1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ 2# $FreeBSD$ 3# 4# Copyright (c) 1999-2004 Damien Miller 5# 6# Permission to use, copy, modify, and distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 19AC_REVISION($Revision: 1.583 $) 20AC_CONFIG_SRCDIR([ssh.c]) 21AC_LANG([C]) 22 23AC_CONFIG_HEADER([config.h]) 24AC_PROG_CC 25AC_CANONICAL_HOST 26AC_C_BIGENDIAN 27 28# Checks for programs. 29AC_PROG_AWK 30AC_PROG_CPP 31AC_PROG_RANLIB 32AC_PROG_INSTALL 33AC_PROG_EGREP 34AC_CHECK_TOOLS([AR], [ar]) 35AC_PATH_PROG([CAT], [cat]) 36AC_PATH_PROG([KILL], [kill]) 37AC_PATH_PROGS([PERL], [perl5 perl]) 38AC_PATH_PROG([SED], [sed]) 39AC_SUBST([PERL]) 40AC_PATH_PROG([ENT], [ent]) 41AC_SUBST([ENT]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 44AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 45AC_PATH_PROG([SH], [sh]) 46AC_PATH_PROG([GROFF], [groff]) 47AC_PATH_PROG([NROFF], [nroff]) 48AC_PATH_PROG([MANDOC], [mandoc]) 49AC_SUBST([TEST_SHELL], [sh]) 50 51dnl select manpage formatter 52if test "x$MANDOC" != "x" ; then 53 MANFMT="$MANDOC" 54elif test "x$NROFF" != "x" ; then 55 MANFMT="$NROFF -mandoc" 56elif test "x$GROFF" != "x" ; then 57 MANFMT="$GROFF -mandoc -Tascii" 58else 59 AC_MSG_WARN([no manpage formatted found]) 60 MANFMT="false" 61fi 62AC_SUBST([MANFMT]) 63 64dnl for buildpkg.sh 65AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 66 [/usr/sbin${PATH_SEPARATOR}/etc]) 67AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 68 [/usr/sbin${PATH_SEPARATOR}/etc]) 69AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 70if test -x /sbin/sh; then 71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 72else 73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 74fi 75 76# System features 77AC_SYS_LARGEFILE 78 79if test -z "$AR" ; then 80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 81fi 82 83# Use LOGIN_PROGRAM from environment if possible 84if test ! -z "$LOGIN_PROGRAM" ; then 85 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], 86 [If your header files don't define LOGIN_PROGRAM, 87 then use this (detected) from environment and PATH]) 88else 89 # Search for login 90 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) 91 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 92 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) 93 fi 94fi 95 96AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 97if test ! -z "$PATH_PASSWD_PROG" ; then 98 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 99 [Full path of your "passwd" program]) 100fi 101 102if test -z "$LD" ; then 103 LD=$CC 104fi 105AC_SUBST([LD]) 106 107AC_C_INLINE 108 109AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 110AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 111 #include <sys/types.h> 112 #include <sys/param.h> 113 #include <dev/systrace.h> 114]) 115AC_CHECK_DECL([RLIMIT_NPROC], 116 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 117 #include <sys/types.h> 118 #include <sys/resource.h> 119]) 120AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 121 #include <sys/types.h> 122 #include <linux/prctl.h> 123]) 124 125openssl=yes 126ssh1=yes 127AC_ARG_WITH([openssl], 128 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 129 [ if test "x$withval" = "xno" ; then 130 openssl=no 131 ssh1=no 132 fi 133 ] 134) 135AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 136if test "x$openssl" = "xyes" ; then 137 AC_MSG_RESULT([yes]) 138 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 139else 140 AC_MSG_RESULT([no]) 141fi 142 143AC_ARG_WITH([ssh1], 144 [ --without-ssh1 Enable support for SSH protocol 1], 145 [ 146 if test "x$withval" = "xyes" ; then 147 if test "x$openssl" = "xno" ; then 148 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) 149 fi 150 ssh1=yes 151 elif test "x$withval" = "xno" ; then 152 ssh1=no 153 else 154 AC_MSG_ERROR([unknown --with-ssh1 argument]) 155 fi 156 ] 157) 158AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) 159if test "x$ssh1" = "xyes" ; then 160 AC_MSG_RESULT([yes]) 161 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) 162else 163 AC_MSG_RESULT([no]) 164fi 165 166use_stack_protector=1 167use_toolchain_hardening=1 168AC_ARG_WITH([stackprotect], 169 [ --without-stackprotect Don't use compiler's stack protection], [ 170 if test "x$withval" = "xno"; then 171 use_stack_protector=0 172 fi ]) 173AC_ARG_WITH([hardening], 174 [ --without-hardening Don't use toolchain hardening flags], [ 175 if test "x$withval" = "xno"; then 176 use_toolchain_hardening=0 177 fi ]) 178 179# We use -Werror for the tests only so that we catch warnings like "this is 180# on by default" for things like -fPIE. 181AC_MSG_CHECKING([if $CC supports -Werror]) 182saved_CFLAGS="$CFLAGS" 183CFLAGS="$CFLAGS -Werror" 184AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 185 [ AC_MSG_RESULT([yes]) 186 WERROR="-Werror"], 187 [ AC_MSG_RESULT([no]) 188 WERROR="" ] 189) 190CFLAGS="$saved_CFLAGS" 191 192if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 193 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 195 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 196 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 197 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 198 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 199 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 200 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 201 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 202 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 203 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 204 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 205 if test "x$use_toolchain_hardening" = "x1"; then 206 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 207 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 208 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 209 # NB. -ftrapv expects certain support functions to be present in 210 # the compiler library (libgcc or similar) to detect integer operations 211 # that can overflow. We must check that the result of enabling it 212 # actually links. The test program compiled/linked includes a number 213 # of integer operations that should exercise this. 214 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 215 fi 216 AC_MSG_CHECKING([gcc version]) 217 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 218 case $GCC_VER in 219 1.*) no_attrib_nonnull=1 ;; 220 2.8* | 2.9*) 221 no_attrib_nonnull=1 222 ;; 223 2.*) no_attrib_nonnull=1 ;; 224 *) ;; 225 esac 226 AC_MSG_RESULT([$GCC_VER]) 227 228 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 229 saved_CFLAGS="$CFLAGS" 230 CFLAGS="$CFLAGS -fno-builtin-memset" 231 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 232 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 233 [ AC_MSG_RESULT([yes]) ], 234 [ AC_MSG_RESULT([no]) 235 CFLAGS="$saved_CFLAGS" ] 236 ) 237 238 # -fstack-protector-all doesn't always work for some GCC versions 239 # and/or platforms, so we test if we can. If it's not supported 240 # on a given platform gcc will emit a warning so we use -Werror. 241 if test "x$use_stack_protector" = "x1"; then 242 for t in -fstack-protector-strong -fstack-protector-all \ 243 -fstack-protector; do 244 AC_MSG_CHECKING([if $CC supports $t]) 245 saved_CFLAGS="$CFLAGS" 246 saved_LDFLAGS="$LDFLAGS" 247 CFLAGS="$CFLAGS $t -Werror" 248 LDFLAGS="$LDFLAGS $t -Werror" 249 AC_LINK_IFELSE( 250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 251 [[ 252 char x[256]; 253 snprintf(x, sizeof(x), "XXX"); 254 ]])], 255 [ AC_MSG_RESULT([yes]) 256 CFLAGS="$saved_CFLAGS $t" 257 LDFLAGS="$saved_LDFLAGS $t" 258 AC_MSG_CHECKING([if $t works]) 259 AC_RUN_IFELSE( 260 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 261 [[ 262 char x[256]; 263 snprintf(x, sizeof(x), "XXX"); 264 ]])], 265 [ AC_MSG_RESULT([yes]) 266 break ], 267 [ AC_MSG_RESULT([no]) ], 268 [ AC_MSG_WARN([cross compiling: cannot test]) 269 break ] 270 ) 271 ], 272 [ AC_MSG_RESULT([no]) ] 273 ) 274 CFLAGS="$saved_CFLAGS" 275 LDFLAGS="$saved_LDFLAGS" 276 done 277 fi 278 279 if test -z "$have_llong_max"; then 280 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 281 unset ac_cv_have_decl_LLONG_MAX 282 saved_CFLAGS="$CFLAGS" 283 CFLAGS="$CFLAGS -std=gnu99" 284 AC_CHECK_DECL([LLONG_MAX], 285 [have_llong_max=1], 286 [CFLAGS="$saved_CFLAGS"], 287 [#include <limits.h>] 288 ) 289 fi 290fi 291 292AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 293AC_COMPILE_IFELSE( 294 [AC_LANG_PROGRAM([[ 295#include <stdlib.h> 296__attribute__((__unused__)) static void foo(void){return;}]], 297 [[ exit(0); ]])], 298 [ AC_MSG_RESULT([yes]) ], 299 [ AC_MSG_RESULT([no]) 300 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 301 [compiler does not accept __attribute__ on return types]) ] 302) 303 304if test "x$no_attrib_nonnull" != "x1" ; then 305 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 306fi 307 308AC_ARG_WITH([rpath], 309 [ --without-rpath Disable auto-added -R linker paths], 310 [ 311 if test "x$withval" = "xno" ; then 312 need_dash_r="" 313 fi 314 if test "x$withval" = "xyes" ; then 315 need_dash_r=1 316 fi 317 ] 318) 319 320# Allow user to specify flags 321AC_ARG_WITH([cflags], 322 [ --with-cflags Specify additional flags to pass to compiler], 323 [ 324 if test -n "$withval" && test "x$withval" != "xno" && \ 325 test "x${withval}" != "xyes"; then 326 CFLAGS="$CFLAGS $withval" 327 fi 328 ] 329) 330AC_ARG_WITH([cppflags], 331 [ --with-cppflags Specify additional flags to pass to preprocessor] , 332 [ 333 if test -n "$withval" && test "x$withval" != "xno" && \ 334 test "x${withval}" != "xyes"; then 335 CPPFLAGS="$CPPFLAGS $withval" 336 fi 337 ] 338) 339AC_ARG_WITH([ldflags], 340 [ --with-ldflags Specify additional flags to pass to linker], 341 [ 342 if test -n "$withval" && test "x$withval" != "xno" && \ 343 test "x${withval}" != "xyes"; then 344 LDFLAGS="$LDFLAGS $withval" 345 fi 346 ] 347) 348AC_ARG_WITH([libs], 349 [ --with-libs Specify additional libraries to link with], 350 [ 351 if test -n "$withval" && test "x$withval" != "xno" && \ 352 test "x${withval}" != "xyes"; then 353 LIBS="$LIBS $withval" 354 fi 355 ] 356) 357AC_ARG_WITH([Werror], 358 [ --with-Werror Build main code with -Werror], 359 [ 360 if test -n "$withval" && test "x$withval" != "xno"; then 361 werror_flags="-Werror" 362 if test "x${withval}" != "xyes"; then 363 werror_flags="$withval" 364 fi 365 fi 366 ] 367) 368 369AC_CHECK_HEADERS([ \ 370 blf.h \ 371 bstring.h \ 372 crypt.h \ 373 crypto/sha2.h \ 374 dirent.h \ 375 endian.h \ 376 elf.h \ 377 features.h \ 378 fcntl.h \ 379 floatingpoint.h \ 380 getopt.h \ 381 glob.h \ 382 ia.h \ 383 iaf.h \ 384 inttypes.h \ 385 limits.h \ 386 locale.h \ 387 login.h \ 388 maillock.h \ 389 ndir.h \ 390 net/if_tun.h \ 391 netdb.h \ 392 netgroup.h \ 393 pam/pam_appl.h \ 394 paths.h \ 395 poll.h \ 396 pty.h \ 397 readpassphrase.h \ 398 rpc/types.h \ 399 security/pam_appl.h \ 400 sha2.h \ 401 shadow.h \ 402 stddef.h \ 403 stdint.h \ 404 string.h \ 405 strings.h \ 406 sys/audit.h \ 407 sys/bitypes.h \ 408 sys/bsdtty.h \ 409 sys/cdefs.h \ 410 sys/dir.h \ 411 sys/mman.h \ 412 sys/ndir.h \ 413 sys/poll.h \ 414 sys/prctl.h \ 415 sys/pstat.h \ 416 sys/select.h \ 417 sys/stat.h \ 418 sys/stream.h \ 419 sys/stropts.h \ 420 sys/strtio.h \ 421 sys/statvfs.h \ 422 sys/sysmacros.h \ 423 sys/time.h \ 424 sys/timers.h \ 425 time.h \ 426 tmpdir.h \ 427 ttyent.h \ 428 ucred.h \ 429 unistd.h \ 430 usersec.h \ 431 util.h \ 432 utime.h \ 433 utmp.h \ 434 utmpx.h \ 435 vis.h \ 436]) 437 438# sys/capsicum.h requires sys/types.h 439AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 440#ifdef HAVE_SYS_TYPES_H 441# include <sys/types.h> 442#endif 443]) 444 445# lastlog.h requires sys/time.h to be included first on Solaris 446AC_CHECK_HEADERS([lastlog.h], [], [], [ 447#ifdef HAVE_SYS_TIME_H 448# include <sys/time.h> 449#endif 450]) 451 452# sys/ptms.h requires sys/stream.h to be included first on Solaris 453AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 454#ifdef HAVE_SYS_STREAM_H 455# include <sys/stream.h> 456#endif 457]) 458 459# login_cap.h requires sys/types.h on NetBSD 460AC_CHECK_HEADERS([login_cap.h], [], [], [ 461#include <sys/types.h> 462]) 463 464# older BSDs need sys/param.h before sys/mount.h 465AC_CHECK_HEADERS([sys/mount.h], [], [], [ 466#include <sys/param.h> 467]) 468 469# Android requires sys/socket.h to be included before sys/un.h 470AC_CHECK_HEADERS([sys/un.h], [], [], [ 471#include <sys/types.h> 472#include <sys/socket.h> 473]) 474 475# Messages for features tested for in target-specific section 476SIA_MSG="no" 477SPC_MSG="no" 478SP_MSG="no" 479 480# Check for some target-specific stuff 481case "$host" in 482*-*-aix*) 483 # Some versions of VAC won't allow macro redefinitions at 484 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 485 # particularly with older versions of vac or xlc. 486 # It also throws errors about null macro argments, but these are 487 # not fatal. 