1# $Id: configure.ac,v 1.568 2014/01/30 00:26:46 djm Exp $ 2# 3# Copyright (c) 1999-2004 Damien Miller 4# 5# Permission to use, copy, modify, and distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 18AC_REVISION($Revision: 1.568 $) 19AC_CONFIG_SRCDIR([ssh.c]) 20AC_LANG([C]) 21 22AC_CONFIG_HEADER([config.h]) 23AC_PROG_CC 24AC_CANONICAL_HOST 25AC_C_BIGENDIAN 26 27# Checks for programs. 28AC_PROG_AWK 29AC_PROG_CPP 30AC_PROG_RANLIB 31AC_PROG_INSTALL 32AC_PROG_EGREP 33AC_PATH_PROG([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROGS([PERL], [perl5 perl]) 37AC_PATH_PROG([SED], [sed]) 38AC_SUBST([PERL]) 39AC_PATH_PROG([ENT], [ent]) 40AC_SUBST([ENT]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 44AC_PATH_PROG([SH], [sh]) 45AC_PATH_PROG([GROFF], [groff]) 46AC_PATH_PROG([NROFF], [nroff]) 47AC_PATH_PROG([MANDOC], [mandoc]) 48AC_SUBST([TEST_SHELL], [sh]) 49 50dnl select manpage formatter 51if test "x$MANDOC" != "x" ; then 52 MANFMT="$MANDOC" 53elif test "x$NROFF" != "x" ; then 54 MANFMT="$NROFF -mandoc" 55elif test "x$GROFF" != "x" ; then 56 MANFMT="$GROFF -mandoc -Tascii" 57else 58 AC_MSG_WARN([no manpage formatted found]) 59 MANFMT="false" 60fi 61AC_SUBST([MANFMT]) 62 63dnl for buildpkg.sh 64AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 67 [/usr/sbin${PATH_SEPARATOR}/etc]) 68AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 69if test -x /sbin/sh; then 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 71else 72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 73fi 74 75# System features 76AC_SYS_LARGEFILE 77 78if test -z "$AR" ; then 79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 80fi 81 82# Use LOGIN_PROGRAM from environment if possible 83if test ! -z "$LOGIN_PROGRAM" ; then 84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], 85 [If your header files don't define LOGIN_PROGRAM, 86 then use this (detected) from environment and PATH]) 87else 88 # Search for login 89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) 90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) 92 fi 93fi 94 95AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 96if test ! -z "$PATH_PASSWD_PROG" ; then 97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 98 [Full path of your "passwd" program]) 99fi 100 101if test -z "$LD" ; then 102 LD=$CC 103fi 104AC_SUBST([LD]) 105 106AC_C_INLINE 107 108AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 109AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 110 #include <sys/types.h> 111 #include <sys/param.h> 112 #include <dev/systrace.h> 113]) 114AC_CHECK_DECL([RLIMIT_NPROC], 115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 116 #include <sys/types.h> 117 #include <sys/resource.h> 118]) 119AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 120 #include <sys/types.h> 121 #include <linux/prctl.h> 122]) 123 124use_stack_protector=1 125use_toolchain_hardening=1 126AC_ARG_WITH([stackprotect], 127 [ --without-stackprotect Don't use compiler's stack protection], [ 128 if test "x$withval" = "xno"; then 129 use_stack_protector=0 130 fi ]) 131AC_ARG_WITH([hardening], 132 [ --without-hardening Don't use toolchain hardening flags], [ 133 if test "x$withval" = "xno"; then 134 use_toolchain_hardening=0 135 fi ]) 136 137# We use -Werror for the tests only so that we catch warnings like "this is 138# on by default" for things like -fPIE. 139AC_MSG_CHECKING([if $CC supports -Werror]) 140saved_CFLAGS="$CFLAGS" 141CFLAGS="$CFLAGS -Werror" 142AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 143 [ AC_MSG_RESULT([yes]) 144 WERROR="-Werror"], 145 [ AC_MSG_RESULT([no]) 146 WERROR="" ] 147) 148CFLAGS="$saved_CFLAGS" 149 150if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 151 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 152 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 153 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 154 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 155 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 161 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 162 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 163 if test "x$use_toolchain_hardening" = "x1"; then 164 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 165 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 166 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 167 # NB. -ftrapv expects certain support functions to be present in 168 # the compiler library (libgcc or similar) to detect integer operations 169 # that can overflow. We must check that the result of enabling it 170 # actually links. The test program compiled/linked includes a number 171 # of integer operations that should exercise this. 172 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 173 fi 174 AC_MSG_CHECKING([gcc version]) 175 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 176 case $GCC_VER in 177 1.*) no_attrib_nonnull=1 ;; 178 2.8* | 2.9*) 179 no_attrib_nonnull=1 180 ;; 181 2.*) no_attrib_nonnull=1 ;; 182 *) ;; 183 esac 184 AC_MSG_RESULT([$GCC_VER]) 185 186 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 187 saved_CFLAGS="$CFLAGS" 188 CFLAGS="$CFLAGS -fno-builtin-memset" 189 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 190 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 191 [ AC_MSG_RESULT([yes]) ], 192 [ AC_MSG_RESULT([no]) 193 CFLAGS="$saved_CFLAGS" ] 194 ) 195 196 # -fstack-protector-all doesn't always work for some GCC versions 197 # and/or platforms, so we test if we can. If it's not supported 198 # on a given platform gcc will emit a warning so we use -Werror. 199 if test "x$use_stack_protector" = "x1"; then 200 for t in -fstack-protector-strong -fstack-protector-all \ 201 -fstack-protector; do 202 AC_MSG_CHECKING([if $CC supports $t]) 203 saved_CFLAGS="$CFLAGS" 204 saved_LDFLAGS="$LDFLAGS" 205 CFLAGS="$CFLAGS $t -Werror" 206 LDFLAGS="$LDFLAGS $t -Werror" 207 AC_LINK_IFELSE( 208 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 209 [[ 210 char x[256]; 211 snprintf(x, sizeof(x), "XXX"); 212 ]])], 213 [ AC_MSG_RESULT([yes]) 214 CFLAGS="$saved_CFLAGS $t" 215 LDFLAGS="$saved_LDFLAGS $t" 216 AC_MSG_CHECKING([if $t works]) 217 AC_RUN_IFELSE( 218 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 219 [[ 220 char x[256]; 221 snprintf(x, sizeof(x), "XXX"); 222 ]])], 223 [ AC_MSG_RESULT([yes]) 224 break ], 225 [ AC_MSG_RESULT([no]) ], 226 [ AC_MSG_WARN([cross compiling: cannot test]) 227 break ] 228 ) 229 ], 230 [ AC_MSG_RESULT([no]) ] 231 ) 232 CFLAGS="$saved_CFLAGS" 233 LDFLAGS="$saved_LDFLAGS" 234 done 235 fi 236 237 if test -z "$have_llong_max"; then 238 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 239 unset ac_cv_have_decl_LLONG_MAX 240 saved_CFLAGS="$CFLAGS" 241 CFLAGS="$CFLAGS -std=gnu99" 242 AC_CHECK_DECL([LLONG_MAX], 243 [have_llong_max=1], 244 [CFLAGS="$saved_CFLAGS"], 245 [#include <limits.h>] 246 ) 247 fi 248fi 249 250AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 251AC_COMPILE_IFELSE( 252 [AC_LANG_PROGRAM([[ 253#include <stdlib.h> 254__attribute__((__unused__)) static void foo(void){return;}]], 255 [[ exit(0); ]])], 256 [ AC_MSG_RESULT([yes]) ], 257 [ AC_MSG_RESULT([no]) 258 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 259 [compiler does not accept __attribute__ on return types]) ] 260) 261 262if test "x$no_attrib_nonnull" != "x1" ; then 263 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 264fi 265 266AC_ARG_WITH([rpath], 267 [ --without-rpath Disable auto-added -R linker paths], 268 [ 269 if test "x$withval" = "xno" ; then 270 need_dash_r="" 271 fi 272 if test "x$withval" = "xyes" ; then 273 need_dash_r=1 274 fi 275 ] 276) 277 278# Allow user to specify flags 279AC_ARG_WITH([cflags], 280 [ --with-cflags Specify additional flags to pass to compiler], 281 [ 282 if test -n "$withval" && test "x$withval" != "xno" && \ 283 test "x${withval}" != "xyes"; then 284 CFLAGS="$CFLAGS $withval" 285 fi 286 ] 287) 288AC_ARG_WITH([cppflags], 289 [ --with-cppflags Specify additional flags to pass to preprocessor] , 290 [ 291 if test -n "$withval" && test "x$withval" != "xno" && \ 292 test "x${withval}" != "xyes"; then 293 CPPFLAGS="$CPPFLAGS $withval" 294 fi 295 ] 296) 297AC_ARG_WITH([ldflags], 298 [ --with-ldflags Specify additional flags to pass to linker], 299 [ 300 if test -n "$withval" && test "x$withval" != "xno" && \ 301 test "x${withval}" != "xyes"; then 302 LDFLAGS="$LDFLAGS $withval" 303 fi 304 ] 305) 306AC_ARG_WITH([libs], 307 [ --with-libs Specify additional libraries to link with], 308 [ 309 if test -n "$withval" && test "x$withval" != "xno" && \ 310 test "x${withval}" != "xyes"; then 311 LIBS="$LIBS $withval" 312 fi 313 ] 314) 315AC_ARG_WITH([Werror], 316 [ --with-Werror Build main code with -Werror], 317 [ 318 if test -n "$withval" && test "x$withval" != "xno"; then 319 werror_flags="-Werror" 320 if test "x${withval}" != "xyes"; then 321 werror_flags="$withval" 322 fi 323 fi 324 ] 325) 326 327AC_CHECK_HEADERS([ \ 328 blf.h \ 329 bstring.h \ 330 crypt.h \ 331 crypto/sha2.h \ 332 dirent.h \ 333 endian.h \ 334 elf.h \ 335 features.h \ 336 fcntl.h \ 337 floatingpoint.h \ 338 getopt.h \ 339 glob.h \ 340 ia.h \ 341 iaf.h \ 342 inttypes.h \ 343 limits.h \ 344 locale.h \ 345 login.h \ 346 maillock.h \ 347 ndir.h \ 348 net/if_tun.h \ 349 netdb.h \ 350 netgroup.h \ 351 pam/pam_appl.h \ 352 paths.h \ 353 poll.h \ 354 pty.h \ 355 readpassphrase.h \ 356 rpc/types.h \ 357 security/pam_appl.h \ 358 sha2.h \ 359 shadow.h \ 360 stddef.h \ 361 stdint.h \ 362 string.h \ 363 strings.h \ 364 sys/audit.h \ 365 sys/bitypes.h \ 366 sys/bsdtty.h \ 367 sys/capability.h \ 368 sys/cdefs.h \ 369 sys/dir.h \ 370 sys/mman.h \ 371 sys/ndir.h \ 372 sys/poll.h \ 373 sys/prctl.h \ 374 sys/pstat.h \ 375 sys/select.h \ 376 sys/stat.h \ 377 sys/stream.h \ 378 sys/stropts.h \ 379 sys/strtio.h \ 380 sys/statvfs.h \ 381 sys/sysmacros.h \ 382 sys/time.h \ 383 sys/timers.h \ 384 time.h \ 385 tmpdir.h \ 386 ttyent.h \ 387 ucred.h \ 388 unistd.h \ 389 usersec.h \ 390 util.h \ 391 utime.h \ 392 utmp.h \ 393 utmpx.h \ 394 vis.h \ 395]) 396 397# lastlog.h requires sys/time.h to be included first on Solaris 398AC_CHECK_HEADERS([lastlog.h], [], [], [ 399#ifdef HAVE_SYS_TIME_H 400# include <sys/time.h> 401#endif 402]) 403 404# sys/ptms.h requires sys/stream.h to be included first on Solaris 405AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 406#ifdef HAVE_SYS_STREAM_H 407# include <sys/stream.h> 408#endif 409]) 410 411# login_cap.h requires sys/types.h on NetBSD 412AC_CHECK_HEADERS([login_cap.h], [], [], [ 413#include <sys/types.h> 414]) 415 416# older BSDs need sys/param.h before sys/mount.h 417AC_CHECK_HEADERS([sys/mount.h], [], [], [ 418#include <sys/param.h> 419]) 420 421# Android requires sys/socket.h to be included before sys/un.h 422AC_CHECK_HEADERS([sys/un.h], [], [], [ 423#include <sys/types.h> 424#include <sys/socket.h> 425]) 426 427# Messages for features tested for in target-specific section 428SIA_MSG="no" 429SPC_MSG="no" 430SP_MSG="no" 431 432# Check for some target-specific stuff 433case "$host" in 434*-*-aix*) 435 # Some versions of VAC won't allow macro redefinitions at 436 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 437 # particularly with older versions of vac or xlc. 438 # It also throws errors about null macro argments, but these are 439 # not fatal. 440 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 441 AC_COMPILE_IFELSE( 442 [AC_LANG_PROGRAM([[ 443#define testmacro foo 444#define testmacro bar]], 445 [[ exit(0); ]])], 446 [ AC_MSG_RESULT([yes]) ], 447 [ AC_MSG_RESULT([no]) 448 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 449 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 450 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 451 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 452 ] 453 ) 454 455 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 456 if (test -z "$blibpath"); then 457 blibpath="/usr/lib:/lib" 458 fi 459 saved_LDFLAGS="$LDFLAGS" 460 if test "$GCC" = "yes"; then 461 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 462 else 463 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 464 fi 465 for tryflags in $flags ;do 466 if (test -z "$blibflags"); then 467 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 468 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 469 [blibflags=$tryflags], []) 470 fi 471 done 472 if (test -z "$blibflags"); then 473 AC_MSG_RESULT([not found]) 474 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 475 else 476 AC_MSG_RESULT([$blibflags]) 477 fi 478 LDFLAGS="$saved_LDFLAGS" 479 dnl Check for authenticate. Might be in libs.a on older AIXes 480 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 481 [Define if you want to enable AIX4's authenticate function])], 482 [AC_CHECK_LIB([s], [authenticate], 483 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 484 LIBS="$LIBS -ls" 485 ]) 486 ]) 487 dnl Check for various auth function declarations in headers. 488 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 489 passwdexpired, setauthdb], , , [#include <usersec.h>]) 490 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 491 AC_CHECK_DECLS([loginfailed], 492 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 493 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 494 [[ (void)loginfailed("user","host","tty",0); ]])], 495 [AC_MSG_RESULT([yes]) 496 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 497 [Define if your AIX loginfailed() function 498 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 499 ])], 500 [], 501 [#include <usersec.h>] 502 ) 503 AC_CHECK_FUNCS([getgrset setauthdb]) 504 AC_CHECK_DECL([F_CLOSEM], 505 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 506 [], 507 [ #include <limits.h> 508 #include <fcntl.h> ] 509 ) 510 check_for_aix_broken_getaddrinfo=1 511 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 512 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 513 [Define if your platform breaks doing a seteuid before a setuid]) 514 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 515 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 516 dnl AIX handles lastlog as part of its login message 517 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 518 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 519 [Some systems need a utmpx entry for /bin/login to work]) 520 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 521 [Define to a Set Process Title type if your system is 522 supported by bsd-setproctitle.c]) 523 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 524 [AIX 5.2 and 5.3 (and presumably newer) require this]) 525 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 526 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 527 ;; 528*-*-android*) 529 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 530 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 531 ;; 532*-*-cygwin*) 533 check_for_libcrypt_later=1 534 LIBS="$LIBS /usr/lib/textreadmode.o" 535 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 536 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 537 AC_DEFINE([DISABLE_SHADOW], [1], 538 [Define if you want to disable shadow passwords]) 539 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 540 [Define if X11 doesn't support AF_UNIX sockets on that system]) 541 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], 542 [Define if the concept of ports only accessible to 543 superusers isn't known]) 544 AC_DEFINE([DISABLE_FD_PASSING], [1], 545 [Define if your platform needs to skip post auth 546 file descriptor passing]) 547 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 548 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 549 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 550 # reasons which cause compile warnings, so we disable those warnings. 