETEUID_BREAKS_SETUID]) 825 AC_DEFINE([BROKEN_SETREUID]) 826 AC_DEFINE([BROKEN_SETREGID]) 827 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 828 AC_DEFINE([WITH_ABBREV_NO_TTY]) 829 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 830 ;; 831*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 832 check_for_libcrypt_later=1 833 AC_DEFINE([PAM_TTY_KLUDGE]) 834 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 835 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 836 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 837 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 838 ;; 839*-*-linux*) 840 no_dev_ptmx=1 841 use_pie=auto 842 check_for_libcrypt_later=1 843 check_for_openpty_ctty_bug=1 844 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 845 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 846 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 847 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 848 AC_DEFINE([PAM_TTY_KLUDGE], [1], 849 [Work around problematic Linux PAM modules handling of PAM_TTY]) 850 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 851 [String used in /etc/passwd to denote locked account]) 852 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 853 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 854 [Define to whatever link() returns for "not supported" 855 if it doesn't return EOPNOTSUPP.]) 856 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 857 AC_DEFINE([USE_BTMP]) 858 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 859 inet6_default_4in6=yes 860 case `uname -r` in 861 1.*|2.0.*) 862 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 863 [Define if cmsg_type is not passed correctly]) 864 ;; 865 esac 866 # tun(4) forwarding compat code 867 AC_CHECK_HEADERS([linux/if_tun.h]) 868 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 869 AC_DEFINE([SSH_TUN_LINUX], [1], 870 [Open tunnel devices the Linux tun/tap way]) 871 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 872 [Use tunnel device compatibility to OpenBSD]) 873 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 874 [Prepend the address family to IP tunnel traffic]) 875 fi 876 AC_CHECK_HEADER([linux/if.h], 877 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 878 [Support routing domains using Linux VRF]), [], [ 879#ifdef HAVE_SYS_TYPES_H 880# include <sys/types.h> 881#endif 882 ]) 883 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 884 [], [#include <linux/types.h>]) 885 # Obtain MIPS ABI 886 case "$host" in 887 mips*) 888 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 889#if _MIPS_SIM != _ABIO32 890#error 891#endif 892 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 893#if _MIPS_SIM != _ABIN32 894#error 895#endif 896 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 897#if _MIPS_SIM != _ABI64 898#error 899#endif 900 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 901 ]) 902 ]) 903 ]) 904 ;; 905 esac 906 AC_MSG_CHECKING([for seccomp architecture]) 907 seccomp_audit_arch= 908 case "$host" in 909 x86_64-*) 910 seccomp_audit_arch=AUDIT_ARCH_X86_64 911 ;; 912 i*86-*) 913 seccomp_audit_arch=AUDIT_ARCH_I386 914 ;; 915 arm*-*) 916 seccomp_audit_arch=AUDIT_ARCH_ARM 917 ;; 918 aarch64*-*) 919 seccomp_audit_arch=AUDIT_ARCH_AARCH64 920 ;; 921 s390x-*) 922 seccomp_audit_arch=AUDIT_ARCH_S390X 923 ;; 924 s390-*) 925 seccomp_audit_arch=AUDIT_ARCH_S390 926 ;; 927 powerpc64-*) 928 seccomp_audit_arch=AUDIT_ARCH_PPC64 929 ;; 930 powerpc64le-*) 931 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 932 ;; 933 mips-*) 934 seccomp_audit_arch=AUDIT_ARCH_MIPS 935 ;; 936 mipsel-*) 937 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 938 ;; 939 mips64-*) 940 case "$mips_abi" in 941 "n32") 942 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 943 ;; 944 "n64") 945 seccomp_audit_arch=AUDIT_ARCH_MIPS64 946 ;; 947 esac 948 ;; 949 mips64el-*) 950 case "$mips_abi" in 951 "n32") 952 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 953 ;; 954 "n64") 955 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 956 ;; 957 esac 958 ;; 959 riscv64-*) 960 seccomp_audit_arch=AUDIT_ARCH_RISCV64 961 ;; 962 esac 963 if test "x$seccomp_audit_arch" != "x" ; then 964 AC_MSG_RESULT(["$seccomp_audit_arch"]) 965 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 966 [Specify the system call convention in use]) 967 else 968 AC_MSG_RESULT([architecture not supported]) 969 fi 970 ;; 971*-*-minix) 972 AC_DEFINE([SETEUID_BREAKS_SETUID]) 973 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 974 AC_DEFINE([BROKEN_POLL], [1], 975 [System poll(2) implementation is broken]) 976 ;; 977mips-sony-bsd|mips-sony-newsos4) 978 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 979 SONY=1 980 ;; 981*-*-netbsd*) 982 check_for_libcrypt_before=1 983 if test "x$withval" != "xno" ; then 984 rpath_opt="-R" 985 fi 986 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 987 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 988 AC_CHECK_HEADER([net/if_tap.h], , 989 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 990 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 991 [Prepend the address family to IP tunnel traffic]) 992 TEST_MALLOC_OPTIONS="AJRX" 993 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 994 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 995 ;; 996*-*-freebsd*) 997 check_for_libcrypt_later=1 998 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 999 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1000 AC_CHECK_HEADER([net/if_tap.h], , 1001 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1002 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1003 TEST_MALLOC_OPTIONS="AJRX" 1004 # Preauth crypto occasionally uses file descriptors for crypto offload 1005 # and will crash if they cannot be opened. 1006 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1007 [define if setrlimit RLIMIT_NOFILE breaks things]) 1008 case "$host" in 1009 *-*-freebsd9.*|*-*-freebsd10.*) 1010 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1011 disable_capsicum=yes 1012 esac 1013 ;; 1014*-*-bsdi*) 1015 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1016 AC_DEFINE([BROKEN_SETREUID]) 1017 AC_DEFINE([BROKEN_SETREGID]) 1018 ;; 1019*-next-*) 1020 conf_lastlog_location="/usr/adm/lastlog" 1021 conf_utmp_location=/etc/utmp 1022 conf_wtmp_location=/usr/adm/wtmp 1023 maildir=/usr/spool/mail 1024 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1025 AC_DEFINE([USE_PIPES]) 1026 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1027 ;; 1028*-*-openbsd*) 1029 use_pie=auto 1030 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1031 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1032 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1033 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1034 [syslog_r function is safe to use in in a signal handler]) 1035 TEST_MALLOC_OPTIONS="AFGJPRX" 1036 ;; 1037*-*-solaris*) 1038 if test "x$withval" != "xno" ; then 1039 rpath_opt="-R" 1040 fi 1041 AC_DEFINE([PAM_SUN_CODEBASE]) 1042 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1043 AC_DEFINE([PAM_TTY_KLUDGE]) 1044 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1045 [Define if pam_chauthtok wants real uid set 1046 to the unpriv'ed user]) 1047 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1048 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1049 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1050 [Define if sshd somehow reacquires a controlling TTY 1051 after setsid()]) 1052 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1053 in case the name is longer than 8 chars]) 1054 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1055 external_path_file=/etc/default/login 1056 # hardwire lastlog location (can't detect it on some versions) 1057 conf_lastlog_location="/var/adm/lastlog" 1058 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1059 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1060 if test "$sol2ver" -ge 8; then 1061 AC_MSG_RESULT([yes]) 1062 AC_DEFINE([DISABLE_UTMP]) 1063 AC_DEFINE([DISABLE_WTMP], [1], 1064 [Define if you don't want to use wtmp]) 1065 else 1066 AC_MSG_RESULT([no]) 1067 fi 1068 AC_CHECK_FUNCS([setpflags]) 1069 AC_CHECK_FUNCS([setppriv]) 1070 AC_CHECK_FUNCS([priv_basicset]) 1071 AC_CHECK_HEADERS([priv.h]) 1072 AC_ARG_WITH([solaris-contracts], 1073 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1074 [ 1075 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1076 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1077 [Define if you have Solaris process contracts]) 1078 LIBS="$LIBS -lcontract" 1079 SPC_MSG="yes" ], ) 1080 ], 1081 ) 1082 AC_ARG_WITH([solaris-projects], 1083 [ --with-solaris-projects Enable Solaris projects (experimental)], 1084 [ 1085 AC_CHECK_LIB([project], [setproject], 1086 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1087 [Define if you have Solaris projects]) 1088 LIBS="$LIBS -lproject" 1089 SP_MSG="yes" ], ) 1090 ], 1091 ) 1092 AC_ARG_WITH([solaris-privs], 1093 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1094 [ 1095 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1096 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1097 "x$ac_cv_header_priv_h" = "xyes" ; then 1098 SOLARIS_PRIVS=yes 1099 AC_MSG_RESULT([found]) 1100 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1101 [Define to disable UID restoration test]) 1102 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1103 [Define if you have Solaris privileges]) 1104 SPP_MSG="yes" 1105 else 1106 AC_MSG_RESULT([not found]) 1107 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1108 fi 1109 ], 1110 ) 1111 TEST_SHELL=$SHELL # let configure find us a capable shell 1112 ;; 1113*-*-sunos4*) 1114 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1115 AC_CHECK_FUNCS([getpwanam]) 1116 AC_DEFINE([PAM_SUN_CODEBASE]) 1117 conf_utmp_location=/etc/utmp 1118 conf_wtmp_location=/var/adm/wtmp 1119 conf_lastlog_location=/var/adm/lastlog 1120 AC_DEFINE([USE_PIPES]) 1121 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1122 ;; 1123*-ncr-sysv*) 1124 LIBS="$LIBS -lc89" 1125 AC_DEFINE([USE_PIPES]) 1126 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1127 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1128 AC_DEFINE([BROKEN_SETREUID]) 1129 AC_DEFINE([BROKEN_SETREGID]) 1130 ;; 1131*-sni-sysv*) 1132 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1133 AC_CHECK_LIB([dl], [dlsym], ,) 1134 # -lresolv needs to be at the end of LIBS or DNS lookups break 1135 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1136 IPADDR_IN_DISPLAY=yes 1137 AC_DEFINE([USE_PIPES]) 1138 AC_DEFINE([IP_TOS_IS_BROKEN]) 1139 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1140 AC_DEFINE([BROKEN_SETREUID]) 1141 AC_DEFINE([BROKEN_SETREGID]) 1142 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1143 external_path_file=/etc/default/login 1144 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1145 # Attention: always take care to bind libsocket and libnsl before libc, 1146 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1147 ;; 1148# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1149*-*-sysv4.2*) 1150 AC_DEFINE([USE_PIPES]) 1151 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1152 AC_DEFINE([BROKEN_SETREUID]) 1153 AC_DEFINE([BROKEN_SETREGID]) 1154 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1155 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1156 TEST_SHELL=$SHELL # let configure find us a capable shell 1157 ;; 1158# UnixWare 7.x, OpenUNIX 8 1159*-*-sysv5*) 1160 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1161 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1162 AC_DEFINE([USE_PIPES]) 1163 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1164 AC_DEFINE([BROKEN_GETADDRINFO]) 1165 AC_DEFINE([BROKEN_SETREUID]) 1166 AC_DEFINE([BROKEN_SETREGID]) 1167 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1168 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1169 TEST_SHELL=$SHELL # let configure find us a capable shell 1170 check_for_libcrypt_later=1 1171 case "$host" in 1172 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1173 maildir=/var/spool/mail 1174 AC_DEFINE([BROKEN_UPDWTMPX]) 1175 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1176 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1177 ], , ) 1178 ;; 1179 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1180 ;; 1181 esac 1182 ;; 1183*-*-sysv*) 1184 ;; 1185# SCO UNIX and OEM versions of SCO UNIX 1186*-*-sco3.2v4*) 1187 AC_MSG_ERROR("This Platform is no longer supported.") 1188 ;; 1189# SCO OpenServer 5.x 1190*-*-sco3.2v5*) 1191 if test -z "$GCC"; then 1192 CFLAGS="$CFLAGS -belf" 1193 fi 1194 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1195 no_dev_ptmx=1 1196 AC_DEFINE([USE_PIPES]) 1197 AC_DEFINE([HAVE_SECUREWARE]) 1198 AC_DEFINE([DISABLE_SHADOW]) 1199 AC_DEFINE([DISABLE_FD_PASSING]) 1200 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1201 AC_DEFINE([BROKEN_GETADDRINFO]) 1202 AC_DEFINE([BROKEN_SETREUID]) 1203 AC_DEFINE([BROKEN_SETREGID]) 1204 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1205 AC_DEFINE([BROKEN_UPDWTMPX]) 1206 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1207 AC_CHECK_FUNCS([getluid setluid]) 1208 MANTYPE=man 1209 TEST_SHELL=$SHELL # let configure find us a capable shell 1210 SKIP_DISABLE_LASTLOG_DEFINE=yes 1211 ;; 1212*-dec-osf*) 1213 AC_MSG_CHECKING([for Digital Unix SIA]) 1214 no_osfsia="" 1215 AC_ARG_WITH([osfsia], 1216 [ --with-osfsia Enable Digital Unix SIA], 1217 [ 1218 if test "x$withval" = "xno" ; then 1219 AC_MSG_RESULT([disabled]) 1220 no_osfsia=1 1221 fi 1222 ], 1223 ) 1224 if test -z "$no_osfsia" ; then 1225 if test -f /etc/sia/matrix.conf; then 1226 AC_MSG_RESULT([yes]) 1227 AC_DEFINE([HAVE_OSF_SIA], [1], 1228 [Define if you have Digital Unix Security 1229 Integration Architecture]) 1230 AC_DEFINE([DISABLE_LOGIN], [1], 1231 [Define if you don't want to use your 1232 system's login() call]) 1233 AC_DEFINE([DISABLE_FD_PASSING]) 1234 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1235 SIA_MSG="yes" 1236 else 1237 AC_MSG_RESULT([no]) 1238 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1239 [String used in /etc/passwd to denote locked account]) 1240 fi 1241 fi 1242 AC_DEFINE([BROKEN_GETADDRINFO]) 1243 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1244 AC_DEFINE([BROKEN_SETREUID]) 1245 AC_DEFINE([BROKEN_SETREGID]) 1246 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1247 ;; 1248 1249*-*-nto-qnx*) 1250 AC_DEFINE([USE_PIPES]) 1251 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1252 AC_DEFINE([DISABLE_LASTLOG]) 1253 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1254 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1255 enable_etc_default_login=no # has incompatible /etc/default/login 1256 case "$host" in 1257 *-*-nto-qnx6*) 1258 AC_DEFINE([DISABLE_FD_PASSING]) 1259 ;; 1260 esac 1261 ;; 1262 1263*-*-ultrix*) 1264 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1265 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1266 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1267 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1268 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1269 # don't get a controlling tty. 1270 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1271 # On Ultrix some headers are not protected against multiple includes, 1272 # so we create wrappers and put it where the compiler will find it. 1273 AC_MSG_WARN([creating compat wrappers for headers]) 1274 mkdir -p netinet 1275 for header in netinet/ip.h netdb.h resolv.h; do 1276 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1277 cat >$header <<EOD 1278#ifndef _SSH_COMPAT_${name} 1279#define _SSH_COMPAT_${name} 1280#include "/usr/include/${header}" 1281#endif 1282EOD 1283 done 1284 ;; 1285 1286*-*-lynxos) 1287 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1288 AC_DEFINE([BROKEN_SETVBUF], [1], 1289 [LynxOS has broken setvbuf() implementation]) 1290 ;; 1291esac 1292 1293AC_MSG_CHECKING([compiler and flags for sanity]) 1294AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1295 [ AC_MSG_RESULT([yes]) ], 1296 [ 1297 AC_MSG_RESULT([no]) 1298 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1299 ], 1300 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1301) 1302 1303dnl Checks for header files. 1304# Checks for libraries. 1305AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1306 1307dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1308AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1309 AC_CHECK_LIB([gen], [dirname], [ 1310 AC_CACHE_CHECK([for broken dirname], 1311 ac_cv_have_broken_dirname, [ 1312 save_LIBS="$LIBS" 1313 LIBS="$LIBS -lgen" 1314 AC_RUN_IFELSE( 1315 [AC_LANG_SOURCE([[ 1316#include <libgen.h> 1317#include <string.h> 1318#include <stdlib.h> 1319 1320int main(int argc, char **argv) { 1321 char *s, buf[32]; 1322 1323 strncpy(buf,"/etc", 32); 1324 s = dirname(buf); 1325 if (!s || strncmp(s, "/", 32) != 0) { 1326 exit(1); 1327 } else { 1328 exit(0); 1329 } 1330} 1331 ]])], 1332 [ ac_cv_have_broken_dirname="no" ], 1333 [ ac_cv_have_broken_dirname="yes" ], 1334 [ ac_cv_have_broken_dirname="no" ], 1335 ) 1336 LIBS="$save_LIBS" 1337 ]) 1338 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1339 LIBS="$LIBS -lgen" 1340 AC_DEFINE([HAVE_DIRNAME]) 1341 AC_CHECK_HEADERS([libgen.h]) 1342 fi 1343 ]) 1344]) 1345 1346AC_CHECK_FUNC([getspnam], , 1347 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1348AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1349 [Define if you have the basename function.])]) 