488 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 489 AC_COMPILE_IFELSE( 490 [AC_LANG_PROGRAM([[ 491#define testmacro foo 492#define testmacro bar]], 493 [[ exit(0); ]])], 494 [ AC_MSG_RESULT([yes]) ], 495 [ AC_MSG_RESULT([no]) 496 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 497 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 498 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 499 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 500 ] 501 ) 502 503 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 504 if (test -z "$blibpath"); then 505 blibpath="/usr/lib:/lib" 506 fi 507 saved_LDFLAGS="$LDFLAGS" 508 if test "$GCC" = "yes"; then 509 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 510 else 511 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 512 fi 513 for tryflags in $flags ;do 514 if (test -z "$blibflags"); then 515 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 516 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 517 [blibflags=$tryflags], []) 518 fi 519 done 520 if (test -z "$blibflags"); then 521 AC_MSG_RESULT([not found]) 522 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 523 else 524 AC_MSG_RESULT([$blibflags]) 525 fi 526 LDFLAGS="$saved_LDFLAGS" 527 dnl Check for authenticate. Might be in libs.a on older AIXes 528 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 529 [Define if you want to enable AIX4's authenticate function])], 530 [AC_CHECK_LIB([s], [authenticate], 531 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 532 LIBS="$LIBS -ls" 533 ]) 534 ]) 535 dnl Check for various auth function declarations in headers. 536 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 537 passwdexpired, setauthdb], , , [#include <usersec.h>]) 538 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 539 AC_CHECK_DECLS([loginfailed], 540 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 541 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 542 [[ (void)loginfailed("user","host","tty",0); ]])], 543 [AC_MSG_RESULT([yes]) 544 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 545 [Define if your AIX loginfailed() function 546 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 547 ])], 548 [], 549 [#include <usersec.h>] 550 ) 551 AC_CHECK_FUNCS([getgrset setauthdb]) 552 AC_CHECK_DECL([F_CLOSEM], 553 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 554 [], 555 [ #include <limits.h> 556 #include <fcntl.h> ] 557 ) 558 check_for_aix_broken_getaddrinfo=1 559 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 560 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 561 [Define if your platform breaks doing a seteuid before a setuid]) 562 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 563 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 564 dnl AIX handles lastlog as part of its login message 565 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 566 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 567 [Some systems need a utmpx entry for /bin/login to work]) 568 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 569 [Define to a Set Process Title type if your system is 570 supported by bsd-setproctitle.c]) 571 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 572 [AIX 5.2 and 5.3 (and presumably newer) require this]) 573 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 574 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 575 ;; 576*-*-android*) 577 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 578 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 579 ;; 580*-*-cygwin*) 581 check_for_libcrypt_later=1 582 LIBS="$LIBS /usr/lib/textreadmode.o" 583 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 584 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 585 AC_DEFINE([DISABLE_SHADOW], [1], 586 [Define if you want to disable shadow passwords]) 587 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 588 [Define if X11 doesn't support AF_UNIX sockets on that system]) 589 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], 590 [Define if the concept of ports only accessible to 591 superusers isn't known]) 592 AC_DEFINE([DISABLE_FD_PASSING], [1], 593 [Define if your platform needs to skip post auth 594 file descriptor passing]) 595 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 596 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 597 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 598 # reasons which cause compile warnings, so we disable those warnings. 599 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 600 ;; 601*-*-dgux*) 602 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 603 [Define if your system choked on IP TOS setting]) 604 AC_DEFINE([SETEUID_BREAKS_SETUID]) 605 AC_DEFINE([BROKEN_SETREUID]) 606 AC_DEFINE([BROKEN_SETREGID]) 607 ;; 608*-*-darwin*) 609 use_pie=auto 610 AC_MSG_CHECKING([if we have working getaddrinfo]) 611 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 612main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 613 exit(0); 614 else 615 exit(1); 616} 617 ]])], 618 [AC_MSG_RESULT([working])], 619 [AC_MSG_RESULT([buggy]) 620 AC_DEFINE([BROKEN_GETADDRINFO], [1], 621 [getaddrinfo is broken (if present)]) 622 ], 623 [AC_MSG_RESULT([assume it is working])]) 624 AC_DEFINE([SETEUID_BREAKS_SETUID]) 625 AC_DEFINE([BROKEN_SETREUID]) 626 AC_DEFINE([BROKEN_SETREGID]) 627 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 628 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 629 [Define if your resolver libs need this for getrrsetbyname]) 630 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 631 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 632 [Use tunnel device compatibility to OpenBSD]) 633 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 634 [Prepend the address family to IP tunnel traffic]) 635 m4_pattern_allow([AU_IPv]) 636 AC_CHECK_DECL([AU_IPv4], [], 637 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 638 [#include <bsm/audit.h>] 639 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 640 [Define if pututxline updates lastlog too]) 641 ) 642 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 643 [Define to a Set Process Title type if your system is 644 supported by bsd-setproctitle.c]) 645 AC_CHECK_FUNCS([sandbox_init]) 646 AC_CHECK_HEADERS([sandbox.h]) 647 ;; 648*-*-dragonfly*) 649 SSHDLIBS="$SSHDLIBS -lcrypt" 650 TEST_MALLOC_OPTIONS="AFGJPRX" 651 ;; 652*-*-haiku*) 653 LIBS="$LIBS -lbsd " 654 AC_CHECK_LIB([network], [socket]) 655 AC_DEFINE([HAVE_U_INT64_T]) 656 MANTYPE=man 657 ;; 658*-*-hpux*) 659 # first we define all of the options common to all HP-UX releases 660 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 661 IPADDR_IN_DISPLAY=yes 662 AC_DEFINE([USE_PIPES]) 663 AC_DEFINE([LOGIN_NO_ENDOPT], [1], 664 [Define if your login program cannot handle end of options ("--")]) 665 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 666 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 667 [String used in /etc/passwd to denote locked account]) 668 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 669 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 670 maildir="/var/mail" 671 LIBS="$LIBS -lsec" 672 AC_CHECK_LIB([xnet], [t_error], , 673 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 674 675 # next, we define all of the options specific to major releases 676 case "$host" in 677 *-*-hpux10*) 678 if test -z "$GCC"; then 679 CFLAGS="$CFLAGS -Ae" 680 fi 681 ;; 682 *-*-hpux11*) 683 AC_DEFINE([PAM_SUN_CODEBASE], [1], 684 [Define if you are using Solaris-derived PAM which 685 passes pam_messages to the conversation function 686 with an extra level of indirection]) 687 AC_DEFINE([DISABLE_UTMP], [1], 688 [Define if you don't want to use utmp]) 689 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 690 check_for_hpux_broken_getaddrinfo=1 691 check_for_conflicting_getspnam=1 692 ;; 693 esac 694 695 # lastly, we define options specific to minor releases 696 case "$host" in 697 *-*-hpux10.26) 698 AC_DEFINE([HAVE_SECUREWARE], [1], 699 [Define if you have SecureWare-based 700 protected password database]) 701 disable_ptmx_check=yes 702 LIBS="$LIBS -lsecpw" 703 ;; 704 esac 705 ;; 706*-*-irix5*) 707 PATH="$PATH:/usr/etc" 708 AC_DEFINE([BROKEN_INET_NTOA], [1], 709 [Define if you system's inet_ntoa is busted 710 (e.g. Irix gcc issue)]) 711 AC_DEFINE([SETEUID_BREAKS_SETUID]) 712 AC_DEFINE([BROKEN_SETREUID]) 713 AC_DEFINE([BROKEN_SETREGID]) 714 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 715 [Define if you shouldn't strip 'tty' from your 716 ttyname in [uw]tmp]) 717 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 718 ;; 719*-*-irix6*) 720 PATH="$PATH:/usr/etc" 721 AC_DEFINE([WITH_IRIX_ARRAY], [1], 722 [Define if you have/want arrays 723 (cluster-wide session managment, not C arrays)]) 724 AC_DEFINE([WITH_IRIX_PROJECT], [1], 725 [Define if you want IRIX project management]) 726 AC_DEFINE([WITH_IRIX_AUDIT], [1], 727 [Define if you want IRIX audit trails]) 728 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 729 [Define if you want IRIX kernel jobs])]) 730 AC_DEFINE([BROKEN_INET_NTOA]) 731 AC_DEFINE([SETEUID_BREAKS_SETUID]) 732 AC_DEFINE([BROKEN_SETREUID]) 733 AC_DEFINE([BROKEN_SETREGID]) 734 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 735 AC_DEFINE([WITH_ABBREV_NO_TTY]) 736 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 737 ;; 738*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 739 check_for_libcrypt_later=1 740 AC_DEFINE([PAM_TTY_KLUDGE]) 741 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 742 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 743 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 744 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 745 ;; 746*-*-linux*) 747 no_dev_ptmx=1 748 use_pie=auto 749 check_for_libcrypt_later=1 750 check_for_openpty_ctty_bug=1 751 AC_DEFINE([PAM_TTY_KLUDGE], [1], 752 [Work around problematic Linux PAM modules handling of PAM_TTY]) 753 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 754 [String used in /etc/passwd to denote locked account]) 755 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 756 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 757 [Define to whatever link() returns for "not supported" 758 if it doesn't return EOPNOTSUPP.]) 759 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 760 AC_DEFINE([USE_BTMP]) 761 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 762 inet6_default_4in6=yes 763 case `uname -r` in 764 1.*|2.0.*) 765 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 766 [Define if cmsg_type is not passed correctly]) 767 ;; 768 esac 769 # tun(4) forwarding compat code 770 AC_CHECK_HEADERS([linux/if_tun.h]) 771 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 772 AC_DEFINE([SSH_TUN_LINUX], [1], 773 [Open tunnel devices the Linux tun/tap way]) 774 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 775 [Use tunnel device compatibility to OpenBSD]) 776 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 777 [Prepend the address family to IP tunnel traffic]) 778 fi 779 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 780 [], [#include <linux/types.h>]) 781 AC_CHECK_FUNCS([prctl]) 782 AC_MSG_CHECKING([for seccomp architecture]) 783 seccomp_audit_arch= 784 case "$host" in 785 x86_64-*) 786 seccomp_audit_arch=AUDIT_ARCH_X86_64 787 ;; 788 i*86-*) 789 seccomp_audit_arch=AUDIT_ARCH_I386 790 ;; 791 arm*-*) 792 seccomp_audit_arch=AUDIT_ARCH_ARM 793 ;; 794 aarch64*-*) 795 seccomp_audit_arch=AUDIT_ARCH_AARCH64 796 ;; 797 esac 798 if test "x$seccomp_audit_arch" != "x" ; then 799 AC_MSG_RESULT(["$seccomp_audit_arch"]) 800 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 801 [Specify the system call convention in use]) 802 else 803 AC_MSG_RESULT([architecture not supported]) 804 fi 805 ;; 806mips-sony-bsd|mips-sony-newsos4) 807 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 808 SONY=1 809 ;; 810*-*-netbsd*) 811 check_for_libcrypt_before=1 812 if test "x$withval" != "xno" ; then 813 need_dash_r=1 814 fi 815 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 816 AC_CHECK_HEADER([net/if_tap.h], , 817 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 818 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 819 [Prepend the address family to IP tunnel traffic]) 820 TEST_MALLOC_OPTIONS="AJRX" 821 AC_DEFINE([BROKEN_STRNVIS], [1], 822 [NetBSD strnvis argument order is swapped compared to OpenBSD]) 823 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 824 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 825 ;; 826*-*-freebsd*) 827 check_for_libcrypt_later=1 828 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 829 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 830 AC_CHECK_HEADER([net/if_tap.h], , 831 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 832 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 833 AC_DEFINE([BROKEN_STRNVIS], [1], 834 [FreeBSD strnvis argument order is swapped compared to OpenBSD]) 835 TEST_MALLOC_OPTIONS="AJRX" 836 # Preauth crypto occasionally uses file descriptors for crypto offload 837 # and will crash if they cannot be opened. 