551 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 552 ;; 553*-*-dgux*) 554 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 555 [Define if your system choked on IP TOS setting]) 556 AC_DEFINE([SETEUID_BREAKS_SETUID]) 557 AC_DEFINE([BROKEN_SETREUID]) 558 AC_DEFINE([BROKEN_SETREGID]) 559 ;; 560*-*-darwin*) 561 use_pie=auto 562 AC_MSG_CHECKING([if we have working getaddrinfo]) 563 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 564main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 565 exit(0); 566 else 567 exit(1); 568} 569 ]])], 570 [AC_MSG_RESULT([working])], 571 [AC_MSG_RESULT([buggy]) 572 AC_DEFINE([BROKEN_GETADDRINFO], [1], 573 [getaddrinfo is broken (if present)]) 574 ], 575 [AC_MSG_RESULT([assume it is working])]) 576 AC_DEFINE([SETEUID_BREAKS_SETUID]) 577 AC_DEFINE([BROKEN_SETREUID]) 578 AC_DEFINE([BROKEN_SETREGID]) 579 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 580 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 581 [Define if your resolver libs need this for getrrsetbyname]) 582 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 583 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 584 [Use tunnel device compatibility to OpenBSD]) 585 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 586 [Prepend the address family to IP tunnel traffic]) 587 m4_pattern_allow([AU_IPv]) 588 AC_CHECK_DECL([AU_IPv4], [], 589 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 590 [#include <bsm/audit.h>] 591 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 592 [Define if pututxline updates lastlog too]) 593 ) 594 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 595 [Define to a Set Process Title type if your system is 596 supported by bsd-setproctitle.c]) 597 AC_CHECK_FUNCS([sandbox_init]) 598 AC_CHECK_HEADERS([sandbox.h]) 599 ;; 600*-*-dragonfly*) 601 SSHDLIBS="$SSHDLIBS -lcrypt" 602 TEST_MALLOC_OPTIONS="AFGJPRX" 603 ;; 604*-*-haiku*) 605 LIBS="$LIBS -lbsd " 606 AC_CHECK_LIB([network], [socket]) 607 AC_DEFINE([HAVE_U_INT64_T]) 608 MANTYPE=man 609 ;; 610*-*-hpux*) 611 # first we define all of the options common to all HP-UX releases 612 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 613 IPADDR_IN_DISPLAY=yes 614 AC_DEFINE([USE_PIPES]) 615 AC_DEFINE([LOGIN_NO_ENDOPT], [1], 616 [Define if your login program cannot handle end of options ("--")]) 617 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 618 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 619 [String used in /etc/passwd to denote locked account]) 620 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 621 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 622 maildir="/var/mail" 623 LIBS="$LIBS -lsec" 624 AC_CHECK_LIB([xnet], [t_error], , 625 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 626 627 # next, we define all of the options specific to major releases 628 case "$host" in 629 *-*-hpux10*) 630 if test -z "$GCC"; then 631 CFLAGS="$CFLAGS -Ae" 632 fi 633 ;; 634 *-*-hpux11*) 635 AC_DEFINE([PAM_SUN_CODEBASE], [1], 636 [Define if you are using Solaris-derived PAM which 637 passes pam_messages to the conversation function 638 with an extra level of indirection]) 639 AC_DEFINE([DISABLE_UTMP], [1], 640 [Define if you don't want to use utmp]) 641 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 642 check_for_hpux_broken_getaddrinfo=1 643 check_for_conflicting_getspnam=1 644 ;; 645 esac 646 647 # lastly, we define options specific to minor releases 648 case "$host" in 649 *-*-hpux10.26) 650 AC_DEFINE([HAVE_SECUREWARE], [1], 651 [Define if you have SecureWare-based 652 protected password database]) 653 disable_ptmx_check=yes 654 LIBS="$LIBS -lsecpw" 655 ;; 656 esac 657 ;; 658*-*-irix5*) 659 PATH="$PATH:/usr/etc" 660 AC_DEFINE([BROKEN_INET_NTOA], [1], 661 [Define if you system's inet_ntoa is busted 662 (e.g. Irix gcc issue)]) 663 AC_DEFINE([SETEUID_BREAKS_SETUID]) 664 AC_DEFINE([BROKEN_SETREUID]) 665 AC_DEFINE([BROKEN_SETREGID]) 666 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 667 [Define if you shouldn't strip 'tty' from your 668 ttyname in [uw]tmp]) 669 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 670 ;; 671*-*-irix6*) 672 PATH="$PATH:/usr/etc" 673 AC_DEFINE([WITH_IRIX_ARRAY], [1], 674 [Define if you have/want arrays 675 (cluster-wide session managment, not C arrays)]) 676 AC_DEFINE([WITH_IRIX_PROJECT], [1], 677 [Define if you want IRIX project management]) 678 AC_DEFINE([WITH_IRIX_AUDIT], [1], 679 [Define if you want IRIX audit trails]) 680 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 681 [Define if you want IRIX kernel jobs])]) 682 AC_DEFINE([BROKEN_INET_NTOA]) 683 AC_DEFINE([SETEUID_BREAKS_SETUID]) 684 AC_DEFINE([BROKEN_SETREUID]) 685 AC_DEFINE([BROKEN_SETREGID]) 686 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 687 AC_DEFINE([WITH_ABBREV_NO_TTY]) 688 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 689 ;; 690*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 691 check_for_libcrypt_later=1 692 AC_DEFINE([PAM_TTY_KLUDGE]) 693 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 694 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 695 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 696 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 697 ;; 698*-*-linux*) 699 no_dev_ptmx=1 700 use_pie=auto 701 check_for_libcrypt_later=1 702 check_for_openpty_ctty_bug=1 703 AC_DEFINE([PAM_TTY_KLUDGE], [1], 704 [Work around problematic Linux PAM modules handling of PAM_TTY]) 705 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 706 [String used in /etc/passwd to denote locked account]) 707 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 708 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 709 [Define to whatever link() returns for "not supported" 710 if it doesn't return EOPNOTSUPP.]) 711 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 712 AC_DEFINE([USE_BTMP]) 713 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 714 inet6_default_4in6=yes 715 case `uname -r` in 716 1.*|2.0.*) 717 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 718 [Define if cmsg_type is not passed correctly]) 719 ;; 720 esac 721 # tun(4) forwarding compat code 722 AC_CHECK_HEADERS([linux/if_tun.h]) 723 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 724 AC_DEFINE([SSH_TUN_LINUX], [1], 725 [Open tunnel devices the Linux tun/tap way]) 726 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 727 [Use tunnel device compatibility to OpenBSD]) 728 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 729 [Prepend the address family to IP tunnel traffic]) 730 fi 731 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 732 [], [#include <linux/types.h>]) 733 AC_CHECK_FUNCS([prctl]) 734 AC_MSG_CHECKING([for seccomp architecture]) 735 seccomp_audit_arch= 736 case "$host" in 737 x86_64-*) 738 seccomp_audit_arch=AUDIT_ARCH_X86_64 739 ;; 740 i*86-*) 741 seccomp_audit_arch=AUDIT_ARCH_I386 742 ;; 743 arm*-*) 744 seccomp_audit_arch=AUDIT_ARCH_ARM 745 ;; 746 esac 747 if test "x$seccomp_audit_arch" != "x" ; then 748 AC_MSG_RESULT(["$seccomp_audit_arch"]) 749 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 750 [Specify the system call convention in use]) 751 else 752 AC_MSG_RESULT([architecture not supported]) 753 fi 754 ;; 755mips-sony-bsd|mips-sony-newsos4) 756 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 757 SONY=1 758 ;; 759*-*-netbsd*) 760 check_for_libcrypt_before=1 761 if test "x$withval" != "xno" ; then 762 need_dash_r=1 763 fi 764 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 765 AC_CHECK_HEADER([net/if_tap.h], , 766 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 767 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 768 [Prepend the address family to IP tunnel traffic]) 769 TEST_MALLOC_OPTIONS="AJRX" 770 AC_DEFINE([BROKEN_STRNVIS], [1], 771 [NetBSD strnvis argument order is swapped compared to OpenBSD]) 772 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 773 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 774 ;; 775*-*-freebsd*) 776 check_for_libcrypt_later=1 777 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 778 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 779 AC_CHECK_HEADER([net/if_tap.h], , 780 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 781 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 782 AC_DEFINE([BROKEN_STRNVIS], [1], 783 [FreeBSD strnvis argument order is swapped compared to OpenBSD]) 784 TEST_MALLOC_OPTIONS="AJRX" 785 # Preauth crypto occasionally uses file descriptors for crypto offload 786 # and will crash if they cannot be opened. 787 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 788 [define if setrlimit RLIMIT_NOFILE breaks things])], 789 ;; 790*-*-bsdi*) 791 AC_DEFINE([SETEUID_BREAKS_SETUID]) 792 AC_DEFINE([BROKEN_SETREUID]) 793 AC_DEFINE([BROKEN_SETREGID]) 794 ;; 795*-next-*) 796 conf_lastlog_location="/usr/adm/lastlog" 797 conf_utmp_location=/etc/utmp 798 conf_wtmp_location=/usr/adm/wtmp 799 maildir=/usr/spool/mail 800 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 801 AC_DEFINE([BROKEN_REALPATH]) 802 AC_DEFINE([USE_PIPES]) 803 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 804 ;; 805*-*-openbsd*) 806 use_pie=auto 807 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 808 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 809 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 810 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 811 [syslog_r function is safe to use in in a signal handler]) 812 TEST_MALLOC_OPTIONS="AFGJPRX" 813 ;; 814*-*-solaris*) 815 if test "x$withval" != "xno" ; then 816 need_dash_r=1 817 fi 818 AC_DEFINE([PAM_SUN_CODEBASE]) 819 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 820 AC_DEFINE([LOGIN_NEEDS_TERM], [1], 821 [Some versions of /bin/login need the TERM supplied 822 on the commandline]) 823 AC_DEFINE([PAM_TTY_KLUDGE]) 824 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 825 [Define if pam_chauthtok wants real uid set 826 to the unpriv'ed user]) 827 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 828 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 829 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 830 [Define if sshd somehow reacquires a controlling TTY 831 after setsid()]) 832 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 833 in case the name is longer than 8 chars]) 834 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 835 external_path_file=/etc/default/login 836 # hardwire lastlog location (can't detect it on some versions) 837 conf_lastlog_location="/var/adm/lastlog" 838 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 839 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 840 if test "$sol2ver" -ge 8; then 841 AC_MSG_RESULT([yes]) 842 AC_DEFINE([DISABLE_UTMP]) 843 AC_DEFINE([DISABLE_WTMP], [1], 844 [Define if you don't want to use wtmp]) 845 else 846 AC_MSG_RESULT([no]) 847 fi 848 AC_ARG_WITH([solaris-contracts], 849 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 850 [ 851 AC_CHECK_LIB([contract], [ct_tmpl_activate], 852 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 853 [Define if you have Solaris process contracts]) 854 SSHDLIBS="$SSHDLIBS -lcontract" 855 SPC_MSG="yes" ], ) 856 ], 857 ) 858 AC_ARG_WITH([solaris-projects], 859 [ --with-solaris-projects Enable Solaris projects (experimental)], 860 [ 861 AC_CHECK_LIB([project], [setproject], 862 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 863 [Define if you have Solaris projects]) 864 SSHDLIBS="$SSHDLIBS -lproject" 865 SP_MSG="yes" ], ) 866 ], 867 ) 868 TEST_SHELL=$SHELL # let configure find us a capable shell 869 ;; 870*-*-sunos4*) 871 CPPFLAGS="$CPPFLAGS -DSUNOS4" 872 AC_CHECK_FUNCS([getpwanam]) 873 AC_DEFINE([PAM_SUN_CODEBASE]) 874 conf_utmp_location=/etc/utmp 875 conf_wtmp_location=/var/adm/wtmp 876 conf_lastlog_location=/var/adm/lastlog 877 AC_DEFINE([USE_PIPES]) 878 ;; 879*-ncr-sysv*) 880 LIBS="$LIBS -lc89" 881 AC_DEFINE([USE_PIPES]) 882 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 883 AC_DEFINE([SETEUID_BREAKS_SETUID]) 884 AC_DEFINE([BROKEN_SETREUID]) 885 AC_DEFINE([BROKEN_SETREGID]) 886 ;; 887*-sni-sysv*) 888 # /usr/ucblib MUST NOT be searched on ReliantUNIX 889 AC_CHECK_LIB([dl], [dlsym], ,) 890 # -lresolv needs to be at the end of LIBS or DNS lookups break 891 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 892 IPADDR_IN_DISPLAY=yes 893 AC_DEFINE([USE_PIPES]) 894 AC_DEFINE([IP_TOS_IS_BROKEN]) 895 AC_DEFINE([SETEUID_BREAKS_SETUID]) 896 AC_DEFINE([BROKEN_SETREUID]) 897 AC_DEFINE([BROKEN_SETREGID]) 898 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 899 external_path_file=/etc/default/login 900 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 901 # Attention: always take care to bind libsocket and libnsl before libc, 902 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 903 ;; 904# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 905*-*-sysv4.2*) 906 AC_DEFINE([USE_PIPES]) 907 AC_DEFINE([SETEUID_BREAKS_SETUID]) 908 AC_DEFINE([BROKEN_SETREUID]) 909 AC_DEFINE([BROKEN_SETREGID]) 910 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 911 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 912 TEST_SHELL=$SHELL # let configure find us a capable shell 913 ;; 914# UnixWare 7.x, OpenUNIX 8 915*-*-sysv5*) 916 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 917 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 918 AC_DEFINE([USE_PIPES]) 919 AC_DEFINE([SETEUID_BREAKS_SETUID]) 920 AC_DEFINE([BROKEN_GETADDRINFO]) 921 AC_DEFINE([BROKEN_SETREUID]) 922 AC_DEFINE([BROKEN_SETREGID]) 923 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 924 TEST_SHELL=$SHELL # let configure find us a capable shell 925 case "$host" in 926 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 927 maildir=/var/spool/mail 928 AC_DEFINE([BROKEN_LIBIAF], [1], 929 [ia_uinfo routines not supported by OS yet]) 930 AC_DEFINE([BROKEN_UPDWTMPX]) 931 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 932 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 933 AC_DEFINE([HAVE_SECUREWARE]) 934 AC_DEFINE([DISABLE_SHADOW]) 935 ], , ) 936 ;; 937 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 938 check_for_libcrypt_later=1 939 ;; 940 esac 941 ;; 942*-*-sysv*) 943 ;; 944# SCO UNIX and OEM versions of SCO UNIX 945*-*-sco3.2v4*) 946 AC_MSG_ERROR("This Platform is no longer supported.") 947 ;; 948# SCO OpenServer 5.x 949*-*-sco3.2v5*) 950 if test -z "$GCC"; then 951 CFLAGS="$CFLAGS -belf" 952 fi 953 LIBS="$LIBS -lprot -lx -ltinfo -lm" 954 no_dev_ptmx=1 955 AC_DEFINE([USE_PIPES]) 956 AC_DEFINE([HAVE_SECUREWARE]) 957 AC_DEFINE([DISABLE_SHADOW]) 958 AC_DEFINE([DISABLE_FD_PASSING]) 959 AC_DEFINE([SETEUID_BREAKS_SETUID]) 960 AC_DEFINE([BROKEN_GETADDRINFO]) 961 AC_DEFINE([BROKEN_SETREUID]) 962 AC_DEFINE([BROKEN_SETREGID]) 963 AC_DEFINE([WITH_ABBREV_NO_TTY]) 964 AC_DEFINE([BROKEN_UPDWTMPX]) 965 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 966 AC_CHECK_FUNCS([getluid setluid]) 967 MANTYPE=man 968 TEST_SHELL=$SHELL # let configure find us a capable shell 969 SKIP_DISABLE_LASTLOG_DEFINE=yes 970 ;; 971*-*-unicosmk*) 972 AC_DEFINE([NO_SSH_LASTLOG], [1], 973 [Define if you don't want to use lastlog in session.c]) 974 AC_DEFINE([SETEUID_BREAKS_SETUID]) 975 AC_DEFINE([BROKEN_SETREUID]) 976 AC_DEFINE([BROKEN_SETREGID]) 977 AC_DEFINE([USE_PIPES]) 978 AC_DEFINE([DISABLE_FD_PASSING]) 979 LDFLAGS="$LDFLAGS" 980 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 981 MANTYPE=cat 982 ;; 983*-*-unicosmp*) 984 AC_DEFINE([SETEUID_BREAKS_SETUID]) 985 AC_DEFINE([BROKEN_SETREUID]) 986 AC_DEFINE([BROKEN_SETREGID]) 987 AC_DEFINE([WITH_ABBREV_NO_TTY]) 988 AC_DEFINE([USE_PIPES]) 989 AC_DEFINE([DISABLE_FD_PASSING]) 990 LDFLAGS="$LDFLAGS" 991 LIBS="$LIBS -lgen -lacid -ldb" 992 MANTYPE=cat 993 ;; 994*-*-unicos*) 995 AC_DEFINE([SETEUID_BREAKS_SETUID]) 996 AC_DEFINE([BROKEN_SETREUID]) 997 AC_DEFINE([BROKEN_SETREGID]) 998 AC_DEFINE([USE_PIPES]) 999 AC_DEFINE([DISABLE_FD_PASSING]) 1000 AC_DEFINE([NO_SSH_LASTLOG]) 1001 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1002 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1003 MANTYPE=cat 1004 ;; 1005*-dec-osf*) 1006 AC_MSG_CHECKING([for Digital Unix SIA]) 1007 no_osfsia="" 1008 AC_ARG_WITH([osfsia], 1009 [ --with-osfsia Enable Digital Unix SIA], 1010 [ 1011 if test "x$withval" = "xno" ; then 1012 AC_MSG_RESULT([disabled]) 1013 no_osfsia=1 1014 fi 1015 ], 1016 ) 1017 if test -z "$no_osfsia" ; then 1018 if test -f /etc/sia/matrix.conf; then 1019 AC_MSG_RESULT([yes]) 1020 AC_DEFINE([HAVE_OSF_SIA], [1], 1021 [Define if you have Digital Unix Security 1022 Integration Architecture]) 1023 AC_DEFINE([DISABLE_LOGIN], [1], 1024 [Define if you don't want to use your 1025 system's login() call]) 1026 AC_DEFINE([DISABLE_FD_PASSING]) 1027 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1028 SIA_MSG="yes" 1029 else 1030 AC_MSG_RESULT([no]) 1031 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1032 [String used in /etc/passwd to denote locked account]) 1033 fi 1034 fi 1035 AC_DEFINE([BROKEN_GETADDRINFO]) 1036 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1037 AC_DEFINE([BROKEN_SETREUID]) 1038 AC_DEFINE([BROKEN_SETREGID]) 1039 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1040 ;; 1041 1042*-*-nto-qnx*) 1043 AC_DEFINE([USE_PIPES]) 1044 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1045 AC_DEFINE([DISABLE_LASTLOG]) 1046 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1047 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1048 enable_etc_default_login=no # has incompatible /etc/default/login 1049 case "$host" in 1050 *-*-nto-qnx6*) 1051 AC_DEFINE([DISABLE_FD_PASSING]) 1052 ;; 1053 esac 1054 ;; 1055 1056*-*-ultrix*) 1057 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1058 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) 1059 AC_DEFINE([NEED_SETPGRP]) 1060 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1061 ;; 1062 1063*-*-lynxos) 1064 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1065 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) 1066 ;; 1067esac 1068 1069AC_MSG_CHECKING([compiler and flags for sanity]) 1070AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1071 [ AC_MSG_RESULT([yes]) ], 1072 [ 1073 AC_MSG_RESULT([no]) 1074 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1075 ], 1076 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1077) 1078 1079dnl Checks for header files. 1080# Checks for libraries. 1081AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) 1082AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1083 1084dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1085AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1086 AC_CHECK_LIB([gen], [dirname], [ 1087 AC_CACHE_CHECK([for broken dirname], 1088 ac_cv_have_broken_dirname, [ 1089 save_LIBS="$LIBS" 1090 LIBS="$LIBS -lgen" 1091 AC_RUN_IFELSE( 1092 [AC_LANG_SOURCE([[ 1093#include <libgen.h> 1094#include <string.h> 1095 1096int main(int argc, char **argv) { 1097 char *s, buf[32]; 1098 1099 strncpy(buf,"/etc", 32); 1100 s = dirname(buf); 1101 if (!s || strncmp(s, "/", 32) != 0) { 1102 exit(1); 1103 } else { 1104 exit(0); 1105 } 1106} 1107 ]])], 1108 [ ac_cv_have_broken_dirname="no" ], 1109 [ ac_cv_have_broken_dirname="yes" ], 1110 [ ac_cv_have_broken_dirname="no" ], 1111 ) 1112 LIBS="$save_LIBS" 1113 ]) 1114 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1115 LIBS="$LIBS -lgen" 1116 AC_DEFINE([HAVE_DIRNAME]) 1117 AC_CHECK_HEADERS([libgen.h]) 1118 fi 1119 ]) 1120]) 1121 1122AC_CHECK_FUNC([getspnam], , 1123 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1124AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1125 [Define if you have the basename function.])]) 