1350 1351dnl zlib defaults to enabled 1352zlib=yes 1353AC_ARG_WITH([zlib], 1354 [ --with-zlib=PATH Use zlib in PATH], 1355 [ if test "x$withval" = "xno" ; then 1356 zlib=no 1357 elif test "x$withval" != "xyes"; then 1358 if test -d "$withval/lib"; then 1359 if test -n "${rpath_opt}"; then 1360 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1361 else 1362 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1363 fi 1364 else 1365 if test -n "${rpath_opt}"; then 1366 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1367 else 1368 LDFLAGS="-L${withval} ${LDFLAGS}" 1369 fi 1370 fi 1371 if test -d "$withval/include"; then 1372 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1373 else 1374 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1375 fi 1376 fi ] 1377) 1378 1379AC_MSG_CHECKING([for zlib]) 1380if test "x${zlib}" = "xno"; then 1381 AC_MSG_RESULT([no]) 1382else 1383 AC_MSG_RESULT([yes]) 1384 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1385 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1386 AC_CHECK_LIB([z], [deflate], , 1387 [ 1388 saved_CPPFLAGS="$CPPFLAGS" 1389 saved_LDFLAGS="$LDFLAGS" 1390 save_LIBS="$LIBS" 1391 dnl Check default zlib install dir 1392 if test -n "${rpath_opt}"; then 1393 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1394 else 1395 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1396 fi 1397 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1398 LIBS="$LIBS -lz" 1399 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1400 [ 1401 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1402 ] 1403 ) 1404 ] 1405 ) 1406 1407 AC_ARG_WITH([zlib-version-check], 1408 [ --without-zlib-version-check Disable zlib version check], 1409 [ if test "x$withval" = "xno" ; then 1410 zlib_check_nonfatal=1 1411 fi 1412 ] 1413 ) 1414 1415 AC_MSG_CHECKING([for possibly buggy zlib]) 1416 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1417#include <stdio.h> 1418#include <stdlib.h> 1419#include <zlib.h> 1420 ]], 1421 [[ 1422 int a=0, b=0, c=0, d=0, n, v; 1423 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1424 if (n != 3 && n != 4) 1425 exit(1); 1426 v = a*1000000 + b*10000 + c*100 + d; 1427 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1428 1429 /* 1.1.4 is OK */ 1430 if (a == 1 && b == 1 && c >= 4) 1431 exit(0); 1432 1433 /* 1.2.3 and up are OK */ 1434 if (v >= 1020300) 1435 exit(0); 1436 1437 exit(2); 1438 ]])], 1439 AC_MSG_RESULT([no]), 1440 [ AC_MSG_RESULT([yes]) 1441 if test -z "$zlib_check_nonfatal" ; then 1442 AC_MSG_ERROR([*** zlib too old - check config.log *** 1443Your reported zlib version has known security problems. It's possible your 1444vendor has fixed these problems without changing the version number. If you 1445are sure this is the case, you can disable the check by running 1446"./configure --without-zlib-version-check". 1447If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1448See http://www.gzip.org/zlib/ for details.]) 1449 else 1450 AC_MSG_WARN([zlib version may have security problems]) 1451 fi 1452 ], 1453 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1454 ) 1455fi 1456 1457dnl UnixWare 2.x 1458AC_CHECK_FUNC([strcasecmp], 1459 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1460) 1461AC_CHECK_FUNCS([utimes], 1462 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1463 LIBS="$LIBS -lc89"]) ] 1464) 1465 1466dnl Checks for libutil functions 1467AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1468AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1469AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1470AC_SEARCH_LIBS([login], [util bsd]) 1471AC_SEARCH_LIBS([logout], [util bsd]) 1472AC_SEARCH_LIBS([logwtmp], [util bsd]) 1473AC_SEARCH_LIBS([openpty], [util bsd]) 1474AC_SEARCH_LIBS([updwtmp], [util bsd]) 1475AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1476 1477# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1478# or libnsl. 1479AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1480AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1481 1482# Some Linux distribtions ship the BSD libc hashing functions in 1483# separate libraries. 1484AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1485 1486# "Particular Function Checks" 1487# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1488AC_FUNC_STRFTIME 1489AC_FUNC_MALLOC 1490AC_FUNC_REALLOC 1491# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1492AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1493AC_RUN_IFELSE( 1494 [AC_LANG_PROGRAM( 1495 [[ #include <stdlib.h> ]], 1496 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1497 )], 1498 [ func_calloc_0_nonnull=yes ], 1499 [ func_calloc_0_nonnull=no ], 1500 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1501 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1502) 1503AC_MSG_RESULT([$func_calloc_0_nonnull]) 1504 1505if test "x$func_calloc_0_nonnull" = "xyes"; then 1506 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1507else 1508 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1509 AC_DEFINE(calloc, rpl_calloc, 1510 [Define to rpl_calloc if the replacement function should be used.]) 1511fi 1512 1513# Check for ALTDIRFUNC glob() extension 1514AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1515AC_EGREP_CPP([FOUNDIT], 1516 [ 1517 #include <glob.h> 1518 #ifdef GLOB_ALTDIRFUNC 1519 FOUNDIT 1520 #endif 1521 ], 1522 [ 1523 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1524 [Define if your system glob() function has 1525 the GLOB_ALTDIRFUNC extension]) 1526 AC_MSG_RESULT([yes]) 1527 ], 1528 [ 1529 AC_MSG_RESULT([no]) 1530 ] 1531) 1532 1533# Check for g.gl_matchc glob() extension 1534AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1535AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1536 [[ glob_t g; g.gl_matchc = 1; ]])], 1537 [ 1538 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1539 [Define if your system glob() function has 1540 gl_matchc options in glob_t]) 1541 AC_MSG_RESULT([yes]) 1542 ], [ 1543 AC_MSG_RESULT([no]) 1544]) 1545 1546# Check for g.gl_statv glob() extension 1547AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1548AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1549#ifndef GLOB_KEEPSTAT 1550#error "glob does not support GLOB_KEEPSTAT extension" 1551#endif 1552glob_t g; 1553g.gl_statv = NULL; 1554]])], 1555 [ 1556 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1557 [Define if your system glob() function has 1558 gl_statv options in glob_t]) 1559 AC_MSG_RESULT([yes]) 1560 ], [ 1561 AC_MSG_RESULT([no]) 1562 1563]) 1564 1565AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1566 1567AC_CHECK_DECL([VIS_ALL], , 1568 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1569 1570AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1571AC_RUN_IFELSE( 1572 [AC_LANG_PROGRAM([[ 1573#include <sys/types.h> 1574#include <dirent.h> 1575#include <stdlib.h> 1576 ]], 1577 [[ 1578 struct dirent d; 1579 exit(sizeof(d.d_name)<=sizeof(char)); 1580 ]])], 1581 [AC_MSG_RESULT([yes])], 1582 [ 1583 AC_MSG_RESULT([no]) 1584 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1585 [Define if your struct dirent expects you to 1586 allocate extra space for d_name]) 1587 ], 1588 [ 1589 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1590 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1591 ] 1592) 1593 1594AC_MSG_CHECKING([for /proc/pid/fd directory]) 1595if test -d "/proc/$$/fd" ; then 1596 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1597 AC_MSG_RESULT([yes]) 1598else 1599 AC_MSG_RESULT([no]) 1600fi 1601 1602# Check whether user wants TCP wrappers support 1603TCPW_MSG="no" 1604AC_ARG_WITH([tcp-wrappers], 1605 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1606 [ 1607 if test "x$withval" != "xno" ; then 1608 saved_LIBS="$LIBS" 1609 saved_LDFLAGS="$LDFLAGS" 1610 saved_CPPFLAGS="$CPPFLAGS" 1611 if test -n "${withval}" && \ 1612 test "x${withval}" != "xyes"; then 1613 if test -d "${withval}/lib"; then 1614 if test -n "${need_dash_r}"; then 1615 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1616 else 1617 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1618 fi 1619 else 1620 if test -n "${need_dash_r}"; then 1621 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1622 else 1623 LDFLAGS="-L${withval} ${LDFLAGS}" 1624 fi 1625 fi 1626 if test -d "${withval}/include"; then 1627 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1628 else 1629 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1630 fi 1631 fi 1632 LIBS="-lwrap $LIBS" 1633 AC_MSG_CHECKING([for libwrap]) 1634 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1635#include <sys/types.h> 1636#include <sys/socket.h> 1637#include <netinet/in.h> 1638#include <tcpd.h> 1639int deny_severity = 0, allow_severity = 0; 1640 ]], [[ 1641 hosts_access(0); 1642 ]])], [ 1643 AC_MSG_RESULT([yes]) 1644 AC_DEFINE([LIBWRAP], [1], 1645 [Define if you want 1646 TCP Wrappers support]) 1647 SSHDLIBS="$SSHDLIBS -lwrap" 1648 TCPW_MSG="yes" 1649 ], [ 1650 AC_MSG_ERROR([*** libwrap missing]) 1651 ]) 1652 LIBS="$saved_LIBS" 1653 fi 1654 ] 1655) 1656 1657# Check whether user wants to use ldns 1658LDNS_MSG="no" 1659AC_ARG_WITH(ldns, 1660 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1661 [ 1662 ldns="" 1663 if test "x$withval" = "xyes" ; then 1664 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1665 if test "x$LDNSCONFIG" = "xno"; then 1666 LIBS="-lldns $LIBS" 1667 ldns=yes 1668 else 1669 LIBS="$LIBS `$LDNSCONFIG --libs`" 1670 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1671 ldns=yes 1672 fi 1673 elif test "x$withval" != "xno" ; then 1674 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1675 LDFLAGS="$LDFLAGS -L${withval}/lib" 1676 LIBS="-lldns $LIBS" 1677 ldns=yes 1678 fi 1679 1680 # Verify that it works. 1681 if test "x$ldns" = "xyes" ; then 1682 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1683 LDNS_MSG="yes" 1684 AC_MSG_CHECKING([for ldns support]) 1685 AC_LINK_IFELSE( 1686 [AC_LANG_SOURCE([[ 1687#include <stdio.h> 1688#include <stdlib.h> 1689#ifdef HAVE_STDINT_H 1690# include <stdint.h> 1691#endif 1692#include <ldns/ldns.h> 1693int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1694 ]]) 1695 ], 1696 [AC_MSG_RESULT(yes)], 1697 [ 1698 AC_MSG_RESULT(no) 1699 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1700 ]) 1701 fi 1702]) 1703 1704# Check whether user wants libedit support 1705LIBEDIT_MSG="no" 1706AC_ARG_WITH([libedit], 1707 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1708 [ if test "x$withval" != "xno" ; then 1709 if test "x$withval" = "xyes" ; then 1710 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1711 if test "x$PKGCONFIG" != "xno"; then 1712 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1713 if "$PKGCONFIG" libedit; then 1714 AC_MSG_RESULT([yes]) 1715 use_pkgconfig_for_libedit=yes 1716 else 1717 AC_MSG_RESULT([no]) 1718 fi 1719 fi 1720 else 1721 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1722 if test -n "${rpath_opt}"; then 1723 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1724 else 1725 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1726 fi 1727 fi 1728 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1729 LIBEDIT=`$PKGCONFIG --libs libedit` 1730 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1731 else 1732 LIBEDIT="-ledit -lcurses" 1733 fi 1734 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1735 AC_CHECK_LIB([edit], [el_init], 1736 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1737 LIBEDIT_MSG="yes" 1738 AC_SUBST([LIBEDIT]) 1739 ], 1740 [ AC_MSG_ERROR([libedit not found]) ], 1741 [ $OTHERLIBS ] 1742 ) 1743 AC_MSG_CHECKING([if libedit version is compatible]) 1744 AC_COMPILE_IFELSE( 1745 [AC_LANG_PROGRAM([[ 1746#include <histedit.h> 1747#include <stdlib.h> 1748 ]], 1749 [[ 1750 int i = H_SETSIZE; 1751 el_init("", NULL, NULL, NULL); 1752 exit(0); 1753 ]])], 1754 [ AC_MSG_RESULT([yes]) ], 1755 [ AC_MSG_RESULT([no]) 1756 AC_MSG_ERROR([libedit version is not compatible]) ] 1757 ) 1758 fi ] 1759) 1760 1761AUDIT_MODULE=none 1762AC_ARG_WITH([audit], 1763 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1764 [ 1765 AC_MSG_CHECKING([for supported audit module]) 1766 case "$withval" in 1767 bsm) 1768 AC_MSG_RESULT([bsm]) 1769 AUDIT_MODULE=bsm 1770 dnl Checks for headers, libs and functions 1771 AC_CHECK_HEADERS([bsm/audit.h], [], 1772 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1773 [ 1774#ifdef HAVE_TIME_H 1775# include <time.h> 1776#endif 1777 ] 1778) 1779 AC_CHECK_LIB([bsm], [getaudit], [], 1780 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1781 AC_CHECK_FUNCS([getaudit], [], 1782 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1783 # These are optional 1784 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1785 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1786 if test "$sol2ver" -ge 11; then 1787 SSHDLIBS="$SSHDLIBS -lscf" 1788 AC_DEFINE([BROKEN_BSM_API], [1], 1789 [The system has incomplete BSM API]) 1790 fi 1791 ;; 1792 linux) 1793 AC_MSG_RESULT([linux]) 1794 AUDIT_MODULE=linux 1795 dnl Checks for headers, libs and functions 1796 AC_CHECK_HEADERS([libaudit.h]) 1797 SSHDLIBS="$SSHDLIBS -laudit" 1798 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1799 ;; 1800 debug) 1801 AUDIT_MODULE=debug 1802 AC_MSG_RESULT([debug]) 1803 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1804 ;; 1805 no) 1806 AC_MSG_RESULT([no]) 1807 ;; 1808 *) 1809 AC_MSG_ERROR([Unknown audit module $withval]) 1810 ;; 1811 esac ] 1812) 1813 1814AC_ARG_WITH([pie], 1815 [ --with-pie Build Position Independent Executables if possible], [ 1816 if test "x$withval" = "xno"; then 1817 use_pie=no 1818 fi 1819 if test "x$withval" = "xyes"; then 1820 use_pie=yes 1821 fi 1822 ] 1823) 1824if test "x$use_pie" = "x"; then 1825 use_pie=no 1826fi 1827if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1828 # Turn off automatic PIE when toolchain hardening is off. 1829 use_pie=no 1830fi 1831if test "x$use_pie" = "xauto"; then 1832 # Automatic PIE requires gcc >= 4.x 1833 AC_MSG_CHECKING([for gcc >= 4.x]) 1834 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1835#if !defined(__GNUC__) || __GNUC__ < 4 1836#error gcc is too old 1837#endif 1838]])], 1839 [ AC_MSG_RESULT([yes]) ], 1840 [ AC_MSG_RESULT([no]) 1841 use_pie=no ] 1842) 1843fi 1844if test "x$use_pie" != "xno"; then 1845 SAVED_CFLAGS="$CFLAGS" 1846 SAVED_LDFLAGS="$LDFLAGS" 1847 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1848 OSSH_CHECK_LDFLAG_LINK([-pie]) 1849 # We use both -fPIE and -pie or neither. 1850 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1851 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1852 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1853 AC_MSG_RESULT([yes]) 1854 else 1855 AC_MSG_RESULT([no]) 1856 CFLAGS="$SAVED_CFLAGS" 1857 LDFLAGS="$SAVED_LDFLAGS" 1858 fi 1859fi 1860 1861AC_MSG_CHECKING([whether -fPIC is accepted]) 1862SAVED_CFLAGS="$CFLAGS" 1863CFLAGS="$CFLAGS -fPIC" 1864AC_COMPILE_IFELSE( 1865 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1866 [AC_MSG_RESULT([yes]) 1867 PICFLAG="-fPIC"; ], 1868 [AC_MSG_RESULT([no]) 1869 PICFLAG=""; ]) 1870CFLAGS="$SAVED_CFLAGS" 1871AC_SUBST([PICFLAG]) 1872 1873dnl Checks for library functions. Please keep in alphabetical order 1874AC_CHECK_FUNCS([ \ 1875 auth_hostok \ 1876 auth_timeok \ 1877 Blowfish_initstate \ 1878 Blowfish_expandstate \ 1879 Blowfish_expand0state \ 1880 Blowfish_stream2word \ 1881 SHA256Update \ 1882 SHA384Update \ 1883 SHA512Update \ 1884 asprintf \ 1885 b64_ntop \ 1886 __b64_ntop \ 1887 b64_pton \ 1888 __b64_pton \ 1889 bcopy \ 1890 bcrypt_pbkdf \ 1891 bindresvport_sa \ 1892 blf_enc \ 1893 bzero \ 1894 cap_rights_limit \ 1895 clock \ 1896 closefrom \ 1897 close_range \ 1898 dirfd \ 1899 endgrent \ 1900 err \ 1901 errx \ 1902 explicit_bzero \ 1903 explicit_memset \ 1904 fchmod \ 1905 fchmodat \ 1906 fchown \ 1907 fchownat \ 1908 flock \ 1909 fnmatch \ 1910 freeaddrinfo \ 1911 freezero \ 1912 fstatfs \ 1913 fstatvfs \ 1914 futimes \ 1915 getaddrinfo \ 1916 getcwd \ 1917 getgrouplist \ 1918 getline \ 1919 getnameinfo \ 1920 getopt \ 1921 getpagesize \ 1922 getpeereid \ 1923 getpeerucred \ 1924 getpgid \ 1925 _getpty \ 1926 getrlimit \ 1927 getrandom \ 1928 getsid \ 1929 getttyent \ 1930 glob \ 1931 group_from_gid \ 1932 inet_aton \ 1933 inet_ntoa \ 1934 inet_ntop \ 1935 innetgr \ 1936 llabs \ 1937 localtime_r \ 1938 login_getcapbool \ 1939 login_getpwclass \ 1940 memmem \ 1941 memmove \ 1942 memset_s \ 1943 mkdtemp \ 1944 ngetaddrinfo \ 1945 nsleep \ 1946 ogetaddrinfo \ 1947 openlog_r \ 1948 pledge \ 1949 poll \ 1950 ppoll \ 1951 prctl \ 1952 procctl \ 1953 pselect \ 1954 pstat \ 1955 raise \ 1956 readpassphrase \ 1957 reallocarray \ 1958 realpath \ 1959 recvmsg \ 1960 recallocarray \ 1961 rresvport_af \ 1962 sendmsg \ 1963 setdtablesize \ 1964 setegid \ 1965 setenv \ 1966 seteuid \ 1967 setgroupent \ 1968 setgroups \ 1969 setlinebuf \ 1970 setlogin \ 1971 setpassent\ 1972 setpcred \ 1973 setproctitle \ 1974 setregid \ 1975 setreuid \ 1976 setrlimit \ 1977 setsid \ 1978 setvbuf \ 1979 sigaction \ 1980 sigvec \ 1981 snprintf \ 1982 socketpair \ 1983 statfs \ 1984 statvfs \ 1985 strcasestr \ 1986 strdup \ 1987 strerror \ 1988 strlcat \ 1989 strlcpy \ 1990 strmode \ 1991 strndup \ 1992 strnlen \ 1993 strnvis \ 1994 strptime \ 1995 strsignal \ 1996 strtonum \ 1997 strtoll \ 1998 strtoul \ 1999 strtoull \ 2000 swap32 \ 2001 sysconf \ 2002 tcgetpgrp \ 2003 timingsafe_bcmp \ 2004 truncate \ 2005 unsetenv \ 2006 updwtmpx \ 2007 utimensat \ 2008 user_from_uid \ 2009 usleep \ 2010 vasprintf \ 2011 vsnprintf \ 2012 waitpid \ 2013 warn \ 2014]) 2015 2016AC_CHECK_DECLS([bzero, memmem]) 2017 2018dnl Wide character support. 