838 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 839 [define if setrlimit RLIMIT_NOFILE breaks things]) 840 ;; 841*-*-bsdi*) 842 AC_DEFINE([SETEUID_BREAKS_SETUID]) 843 AC_DEFINE([BROKEN_SETREUID]) 844 AC_DEFINE([BROKEN_SETREGID]) 845 ;; 846*-next-*) 847 conf_lastlog_location="/usr/adm/lastlog" 848 conf_utmp_location=/etc/utmp 849 conf_wtmp_location=/usr/adm/wtmp 850 maildir=/usr/spool/mail 851 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 852 AC_DEFINE([BROKEN_REALPATH]) 853 AC_DEFINE([USE_PIPES]) 854 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 855 ;; 856*-*-openbsd*) 857 use_pie=auto 858 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 859 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 860 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 861 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 862 [syslog_r function is safe to use in in a signal handler]) 863 TEST_MALLOC_OPTIONS="AFGJPRX" 864 ;; 865*-*-solaris*) 866 if test "x$withval" != "xno" ; then 867 need_dash_r=1 868 fi 869 AC_DEFINE([PAM_SUN_CODEBASE]) 870 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 871 AC_DEFINE([LOGIN_NEEDS_TERM], [1], 872 [Some versions of /bin/login need the TERM supplied 873 on the commandline]) 874 AC_DEFINE([PAM_TTY_KLUDGE]) 875 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 876 [Define if pam_chauthtok wants real uid set 877 to the unpriv'ed user]) 878 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 879 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 880 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 881 [Define if sshd somehow reacquires a controlling TTY 882 after setsid()]) 883 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 884 in case the name is longer than 8 chars]) 885 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 886 external_path_file=/etc/default/login 887 # hardwire lastlog location (can't detect it on some versions) 888 conf_lastlog_location="/var/adm/lastlog" 889 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 890 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 891 if test "$sol2ver" -ge 8; then 892 AC_MSG_RESULT([yes]) 893 AC_DEFINE([DISABLE_UTMP]) 894 AC_DEFINE([DISABLE_WTMP], [1], 895 [Define if you don't want to use wtmp]) 896 else 897 AC_MSG_RESULT([no]) 898 fi 899 AC_ARG_WITH([solaris-contracts], 900 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 901 [ 902 AC_CHECK_LIB([contract], [ct_tmpl_activate], 903 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 904 [Define if you have Solaris process contracts]) 905 SSHDLIBS="$SSHDLIBS -lcontract" 906 SPC_MSG="yes" ], ) 907 ], 908 ) 909 AC_ARG_WITH([solaris-projects], 910 [ --with-solaris-projects Enable Solaris projects (experimental)], 911 [ 912 AC_CHECK_LIB([project], [setproject], 913 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 914 [Define if you have Solaris projects]) 915 SSHDLIBS="$SSHDLIBS -lproject" 916 SP_MSG="yes" ], ) 917 ], 918 ) 919 TEST_SHELL=$SHELL # let configure find us a capable shell 920 ;; 921*-*-sunos4*) 922 CPPFLAGS="$CPPFLAGS -DSUNOS4" 923 AC_CHECK_FUNCS([getpwanam]) 924 AC_DEFINE([PAM_SUN_CODEBASE]) 925 conf_utmp_location=/etc/utmp 926 conf_wtmp_location=/var/adm/wtmp 927 conf_lastlog_location=/var/adm/lastlog 928 AC_DEFINE([USE_PIPES]) 929 ;; 930*-ncr-sysv*) 931 LIBS="$LIBS -lc89" 932 AC_DEFINE([USE_PIPES]) 933 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 934 AC_DEFINE([SETEUID_BREAKS_SETUID]) 935 AC_DEFINE([BROKEN_SETREUID]) 936 AC_DEFINE([BROKEN_SETREGID]) 937 ;; 938*-sni-sysv*) 939 # /usr/ucblib MUST NOT be searched on ReliantUNIX 940 AC_CHECK_LIB([dl], [dlsym], ,) 941 # -lresolv needs to be at the end of LIBS or DNS lookups break 942 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 943 IPADDR_IN_DISPLAY=yes 944 AC_DEFINE([USE_PIPES]) 945 AC_DEFINE([IP_TOS_IS_BROKEN]) 946 AC_DEFINE([SETEUID_BREAKS_SETUID]) 947 AC_DEFINE([BROKEN_SETREUID]) 948 AC_DEFINE([BROKEN_SETREGID]) 949 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 950 external_path_file=/etc/default/login 951 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 952 # Attention: always take care to bind libsocket and libnsl before libc, 953 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 954 ;; 955# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 956*-*-sysv4.2*) 957 AC_DEFINE([USE_PIPES]) 958 AC_DEFINE([SETEUID_BREAKS_SETUID]) 959 AC_DEFINE([BROKEN_SETREUID]) 960 AC_DEFINE([BROKEN_SETREGID]) 961 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 962 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 963 TEST_SHELL=$SHELL # let configure find us a capable shell 964 ;; 965# UnixWare 7.x, OpenUNIX 8 966*-*-sysv5*) 967 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 968 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 969 AC_DEFINE([USE_PIPES]) 970 AC_DEFINE([SETEUID_BREAKS_SETUID]) 971 AC_DEFINE([BROKEN_GETADDRINFO]) 972 AC_DEFINE([BROKEN_SETREUID]) 973 AC_DEFINE([BROKEN_SETREGID]) 974 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 975 TEST_SHELL=$SHELL # let configure find us a capable shell 976 case "$host" in 977 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 978 maildir=/var/spool/mail 979 AC_DEFINE([BROKEN_LIBIAF], [1], 980 [ia_uinfo routines not supported by OS yet]) 981 AC_DEFINE([BROKEN_UPDWTMPX]) 982 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 983 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 984 AC_DEFINE([HAVE_SECUREWARE]) 985 AC_DEFINE([DISABLE_SHADOW]) 986 ], , ) 987 ;; 988 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 989 check_for_libcrypt_later=1 990 ;; 991 esac 992 ;; 993*-*-sysv*) 994 ;; 995# SCO UNIX and OEM versions of SCO UNIX 996*-*-sco3.2v4*) 997 AC_MSG_ERROR("This Platform is no longer supported.") 998 ;; 999# SCO OpenServer 5.x 1000*-*-sco3.2v5*) 1001 if test -z "$GCC"; then 1002 CFLAGS="$CFLAGS -belf" 1003 fi 1004 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1005 no_dev_ptmx=1 1006 AC_DEFINE([USE_PIPES]) 1007 AC_DEFINE([HAVE_SECUREWARE]) 1008 AC_DEFINE([DISABLE_SHADOW]) 1009 AC_DEFINE([DISABLE_FD_PASSING]) 1010 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1011 AC_DEFINE([BROKEN_GETADDRINFO]) 1012 AC_DEFINE([BROKEN_SETREUID]) 1013 AC_DEFINE([BROKEN_SETREGID]) 1014 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1015 AC_DEFINE([BROKEN_UPDWTMPX]) 1016 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1017 AC_CHECK_FUNCS([getluid setluid]) 1018 MANTYPE=man 1019 TEST_SHELL=$SHELL # let configure find us a capable shell 1020 SKIP_DISABLE_LASTLOG_DEFINE=yes 1021 ;; 1022*-*-unicosmk*) 1023 AC_DEFINE([NO_SSH_LASTLOG], [1], 1024 [Define if you don't want to use lastlog in session.c]) 1025 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1026 AC_DEFINE([BROKEN_SETREUID]) 1027 AC_DEFINE([BROKEN_SETREGID]) 1028 AC_DEFINE([USE_PIPES]) 1029 AC_DEFINE([DISABLE_FD_PASSING]) 1030 LDFLAGS="$LDFLAGS" 1031 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1032 MANTYPE=cat 1033 ;; 1034*-*-unicosmp*) 1035 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1036 AC_DEFINE([BROKEN_SETREUID]) 1037 AC_DEFINE([BROKEN_SETREGID]) 1038 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1039 AC_DEFINE([USE_PIPES]) 1040 AC_DEFINE([DISABLE_FD_PASSING]) 1041 LDFLAGS="$LDFLAGS" 1042 LIBS="$LIBS -lgen -lacid -ldb" 1043 MANTYPE=cat 1044 ;; 1045*-*-unicos*) 1046 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1047 AC_DEFINE([BROKEN_SETREUID]) 1048 AC_DEFINE([BROKEN_SETREGID]) 1049 AC_DEFINE([USE_PIPES]) 1050 AC_DEFINE([DISABLE_FD_PASSING]) 1051 AC_DEFINE([NO_SSH_LASTLOG]) 1052 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1053 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1054 MANTYPE=cat 1055 ;; 1056*-dec-osf*) 1057 AC_MSG_CHECKING([for Digital Unix SIA]) 1058 no_osfsia="" 1059 AC_ARG_WITH([osfsia], 1060 [ --with-osfsia Enable Digital Unix SIA], 1061 [ 1062 if test "x$withval" = "xno" ; then 1063 AC_MSG_RESULT([disabled]) 1064 no_osfsia=1 1065 fi 1066 ], 1067 ) 1068 if test -z "$no_osfsia" ; then 1069 if test -f /etc/sia/matrix.conf; then 1070 AC_MSG_RESULT([yes]) 1071 AC_DEFINE([HAVE_OSF_SIA], [1], 1072 [Define if you have Digital Unix Security 1073 Integration Architecture]) 1074 AC_DEFINE([DISABLE_LOGIN], [1], 1075 [Define if you don't want to use your 1076 system's login() call]) 1077 AC_DEFINE([DISABLE_FD_PASSING]) 1078 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1079 SIA_MSG="yes" 1080 else 1081 AC_MSG_RESULT([no]) 1082 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1083 [String used in /etc/passwd to denote locked account]) 1084 fi 1085 fi 1086 AC_DEFINE([BROKEN_GETADDRINFO]) 1087 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1088 AC_DEFINE([BROKEN_SETREUID]) 1089 AC_DEFINE([BROKEN_SETREGID]) 1090 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1091 ;; 1092 1093*-*-nto-qnx*) 1094 AC_DEFINE([USE_PIPES]) 1095 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1096 AC_DEFINE([DISABLE_LASTLOG]) 1097 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1098 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1099 enable_etc_default_login=no # has incompatible /etc/default/login 1100 case "$host" in 1101 *-*-nto-qnx6*) 1102 AC_DEFINE([DISABLE_FD_PASSING]) 1103 ;; 1104 esac 1105 ;; 1106 1107*-*-ultrix*) 1108 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1109 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) 1110 AC_DEFINE([NEED_SETPGRP]) 1111 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1112 ;; 1113 1114*-*-lynxos) 1115 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1116 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) 1117 ;; 1118esac 1119 1120AC_MSG_CHECKING([compiler and flags for sanity]) 1121AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1122 [ AC_MSG_RESULT([yes]) ], 1123 [ 1124 AC_MSG_RESULT([no]) 1125 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1126 ], 1127 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1128) 1129 1130dnl Checks for header files. 1131# Checks for libraries. 1132AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) 1133AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1134 1135dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1136AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1137 AC_CHECK_LIB([gen], [dirname], [ 1138 AC_CACHE_CHECK([for broken dirname], 1139 ac_cv_have_broken_dirname, [ 1140 save_LIBS="$LIBS" 1141 LIBS="$LIBS -lgen" 1142 AC_RUN_IFELSE( 1143 [AC_LANG_SOURCE([[ 1144#include <libgen.h> 1145#include <string.h> 1146 1147int main(int argc, char **argv) { 1148 char *s, buf[32]; 1149 1150 strncpy(buf,"/etc", 32); 1151 s = dirname(buf); 1152 if (!s || strncmp(s, "/", 32) != 0) { 1153 exit(1); 1154 } else { 1155 exit(0); 1156 } 1157} 1158 ]])], 1159 [ ac_cv_have_broken_dirname="no" ], 1160 [ ac_cv_have_broken_dirname="yes" ], 1161 [ ac_cv_have_broken_dirname="no" ], 1162 ) 1163 LIBS="$save_LIBS" 1164 ]) 1165 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1166 LIBS="$LIBS -lgen" 1167 AC_DEFINE([HAVE_DIRNAME]) 1168 AC_CHECK_HEADERS([libgen.h]) 1169 fi 1170 ]) 1171]) 1172 1173AC_CHECK_FUNC([getspnam], , 1174 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1175AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1176 [Define if you have the basename function.])]) 