1126 1127dnl zlib is required 1128AC_ARG_WITH([zlib], 1129 [ --with-zlib=PATH Use zlib in PATH], 1130 [ if test "x$withval" = "xno" ; then 1131 AC_MSG_ERROR([*** zlib is required ***]) 1132 elif test "x$withval" != "xyes"; then 1133 if test -d "$withval/lib"; then 1134 if test -n "${need_dash_r}"; then 1135 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1136 else 1137 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1138 fi 1139 else 1140 if test -n "${need_dash_r}"; then 1141 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1142 else 1143 LDFLAGS="-L${withval} ${LDFLAGS}" 1144 fi 1145 fi 1146 if test -d "$withval/include"; then 1147 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1148 else 1149 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1150 fi 1151 fi ] 1152) 1153 1154AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1155AC_CHECK_LIB([z], [deflate], , 1156 [ 1157 saved_CPPFLAGS="$CPPFLAGS" 1158 saved_LDFLAGS="$LDFLAGS" 1159 save_LIBS="$LIBS" 1160 dnl Check default zlib install dir 1161 if test -n "${need_dash_r}"; then 1162 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1163 else 1164 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1165 fi 1166 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1167 LIBS="$LIBS -lz" 1168 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1169 [ 1170 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1171 ] 1172 ) 1173 ] 1174) 1175 1176AC_ARG_WITH([zlib-version-check], 1177 [ --without-zlib-version-check Disable zlib version check], 1178 [ if test "x$withval" = "xno" ; then 1179 zlib_check_nonfatal=1 1180 fi 1181 ] 1182) 1183 1184AC_MSG_CHECKING([for possibly buggy zlib]) 1185AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1186#include <stdio.h> 1187#include <stdlib.h> 1188#include <zlib.h> 1189 ]], 1190 [[ 1191 int a=0, b=0, c=0, d=0, n, v; 1192 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1193 if (n != 3 && n != 4) 1194 exit(1); 1195 v = a*1000000 + b*10000 + c*100 + d; 1196 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1197 1198 /* 1.1.4 is OK */ 1199 if (a == 1 && b == 1 && c >= 4) 1200 exit(0); 1201 1202 /* 1.2.3 and up are OK */ 1203 if (v >= 1020300) 1204 exit(0); 1205 1206 exit(2); 1207 ]])], 1208 AC_MSG_RESULT([no]), 1209 [ AC_MSG_RESULT([yes]) 1210 if test -z "$zlib_check_nonfatal" ; then 1211 AC_MSG_ERROR([*** zlib too old - check config.log *** 1212Your reported zlib version has known security problems. It's possible your 1213vendor has fixed these problems without changing the version number. If you 1214are sure this is the case, you can disable the check by running 1215"./configure --without-zlib-version-check". 1216If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1217See http://www.gzip.org/zlib/ for details.]) 1218 else 1219 AC_MSG_WARN([zlib version may have security problems]) 1220 fi 1221 ], 1222 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1223) 1224 1225dnl UnixWare 2.x 1226AC_CHECK_FUNC([strcasecmp], 1227 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1228) 1229AC_CHECK_FUNCS([utimes], 1230 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1231 LIBS="$LIBS -lc89"]) ] 1232) 1233 1234dnl Checks for libutil functions 1235AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1236AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1237AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1238AC_SEARCH_LIBS([login], [util bsd]) 1239AC_SEARCH_LIBS([logout], [util bsd]) 1240AC_SEARCH_LIBS([logwtmp], [util bsd]) 1241AC_SEARCH_LIBS([openpty], [util bsd]) 1242AC_SEARCH_LIBS([updwtmp], [util bsd]) 1243AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1244 1245# On some platforms, inet_ntop may be found in libresolv or libnsl. 1246AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1247 1248AC_FUNC_STRFTIME 1249 1250# Check for ALTDIRFUNC glob() extension 1251AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1252AC_EGREP_CPP([FOUNDIT], 1253 [ 1254 #include <glob.h> 1255 #ifdef GLOB_ALTDIRFUNC 1256 FOUNDIT 1257 #endif 1258 ], 1259 [ 1260 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1261 [Define if your system glob() function has 1262 the GLOB_ALTDIRFUNC extension]) 1263 AC_MSG_RESULT([yes]) 1264 ], 1265 [ 1266 AC_MSG_RESULT([no]) 1267 ] 1268) 1269 1270# Check for g.gl_matchc glob() extension 1271AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1272AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1273 [[ glob_t g; g.gl_matchc = 1; ]])], 1274 [ 1275 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1276 [Define if your system glob() function has 1277 gl_matchc options in glob_t]) 1278 AC_MSG_RESULT([yes]) 1279 ], [ 1280 AC_MSG_RESULT([no]) 1281]) 1282 1283# Check for g.gl_statv glob() extension 1284AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1285AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1286#ifndef GLOB_KEEPSTAT 1287#error "glob does not support GLOB_KEEPSTAT extension" 1288#endif 1289glob_t g; 1290g.gl_statv = NULL; 1291]])], 1292 [ 1293 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1294 [Define if your system glob() function has 1295 gl_statv options in glob_t]) 1296 AC_MSG_RESULT([yes]) 1297 ], [ 1298 AC_MSG_RESULT([no]) 1299 1300]) 1301 1302AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1303 1304AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1305AC_RUN_IFELSE( 1306 [AC_LANG_PROGRAM([[ 1307#include <sys/types.h> 1308#include <dirent.h>]], 1309 [[ 1310 struct dirent d; 1311 exit(sizeof(d.d_name)<=sizeof(char)); 1312 ]])], 1313 [AC_MSG_RESULT([yes])], 1314 [ 1315 AC_MSG_RESULT([no]) 1316 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1317 [Define if your struct dirent expects you to 1318 allocate extra space for d_name]) 1319 ], 1320 [ 1321 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1322 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1323 ] 1324) 1325 1326AC_MSG_CHECKING([for /proc/pid/fd directory]) 1327if test -d "/proc/$$/fd" ; then 1328 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1329 AC_MSG_RESULT([yes]) 1330else 1331 AC_MSG_RESULT([no]) 1332fi 1333 1334# Check whether user wants S/Key support 1335SKEY_MSG="no" 1336AC_ARG_WITH([skey], 1337 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1338 [ 1339 if test "x$withval" != "xno" ; then 1340 1341 if test "x$withval" != "xyes" ; then 1342 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1343 LDFLAGS="$LDFLAGS -L${withval}/lib" 1344 fi 1345 1346 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1347 LIBS="-lskey $LIBS" 1348 SKEY_MSG="yes" 1349 1350 AC_MSG_CHECKING([for s/key support]) 1351 AC_LINK_IFELSE( 1352 [AC_LANG_PROGRAM([[ 1353#include <stdio.h> 1354#include <skey.h> 1355 ]], [[ 1356 char *ff = skey_keyinfo(""); ff=""; 1357 exit(0); 1358 ]])], 1359 [AC_MSG_RESULT([yes])], 1360 [ 1361 AC_MSG_RESULT([no]) 1362 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1363 ]) 1364 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1365 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1366#include <stdio.h> 1367#include <skey.h> 1368 ]], [[ 1369 (void)skeychallenge(NULL,"name","",0); 1370 ]])], 1371 [ 1372 AC_MSG_RESULT([yes]) 1373 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1374 [Define if your skeychallenge() 1375 function takes 4 arguments (NetBSD)])], 1376 [ 1377 AC_MSG_RESULT([no]) 1378 ]) 1379 fi 1380 ] 1381) 1382 1383# Check whether user wants TCP wrappers support 1384TCPW_MSG="no" 1385AC_ARG_WITH([tcp-wrappers], 1386 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1387 [ 1388 if test "x$withval" != "xno" ; then 1389 saved_LIBS="$LIBS" 1390 saved_LDFLAGS="$LDFLAGS" 1391 saved_CPPFLAGS="$CPPFLAGS" 1392 if test -n "${withval}" && \ 1393 test "x${withval}" != "xyes"; then 1394 if test -d "${withval}/lib"; then 1395 if test -n "${need_dash_r}"; then 1396 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1397 else 1398 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1399 fi 1400 else 1401 if test -n "${need_dash_r}"; then 1402 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1403 else 1404 LDFLAGS="-L${withval} ${LDFLAGS}" 1405 fi 1406 fi 1407 if test -d "${withval}/include"; then 1408 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1409 else 1410 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1411 fi 1412 fi 1413 LIBS="-lwrap $LIBS" 1414 AC_MSG_CHECKING([for libwrap]) 1415 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1416#include <sys/types.h> 1417#include <sys/socket.h> 1418#include <netinet/in.h> 1419#include <tcpd.h> 1420int deny_severity = 0, allow_severity = 0; 1421 ]], [[ 1422 hosts_access(0); 1423 ]])], [ 1424 AC_MSG_RESULT([yes]) 1425 AC_DEFINE([LIBWRAP], [1], 1426 [Define if you want 1427 TCP Wrappers support]) 1428 SSHDLIBS="$SSHDLIBS -lwrap" 1429 TCPW_MSG="yes" 1430 ], [ 1431 AC_MSG_ERROR([*** libwrap missing]) 1432 1433 ]) 1434 LIBS="$saved_LIBS" 1435 fi 1436 ] 1437) 1438 1439# Check whether user wants to use ldns 1440LDNS_MSG="no" 1441AC_ARG_WITH(ldns, 1442 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1443 [ 1444 if test "x$withval" != "xno" ; then 1445 1446 if test "x$withval" != "xyes" ; then 1447 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1448 LDFLAGS="$LDFLAGS -L${withval}/lib" 1449 fi 1450 1451 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1452 LIBS="-lldns $LIBS" 1453 LDNS_MSG="yes" 1454 1455 AC_MSG_CHECKING([for ldns support]) 1456 AC_LINK_IFELSE( 1457 [AC_LANG_SOURCE([[ 1458#include <stdio.h> 1459#include <stdlib.h> 1460#include <stdint.h> 1461#include <ldns/ldns.h> 1462int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1463 ]]) 1464 ], 1465 [AC_MSG_RESULT(yes)], 1466 [ 1467 AC_MSG_RESULT(no) 1468 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1469 ]) 1470 fi 1471 ] 1472) 1473 1474# Check whether user wants libedit support 1475LIBEDIT_MSG="no" 1476AC_ARG_WITH([libedit], 1477 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1478 [ if test "x$withval" != "xno" ; then 1479 if test "x$withval" = "xyes" ; then 1480 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1481 if test "x$PKGCONFIG" != "xno"; then 1482 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1483 if "$PKGCONFIG" libedit; then 1484 AC_MSG_RESULT([yes]) 1485 use_pkgconfig_for_libedit=yes 1486 else 1487 AC_MSG_RESULT([no]) 1488 fi 1489 fi 1490 else 1491 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1492 if test -n "${need_dash_r}"; then 1493 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1494 else 1495 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1496 fi 1497 fi 1498 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1499 LIBEDIT=`$PKGCONFIG --libs libedit` 1500 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1501 else 1502 LIBEDIT="-ledit -lcurses" 1503 fi 1504 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1505 AC_CHECK_LIB([edit], [el_init], 1506 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1507 LIBEDIT_MSG="yes" 1508 AC_SUBST([LIBEDIT]) 1509 ], 1510 [ AC_MSG_ERROR([libedit not found]) ], 1511 [ $OTHERLIBS ] 1512 ) 1513 AC_MSG_CHECKING([if libedit version is compatible]) 1514 AC_COMPILE_IFELSE( 1515 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1516 [[ 1517 int i = H_SETSIZE; 1518 el_init("", NULL, NULL, NULL); 1519 exit(0); 1520 ]])], 1521 [ AC_MSG_RESULT([yes]) ], 1522 [ AC_MSG_RESULT([no]) 1523 AC_MSG_ERROR([libedit version is not compatible]) ] 1524 ) 1525 fi ] 1526) 1527 1528AUDIT_MODULE=none 1529AC_ARG_WITH([audit], 1530 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1531 [ 1532 AC_MSG_CHECKING([for supported audit module]) 1533 case "$withval" in 1534 bsm) 1535 AC_MSG_RESULT([bsm]) 1536 AUDIT_MODULE=bsm 1537 dnl Checks for headers, libs and functions 1538 AC_CHECK_HEADERS([bsm/audit.h], [], 1539 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1540 [ 1541#ifdef HAVE_TIME_H 1542# include <time.h> 1543#endif 1544 ] 1545) 1546 AC_CHECK_LIB([bsm], [getaudit], [], 1547 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1548 AC_CHECK_FUNCS([getaudit], [], 1549 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1550 # These are optional 1551 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1552 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1553 if test "$sol2ver" -ge 11; then 1554 SSHDLIBS="$SSHDLIBS -lscf" 1555 AC_DEFINE([BROKEN_BSM_API], [1], 1556 [The system has incomplete BSM API]) 1557 fi 1558 ;; 1559 linux) 1560 AC_MSG_RESULT([linux]) 1561 AUDIT_MODULE=linux 1562 dnl Checks for headers, libs and functions 1563 AC_CHECK_HEADERS([libaudit.h]) 1564 SSHDLIBS="$SSHDLIBS -laudit" 1565 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1566 ;; 1567 debug) 1568 AUDIT_MODULE=debug 1569 AC_MSG_RESULT([debug]) 1570 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1571 ;; 1572 no) 1573 AC_MSG_RESULT([no]) 1574 ;; 1575 *) 1576 AC_MSG_ERROR([Unknown audit module $withval]) 1577 ;; 1578 esac ] 1579) 1580 1581AC_ARG_WITH([pie], 1582 [ --with-pie Build Position Independent Executables if possible], [ 1583 if test "x$withval" = "xno"; then 1584 use_pie=no 1585 fi 1586 if test "x$withval" = "xyes"; then 1587 use_pie=yes 1588 fi 1589 ] 1590) 1591if test "x$use_pie" = "x"; then 1592 use_pie=no 1593fi 1594if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1595 # Turn off automatic PIE when toolchain hardening is off. 1596 use_pie=no 1597fi 1598if test "x$use_pie" = "xauto"; then 1599 # Automatic PIE requires gcc >= 4.x 1600 AC_MSG_CHECKING([for gcc >= 4.x]) 1601 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1602#if !defined(__GNUC__) || __GNUC__ < 4 1603#error gcc is too old 1604#endif 1605]])], 1606 [ AC_MSG_RESULT([yes]) ], 1607 [ AC_MSG_RESULT([no]) 1608 use_pie=no ] 1609) 1610fi 1611if test "x$use_pie" != "xno"; then 1612 SAVED_CFLAGS="$CFLAGS" 1613 SAVED_LDFLAGS="$LDFLAGS" 1614 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1615 OSSH_CHECK_LDFLAG_LINK([-pie]) 1616 # We use both -fPIE and -pie or neither. 1617 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1618 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1619 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1620 AC_MSG_RESULT([yes]) 1621 else 1622 AC_MSG_RESULT([no]) 1623 CFLAGS="$SAVED_CFLAGS" 1624 LDFLAGS="$SAVED_LDFLAGS" 1625 fi 1626fi 1627 1628dnl Checks for library functions. Please keep in alphabetical order 1629AC_CHECK_FUNCS([ \ 1630 Blowfish_initstate \ 1631 Blowfish_expandstate \ 1632 Blowfish_expand0state \ 1633 Blowfish_stream2word \ 1634 arc4random \ 1635 arc4random_buf \ 1636 arc4random_stir \ 1637 arc4random_uniform \ 1638 asprintf \ 1639 b64_ntop \ 1640 __b64_ntop \ 1641 b64_pton \ 1642 __b64_pton \ 1643 bcopy \ 1644 bcrypt_pbkdf \ 1645 bindresvport_sa \ 1646 blf_enc \ 1647 cap_rights_limit \ 1648 clock \ 1649 closefrom \ 1650 dirfd \ 1651 endgrent \ 1652 fchmod \ 1653 fchown \ 1654 freeaddrinfo \ 1655 fstatfs \ 1656 fstatvfs \ 1657 futimes \ 1658 getaddrinfo \ 1659 getcwd \ 1660 getgrouplist \ 1661 getnameinfo \ 1662 getopt \ 1663 getpeereid \ 1664 getpeerucred \ 1665 getpgid \ 1666 getpgrp \ 1667 _getpty \ 1668 getrlimit \ 1669 getttyent \ 1670 glob \ 1671 group_from_gid \ 1672 inet_aton \ 1673 inet_ntoa \ 1674 inet_ntop \ 1675 innetgr \ 1676 login_getcapbool \ 1677 mblen \ 1678 md5_crypt \ 1679 memmove \ 1680 mkdtemp \ 1681 mmap \ 1682 ngetaddrinfo \ 1683 nsleep \ 1684 ogetaddrinfo \ 1685 openlog_r \ 1686 poll \ 1687 prctl \ 1688 pstat \ 1689 readpassphrase \ 1690 realpath \ 1691 recvmsg \ 1692 rresvport_af \ 1693 sendmsg \ 1694 setdtablesize \ 1695 setegid \ 1696 setenv \ 1697 seteuid \ 1698 setgroupent \ 1699 setgroups \ 1700 setlinebuf \ 1701 setlogin \ 1702 setpassent\ 1703 setpcred \ 1704 setproctitle \ 1705 setregid \ 1706 setreuid \ 1707 setrlimit \ 1708 setsid \ 1709 setvbuf \ 1710 sigaction \ 1711 sigvec \ 1712 snprintf \ 1713 socketpair \ 1714 statfs \ 1715 statvfs \ 1716 strdup \ 1717 strerror \ 1718 strlcat \ 1719 strlcpy \ 1720 strmode \ 1721 strnlen \ 1722 strnvis \ 1723 strptime \ 1724 strtonum \ 1725 strtoll \ 1726 strtoul \ 1727 strtoull \ 1728 swap32 \ 1729 sysconf \ 1730 tcgetpgrp \ 1731 timingsafe_bcmp \ 1732 truncate \ 1733 unsetenv \ 1734 updwtmpx \ 1735 user_from_uid \ 1736 usleep \ 1737 vasprintf \ 1738 vhangup \ 1739 vsnprintf \ 1740 waitpid \ 1741]) 1742 1743AC_LINK_IFELSE( 1744 [AC_LANG_PROGRAM( 1745 [[ #include <ctype.h> ]], 1746 [[ return (isblank('a')); ]])], 1747 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1748]) 1749 1750# PKCS#11 support requires dlopen() and co 1751AC_SEARCH_LIBS([dlopen], [dl], 1752 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1753) 1754 1755# IRIX has a const char return value for gai_strerror() 1756AC_CHECK_FUNCS([gai_strerror], [ 1757 AC_DEFINE([HAVE_GAI_STRERROR]) 1758 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1759#include <sys/types.h> 1760#include <sys/socket.h> 1761#include <netdb.h> 1762 1763const char *gai_strerror(int); 1764 ]], [[ 1765 char *str; 1766 str = gai_strerror(0); 1767 ]])], [ 1768 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1769 [Define if gai_strerror() returns const char *])], [])]) 1770 1771AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1772 [Some systems put nanosleep outside of libc])]) 1773 1774AC_SEARCH_LIBS([clock_gettime], [rt], 1775 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1776 1777dnl Make sure prototypes are defined for these before using them. 1778AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1779AC_CHECK_DECL([strsep], 1780 [AC_CHECK_FUNCS([strsep])], 1781 [], 1782 [ 1783#ifdef HAVE_STRING_H 1784# include <string.h> 1785#endif 1786 ]) 1787 1788dnl tcsendbreak might be a macro 1789AC_CHECK_DECL([tcsendbreak], 1790 [AC_DEFINE([HAVE_TCSENDBREAK])], 1791 [AC_CHECK_FUNCS([tcsendbreak])], 1792 [#include <termios.h>] 1793) 1794 1795AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1796 1797AC_CHECK_DECLS([SHUT_RD], , , 1798 [ 1799#include <sys/types.h> 1800#include <sys/socket.h> 1801 ]) 1802 1803AC_CHECK_DECLS([O_NONBLOCK], , , 1804 [ 1805#include <sys/types.h> 1806#ifdef HAVE_SYS_STAT_H 1807# include <sys/stat.h> 1808#endif 1809#ifdef HAVE_FCNTL_H 1810# include <fcntl.h> 1811#endif 1812 ]) 1813 1814AC_CHECK_DECLS([writev], , , [ 1815#include <sys/types.h> 1816#include <sys/uio.h> 1817#include <unistd.h> 1818 ]) 1819 1820AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1821#include <sys/param.h> 1822 ]) 1823 1824AC_CHECK_DECLS([offsetof], , , [ 1825#include <stddef.h> 1826 ]) 1827 1828# extra bits for select(2) 1829AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1830#include <sys/param.h> 1831#include <sys/types.h> 1832#ifdef HAVE_SYS_SYSMACROS_H 1833#include <sys/sysmacros.h> 1834#endif 1835#ifdef HAVE_SYS_SELECT_H 1836#include <sys/select.h> 1837#endif 1838#ifdef HAVE_SYS_TIME_H 1839#include <sys/time.h> 1840#endif 1841#ifdef HAVE_UNISTD_H 1842#include <unistd.h> 1843#endif 1844 ]]) 1845AC_CHECK_TYPES([fd_mask], [], [], [[ 1846#include <sys/param.h> 1847#include <sys/types.h> 1848#ifdef HAVE_SYS_SELECT_H 1849#include <sys/select.h> 1850#endif 1851#ifdef HAVE_SYS_TIME_H 1852#include <sys/time.h> 1853#endif 1854#ifdef HAVE_UNISTD_H 1855#include <unistd.h> 1856#endif 1857 ]]) 1858 1859AC_CHECK_FUNCS([setresuid], [ 1860 dnl Some platorms have setresuid that isn't implemented, test for this 1861 AC_MSG_CHECKING([if setresuid seems to work]) 1862 AC_RUN_IFELSE( 1863 [AC_LANG_PROGRAM([[ 1864#include <stdlib.h> 1865#include <errno.h> 1866 ]], [[ 1867 errno=0; 1868 setresuid(0,0,0); 1869 if (errno==ENOSYS) 1870 exit(1); 1871 else 1872 exit(0); 1873 ]])], 1874 [AC_MSG_RESULT([yes])], 1875 [AC_DEFINE([BROKEN_SETRESUID], [1], 1876 [Define if your setresuid() is broken]) 1877 AC_MSG_RESULT([not implemented])], 1878 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1879 ) 1880]) 1881 1882AC_CHECK_FUNCS([setresgid], [ 1883 dnl Some platorms have setresgid that isn't implemented, test for this 1884 AC_MSG_CHECKING([if setresgid seems to work]) 1885 AC_RUN_IFELSE( 1886 [AC_LANG_PROGRAM([[ 1887#include <stdlib.h> 1888#include <errno.h> 1889 ]], [[ 1890 errno=0; 1891 setresgid(0,0,0); 1892 if (errno==ENOSYS) 1893 exit(1); 1894 else 1895 exit(0); 1896 ]])], 1897 [AC_MSG_RESULT([yes])], 1898 [AC_DEFINE([BROKEN_SETRESGID], [1], 1899 [Define if your setresgid() is broken]) 1900 AC_MSG_RESULT([not implemented])], 1901 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1902 ) 1903]) 1904 1905dnl Checks for time functions 1906AC_CHECK_FUNCS([gettimeofday time]) 1907dnl Checks for utmp functions 1908AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 1909AC_CHECK_FUNCS([utmpname]) 1910dnl Checks for utmpx functions 1911AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 1912AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 1913dnl Checks for lastlog functions 1914AC_CHECK_FUNCS([getlastlogxbyname]) 1915 1916AC_CHECK_FUNC([daemon], 1917 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 1918 [AC_CHECK_LIB([bsd], [daemon], 1919 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 1920) 1921 1922AC_CHECK_FUNC([getpagesize], 1923 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 1924 [Define if your libraries define getpagesize()])], 1925 [AC_CHECK_LIB([ucb], [getpagesize], 1926 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 1927) 1928 1929# Check for broken snprintf 1930if test "x$ac_cv_func_snprintf" = "xyes" ; then 1931 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 1932 AC_RUN_IFELSE( 1933 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 1934 [[ 1935 char b[5]; 1936 snprintf(b,5,"123456789"); 1937 exit(b[4]!