2019AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2020 2021TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2022AC_MSG_CHECKING([for utf8 locale support]) 2023AC_RUN_IFELSE( 2024 [AC_LANG_PROGRAM([[ 2025#include <locale.h> 2026#include <stdlib.h> 2027 ]], [[ 2028 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2029 if (loc != NULL) 2030 exit(0); 2031 exit(1); 2032 ]])], 2033 AC_MSG_RESULT(yes), 2034 [AC_MSG_RESULT(no) 2035 TEST_SSH_UTF8=no], 2036 AC_MSG_WARN([cross compiling: assuming yes]) 2037) 2038 2039AC_LINK_IFELSE( 2040 [AC_LANG_PROGRAM( 2041 [[ #include <ctype.h> ]], 2042 [[ return (isblank('a')); ]])], 2043 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2044]) 2045 2046disable_pkcs11= 2047AC_ARG_ENABLE([pkcs11], 2048 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2049 [ 2050 if test "x$enableval" = "xno" ; then 2051 disable_pkcs11=1 2052 fi 2053 ] 2054) 2055 2056disable_sk= 2057AC_ARG_ENABLE([security-key], 2058 [ --disable-security-key disable U2F/FIDO support code [no]], 2059 [ 2060 if test "x$enableval" = "xno" ; then 2061 disable_sk=1 2062 fi 2063 ] 2064) 2065enable_sk_internal= 2066AC_ARG_WITH([security-key-builtin], 2067 [ --with-security-key-builtin include builtin U2F/FIDO support], 2068 [ 2069 if test "x$withval" != "xno" ; then 2070 enable_sk_internal=yes 2071 fi 2072 ] 2073) 2074test "x$disable_sk" != "x" && enable_sk_internal="" 2075 2076AC_SEARCH_LIBS([dlopen], [dl]) 2077AC_CHECK_FUNCS([dlopen]) 2078AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2079 2080# IRIX has a const char return value for gai_strerror() 2081AC_CHECK_FUNCS([gai_strerror], [ 2082 AC_DEFINE([HAVE_GAI_STRERROR]) 2083 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2084#include <sys/types.h> 2085#include <sys/socket.h> 2086#include <netdb.h> 2087 2088const char *gai_strerror(int); 2089 ]], [[ 2090 char *str; 2091 str = gai_strerror(0); 2092 ]])], [ 2093 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2094 [Define if gai_strerror() returns const char *])], [])]) 2095 2096AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2097 [Some systems put nanosleep outside of libc])]) 2098 2099AC_SEARCH_LIBS([clock_gettime], [rt], 2100 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2101 2102dnl check if we need -D_REENTRANT for localtime_r declaration. 2103AC_CHECK_DECL([localtime_r], [], 2104 [ saved_CPPFLAGS="$CPPFLAGS" 2105 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2106 unset ac_cv_have_decl_localtime_r 2107 AC_CHECK_DECL([localtime_r], [], 2108 [ CPPFLAGS="$saved_CPPFLAGS" ], 2109 [ #include <time.h> ] 2110 ) 2111 ], 2112 [ #include <time.h> ] 2113) 2114 2115dnl Make sure prototypes are defined for these before using them. 2116AC_CHECK_DECL([strsep], 2117 [AC_CHECK_FUNCS([strsep])], 2118 [], 2119 [ 2120#ifdef HAVE_STRING_H 2121# include <string.h> 2122#endif 2123 ]) 2124 2125dnl tcsendbreak might be a macro 2126AC_CHECK_DECL([tcsendbreak], 2127 [AC_DEFINE([HAVE_TCSENDBREAK])], 2128 [AC_CHECK_FUNCS([tcsendbreak])], 2129 [#include <termios.h>] 2130) 2131 2132AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2133 2134AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2135 [ 2136#include <sys/types.h> 2137#include <sys/socket.h> 2138#include <unistd.h> 2139 ]) 2140 2141AC_CHECK_DECLS([O_NONBLOCK], , , 2142 [ 2143#include <sys/types.h> 2144#ifdef HAVE_SYS_STAT_H 2145# include <sys/stat.h> 2146#endif 2147#ifdef HAVE_FCNTL_H 2148# include <fcntl.h> 2149#endif 2150 ]) 2151 2152AC_CHECK_DECLS([readv, writev], , , [ 2153#include <sys/types.h> 2154#include <sys/uio.h> 2155#include <unistd.h> 2156 ]) 2157 2158AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2159#include <sys/param.h> 2160 ]) 2161 2162AC_CHECK_DECLS([offsetof], , , [ 2163#include <stddef.h> 2164 ]) 2165 2166# extra bits for select(2) 2167AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2168#include <sys/param.h> 2169#include <sys/types.h> 2170#ifdef HAVE_SYS_SYSMACROS_H 2171#include <sys/sysmacros.h> 2172#endif 2173#ifdef HAVE_SYS_SELECT_H 2174#include <sys/select.h> 2175#endif 2176#ifdef HAVE_SYS_TIME_H 2177#include <sys/time.h> 2178#endif 2179#ifdef HAVE_UNISTD_H 2180#include <unistd.h> 2181#endif 2182 ]]) 2183AC_CHECK_TYPES([fd_mask], [], [], [[ 2184#include <sys/param.h> 2185#include <sys/types.h> 2186#ifdef HAVE_SYS_SELECT_H 2187#include <sys/select.h> 2188#endif 2189#ifdef HAVE_SYS_TIME_H 2190#include <sys/time.h> 2191#endif 2192#ifdef HAVE_UNISTD_H 2193#include <unistd.h> 2194#endif 2195 ]]) 2196 2197AC_CHECK_FUNCS([setresuid], [ 2198 dnl Some platorms have setresuid that isn't implemented, test for this 2199 AC_MSG_CHECKING([if setresuid seems to work]) 2200 AC_RUN_IFELSE( 2201 [AC_LANG_PROGRAM([[ 2202#include <stdlib.h> 2203#include <errno.h> 2204 ]], [[ 2205 errno=0; 2206 setresuid(0,0,0); 2207 if (errno==ENOSYS) 2208 exit(1); 2209 else 2210 exit(0); 2211 ]])], 2212 [AC_MSG_RESULT([yes])], 2213 [AC_DEFINE([BROKEN_SETRESUID], [1], 2214 [Define if your setresuid() is broken]) 2215 AC_MSG_RESULT([not implemented])], 2216 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2217 ) 2218]) 2219 2220AC_CHECK_FUNCS([setresgid], [ 2221 dnl Some platorms have setresgid that isn't implemented, test for this 2222 AC_MSG_CHECKING([if setresgid seems to work]) 2223 AC_RUN_IFELSE( 2224 [AC_LANG_PROGRAM([[ 2225#include <stdlib.h> 2226#include <errno.h> 2227 ]], [[ 2228 errno=0; 2229 setresgid(0,0,0); 2230 if (errno==ENOSYS) 2231 exit(1); 2232 else 2233 exit(0); 2234 ]])], 2235 [AC_MSG_RESULT([yes])], 2236 [AC_DEFINE([BROKEN_SETRESGID], [1], 2237 [Define if your setresgid() is broken]) 2238 AC_MSG_RESULT([not implemented])], 2239 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2240 ) 2241]) 2242 2243AC_MSG_CHECKING([for working fflush(NULL)]) 2244AC_RUN_IFELSE( 2245 [AC_LANG_PROGRAM([[ 2246#include <stdio.h> 2247#include <stdlib.h> 2248 ]], 2249 [[fflush(NULL); exit(0);]])], 2250 AC_MSG_RESULT([yes]), 2251 [AC_MSG_RESULT([no]) 2252 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2253 [define if fflush(NULL) does not work])], 2254 AC_MSG_WARN([cross compiling: assuming working]) 2255) 2256 2257dnl Checks for time functions 2258AC_CHECK_FUNCS([gettimeofday time]) 2259dnl Checks for utmp functions 2260AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2261AC_CHECK_FUNCS([utmpname]) 2262dnl Checks for utmpx functions 2263AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2264AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2265dnl Checks for lastlog functions 2266AC_CHECK_FUNCS([getlastlogxbyname]) 2267 2268AC_CHECK_FUNC([daemon], 2269 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2270 [AC_CHECK_LIB([bsd], [daemon], 2271 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2272) 2273 2274AC_CHECK_FUNC([getpagesize], 2275 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2276 [Define if your libraries define getpagesize()])], 2277 [AC_CHECK_LIB([ucb], [getpagesize], 2278 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2279) 2280 2281# Check for broken snprintf 2282if test "x$ac_cv_func_snprintf" = "xyes" ; then 2283 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2284 AC_RUN_IFELSE( 2285 [AC_LANG_PROGRAM([[ 2286#include <stdio.h> 2287#include <stdlib.h> 2288 ]], 2289 [[ 2290 char b[5]; 2291 snprintf(b,5,"123456789"); 2292 exit(b[4]!='\0'); 2293 ]])], 2294 [AC_MSG_RESULT([yes])], 2295 [ 2296 AC_MSG_RESULT([no]) 2297 AC_DEFINE([BROKEN_SNPRINTF], [1], 2298 [Define if your snprintf is busted]) 2299 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2300 ], 2301 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2302 ) 2303fi 2304 2305if test "x$ac_cv_func_snprintf" = "xyes" ; then 2306 AC_MSG_CHECKING([whether snprintf understands %zu]) 2307 AC_RUN_IFELSE( 2308 [AC_LANG_PROGRAM([[ 2309#include <sys/types.h> 2310#include <stdio.h> 2311#include <stdlib.h> 2312#include <string.h> 2313 ]], 2314 [[ 2315 size_t a = 1, b = 2; 2316 char z[128]; 2317 snprintf(z, sizeof z, "%zu%zu", a, b); 2318 exit(strcmp(z, "12")); 2319 ]])], 2320 [AC_MSG_RESULT([yes])], 2321 [ 2322 AC_MSG_RESULT([no]) 2323 AC_DEFINE([BROKEN_SNPRINTF], [1], 2324 [snprintf does not understand %zu]) 2325 ], 2326 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2327 ) 2328fi 2329 2330# We depend on vsnprintf returning the right thing on overflow: the 2331# number of characters it tried to create (as per SUSv3) 2332if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2333 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2334 AC_RUN_IFELSE( 2335 [AC_LANG_PROGRAM([[ 2336#include <sys/types.h> 2337#include <stdio.h> 2338#include <stdarg.h> 2339 2340int x_snprintf(char *str, size_t count, const char *fmt, ...) 2341{ 2342 size_t ret; 2343 va_list ap; 2344 2345 va_start(ap, fmt); 2346 ret = vsnprintf(str, count, fmt, ap); 2347 va_end(ap); 2348 return ret; 2349} 2350 ]], [[ 2351char x[1]; 2352if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2353 return 1; 2354if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2355 return 1; 2356return 0; 2357 ]])], 2358 [AC_MSG_RESULT([yes])], 2359 [ 2360 AC_MSG_RESULT([no]) 2361 AC_DEFINE([BROKEN_SNPRINTF], [1], 2362 [Define if your snprintf is busted]) 2363 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2364 ], 2365 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2366 ) 2367fi 2368 2369# On systems where [v]snprintf is broken, but is declared in stdio, 2370# check that the fmt argument is const char * or just char *. 2371# This is only useful for when BROKEN_SNPRINTF 2372AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2373AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2374#include <stdio.h> 2375int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2376 ]], [[ 2377 snprintf(0, 0, 0); 2378 ]])], 2379 [AC_MSG_RESULT([yes]) 2380 AC_DEFINE([SNPRINTF_CONST], [const], 2381 [Define as const if snprintf() can declare const char *fmt])], 2382 [AC_MSG_RESULT([no]) 2383 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2384 2385# Check for missing getpeereid (or equiv) support 2386NO_PEERCHECK="" 2387if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2388 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2389 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2390#include <sys/types.h> 2391#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2392 [ AC_MSG_RESULT([yes]) 2393 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2394 ], [AC_MSG_RESULT([no]) 2395 NO_PEERCHECK=1 2396 ]) 2397fi 2398 2399dnl make sure that openpty does not reacquire controlling terminal 2400if test ! -z "$check_for_openpty_ctty_bug"; then 2401 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2402 AC_RUN_IFELSE( 2403 [AC_LANG_PROGRAM([[ 2404#include <stdio.h> 2405#include <stdlib.h> 2406#include <unistd.h> 2407#include <sys/fcntl.h> 2408#include <sys/types.h> 2409#include <sys/wait.h> 2410 ]], [[ 2411 pid_t pid; 2412 int fd, ptyfd, ttyfd, status; 2413 2414 pid = fork(); 2415 if (pid < 0) { /* failed */ 2416 exit(1); 2417 } else if (pid > 0) { /* parent */ 2418 waitpid(pid, &status, 0); 2419 if (WIFEXITED(status)) 2420 exit(WEXITSTATUS(status)); 2421 else 2422 exit(2); 2423 } else { /* child */ 2424 close(0); close(1); close(2); 2425 setsid(); 2426 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2427 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2428 if (fd >= 0) 2429 exit(3); /* Acquired ctty: broken */ 2430 else 2431 exit(0); /* Did not acquire ctty: OK */ 2432 } 2433 ]])], 2434 [ 2435 AC_MSG_RESULT([yes]) 2436 ], 2437 [ 2438 AC_MSG_RESULT([no]) 2439 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2440 ], 2441 [ 2442 AC_MSG_RESULT([cross-compiling, assuming yes]) 2443 ] 2444 ) 2445fi 2446 2447if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2448 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2449 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2450 AC_RUN_IFELSE( 2451 [AC_LANG_PROGRAM([[ 2452#include <stdio.h> 2453#include <stdlib.h> 2454#include <sys/socket.h> 2455#include <netdb.h> 2456#include <errno.h> 2457#include <netinet/in.h> 2458 2459#define TEST_PORT "2222" 2460 ]], [[ 2461 int err, sock; 2462 struct addrinfo *gai_ai, *ai, hints; 2463 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2464 2465 memset(&hints, 0, sizeof(hints)); 2466 hints.ai_family = PF_UNSPEC; 2467 hints.ai_socktype = SOCK_STREAM; 2468 hints.ai_flags = AI_PASSIVE; 2469 2470 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2471 if (err != 0) { 2472 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2473 exit(1); 2474 } 2475 2476 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2477 if (ai->ai_family != AF_INET6) 2478 continue; 2479 2480 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2481 sizeof(ntop), strport, sizeof(strport), 2482 NI_NUMERICHOST|NI_NUMERICSERV); 2483 2484 if (err != 0) { 2485 if (err == EAI_SYSTEM) 2486 perror("getnameinfo EAI_SYSTEM"); 2487 else 2488 fprintf(stderr, "getnameinfo failed: %s\n", 2489 gai_strerror(err)); 2490 exit(2); 2491 } 2492 2493 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2494 if (sock < 0) 2495 perror("socket"); 2496 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2497 if (errno == EBADF) 2498 exit(3); 2499 } 2500 } 2501 exit(0); 2502 ]])], 2503 [ 2504 AC_MSG_RESULT([yes]) 2505 ], 2506 [ 2507 AC_MSG_RESULT([no]) 2508 AC_DEFINE([BROKEN_GETADDRINFO]) 2509 ], 2510 [ 2511 AC_MSG_RESULT([cross-compiling, assuming yes]) 2512 ] 2513 ) 2514fi 2515 2516if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2517 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2518 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2519 AC_RUN_IFELSE( 2520 [AC_LANG_PROGRAM([[ 2521#include <stdio.h> 2522#include <stdlib.h> 2523#include <sys/socket.h> 2524#include <netdb.h> 2525#include <errno.h> 2526#include <netinet/in.h> 2527 2528#define TEST_PORT "2222" 2529 ]], [[ 2530 int err, sock; 2531 struct addrinfo *gai_ai, *ai, hints; 2532 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2533 2534 memset(&hints, 0, sizeof(hints)); 2535 hints.ai_family = PF_UNSPEC; 2536 hints.ai_socktype = SOCK_STREAM; 2537 hints.ai_flags = AI_PASSIVE; 2538 2539 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2540 if (err != 0) { 2541 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2542 exit(1); 2543 } 2544 2545 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2546 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2547 continue; 2548 2549 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2550 sizeof(ntop), strport, sizeof(strport), 2551 NI_NUMERICHOST|NI_NUMERICSERV); 2552 2553 if (ai->ai_family == AF_INET && err != 0) { 2554 perror("getnameinfo"); 2555 exit(2); 2556 } 2557 } 2558 exit(0); 2559 ]])], 2560 [ 2561 AC_MSG_RESULT([yes]) 2562 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2563 [Define if you have a getaddrinfo that fails 2564 for the all-zeros IPv6 address]) 2565 ], 2566 [ 2567 AC_MSG_RESULT([no]) 2568 AC_DEFINE([BROKEN_GETADDRINFO]) 2569 ], 2570 [ 2571 AC_MSG_RESULT([cross-compiling, assuming no]) 2572 ] 2573 ) 2574fi 2575 2576if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2577 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2578 [#include <sys/types.h> 2579 #include <sys/socket.h> 2580 #include <netdb.h>]) 2581fi 2582 2583if test "x$check_for_conflicting_getspnam" = "x1"; then 2584 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2586#include <shadow.h> 2587#include <stdlib.h> 2588 ]], 2589 [[ exit(0); ]])], 2590 [ 2591 AC_MSG_RESULT([no]) 2592 ], 2593 [ 2594 AC_MSG_RESULT([yes]) 2595 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2596 [Conflicting defs for getspnam]) 2597 ] 2598 ) 2599fi 2600 2601dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2602dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2603dnl for over ten years). Despite this incompatibility being reported during 2604dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2605dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2606dnl implementation. Try to detect this mess, and assume the only safe option 2607dnl if we're cross compiling. 2608dnl 2609dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2610dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2611if test "x$ac_cv_func_strnvis" = "xyes"; then 2612 AC_MSG_CHECKING([for working strnvis]) 2613 AC_RUN_IFELSE( 2614 [AC_LANG_PROGRAM([[ 2615#include <signal.h> 2616#include <stdlib.h> 2617#include <string.h> 2618#include <unistd.h> 2619#include <vis.h> 2620static void sighandler(int sig) { _exit(1); } 2621 ]], [[ 2622 char dst[16]; 2623 2624 signal(SIGSEGV, sighandler); 2625 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2626 exit(0); 2627 exit(1) 2628 ]])], 2629 [AC_MSG_RESULT([yes])], 2630 [AC_MSG_RESULT([no]) 2631 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2632 [AC_MSG_WARN([cross compiling: assuming broken]) 2633 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2634 ) 2635fi 2636 2637AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2638AC_RUN_IFELSE( 2639 [AC_LANG_PROGRAM([[ 2640#ifdef HAVE_SYS_SELECT 2641# include <sys/select.h> 2642#endif 2643#include <sys/types.h> 2644#include <sys/time.h> 2645#include <stdlib.h> 2646#include <signal.h> 2647#include <unistd.h> 2648static void sighandler(int sig) { } 2649 ]], [[ 2650 int r; 2651 pid_t pid; 2652 struct sigaction sa; 2653 2654 sa.sa_handler = sighandler; 2655 sa.sa_flags = SA_RESTART; 2656 (void)sigaction(SIGTERM, &sa, NULL); 2657 if ((pid = fork()) == 0) { /* child */ 2658 pid = getppid(); 2659 sleep(1); 2660 kill(pid, SIGTERM); 2661 sleep(1); 2662 if (getppid() == pid) /* if parent did not exit, shoot it */ 2663 kill(pid, SIGKILL); 2664 exit(0); 2665 } else { /* parent */ 2666 r = select(0, NULL, NULL, NULL, NULL); 2667 } 2668 exit(r == -1 ? 