1177 1178dnl zlib is required 1179AC_ARG_WITH([zlib], 1180 [ --with-zlib=PATH Use zlib in PATH], 1181 [ if test "x$withval" = "xno" ; then 1182 AC_MSG_ERROR([*** zlib is required ***]) 1183 elif test "x$withval" != "xyes"; then 1184 if test -d "$withval/lib"; then 1185 if test -n "${need_dash_r}"; then 1186 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1187 else 1188 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1189 fi 1190 else 1191 if test -n "${need_dash_r}"; then 1192 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1193 else 1194 LDFLAGS="-L${withval} ${LDFLAGS}" 1195 fi 1196 fi 1197 if test -d "$withval/include"; then 1198 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1199 else 1200 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1201 fi 1202 fi ] 1203) 1204 1205AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1206AC_CHECK_LIB([z], [deflate], , 1207 [ 1208 saved_CPPFLAGS="$CPPFLAGS" 1209 saved_LDFLAGS="$LDFLAGS" 1210 save_LIBS="$LIBS" 1211 dnl Check default zlib install dir 1212 if test -n "${need_dash_r}"; then 1213 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1214 else 1215 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1216 fi 1217 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1218 LIBS="$LIBS -lz" 1219 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1220 [ 1221 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1222 ] 1223 ) 1224 ] 1225) 1226 1227AC_ARG_WITH([zlib-version-check], 1228 [ --without-zlib-version-check Disable zlib version check], 1229 [ if test "x$withval" = "xno" ; then 1230 zlib_check_nonfatal=1 1231 fi 1232 ] 1233) 1234 1235AC_MSG_CHECKING([for possibly buggy zlib]) 1236AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1237#include <stdio.h> 1238#include <stdlib.h> 1239#include <zlib.h> 1240 ]], 1241 [[ 1242 int a=0, b=0, c=0, d=0, n, v; 1243 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1244 if (n != 3 && n != 4) 1245 exit(1); 1246 v = a*1000000 + b*10000 + c*100 + d; 1247 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1248 1249 /* 1.1.4 is OK */ 1250 if (a == 1 && b == 1 && c >= 4) 1251 exit(0); 1252 1253 /* 1.2.3 and up are OK */ 1254 if (v >= 1020300) 1255 exit(0); 1256 1257 exit(2); 1258 ]])], 1259 AC_MSG_RESULT([no]), 1260 [ AC_MSG_RESULT([yes]) 1261 if test -z "$zlib_check_nonfatal" ; then 1262 AC_MSG_ERROR([*** zlib too old - check config.log *** 1263Your reported zlib version has known security problems. It's possible your 1264vendor has fixed these problems without changing the version number. If you 1265are sure this is the case, you can disable the check by running 1266"./configure --without-zlib-version-check". 1267If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1268See http://www.gzip.org/zlib/ for details.]) 1269 else 1270 AC_MSG_WARN([zlib version may have security problems]) 1271 fi 1272 ], 1273 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1274) 1275 1276dnl UnixWare 2.x 1277AC_CHECK_FUNC([strcasecmp], 1278 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1279) 1280AC_CHECK_FUNCS([utimes], 1281 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1282 LIBS="$LIBS -lc89"]) ] 1283) 1284 1285dnl Checks for libutil functions 1286AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1287AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1288AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1289AC_SEARCH_LIBS([login], [util bsd]) 1290AC_SEARCH_LIBS([logout], [util bsd]) 1291AC_SEARCH_LIBS([logwtmp], [util bsd]) 1292AC_SEARCH_LIBS([openpty], [util bsd]) 1293AC_SEARCH_LIBS([updwtmp], [util bsd]) 1294AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1295 1296# On some platforms, inet_ntop may be found in libresolv or libnsl. 1297AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1298 1299AC_FUNC_STRFTIME 1300 1301# Check for ALTDIRFUNC glob() extension 1302AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1303AC_EGREP_CPP([FOUNDIT], 1304 [ 1305 #include <glob.h> 1306 #ifdef GLOB_ALTDIRFUNC 1307 FOUNDIT 1308 #endif 1309 ], 1310 [ 1311 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1312 [Define if your system glob() function has 1313 the GLOB_ALTDIRFUNC extension]) 1314 AC_MSG_RESULT([yes]) 1315 ], 1316 [ 1317 AC_MSG_RESULT([no]) 1318 ] 1319) 1320 1321# Check for g.gl_matchc glob() extension 1322AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1323AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1324 [[ glob_t g; g.gl_matchc = 1; ]])], 1325 [ 1326 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1327 [Define if your system glob() function has 1328 gl_matchc options in glob_t]) 1329 AC_MSG_RESULT([yes]) 1330 ], [ 1331 AC_MSG_RESULT([no]) 1332]) 1333 1334# Check for g.gl_statv glob() extension 1335AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1336AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1337#ifndef GLOB_KEEPSTAT 1338#error "glob does not support GLOB_KEEPSTAT extension" 1339#endif 1340glob_t g; 1341g.gl_statv = NULL; 1342]])], 1343 [ 1344 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1345 [Define if your system glob() function has 1346 gl_statv options in glob_t]) 1347 AC_MSG_RESULT([yes]) 1348 ], [ 1349 AC_MSG_RESULT([no]) 1350 1351]) 1352 1353AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1354 1355AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1356AC_RUN_IFELSE( 1357 [AC_LANG_PROGRAM([[ 1358#include <sys/types.h> 1359#include <dirent.h>]], 1360 [[ 1361 struct dirent d; 1362 exit(sizeof(d.d_name)<=sizeof(char)); 1363 ]])], 1364 [AC_MSG_RESULT([yes])], 1365 [ 1366 AC_MSG_RESULT([no]) 1367 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1368 [Define if your struct dirent expects you to 1369 allocate extra space for d_name]) 1370 ], 1371 [ 1372 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1373 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1374 ] 1375) 1376 1377AC_MSG_CHECKING([for /proc/pid/fd directory]) 1378if test -d "/proc/$$/fd" ; then 1379 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1380 AC_MSG_RESULT([yes]) 1381else 1382 AC_MSG_RESULT([no]) 1383fi 1384 1385# Check whether user wants S/Key support 1386SKEY_MSG="no" 1387AC_ARG_WITH([skey], 1388 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1389 [ 1390 if test "x$withval" != "xno" ; then 1391 1392 if test "x$withval" != "xyes" ; then 1393 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1394 LDFLAGS="$LDFLAGS -L${withval}/lib" 1395 fi 1396 1397 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1398 LIBS="-lskey $LIBS" 1399 SKEY_MSG="yes" 1400 1401 AC_MSG_CHECKING([for s/key support]) 1402 AC_LINK_IFELSE( 1403 [AC_LANG_PROGRAM([[ 1404#include <stdio.h> 1405#include <skey.h> 1406 ]], [[ 1407 char *ff = skey_keyinfo(""); ff=""; 1408 exit(0); 1409 ]])], 1410 [AC_MSG_RESULT([yes])], 1411 [ 1412 AC_MSG_RESULT([no]) 1413 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1414 ]) 1415 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1416 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1417#include <stdio.h> 1418#include <skey.h> 1419 ]], [[ 1420 (void)skeychallenge(NULL,"name","",0); 1421 ]])], 1422 [ 1423 AC_MSG_RESULT([yes]) 1424 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1425 [Define if your skeychallenge() 1426 function takes 4 arguments (NetBSD)])], 1427 [ 1428 AC_MSG_RESULT([no]) 1429 ]) 1430 fi 1431 ] 1432) 1433 1434# Check whether user wants TCP wrappers support 1435TCPW_MSG="no" 1436AC_ARG_WITH([tcp-wrappers], 1437 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1438 [ 1439 if test "x$withval" != "xno" ; then 1440 saved_LIBS="$LIBS" 1441 saved_LDFLAGS="$LDFLAGS" 1442 saved_CPPFLAGS="$CPPFLAGS" 1443 if test -n "${withval}" && \ 1444 test "x${withval}" != "xyes"; then 1445 if test -d "${withval}/lib"; then 1446 if test -n "${need_dash_r}"; then 1447 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1448 else 1449 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1450 fi 1451 else 1452 if test -n "${need_dash_r}"; then 1453 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1454 else 1455 LDFLAGS="-L${withval} ${LDFLAGS}" 1456 fi 1457 fi 1458 if test -d "${withval}/include"; then 1459 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1460 else 1461 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1462 fi 1463 fi 1464 LIBS="-lwrap $LIBS" 1465 AC_MSG_CHECKING([for libwrap]) 1466 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1467#include <sys/types.h> 1468#include <sys/socket.h> 1469#include <netinet/in.h> 1470#include <tcpd.h> 1471int deny_severity = 0, allow_severity = 0; 1472 ]], [[ 1473 hosts_access(0); 1474 ]])], [ 1475 AC_MSG_RESULT([yes]) 1476 AC_DEFINE([LIBWRAP], [1], 1477 [Define if you want 1478 TCP Wrappers support]) 1479 SSHDLIBS="$SSHDLIBS -lwrap" 1480 TCPW_MSG="yes" 1481 ], [ 1482 AC_MSG_ERROR([*** libwrap missing]) 1483 1484 ]) 1485 LIBS="$saved_LIBS" 1486 fi 1487 ] 1488) 1489 1490# Check whether user wants to use ldns 1491LDNS_MSG="no" 1492AC_ARG_WITH(ldns, 1493 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1494 [ 1495 if test "x$withval" != "xno" ; then 1496 1497 if test "x$withval" != "xyes" ; then 1498 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1499 LDFLAGS="$LDFLAGS -L${withval}/lib" 1500 fi 1501 1502 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1503 LIBS="-lldns $LIBS" 1504 LDNS_MSG="yes" 1505 1506 AC_MSG_CHECKING([for ldns support]) 1507 AC_LINK_IFELSE( 1508 [AC_LANG_SOURCE([[ 1509#include <stdio.h> 1510#include <stdlib.h> 1511#include <stdint.h> 1512#include <ldns/ldns.h> 1513int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1514 ]]) 1515 ], 1516 [AC_MSG_RESULT(yes)], 1517 [ 1518 AC_MSG_RESULT(no) 1519 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1520 ]) 1521 fi 1522 ] 1523) 1524 1525# Check whether user wants libedit support 1526LIBEDIT_MSG="no" 1527AC_ARG_WITH([libedit], 1528 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1529 [ if test "x$withval" != "xno" ; then 1530 if test "x$withval" = "xyes" ; then 1531 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1532 if test "x$PKGCONFIG" != "xno"; then 1533 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1534 if "$PKGCONFIG" libedit; then 1535 AC_MSG_RESULT([yes]) 1536 use_pkgconfig_for_libedit=yes 1537 else 1538 AC_MSG_RESULT([no]) 1539 fi 1540 fi 1541 else 1542 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1543 if test -n "${need_dash_r}"; then 1544 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1545 else 1546 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1547 fi 1548 fi 1549 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1550 LIBEDIT=`$PKGCONFIG --libs libedit` 1551 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1552 else 1553 LIBEDIT="-ledit -lcurses" 1554 fi 1555 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1556 AC_CHECK_LIB([edit], [el_init], 1557 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1558 LIBEDIT_MSG="yes" 1559 AC_SUBST([LIBEDIT]) 1560 ], 1561 [ AC_MSG_ERROR([libedit not found]) ], 1562 [ $OTHERLIBS ] 1563 ) 1564 AC_MSG_CHECKING([if libedit version is compatible]) 1565 AC_COMPILE_IFELSE( 1566 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1567 [[ 1568 int i = H_SETSIZE; 1569 el_init("", NULL, NULL, NULL); 1570 exit(0); 1571 ]])], 1572 [ AC_MSG_RESULT([yes]) ], 1573 [ AC_MSG_RESULT([no]) 1574 AC_MSG_ERROR([libedit version is not compatible]) ] 1575 ) 1576 fi ] 1577) 1578 1579AUDIT_MODULE=none 1580AC_ARG_WITH([audit], 1581 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1582 [ 1583 AC_MSG_CHECKING([for supported audit module]) 1584 case "$withval" in 1585 bsm) 1586 AC_MSG_RESULT([bsm]) 1587 AUDIT_MODULE=bsm 1588 dnl Checks for headers, libs and functions 1589 AC_CHECK_HEADERS([bsm/audit.h], [], 1590 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1591 [ 1592#ifdef HAVE_TIME_H 1593# include <time.h> 1594#endif 1595 ] 1596) 1597 AC_CHECK_LIB([bsm], [getaudit], [], 1598 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1599 AC_CHECK_FUNCS([getaudit], [], 1600 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1601 # These are optional 1602 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1603 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1604 if test "$sol2ver" -ge 11; then 1605 SSHDLIBS="$SSHDLIBS -lscf" 1606 AC_DEFINE([BROKEN_BSM_API], [1], 1607 [The system has incomplete BSM API]) 1608 fi 1609 ;; 1610 linux) 1611 AC_MSG_RESULT([linux]) 1612 AUDIT_MODULE=linux 1613 dnl Checks for headers, libs and functions 1614 AC_CHECK_HEADERS([libaudit.h]) 1615 SSHDLIBS="$SSHDLIBS -laudit" 1616 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1617 ;; 1618 debug) 1619 AUDIT_MODULE=debug 1620 AC_MSG_RESULT([debug]) 1621 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1622 ;; 1623 no) 1624 AC_MSG_RESULT([no]) 1625 ;; 1626 *) 1627 AC_MSG_ERROR([Unknown audit module $withval]) 1628 ;; 1629 esac ] 1630) 1631 1632AC_ARG_WITH([pie], 1633 [ --with-pie Build Position Independent Executables if possible], [ 1634 if test "x$withval" = "xno"; then 1635 use_pie=no 1636 fi 1637 if test "x$withval" = "xyes"; then 1638 use_pie=yes 1639 fi 1640 ] 1641) 1642if test "x$use_pie" = "x"; then 1643 use_pie=no 1644fi 1645if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1646 # Turn off automatic PIE when toolchain hardening is off. 1647 use_pie=no 1648fi 1649if test "x$use_pie" = "xauto"; then 1650 # Automatic PIE requires gcc >= 4.x 1651 AC_MSG_CHECKING([for gcc >= 4.x]) 1652 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1653#if !defined(__GNUC__) || __GNUC__ < 4 1654#error gcc is too old 1655#endif 1656]])], 1657 [ AC_MSG_RESULT([yes]) ], 1658 [ AC_MSG_RESULT([no]) 1659 use_pie=no ] 1660) 1661fi 1662if test "x$use_pie" != "xno"; then 1663 SAVED_CFLAGS="$CFLAGS" 1664 SAVED_LDFLAGS="$LDFLAGS" 1665 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1666 OSSH_CHECK_LDFLAG_LINK([-pie]) 1667 # We use both -fPIE and -pie or neither. 