='\0'); 1938 ]])], 1939 [AC_MSG_RESULT([yes])], 1940 [ 1941 AC_MSG_RESULT([no]) 1942 AC_DEFINE([BROKEN_SNPRINTF], [1], 1943 [Define if your snprintf is busted]) 1944 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 1945 ], 1946 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 1947 ) 1948fi 1949 1950# If we don't have a working asprintf, then we strongly depend on vsnprintf 1951# returning the right thing on overflow: the number of characters it tried to 1952# create (as per SUSv3) 1953if test "x$ac_cv_func_asprintf" != "xyes" && \ 1954 test "x$ac_cv_func_vsnprintf" = "xyes" ; then 1955 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 1956 AC_RUN_IFELSE( 1957 [AC_LANG_PROGRAM([[ 1958#include <sys/types.h> 1959#include <stdio.h> 1960#include <stdarg.h> 1961 1962int x_snprintf(char *str,size_t count,const char *fmt,...) 1963{ 1964 size_t ret; va_list ap; 1965 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); 1966 return ret; 1967} 1968 ]], [[ 1969 char x[1]; 1970 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); 1971 ]])], 1972 [AC_MSG_RESULT([yes])], 1973 [ 1974 AC_MSG_RESULT([no]) 1975 AC_DEFINE([BROKEN_SNPRINTF], [1], 1976 [Define if your snprintf is busted]) 1977 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 1978 ], 1979 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 1980 ) 1981fi 1982 1983# On systems where [v]snprintf is broken, but is declared in stdio, 1984# check that the fmt argument is const char * or just char *. 1985# This is only useful for when BROKEN_SNPRINTF 1986AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 1987AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1988#include <stdio.h> 1989int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 1990 ]], [[ 1991 snprintf(0, 0, 0); 1992 ]])], 1993 [AC_MSG_RESULT([yes]) 1994 AC_DEFINE([SNPRINTF_CONST], [const], 1995 [Define as const if snprintf() can declare const char *fmt])], 1996 [AC_MSG_RESULT([no]) 1997 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 1998 1999# Check for missing getpeereid (or equiv) support 2000NO_PEERCHECK="" 2001if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2002 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2003 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2004#include <sys/types.h> 2005#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2006 [ AC_MSG_RESULT([yes]) 2007 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2008 ], [AC_MSG_RESULT([no]) 2009 NO_PEERCHECK=1 2010 ]) 2011fi 2012 2013dnl see whether mkstemp() requires XXXXXX 2014if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2015AC_MSG_CHECKING([for (overly) strict mkstemp]) 2016AC_RUN_IFELSE( 2017 [AC_LANG_PROGRAM([[ 2018#include <stdlib.h> 2019 ]], [[ 2020 char template[]="conftest.mkstemp-test"; 2021 if (mkstemp(template) == -1) 2022 exit(1); 2023 unlink(template); 2024 exit(0); 2025 ]])], 2026 [ 2027 AC_MSG_RESULT([no]) 2028 ], 2029 [ 2030 AC_MSG_RESULT([yes]) 2031 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2032 ], 2033 [ 2034 AC_MSG_RESULT([yes]) 2035 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2036 ] 2037) 2038fi 2039 2040dnl make sure that openpty does not reacquire controlling terminal 2041if test ! -z "$check_for_openpty_ctty_bug"; then 2042 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2043 AC_RUN_IFELSE( 2044 [AC_LANG_PROGRAM([[ 2045#include <stdio.h> 2046#include <sys/fcntl.h> 2047#include <sys/types.h> 2048#include <sys/wait.h> 2049 ]], [[ 2050 pid_t pid; 2051 int fd, ptyfd, ttyfd, status; 2052 2053 pid = fork(); 2054 if (pid < 0) { /* failed */ 2055 exit(1); 2056 } else if (pid > 0) { /* parent */ 2057 waitpid(pid, &status, 0); 2058 if (WIFEXITED(status)) 2059 exit(WEXITSTATUS(status)); 2060 else 2061 exit(2); 2062 } else { /* child */ 2063 close(0); close(1); close(2); 2064 setsid(); 2065 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2066 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2067 if (fd >= 0) 2068 exit(3); /* Acquired ctty: broken */ 2069 else 2070 exit(0); /* Did not acquire ctty: OK */ 2071 } 2072 ]])], 2073 [ 2074 AC_MSG_RESULT([yes]) 2075 ], 2076 [ 2077 AC_MSG_RESULT([no]) 2078 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2079 ], 2080 [ 2081 AC_MSG_RESULT([cross-compiling, assuming yes]) 2082 ] 2083 ) 2084fi 2085 2086if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2087 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2088 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2089 AC_RUN_IFELSE( 2090 [AC_LANG_PROGRAM([[ 2091#include <stdio.h> 2092#include <sys/socket.h> 2093#include <netdb.h> 2094#include <errno.h> 2095#include <netinet/in.h> 2096 2097#define TEST_PORT "2222" 2098 ]], [[ 2099 int err, sock; 2100 struct addrinfo *gai_ai, *ai, hints; 2101 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2102 2103 memset(&hints, 0, sizeof(hints)); 2104 hints.ai_family = PF_UNSPEC; 2105 hints.ai_socktype = SOCK_STREAM; 2106 hints.ai_flags = AI_PASSIVE; 2107 2108 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2109 if (err != 0) { 2110 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2111 exit(1); 2112 } 2113 2114 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2115 if (ai->ai_family != AF_INET6) 2116 continue; 2117 2118 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2119 sizeof(ntop), strport, sizeof(strport), 2120 NI_NUMERICHOST|NI_NUMERICSERV); 2121 2122 if (err != 0) { 2123 if (err == EAI_SYSTEM) 2124 perror("getnameinfo EAI_SYSTEM"); 2125 else 2126 fprintf(stderr, "getnameinfo failed: %s\n", 2127 gai_strerror(err)); 2128 exit(2); 2129 } 2130 2131 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2132 if (sock < 0) 2133 perror("socket"); 2134 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2135 if (errno == EBADF) 2136 exit(3); 2137 } 2138 } 2139 exit(0); 2140 ]])], 2141 [ 2142 AC_MSG_RESULT([yes]) 2143 ], 2144 [ 2145 AC_MSG_RESULT([no]) 2146 AC_DEFINE([BROKEN_GETADDRINFO]) 2147 ], 2148 [ 2149 AC_MSG_RESULT([cross-compiling, assuming yes]) 2150 ] 2151 ) 2152fi 2153 2154if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2155 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2156 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2157 AC_RUN_IFELSE( 2158 [AC_LANG_PROGRAM([[ 2159#include <stdio.h> 2160#include <sys/socket.h> 2161#include <netdb.h> 2162#include <errno.h> 2163#include <netinet/in.h> 2164 2165#define TEST_PORT "2222" 2166 ]], [[ 2167 int err, sock; 2168 struct addrinfo *gai_ai, *ai, hints; 2169 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2170 2171 memset(&hints, 0, sizeof(hints)); 2172 hints.ai_family = PF_UNSPEC; 2173 hints.ai_socktype = SOCK_STREAM; 2174 hints.ai_flags = AI_PASSIVE; 2175 2176 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2177 if (err != 0) { 2178 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2179 exit(1); 2180 } 2181 2182 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2183 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2184 continue; 2185 2186 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2187 sizeof(ntop), strport, sizeof(strport), 2188 NI_NUMERICHOST|NI_NUMERICSERV); 2189 2190 if (ai->ai_family == AF_INET && err != 0) { 2191 perror("getnameinfo"); 2192 exit(2); 2193 } 2194 } 2195 exit(0); 2196 ]])], 2197 [ 2198 AC_MSG_RESULT([yes]) 2199 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2200 [Define if you have a getaddrinfo that fails 2201 for the all-zeros IPv6 address]) 2202 ], 2203 [ 2204 AC_MSG_RESULT([no]) 2205 AC_DEFINE([BROKEN_GETADDRINFO]) 2206 ], 2207 [ 2208 AC_MSG_RESULT([cross-compiling, assuming no]) 2209 ] 2210 ) 2211fi 2212 2213if test "x$check_for_conflicting_getspnam" = "x1"; then 2214 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2215 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2216 [[ exit(0); ]])], 2217 [ 2218 AC_MSG_RESULT([no]) 2219 ], 2220 [ 2221 AC_MSG_RESULT([yes]) 2222 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2223 [Conflicting defs for getspnam]) 2224 ] 2225 ) 2226fi 2227 2228AC_FUNC_GETPGRP 2229 2230# Search for OpenSSL 2231saved_CPPFLAGS="$CPPFLAGS" 2232saved_LDFLAGS="$LDFLAGS" 2233AC_ARG_WITH([ssl-dir], 2234 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2235 [ 2236 if test "x$withval" != "xno" ; then 2237 case "$withval" in 2238 # Relative paths 2239 ./*|../*) withval="`pwd`/$withval" 2240 esac 2241 if test -d "$withval/lib"; then 2242 if test -n "${need_dash_r}"; then 2243 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2244 else 2245 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2246 fi 2247 elif test -d "$withval/lib64"; then 2248 if test -n "${need_dash_r}"; then 2249 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2250 else 2251 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2252 fi 2253 else 2254 if test -n "${need_dash_r}"; then 2255 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2256 else 2257 LDFLAGS="-L${withval} ${LDFLAGS}" 2258 fi 2259 fi 2260 if test -d "$withval/include"; then 2261 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2262 else 2263 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2264 fi 2265 fi 2266 ] 2267) 2268LIBS="-lcrypto $LIBS" 2269AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2270 [Define if your ssl headers are included 2271 with #include <openssl/header.h>])], 2272 [ 2273 dnl Check default openssl install dir 2274 if test -n "${need_dash_r}"; then 2275 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2276 else 2277 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2278 fi 2279 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2280 AC_CHECK_HEADER([openssl/opensslv.h], , 2281 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2282 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2283 [ 2284 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2285 ] 2286 ) 2287 ] 2288) 2289 2290# Determine OpenSSL header version 2291AC_MSG_CHECKING([OpenSSL header version]) 2292AC_RUN_IFELSE( 2293 [AC_LANG_PROGRAM([[ 2294#include <stdio.h> 2295#include <string.h> 2296#include <openssl/opensslv.h> 2297#define DATA "conftest.sslincver" 2298 ]], [[ 2299 FILE *fd; 2300 int rc; 2301 2302 fd = fopen(DATA,"w"); 2303 if(fd == NULL) 2304 exit(1); 2305 2306 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 2307 exit(1); 2308 2309 exit(0); 2310 ]])], 2311 [ 2312 ssl_header_ver=`cat conftest.sslincver` 2313 AC_MSG_RESULT([$ssl_header_ver]) 2314 ], 2315 [ 2316 AC_MSG_RESULT([not found]) 2317 AC_MSG_ERROR([OpenSSL version header not found.]) 2318 ], 2319 [ 2320 AC_MSG_WARN([cross compiling: not checking]) 2321 ] 2322) 2323 2324# Determine OpenSSL library version 2325AC_MSG_CHECKING([OpenSSL library version]) 2326AC_RUN_IFELSE( 2327 [AC_LANG_PROGRAM([[ 2328#include <stdio.h> 2329#include <string.h> 2330#include <openssl/opensslv.h> 2331#include <openssl/crypto.h> 2332#define DATA "conftest.ssllibver" 2333 ]], [[ 2334 FILE *fd; 2335 int rc; 2336 2337 fd = fopen(DATA,"w"); 2338 if(fd == NULL) 2339 exit(1); 2340 2341 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) 2342 exit(1); 2343 2344 exit(0); 2345 ]])], 2346 [ 2347 ssl_library_ver=`cat conftest.ssllibver` 2348 AC_MSG_RESULT([$ssl_library_ver]) 2349 ], 2350 [ 2351 AC_MSG_RESULT([not found]) 2352 AC_MSG_ERROR([OpenSSL library not found.]) 2353 ], 2354 [ 2355 AC_MSG_WARN([cross compiling: not checking]) 2356 ] 2357) 2358 2359AC_ARG_WITH([openssl-header-check], 2360 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2361 [ if test "x$withval" = "xno" ; then 2362 openssl_check_nonfatal=1 2363 fi 2364 ] 2365) 2366 2367# Sanity check OpenSSL headers 2368AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2369AC_RUN_IFELSE( 2370 [AC_LANG_PROGRAM([[ 2371#include <string.h> 2372#include <openssl/opensslv.h> 2373 ]], [[ 2374 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2375 ]])], 2376 [ 2377 AC_MSG_RESULT([yes]) 2378 ], 2379 [ 2380 AC_MSG_RESULT([no]) 2381 if test "x$openssl_check_nonfatal" = "x"; then 2382 AC_MSG_ERROR([Your OpenSSL headers do not match your 2383library. Check config.log for details. 2384If you are sure your installation is consistent, you can disable the check 2385by running "./configure --without-openssl-header-check". 2386Also see contrib/findssl.sh for help identifying header/library mismatches. 2387]) 2388 else 2389 AC_MSG_WARN([Your OpenSSL headers do not match your 2390library. Check config.log for details. 2391Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2392 fi 2393 ], 2394 [ 2395 AC_MSG_WARN([cross compiling: not checking]) 2396 ] 2397) 2398 2399AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2400AC_LINK_IFELSE( 2401 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2402 [[ SSLeay_add_all_algorithms(); ]])], 2403 [ 2404 AC_MSG_RESULT([yes]) 2405 ], 2406 [ 2407 AC_MSG_RESULT([no]) 2408 saved_LIBS="$LIBS" 2409 LIBS="$LIBS -ldl" 2410 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2411 AC_LINK_IFELSE( 2412 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2413 [[ SSLeay_add_all_algorithms(); ]])], 2414 [ 2415 AC_MSG_RESULT([yes]) 2416 ], 2417 [ 2418 AC_MSG_RESULT([no]) 2419 LIBS="$saved_LIBS" 2420 ] 2421 ) 2422 ] 2423) 2424 2425AC_CHECK_FUNCS([ \ 2426 BN_is_prime_ex \ 2427 DSA_generate_parameters_ex \ 2428 EVP_DigestInit_ex \ 2429 EVP_DigestFinal_ex \ 2430 EVP_MD_CTX_init \ 2431 EVP_MD_CTX_cleanup \ 2432 HMAC_CTX_init \ 2433 RSA_generate_key_ex \ 2434 RSA_get_default_method \ 2435]) 2436 2437AC_ARG_WITH([ssl-engine], 2438 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2439 [ if test "x$withval" != "xno" ; then 2440 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2442#include <openssl/engine.h> 2443 ]], [[ 2444 ENGINE_load_builtin_engines(); 2445 ENGINE_register_all_complete(); 2446 ]])], 2447 [ AC_MSG_RESULT([yes]) 2448 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2449 [Enable OpenSSL engine support]) 2450 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2451 ]) 2452 fi ] 2453) 2454 2455# Check for OpenSSL without EVP_aes_{192,256}_cbc 2456AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2457AC_LINK_IFELSE( 2458 [AC_LANG_PROGRAM([[ 2459#include <string.h> 2460#include <openssl/evp.h> 2461 ]], [[ 2462 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2463 ]])], 2464 [ 2465 AC_MSG_RESULT([no]) 2466 ], 2467 [ 2468 AC_MSG_RESULT([yes]) 2469 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2470 [libcrypto is missing AES 192 and 256 bit functions]) 2471 ] 2472) 2473 2474# Check for OpenSSL with EVP_aes_*ctr 2475AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2476AC_LINK_IFELSE( 2477 [AC_LANG_PROGRAM([[ 2478#include <string.h> 2479#include <openssl/evp.h> 2480 ]], [[ 2481 exit(EVP_aes_128_ctr() == NULL || 2482 EVP_aes_192_cbc() == NULL || 2483 EVP_aes_256_cbc() == NULL); 2484 ]])], 2485 [ 2486 AC_MSG_RESULT([yes]) 2487 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2488 [libcrypto has EVP AES CTR]) 2489 ], 2490 [ 2491 AC_MSG_RESULT([no]) 2492 ] 2493) 2494 2495# Check for OpenSSL with EVP_aes_*gcm 2496AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2497AC_LINK_IFELSE( 2498 [AC_LANG_PROGRAM([[ 2499#include <string.h> 2500#include <openssl/evp.h> 2501 ]], [[ 2502 exit(EVP_aes_128_gcm() == NULL || 2503 EVP_aes_256_gcm() == NULL || 2504 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2505 EVP_CTRL_GCM_IV_GEN == 0 || 2506 EVP_CTRL_GCM_SET_TAG == 0 || 2507 EVP_CTRL_GCM_GET_TAG == 0 || 2508 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2509 ]])], 2510 [ 2511 AC_MSG_RESULT([yes]) 2512 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2513 [libcrypto has EVP AES GCM]) 2514 ], 2515 [ 2516 AC_MSG_RESULT([no]) 2517 unsupported_algorithms="$unsupported_cipers \ 2518 aes128-gcm@openssh.com aes256-gcm@openssh.com" 2519 ] 2520) 2521 2522AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2523 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2524 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2525 2526AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2527AC_LINK_IFELSE( 2528 [AC_LANG_PROGRAM([[ 2529#include <string.h> 2530#include <openssl/evp.h> 2531 ]], [[ 2532 if(EVP_DigestUpdate(NULL, NULL,0)) 2533 exit(0); 2534 ]])], 2535 [ 2536 AC_MSG_RESULT([yes]) 2537 ], 2538 [ 2539 AC_MSG_RESULT([no]) 2540 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2541 [Define if EVP_DigestUpdate returns void]) 2542 ] 2543) 2544 2545# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2546# because the system crypt() is more featureful. 