0 : 1); 2669 ]])], 2670 [AC_MSG_RESULT([yes])], 2671 [AC_MSG_RESULT([no]) 2672 AC_DEFINE([NO_SA_RESTART], [1], 2673 [SA_RESTARTed signals do no interrupt select])], 2674 [AC_MSG_WARN([cross compiling: assuming yes])] 2675) 2676 2677AC_CHECK_FUNCS([getpgrp],[ 2678 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2679 AC_COMPILE_IFELSE( 2680 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2681 [ AC_MSG_RESULT([yes]) 2682 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2683 [ AC_MSG_RESULT([no]) 2684 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2685 ) 2686]) 2687 2688# Search for OpenSSL 2689saved_CPPFLAGS="$CPPFLAGS" 2690saved_LDFLAGS="$LDFLAGS" 2691AC_ARG_WITH([ssl-dir], 2692 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2693 [ 2694 if test "x$openssl" = "xno" ; then 2695 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2696 fi 2697 if test "x$withval" != "xno" ; then 2698 case "$withval" in 2699 # Relative paths 2700 ./*|../*) withval="`pwd`/$withval" 2701 esac 2702 if test -d "$withval/lib"; then 2703 libcrypto_path="${withval}/lib" 2704 elif test -d "$withval/lib64"; then 2705 libcrypto_path="$withval/lib64" 2706 else 2707 # Built but not installed 2708 libcrypto_path="${withval}" 2709 fi 2710 if test -n "${rpath_opt}"; then 2711 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2712 else 2713 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2714 fi 2715 if test -d "$withval/include"; then 2716 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2717 else 2718 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2719 fi 2720 fi 2721 ] 2722) 2723 2724AC_ARG_WITH([openssl-header-check], 2725 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2726 [ 2727 if test "x$withval" = "xno" ; then 2728 openssl_check_nonfatal=1 2729 fi 2730 ] 2731) 2732 2733openssl_engine=no 2734AC_ARG_WITH([ssl-engine], 2735 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2736 [ 2737 if test "x$withval" != "xno" ; then 2738 if test "x$openssl" = "xno" ; then 2739 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2740 fi 2741 openssl_engine=yes 2742 fi 2743 ] 2744) 2745 2746if test "x$openssl" = "xyes" ; then 2747 LIBS="-lcrypto $LIBS" 2748 AC_TRY_LINK_FUNC([RAND_add], , 2749 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2750 AC_CHECK_HEADER([openssl/opensslv.h], , 2751 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2752 2753 # Determine OpenSSL header version 2754 AC_MSG_CHECKING([OpenSSL header version]) 2755 AC_RUN_IFELSE( 2756 [AC_LANG_PROGRAM([[ 2757 #include <stdlib.h> 2758 #include <stdio.h> 2759 #include <string.h> 2760 #include <openssl/opensslv.h> 2761 #define DATA "conftest.sslincver" 2762 ]], [[ 2763 FILE *fd; 2764 int rc; 2765 2766 fd = fopen(DATA,"w"); 2767 if(fd == NULL) 2768 exit(1); 2769 2770 if ((rc = fprintf(fd, "%08lx (%s)\n", 2771 (unsigned long)OPENSSL_VERSION_NUMBER, 2772 OPENSSL_VERSION_TEXT)) < 0) 2773 exit(1); 2774 2775 exit(0); 2776 ]])], 2777 [ 2778 ssl_header_ver=`cat conftest.sslincver` 2779 AC_MSG_RESULT([$ssl_header_ver]) 2780 ], 2781 [ 2782 AC_MSG_RESULT([not found]) 2783 AC_MSG_ERROR([OpenSSL version header not found.]) 2784 ], 2785 [ 2786 AC_MSG_WARN([cross compiling: not checking]) 2787 ] 2788 ) 2789 2790 # Determining OpenSSL library version is version dependent. 2791 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2792 2793 # Determine OpenSSL library version 2794 AC_MSG_CHECKING([OpenSSL library version]) 2795 AC_RUN_IFELSE( 2796 [AC_LANG_PROGRAM([[ 2797 #include <stdio.h> 2798 #include <stdlib.h> 2799 #include <string.h> 2800 #include <openssl/opensslv.h> 2801 #include <openssl/crypto.h> 2802 #define DATA "conftest.ssllibver" 2803 ]], [[ 2804 FILE *fd; 2805 int rc; 2806 2807 fd = fopen(DATA,"w"); 2808 if(fd == NULL) 2809 exit(1); 2810#ifndef OPENSSL_VERSION 2811# define OPENSSL_VERSION SSLEAY_VERSION 2812#endif 2813#ifndef HAVE_OPENSSL_VERSION 2814# define OpenSSL_version SSLeay_version 2815#endif 2816#ifndef HAVE_OPENSSL_VERSION_NUM 2817# define OpenSSL_version_num SSLeay 2818#endif 2819 if ((rc = fprintf(fd, "%08lx (%s)\n", 2820 (unsigned long)OpenSSL_version_num(), 2821 OpenSSL_version(OPENSSL_VERSION))) < 0) 2822 exit(1); 2823 2824 exit(0); 2825 ]])], 2826 [ 2827 ssl_library_ver=`cat conftest.ssllibver` 2828 # Check version is supported. 2829 case "$ssl_library_ver" in 2830 10000*|0*) 2831 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2832 ;; 2833 100*) ;; # 1.0.x 2834 101000[[0123456]]*) 2835 # https://github.com/openssl/openssl/pull/4613 2836 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2837 ;; 2838 101*) ;; # 1.1.x 2839 200*) ;; # LibreSSL 2840 300*) ;; # OpenSSL 3 2841 301*) ;; # OpenSSL development branch. 2842 *) 2843 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2844 ;; 2845 esac 2846 AC_MSG_RESULT([$ssl_library_ver]) 2847 ], 2848 [ 2849 AC_MSG_RESULT([not found]) 2850 AC_MSG_ERROR([OpenSSL library not found.]) 2851 ], 2852 [ 2853 AC_MSG_WARN([cross compiling: not checking]) 2854 ] 2855 ) 2856 2857 # Sanity check OpenSSL headers 2858 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2859 AC_RUN_IFELSE( 2860 [AC_LANG_PROGRAM([[ 2861 #include <stdlib.h> 2862 #include <string.h> 2863 #include <openssl/opensslv.h> 2864 #include <openssl/crypto.h> 2865 ]], [[ 2866#ifndef HAVE_OPENSSL_VERSION_NUM 2867# define OpenSSL_version_num SSLeay 2868#endif 2869 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2870 ]])], 2871 [ 2872 AC_MSG_RESULT([yes]) 2873 ], 2874 [ 2875 AC_MSG_RESULT([no]) 2876 if test "x$openssl_check_nonfatal" = "x"; then 2877 AC_MSG_ERROR([Your OpenSSL headers do not match your 2878 library. Check config.log for details. 2879 If you are sure your installation is consistent, you can disable the check 2880 by running "./configure --without-openssl-header-check". 2881 Also see contrib/findssl.sh for help identifying header/library mismatches. 2882 ]) 2883 else 2884 AC_MSG_WARN([Your OpenSSL headers do not match your 2885 library. Check config.log for details. 2886 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2887 fi 2888 ], 2889 [ 2890 AC_MSG_WARN([cross compiling: not checking]) 2891 ] 2892 ) 2893 2894 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2895 AC_LINK_IFELSE( 2896 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2897 [[ ERR_load_crypto_strings(); ]])], 2898 [ 2899 AC_MSG_RESULT([yes]) 2900 ], 2901 [ 2902 AC_MSG_RESULT([no]) 2903 saved_LIBS="$LIBS" 2904 LIBS="$LIBS -ldl" 2905 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2906 AC_LINK_IFELSE( 2907 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2908 [[ ERR_load_crypto_strings(); ]])], 2909 [ 2910 AC_MSG_RESULT([yes]) 2911 ], 2912 [ 2913 AC_MSG_RESULT([no]) 2914 LIBS="$saved_LIBS" 2915 ] 2916 ) 2917 ] 2918 ) 2919 2920 AC_CHECK_FUNCS([ \ 2921 BN_is_prime_ex \ 2922 DSA_generate_parameters_ex \ 2923 EVP_CIPHER_CTX_ctrl \ 2924 EVP_DigestFinal_ex \ 2925 EVP_DigestInit_ex \ 2926 EVP_MD_CTX_cleanup \ 2927 EVP_MD_CTX_copy_ex \ 2928 EVP_MD_CTX_init \ 2929 HMAC_CTX_init \ 2930 RSA_generate_key_ex \ 2931 RSA_get_default_method \ 2932 ]) 2933 2934 # OpenSSL_add_all_algorithms may be a macro. 2935 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2936 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2937 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2938 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2939 [[#include <openssl/evp.h>]] 2940 ) 2941 ) 2942 2943 # LibreSSL/OpenSSL 1.1x API 2944 AC_CHECK_FUNCS([ \ 2945 OPENSSL_init_crypto \ 2946 DH_get0_key \ 2947 DH_get0_pqg \ 2948 DH_set0_key \ 2949 DH_set_length \ 2950 DH_set0_pqg \ 2951 DSA_get0_key \ 2952 DSA_get0_pqg \ 2953 DSA_set0_key \ 2954 DSA_set0_pqg \ 2955 DSA_SIG_get0 \ 2956 DSA_SIG_set0 \ 2957 ECDSA_SIG_get0 \ 2958 ECDSA_SIG_set0 \ 2959 EVP_CIPHER_CTX_iv \ 2960 EVP_CIPHER_CTX_iv_noconst \ 2961 EVP_CIPHER_CTX_get_iv \ 2962 EVP_CIPHER_CTX_get_updated_iv \ 2963 EVP_CIPHER_CTX_set_iv \ 2964 RSA_get0_crt_params \ 2965 RSA_get0_factors \ 2966 RSA_get0_key \ 2967 RSA_set0_crt_params \ 2968 RSA_set0_factors \ 2969 RSA_set0_key \ 2970 RSA_meth_free \ 2971 RSA_meth_dup \ 2972 RSA_meth_set1_name \ 2973 RSA_meth_get_finish \ 2974 RSA_meth_set_priv_enc \ 2975 RSA_meth_set_priv_dec \ 2976 RSA_meth_set_finish \ 2977 EVP_PKEY_get0_RSA \ 2978 EVP_MD_CTX_new \ 2979 EVP_MD_CTX_free \ 2980 EVP_chacha20 \ 2981 ]) 2982 2983 if test "x$openssl_engine" = "xyes" ; then 2984 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2985 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2986 #include <openssl/engine.h> 2987 ]], [[ 2988 ENGINE_load_builtin_engines(); 2989 ENGINE_register_all_complete(); 2990 ]])], 2991 [ AC_MSG_RESULT([yes]) 2992 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2993 [Enable OpenSSL engine support]) 2994 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2995 ]) 2996 fi 2997 2998 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2999 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 3000 AC_LINK_IFELSE( 3001 [AC_LANG_PROGRAM([[ 3002 #include <stdlib.h> 3003 #include <string.h> 3004 #include <openssl/evp.h> 3005 ]], [[ 3006 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3007 ]])], 3008 [ 3009 AC_MSG_RESULT([no]) 3010 ], 3011 [ 3012 AC_MSG_RESULT([yes]) 3013 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3014 [libcrypto is missing AES 192 and 256 bit functions]) 3015 ] 3016 ) 3017 3018 # Check for OpenSSL with EVP_aes_*ctr 3019 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 3020 AC_LINK_IFELSE( 3021 [AC_LANG_PROGRAM([[ 3022 #include <stdlib.h> 3023 #include <string.h> 3024 #include <openssl/evp.h> 3025 ]], [[ 3026 exit(EVP_aes_128_ctr() == NULL || 3027 EVP_aes_192_cbc() == NULL || 3028 EVP_aes_256_cbc() == NULL); 3029 ]])], 3030 [ 3031 AC_MSG_RESULT([yes]) 3032 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 3033 [libcrypto has EVP AES CTR]) 3034 ], 3035 [ 3036 AC_MSG_RESULT([no]) 3037 ] 3038 ) 3039 3040 # Check for OpenSSL with EVP_aes_*gcm 3041 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 3042 AC_LINK_IFELSE( 3043 [AC_LANG_PROGRAM([[ 3044 #include <stdlib.h> 3045 #include <string.h> 3046 #include <openssl/evp.h> 3047 ]], [[ 3048 exit(EVP_aes_128_gcm() == NULL || 3049 EVP_aes_256_gcm() == NULL || 3050 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 3051 EVP_CTRL_GCM_IV_GEN == 0 || 3052 EVP_CTRL_GCM_SET_TAG == 0 || 3053 EVP_CTRL_GCM_GET_TAG == 0 || 3054 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 3055 ]])], 3056 [ 3057 AC_MSG_RESULT([yes]) 3058 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 3059 [libcrypto has EVP AES GCM]) 3060 ], 3061 [ 3062 AC_MSG_RESULT([no]) 3063 unsupported_algorithms="$unsupported_cipers \ 3064 aes128-gcm@openssh.com \ 3065 aes256-gcm@openssh.com" 3066 ] 3067 ) 3068 3069 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3070 AC_LINK_IFELSE( 3071 [AC_LANG_PROGRAM([[ 3072 #include <stdlib.h> 3073 #include <string.h> 3074 #include <openssl/evp.h> 3075 ]], [[ 3076 if(EVP_DigestUpdate(NULL, NULL,0)) 3077 exit(0); 3078 ]])], 3079 [ 3080 AC_MSG_RESULT([yes]) 3081 ], 3082 [ 3083 AC_MSG_RESULT([no]) 3084 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3085 [Define if EVP_DigestUpdate returns void]) 3086 ] 3087 ) 3088 3089 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 3090 # because the system crypt() is more featureful. 3091 if test "x$check_for_libcrypt_before" = "x1"; then 3092 AC_CHECK_LIB([crypt], [crypt]) 3093 fi 3094 3095 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 3096 # version in OpenSSL. 3097 if test "x$check_for_libcrypt_later" = "x1"; then 3098 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3099 fi 3100 AC_CHECK_FUNCS([crypt DES_crypt]) 3101 3102 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3103 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3104 3105 # Check complete ECC support in OpenSSL 3106 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3107 AC_LINK_IFELSE( 3108 [AC_LANG_PROGRAM([[ 3109 #include <openssl/ec.h> 3110 #include <openssl/ecdh.h> 3111 #include <openssl/ecdsa.h> 3112 #include <openssl/evp.h> 3113 #include <openssl/objects.h> 3114 #include <openssl/opensslv.h> 3115 ]], [[ 3116 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3117 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3118 ]])], 3119 [ AC_MSG_RESULT([yes]) 3120 enable_nistp256=1 ], 3121 [ AC_MSG_RESULT([no]) ] 3122 ) 3123 3124 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3125 AC_LINK_IFELSE( 3126 [AC_LANG_PROGRAM([[ 3127 #include <openssl/ec.h> 3128 #include <openssl/ecdh.h> 3129 #include <openssl/ecdsa.h> 3130 #include <openssl/evp.h> 3131 #include <openssl/objects.h> 3132 #include <openssl/opensslv.h> 3133 ]], [[ 3134 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3135 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3136 ]])], 3137 [ AC_MSG_RESULT([yes]) 3138 enable_nistp384=1 ], 3139 [ AC_MSG_RESULT([no]) ] 3140 ) 3141 3142 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3143 AC_LINK_IFELSE( 3144 [AC_LANG_PROGRAM([[ 3145 #include <openssl/ec.h> 3146 #include <openssl/ecdh.h> 3147 #include <openssl/ecdsa.h> 3148 #include <openssl/evp.h> 3149 #include <openssl/objects.h> 3150 #include <openssl/opensslv.h> 3151 ]], [[ 3152 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3153 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3154 ]])], 3155 [ AC_MSG_RESULT([yes]) 3156 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3157 AC_RUN_IFELSE( 3158 [AC_LANG_PROGRAM([[ 3159 #include <stdlib.h> 3160 #include <openssl/ec.h> 3161 #include <openssl/ecdh.h> 3162 #include <openssl/ecdsa.h> 3163 #include <openssl/evp.h> 3164 #include <openssl/objects.h> 3165 #include <openssl/opensslv.h> 3166 ]],[[ 3167 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3168 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3169 exit(e == NULL || m == NULL); 3170 ]])], 3171 [ AC_MSG_RESULT([yes]) 3172 enable_nistp521=1 ], 3173 [ AC_MSG_RESULT([no]) ], 3174 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3175 enable_nistp521=1 ] 3176 )], 3177 AC_MSG_RESULT([no]) 3178 ) 3179 3180 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3181 test x$enable_nistp521 = x1; then 3182 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3183 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3184 openssl_ecc=yes 3185 else 3186 openssl_ecc=no 3187 fi 3188 if test x$enable_nistp256 = x1; then 3189 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3190 [libcrypto has NID_X9_62_prime256v1]) 3191 else 3192 unsupported_algorithms="$unsupported_algorithms \ 3193 ecdsa-sha2-nistp256 \ 3194 ecdh-sha2-nistp256 \ 3195 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3196 fi 3197 if test x$enable_nistp384 = x1; then 3198 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3199 else 3200 unsupported_algorithms="$unsupported_algorithms \ 3201 ecdsa-sha2-nistp384 \ 3202 ecdh-sha2-nistp384 \ 3203 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3204 fi 3205 if test x$enable_nistp521 = x1; then 3206 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3207 else 3208 unsupported_algorithms="$unsupported_algorithms \ 3209 ecdh-sha2-nistp521 \ 3210 ecdsa-sha2-nistp521 \ 3211 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3212 fi 3213 3214else 3215 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3216 AC_CHECK_FUNCS([crypt]) 3217fi 3218 3219# PKCS11/U2F depend on OpenSSL and dlopen(). 3220enable_pkcs11=yes 3221enable_sk=yes 3222if test "x$openssl" != "xyes" ; then 3223 enable_pkcs11="disabled; missing libcrypto" 3224fi 3225if test "x$ac_cv_func_dlopen" != "xyes" ; then 3226 enable_pkcs11="disabled; missing dlopen(3)" 3227 enable_sk="disabled; missing dlopen(3)" 3228fi 3229if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3230 enable_pkcs11="disabled; missing RTLD_NOW" 3231 enable_sk="disabled; missing RTLD_NOW" 3232fi 3233if test ! -z "$disable_pkcs11" ; then 3234 enable_pkcs11="disabled by user" 3235fi 3236if test ! -z "$disable_sk" ; then 3237 enable_sk="disabled by user" 3238fi 3239 3240AC_MSG_CHECKING([whether to enable PKCS11]) 3241if test "x$enable_pkcs11" = "xyes" ; then 3242 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3243fi 3244AC_MSG_RESULT([$enable_pkcs11]) 3245 3246AC_MSG_CHECKING([whether to enable U2F]) 3247if test "x$enable_sk" = "xyes" ; then 3248 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3249 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3250else 3251 # Do not try to build sk-dummy library. 3252 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3253fi 3254AC_MSG_RESULT([$enable_sk]) 3255 3256# Now check for built-in security key support. 3257if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3258 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3259 use_pkgconfig_for_libfido2= 3260 if test "x$PKGCONFIG" != "xno"; then 3261 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3262 if "$PKGCONFIG" libfido2; then 3263 AC_MSG_RESULT([yes]) 3264 use_pkgconfig_for_libfido2=yes 3265 else 3266 AC_MSG_RESULT([no]) 3267 fi 3268 fi 3269 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3270 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3271 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3272 else 3273 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3274 fi 3275 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3276 AC_CHECK_LIB([privatefido2], [fido_init], 3277 [ 3278 AC_SUBST([LIBFIDO2]) 3279 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3280 [Enable for built-in U2F/FIDO support]) 3281 enable_sk="built-in" 3282 ], [ AC_MSG_ERROR([no usable libprivatefido2 found]) ], 3283 [ $OTHERLIBS ] 3284 ) 3285 saved_LIBS="$LIBS" 3286 LIBS="$LIBS $LIBFIDO2" 3287 AC_CHECK_FUNCS([ \ 3288 fido_assert_set_clientdata \ 3289 fido_cred_prot \ 3290 fido_cred_set_prot \ 3291 fido_cred_set_clientdata \ 3292 fido_dev_get_touch_begin \ 3293 fido_dev_get_touch_status \ 3294 fido_dev_supports_cred_prot \ 3295 ]) 3296 LIBS="$saved_LIBS" 3297 AC_CHECK_HEADER([fido.h], [], 3298 AC_MSG_ERROR([missing fido.h from libfido2])) 3299 AC_CHECK_HEADER([fido/credman.h], [], 3300 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3301 [#include <fido.h>] 3302 ) 3303fi 3304 3305AC_CHECK_FUNCS([ \ 3306 arc4random \ 3307 arc4random_buf \ 3308 arc4random_stir \ 3309 arc4random_uniform \ 3310]) 3311 3312saved_LIBS="$LIBS" 3313AC_CHECK_LIB([iaf], [ia_openinfo], [ 3314 LIBS="$LIBS -liaf" 3315 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3316 AC_DEFINE([HAVE_LIBIAF], [1], 3317 [Define if system has libiaf that supports set_id]) 3318 ]) 3319]) 3320LIBS="$saved_LIBS" 3321 3322### Configure cryptographic random number support 3323 3324# Check whether OpenSSL seeds itself 3325if test "x$openssl" = "xyes" ; then 3326 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3327 AC_RUN_IFELSE( 3328 [AC_LANG_PROGRAM([[ 3329 #include <stdlib.h> 3330 #include <string.h> 3331 #include <openssl/rand.h> 3332 ]], [[ 3333 exit(RAND_status() == 1 ? 0 : 1); 3334 ]])], 3335 [ 3336 OPENSSL_SEEDS_ITSELF=yes 3337 AC_MSG_RESULT([yes]) 3338 ], 3339 [ 3340 AC_MSG_RESULT([no]) 3341 ], 3342 [ 3343 AC_MSG_WARN([cross compiling: assuming yes]) 3344 # This is safe, since we will fatal() at runtime if 3345 # OpenSSL is not seeded correctly. 