1668 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1669 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1670 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1671 AC_MSG_RESULT([yes]) 1672 else 1673 AC_MSG_RESULT([no]) 1674 CFLAGS="$SAVED_CFLAGS" 1675 LDFLAGS="$SAVED_LDFLAGS" 1676 fi 1677fi 1678 1679dnl Checks for library functions. Please keep in alphabetical order 1680AC_CHECK_FUNCS([ \ 1681 Blowfish_initstate \ 1682 Blowfish_expandstate \ 1683 Blowfish_expand0state \ 1684 Blowfish_stream2word \ 1685 asprintf \ 1686 b64_ntop \ 1687 __b64_ntop \ 1688 b64_pton \ 1689 __b64_pton \ 1690 bcopy \ 1691 bcrypt_pbkdf \ 1692 bindresvport_sa \ 1693 blf_enc \ 1694 cap_rights_limit \ 1695 clock \ 1696 closefrom \ 1697 dirfd \ 1698 endgrent \ 1699 explicit_bzero \ 1700 fchmod \ 1701 fchown \ 1702 freeaddrinfo \ 1703 fstatfs \ 1704 fstatvfs \ 1705 futimes \ 1706 getaddrinfo \ 1707 getcwd \ 1708 getgrouplist \ 1709 getnameinfo \ 1710 getopt \ 1711 getpeereid \ 1712 getpeerucred \ 1713 getpgid \ 1714 getpgrp \ 1715 _getpty \ 1716 getrlimit \ 1717 getttyent \ 1718 glob \ 1719 group_from_gid \ 1720 inet_aton \ 1721 inet_ntoa \ 1722 inet_ntop \ 1723 innetgr \ 1724 login_getcapbool \ 1725 mblen \ 1726 md5_crypt \ 1727 memmove \ 1728 memset_s \ 1729 mkdtemp \ 1730 mmap \ 1731 ngetaddrinfo \ 1732 nsleep \ 1733 ogetaddrinfo \ 1734 openlog_r \ 1735 poll \ 1736 prctl \ 1737 pstat \ 1738 readpassphrase \ 1739 reallocarray \ 1740 recvmsg \ 1741 rresvport_af \ 1742 sendmsg \ 1743 setdtablesize \ 1744 setegid \ 1745 setenv \ 1746 seteuid \ 1747 setgroupent \ 1748 setgroups \ 1749 setlinebuf \ 1750 setlogin \ 1751 setpassent\ 1752 setpcred \ 1753 setproctitle \ 1754 setregid \ 1755 setreuid \ 1756 setrlimit \ 1757 setsid \ 1758 setvbuf \ 1759 sigaction \ 1760 sigvec \ 1761 snprintf \ 1762 socketpair \ 1763 statfs \ 1764 statvfs \ 1765 strdup \ 1766 strerror \ 1767 strlcat \ 1768 strlcpy \ 1769 strmode \ 1770 strnlen \ 1771 strnvis \ 1772 strptime \ 1773 strtonum \ 1774 strtoll \ 1775 strtoul \ 1776 strtoull \ 1777 swap32 \ 1778 sysconf \ 1779 tcgetpgrp \ 1780 timingsafe_bcmp \ 1781 truncate \ 1782 unsetenv \ 1783 updwtmpx \ 1784 user_from_uid \ 1785 usleep \ 1786 vasprintf \ 1787 vsnprintf \ 1788 waitpid \ 1789]) 1790 1791AC_LINK_IFELSE( 1792 [AC_LANG_PROGRAM( 1793 [[ #include <ctype.h> ]], 1794 [[ return (isblank('a')); ]])], 1795 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1796]) 1797 1798# PKCS11 depends on OpenSSL. 1799if test "x$openssl" = "xyes" ; then 1800 # PKCS#11 support requires dlopen() and co 1801 AC_SEARCH_LIBS([dlopen], [dl], 1802 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1803 ) 1804fi 1805 1806# IRIX has a const char return value for gai_strerror() 1807AC_CHECK_FUNCS([gai_strerror], [ 1808 AC_DEFINE([HAVE_GAI_STRERROR]) 1809 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1810#include <sys/types.h> 1811#include <sys/socket.h> 1812#include <netdb.h> 1813 1814const char *gai_strerror(int); 1815 ]], [[ 1816 char *str; 1817 str = gai_strerror(0); 1818 ]])], [ 1819 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1820 [Define if gai_strerror() returns const char *])], [])]) 1821 1822AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1823 [Some systems put nanosleep outside of libc])]) 1824 1825AC_SEARCH_LIBS([clock_gettime], [rt], 1826 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1827 1828dnl Make sure prototypes are defined for these before using them. 1829AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1830AC_CHECK_DECL([strsep], 1831 [AC_CHECK_FUNCS([strsep])], 1832 [], 1833 [ 1834#ifdef HAVE_STRING_H 1835# include <string.h> 1836#endif 1837 ]) 1838 1839dnl tcsendbreak might be a macro 1840AC_CHECK_DECL([tcsendbreak], 1841 [AC_DEFINE([HAVE_TCSENDBREAK])], 1842 [AC_CHECK_FUNCS([tcsendbreak])], 1843 [#include <termios.h>] 1844) 1845 1846AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1847 1848AC_CHECK_DECLS([SHUT_RD], , , 1849 [ 1850#include <sys/types.h> 1851#include <sys/socket.h> 1852 ]) 1853 1854AC_CHECK_DECLS([O_NONBLOCK], , , 1855 [ 1856#include <sys/types.h> 1857#ifdef HAVE_SYS_STAT_H 1858# include <sys/stat.h> 1859#endif 1860#ifdef HAVE_FCNTL_H 1861# include <fcntl.h> 1862#endif 1863 ]) 1864 1865AC_CHECK_DECLS([writev], , , [ 1866#include <sys/types.h> 1867#include <sys/uio.h> 1868#include <unistd.h> 1869 ]) 1870 1871AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1872#include <sys/param.h> 1873 ]) 1874 1875AC_CHECK_DECLS([offsetof], , , [ 1876#include <stddef.h> 1877 ]) 1878 1879# extra bits for select(2) 1880AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1881#include <sys/param.h> 1882#include <sys/types.h> 1883#ifdef HAVE_SYS_SYSMACROS_H 1884#include <sys/sysmacros.h> 1885#endif 1886#ifdef HAVE_SYS_SELECT_H 1887#include <sys/select.h> 1888#endif 1889#ifdef HAVE_SYS_TIME_H 1890#include <sys/time.h> 1891#endif 1892#ifdef HAVE_UNISTD_H 1893#include <unistd.h> 1894#endif 1895 ]]) 1896AC_CHECK_TYPES([fd_mask], [], [], [[ 1897#include <sys/param.h> 1898#include <sys/types.h> 1899#ifdef HAVE_SYS_SELECT_H 1900#include <sys/select.h> 1901#endif 1902#ifdef HAVE_SYS_TIME_H 1903#include <sys/time.h> 1904#endif 1905#ifdef HAVE_UNISTD_H 1906#include <unistd.h> 1907#endif 1908 ]]) 1909 1910AC_CHECK_FUNCS([setresuid], [ 1911 dnl Some platorms have setresuid that isn't implemented, test for this 1912 AC_MSG_CHECKING([if setresuid seems to work]) 1913 AC_RUN_IFELSE( 1914 [AC_LANG_PROGRAM([[ 1915#include <stdlib.h> 1916#include <errno.h> 1917 ]], [[ 1918 errno=0; 1919 setresuid(0,0,0); 1920 if (errno==ENOSYS) 1921 exit(1); 1922 else 1923 exit(0); 1924 ]])], 1925 [AC_MSG_RESULT([yes])], 1926 [AC_DEFINE([BROKEN_SETRESUID], [1], 1927 [Define if your setresuid() is broken]) 1928 AC_MSG_RESULT([not implemented])], 1929 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1930 ) 1931]) 1932 1933AC_CHECK_FUNCS([setresgid], [ 1934 dnl Some platorms have setresgid that isn't implemented, test for this 1935 AC_MSG_CHECKING([if setresgid seems to work]) 1936 AC_RUN_IFELSE( 1937 [AC_LANG_PROGRAM([[ 1938#include <stdlib.h> 1939#include <errno.h> 1940 ]], [[ 1941 errno=0; 1942 setresgid(0,0,0); 1943 if (errno==ENOSYS) 1944 exit(1); 1945 else 1946 exit(0); 1947 ]])], 1948 [AC_MSG_RESULT([yes])], 1949 [AC_DEFINE([BROKEN_SETRESGID], [1], 1950 [Define if your setresgid() is broken]) 1951 AC_MSG_RESULT([not implemented])], 1952 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1953 ) 1954]) 1955 1956AC_CHECK_FUNCS([realpath], [ 1957 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 1958 dnl path name", however some implementations of realpath (and some 1959 dnl versions of the POSIX spec) do not work on non-existent files, 1960 dnl so we use the OpenBSD implementation on those platforms. 1961 AC_MSG_CHECKING([if realpath works with non-existent files]) 1962 AC_RUN_IFELSE( 1963 [AC_LANG_PROGRAM([[ 1964#include <limits.h> 1965#include <stdlib.h> 1966#include <errno.h> 1967 ]], [[ 1968 char buf[PATH_MAX]; 1969 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 1970 if (errno == ENOENT) 1971 exit(1); 1972 exit(0); 1973 ]])], 1974 [AC_MSG_RESULT([yes])], 1975 [AC_DEFINE([BROKEN_REALPATH], [1], 1976 [realpath does not work with nonexistent files]) 1977 AC_MSG_RESULT([no])], 1978 [AC_MSG_WARN([cross compiling: assuming working])] 1979 ) 1980]) 1981 1982dnl Checks for time functions 1983AC_CHECK_FUNCS([gettimeofday time]) 1984dnl Checks for utmp functions 1985AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 1986AC_CHECK_FUNCS([utmpname]) 1987dnl Checks for utmpx functions 1988AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 1989AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 1990dnl Checks for lastlog functions 1991AC_CHECK_FUNCS([getlastlogxbyname]) 1992 1993AC_CHECK_FUNC([daemon], 1994 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 1995 [AC_CHECK_LIB([bsd], [daemon], 1996 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 1997) 1998 1999AC_CHECK_FUNC([getpagesize], 2000 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2001 [Define if your libraries define getpagesize()])], 2002 [AC_CHECK_LIB([ucb], [getpagesize], 2003 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2004) 2005 2006# Check for broken snprintf 2007if test "x$ac_cv_func_snprintf" = "xyes" ; then 2008 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2009 AC_RUN_IFELSE( 2010 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2011 [[ 2012 char b[5]; 2013 snprintf(b,5,"123456789"); 2014 exit(b[4]!='\0'); 2015 ]])], 2016 [AC_MSG_RESULT([yes])], 2017 [ 2018 AC_MSG_RESULT([no]) 2019 AC_DEFINE([BROKEN_SNPRINTF], [1], 2020 [Define if your snprintf is busted]) 2021 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2022 ], 2023 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2024 ) 2025fi 2026 2027# We depend on vsnprintf returning the right thing on overflow: the 2028# number of characters it tried to create (as per SUSv3) 2029if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2030 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2031 AC_RUN_IFELSE( 2032 [AC_LANG_PROGRAM([[ 2033#include <sys/types.h> 2034#include <stdio.h> 2035#include <stdarg.h> 2036 2037int x_snprintf(char *str, size_t count, const char *fmt, ...) 2038{ 2039 size_t ret; 2040 va_list ap; 2041 2042 va_start(ap, fmt); 2043 ret = vsnprintf(str, count, fmt, ap); 2044 va_end(ap); 2045 return ret; 2046} 2047 ]], [[ 2048char x[1]; 2049if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2050 return 1; 2051if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2052 return 1; 2053return 0; 2054 ]])], 2055 [AC_MSG_RESULT([yes])], 2056 [ 2057 AC_MSG_RESULT([no]) 2058 AC_DEFINE([BROKEN_SNPRINTF], [1], 2059 [Define if your snprintf is busted]) 2060 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2061 ], 2062 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2063 ) 2064fi 2065 2066# On systems where [v]snprintf is broken, but is declared in stdio, 2067# check that the fmt argument is const char * or just char *. 