2547if test "x$check_for_libcrypt_before" = "x1"; then 2548 AC_CHECK_LIB([crypt], [crypt]) 2549fi 2550 2551# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2552# version in OpenSSL. 2553if test "x$check_for_libcrypt_later" = "x1"; then 2554 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2555fi 2556AC_CHECK_FUNCS([crypt DES_crypt]) 2557 2558# Search for SHA256 support in libc and/or OpenSSL 2559AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2560 [unsupported_algorithms="$unsupported_algorithms \ 2561 hmac-sha2-256 hmac-sha2-512 \ 2562 diffie-hellman-group-exchange-sha256 \ 2563 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 2564 ] 2565) 2566 2567# Check complete ECC support in OpenSSL 2568AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2569AC_LINK_IFELSE( 2570 [AC_LANG_PROGRAM([[ 2571#include <openssl/ec.h> 2572#include <openssl/ecdh.h> 2573#include <openssl/ecdsa.h> 2574#include <openssl/evp.h> 2575#include <openssl/objects.h> 2576#include <openssl/opensslv.h> 2577#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2578# error "OpenSSL < 0.9.8g has unreliable ECC code" 2579#endif 2580 ]], [[ 2581 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2582 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2583 ]])], 2584 [ AC_MSG_RESULT([yes]) 2585 enable_nistp256=1 ], 2586 [ AC_MSG_RESULT([no]) ] 2587) 2588 2589AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2590AC_LINK_IFELSE( 2591 [AC_LANG_PROGRAM([[ 2592#include <openssl/ec.h> 2593#include <openssl/ecdh.h> 2594#include <openssl/ecdsa.h> 2595#include <openssl/evp.h> 2596#include <openssl/objects.h> 2597#include <openssl/opensslv.h> 2598#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2599# error "OpenSSL < 0.9.8g has unreliable ECC code" 2600#endif 2601 ]], [[ 2602 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2603 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2604 ]])], 2605 [ AC_MSG_RESULT([yes]) 2606 enable_nistp384=1 ], 2607 [ AC_MSG_RESULT([no]) ] 2608) 2609 2610AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2611AC_LINK_IFELSE( 2612 [AC_LANG_PROGRAM([[ 2613#include <openssl/ec.h> 2614#include <openssl/ecdh.h> 2615#include <openssl/ecdsa.h> 2616#include <openssl/evp.h> 2617#include <openssl/objects.h> 2618#include <openssl/opensslv.h> 2619#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2620# error "OpenSSL < 0.9.8g has unreliable ECC code" 2621#endif 2622 ]], [[ 2623 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2624 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2625 ]])], 2626 [ AC_MSG_RESULT([yes]) 2627 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2628 AC_RUN_IFELSE( 2629 [AC_LANG_PROGRAM([[ 2630#include <openssl/ec.h> 2631#include <openssl/ecdh.h> 2632#include <openssl/ecdsa.h> 2633#include <openssl/evp.h> 2634#include <openssl/objects.h> 2635#include <openssl/opensslv.h> 2636 ]],[[ 2637 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2638 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2639 exit(e == NULL || m == NULL); 2640 ]])], 2641 [ AC_MSG_RESULT([yes]) 2642 enable_nistp521=1 ], 2643 [ AC_MSG_RESULT([no]) ], 2644 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2645 enable_nistp521=1 ] 2646 )], 2647 AC_MSG_RESULT([no]) 2648) 2649 2650COMMENT_OUT_ECC="#no ecc#" 2651TEST_SSH_ECC=no 2652 2653if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2654 test x$enable_nistp521 = x1; then 2655 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2656fi 2657if test x$enable_nistp256 = x1; then 2658 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2659 [libcrypto has NID_X9_62_prime256v1]) 2660 TEST_SSH_ECC=yes 2661 COMMENT_OUT_ECC="" 2662else 2663 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ 2664 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2665fi 2666if test x$enable_nistp384 = x1; then 2667 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2668 TEST_SSH_ECC=yes 2669 COMMENT_OUT_ECC="" 2670else 2671 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ 2672 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2673fi 2674if test x$enable_nistp521 = x1; then 2675 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2676 TEST_SSH_ECC=yes 2677 COMMENT_OUT_ECC="" 2678else 2679 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ 2680 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2681fi 2682 2683AC_SUBST([TEST_SSH_ECC]) 2684AC_SUBST([COMMENT_OUT_ECC]) 2685 2686saved_LIBS="$LIBS" 2687AC_CHECK_LIB([iaf], [ia_openinfo], [ 2688 LIBS="$LIBS -liaf" 2689 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2690 AC_DEFINE([HAVE_LIBIAF], [1], 2691 [Define if system has libiaf that supports set_id]) 2692 ]) 2693]) 2694LIBS="$saved_LIBS" 2695 2696### Configure cryptographic random number support 2697 2698# Check wheter OpenSSL seeds itself 2699AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2700AC_RUN_IFELSE( 2701 [AC_LANG_PROGRAM([[ 2702#include <string.h> 2703#include <openssl/rand.h> 2704 ]], [[ 2705 exit(RAND_status() == 1 ? 0 : 1); 2706 ]])], 2707 [ 2708 OPENSSL_SEEDS_ITSELF=yes 2709 AC_MSG_RESULT([yes]) 2710 ], 2711 [ 2712 AC_MSG_RESULT([no]) 2713 ], 2714 [ 2715 AC_MSG_WARN([cross compiling: assuming yes]) 2716 # This is safe, since we will fatal() at runtime if 2717 # OpenSSL is not seeded correctly. 2718 OPENSSL_SEEDS_ITSELF=yes 2719 ] 2720) 2721 2722# PRNGD TCP socket 2723AC_ARG_WITH([prngd-port], 2724 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2725 [ 2726 case "$withval" in 2727 no) 2728 withval="" 2729 ;; 2730 [[0-9]]*) 2731 ;; 2732 *) 2733 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2734 ;; 2735 esac 2736 if test ! -z "$withval" ; then 2737 PRNGD_PORT="$withval" 2738 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2739 [Port number of PRNGD/EGD random number socket]) 2740 fi 2741 ] 2742) 2743 2744# PRNGD Unix domain socket 2745AC_ARG_WITH([prngd-socket], 2746 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2747 [ 2748 case "$withval" in 2749 yes) 2750 withval="/var/run/egd-pool" 2751 ;; 2752 no) 2753 withval="" 2754 ;; 2755 /*) 2756 ;; 2757 *) 2758 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2759 ;; 2760 esac 2761 2762 if test ! -z "$withval" ; then 2763 if test ! -z "$PRNGD_PORT" ; then 2764 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2765 fi 2766 if test ! -r "$withval" ; then 2767 AC_MSG_WARN([Entropy socket is not readable]) 2768 fi 2769 PRNGD_SOCKET="$withval" 2770 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2771 [Location of PRNGD/EGD random number socket]) 2772 fi 2773 ], 2774 [ 2775 # Check for existing socket only if we don't have a random device already 2776 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2777 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2778 # Insert other locations here 2779 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2780 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2781 PRNGD_SOCKET="$sock" 2782 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2783 break; 2784 fi 2785 done 2786 if test ! -z "$PRNGD_SOCKET" ; then 2787 AC_MSG_RESULT([$PRNGD_SOCKET]) 2788 else 2789 AC_MSG_RESULT([not found]) 2790 fi 2791 fi 2792 ] 2793) 2794 2795# Which randomness source do we use? 2796if test ! -z "$PRNGD_PORT" ; then 2797 RAND_MSG="PRNGd port $PRNGD_PORT" 2798elif test ! -z "$PRNGD_SOCKET" ; then 2799 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 2800elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 2801 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 2802 [Define if you want OpenSSL's internally seeded PRNG only]) 2803 RAND_MSG="OpenSSL internal ONLY" 2804else 2805 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 2806fi 2807 2808# Check for PAM libs 2809PAM_MSG="no" 2810AC_ARG_WITH([pam], 2811 [ --with-pam Enable PAM support ], 2812 [ 2813 if test "x$withval" != "xno" ; then 2814 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 2815 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 2816 AC_MSG_ERROR([PAM headers not found]) 2817 fi 2818 2819 saved_LIBS="$LIBS" 2820 AC_CHECK_LIB([dl], [dlopen], , ) 2821 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 2822 AC_CHECK_FUNCS([pam_getenvlist]) 2823 AC_CHECK_FUNCS([pam_putenv]) 2824 LIBS="$saved_LIBS" 2825 2826 PAM_MSG="yes" 2827 2828 SSHDLIBS="$SSHDLIBS -lpam" 2829 AC_DEFINE([USE_PAM], [1], 2830 [Define if you want to enable PAM support]) 2831 2832 if test $ac_cv_lib_dl_dlopen = yes; then 2833 case "$LIBS" in 2834 *-ldl*) 2835 # libdl already in LIBS 2836 ;; 2837 *) 2838 SSHDLIBS="$SSHDLIBS -ldl" 2839 ;; 2840 esac 2841 fi 2842 fi 2843 ] 2844) 2845 2846# Check for older PAM 2847if test "x$PAM_MSG" = "xyes" ; then 2848 # Check PAM strerror arguments (old PAM) 2849 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 2850 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2851#include <stdlib.h> 2852#if defined(HAVE_SECURITY_PAM_APPL_H) 2853#include <security/pam_appl.h> 2854#elif defined (HAVE_PAM_PAM_APPL_H) 2855#include <pam/pam_appl.h> 2856#endif 2857 ]], [[ 2858(void)pam_strerror((pam_handle_t *)NULL, -1); 2859 ]])], [AC_MSG_RESULT([no])], [ 2860 AC_DEFINE([HAVE_OLD_PAM], [1], 2861 [Define if you have an old version of PAM 2862 which takes only one argument to pam_strerror]) 2863 AC_MSG_RESULT([yes]) 2864 PAM_MSG="yes (old library)" 2865 2866 ]) 2867fi 2868 2869SSH_PRIVSEP_USER=sshd 2870AC_ARG_WITH([privsep-user], 2871 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 2872 [ 2873 if test -n "$withval" && test "x$withval" != "xno" && \ 2874 test "x${withval}" != "xyes"; then 2875 SSH_PRIVSEP_USER=$withval 2876 fi 2877 ] 2878) 2879AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 2880 [non-privileged user for privilege separation]) 2881AC_SUBST([SSH_PRIVSEP_USER]) 2882 2883if test "x$have_linux_no_new_privs" = "x1" ; then 2884AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 2885 #include <sys/types.h> 2886 #include <linux/seccomp.h> 2887]) 2888fi 2889if test "x$have_seccomp_filter" = "x1" ; then 2890AC_MSG_CHECKING([kernel for seccomp_filter support]) 2891AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 2892 #include <errno.h> 2893 #include <elf.h> 2894 #include <linux/audit.h> 2895 #include <linux/seccomp.h> 2896 #include <stdlib.h> 2897 #include <sys/prctl.h> 2898 ]], 2899 [[ int i = $seccomp_audit_arch; 2900 errno = 0; 2901 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 2902 exit(errno == EFAULT ? 0 : 1); ]])], 2903 [ AC_MSG_RESULT([yes]) ], [ 2904 AC_MSG_RESULT([no]) 2905 # Disable seccomp filter as a target 2906 have_seccomp_filter=0 2907 ] 2908) 2909fi 2910 2911# Decide which sandbox style to use 2912sandbox_arg="" 2913AC_ARG_WITH([sandbox], 2914 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], 2915 [ 2916 if test "x$withval" = "xyes" ; then 2917 sandbox_arg="" 2918 else 2919 sandbox_arg="$withval" 2920 fi 2921 ] 2922) 2923 2924# Some platforms (seems to be the ones that have a kernel poll(2)-type 2925# function with which they implement select(2)) use an extra file descriptor 2926# when calling select(2), which means we can't use the rlimit sandbox. 2927AC_MSG_CHECKING([if select works with descriptor rlimit]) 2928AC_RUN_IFELSE( 2929 [AC_LANG_PROGRAM([[ 2930#include <sys/types.h> 2931#ifdef HAVE_SYS_TIME_H 2932# include <sys/time.h> 2933#endif 2934#include <sys/resource.h> 2935#ifdef HAVE_SYS_SELECT_H 2936# include <sys/select.h> 2937#endif 2938#include <errno.h> 2939#include <fcntl.h> 2940#include <stdlib.h> 2941 ]],[[ 2942 struct rlimit rl_zero; 2943 int fd, r; 2944 fd_set fds; 2945 struct timeval tv; 2946 2947 fd = open("/dev/null", O_RDONLY); 2948 FD_ZERO(&fds); 2949 FD_SET(fd, &fds); 2950 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 2951 setrlimit(RLIMIT_FSIZE, &rl_zero); 2952 setrlimit(RLIMIT_NOFILE, &rl_zero); 2953 tv.tv_sec = 1; 2954 tv.tv_usec = 0; 2955 r = select(fd+1, &fds, NULL, NULL, &tv); 2956 exit (r == -1 ? 1 : 0); 2957 ]])], 2958 [AC_MSG_RESULT([yes]) 2959 select_works_with_rlimit=yes], 2960 [AC_MSG_RESULT([no]) 2961 select_works_with_rlimit=no], 2962 [AC_MSG_WARN([cross compiling: assuming yes])] 2963) 2964 2965AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 2966AC_RUN_IFELSE( 2967 [AC_LANG_PROGRAM([[ 2968#include <sys/types.h> 2969#ifdef HAVE_SYS_TIME_H 2970# include <sys/time.h> 2971#endif 2972#include <sys/resource.h> 2973#include <errno.h> 2974#include <stdlib.h> 2975 ]],[[ 2976 struct rlimit rl_zero; 2977 int fd, r; 2978 fd_set fds; 2979 2980 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 2981 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 2982 exit (r == -1 ? 1 : 0); 2983 ]])], 2984 [AC_MSG_RESULT([yes]) 2985 rlimit_nofile_zero_works=yes], 2986 [AC_MSG_RESULT([no]) 2987 rlimit_nofile_zero_works=no], 2988 [AC_MSG_WARN([cross compiling: assuming yes])] 2989) 2990 2991AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 2992AC_RUN_IFELSE( 2993 [AC_LANG_PROGRAM([[ 2994#include <sys/types.h> 2995#include <sys/resource.h> 2996#include <stdlib.h> 2997 ]],[[ 2998 struct rlimit rl_zero; 2999 3000 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3001 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3002 ]])], 3003 [AC_MSG_RESULT([yes])], 3004 [AC_MSG_RESULT([no]) 3005 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3006 [setrlimit RLIMIT_FSIZE works])], 3007 [AC_MSG_WARN([cross compiling: assuming yes])] 3008) 3009 3010if test "x$sandbox_arg" = "xsystrace" || \ 3011 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3012 test "x$have_systr_policy_kill" != "x1" && \ 3013 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3014 SANDBOX_STYLE="systrace" 3015 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3016elif test "x$sandbox_arg" = "xdarwin" || \ 3017 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3018 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3019 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3020 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3021 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3022 SANDBOX_STYLE="darwin" 3023 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3024elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3025 ( test -z "$sandbox_arg" && \ 3026 test "x$have_seccomp_filter" = "x1" && \ 3027 test "x$ac_cv_header_elf_h" = "xyes" && \ 3028 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3029 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3030 test "x$seccomp_audit_arch" != "x" && \ 3031 test "x$have_linux_no_new_privs" = "x1" && \ 3032 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3033 test "x$seccomp_audit_arch" = "x" && \ 3034 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3035 test "x$have_linux_no_new_privs" != "x1" && \ 3036 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3037 test "x$have_seccomp_filter" != "x1" && \ 3038 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3039 test "x$ac_cv_func_prctl" != "xyes" && \ 3040 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3041 SANDBOX_STYLE="seccomp_filter" 3042 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3043elif test "x$sandbox_arg" = "xcapsicum" || \ 3044 ( test -z "$sandbox_arg" && \ 3045 test "x$ac_cv_header_sys_capability_h" = "xyes" && \ 3046 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3047 test "x$ac_cv_header_sys_capability_h" != "xyes" && \ 3048 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header]) 3049 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3050 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3051 SANDBOX_STYLE="capsicum" 3052 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3053elif test "x$sandbox_arg" = "xrlimit" || \ 3054 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3055 test "x$select_works_with_rlimit" = "xyes" && \ 3056 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3057 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3058 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3059 test "x$select_works_with_rlimit" != "xyes" && \ 3060 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3061 SANDBOX_STYLE="rlimit" 3062 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3063elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3064 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3065 SANDBOX_STYLE="none" 3066 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3067else 3068 AC_MSG_ERROR([unsupported --with-sandbox]) 3069fi 3070 3071# Cheap hack to ensure NEWS-OS libraries are arranged right. 