3346 OPENSSL_SEEDS_ITSELF=yes 3347 ] 3348 ) 3349fi 3350 3351# PRNGD TCP socket 3352AC_ARG_WITH([prngd-port], 3353 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3354 [ 3355 case "$withval" in 3356 no) 3357 withval="" 3358 ;; 3359 [[0-9]]*) 3360 ;; 3361 *) 3362 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3363 ;; 3364 esac 3365 if test ! -z "$withval" ; then 3366 PRNGD_PORT="$withval" 3367 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3368 [Port number of PRNGD/EGD random number socket]) 3369 fi 3370 ] 3371) 3372 3373# PRNGD Unix domain socket 3374AC_ARG_WITH([prngd-socket], 3375 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3376 [ 3377 case "$withval" in 3378 yes) 3379 withval="/var/run/egd-pool" 3380 ;; 3381 no) 3382 withval="" 3383 ;; 3384 /*) 3385 ;; 3386 *) 3387 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3388 ;; 3389 esac 3390 3391 if test ! -z "$withval" ; then 3392 if test ! -z "$PRNGD_PORT" ; then 3393 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3394 fi 3395 if test ! -r "$withval" ; then 3396 AC_MSG_WARN([Entropy socket is not readable]) 3397 fi 3398 PRNGD_SOCKET="$withval" 3399 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3400 [Location of PRNGD/EGD random number socket]) 3401 fi 3402 ], 3403 [ 3404 # Check for existing socket only if we don't have a random device already 3405 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3406 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3407 # Insert other locations here 3408 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3409 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3410 PRNGD_SOCKET="$sock" 3411 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3412 break; 3413 fi 3414 done 3415 if test ! -z "$PRNGD_SOCKET" ; then 3416 AC_MSG_RESULT([$PRNGD_SOCKET]) 3417 else 3418 AC_MSG_RESULT([not found]) 3419 fi 3420 fi 3421 ] 3422) 3423 3424# Which randomness source do we use? 3425if test ! -z "$PRNGD_PORT" ; then 3426 RAND_MSG="PRNGd port $PRNGD_PORT" 3427elif test ! -z "$PRNGD_SOCKET" ; then 3428 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3429elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3430 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3431 [Define if you want the OpenSSL internally seeded PRNG only]) 3432 RAND_MSG="OpenSSL internal ONLY" 3433elif test "x$openssl" = "xno" ; then 3434 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3435else 3436 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3437fi 3438 3439# Check for PAM libs 3440PAM_MSG="no" 3441AC_ARG_WITH([pam], 3442 [ --with-pam Enable PAM support ], 3443 [ 3444 if test "x$withval" != "xno" ; then 3445 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3446 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3447 AC_MSG_ERROR([PAM headers not found]) 3448 fi 3449 3450 saved_LIBS="$LIBS" 3451 AC_CHECK_LIB([dl], [dlopen], , ) 3452 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3453 AC_CHECK_FUNCS([pam_getenvlist]) 3454 AC_CHECK_FUNCS([pam_putenv]) 3455 LIBS="$saved_LIBS" 3456 3457 PAM_MSG="yes" 3458 3459 SSHDLIBS="$SSHDLIBS -lpam" 3460 AC_DEFINE([USE_PAM], [1], 3461 [Define if you want to enable PAM support]) 3462 3463 if test $ac_cv_lib_dl_dlopen = yes; then 3464 case "$LIBS" in 3465 *-ldl*) 3466 # libdl already in LIBS 3467 ;; 3468 *) 3469 SSHDLIBS="$SSHDLIBS -ldl" 3470 ;; 3471 esac 3472 fi 3473 fi 3474 ] 3475) 3476 3477AC_ARG_WITH([pam-service], 3478 [ --with-pam-service=name Specify PAM service name ], 3479 [ 3480 if test "x$withval" != "xno" && \ 3481 test "x$withval" != "xyes" ; then 3482 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3483 ["$withval"], [sshd PAM service name]) 3484 fi 3485 ] 3486) 3487 3488# Check for older PAM 3489if test "x$PAM_MSG" = "xyes" ; then 3490 # Check PAM strerror arguments (old PAM) 3491 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3493#include <stdlib.h> 3494#if defined(HAVE_SECURITY_PAM_APPL_H) 3495#include <security/pam_appl.h> 3496#elif defined (HAVE_PAM_PAM_APPL_H) 3497#include <pam/pam_appl.h> 3498#endif 3499 ]], [[ 3500(void)pam_strerror((pam_handle_t *)NULL, -1); 3501 ]])], [AC_MSG_RESULT([no])], [ 3502 AC_DEFINE([HAVE_OLD_PAM], [1], 3503 [Define if you have an old version of PAM 3504 which takes only one argument to pam_strerror]) 3505 AC_MSG_RESULT([yes]) 3506 PAM_MSG="yes (old library)" 3507 3508 ]) 3509fi 3510 3511case "$host" in 3512*-*-cygwin*) 3513 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3514 ;; 3515*) 3516 SSH_PRIVSEP_USER=sshd 3517 ;; 3518esac 3519AC_ARG_WITH([privsep-user], 3520 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3521 [ 3522 if test -n "$withval" && test "x$withval" != "xno" && \ 3523 test "x${withval}" != "xyes"; then 3524 SSH_PRIVSEP_USER=$withval 3525 fi 3526 ] 3527) 3528if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3529 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3530 [Cygwin function to fetch non-privileged user for privilege separation]) 3531else 3532 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3533 [non-privileged user for privilege separation]) 3534fi 3535AC_SUBST([SSH_PRIVSEP_USER]) 3536 3537if test "x$have_linux_no_new_privs" = "x1" ; then 3538AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3539 #include <sys/types.h> 3540 #include <linux/seccomp.h> 3541]) 3542fi 3543if test "x$have_seccomp_filter" = "x1" ; then 3544AC_MSG_CHECKING([kernel for seccomp_filter support]) 3545AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3546 #include <errno.h> 3547 #include <elf.h> 3548 #include <linux/audit.h> 3549 #include <linux/seccomp.h> 3550 #include <stdlib.h> 3551 #include <sys/prctl.h> 3552 ]], 3553 [[ int i = $seccomp_audit_arch; 3554 errno = 0; 3555 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3556 exit(errno == EFAULT ? 0 : 1); ]])], 3557 [ AC_MSG_RESULT([yes]) ], [ 3558 AC_MSG_RESULT([no]) 3559 # Disable seccomp filter as a target 3560 have_seccomp_filter=0 3561 ] 3562) 3563fi 3564 3565# Decide which sandbox style to use 3566sandbox_arg="" 3567AC_ARG_WITH([sandbox], 3568 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3569 [ 3570 if test "x$withval" = "xyes" ; then 3571 sandbox_arg="" 3572 else 3573 sandbox_arg="$withval" 3574 fi 3575 ] 3576) 3577 3578# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3579# is greater than OPEN_MAX". On some platforms that includes implementions 3580# ofselect in userspace on top of poll() so check both work with rlimit NOFILES 3581# so check that both work before enabling the rlimit sandbox. 3582AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3583AC_RUN_IFELSE( 3584 [AC_LANG_PROGRAM([[ 3585#include <sys/types.h> 3586#ifdef HAVE_SYS_TIME_H 3587# include <sys/time.h> 3588#endif 3589#include <sys/resource.h> 3590#ifdef HAVE_SYS_SELECT_H 3591# include <sys/select.h> 3592#endif 3593#ifdef HAVE_POLL_H 3594# include <poll.h> 3595#elif HAVE_SYS_POLL_H 3596# include <sys/poll.h> 3597#endif 3598#include <errno.h> 3599#include <fcntl.h> 3600#include <stdlib.h> 3601 ]],[[ 3602 struct rlimit rl_zero; 3603 int fd, r; 3604 fd_set fds; 3605 struct timeval tv; 3606#ifdef HAVE_POLL 3607 struct pollfd pfd; 3608#endif 3609 3610 fd = open("/dev/null", O_RDONLY); 3611 FD_ZERO(&fds); 3612 FD_SET(fd, &fds); 3613 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3614 setrlimit(RLIMIT_FSIZE, &rl_zero); 3615 setrlimit(RLIMIT_NOFILE, &rl_zero); 3616 tv.tv_sec = 1; 3617 tv.tv_usec = 0; 3618 r = select(fd+1, &fds, NULL, NULL, &tv); 3619 if (r == -1) 3620 exit(1); 3621#ifdef HAVE_POLL 3622 pfd.fd = fd; 3623 pfd.events = POLLIN; 3624 r = poll(&pfd, 1, 1); 3625 if (r == -1) 3626 exit(2); 3627#endif 3628 exit(0); 3629 ]])], 3630 [AC_MSG_RESULT([yes]) 3631 select_works_with_rlimit=yes], 3632 [AC_MSG_RESULT([no]) 3633 select_works_with_rlimit=no], 3634 [AC_MSG_WARN([cross compiling: assuming yes]) 3635 select_works_with_rlimit=yes] 3636) 3637 3638AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3639#include <sys/types.h> 3640#ifdef HAVE_POLL_H 3641#include <poll.h> 3642#endif 3643#ifdef HAVE_SYS_POLL_H 3644#include <sys/poll.h> 3645#endif 3646]]) 3647 3648AC_CHECK_TYPES([nfds_t], , , [ 3649#include <sys/types.h> 3650#ifdef HAVE_POLL_H 3651#include <poll.h> 3652#endif 3653#ifdef HAVE_SYS_POLL_H 3654#include <sys/poll.h> 3655#endif 3656]) 3657 3658AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3659AC_RUN_IFELSE( 3660 [AC_LANG_PROGRAM([[ 3661#include <sys/types.h> 3662#ifdef HAVE_SYS_TIME_H 3663# include <sys/time.h> 3664#endif 3665#include <sys/resource.h> 3666#include <errno.h> 3667#include <stdlib.h> 3668 ]],[[ 3669 struct rlimit rl_zero; 3670 int r; 3671 3672 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3673 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3674 exit (r == -1 ? 1 : 0); 3675 ]])], 3676 [AC_MSG_RESULT([yes]) 3677 rlimit_nofile_zero_works=yes], 3678 [AC_MSG_RESULT([no]) 3679 rlimit_nofile_zero_works=no], 3680 [AC_MSG_WARN([cross compiling: assuming yes]) 3681 rlimit_nofile_zero_works=yes] 3682) 3683 3684AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3685AC_RUN_IFELSE( 3686 [AC_LANG_PROGRAM([[ 3687#include <sys/types.h> 3688#include <sys/resource.h> 3689#include <stdlib.h> 3690 ]],[[ 3691 struct rlimit rl_zero; 3692 3693 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3694 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3695 ]])], 3696 [AC_MSG_RESULT([yes])], 3697 [AC_MSG_RESULT([no]) 3698 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3699 [setrlimit RLIMIT_FSIZE works])], 3700 [AC_MSG_WARN([cross compiling: assuming yes])] 3701) 3702 3703if test "x$sandbox_arg" = "xpledge" || \ 3704 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3705 test "x$ac_cv_func_pledge" != "xyes" && \ 3706 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3707 SANDBOX_STYLE="pledge" 3708 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3709elif test "x$sandbox_arg" = "xsystrace" || \ 3710 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3711 test "x$have_systr_policy_kill" != "x1" && \ 3712 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3713 SANDBOX_STYLE="systrace" 3714 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3715elif test "x$sandbox_arg" = "xdarwin" || \ 3716 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3717 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3718 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3719 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3720 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3721 SANDBOX_STYLE="darwin" 3722 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3723elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3724 ( test -z "$sandbox_arg" && \ 3725 test "x$have_seccomp_filter" = "x1" && \ 3726 test "x$ac_cv_header_elf_h" = "xyes" && \ 3727 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3728 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3729 test "x$seccomp_audit_arch" != "x" && \ 3730 test "x$have_linux_no_new_privs" = "x1" && \ 3731 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3732 test "x$seccomp_audit_arch" = "x" && \ 3733 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3734 test "x$have_linux_no_new_privs" != "x1" && \ 3735 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3736 test "x$have_seccomp_filter" != "x1" && \ 3737 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3738 test "x$ac_cv_func_prctl" != "xyes" && \ 3739 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3740 SANDBOX_STYLE="seccomp_filter" 3741 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3742elif test "x$sandbox_arg" = "xcapsicum" || \ 3743 ( test -z "$sandbox_arg" && \ 3744 test "x$disable_capsicum" != "xyes" && \ 3745 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3746 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3747 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3748 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3749 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3750 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3751 SANDBOX_STYLE="capsicum" 3752 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3753elif test "x$sandbox_arg" = "xrlimit" || \ 3754 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3755 test "x$select_works_with_rlimit" = "xyes" && \ 3756 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3757 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3758 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3759 test "x$select_works_with_rlimit" != "xyes" && \ 3760 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3761 SANDBOX_STYLE="rlimit" 3762 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3763elif test "x$sandbox_arg" = "xsolaris" || \ 3764 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3765 SANDBOX_STYLE="solaris" 3766 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3767elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3768 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3769 SANDBOX_STYLE="none" 3770 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3771else 3772 AC_MSG_ERROR([unsupported --with-sandbox]) 3773fi 3774 3775# Cheap hack to ensure NEWS-OS libraries are arranged right. 3776if test ! -z "$SONY" ; then 3777 LIBS="$LIBS -liberty"; 3778fi 3779 3780# Check for long long datatypes 3781AC_CHECK_TYPES([long long, unsigned long long, long double]) 3782 3783# Check datatype sizes 3784AC_CHECK_SIZEOF([short int]) 3785AC_CHECK_SIZEOF([int]) 3786AC_CHECK_SIZEOF([long int]) 3787AC_CHECK_SIZEOF([long long int]) 3788AC_CHECK_SIZEOF([time_t], [], [[ 3789 #include <sys/types.h> 3790 #ifdef HAVE_SYS_TIME_H 3791 # include <sys/time.h> 3792 #endif 3793 #ifdef HAVE_TIME_H 3794 # include <time.h> 3795 #endif 3796 ]] 3797) 3798 3799# Sanity check long long for some platforms (AIX) 3800if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3801 ac_cv_sizeof_long_long_int=0 3802fi 3803 3804# compute LLONG_MIN and LLONG_MAX if we don't know them. 3805if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3806 AC_MSG_CHECKING([for max value of long long]) 3807 AC_RUN_IFELSE( 3808 [AC_LANG_PROGRAM([[ 3809#include <stdio.h> 3810#include <stdlib.h> 3811/* Why is this so damn hard? */ 3812#ifdef __GNUC__ 3813# undef __GNUC__ 3814#endif 3815#define __USE_ISOC99 3816#include <limits.h> 3817#define DATA "conftest.llminmax" 3818#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3819 3820/* 3821 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3822 * we do this the hard way. 3823 */ 3824static int 3825fprint_ll(FILE *f, long long n) 3826{ 3827 unsigned int i; 3828 int l[sizeof(long long) * 8]; 3829 3830 if (n < 0) 3831 if (fprintf(f, "-") < 0) 3832 return -1; 3833 for (i = 0; n != 0; i++) { 3834 l[i] = my_abs(n % 10); 3835 n /= 10; 3836 } 3837 do { 3838 if (fprintf(f, "%d", l[--i]) < 0) 3839 return -1; 3840 } while (i != 0); 3841 if (fprintf(f, " ") < 0) 3842 return -1; 3843 return 0; 3844} 3845 ]], [[ 3846 FILE *f; 3847 long long i, llmin, llmax = 0; 3848 3849 if((f = fopen(DATA,"w")) == NULL) 3850 exit(1); 3851 3852#if defined(LLONG_MIN) && defined(LLONG_MAX) 3853 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3854 llmin = LLONG_MIN; 3855 llmax = LLONG_MAX; 3856#else 3857 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3858 /* This will work on one's complement and two's complement */ 3859 for (i = 1; i > llmax; i <<= 1, i++) 3860 llmax = i; 3861 llmin = llmax + 1LL; /* wrap */ 3862#endif 3863 3864 /* Sanity check */ 3865 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3866 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3867 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3868 fprintf(f, "unknown unknown\n"); 3869 exit(2); 3870 } 3871 3872 if (fprint_ll(f, llmin) < 0) 3873 exit(3); 3874 if (fprint_ll(f, llmax) < 0) 3875 exit(4); 3876 if (fclose(f) < 0) 3877 exit(5); 3878 exit(0); 3879 ]])], 3880 [ 3881 llong_min=`$AWK '{print $1}' conftest.llminmax` 3882 llong_max=`$AWK '{print $2}' conftest.llminmax` 3883 3884 AC_MSG_RESULT([$llong_max]) 3885 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3886 [max value of long long calculated by configure]) 3887 AC_MSG_CHECKING([for min value of long long]) 3888 AC_MSG_RESULT([$llong_min]) 3889 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3890 [min value of long long calculated by configure]) 3891 ], 3892 [ 3893 AC_MSG_RESULT([not found]) 3894 ], 3895 [ 3896 AC_MSG_WARN([cross compiling: not checking]) 3897 ] 3898 ) 3899fi 3900 3901AC_CHECK_DECLS([UINT32_MAX], , , [[ 3902#ifdef HAVE_SYS_LIMITS_H 3903# include <sys/limits.h> 3904#endif 3905#ifdef HAVE_LIMITS_H 3906# include <limits.h> 3907#endif 3908#ifdef HAVE_STDINT_H 3909# include <stdint.h> 3910#endif 3911]]) 3912 3913# More checks for data types 3914AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3915 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3916 [[ u_int a; a = 1;]])], 3917 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3918 ]) 3919]) 3920if test "x$ac_cv_have_u_int" = "xyes" ; then 3921 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3922 have_u_int=1 3923fi 3924 3925AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3926 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3927 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3928 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3929 ]) 3930]) 3931if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3932 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3933 have_intxx_t=1 3934fi 3935 3936if (test -z "$have_intxx_t" && \ 3937 test "x$ac_cv_header_stdint_h" = "xyes") 3938then 3939 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3940 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3941 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3942 [ 3943 AC_DEFINE([HAVE_INTXX_T]) 3944 AC_MSG_RESULT([yes]) 3945 ], [ AC_MSG_RESULT([no]) 3946 ]) 3947fi 3948 3949AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3950 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3951#include <sys/types.h> 3952#ifdef HAVE_STDINT_H 3953# include <stdint.h> 3954#endif 3955#include <sys/socket.h> 3956#ifdef HAVE_SYS_BITYPES_H 3957# include <sys/bitypes.h> 3958#endif 