2068# This is only useful for when BROKEN_SNPRINTF 2069AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2070AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2071#include <stdio.h> 2072int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2073 ]], [[ 2074 snprintf(0, 0, 0); 2075 ]])], 2076 [AC_MSG_RESULT([yes]) 2077 AC_DEFINE([SNPRINTF_CONST], [const], 2078 [Define as const if snprintf() can declare const char *fmt])], 2079 [AC_MSG_RESULT([no]) 2080 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2081 2082# Check for missing getpeereid (or equiv) support 2083NO_PEERCHECK="" 2084if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2085 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2086 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2087#include <sys/types.h> 2088#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2089 [ AC_MSG_RESULT([yes]) 2090 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2091 ], [AC_MSG_RESULT([no]) 2092 NO_PEERCHECK=1 2093 ]) 2094fi 2095 2096dnl see whether mkstemp() requires XXXXXX 2097if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2098AC_MSG_CHECKING([for (overly) strict mkstemp]) 2099AC_RUN_IFELSE( 2100 [AC_LANG_PROGRAM([[ 2101#include <stdlib.h> 2102 ]], [[ 2103 char template[]="conftest.mkstemp-test"; 2104 if (mkstemp(template) == -1) 2105 exit(1); 2106 unlink(template); 2107 exit(0); 2108 ]])], 2109 [ 2110 AC_MSG_RESULT([no]) 2111 ], 2112 [ 2113 AC_MSG_RESULT([yes]) 2114 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2115 ], 2116 [ 2117 AC_MSG_RESULT([yes]) 2118 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2119 ] 2120) 2121fi 2122 2123dnl make sure that openpty does not reacquire controlling terminal 2124if test ! -z "$check_for_openpty_ctty_bug"; then 2125 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2126 AC_RUN_IFELSE( 2127 [AC_LANG_PROGRAM([[ 2128#include <stdio.h> 2129#include <sys/fcntl.h> 2130#include <sys/types.h> 2131#include <sys/wait.h> 2132 ]], [[ 2133 pid_t pid; 2134 int fd, ptyfd, ttyfd, status; 2135 2136 pid = fork(); 2137 if (pid < 0) { /* failed */ 2138 exit(1); 2139 } else if (pid > 0) { /* parent */ 2140 waitpid(pid, &status, 0); 2141 if (WIFEXITED(status)) 2142 exit(WEXITSTATUS(status)); 2143 else 2144 exit(2); 2145 } else { /* child */ 2146 close(0); close(1); close(2); 2147 setsid(); 2148 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2149 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2150 if (fd >= 0) 2151 exit(3); /* Acquired ctty: broken */ 2152 else 2153 exit(0); /* Did not acquire ctty: OK */ 2154 } 2155 ]])], 2156 [ 2157 AC_MSG_RESULT([yes]) 2158 ], 2159 [ 2160 AC_MSG_RESULT([no]) 2161 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2162 ], 2163 [ 2164 AC_MSG_RESULT([cross-compiling, assuming yes]) 2165 ] 2166 ) 2167fi 2168 2169if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2170 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2171 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2172 AC_RUN_IFELSE( 2173 [AC_LANG_PROGRAM([[ 2174#include <stdio.h> 2175#include <sys/socket.h> 2176#include <netdb.h> 2177#include <errno.h> 2178#include <netinet/in.h> 2179 2180#define TEST_PORT "2222" 2181 ]], [[ 2182 int err, sock; 2183 struct addrinfo *gai_ai, *ai, hints; 2184 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2185 2186 memset(&hints, 0, sizeof(hints)); 2187 hints.ai_family = PF_UNSPEC; 2188 hints.ai_socktype = SOCK_STREAM; 2189 hints.ai_flags = AI_PASSIVE; 2190 2191 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2192 if (err != 0) { 2193 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2194 exit(1); 2195 } 2196 2197 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2198 if (ai->ai_family != AF_INET6) 2199 continue; 2200 2201 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2202 sizeof(ntop), strport, sizeof(strport), 2203 NI_NUMERICHOST|NI_NUMERICSERV); 2204 2205 if (err != 0) { 2206 if (err == EAI_SYSTEM) 2207 perror("getnameinfo EAI_SYSTEM"); 2208 else 2209 fprintf(stderr, "getnameinfo failed: %s\n", 2210 gai_strerror(err)); 2211 exit(2); 2212 } 2213 2214 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2215 if (sock < 0) 2216 perror("socket"); 2217 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2218 if (errno == EBADF) 2219 exit(3); 2220 } 2221 } 2222 exit(0); 2223 ]])], 2224 [ 2225 AC_MSG_RESULT([yes]) 2226 ], 2227 [ 2228 AC_MSG_RESULT([no]) 2229 AC_DEFINE([BROKEN_GETADDRINFO]) 2230 ], 2231 [ 2232 AC_MSG_RESULT([cross-compiling, assuming yes]) 2233 ] 2234 ) 2235fi 2236 2237if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2238 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2239 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2240 AC_RUN_IFELSE( 2241 [AC_LANG_PROGRAM([[ 2242#include <stdio.h> 2243#include <sys/socket.h> 2244#include <netdb.h> 2245#include <errno.h> 2246#include <netinet/in.h> 2247 2248#define TEST_PORT "2222" 2249 ]], [[ 2250 int err, sock; 2251 struct addrinfo *gai_ai, *ai, hints; 2252 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2253 2254 memset(&hints, 0, sizeof(hints)); 2255 hints.ai_family = PF_UNSPEC; 2256 hints.ai_socktype = SOCK_STREAM; 2257 hints.ai_flags = AI_PASSIVE; 2258 2259 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2260 if (err != 0) { 2261 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2262 exit(1); 2263 } 2264 2265 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2266 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2267 continue; 2268 2269 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2270 sizeof(ntop), strport, sizeof(strport), 2271 NI_NUMERICHOST|NI_NUMERICSERV); 2272 2273 if (ai->ai_family == AF_INET && err != 0) { 2274 perror("getnameinfo"); 2275 exit(2); 2276 } 2277 } 2278 exit(0); 2279 ]])], 2280 [ 2281 AC_MSG_RESULT([yes]) 2282 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2283 [Define if you have a getaddrinfo that fails 2284 for the all-zeros IPv6 address]) 2285 ], 2286 [ 2287 AC_MSG_RESULT([no]) 2288 AC_DEFINE([BROKEN_GETADDRINFO]) 2289 ], 2290 [ 2291 AC_MSG_RESULT([cross-compiling, assuming no]) 2292 ] 2293 ) 2294fi 2295 2296if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2297 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2298 [#include <sys/types.h> 2299 #include <sys/socket.h> 2300 #include <netdb.h>]) 2301fi 2302 2303if test "x$check_for_conflicting_getspnam" = "x1"; then 2304 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2305 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2306 [[ exit(0); ]])], 2307 [ 2308 AC_MSG_RESULT([no]) 2309 ], 2310 [ 2311 AC_MSG_RESULT([yes]) 2312 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2313 [Conflicting defs for getspnam]) 2314 ] 2315 ) 2316fi 2317 2318AC_FUNC_GETPGRP 2319 2320# Search for OpenSSL 2321saved_CPPFLAGS="$CPPFLAGS" 2322saved_LDFLAGS="$LDFLAGS" 2323AC_ARG_WITH([ssl-dir], 2324 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2325 [ 2326 if test "x$openssl" = "xno" ; then 2327 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2328 fi 2329 if test "x$withval" != "xno" ; then 2330 case "$withval" in 2331 # Relative paths 2332 ./*|../*) withval="`pwd`/$withval" 2333 esac 2334 if test -d "$withval/lib"; then 2335 if test -n "${need_dash_r}"; then 2336 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2337 else 2338 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2339 fi 2340 elif test -d "$withval/lib64"; then 2341 if test -n "${need_dash_r}"; then 2342 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2343 else 2344 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2345 fi 2346 else 2347 if test -n "${need_dash_r}"; then 2348 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2349 else 2350 LDFLAGS="-L${withval} ${LDFLAGS}" 2351 fi 2352 fi 2353 if test -d "$withval/include"; then 2354 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2355 else 2356 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2357 fi 2358 fi 2359 ] 2360) 2361 2362AC_ARG_WITH([openssl-header-check], 2363 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2364 [ 2365 if test "x$withval" = "xno" ; then 2366 openssl_check_nonfatal=1 2367 fi 2368 ] 2369) 2370 2371openssl_engine=no 2372AC_ARG_WITH([ssl-engine], 2373 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2374 [ 2375 if test "x$openssl" = "xno" ; then 2376 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2377 fi 2378 if test "x$withval" != "xno" ; then 2379 openssl_engine=yes 2380 fi 2381 ] 2382) 2383 2384if test "x$openssl" = "xyes" ; then 2385 LIBS="-lcrypto $LIBS" 2386 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2387 [Define if your ssl headers are included 2388 with #include <openssl/header.h>])], 2389 [ 2390 dnl Check default openssl install dir 2391 if test -n "${need_dash_r}"; then 2392 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2393 else 2394 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2395 fi 2396 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2397 AC_CHECK_HEADER([openssl/opensslv.h], , 2398 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2399 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2400 [ 2401 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2402 ] 2403 ) 2404 ] 2405 ) 2406 2407 # Determine OpenSSL header version 2408 AC_MSG_CHECKING([OpenSSL header version]) 2409 AC_RUN_IFELSE( 2410 [AC_LANG_PROGRAM([[ 2411 #include <stdio.h> 2412 #include <string.h> 2413 #include <openssl/opensslv.h> 2414 #define DATA "conftest.sslincver" 2415 ]], [[ 2416 FILE *fd; 2417 int rc; 2418 2419 fd = fopen(DATA,"w"); 2420 if(fd == NULL) 2421 exit(1); 2422 2423 if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 2424 exit(1); 2425 2426 exit(0); 2427 ]])], 2428 [ 2429 ssl_header_ver=`cat conftest.sslincver` 2430 AC_MSG_RESULT([$ssl_header_ver]) 2431 ], 2432 [ 2433 AC_MSG_RESULT([not found]) 2434 AC_MSG_ERROR([OpenSSL version header not found.]) 2435 ], 2436 [ 2437 AC_MSG_WARN([cross compiling: not checking]) 2438 ] 2439 ) 2440 2441 # Determine OpenSSL library version 2442 AC_MSG_CHECKING([OpenSSL library version]) 2443 AC_RUN_IFELSE( 2444 [AC_LANG_PROGRAM([[ 2445 #include <stdio.h> 2446 #include <string.h> 2447 #include <openssl/opensslv.h> 2448 #include <openssl/crypto.h> 2449 #define DATA "conftest.ssllibver" 2450 ]], [[ 2451 FILE *fd; 2452 int rc; 2453 2454 fd = fopen(DATA,"w"); 2455 if(fd == NULL) 2456 exit(1); 2457 2458 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), 2459 SSLeay_version(SSLEAY_VERSION))) <0) 2460 exit(1); 2461 2462 exit(0); 2463 ]])], 2464 [ 2465 ssl_library_ver=`cat conftest.ssllibver` 2466 # Check version is supported. 2467 case "$ssl_library_ver" in 2468 0090[[0-7]]*|009080[[0-5]]*) 2469 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) 2470 ;; 2471 *) ;; 2472 esac 2473 AC_MSG_RESULT([$ssl_library_ver]) 2474 ], 2475 [ 2476 AC_MSG_RESULT([not found]) 2477 AC_MSG_ERROR([OpenSSL library not found.]) 2478 ], 2479 [ 2480 AC_MSG_WARN([cross compiling: not checking]) 2481 ] 2482 ) 2483 2484 # Sanity check OpenSSL headers 2485 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2486 AC_RUN_IFELSE( 2487 [AC_LANG_PROGRAM([[ 2488 #include <string.h> 2489 #include <openssl/opensslv.h> 2490 ]], [[ 2491 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2492 ]])], 2493 [ 2494 AC_MSG_RESULT([yes]) 2495 ], 2496 [ 2497 AC_MSG_RESULT([no]) 2498 if test "x$openssl_check_nonfatal" = "x"; then 2499 AC_MSG_ERROR([Your OpenSSL headers do not match your 2500 library. Check config.log for details. 2501 If you are sure your installation is consistent, you can disable the check 2502 by running "./configure --without-openssl-header-check". 2503 Also see contrib/findssl.sh for help identifying header/library mismatches. 2504 ]) 2505 else 2506 AC_MSG_WARN([Your OpenSSL headers do not match your 2507 library. Check config.log for details. 