3072if test ! -z "$SONY" ; then 3073 LIBS="$LIBS -liberty"; 3074fi 3075 3076# Check for long long datatypes 3077AC_CHECK_TYPES([long long, unsigned long long, long double]) 3078 3079# Check datatype sizes 3080AC_CHECK_SIZEOF([short int], [2]) 3081AC_CHECK_SIZEOF([int], [4]) 3082AC_CHECK_SIZEOF([long int], [4]) 3083AC_CHECK_SIZEOF([long long int], [8]) 3084 3085# Sanity check long long for some platforms (AIX) 3086if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3087 ac_cv_sizeof_long_long_int=0 3088fi 3089 3090# compute LLONG_MIN and LLONG_MAX if we don't know them. 3091if test -z "$have_llong_max"; then 3092 AC_MSG_CHECKING([for max value of long long]) 3093 AC_RUN_IFELSE( 3094 [AC_LANG_PROGRAM([[ 3095#include <stdio.h> 3096/* Why is this so damn hard? */ 3097#ifdef __GNUC__ 3098# undef __GNUC__ 3099#endif 3100#define __USE_ISOC99 3101#include <limits.h> 3102#define DATA "conftest.llminmax" 3103#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3104 3105/* 3106 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3107 * we do this the hard way. 3108 */ 3109static int 3110fprint_ll(FILE *f, long long n) 3111{ 3112 unsigned int i; 3113 int l[sizeof(long long) * 8]; 3114 3115 if (n < 0) 3116 if (fprintf(f, "-") < 0) 3117 return -1; 3118 for (i = 0; n != 0; i++) { 3119 l[i] = my_abs(n % 10); 3120 n /= 10; 3121 } 3122 do { 3123 if (fprintf(f, "%d", l[--i]) < 0) 3124 return -1; 3125 } while (i != 0); 3126 if (fprintf(f, " ") < 0) 3127 return -1; 3128 return 0; 3129} 3130 ]], [[ 3131 FILE *f; 3132 long long i, llmin, llmax = 0; 3133 3134 if((f = fopen(DATA,"w")) == NULL) 3135 exit(1); 3136 3137#if defined(LLONG_MIN) && defined(LLONG_MAX) 3138 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3139 llmin = LLONG_MIN; 3140 llmax = LLONG_MAX; 3141#else 3142 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3143 /* This will work on one's complement and two's complement */ 3144 for (i = 1; i > llmax; i <<= 1, i++) 3145 llmax = i; 3146 llmin = llmax + 1LL; /* wrap */ 3147#endif 3148 3149 /* Sanity check */ 3150 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3151 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3152 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3153 fprintf(f, "unknown unknown\n"); 3154 exit(2); 3155 } 3156 3157 if (fprint_ll(f, llmin) < 0) 3158 exit(3); 3159 if (fprint_ll(f, llmax) < 0) 3160 exit(4); 3161 if (fclose(f) < 0) 3162 exit(5); 3163 exit(0); 3164 ]])], 3165 [ 3166 llong_min=`$AWK '{print $1}' conftest.llminmax` 3167 llong_max=`$AWK '{print $2}' conftest.llminmax` 3168 3169 AC_MSG_RESULT([$llong_max]) 3170 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3171 [max value of long long calculated by configure]) 3172 AC_MSG_CHECKING([for min value of long long]) 3173 AC_MSG_RESULT([$llong_min]) 3174 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3175 [min value of long long calculated by configure]) 3176 ], 3177 [ 3178 AC_MSG_RESULT([not found]) 3179 ], 3180 [ 3181 AC_MSG_WARN([cross compiling: not checking]) 3182 ] 3183 ) 3184fi 3185 3186 3187# More checks for data types 3188AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3189 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3190 [[ u_int a; a = 1;]])], 3191 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3192 ]) 3193]) 3194if test "x$ac_cv_have_u_int" = "xyes" ; then 3195 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3196 have_u_int=1 3197fi 3198 3199AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3200 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3201 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3202 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3203 ]) 3204]) 3205if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3206 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3207 have_intxx_t=1 3208fi 3209 3210if (test -z "$have_intxx_t" && \ 3211 test "x$ac_cv_header_stdint_h" = "xyes") 3212then 3213 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3214 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3215 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3216 [ 3217 AC_DEFINE([HAVE_INTXX_T]) 3218 AC_MSG_RESULT([yes]) 3219 ], [ AC_MSG_RESULT([no]) 3220 ]) 3221fi 3222 3223AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3224 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3225#include <sys/types.h> 3226#ifdef HAVE_STDINT_H 3227# include <stdint.h> 3228#endif 3229#include <sys/socket.h> 3230#ifdef HAVE_SYS_BITYPES_H 3231# include <sys/bitypes.h> 3232#endif 3233 ]], [[ 3234int64_t a; a = 1; 3235 ]])], 3236 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3237 ]) 3238]) 3239if test "x$ac_cv_have_int64_t" = "xyes" ; then 3240 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3241fi 3242 3243AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3244 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3245 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3246 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3247 ]) 3248]) 3249if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3250 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3251 have_u_intxx_t=1 3252fi 3253 3254if test -z "$have_u_intxx_t" ; then 3255 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3256 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3257 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3258 [ 3259 AC_DEFINE([HAVE_U_INTXX_T]) 3260 AC_MSG_RESULT([yes]) 3261 ], [ AC_MSG_RESULT([no]) 3262 ]) 3263fi 3264 3265AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3266 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3267 [[ u_int64_t a; a = 1;]])], 3268 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3269 ]) 3270]) 3271if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3272 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3273 have_u_int64_t=1 3274fi 3275 3276if (test -z "$have_u_int64_t" && \ 3277 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3278then 3279 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3280 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3281 [[ u_int64_t a; a = 1]])], 3282 [ 3283 AC_DEFINE([HAVE_U_INT64_T]) 3284 AC_MSG_RESULT([yes]) 3285 ], [ AC_MSG_RESULT([no]) 3286 ]) 3287fi 3288 3289if test -z "$have_u_intxx_t" ; then 3290 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3291 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3292#include <sys/types.h> 3293 ]], [[ 3294 uint8_t a; 3295 uint16_t b; 3296 uint32_t c; 3297 a = b = c = 1; 3298 ]])], 3299 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3300 ]) 3301 ]) 3302 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3303 AC_DEFINE([HAVE_UINTXX_T], [1], 3304 [define if you have uintxx_t data type]) 3305 fi 3306fi 3307 3308if (test -z "$have_uintxx_t" && \ 3309 test "x$ac_cv_header_stdint_h" = "xyes") 3310then 3311 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3312 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3313 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3314 [ 3315 AC_DEFINE([HAVE_UINTXX_T]) 3316 AC_MSG_RESULT([yes]) 3317 ], [ AC_MSG_RESULT([no]) 3318 ]) 3319fi 3320 3321if (test -z "$have_uintxx_t" && \ 3322 test "x$ac_cv_header_inttypes_h" = "xyes") 3323then 3324 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3325 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3326 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3327 [ 3328 AC_DEFINE([HAVE_UINTXX_T]) 3329 AC_MSG_RESULT([yes]) 3330 ], [ AC_MSG_RESULT([no]) 3331 ]) 3332fi 3333 3334if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3335 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3336then 3337 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3338 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3339#include <sys/bitypes.h> 3340 ]], [[ 3341 int8_t a; int16_t b; int32_t c; 3342 u_int8_t e; u_int16_t f; u_int32_t g; 3343 a = b = c = e = f = g = 1; 3344 ]])], 3345 [ 3346 AC_DEFINE([HAVE_U_INTXX_T]) 3347 AC_DEFINE([HAVE_INTXX_T]) 3348 AC_MSG_RESULT([yes]) 3349 ], [AC_MSG_RESULT([no]) 3350 ]) 3351fi 3352 3353 3354AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3355 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3356 [[ u_char foo; foo = 125; ]])], 3357 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3358 ]) 3359]) 3360if test "x$ac_cv_have_u_char" = "xyes" ; then 3361 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3362fi 3363 3364AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3365#include <sys/types.h> 3366#include <stdint.h> 3367]) 3368 3369TYPE_SOCKLEN_T 3370 3371AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3372AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3373#include <sys/types.h> 3374#ifdef HAVE_SYS_BITYPES_H 3375#include <sys/bitypes.h> 3376#endif 3377#ifdef HAVE_SYS_STATFS_H 3378#include <sys/statfs.h> 3379#endif 3380#ifdef HAVE_SYS_STATVFS_H 3381#include <sys/statvfs.h> 3382#endif 3383]) 3384 3385AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3386[#include <sys/types.h> 3387#include <netinet/in.h>]) 3388 3389AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3390 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3391 [[ size_t foo; foo = 1235; ]])], 3392 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3393 ]) 3394]) 3395if test "x$ac_cv_have_size_t" = "xyes" ; then 3396 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3397fi 3398 3399AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3400 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3401 [[ ssize_t foo; foo = 1235; ]])], 3402 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3403 ]) 3404]) 3405if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3406 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3407fi 3408 3409AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3410 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3411 [[ clock_t foo; foo = 1235; ]])], 3412 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3413 ]) 3414]) 3415if test "x$ac_cv_have_clock_t" = "xyes" ; then 3416 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3417fi 3418 3419AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3420 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3421#include <sys/types.h> 3422#include <sys/socket.h> 3423 ]], [[ sa_family_t foo; foo = 1235; ]])], 3424 [ ac_cv_have_sa_family_t="yes" ], 3425 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3426#include <sys/types.h> 3427#include <sys/socket.h> 3428#include <netinet/in.h> 3429 ]], [[ sa_family_t foo; foo = 1235; ]])], 3430 [ ac_cv_have_sa_family_t="yes" ], 3431 [ ac_cv_have_sa_family_t="no" ] 3432 ) 3433 ]) 3434]) 3435if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3436 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3437 [define if you have sa_family_t data type]) 3438fi 3439 3440AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3442 [[ pid_t foo; foo = 1235; ]])], 3443 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3444 ]) 3445]) 3446if test "x$ac_cv_have_pid_t" = "xyes" ; then 3447 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3448fi 3449 3450AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3451 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3452 [[ mode_t foo; foo = 1235; ]])], 3453 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3454 ]) 3455]) 3456if test "x$ac_cv_have_mode_t" = "xyes" ; then 3457 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3458fi 3459 3460 3461AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3463#include <sys/types.h> 3464#include <sys/socket.h> 3465 ]], [[ struct sockaddr_storage s; ]])], 3466 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3467 [ ac_cv_have_struct_sockaddr_storage="no" 3468 ]) 3469]) 3470if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3471 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3472 [define if you have struct sockaddr_storage data type]) 3473fi 3474 3475AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3476 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3477#include <sys/types.h> 3478#include <netinet/in.h> 3479 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3480 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3481 [ ac_cv_have_struct_sockaddr_in6="no" 3482 ]) 3483]) 3484if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3485 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3486 [define if you have struct sockaddr_in6 data type]) 3487fi 3488 3489AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3490 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3491#include <sys/types.h> 3492#include <netinet/in.h> 3493 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3494 [ ac_cv_have_struct_in6_addr="yes" ], 3495 [ ac_cv_have_struct_in6_addr="no" 3496 ]) 3497]) 3498if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3499 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3500 [define if you have struct in6_addr data type]) 3501 3502dnl Now check for sin6_scope_id 3503 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3504 [ 3505#ifdef HAVE_SYS_TYPES_H 3506#include <sys/types.h> 3507#endif 3508#include <netinet/in.h> 3509 ]) 3510fi 3511 3512AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3513 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3514#include <sys/types.h> 3515#include <sys/socket.h> 3516#include <netdb.h> 3517 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3518 [ ac_cv_have_struct_addrinfo="yes" ], 3519 [ ac_cv_have_struct_addrinfo="no" 3520 ]) 3521]) 3522if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3523 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3524 [define if you have struct addrinfo data type]) 3525fi 3526 3527AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3528 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3529 [[ struct timeval tv; tv.tv_sec = 1;]])], 3530 [ ac_cv_have_struct_timeval="yes" ], 3531 [ ac_cv_have_struct_timeval="no" 3532 ]) 3533]) 3534if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3535 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3536 have_struct_timeval=1 3537fi 3538 3539AC_CHECK_TYPES([struct timespec]) 3540 3541# We need int64_t or else certian parts of the compile will fail. 3542if test "x$ac_cv_have_int64_t" = "xno" && \ 3543 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3544 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3545 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3546 echo "an alternative compiler (I.E., GCC) before continuing." 3547 echo "" 3548 exit 1; 3549else 3550dnl test snprintf (broken on SCO w/gcc) 3551 AC_RUN_IFELSE( 3552 [AC_LANG_SOURCE([[ 3553#include <stdio.h> 3554#include <string.h> 3555#ifdef HAVE_SNPRINTF 3556main() 3557{ 3558 char buf[50]; 3559 char expected_out[50]; 3560 int mazsize = 50 ; 3561#if (SIZEOF_LONG_INT == 8) 3562 long int num = 0x7fffffffffffffff; 3563#else 3564 long long num = 0x7fffffffffffffffll; 3565#endif 3566 strcpy(expected_out, "9223372036854775807"); 3567 snprintf(buf, mazsize, "%lld", num); 3568 if(strcmp(buf, expected_out) != 0) 3569 exit(1); 3570 exit(0); 3571} 3572#else 3573main() { exit(0); } 3574#endif 3575 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3576 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3577 ) 3578fi 3579 3580dnl Checks for structure members 3581OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3582OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3583OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3584OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3585OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3586OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3587OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3588OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3589OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3590OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3591OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3592OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3593OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3594OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3595OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3596OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3597OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3598 3599AC_CHECK_MEMBERS([struct stat.st_blksize]) 3600AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3601struct passwd.pw_change, struct passwd.pw_expire], 3602[], [], [[ 3603#include <sys/types.h> 3604#include <pwd.h> 3605]]) 3606 3607AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3608 [Define if we don't have struct __res_state in resolv.h])], 3609[[ 3610#include <stdio.h> 3611#if HAVE_SYS_TYPES_H 3612# include <sys/types.h> 3613#endif 3614#include <netinet/in.h> 3615#include <arpa/nameser.h> 3616#include <resolv.h> 3617]]) 3618 3619AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3620 ac_cv_have_ss_family_in_struct_ss, [ 3621 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3622#include <sys/types.h> 3623#include <sys/socket.h> 3624 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3625 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3626 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3627]) 3628if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3629 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3630fi 3631 3632AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3633 ac_cv_have___ss_family_in_struct_ss, [ 3634 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3635#include <sys/types.h> 3636#include <sys/socket.h> 3637 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3638 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3639 [ ac_cv_have___ss_family_in_struct_ss="no" 3640 ]) 3641]) 3642if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3643 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3644 [Fields in struct sockaddr_storage]) 3645fi 3646 3647dnl make sure we're using the real structure members and not defines 3648AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3649 ac_cv_have_accrights_in_msghdr, [ 3650 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3651#include <sys/types.h> 3652#include <sys/socket.h> 3653#include <sys/uio.h> 3654 ]], [[ 3655#ifdef msg_accrights 3656#error "msg_accrights is a macro" 3657exit(1); 3658#endif 3659struct msghdr m; 3660m.msg_accrights = 0; 3661exit(0); 3662 ]])], 3663 [ ac_cv_have_accrights_in_msghdr="yes" ], 3664 [ ac_cv_have_accrights_in_msghdr="no" ] 3665 ) 3666]) 3667if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3668 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3669 [Define if your system uses access rights style 3670 file descriptor passing]) 3671fi 3672 3673AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3674AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3675#include <sys/param.h> 3676#include <sys/stat.h> 3677#ifdef HAVE_SYS_TIME_H 3678# include <sys/time.h> 3679#endif 3680#ifdef HAVE_SYS_MOUNT_H 3681#include <sys/mount.h> 3682#endif 3683#ifdef HAVE_SYS_STATVFS_H 3684#include <sys/statvfs.h> 3685#endif 3686 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3687 [ AC_MSG_RESULT([yes]) ], 3688 [ AC_MSG_RESULT([no]) 3689 3690 AC_MSG_CHECKING([if fsid_t has member val]) 3691 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3692#include <sys/types.h> 3693#include <sys/statvfs.h> 3694 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3695 [ AC_MSG_RESULT([yes]) 3696 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3697 [ AC_MSG_RESULT([no]) ]) 3698 3699 AC_MSG_CHECKING([if f_fsid has member __val]) 