3959 ]], [[ 3960int64_t a; a = 1; 3961 ]])], 3962 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3963 ]) 3964]) 3965if test "x$ac_cv_have_int64_t" = "xyes" ; then 3966 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3967fi 3968 3969AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3970 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3971 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3972 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3973 ]) 3974]) 3975if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3976 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3977 have_u_intxx_t=1 3978fi 3979 3980if test -z "$have_u_intxx_t" ; then 3981 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3982 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3983 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3984 [ 3985 AC_DEFINE([HAVE_U_INTXX_T]) 3986 AC_MSG_RESULT([yes]) 3987 ], [ AC_MSG_RESULT([no]) 3988 ]) 3989fi 3990 3991AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3992 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3993 [[ u_int64_t a; a = 1;]])], 3994 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3995 ]) 3996]) 3997if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3998 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3999 have_u_int64_t=1 4000fi 4001 4002if (test -z "$have_u_int64_t" && \ 4003 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4004then 4005 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4006 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4007 [[ u_int64_t a; a = 1]])], 4008 [ 4009 AC_DEFINE([HAVE_U_INT64_T]) 4010 AC_MSG_RESULT([yes]) 4011 ], [ AC_MSG_RESULT([no]) 4012 ]) 4013fi 4014 4015if test -z "$have_u_intxx_t" ; then 4016 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4017 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4018#include <sys/types.h> 4019 ]], [[ 4020 uint8_t a; 4021 uint16_t b; 4022 uint32_t c; 4023 a = b = c = 1; 4024 ]])], 4025 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4026 ]) 4027 ]) 4028 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4029 AC_DEFINE([HAVE_UINTXX_T], [1], 4030 [define if you have uintxx_t data type]) 4031 fi 4032fi 4033 4034if (test -z "$have_uintxx_t" && \ 4035 test "x$ac_cv_header_stdint_h" = "xyes") 4036then 4037 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4038 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4039 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4040 [ 4041 AC_DEFINE([HAVE_UINTXX_T]) 4042 AC_MSG_RESULT([yes]) 4043 ], [ AC_MSG_RESULT([no]) 4044 ]) 4045fi 4046 4047if (test -z "$have_uintxx_t" && \ 4048 test "x$ac_cv_header_inttypes_h" = "xyes") 4049then 4050 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4052 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4053 [ 4054 AC_DEFINE([HAVE_UINTXX_T]) 4055 AC_MSG_RESULT([yes]) 4056 ], [ AC_MSG_RESULT([no]) 4057 ]) 4058fi 4059 4060if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4061 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4062then 4063 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4064 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4065#include <sys/bitypes.h> 4066 ]], [[ 4067 int8_t a; int16_t b; int32_t c; 4068 u_int8_t e; u_int16_t f; u_int32_t g; 4069 a = b = c = e = f = g = 1; 4070 ]])], 4071 [ 4072 AC_DEFINE([HAVE_U_INTXX_T]) 4073 AC_DEFINE([HAVE_INTXX_T]) 4074 AC_MSG_RESULT([yes]) 4075 ], [AC_MSG_RESULT([no]) 4076 ]) 4077fi 4078 4079 4080AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4081 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4082 [[ u_char foo; foo = 125; ]])], 4083 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4084 ]) 4085]) 4086if test "x$ac_cv_have_u_char" = "xyes" ; then 4087 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4088fi 4089 4090AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4091#include <sys/types.h> 4092#ifdef HAVE_STDINT_H 4093# include <stdint.h> 4094#endif 4095]) 4096 4097TYPE_SOCKLEN_T 4098 4099AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4100AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4101#include <sys/types.h> 4102#ifdef HAVE_SYS_BITYPES_H 4103#include <sys/bitypes.h> 4104#endif 4105#ifdef HAVE_SYS_STATFS_H 4106#include <sys/statfs.h> 4107#endif 4108#ifdef HAVE_SYS_STATVFS_H 4109#include <sys/statvfs.h> 4110#endif 4111]) 4112 4113AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4114#include <sys/param.h> 4115#include <sys/types.h> 4116#ifdef HAVE_SYS_BITYPES_H 4117#include <sys/bitypes.h> 4118#endif 4119#ifdef HAVE_SYS_STATFS_H 4120#include <sys/statfs.h> 4121#endif 4122#ifdef HAVE_SYS_STATVFS_H 4123#include <sys/statvfs.h> 4124#endif 4125#ifdef HAVE_SYS_VFS_H 4126#include <sys/vfs.h> 4127#endif 4128#ifdef HAVE_SYS_MOUNT_H 4129#include <sys/mount.h> 4130#endif 4131]]) 4132 4133 4134AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4135[#include <sys/types.h> 4136#include <netinet/in.h>]) 4137 4138AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4139 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4140 [[ size_t foo; foo = 1235; ]])], 4141 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4142 ]) 4143]) 4144if test "x$ac_cv_have_size_t" = "xyes" ; then 4145 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4146fi 4147 4148AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4149 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4150 [[ ssize_t foo; foo = 1235; ]])], 4151 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4152 ]) 4153]) 4154if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4155 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4156fi 4157 4158AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4159 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4160 [[ clock_t foo; foo = 1235; ]])], 4161 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4162 ]) 4163]) 4164if test "x$ac_cv_have_clock_t" = "xyes" ; then 4165 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4166fi 4167 4168AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4169 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4170#include <sys/types.h> 4171#include <sys/socket.h> 4172 ]], [[ sa_family_t foo; foo = 1235; ]])], 4173 [ ac_cv_have_sa_family_t="yes" ], 4174 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4175#include <sys/types.h> 4176#include <sys/socket.h> 4177#include <netinet/in.h> 4178 ]], [[ sa_family_t foo; foo = 1235; ]])], 4179 [ ac_cv_have_sa_family_t="yes" ], 4180 [ ac_cv_have_sa_family_t="no" ] 4181 ) 4182 ]) 4183]) 4184if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4185 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4186 [define if you have sa_family_t data type]) 4187fi 4188 4189AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4190 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4191 [[ pid_t foo; foo = 1235; ]])], 4192 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4193 ]) 4194]) 4195if test "x$ac_cv_have_pid_t" = "xyes" ; then 4196 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4197fi 4198 4199AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4200 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4201 [[ mode_t foo; foo = 1235; ]])], 4202 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4203 ]) 4204]) 4205if test "x$ac_cv_have_mode_t" = "xyes" ; then 4206 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4207fi 4208 4209 4210AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4211 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4212#include <sys/types.h> 4213#include <sys/socket.h> 4214 ]], [[ struct sockaddr_storage s; ]])], 4215 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4216 [ ac_cv_have_struct_sockaddr_storage="no" 4217 ]) 4218]) 4219if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4220 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4221 [define if you have struct sockaddr_storage data type]) 4222fi 4223 4224AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4225 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4226#include <sys/types.h> 4227#include <netinet/in.h> 4228 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4229 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4230 [ ac_cv_have_struct_sockaddr_in6="no" 4231 ]) 4232]) 4233if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4234 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4235 [define if you have struct sockaddr_in6 data type]) 4236fi 4237 4238AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4239 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4240#include <sys/types.h> 4241#include <netinet/in.h> 4242 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4243 [ ac_cv_have_struct_in6_addr="yes" ], 4244 [ ac_cv_have_struct_in6_addr="no" 4245 ]) 4246]) 4247if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4248 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4249 [define if you have struct in6_addr data type]) 4250 4251dnl Now check for sin6_scope_id 4252 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4253 [ 4254#ifdef HAVE_SYS_TYPES_H 4255#include <sys/types.h> 4256#endif 4257#include <netinet/in.h> 4258 ]) 4259fi 4260 4261AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4262 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4263#include <sys/types.h> 4264#include <sys/socket.h> 4265#include <netdb.h> 4266 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4267 [ ac_cv_have_struct_addrinfo="yes" ], 4268 [ ac_cv_have_struct_addrinfo="no" 4269 ]) 4270]) 4271if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4272 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4273 [define if you have struct addrinfo data type]) 4274fi 4275 4276AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4277 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4278 [[ struct timeval tv; tv.tv_sec = 1;]])], 4279 [ ac_cv_have_struct_timeval="yes" ], 4280 [ ac_cv_have_struct_timeval="no" 4281 ]) 4282]) 4283if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4284 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4285 have_struct_timeval=1 4286fi 4287 4288AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4289 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4290 #ifdef HAVE_SYS_TIME_H 4291 # include <sys/time.h> 4292 #endif 4293 #ifdef HAVE_TIME_H 4294 # include <time.h> 4295 #endif 4296 ]], 4297 [[ struct timespec ts; ts.tv_sec = 1;]])], 4298 [ ac_cv_have_struct_timespec="yes" ], 4299 [ ac_cv_have_struct_timespec="no" 4300 ]) 4301]) 4302if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4303 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4304 have_struct_timespec=1 4305fi 4306 4307# We need int64_t or else certain parts of the compile will fail. 4308if test "x$ac_cv_have_int64_t" = "xno" && \ 4309 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4310 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4311 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4312 echo "an alternative compiler (I.E., GCC) before continuing." 4313 echo "" 4314 exit 1; 4315else 4316dnl test snprintf (broken on SCO w/gcc) 4317 AC_RUN_IFELSE( 4318 [AC_LANG_SOURCE([[ 4319#include <stdio.h> 4320#include <stdlib.h> 4321#include <string.h> 4322#ifdef HAVE_SNPRINTF 4323main() 4324{ 4325 char buf[50]; 4326 char expected_out[50]; 4327 int mazsize = 50 ; 4328#if (SIZEOF_LONG_INT == 8) 4329 long int num = 0x7fffffffffffffff; 4330#else 4331 long long num = 0x7fffffffffffffffll; 4332#endif 4333 strcpy(expected_out, "9223372036854775807"); 4334 snprintf(buf, mazsize, "%lld", num); 4335 if(strcmp(buf, expected_out) != 0) 4336 exit(1); 4337 exit(0); 4338} 4339#else 4340main() { exit(0); } 4341#endif 4342 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4343 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4344 ) 4345fi 4346 4347dnl Checks for structure members 4348OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4349OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4350OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4351OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4352OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4353OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4354OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4355OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4356OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4357OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4358OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4359OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4360OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4361OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4362OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4363OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4364OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4365OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4366 4367AC_CHECK_MEMBERS([struct stat.st_blksize]) 4368AC_CHECK_MEMBERS([struct stat.st_mtim]) 4369AC_CHECK_MEMBERS([struct stat.st_mtime]) 4370AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4371struct passwd.pw_change, struct passwd.pw_expire], 4372[], [], [[ 4373#include <sys/types.h> 4374#include <pwd.h> 4375]]) 4376 4377AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4378 [Define if we don't have struct __res_state in resolv.h])], 4379[[ 4380#include <stdio.h> 4381#if HAVE_SYS_TYPES_H 4382# include <sys/types.h> 4383#endif 4384#include <netinet/in.h> 4385#include <arpa/nameser.h> 4386#include <resolv.h> 4387]]) 4388 4389AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4390 ac_cv_have_ss_family_in_struct_ss, [ 4391 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4392#include <sys/types.h> 4393#include <sys/socket.h> 4394 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4395 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4396 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4397]) 4398if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4399 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4400fi 4401 4402AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4403 ac_cv_have___ss_family_in_struct_ss, [ 4404 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4405#include <sys/types.h> 4406#include <sys/socket.h> 4407 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4408 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4409 [ ac_cv_have___ss_family_in_struct_ss="no" 4410 ]) 4411]) 4412if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4413 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4414 [Fields in struct sockaddr_storage]) 4415fi 4416 4417dnl make sure we're using the real structure members and not defines 4418AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4419 ac_cv_have_accrights_in_msghdr, [ 4420 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4421#include <sys/types.h> 4422#include <sys/socket.h> 4423#include <sys/uio.h> 4424#include <stdlib.h> 4425 ]], [[ 4426#ifdef msg_accrights 4427#error "msg_accrights is a macro" 4428exit(1); 4429#endif 4430struct msghdr m; 4431m.msg_accrights = 0; 4432exit(0); 4433 ]])], 4434 [ ac_cv_have_accrights_in_msghdr="yes" ], 4435 [ ac_cv_have_accrights_in_msghdr="no" ] 4436 ) 4437]) 4438if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4439 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4440 [Define if your system uses access rights style 4441 file descriptor passing]) 4442fi 4443 4444AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4445AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4446#include <sys/param.h> 4447#include <sys/stat.h> 4448#ifdef HAVE_SYS_TIME_H 4449# include <sys/time.h> 4450#endif 4451#ifdef HAVE_SYS_MOUNT_H 4452#include <sys/mount.h> 4453#endif 4454#ifdef HAVE_SYS_STATVFS_H 4455#include <sys/statvfs.h> 4456#endif 4457 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4458 [ AC_MSG_RESULT([yes]) ], 4459 [ AC_MSG_RESULT([no]) 4460 4461 AC_MSG_CHECKING([if fsid_t has member val]) 4462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4463#include <sys/types.h> 4464#include <sys/statvfs.h> 4465 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4466 [ AC_MSG_RESULT([yes]) 4467 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4468 [ AC_MSG_RESULT([no]) ]) 4469 4470 AC_MSG_CHECKING([if f_fsid has member __val]) 4471 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4472#include <sys/types.h> 4473#include <sys/statvfs.h> 4474 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4475 [ AC_MSG_RESULT([yes]) 4476 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4477 [ AC_MSG_RESULT([no]) ]) 4478]) 4479 4480AC_CACHE_CHECK([for msg_control field in struct msghdr], 4481 ac_cv_have_control_in_msghdr, [ 4482 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4483#include <sys/types.h> 4484#include <sys/socket.h> 4485#include <sys/uio.h> 4486#include <stdlib.h> 4487 ]], [[ 4488#ifdef msg_control 4489#error "msg_control is a macro" 4490exit(1); 4491#endif 4492struct msghdr m; 4493m.msg_control = 0; 4494exit(0); 4495 ]])], 4496 [ ac_cv_have_control_in_msghdr="yes" ], 4497 [ ac_cv_have_control_in_msghdr="no" ] 4498 ) 4499]) 4500if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4501 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4502 [Define if your system uses ancillary data style 4503 file descriptor passing]) 4504fi 4505 4506AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4507 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4508 [[ extern char *__progname; printf("%s", __progname); ]])], 4509 [ ac_cv_libc_defines___progname="yes" ], 4510 [ ac_cv_libc_defines___progname="no" 4511 ]) 4512]) 4513if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4514 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4515fi 4516 4517AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4518 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4519 [[ printf("%s", __FUNCTION__); ]])], 4520 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4521 [ ac_cv_cc_implements___FUNCTION__="no" 4522 ]) 