2508 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2509 fi 2510 ], 2511 [ 2512 AC_MSG_WARN([cross compiling: not checking]) 2513 ] 2514 ) 2515 2516 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2517 AC_LINK_IFELSE( 2518 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2519 [[ SSLeay_add_all_algorithms(); ]])], 2520 [ 2521 AC_MSG_RESULT([yes]) 2522 ], 2523 [ 2524 AC_MSG_RESULT([no]) 2525 saved_LIBS="$LIBS" 2526 LIBS="$LIBS -ldl" 2527 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2528 AC_LINK_IFELSE( 2529 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2530 [[ SSLeay_add_all_algorithms(); ]])], 2531 [ 2532 AC_MSG_RESULT([yes]) 2533 ], 2534 [ 2535 AC_MSG_RESULT([no]) 2536 LIBS="$saved_LIBS" 2537 ] 2538 ) 2539 ] 2540 ) 2541 2542 AC_CHECK_FUNCS([ \ 2543 BN_is_prime_ex \ 2544 DSA_generate_parameters_ex \ 2545 EVP_DigestInit_ex \ 2546 EVP_DigestFinal_ex \ 2547 EVP_MD_CTX_init \ 2548 EVP_MD_CTX_cleanup \ 2549 EVP_MD_CTX_copy_ex \ 2550 HMAC_CTX_init \ 2551 RSA_generate_key_ex \ 2552 RSA_get_default_method \ 2553 ]) 2554 2555 if test "x$openssl_engine" = "xyes" ; then 2556 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2557 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2558 #include <openssl/engine.h> 2559 ]], [[ 2560 ENGINE_load_builtin_engines(); 2561 ENGINE_register_all_complete(); 2562 ]])], 2563 [ AC_MSG_RESULT([yes]) 2564 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2565 [Enable OpenSSL engine support]) 2566 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2567 ]) 2568 fi 2569 2570 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2571 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2572 AC_LINK_IFELSE( 2573 [AC_LANG_PROGRAM([[ 2574 #include <string.h> 2575 #include <openssl/evp.h> 2576 ]], [[ 2577 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2578 ]])], 2579 [ 2580 AC_MSG_RESULT([no]) 2581 ], 2582 [ 2583 AC_MSG_RESULT([yes]) 2584 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2585 [libcrypto is missing AES 192 and 256 bit functions]) 2586 ] 2587 ) 2588 2589 # Check for OpenSSL with EVP_aes_*ctr 2590 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2591 AC_LINK_IFELSE( 2592 [AC_LANG_PROGRAM([[ 2593 #include <string.h> 2594 #include <openssl/evp.h> 2595 ]], [[ 2596 exit(EVP_aes_128_ctr() == NULL || 2597 EVP_aes_192_cbc() == NULL || 2598 EVP_aes_256_cbc() == NULL); 2599 ]])], 2600 [ 2601 AC_MSG_RESULT([yes]) 2602 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2603 [libcrypto has EVP AES CTR]) 2604 ], 2605 [ 2606 AC_MSG_RESULT([no]) 2607 ] 2608 ) 2609 2610 # Check for OpenSSL with EVP_aes_*gcm 2611 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2612 AC_LINK_IFELSE( 2613 [AC_LANG_PROGRAM([[ 2614 #include <string.h> 2615 #include <openssl/evp.h> 2616 ]], [[ 2617 exit(EVP_aes_128_gcm() == NULL || 2618 EVP_aes_256_gcm() == NULL || 2619 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2620 EVP_CTRL_GCM_IV_GEN == 0 || 2621 EVP_CTRL_GCM_SET_TAG == 0 || 2622 EVP_CTRL_GCM_GET_TAG == 0 || 2623 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2624 ]])], 2625 [ 2626 AC_MSG_RESULT([yes]) 2627 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2628 [libcrypto has EVP AES GCM]) 2629 ], 2630 [ 2631 AC_MSG_RESULT([no]) 2632 unsupported_algorithms="$unsupported_cipers \ 2633 aes128-gcm@openssh.com aes256-gcm@openssh.com" 2634 ] 2635 ) 2636 2637 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2638 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2639 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2640 2641 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2642 AC_LINK_IFELSE( 2643 [AC_LANG_PROGRAM([[ 2644 #include <string.h> 2645 #include <openssl/evp.h> 2646 ]], [[ 2647 if(EVP_DigestUpdate(NULL, NULL,0)) 2648 exit(0); 2649 ]])], 2650 [ 2651 AC_MSG_RESULT([yes]) 2652 ], 2653 [ 2654 AC_MSG_RESULT([no]) 2655 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2656 [Define if EVP_DigestUpdate returns void]) 2657 ] 2658 ) 2659 2660 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2661 # because the system crypt() is more featureful. 2662 if test "x$check_for_libcrypt_before" = "x1"; then 2663 AC_CHECK_LIB([crypt], [crypt]) 2664 fi 2665 2666 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2667 # version in OpenSSL. 2668 if test "x$check_for_libcrypt_later" = "x1"; then 2669 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2670 fi 2671 AC_CHECK_FUNCS([crypt DES_crypt]) 2672 2673 # Search for SHA256 support in libc and/or OpenSSL 2674 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2675 [unsupported_algorithms="$unsupported_algorithms \ 2676 hmac-sha2-256 hmac-sha2-512 \ 2677 diffie-hellman-group-exchange-sha256 \ 2678 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 2679 ] 2680 ) 2681 # Search for RIPE-MD support in OpenSSL 2682 AC_CHECK_FUNCS([EVP_ripemd160], , 2683 [unsupported_algorithms="$unsupported_algorithms \ 2684 hmac-ripemd160 2685 hmac-ripemd160@openssh.com 2686 hmac-ripemd160-etm@openssh.com" 2687 ] 2688 ) 2689 2690 # Check complete ECC support in OpenSSL 2691 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2692 AC_LINK_IFELSE( 2693 [AC_LANG_PROGRAM([[ 2694 #include <openssl/ec.h> 2695 #include <openssl/ecdh.h> 2696 #include <openssl/ecdsa.h> 2697 #include <openssl/evp.h> 2698 #include <openssl/objects.h> 2699 #include <openssl/opensslv.h> 2700 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2701 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2702 #endif 2703 ]], [[ 2704 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2705 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2706 ]])], 2707 [ AC_MSG_RESULT([yes]) 2708 enable_nistp256=1 ], 2709 [ AC_MSG_RESULT([no]) ] 2710 ) 2711 2712 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2713 AC_LINK_IFELSE( 2714 [AC_LANG_PROGRAM([[ 2715 #include <openssl/ec.h> 2716 #include <openssl/ecdh.h> 2717 #include <openssl/ecdsa.h> 2718 #include <openssl/evp.h> 2719 #include <openssl/objects.h> 2720 #include <openssl/opensslv.h> 2721 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2722 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2723 #endif 2724 ]], [[ 2725 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2726 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2727 ]])], 2728 [ AC_MSG_RESULT([yes]) 2729 enable_nistp384=1 ], 2730 [ AC_MSG_RESULT([no]) ] 2731 ) 2732 2733 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2734 AC_LINK_IFELSE( 2735 [AC_LANG_PROGRAM([[ 2736 #include <openssl/ec.h> 2737 #include <openssl/ecdh.h> 2738 #include <openssl/ecdsa.h> 2739 #include <openssl/evp.h> 2740 #include <openssl/objects.h> 2741 #include <openssl/opensslv.h> 2742 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2743 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2744 #endif 2745 ]], [[ 2746 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2747 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2748 ]])], 2749 [ AC_MSG_RESULT([yes]) 2750 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2751 AC_RUN_IFELSE( 2752 [AC_LANG_PROGRAM([[ 2753 #include <openssl/ec.h> 2754 #include <openssl/ecdh.h> 2755 #include <openssl/ecdsa.h> 2756 #include <openssl/evp.h> 2757 #include <openssl/objects.h> 2758 #include <openssl/opensslv.h> 2759 ]],[[ 2760 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2761 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2762 exit(e == NULL || m == NULL); 2763 ]])], 2764 [ AC_MSG_RESULT([yes]) 2765 enable_nistp521=1 ], 2766 [ AC_MSG_RESULT([no]) ], 2767 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2768 enable_nistp521=1 ] 2769 )], 2770 AC_MSG_RESULT([no]) 2771 ) 2772 2773 COMMENT_OUT_ECC="#no ecc#" 2774 TEST_SSH_ECC=no 2775 2776 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2777 test x$enable_nistp521 = x1; then 2778 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2779 fi 2780 if test x$enable_nistp256 = x1; then 2781 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2782 [libcrypto has NID_X9_62_prime256v1]) 2783 TEST_SSH_ECC=yes 2784 COMMENT_OUT_ECC="" 2785 else 2786 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ 2787 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2788 fi 2789 if test x$enable_nistp384 = x1; then 2790 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2791 TEST_SSH_ECC=yes 2792 COMMENT_OUT_ECC="" 2793 else 2794 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ 2795 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2796 fi 2797 if test x$enable_nistp521 = x1; then 2798 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2799 TEST_SSH_ECC=yes 2800 COMMENT_OUT_ECC="" 2801 else 2802 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ 2803 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2804 fi 2805 2806 AC_SUBST([TEST_SSH_ECC]) 2807 AC_SUBST([COMMENT_OUT_ECC]) 2808else 2809 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2810 AC_CHECK_FUNCS([crypt]) 2811fi 2812 2813AC_CHECK_FUNCS([ \ 2814 arc4random \ 2815 arc4random_buf \ 2816 arc4random_stir \ 2817 arc4random_uniform \ 2818]) 2819 2820saved_LIBS="$LIBS" 2821AC_CHECK_LIB([iaf], [ia_openinfo], [ 2822 LIBS="$LIBS -liaf" 2823 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2824 AC_DEFINE([HAVE_LIBIAF], [1], 2825 [Define if system has libiaf that supports set_id]) 2826 ]) 2827]) 2828LIBS="$saved_LIBS" 2829 2830### Configure cryptographic random number support 2831 2832# Check wheter OpenSSL seeds itself 2833if test "x$openssl" = "xyes" ; then 2834 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2835 AC_RUN_IFELSE( 2836 [AC_LANG_PROGRAM([[ 2837 #include <string.h> 2838 #include <openssl/rand.h> 2839 ]], [[ 2840 exit(RAND_status() == 1 ? 0 : 1); 2841 ]])], 2842 [ 2843 OPENSSL_SEEDS_ITSELF=yes 2844 AC_MSG_RESULT([yes]) 2845 ], 2846 [ 2847 AC_MSG_RESULT([no]) 2848 ], 2849 [ 2850 AC_MSG_WARN([cross compiling: assuming yes]) 2851 # This is safe, since we will fatal() at runtime if 2852 # OpenSSL is not seeded correctly. 2853 OPENSSL_SEEDS_ITSELF=yes 2854 ] 2855 ) 2856fi 2857 2858# PRNGD TCP socket 2859AC_ARG_WITH([prngd-port], 2860 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2861 [ 2862 case "$withval" in 2863 no) 2864 withval="" 2865 ;; 2866 [[0-9]]*) 2867 ;; 2868 *) 2869 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2870 ;; 2871 esac 2872 if test ! -z "$withval" ; then 2873 PRNGD_PORT="$withval" 2874 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2875 [Port number of PRNGD/EGD random number socket]) 2876 fi 2877 ] 2878) 2879 2880# PRNGD Unix domain socket 2881AC_ARG_WITH([prngd-socket], 2882 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2883 [ 2884 case "$withval" in 2885 yes) 2886 withval="/var/run/egd-pool" 2887 ;; 2888 no) 2889 withval="" 2890 ;; 2891 /*) 2892 ;; 2893 *) 2894 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2895 ;; 2896 esac 2897 2898 if test ! -z "$withval" ; then 2899 if test ! -z "$PRNGD_PORT" ; then 2900 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2901 fi 2902 if test ! -r "$withval" ; then 2903 AC_MSG_WARN([Entropy socket is not readable]) 2904 fi 2905 PRNGD_SOCKET="$withval" 2906 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2907 [Location of PRNGD/EGD random number socket]) 2908 fi 2909 ], 2910 [ 2911 # Check for existing socket only if we don't have a random device already 2912 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2913 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2914 # Insert other locations here 2915 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2916 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2917 PRNGD_SOCKET="$sock" 2918 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2919 break; 2920 fi 2921 done 2922 if test ! -z "$PRNGD_SOCKET" ; then 2923 AC_MSG_RESULT([$PRNGD_SOCKET]) 2924 else 2925 AC_MSG_RESULT([not found]) 2926 fi 2927 fi 2928 ] 2929) 2930 2931# Which randomness source do we use? 2932if test ! -z "$PRNGD_PORT" ; then 2933 RAND_MSG="PRNGd port $PRNGD_PORT" 2934elif test ! -z "$PRNGD_SOCKET" ; then 2935 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 2936elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 2937 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 2938 [Define if you want the OpenSSL internally seeded PRNG only]) 2939 RAND_MSG="OpenSSL internal ONLY" 2940elif test "x$openssl" = "xno" ; then 2941 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 2942else 2943 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 2944fi 2945 2946# Check for PAM libs 2947PAM_MSG="no" 2948AC_ARG_WITH([pam], 2949 [ --with-pam Enable PAM support ], 2950 [ 2951 if test "x$withval" != "xno" ; then 2952 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 2953 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 2954 AC_MSG_ERROR([PAM headers not found]) 2955 fi 2956 2957 saved_LIBS="$LIBS" 2958 AC_CHECK_LIB([dl], [dlopen], , ) 2959 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 2960 AC_CHECK_FUNCS([pam_getenvlist]) 2961 AC_CHECK_FUNCS([pam_putenv]) 2962 LIBS="$saved_LIBS" 2963 2964 PAM_MSG="yes" 2965 2966 SSHDLIBS="$SSHDLIBS -lpam" 2967 AC_DEFINE([USE_PAM], [1], 2968 [Define if you want to enable PAM support]) 2969 2970 if test $ac_cv_lib_dl_dlopen = yes; then 2971 case "$LIBS" in 2972 *-ldl*) 2973 # libdl already in LIBS 2974 ;; 2975 *) 2976 SSHDLIBS="$SSHDLIBS -ldl" 2977 ;; 2978 esac 2979 fi 2980 fi 2981 ] 2982) 2983 2984# Check for older PAM 2985if test "x$PAM_MSG" = "xyes" ; then 2986 # Check PAM strerror arguments (old PAM) 2987 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 2988 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2989#include <stdlib.h> 2990#if defined(HAVE_SECURITY_PAM_APPL_H) 2991#include <security/pam_appl.h> 2992#elif defined (HAVE_PAM_PAM_APPL_H) 2993#include <pam/pam_appl.h> 2994#endif 2995 ]], [[ 2996(void)pam_strerror((pam_handle_t *)NULL, -1); 2997 ]])], [AC_MSG_RESULT([no])], [ 2998 AC_DEFINE([HAVE_OLD_PAM], [1], 2999 [Define if you have an old version of PAM 3000 which takes only one argument to pam_strerror]) 3001 AC_MSG_RESULT([yes]) 3002 PAM_MSG="yes (old library)" 3003 3004 ]) 3005fi 3006 3007case "$host" in 3008*-*-cygwin*) 3009 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3010 ;; 3011*) 3012 SSH_PRIVSEP_USER=sshd 3013 ;; 3014esac 3015AC_ARG_WITH([privsep-user], 3016 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3017 [ 3018 if test -n "$withval" && test "x$withval" != "xno" && \ 3019 test "x${withval}" != "xyes"; then 3020 SSH_PRIVSEP_USER=$withval 3021 fi 3022 ] 3023) 3024if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3025 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3026 [Cygwin function to fetch non-privileged user for privilege separation]) 3027else 3028 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3029 [non-privileged user for privilege separation]) 3030fi 3031AC_SUBST([SSH_PRIVSEP_USER]) 3032 3033if test "x$have_linux_no_new_privs" = "x1" ; then 3034AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3035 #include <sys/types.h> 3036 #include <linux/seccomp.h> 3037]) 3038fi 3039if test "x$have_seccomp_filter" = "x1" ; then 3040AC_MSG_CHECKING([kernel for seccomp_filter support]) 3041AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3042 #include <errno.h> 3043 #include <elf.h> 3044 #include <linux/audit.h> 3045 #include <linux/seccomp.h> 3046 #include <stdlib.h> 3047 #include <sys/prctl.h> 3048 ]], 3049 [[ int i = $seccomp_audit_arch; 3050 errno = 0; 3051 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3052 exit(errno == EFAULT ? 