3700 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3701#include <sys/types.h> 3702#include <sys/statvfs.h> 3703 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3704 [ AC_MSG_RESULT([yes]) 3705 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3706 [ AC_MSG_RESULT([no]) ]) 3707]) 3708 3709AC_CACHE_CHECK([for msg_control field in struct msghdr], 3710 ac_cv_have_control_in_msghdr, [ 3711 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3712#include <sys/types.h> 3713#include <sys/socket.h> 3714#include <sys/uio.h> 3715 ]], [[ 3716#ifdef msg_control 3717#error "msg_control is a macro" 3718exit(1); 3719#endif 3720struct msghdr m; 3721m.msg_control = 0; 3722exit(0); 3723 ]])], 3724 [ ac_cv_have_control_in_msghdr="yes" ], 3725 [ ac_cv_have_control_in_msghdr="no" ] 3726 ) 3727]) 3728if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3729 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3730 [Define if your system uses ancillary data style 3731 file descriptor passing]) 3732fi 3733 3734AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3735 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3736 [[ extern char *__progname; printf("%s", __progname); ]])], 3737 [ ac_cv_libc_defines___progname="yes" ], 3738 [ ac_cv_libc_defines___progname="no" 3739 ]) 3740]) 3741if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3742 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3743fi 3744 3745AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3746 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3747 [[ printf("%s", __FUNCTION__); ]])], 3748 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3749 [ ac_cv_cc_implements___FUNCTION__="no" 3750 ]) 3751]) 3752if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 3753 AC_DEFINE([HAVE___FUNCTION__], [1], 3754 [Define if compiler implements __FUNCTION__]) 3755fi 3756 3757AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 3758 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3759 [[ printf("%s", __func__); ]])], 3760 [ ac_cv_cc_implements___func__="yes" ], 3761 [ ac_cv_cc_implements___func__="no" 3762 ]) 3763]) 3764if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 3765 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 3766fi 3767 3768AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 3769 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3770#include <stdarg.h> 3771va_list x,y; 3772 ]], [[ va_copy(x,y); ]])], 3773 [ ac_cv_have_va_copy="yes" ], 3774 [ ac_cv_have_va_copy="no" 3775 ]) 3776]) 3777if test "x$ac_cv_have_va_copy" = "xyes" ; then 3778 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 3779fi 3780 3781AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 3782 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3783#include <stdarg.h> 3784va_list x,y; 3785 ]], [[ __va_copy(x,y); ]])], 3786 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 3787 ]) 3788]) 3789if test "x$ac_cv_have___va_copy" = "xyes" ; then 3790 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 3791fi 3792 3793AC_CACHE_CHECK([whether getopt has optreset support], 3794 ac_cv_have_getopt_optreset, [ 3795 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 3796 [[ extern int optreset; optreset = 0; ]])], 3797 [ ac_cv_have_getopt_optreset="yes" ], 3798 [ ac_cv_have_getopt_optreset="no" 3799 ]) 3800]) 3801if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 3802 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 3803 [Define if your getopt(3) defines and uses optreset]) 3804fi 3805 3806AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 3807 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3808[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 3809 [ ac_cv_libc_defines_sys_errlist="yes" ], 3810 [ ac_cv_libc_defines_sys_errlist="no" 3811 ]) 3812]) 3813if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 3814 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 3815 [Define if your system defines sys_errlist[]]) 3816fi 3817 3818 3819AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 3820 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3821[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 3822 [ ac_cv_libc_defines_sys_nerr="yes" ], 3823 [ ac_cv_libc_defines_sys_nerr="no" 3824 ]) 3825]) 3826if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 3827 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 3828fi 3829 3830# Check libraries needed by DNS fingerprint support 3831AC_SEARCH_LIBS([getrrsetbyname], [resolv], 3832 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 3833 [Define if getrrsetbyname() exists])], 3834 [ 3835 # Needed by our getrrsetbyname() 3836 AC_SEARCH_LIBS([res_query], [resolv]) 3837 AC_SEARCH_LIBS([dn_expand], [resolv]) 3838 AC_MSG_CHECKING([if res_query will link]) 3839 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3840#include <sys/types.h> 3841#include <netinet/in.h> 3842#include <arpa/nameser.h> 3843#include <netdb.h> 3844#include <resolv.h> 3845 ]], [[ 3846 res_query (0, 0, 0, 0, 0); 3847 ]])], 3848 AC_MSG_RESULT([yes]), 3849 [AC_MSG_RESULT([no]) 3850 saved_LIBS="$LIBS" 3851 LIBS="$LIBS -lresolv" 3852 AC_MSG_CHECKING([for res_query in -lresolv]) 3853 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3854#include <sys/types.h> 3855#include <netinet/in.h> 3856#include <arpa/nameser.h> 3857#include <netdb.h> 3858#include <resolv.h> 3859 ]], [[ 3860 res_query (0, 0, 0, 0, 0); 3861 ]])], 3862 [AC_MSG_RESULT([yes])], 3863 [LIBS="$saved_LIBS" 3864 AC_MSG_RESULT([no])]) 3865 ]) 3866 AC_CHECK_FUNCS([_getshort _getlong]) 3867 AC_CHECK_DECLS([_getshort, _getlong], , , 3868 [#include <sys/types.h> 3869 #include <arpa/nameser.h>]) 3870 AC_CHECK_MEMBER([HEADER.ad], 3871 [AC_DEFINE([HAVE_HEADER_AD], [1], 3872 [Define if HEADER.ad exists in arpa/nameser.h])], , 3873 [#include <arpa/nameser.h>]) 3874 ]) 3875 3876AC_MSG_CHECKING([if struct __res_state _res is an extern]) 3877AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3878#include <stdio.h> 3879#if HAVE_SYS_TYPES_H 3880# include <sys/types.h> 3881#endif 3882#include <netinet/in.h> 3883#include <arpa/nameser.h> 3884#include <resolv.h> 3885extern struct __res_state _res; 3886 ]], [[ ]])], 3887 [AC_MSG_RESULT([yes]) 3888 AC_DEFINE([HAVE__RES_EXTERN], [1], 3889 [Define if you have struct __res_state _res as an extern]) 3890 ], 3891 [ AC_MSG_RESULT([no]) ] 3892) 3893 3894# Check whether user wants SELinux support 3895SELINUX_MSG="no" 3896LIBSELINUX="" 3897AC_ARG_WITH([selinux], 3898 [ --with-selinux Enable SELinux support], 3899 [ if test "x$withval" != "xno" ; then 3900 save_LIBS="$LIBS" 3901 AC_DEFINE([WITH_SELINUX], [1], 3902 [Define if you want SELinux support.]) 3903 SELINUX_MSG="yes" 3904 AC_CHECK_HEADER([selinux/selinux.h], , 3905 AC_MSG_ERROR([SELinux support requires selinux.h header])) 3906 AC_CHECK_LIB([selinux], [setexeccon], 3907 [ LIBSELINUX="-lselinux" 3908 LIBS="$LIBS -lselinux" 3909 ], 3910 AC_MSG_ERROR([SELinux support requires libselinux library])) 3911 SSHLIBS="$SSHLIBS $LIBSELINUX" 3912 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 3913 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 3914 LIBS="$save_LIBS" 3915 fi ] 3916) 3917AC_SUBST([SSHLIBS]) 3918AC_SUBST([SSHDLIBS]) 3919 3920# Check whether user wants Kerberos 5 support 3921KRB5_MSG="no" 3922AC_ARG_WITH([kerberos5], 3923 [ --with-kerberos5=PATH Enable Kerberos 5 support], 3924 [ if test "x$withval" != "xno" ; then 3925 if test "x$withval" = "xyes" ; then 3926 KRB5ROOT="/usr/local" 3927 else 3928 KRB5ROOT=${withval} 3929 fi 3930 3931 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 3932 KRB5_MSG="yes" 3933 3934 AC_PATH_PROG([KRB5CONF], [krb5-config], 3935 [$KRB5ROOT/bin/krb5-config], 3936 [$KRB5ROOT/bin:$PATH]) 3937 if test -x $KRB5CONF ; then 3938 K5CFLAGS="`$KRB5CONF --cflags`" 3939 K5LIBS="`$KRB5CONF --libs`" 3940 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 3941 3942 AC_MSG_CHECKING([for gssapi support]) 3943 if $KRB5CONF | grep gssapi >/dev/null ; then 3944 AC_MSG_RESULT([yes]) 3945 AC_DEFINE([GSSAPI], [1], 3946 [Define this if you want GSSAPI 3947 support in the version 2 protocol]) 3948 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 3949 GSSLIBS="`$KRB5CONF --libs gssapi`" 3950 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 3951 else 3952 AC_MSG_RESULT([no]) 3953 fi 3954 AC_MSG_CHECKING([whether we are using Heimdal]) 3955 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 3956 ]], [[ char *tmp = heimdal_version; ]])], 3957 [ AC_MSG_RESULT([yes]) 3958 AC_DEFINE([HEIMDAL], [1], 3959 [Define this if you are using the Heimdal 3960 version of Kerberos V5]) ], 3961 [AC_MSG_RESULT([no]) 3962 ]) 3963 else 3964 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 3965 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 3966 AC_MSG_CHECKING([whether we are using Heimdal]) 3967 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 3968 ]], [[ char *tmp = heimdal_version; ]])], 3969 [ AC_MSG_RESULT([yes]) 3970 AC_DEFINE([HEIMDAL]) 3971 K5LIBS="-lkrb5" 3972 K5LIBS="$K5LIBS -lcom_err -lasn1" 3973 AC_CHECK_LIB([roken], [net_write], 3974 [K5LIBS="$K5LIBS -lroken"]) 3975 AC_CHECK_LIB([des], [des_cbc_encrypt], 3976 [K5LIBS="$K5LIBS -ldes"]) 3977 ], [ AC_MSG_RESULT([no]) 3978 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 3979 3980 ]) 3981 AC_SEARCH_LIBS([dn_expand], [resolv]) 3982 3983 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 3984 [ AC_DEFINE([GSSAPI]) 3985 GSSLIBS="-lgssapi_krb5" ], 3986 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 3987 [ AC_DEFINE([GSSAPI]) 3988 GSSLIBS="-lgssapi" ], 3989 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 3990 [ AC_DEFINE([GSSAPI]) 3991 GSSLIBS="-lgss" ], 3992 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 3993 ]) 3994 ]) 3995 3996 AC_CHECK_HEADER([gssapi.h], , 3997 [ unset ac_cv_header_gssapi_h 3998 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 3999 AC_CHECK_HEADERS([gssapi.h], , 4000 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4001 ) 4002 ] 4003 ) 4004 4005 oldCPP="$CPPFLAGS" 4006 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4007 AC_CHECK_HEADER([gssapi_krb5.h], , 4008 [ CPPFLAGS="$oldCPP" ]) 4009 4010 fi 4011 if test ! -z "$need_dash_r" ; then 4012 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4013 fi 4014 if test ! -z "$blibpath" ; then 4015 blibpath="$blibpath:${KRB5ROOT}/lib" 4016 fi 4017 4018 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4019 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4020 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4021 4022 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4023 [Define this if you want to use libkafs' AFS support])]) 4024 4025 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4026#ifdef HAVE_GSSAPI_H 4027# include <gssapi.h> 4028#elif defined(HAVE_GSSAPI_GSSAPI_H) 4029# include <gssapi/gssapi.h> 4030#endif 4031 4032#ifdef HAVE_GSSAPI_GENERIC_H 4033# include <gssapi_generic.h> 4034#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4035# include <gssapi/gssapi_generic.h> 4036#endif 4037 ]]) 4038 saved_LIBS="$LIBS" 4039 LIBS="$LIBS $K5LIBS" 4040 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4041 LIBS="$saved_LIBS" 4042 4043 fi 4044 ] 4045) 4046AC_SUBST([GSSLIBS]) 4047AC_SUBST([K5LIBS]) 4048 4049# Looking for programs, paths and files 4050 4051PRIVSEP_PATH=/var/empty 4052AC_ARG_WITH([privsep-path], 4053 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4054 [ 4055 if test -n "$withval" && test "x$withval" != "xno" && \ 4056 test "x${withval}" != "xyes"; then 4057 PRIVSEP_PATH=$withval 4058 fi 4059 ] 4060) 4061AC_SUBST([PRIVSEP_PATH]) 4062 4063AC_ARG_WITH([xauth], 4064 [ --with-xauth=PATH Specify path to xauth program ], 4065 [ 4066 if test -n "$withval" && test "x$withval" != "xno" && \ 4067 test "x${withval}" != "xyes"; then 4068 xauth_path=$withval 4069 fi 4070 ], 4071 [ 4072 TestPath="$PATH" 4073 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4074 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4075 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4076 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4077 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4078 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4079 xauth_path="/usr/openwin/bin/xauth" 4080 fi 4081 ] 4082) 4083 4084STRIP_OPT=-s 4085AC_ARG_ENABLE([strip], 4086 [ --disable-strip Disable calling strip(1) on install], 4087 [ 4088 if test "x$enableval" = "xno" ; then 4089 STRIP_OPT= 4090 fi 4091 ] 4092) 4093AC_SUBST([STRIP_OPT]) 4094 4095if test -z "$xauth_path" ; then 4096 XAUTH_PATH="undefined" 4097 AC_SUBST([XAUTH_PATH]) 4098else 4099 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4100 [Define if xauth is found in your path]) 4101 XAUTH_PATH=$xauth_path 4102 AC_SUBST([XAUTH_PATH]) 4103fi 4104 4105dnl # --with-maildir=/path/to/mail gets top priority. 4106dnl # if maildir is set in the platform case statement above we use that. 4107dnl # Otherwise we run a program to get the dir from system headers. 4108dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4109dnl # If we find _PATH_MAILDIR we do nothing because that is what 4110dnl # session.c expects anyway. Otherwise we set to the value found 4111dnl # stripping any trailing slash. If for some strage reason our program 4112dnl # does not find what it needs, we default to /var/spool/mail. 4113# Check for mail directory 4114AC_ARG_WITH([maildir], 4115 [ --with-maildir=/path/to/mail Specify your system mail directory], 4116 [ 4117 if test "X$withval" != X && test "x$withval" != xno && \ 4118 test "x${withval}" != xyes; then 4119 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4120 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4121 fi 4122 ],[ 4123 if test "X$maildir" != "X"; then 4124 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4125 else 4126 AC_MSG_CHECKING([Discovering system mail directory]) 4127 AC_RUN_IFELSE( 4128 [AC_LANG_PROGRAM([[ 4129#include <stdio.h> 4130#include <string.h> 4131#ifdef HAVE_PATHS_H 4132#include <paths.h> 4133#endif 4134#ifdef HAVE_MAILLOCK_H 4135#include <maillock.h> 4136#endif 4137#define DATA "conftest.maildir" 4138 ]], [[ 4139 FILE *fd; 4140 int rc; 4141 4142 fd = fopen(DATA,"w"); 4143 if(fd == NULL) 4144 exit(1); 4145 4146#if defined (_PATH_MAILDIR) 4147 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4148 exit(1); 4149#elif defined (MAILDIR) 4150 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4151 exit(1); 4152#elif defined (_PATH_MAIL) 4153 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4154 exit(1); 4155#else 4156 exit (2); 4157#endif 4158 4159 exit(0); 4160 ]])], 4161 [ 4162 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4163 maildir=`awk -F: '{print $2}' conftest.maildir \ 4164 | sed 's|/$||'` 4165 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4166 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4167 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4168 fi 4169 ], 4170 [ 4171 if test "X$ac_status" = "X2";then 4172# our test program didn't find it. Default to /var/spool/mail 4173 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4174 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4175 else 4176 AC_MSG_RESULT([*** not found ***]) 4177 fi 4178 ], 4179 [ 4180 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4181 ] 4182 ) 4183 fi 4184 ] 4185) # maildir 4186 4187if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4188 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4189 disable_ptmx_check=yes 4190fi 4191if test -z "$no_dev_ptmx" ; then 4192 if test "x$disable_ptmx_check" != "xyes" ; then 4193 AC_CHECK_FILE(["/dev/ptmx"], 4194 [ 4195 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4196 [Define if you have /dev/ptmx]) 4197 have_dev_ptmx=1 4198 ] 4199 ) 4200 fi 4201fi 4202 4203if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4204 AC_CHECK_FILE(["/dev/ptc"], 4205 [ 4206 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4207 [Define if you have /dev/ptc]) 4208 have_dev_ptc=1 4209 ] 4210 ) 4211else 4212 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4213fi 4214 4215# Options from here on. Some of these are preset by platform above 4216AC_ARG_WITH([mantype], 4217 [ --with-mantype=man|cat|doc Set man page type], 4218 [ 4219 case "$withval" in 4220 man|cat|doc) 4221 MANTYPE=$withval 4222 ;; 4223 *) 4224 AC_MSG_ERROR([invalid man type: $withval]) 4225 ;; 4226 esac 4227 ] 4228) 4229if test -z "$MANTYPE"; then 4230 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4231 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4232 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4233 MANTYPE=doc 4234 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4235 MANTYPE=man 4236 else 4237 MANTYPE=cat 4238 fi 4239fi 4240AC_SUBST([MANTYPE]) 4241if test "$MANTYPE" = "doc"; then 4242 mansubdir=man; 4243else 4244 mansubdir=$MANTYPE; 4245fi 4246AC_SUBST([mansubdir]) 4247 4248# Check whether to enable MD5 passwords 4249MD5_MSG="no" 4250AC_ARG_WITH([md5-passwords], 4251 [ --with-md5-passwords Enable use of MD5 passwords], 4252 [ 4253 if test "x$withval" != "xno" ; then 4254 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4255 [Define if you want to allow MD5 passwords]) 4256 MD5_MSG="yes" 4257 fi 4258 ] 4259) 4260 4261# Whether to disable shadow password support 4262AC_ARG_WITH([shadow], 4263 [ --without-shadow Disable shadow password support], 4264 [ 4265 if test "x$withval" = "xno" ; then 4266 AC_DEFINE([DISABLE_SHADOW]) 4267 disable_shadow=yes 4268 fi 4269 ] 4270) 4271 4272if test -z "$disable_shadow" ; then 4273 AC_MSG_CHECKING([if the systems has expire shadow information]) 4274 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4275#include <sys/types.h> 4276#include <shadow.h> 4277struct spwd sp; 4278 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4279 [ sp_expire_available=yes ], [ 4280 ]) 4281 4282 if test "x$sp_expire_available" = "xyes" ; then 4283 AC_MSG_RESULT([yes]) 4284 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4285 [Define if you want to use shadow password expire field]) 4286 else 4287 AC_MSG_RESULT([no]) 4288 fi 4289fi 4290 4291# Use ip address instead of hostname in $DISPLAY 4292if test ! -z "$IPADDR_IN_DISPLAY" ; then 4293 DISPLAY_HACK_MSG="yes" 4294 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4295 [Define if you need to use IP address 4296 instead of hostname in $DISPLAY]) 4297else 4298 DISPLAY_HACK_MSG="no" 4299 AC_ARG_WITH([ipaddr-display], 4300 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], 4301 [ 4302 if test "x$withval" != "xno" ; then 4303 AC_DEFINE([IPADDR_IN_DISPLAY]) 4304 DISPLAY_HACK_MSG="yes" 4305 fi 4306 ] 4307 ) 4308fi 4309 4310# check for /etc/default/login and use it if present. 