4523]) 4524if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4525 AC_DEFINE([HAVE___FUNCTION__], [1], 4526 [Define if compiler implements __FUNCTION__]) 4527fi 4528 4529AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4530 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4531 [[ printf("%s", __func__); ]])], 4532 [ ac_cv_cc_implements___func__="yes" ], 4533 [ ac_cv_cc_implements___func__="no" 4534 ]) 4535]) 4536if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4537 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4538fi 4539 4540AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4541 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4542#include <stdarg.h> 4543va_list x,y; 4544 ]], [[ va_copy(x,y); ]])], 4545 [ ac_cv_have_va_copy="yes" ], 4546 [ ac_cv_have_va_copy="no" 4547 ]) 4548]) 4549if test "x$ac_cv_have_va_copy" = "xyes" ; then 4550 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4551fi 4552 4553AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4554 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4555#include <stdarg.h> 4556va_list x,y; 4557 ]], [[ __va_copy(x,y); ]])], 4558 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4559 ]) 4560]) 4561if test "x$ac_cv_have___va_copy" = "xyes" ; then 4562 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4563fi 4564 4565AC_CACHE_CHECK([whether getopt has optreset support], 4566 ac_cv_have_getopt_optreset, [ 4567 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4568 [[ extern int optreset; optreset = 0; ]])], 4569 [ ac_cv_have_getopt_optreset="yes" ], 4570 [ ac_cv_have_getopt_optreset="no" 4571 ]) 4572]) 4573if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4574 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4575 [Define if your getopt(3) defines and uses optreset]) 4576fi 4577 4578AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4579 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4580[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4581 [ ac_cv_libc_defines_sys_errlist="yes" ], 4582 [ ac_cv_libc_defines_sys_errlist="no" 4583 ]) 4584]) 4585if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4586 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4587 [Define if your system defines sys_errlist[]]) 4588fi 4589 4590 4591AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4592 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4593[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4594 [ ac_cv_libc_defines_sys_nerr="yes" ], 4595 [ ac_cv_libc_defines_sys_nerr="no" 4596 ]) 4597]) 4598if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4599 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4600fi 4601 4602# Check libraries needed by DNS fingerprint support 4603AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4604 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4605 [Define if getrrsetbyname() exists])], 4606 [ 4607 # Needed by our getrrsetbyname() 4608 AC_SEARCH_LIBS([res_query], [resolv]) 4609 AC_SEARCH_LIBS([dn_expand], [resolv]) 4610 AC_MSG_CHECKING([if res_query will link]) 4611 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4612#include <sys/types.h> 4613#include <netinet/in.h> 4614#include <arpa/nameser.h> 4615#include <netdb.h> 4616#include <resolv.h> 4617 ]], [[ 4618 res_query (0, 0, 0, 0, 0); 4619 ]])], 4620 AC_MSG_RESULT([yes]), 4621 [AC_MSG_RESULT([no]) 4622 saved_LIBS="$LIBS" 4623 LIBS="$LIBS -lresolv" 4624 AC_MSG_CHECKING([for res_query in -lresolv]) 4625 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4626#include <sys/types.h> 4627#include <netinet/in.h> 4628#include <arpa/nameser.h> 4629#include <netdb.h> 4630#include <resolv.h> 4631 ]], [[ 4632 res_query (0, 0, 0, 0, 0); 4633 ]])], 4634 [AC_MSG_RESULT([yes])], 4635 [LIBS="$saved_LIBS" 4636 AC_MSG_RESULT([no])]) 4637 ]) 4638 AC_CHECK_FUNCS([_getshort _getlong]) 4639 AC_CHECK_DECLS([_getshort, _getlong], , , 4640 [#include <sys/types.h> 4641 #include <arpa/nameser.h>]) 4642 AC_CHECK_MEMBER([HEADER.ad], 4643 [AC_DEFINE([HAVE_HEADER_AD], [1], 4644 [Define if HEADER.ad exists in arpa/nameser.h])], , 4645 [#include <arpa/nameser.h>]) 4646 ]) 4647 4648AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4649AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4650#include <stdio.h> 4651#if HAVE_SYS_TYPES_H 4652# include <sys/types.h> 4653#endif 4654#include <netinet/in.h> 4655#include <arpa/nameser.h> 4656#include <resolv.h> 4657extern struct __res_state _res; 4658 ]], [[ 4659struct __res_state *volatile p = &_res; /* force resolution of _res */ 4660return 0; 4661 ]],)], 4662 [AC_MSG_RESULT([yes]) 4663 AC_DEFINE([HAVE__RES_EXTERN], [1], 4664 [Define if you have struct __res_state _res as an extern]) 4665 ], 4666 [ AC_MSG_RESULT([no]) ] 4667) 4668 4669# Check whether user wants SELinux support 4670SELINUX_MSG="no" 4671LIBSELINUX="" 4672AC_ARG_WITH([selinux], 4673 [ --with-selinux Enable SELinux support], 4674 [ if test "x$withval" != "xno" ; then 4675 save_LIBS="$LIBS" 4676 AC_DEFINE([WITH_SELINUX], [1], 4677 [Define if you want SELinux support.]) 4678 SELINUX_MSG="yes" 4679 AC_CHECK_HEADER([selinux/selinux.h], , 4680 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4681 AC_CHECK_LIB([selinux], [setexeccon], 4682 [ LIBSELINUX="-lselinux" 4683 LIBS="$LIBS -lselinux" 4684 ], 4685 AC_MSG_ERROR([SELinux support requires libselinux library])) 4686 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4687 LIBS="$save_LIBS $LIBSELINUX" 4688 fi ] 4689) 4690AC_SUBST([SSHDLIBS]) 4691 4692# Check whether user wants Kerberos 5 support 4693KRB5_MSG="no" 4694AC_ARG_WITH([kerberos5], 4695 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4696 [ if test "x$withval" != "xno" ; then 4697 if test "x$withval" = "xyes" ; then 4698 KRB5ROOT="/usr/local" 4699 else 4700 KRB5ROOT=${withval} 4701 fi 4702 4703 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4704 KRB5_MSG="yes" 4705 4706 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 4707 use_pkgconfig_for_krb5= 4708 if test "x$PKGCONFIG" != "xno"; then 4709 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4710 if "$PKGCONFIG" krb5; then 4711 AC_MSG_RESULT([yes]) 4712 use_pkgconfig_for_krb5=yes 4713 else 4714 AC_MSG_RESULT([no]) 4715 fi 4716 fi 4717 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4718 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4719 K5LIBS=`$PKGCONFIG --libs krb5` 4720 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4721 4722 AC_MSG_CHECKING([for gssapi support]) 4723 if "$PKGCONFIG" krb5-gssapi; then 4724 AC_MSG_RESULT([yes]) 4725 AC_DEFINE([GSSAPI], [1], 4726 [Define this if you want GSSAPI 4727 support in the version 2 protocol]) 4728 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4729 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4730 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4731 else 4732 AC_MSG_RESULT([no]) 4733 fi 4734 AC_MSG_CHECKING([whether we are using Heimdal]) 4735 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4736 ]], [[ char *tmp = heimdal_version; ]])], 4737 [ AC_MSG_RESULT([yes]) 4738 AC_DEFINE([HEIMDAL], [1], 4739 [Define this if you are using the Heimdal 4740 version of Kerberos V5]) ], 4741 [AC_MSG_RESULT([no]) 4742 ]) 4743 else 4744 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4745 [$KRB5ROOT/bin/krb5-config], 4746 [$KRB5ROOT/bin:$PATH]) 4747 if test -x $KRB5CONF ; then 4748 K5CFLAGS="`$KRB5CONF --cflags`" 4749 K5LIBS="`$KRB5CONF --libs`" 4750 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4751 4752 AC_MSG_CHECKING([for gssapi support]) 4753 if $KRB5CONF | grep gssapi >/dev/null ; then 4754 AC_MSG_RESULT([yes]) 4755 AC_DEFINE([GSSAPI], [1], 4756 [Define this if you want GSSAPI 4757 support in the version 2 protocol]) 4758 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4759 GSSLIBS="`$KRB5CONF --libs gssapi`" 4760 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4761 else 4762 AC_MSG_RESULT([no]) 4763 fi 4764 AC_MSG_CHECKING([whether we are using Heimdal]) 4765 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4766 ]], [[ char *tmp = heimdal_version; ]])], 4767 [ AC_MSG_RESULT([yes]) 4768 AC_DEFINE([HEIMDAL], [1], 4769 [Define this if you are using the Heimdal 4770 version of Kerberos V5]) ], 4771 [AC_MSG_RESULT([no]) 4772 ]) 4773 else 4774 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4775 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4776 AC_MSG_CHECKING([whether we are using Heimdal]) 4777 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4778 ]], [[ char *tmp = heimdal_version; ]])], 4779 [ AC_MSG_RESULT([yes]) 4780 AC_DEFINE([HEIMDAL]) 4781 K5LIBS="-lkrb5" 4782 K5LIBS="$K5LIBS -lcom_err -lasn1" 4783 AC_CHECK_LIB([roken], [net_write], 4784 [K5LIBS="$K5LIBS -lroken"]) 4785 AC_CHECK_LIB([des], [des_cbc_encrypt], 4786 [K5LIBS="$K5LIBS -ldes"]) 4787 ], [ AC_MSG_RESULT([no]) 4788 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4789 ]) 4790 AC_SEARCH_LIBS([dn_expand], [resolv]) 4791 4792 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4793 [ AC_DEFINE([GSSAPI]) 4794 GSSLIBS="-lgssapi_krb5" ], 4795 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4796 [ AC_DEFINE([GSSAPI]) 4797 GSSLIBS="-lgssapi" ], 4798 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4799 [ AC_DEFINE([GSSAPI]) 4800 GSSLIBS="-lgss" ], 4801 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4802 ]) 4803 ]) 4804 4805 AC_CHECK_HEADER([gssapi.h], , 4806 [ unset ac_cv_header_gssapi_h 4807 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4808 AC_CHECK_HEADERS([gssapi.h], , 4809 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4810 ) 4811 ] 4812 ) 4813 4814 oldCPP="$CPPFLAGS" 4815 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4816 AC_CHECK_HEADER([gssapi_krb5.h], , 4817 [ CPPFLAGS="$oldCPP" ]) 4818 4819 fi 4820 fi 4821 if test -n "${rpath_opt}" ; then 4822 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4823 fi 4824 if test ! -z "$blibpath" ; then 4825 blibpath="$blibpath:${KRB5ROOT}/lib" 4826 fi 4827 4828 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4829 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4830 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4831 4832 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4833 [Define this if you want to use libkafs' AFS support])]) 4834 4835 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4836#ifdef HAVE_GSSAPI_H 4837# include <gssapi.h> 4838#elif defined(HAVE_GSSAPI_GSSAPI_H) 4839# include <gssapi/gssapi.h> 4840#endif 4841 4842#ifdef HAVE_GSSAPI_GENERIC_H 4843# include <gssapi_generic.h> 4844#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4845# include <gssapi/gssapi_generic.h> 4846#endif 4847 ]]) 4848 saved_LIBS="$LIBS" 4849 LIBS="$LIBS $K5LIBS" 4850 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4851 LIBS="$saved_LIBS" 4852 4853 fi 4854 ] 4855) 4856AC_SUBST([GSSLIBS]) 4857AC_SUBST([K5LIBS]) 4858 4859# Looking for programs, paths and files 4860 4861PRIVSEP_PATH=/var/empty 4862AC_ARG_WITH([privsep-path], 4863 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4864 [ 4865 if test -n "$withval" && test "x$withval" != "xno" && \ 4866 test "x${withval}" != "xyes"; then 4867 PRIVSEP_PATH=$withval 4868 fi 4869 ] 4870) 4871AC_SUBST([PRIVSEP_PATH]) 4872 4873AC_ARG_WITH([xauth], 4874 [ --with-xauth=PATH Specify path to xauth program ], 4875 [ 4876 if test -n "$withval" && test "x$withval" != "xno" && \ 4877 test "x${withval}" != "xyes"; then 4878 xauth_path=$withval 4879 fi 4880 ], 4881 [ 4882 TestPath="$PATH" 4883 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4884 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4885 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4886 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4887 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4888 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4889 xauth_path="/usr/openwin/bin/xauth" 4890 fi 4891 ] 4892) 4893 4894STRIP_OPT=-s 4895AC_ARG_ENABLE([strip], 4896 [ --disable-strip Disable calling strip(1) on install], 4897 [ 4898 if test "x$enableval" = "xno" ; then 4899 STRIP_OPT= 4900 fi 4901 ] 4902) 4903AC_SUBST([STRIP_OPT]) 4904 4905if test -z "$xauth_path" ; then 4906 XAUTH_PATH="undefined" 4907 AC_SUBST([XAUTH_PATH]) 4908else 4909 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4910 [Define if xauth is found in your path]) 4911 XAUTH_PATH=$xauth_path 4912 AC_SUBST([XAUTH_PATH]) 4913fi 4914 4915dnl # --with-maildir=/path/to/mail gets top priority. 4916dnl # if maildir is set in the platform case statement above we use that. 4917dnl # Otherwise we run a program to get the dir from system headers. 4918dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4919dnl # If we find _PATH_MAILDIR we do nothing because that is what 4920dnl # session.c expects anyway. Otherwise we set to the value found 4921dnl # stripping any trailing slash. If for some strage reason our program 4922dnl # does not find what it needs, we default to /var/spool/mail. 4923# Check for mail directory 4924AC_ARG_WITH([maildir], 4925 [ --with-maildir=/path/to/mail Specify your system mail directory], 4926 [ 4927 if test "X$withval" != X && test "x$withval" != xno && \ 4928 test "x${withval}" != xyes; then 4929 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4930 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4931 fi 4932 ],[ 4933 if test "X$maildir" != "X"; then 4934 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4935 else 4936 AC_MSG_CHECKING([Discovering system mail directory]) 4937 AC_RUN_IFELSE( 4938 [AC_LANG_PROGRAM([[ 4939#include <stdio.h> 4940#include <stdlib.h> 4941#include <string.h> 4942#ifdef HAVE_PATHS_H 4943#include <paths.h> 4944#endif 4945#ifdef HAVE_MAILLOCK_H 4946#include <maillock.h> 4947#endif 4948#define DATA "conftest.maildir" 4949 ]], [[ 4950 FILE *fd; 4951 int rc; 4952 4953 fd = fopen(DATA,"w"); 4954 if(fd == NULL) 4955 exit(1); 4956 4957#if defined (_PATH_MAILDIR) 4958 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4959 exit(1); 4960#elif defined (MAILDIR) 4961 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4962 exit(1); 4963#elif defined (_PATH_MAIL) 4964 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4965 exit(1); 4966#else 4967 exit (2); 4968#endif 4969 4970 exit(0); 4971 ]])], 4972 [ 4973 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4974 maildir=`awk -F: '{print $2}' conftest.maildir \ 4975 | sed 's|/$||'` 4976 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4977 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4978 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4979 fi 4980 ], 4981 [ 4982 if test "X$ac_status" = "X2";then 4983# our test program didn't find it. Default to /var/spool/mail 4984 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4985 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4986 else 4987 AC_MSG_RESULT([*** not found ***]) 4988 fi 4989 ], 4990 [ 4991 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4992 ] 4993 ) 4994 fi 4995 ] 4996) # maildir 4997 4998if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4999 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5000 disable_ptmx_check=yes 5001fi 5002if test -z "$no_dev_ptmx" ; then 5003 if test "x$disable_ptmx_check" != "xyes" ; then 5004 AC_CHECK_FILE(["/dev/ptmx"], 5005 [ 5006 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5007 [Define if you have /dev/ptmx]) 5008 have_dev_ptmx=1 5009 ] 5010 ) 5011 fi 5012fi 5013 5014if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5015 AC_CHECK_FILE(["/dev/ptc"], 5016 [ 5017 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5018 [Define if you have /dev/ptc]) 5019 have_dev_ptc=1 5020 ] 5021 ) 5022else 5023 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5024fi 5025 5026# Options from here on. Some of these are preset by platform above 5027AC_ARG_WITH([mantype], 5028 [ --with-mantype=man|cat|doc Set man page type], 5029 [ 5030 case "$withval" in 5031 man|cat|doc) 5032 MANTYPE=$withval 5033 ;; 5034 *) 5035 AC_MSG_ERROR([invalid man type: $withval]) 5036 ;; 5037 esac 5038 ] 5039) 5040if test -z "$MANTYPE"; then 5041 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5042 MANTYPE=doc 5043 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5044 MANTYPE=doc 5045 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5046 MANTYPE=man 5047 else 5048 MANTYPE=cat 5049 fi 5050fi 5051AC_SUBST([MANTYPE]) 5052if test "$MANTYPE" = "doc"; then 5053 mansubdir=man; 5054else 5055 mansubdir=$MANTYPE; 5056fi 5057AC_SUBST([mansubdir]) 5058 5059# Whether to disable shadow password support 5060AC_ARG_WITH([shadow], 5061 [ --without-shadow Disable shadow password support], 5062 [ 5063 if test "x$withval" = "xno" ; then 5064 AC_DEFINE([DISABLE_SHADOW]) 5065 disable_shadow=yes 5066 fi 5067 ] 5068) 5069 5070if test -z "$disable_shadow" ; then 5071 AC_MSG_CHECKING([if the systems has expire shadow information]) 5072 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5073#include <sys/types.h> 5074#include <shadow.h> 5075struct spwd sp; 5076 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5077 [ sp_expire_available=yes ], [ 5078 ]) 5079 5080 if test "x$sp_expire_available" = "xyes" ; then 5081 AC_MSG_RESULT([yes]) 5082 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5083 [Define if you want to use shadow password expire field]) 5084 else 5085 AC_MSG_RESULT([no]) 5086 fi 5087fi 5088 5089# Use ip address instead of hostname in $DISPLAY 5090if test ! -z "$IPADDR_IN_DISPLAY" ; then 5091 DISPLAY_HACK_MSG="yes" 5092 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5093 [Define if you need to use IP address 5094 instead of hostname in $DISPLAY]) 5095else 5096 DISPLAY_HACK_MSG="no" 5097 AC_ARG_WITH([ipaddr-display], 5098 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5099 [ 5100 if test "x$withval" != "xno" ; then 5101 AC_DEFINE([IPADDR_IN_DISPLAY]) 5102 DISPLAY_HACK_MSG="yes" 5103 fi 5104 ] 5105 ) 5106fi 5107 5108# check for /etc/default/login and use it if present. 5109AC_ARG_ENABLE([etc-default-login], 5110 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5111 [ if test "x$enableval" = "xno"; then 5112 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5113 etc_default_login=no 5114 else 5115 etc_default_login=yes 5116 fi ], 5117 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5118 then 5119 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5120 etc_default_login=no 5121 else 5122 etc_default_login=yes 5123 fi ] 5124) 5125 5126if test "x$etc_default_login" != "xno"; then 5127 AC_CHECK_FILE(["/etc/default/login"], 5128 [ external_path_file=/etc/default/login ]) 5129 if test "x$external_path_file" = "x/etc/default/login"; then 5130 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5131 [Define if your system has /etc/default/login]) 5132 fi 5133fi 5134 5135dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5136if test $ac_cv_func_login_getcapbool = "yes" && \ 5137 test $ac_cv_header_login_cap_h = "yes" ; then 5138 external_path_file=/etc/login.conf 5139fi 5140 5141# Whether to mess with the default path 5142SERVER_PATH_MSG="(default)" 5143AC_ARG_WITH([default-path], 5144 [ --with-default-path= Specify default $PATH environment for server], 5145 [ 5146 if test "x$external_path_file" = "x/etc/login.conf" ; then 5147 AC_MSG_WARN([ 5148--with-default-path=PATH has no effect on this system. 5149Edit /etc/login.conf instead.]) 5150 elif test "x$withval" != "xno" ; then 5151 if test ! -z "$external_path_file" ; then 5152 AC_MSG_WARN([ 5153--with-default-path=PATH will only be used if PATH is not defined in 5154$external_path_file .]) 5155 fi 5156 user_path="$withval" 5157 SERVER_PATH_MSG="$withval" 5158 fi 5159 ], 5160 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5161 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5162 else 5163 if test ! -z "$external_path_file" ; then 5164 AC_MSG_WARN([ 5165If PATH is defined in $external_path_file, ensure the path to scp is included, 5166otherwise scp will not work.]) 5167 fi 5168 AC_RUN_IFELSE( 5169 [AC_LANG_PROGRAM([[ 5170/* find out what STDPATH is */ 5171#include <stdio.h> 5172#include <stdlib.h> 5173#ifdef HAVE_PATHS_H 5174# include <paths.h> 5175#endif 5176#ifndef _PATH_STDPATH 5177# ifdef _PATH_USERPATH /* Irix */ 5178# define _PATH_STDPATH _PATH_USERPATH 5179# else 5180# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5181# endif 5182#endif 5183#include <sys/types.h> 5184#include <sys/stat.h> 5185#include <fcntl.h> 5186#define DATA "conftest.stdpath" 5187 ]], [[ 5188 FILE *fd; 5189 int rc; 5190 5191 fd = fopen(DATA,"w"); 5192 if(fd == NULL) 5193 exit(1); 5194 5195 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5196 exit(1); 5197 5198 exit(0); 5199 ]])], 5200 [ user_path=`cat conftest.stdpath` ], 5201 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5202 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5203 ) 5204# make sure $bindir is in USER_PATH so scp will work 5205 t_bindir="${bindir}" 5206 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5207 t_bindir=`eval echo ${t_bindir}` 5208 case $t_bindir in 5209 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5210 esac 5211 case $t_bindir in 5212 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5213 esac 5214 done 5215 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5216 if test $? -ne 0 ; then 5217 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5218 if test $? -ne 0 ; then 5219 user_path=$user_path:$t_bindir 5220 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5221 fi 5222 fi 5223 fi ] 5224) 5225if test "x$external_path_file" != "x/etc/login.conf" ; then 5226 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5227 AC_SUBST([user_path]) 5228fi 5229 5230# Set superuser path separately to user path 5231AC_ARG_WITH([superuser-path], 5232 [ --with-superuser-path= Specify different path for super-user], 5233 [ 5234 if test -n "$withval" && test "x$withval" != "xno" && \ 5235 test "x${withval}" != "xyes"; then 5236 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5237 [Define if you want a different $PATH 5238 for the superuser]) 5239 superuser_path=$withval 5240 fi 5241 ] 5242) 5243 5244 5245AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5246IPV4_IN6_HACK_MSG="no" 5247AC_ARG_WITH(4in6, 5248 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5249 [ 5250 if test "x$withval" != "xno" ; then 5251 AC_MSG_RESULT([yes]) 5252 AC_DEFINE([IPV4_IN_IPV6], [1], 5253 [Detect IPv4 in IPv6 mapped addresses 5254 and treat as IPv4]) 5255 IPV4_IN6_HACK_MSG="yes" 5256 else 5257 AC_MSG_RESULT([no]) 5258 fi 5259 ], [ 5260 if test "x$inet6_default_4in6" = "xyes"; then 5261 AC_MSG_RESULT([yes (default)]) 5262 AC_DEFINE([IPV4_IN_IPV6]) 5263 IPV4_IN6_HACK_MSG="yes" 5264 else 5265 AC_MSG_RESULT([no (default)]) 5266 fi 5267 ] 5268) 5269 5270# Whether to enable BSD auth support 5271BSD_AUTH_MSG=no 5272AC_ARG_WITH([bsd-auth], 5273 [ --with-bsd-auth Enable BSD auth support], 5274 [ 5275 if test "x$withval" != "xno" ; then 5276 AC_DEFINE([BSD_AUTH], [1], 5277 [Define if you have BSD auth support]) 5278 BSD_AUTH_MSG=yes 5279 fi 5280 ] 5281) 5282 5283# Where to place sshd.pid 5284piddir=/var/run 5285# make sure the directory exists 5286if test ! -d $piddir ; then 5287 piddir=`eval echo ${sysconfdir}` 5288 case $piddir in 5289 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5290 esac 5291fi 5292 5293AC_ARG_WITH([pid-dir], 5294 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5295 [ 5296 if test -n "$withval" && test "x$withval" != "xno" && \ 5297 test "x${withval}" != "xyes"; then 5298 piddir=$withval 5299 if test ! -d $piddir ; then 5300 AC_MSG_WARN([** no $piddir directory on this system **]) 5301 fi 5302 fi 5303 ] 5304) 5305 5306AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5307 [Specify location of ssh.pid]) 5308AC_SUBST([piddir]) 5309 5310dnl allow user to disable some login recording features 5311AC_ARG_ENABLE([lastlog], 5312 [ --disable-lastlog disable use of lastlog even if detected [no]], 5313 [ 5314 if test "x$enableval" = "xno" ; then 5315 AC_DEFINE([DISABLE_LASTLOG]) 5316 fi 5317 ] 5318) 5319AC_ARG_ENABLE([utmp], 5320 [ --disable-utmp disable use of utmp even if detected [no]], 5321 [ 5322 if test "x$enableval" = "xno" ; then 5323 AC_DEFINE([DISABLE_UTMP]) 5324 fi 5325 ] 5326) 5327AC_ARG_ENABLE([utmpx], 5328 [ --disable-utmpx disable use of utmpx even if detected [no]], 5329 [ 5330 if test "x$enableval" = "xno" ; then 5331 AC_DEFINE([DISABLE_UTMPX], [1], 5332 [Define if you don't want to use utmpx]) 5333 fi 5334 ] 5335) 5336AC_ARG_ENABLE([wtmp], 5337 [ --disable-wtmp disable use of wtmp even if detected [no]], 5338 [ 5339 if test "x$enableval" = "xno" ; then 5340 AC_DEFINE([DISABLE_WTMP]) 5341 fi 5342 ] 5343) 5344AC_ARG_ENABLE([wtmpx], 5345 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5346 [ 5347 if test "x$enableval" = "xno" ; then 5348 AC_DEFINE([DISABLE_WTMPX], [1], 5349 [Define if you don't want to use wtmpx]) 5350 fi 5351 ] 5352) 5353AC_ARG_ENABLE([libutil], 5354 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5355 [ 5356 if test "x$enableval" = "xno" ; then 5357 AC_DEFINE([DISABLE_LOGIN]) 5358 fi 5359 ] 5360) 5361AC_ARG_ENABLE([pututline], 5362 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5363 [ 5364 if test "x$enableval" = "xno" ; then 5365 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5366 [Define if you don't want to use pututline() 5367 etc. to write [uw]tmp]) 5368 fi 5369 ] 5370) 5371AC_ARG_ENABLE([pututxline], 5372 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5373 [ 5374 if test "x$enableval" = "xno" ; then 5375 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5376 [Define if you don't want to use pututxline() 5377 etc. to write [uw]tmpx]) 5378 fi 5379 ] 5380) 5381AC_ARG_WITH([lastlog], 5382 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5383 [ 5384 if test "x$withval" = "xno" ; then 5385 AC_DEFINE([DISABLE_LASTLOG]) 5386 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5387 conf_lastlog_location=$withval 5388 fi 5389 ] 5390) 5391 5392dnl lastlog, [uw]tmpx? detection 5393dnl NOTE: set the paths in the platform section to avoid the 5394dnl need for command-line parameters 5395dnl lastlog and [uw]tmp are subject to a file search if all else fails 5396 5397dnl lastlog detection 5398dnl NOTE: the code itself will detect if lastlog is a directory 5399AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5400AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5401#include <sys/types.h> 5402#include <utmp.h> 5403#ifdef HAVE_LASTLOG_H 5404# include <lastlog.h> 5405#endif 5406#ifdef HAVE_PATHS_H 5407# include <paths.h> 5408#endif 5409#ifdef HAVE_LOGIN_H 5410# include <login.h> 5411#endif 5412 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5413 [ AC_MSG_RESULT([yes]) ], 5414 [ 5415 AC_MSG_RESULT([no]) 5416 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5417 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5418#include <sys/types.h> 5419#include <utmp.h> 5420#ifdef HAVE_LASTLOG_H 5421# include <lastlog.h> 5422#endif 5423#ifdef HAVE_PATHS_H 5424# include <paths.h> 5425#endif 5426 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5427 [ AC_MSG_RESULT([yes]) ], 5428 [ 5429 AC_MSG_RESULT([no]) 5430 system_lastlog_path=no 5431 ]) 5432]) 5433 5434if test -z "$conf_lastlog_location"; then 5435 if test x"$system_lastlog_path" = x"no" ; then 5436 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5437 if (test -d "$f" || test -f "$f") ; then 5438 conf_lastlog_location=$f 5439 fi 5440 done 5441 if test -z "$conf_lastlog_location"; then 5442 AC_MSG_WARN([** Cannot find lastlog **]) 5443 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5444 fi 5445 fi 5446fi 5447 5448if test -n "$conf_lastlog_location"; then 5449 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5450 [Define if you want to specify the path to your lastlog file]) 5451fi 5452 5453dnl utmp detection 5454AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5455AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5456#include <sys/types.h> 5457#include <utmp.h> 5458#ifdef HAVE_PATHS_H 5459# include <paths.h> 5460#endif 5461 ]], [[ char *utmp = UTMP_FILE; ]])], 5462 [ AC_MSG_RESULT([yes]) ], 5463 [ AC_MSG_RESULT([no]) 5464 system_utmp_path=no 5465]) 5466if test -z "$conf_utmp_location"; then 5467 if test x"$system_utmp_path" = x"no" ; then 5468 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5469 if test -f $f ; then 5470 conf_utmp_location=$f 5471 fi 5472 done 5473 if test -z "$conf_utmp_location"; then 5474 AC_DEFINE([DISABLE_UTMP]) 5475 fi 5476 fi 5477fi 5478if test -n "$conf_utmp_location"; then 5479 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5480 [Define if you want to specify the path to your utmp file]) 5481fi 5482 5483dnl wtmp detection 5484AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5485AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5486#include <sys/types.h> 5487#include <utmp.h> 5488#ifdef HAVE_PATHS_H 5489# include <paths.h> 5490#endif 5491 ]], [[ char *wtmp = WTMP_FILE; ]])], 5492 [ AC_MSG_RESULT([yes]) ], 5493 [ AC_MSG_RESULT([no]) 5494 system_wtmp_path=no 5495]) 5496if test -z "$conf_wtmp_location"; then 5497 if test x"$system_wtmp_path" = x"no" ; then 5498 for f in /usr/adm/wtmp /var/log/wtmp; do 5499 if test -f $f ; then 5500 conf_wtmp_location=$f 5501 fi 5502 done 5503 if test -z "$conf_wtmp_location"; then 5504 AC_DEFINE([DISABLE_WTMP]) 5505 fi 5506 fi 5507fi 5508if test -n "$conf_wtmp_location"; then 5509 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5510 [Define if you want to specify the path to your wtmp file]) 5511fi 5512 5513dnl wtmpx detection 5514AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5515AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5516#include <sys/types.h> 5517#include <utmp.h> 5518#ifdef HAVE_UTMPX_H 5519#include <utmpx.h> 5520#endif 5521#ifdef HAVE_PATHS_H 5522# include <paths.h> 5523#endif 5524 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5525 [ AC_MSG_RESULT([yes]) ], 5526 [ AC_MSG_RESULT([no]) 5527 system_wtmpx_path=no 5528]) 5529if test -z "$conf_wtmpx_location"; then 5530 if test x"$system_wtmpx_path" = x"no" ; then 5531 AC_DEFINE([DISABLE_WTMPX]) 5532 fi 5533else 5534 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5535 [Define if you want to specify the path to your wtmpx file]) 5536fi 5537 5538 5539if test ! -z "$blibpath" ; then 5540 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5541 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5542fi 5543 5544AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5545 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5546 AC_DEFINE([DISABLE_LASTLOG]) 5547 fi 5548 ], [ 5549#ifdef HAVE_SYS_TYPES_H 5550#include <sys/types.h> 5551#endif 5552#ifdef HAVE_UTMP_H 5553#include <utmp.h> 5554#endif 5555#ifdef HAVE_UTMPX_H 5556#include <utmpx.h> 5557#endif 5558#ifdef HAVE_LASTLOG_H 5559#include <lastlog.h> 5560#endif 5561 ]) 5562 5563AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5564 AC_DEFINE([DISABLE_UTMP]) 5565 AC_DEFINE([DISABLE_WTMP]) 5566 ], [ 5567#ifdef HAVE_SYS_TYPES_H 5568#include <sys/types.h> 5569#endif 5570#ifdef HAVE_UTMP_H 5571#include <utmp.h> 5572#endif 5573#ifdef HAVE_UTMPX_H 5574#include <utmpx.h> 5575#endif 5576#ifdef HAVE_LASTLOG_H 5577#include <lastlog.h> 5578#endif 5579 ]) 5580 5581dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5582dnl Add now. 5583CFLAGS="$CFLAGS $werror_flags" 5584 5585if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5586 TEST_SSH_IPV6=no 5587else 5588 TEST_SSH_IPV6=yes 5589fi 5590AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5591AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5592AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5593AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5594AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5595AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5596 5597CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5598LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5599 5600# Make a copy of CFLAGS/LDFLAGS without PIE options. 5601LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5602CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5603AC_SUBST([LDFLAGS_NOPIE]) 5604AC_SUBST([CFLAGS_NOPIE]) 5605 5606AC_EXEEXT 5607AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5608 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5609 survey.sh]) 5610AC_OUTPUT 5611 5612# Print summary of options 5613 5614# Someone please show me a better way :) 5615A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5616B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5617C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5618D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5619E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5620F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5621G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5622H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5623I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5624J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5625 5626echo "" 5627echo "OpenSSH has been configured with the following options:" 5628echo " User binaries: $B" 5629echo " System binaries: $C" 5630echo " Configuration files: $D" 5631echo " Askpass program: $E" 5632echo " Manual pages: $F" 5633echo " PID file: $G" 5634echo " Privilege separation chroot path: $H" 5635if test "x$external_path_file" = "x/etc/login.conf" ; then 5636echo " At runtime, sshd will use the path defined in $external_path_file" 5637echo " Make sure the path to scp is present, otherwise scp will not work" 5638else 5639echo " sshd default user PATH: $I" 5640 if test ! -z "$external_path_file"; then 5641echo " (If PATH is set in $external_path_file it will be used instead. If" 5642echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5643 fi 5644fi 5645if test ! -z "$superuser_path" ; then 5646echo " sshd superuser user PATH: $J" 5647fi 5648echo " Manpage format: $MANTYPE" 5649echo " PAM support: $PAM_MSG" 5650echo " OSF SIA support: $SIA_MSG" 5651echo " KerberosV support: $KRB5_MSG" 5652echo " SELinux support: $SELINUX_MSG" 5653echo " TCP Wrappers support: $TCPW_MSG" 5654echo " libedit support: $LIBEDIT_MSG" 5655echo " libldns support: $LDNS_MSG" 5656echo " Solaris process contract support: $SPC_MSG" 5657echo " Solaris project support: $SP_MSG" 5658echo " Solaris privilege support: $SPP_MSG" 5659echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5660echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5661echo " BSD Auth support: $BSD_AUTH_MSG" 5662echo " Random number source: $RAND_MSG" 5663echo " Privsep sandbox style: $SANDBOX_STYLE" 5664echo " PKCS#11 support: $enable_pkcs11" 5665echo " U2F/FIDO support: $enable_sk" 5666 5667echo "" 5668 5669echo " Host: ${host}" 5670echo " Compiler: ${CC}" 5671echo " Compiler flags: ${CFLAGS}" 5672echo "Preprocessor flags: ${CPPFLAGS}" 5673echo " Linker flags: ${LDFLAGS}" 5674echo " Libraries: ${LIBS}" 5675if test ! -z "${SSHDLIBS}"; then 5676echo " +for sshd: ${SSHDLIBS}" 5677fi 5678 5679echo "" 5680 5681if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5682 echo "SVR4 style packages are supported with \"make package\"" 5683 echo "" 5684fi 5685 5686if test "x$PAM_MSG" = "xyes" ; then 5687 echo "PAM is enabled. You may need to install a PAM control file " 5688 echo "for sshd, otherwise password authentication may fail. " 5689 echo "Example PAM control files can be found in the contrib/ " 5690 echo "subdirectory" 5691 echo "" 5692fi 5693 5694if test ! -z "$NO_PEERCHECK" ; then 5695 echo "WARNING: the operating system that you are using does not" 5696 echo "appear to support getpeereid(), getpeerucred() or the" 5697 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5698 echo "enforce security checks to prevent unauthorised connections to" 5699 echo "ssh-agent. Their absence increases the risk that a malicious" 5700 echo "user can connect to your agent." 5701 echo "" 5702fi 5703 5704if test "$AUDIT_MODULE" = "bsm" ; then 5705 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5706 echo "See the Solaris section in README.platform for details." 5707fi 5708