4311AC_ARG_ENABLE([etc-default-login], 4312 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4313 [ if test "x$enableval" = "xno"; then 4314 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4315 etc_default_login=no 4316 else 4317 etc_default_login=yes 4318 fi ], 4319 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4320 then 4321 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4322 etc_default_login=no 4323 else 4324 etc_default_login=yes 4325 fi ] 4326) 4327 4328if test "x$etc_default_login" != "xno"; then 4329 AC_CHECK_FILE(["/etc/default/login"], 4330 [ external_path_file=/etc/default/login ]) 4331 if test "x$external_path_file" = "x/etc/default/login"; then 4332 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4333 [Define if your system has /etc/default/login]) 4334 fi 4335fi 4336 4337dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4338if test $ac_cv_func_login_getcapbool = "yes" && \ 4339 test $ac_cv_header_login_cap_h = "yes" ; then 4340 external_path_file=/etc/login.conf 4341fi 4342 4343# Whether to mess with the default path 4344SERVER_PATH_MSG="(default)" 4345AC_ARG_WITH([default-path], 4346 [ --with-default-path= Specify default \$PATH environment for server], 4347 [ 4348 if test "x$external_path_file" = "x/etc/login.conf" ; then 4349 AC_MSG_WARN([ 4350--with-default-path=PATH has no effect on this system. 4351Edit /etc/login.conf instead.]) 4352 elif test "x$withval" != "xno" ; then 4353 if test ! -z "$external_path_file" ; then 4354 AC_MSG_WARN([ 4355--with-default-path=PATH will only be used if PATH is not defined in 4356$external_path_file .]) 4357 fi 4358 user_path="$withval" 4359 SERVER_PATH_MSG="$withval" 4360 fi 4361 ], 4362 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4363 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4364 else 4365 if test ! -z "$external_path_file" ; then 4366 AC_MSG_WARN([ 4367If PATH is defined in $external_path_file, ensure the path to scp is included, 4368otherwise scp will not work.]) 4369 fi 4370 AC_RUN_IFELSE( 4371 [AC_LANG_PROGRAM([[ 4372/* find out what STDPATH is */ 4373#include <stdio.h> 4374#ifdef HAVE_PATHS_H 4375# include <paths.h> 4376#endif 4377#ifndef _PATH_STDPATH 4378# ifdef _PATH_USERPATH /* Irix */ 4379# define _PATH_STDPATH _PATH_USERPATH 4380# else 4381# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4382# endif 4383#endif 4384#include <sys/types.h> 4385#include <sys/stat.h> 4386#include <fcntl.h> 4387#define DATA "conftest.stdpath" 4388 ]], [[ 4389 FILE *fd; 4390 int rc; 4391 4392 fd = fopen(DATA,"w"); 4393 if(fd == NULL) 4394 exit(1); 4395 4396 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4397 exit(1); 4398 4399 exit(0); 4400 ]])], 4401 [ user_path=`cat conftest.stdpath` ], 4402 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4403 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4404 ) 4405# make sure $bindir is in USER_PATH so scp will work 4406 t_bindir="${bindir}" 4407 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4408 t_bindir=`eval echo ${t_bindir}` 4409 case $t_bindir in 4410 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4411 esac 4412 case $t_bindir in 4413 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4414 esac 4415 done 4416 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4417 if test $? -ne 0 ; then 4418 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4419 if test $? -ne 0 ; then 4420 user_path=$user_path:$t_bindir 4421 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4422 fi 4423 fi 4424 fi ] 4425) 4426if test "x$external_path_file" != "x/etc/login.conf" ; then 4427 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4428 AC_SUBST([user_path]) 4429fi 4430 4431# Set superuser path separately to user path 4432AC_ARG_WITH([superuser-path], 4433 [ --with-superuser-path= Specify different path for super-user], 4434 [ 4435 if test -n "$withval" && test "x$withval" != "xno" && \ 4436 test "x${withval}" != "xyes"; then 4437 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4438 [Define if you want a different $PATH 4439 for the superuser]) 4440 superuser_path=$withval 4441 fi 4442 ] 4443) 4444 4445 4446AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4447IPV4_IN6_HACK_MSG="no" 4448AC_ARG_WITH(4in6, 4449 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4450 [ 4451 if test "x$withval" != "xno" ; then 4452 AC_MSG_RESULT([yes]) 4453 AC_DEFINE([IPV4_IN_IPV6], [1], 4454 [Detect IPv4 in IPv6 mapped addresses 4455 and treat as IPv4]) 4456 IPV4_IN6_HACK_MSG="yes" 4457 else 4458 AC_MSG_RESULT([no]) 4459 fi 4460 ], [ 4461 if test "x$inet6_default_4in6" = "xyes"; then 4462 AC_MSG_RESULT([yes (default)]) 4463 AC_DEFINE([IPV4_IN_IPV6]) 4464 IPV4_IN6_HACK_MSG="yes" 4465 else 4466 AC_MSG_RESULT([no (default)]) 4467 fi 4468 ] 4469) 4470 4471# Whether to enable BSD auth support 4472BSD_AUTH_MSG=no 4473AC_ARG_WITH([bsd-auth], 4474 [ --with-bsd-auth Enable BSD auth support], 4475 [ 4476 if test "x$withval" != "xno" ; then 4477 AC_DEFINE([BSD_AUTH], [1], 4478 [Define if you have BSD auth support]) 4479 BSD_AUTH_MSG=yes 4480 fi 4481 ] 4482) 4483 4484# Where to place sshd.pid 4485piddir=/var/run 4486# make sure the directory exists 4487if test ! -d $piddir ; then 4488 piddir=`eval echo ${sysconfdir}` 4489 case $piddir in 4490 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4491 esac 4492fi 4493 4494AC_ARG_WITH([pid-dir], 4495 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4496 [ 4497 if test -n "$withval" && test "x$withval" != "xno" && \ 4498 test "x${withval}" != "xyes"; then 4499 piddir=$withval 4500 if test ! -d $piddir ; then 4501 AC_MSG_WARN([** no $piddir directory on this system **]) 4502 fi 4503 fi 4504 ] 4505) 4506 4507AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4508 [Specify location of ssh.pid]) 4509AC_SUBST([piddir]) 4510 4511dnl allow user to disable some login recording features 4512AC_ARG_ENABLE([lastlog], 4513 [ --disable-lastlog disable use of lastlog even if detected [no]], 4514 [ 4515 if test "x$enableval" = "xno" ; then 4516 AC_DEFINE([DISABLE_LASTLOG]) 4517 fi 4518 ] 4519) 4520AC_ARG_ENABLE([utmp], 4521 [ --disable-utmp disable use of utmp even if detected [no]], 4522 [ 4523 if test "x$enableval" = "xno" ; then 4524 AC_DEFINE([DISABLE_UTMP]) 4525 fi 4526 ] 4527) 4528AC_ARG_ENABLE([utmpx], 4529 [ --disable-utmpx disable use of utmpx even if detected [no]], 4530 [ 4531 if test "x$enableval" = "xno" ; then 4532 AC_DEFINE([DISABLE_UTMPX], [1], 4533 [Define if you don't want to use utmpx]) 4534 fi 4535 ] 4536) 4537AC_ARG_ENABLE([wtmp], 4538 [ --disable-wtmp disable use of wtmp even if detected [no]], 4539 [ 4540 if test "x$enableval" = "xno" ; then 4541 AC_DEFINE([DISABLE_WTMP]) 4542 fi 4543 ] 4544) 4545AC_ARG_ENABLE([wtmpx], 4546 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4547 [ 4548 if test "x$enableval" = "xno" ; then 4549 AC_DEFINE([DISABLE_WTMPX], [1], 4550 [Define if you don't want to use wtmpx]) 4551 fi 4552 ] 4553) 4554AC_ARG_ENABLE([libutil], 4555 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4556 [ 4557 if test "x$enableval" = "xno" ; then 4558 AC_DEFINE([DISABLE_LOGIN]) 4559 fi 4560 ] 4561) 4562AC_ARG_ENABLE([pututline], 4563 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4564 [ 4565 if test "x$enableval" = "xno" ; then 4566 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4567 [Define if you don't want to use pututline() 4568 etc. to write [uw]tmp]) 4569 fi 4570 ] 4571) 4572AC_ARG_ENABLE([pututxline], 4573 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4574 [ 4575 if test "x$enableval" = "xno" ; then 4576 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4577 [Define if you don't want to use pututxline() 4578 etc. to write [uw]tmpx]) 4579 fi 4580 ] 4581) 4582AC_ARG_WITH([lastlog], 4583 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4584 [ 4585 if test "x$withval" = "xno" ; then 4586 AC_DEFINE([DISABLE_LASTLOG]) 4587 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4588 conf_lastlog_location=$withval 4589 fi 4590 ] 4591) 4592 4593dnl lastlog, [uw]tmpx? detection 4594dnl NOTE: set the paths in the platform section to avoid the 4595dnl need for command-line parameters 4596dnl lastlog and [uw]tmp are subject to a file search if all else fails 4597 4598dnl lastlog detection 4599dnl NOTE: the code itself will detect if lastlog is a directory 4600AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4601AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4602#include <sys/types.h> 4603#include <utmp.h> 4604#ifdef HAVE_LASTLOG_H 4605# include <lastlog.h> 4606#endif 4607#ifdef HAVE_PATHS_H 4608# include <paths.h> 4609#endif 4610#ifdef HAVE_LOGIN_H 4611# include <login.h> 4612#endif 4613 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4614 [ AC_MSG_RESULT([yes]) ], 4615 [ 4616 AC_MSG_RESULT([no]) 4617 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4618 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4619#include <sys/types.h> 4620#include <utmp.h> 4621#ifdef HAVE_LASTLOG_H 4622# include <lastlog.h> 4623#endif 4624#ifdef HAVE_PATHS_H 4625# include <paths.h> 4626#endif 4627 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4628 [ AC_MSG_RESULT([yes]) ], 4629 [ 4630 AC_MSG_RESULT([no]) 4631 system_lastlog_path=no 4632 ]) 4633]) 4634 4635if test -z "$conf_lastlog_location"; then 4636 if test x"$system_lastlog_path" = x"no" ; then 4637 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4638 if (test -d "$f" || test -f "$f") ; then 4639 conf_lastlog_location=$f 4640 fi 4641 done 4642 if test -z "$conf_lastlog_location"; then 4643 AC_MSG_WARN([** Cannot find lastlog **]) 4644 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4645 fi 4646 fi 4647fi 4648 4649if test -n "$conf_lastlog_location"; then 4650 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4651 [Define if you want to specify the path to your lastlog file]) 4652fi 4653 4654dnl utmp detection 4655AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4656AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4657#include <sys/types.h> 4658#include <utmp.h> 4659#ifdef HAVE_PATHS_H 4660# include <paths.h> 4661#endif 4662 ]], [[ char *utmp = UTMP_FILE; ]])], 4663 [ AC_MSG_RESULT([yes]) ], 4664 [ AC_MSG_RESULT([no]) 4665 system_utmp_path=no 4666]) 4667if test -z "$conf_utmp_location"; then 4668 if test x"$system_utmp_path" = x"no" ; then 4669 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4670 if test -f $f ; then 4671 conf_utmp_location=$f 4672 fi 4673 done 4674 if test -z "$conf_utmp_location"; then 4675 AC_DEFINE([DISABLE_UTMP]) 4676 fi 4677 fi 4678fi 4679if test -n "$conf_utmp_location"; then 4680 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4681 [Define if you want to specify the path to your utmp file]) 4682fi 4683 4684dnl wtmp detection 4685AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4686AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4687#include <sys/types.h> 4688#include <utmp.h> 4689#ifdef HAVE_PATHS_H 4690# include <paths.h> 4691#endif 4692 ]], [[ char *wtmp = WTMP_FILE; ]])], 4693 [ AC_MSG_RESULT([yes]) ], 4694 [ AC_MSG_RESULT([no]) 4695 system_wtmp_path=no 4696]) 4697if test -z "$conf_wtmp_location"; then 4698 if test x"$system_wtmp_path" = x"no" ; then 4699 for f in /usr/adm/wtmp /var/log/wtmp; do 4700 if test -f $f ; then 4701 conf_wtmp_location=$f 4702 fi 4703 done 4704 if test -z "$conf_wtmp_location"; then 4705 AC_DEFINE([DISABLE_WTMP]) 4706 fi 4707 fi 4708fi 4709if test -n "$conf_wtmp_location"; then 4710 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4711 [Define if you want to specify the path to your wtmp file]) 4712fi 4713 4714dnl wtmpx detection 4715AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4716AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4717#include <sys/types.h> 4718#include <utmp.h> 4719#ifdef HAVE_UTMPX_H 4720#include <utmpx.h> 4721#endif 4722#ifdef HAVE_PATHS_H 4723# include <paths.h> 4724#endif 4725 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4726 [ AC_MSG_RESULT([yes]) ], 4727 [ AC_MSG_RESULT([no]) 4728 system_wtmpx_path=no 4729]) 4730if test -z "$conf_wtmpx_location"; then 4731 if test x"$system_wtmpx_path" = x"no" ; then 4732 AC_DEFINE([DISABLE_WTMPX]) 4733 fi 4734else 4735 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4736 [Define if you want to specify the path to your wtmpx file]) 4737fi 4738 4739 4740if test ! -z "$blibpath" ; then 4741 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4742 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4743fi 4744 4745AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4746 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4747 AC_DEFINE([DISABLE_LASTLOG]) 4748 fi 4749 ], [ 4750#ifdef HAVE_SYS_TYPES_H 4751#include <sys/types.h> 4752#endif 4753#ifdef HAVE_UTMP_H 4754#include <utmp.h> 4755#endif 4756#ifdef HAVE_UTMPX_H 4757#include <utmpx.h> 4758#endif 4759#ifdef HAVE_LASTLOG_H 4760#include <lastlog.h> 4761#endif 4762 ]) 4763 4764AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 4765 AC_DEFINE([DISABLE_UTMP]) 4766 AC_DEFINE([DISABLE_WTMP]) 4767 ], [ 4768#ifdef HAVE_SYS_TYPES_H 4769#include <sys/types.h> 4770#endif 4771#ifdef HAVE_UTMP_H 4772#include <utmp.h> 4773#endif 4774#ifdef HAVE_UTMPX_H 4775#include <utmpx.h> 4776#endif 4777#ifdef HAVE_LASTLOG_H 4778#include <lastlog.h> 4779#endif 4780 ]) 4781 4782dnl Adding -Werror to CFLAGS early prevents configure tests from running. 4783dnl Add now. 4784CFLAGS="$CFLAGS $werror_flags" 4785 4786if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 4787 TEST_SSH_IPV6=no 4788else 4789 TEST_SSH_IPV6=yes 4790fi 4791AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 4792AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 4793AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 4794AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 4795 4796AC_EXEEXT 4797AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 4798 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 4799 survey.sh]) 4800AC_OUTPUT 4801 4802# Print summary of options 4803 4804# Someone please show me a better way :) 4805A=`eval echo ${prefix}` ; A=`eval echo ${A}` 4806B=`eval echo ${bindir}` ; B=`eval echo ${B}` 4807C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 4808D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 4809E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 4810F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 4811G=`eval echo ${piddir}` ; G=`eval echo ${G}` 4812H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 4813I=`eval echo ${user_path}` ; I=`eval echo ${I}` 4814J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 4815 4816echo "" 4817echo "OpenSSH has been configured with the following options:" 4818echo " User binaries: $B" 4819echo " System binaries: $C" 4820echo " Configuration files: $D" 4821echo " Askpass program: $E" 4822echo " Manual pages: $F" 4823echo " PID file: $G" 4824echo " Privilege separation chroot path: $H" 4825if test "x$external_path_file" = "x/etc/login.conf" ; then 4826echo " At runtime, sshd will use the path defined in $external_path_file" 4827echo " Make sure the path to scp is present, otherwise scp will not work" 4828else 4829echo " sshd default user PATH: $I" 4830 if test ! -z "$external_path_file"; then 4831echo " (If PATH is set in $external_path_file it will be used instead. If" 4832echo " used, ensure the path to scp is present, otherwise scp will not work.)" 4833 fi 4834fi 4835if test ! -z "$superuser_path" ; then 4836echo " sshd superuser user PATH: $J" 4837fi 4838echo " Manpage format: $MANTYPE" 4839echo " PAM support: $PAM_MSG" 4840echo " OSF SIA support: $SIA_MSG" 4841echo " KerberosV support: $KRB5_MSG" 4842echo " SELinux support: $SELINUX_MSG" 4843echo " Smartcard support: $SCARD_MSG" 4844echo " S/KEY support: $SKEY_MSG" 4845echo " TCP Wrappers support: $TCPW_MSG" 4846echo " MD5 password support: $MD5_MSG" 4847echo " libedit support: $LIBEDIT_MSG" 4848echo " Solaris process contract support: $SPC_MSG" 4849echo " Solaris project support: $SP_MSG" 4850echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 4851echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 4852echo " BSD Auth support: $BSD_AUTH_MSG" 4853echo " Random number source: $RAND_MSG" 4854echo " Privsep sandbox style: $SANDBOX_STYLE" 4855 4856echo "" 4857 4858echo " Host: ${host}" 4859echo " Compiler: ${CC}" 4860echo " Compiler flags: ${CFLAGS}" 4861echo "Preprocessor flags: ${CPPFLAGS}" 4862echo " Linker flags: ${LDFLAGS}" 4863echo " Libraries: ${LIBS}" 4864if test ! -z "${SSHDLIBS}"; then 4865echo " +for sshd: ${SSHDLIBS}" 4866fi 4867if test ! -z "${SSHLIBS}"; then 4868echo " +for ssh: ${SSHLIBS}" 4869fi 4870 4871echo "" 4872 4873if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 4874 echo "SVR4 style packages are supported with \"make package\"" 4875 echo "" 4876fi 4877 4878if test "x$PAM_MSG" = "xyes" ; then 4879 echo "PAM is enabled. You may need to install a PAM control file " 4880 echo "for sshd, otherwise password authentication may fail. " 4881 echo "Example PAM control files can be found in the contrib/ " 4882 echo "subdirectory" 4883 echo "" 4884fi 4885 4886if test ! -z "$NO_PEERCHECK" ; then 4887 echo "WARNING: the operating system that you are using does not" 4888 echo "appear to support getpeereid(), getpeerucred() or the" 4889 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 4890 echo "enforce security checks to prevent unauthorised connections to" 4891 echo "ssh-agent. Their absence increases the risk that a malicious" 4892 echo "user can connect to your agent." 4893 echo "" 4894fi 4895 4896if test "$AUDIT_MODULE" = "bsm" ; then 4897 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 4898 echo "See the Solaris section in README.platform for details." 4899fi 4900