0 : 1); ]])], 3053 [ AC_MSG_RESULT([yes]) ], [ 3054 AC_MSG_RESULT([no]) 3055 # Disable seccomp filter as a target 3056 have_seccomp_filter=0 3057 ] 3058) 3059fi 3060 3061# Decide which sandbox style to use 3062sandbox_arg="" 3063AC_ARG_WITH([sandbox], 3064 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], 3065 [ 3066 if test "x$withval" = "xyes" ; then 3067 sandbox_arg="" 3068 else 3069 sandbox_arg="$withval" 3070 fi 3071 ] 3072) 3073 3074# Some platforms (seems to be the ones that have a kernel poll(2)-type 3075# function with which they implement select(2)) use an extra file descriptor 3076# when calling select(2), which means we can't use the rlimit sandbox. 3077AC_MSG_CHECKING([if select works with descriptor rlimit]) 3078AC_RUN_IFELSE( 3079 [AC_LANG_PROGRAM([[ 3080#include <sys/types.h> 3081#ifdef HAVE_SYS_TIME_H 3082# include <sys/time.h> 3083#endif 3084#include <sys/resource.h> 3085#ifdef HAVE_SYS_SELECT_H 3086# include <sys/select.h> 3087#endif 3088#include <errno.h> 3089#include <fcntl.h> 3090#include <stdlib.h> 3091 ]],[[ 3092 struct rlimit rl_zero; 3093 int fd, r; 3094 fd_set fds; 3095 struct timeval tv; 3096 3097 fd = open("/dev/null", O_RDONLY); 3098 FD_ZERO(&fds); 3099 FD_SET(fd, &fds); 3100 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3101 setrlimit(RLIMIT_FSIZE, &rl_zero); 3102 setrlimit(RLIMIT_NOFILE, &rl_zero); 3103 tv.tv_sec = 1; 3104 tv.tv_usec = 0; 3105 r = select(fd+1, &fds, NULL, NULL, &tv); 3106 exit (r == -1 ? 1 : 0); 3107 ]])], 3108 [AC_MSG_RESULT([yes]) 3109 select_works_with_rlimit=yes], 3110 [AC_MSG_RESULT([no]) 3111 select_works_with_rlimit=no], 3112 [AC_MSG_WARN([cross compiling: assuming yes])] 3113) 3114 3115AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3116AC_RUN_IFELSE( 3117 [AC_LANG_PROGRAM([[ 3118#include <sys/types.h> 3119#ifdef HAVE_SYS_TIME_H 3120# include <sys/time.h> 3121#endif 3122#include <sys/resource.h> 3123#include <errno.h> 3124#include <stdlib.h> 3125 ]],[[ 3126 struct rlimit rl_zero; 3127 int fd, r; 3128 fd_set fds; 3129 3130 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3131 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3132 exit (r == -1 ? 1 : 0); 3133 ]])], 3134 [AC_MSG_RESULT([yes]) 3135 rlimit_nofile_zero_works=yes], 3136 [AC_MSG_RESULT([no]) 3137 rlimit_nofile_zero_works=no], 3138 [AC_MSG_WARN([cross compiling: assuming yes])] 3139) 3140 3141AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3142AC_RUN_IFELSE( 3143 [AC_LANG_PROGRAM([[ 3144#include <sys/types.h> 3145#include <sys/resource.h> 3146#include <stdlib.h> 3147 ]],[[ 3148 struct rlimit rl_zero; 3149 3150 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3151 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3152 ]])], 3153 [AC_MSG_RESULT([yes])], 3154 [AC_MSG_RESULT([no]) 3155 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3156 [setrlimit RLIMIT_FSIZE works])], 3157 [AC_MSG_WARN([cross compiling: assuming yes])] 3158) 3159 3160if test "x$sandbox_arg" = "xsystrace" || \ 3161 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3162 test "x$have_systr_policy_kill" != "x1" && \ 3163 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3164 SANDBOX_STYLE="systrace" 3165 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3166elif test "x$sandbox_arg" = "xdarwin" || \ 3167 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3168 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3169 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3170 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3171 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3172 SANDBOX_STYLE="darwin" 3173 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3174elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3175 ( test -z "$sandbox_arg" && \ 3176 test "x$have_seccomp_filter" = "x1" && \ 3177 test "x$ac_cv_header_elf_h" = "xyes" && \ 3178 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3179 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3180 test "x$seccomp_audit_arch" != "x" && \ 3181 test "x$have_linux_no_new_privs" = "x1" && \ 3182 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3183 test "x$seccomp_audit_arch" = "x" && \ 3184 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3185 test "x$have_linux_no_new_privs" != "x1" && \ 3186 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3187 test "x$have_seccomp_filter" != "x1" && \ 3188 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3189 test "x$ac_cv_func_prctl" != "xyes" && \ 3190 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3191 SANDBOX_STYLE="seccomp_filter" 3192 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3193elif test "x$sandbox_arg" = "xcapsicum" || \ 3194 ( test -z "$sandbox_arg" && \ 3195 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3196 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3197 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3198 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3199 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3200 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3201 SANDBOX_STYLE="capsicum" 3202 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3203elif test "x$sandbox_arg" = "xrlimit" || \ 3204 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3205 test "x$select_works_with_rlimit" = "xyes" && \ 3206 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3207 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3208 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3209 test "x$select_works_with_rlimit" != "xyes" && \ 3210 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3211 SANDBOX_STYLE="rlimit" 3212 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3213elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3214 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3215 SANDBOX_STYLE="none" 3216 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3217else 3218 AC_MSG_ERROR([unsupported --with-sandbox]) 3219fi 3220 3221# Cheap hack to ensure NEWS-OS libraries are arranged right. 3222if test ! -z "$SONY" ; then 3223 LIBS="$LIBS -liberty"; 3224fi 3225 3226# Check for long long datatypes 3227AC_CHECK_TYPES([long long, unsigned long long, long double]) 3228 3229# Check datatype sizes 3230AC_CHECK_SIZEOF([short int], [2]) 3231AC_CHECK_SIZEOF([int], [4]) 3232AC_CHECK_SIZEOF([long int], [4]) 3233AC_CHECK_SIZEOF([long long int], [8]) 3234 3235# Sanity check long long for some platforms (AIX) 3236if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3237 ac_cv_sizeof_long_long_int=0 3238fi 3239 3240# compute LLONG_MIN and LLONG_MAX if we don't know them. 3241if test -z "$have_llong_max"; then 3242 AC_MSG_CHECKING([for max value of long long]) 3243 AC_RUN_IFELSE( 3244 [AC_LANG_PROGRAM([[ 3245#include <stdio.h> 3246/* Why is this so damn hard? */ 3247#ifdef __GNUC__ 3248# undef __GNUC__ 3249#endif 3250#define __USE_ISOC99 3251#include <limits.h> 3252#define DATA "conftest.llminmax" 3253#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3254 3255/* 3256 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3257 * we do this the hard way. 3258 */ 3259static int 3260fprint_ll(FILE *f, long long n) 3261{ 3262 unsigned int i; 3263 int l[sizeof(long long) * 8]; 3264 3265 if (n < 0) 3266 if (fprintf(f, "-") < 0) 3267 return -1; 3268 for (i = 0; n != 0; i++) { 3269 l[i] = my_abs(n % 10); 3270 n /= 10; 3271 } 3272 do { 3273 if (fprintf(f, "%d", l[--i]) < 0) 3274 return -1; 3275 } while (i != 0); 3276 if (fprintf(f, " ") < 0) 3277 return -1; 3278 return 0; 3279} 3280 ]], [[ 3281 FILE *f; 3282 long long i, llmin, llmax = 0; 3283 3284 if((f = fopen(DATA,"w")) == NULL) 3285 exit(1); 3286 3287#if defined(LLONG_MIN) && defined(LLONG_MAX) 3288 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3289 llmin = LLONG_MIN; 3290 llmax = LLONG_MAX; 3291#else 3292 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3293 /* This will work on one's complement and two's complement */ 3294 for (i = 1; i > llmax; i <<= 1, i++) 3295 llmax = i; 3296 llmin = llmax + 1LL; /* wrap */ 3297#endif 3298 3299 /* Sanity check */ 3300 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3301 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3302 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3303 fprintf(f, "unknown unknown\n"); 3304 exit(2); 3305 } 3306 3307 if (fprint_ll(f, llmin) < 0) 3308 exit(3); 3309 if (fprint_ll(f, llmax) < 0) 3310 exit(4); 3311 if (fclose(f) < 0) 3312 exit(5); 3313 exit(0); 3314 ]])], 3315 [ 3316 llong_min=`$AWK '{print $1}' conftest.llminmax` 3317 llong_max=`$AWK '{print $2}' conftest.llminmax` 3318 3319 AC_MSG_RESULT([$llong_max]) 3320 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3321 [max value of long long calculated by configure]) 3322 AC_MSG_CHECKING([for min value of long long]) 3323 AC_MSG_RESULT([$llong_min]) 3324 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3325 [min value of long long calculated by configure]) 3326 ], 3327 [ 3328 AC_MSG_RESULT([not found]) 3329 ], 3330 [ 3331 AC_MSG_WARN([cross compiling: not checking]) 3332 ] 3333 ) 3334fi 3335 3336 3337# More checks for data types 3338AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3339 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3340 [[ u_int a; a = 1;]])], 3341 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3342 ]) 3343]) 3344if test "x$ac_cv_have_u_int" = "xyes" ; then 3345 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3346 have_u_int=1 3347fi 3348 3349AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3350 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3351 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3352 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3353 ]) 3354]) 3355if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3356 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3357 have_intxx_t=1 3358fi 3359 3360if (test -z "$have_intxx_t" && \ 3361 test "x$ac_cv_header_stdint_h" = "xyes") 3362then 3363 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3364 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3365 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3366 [ 3367 AC_DEFINE([HAVE_INTXX_T]) 3368 AC_MSG_RESULT([yes]) 3369 ], [ AC_MSG_RESULT([no]) 3370 ]) 3371fi 3372 3373AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3374 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3375#include <sys/types.h> 3376#ifdef HAVE_STDINT_H 3377# include <stdint.h> 3378#endif 3379#include <sys/socket.h> 3380#ifdef HAVE_SYS_BITYPES_H 3381# include <sys/bitypes.h> 3382#endif 3383 ]], [[ 3384int64_t a; a = 1; 3385 ]])], 3386 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3387 ]) 3388]) 3389if test "x$ac_cv_have_int64_t" = "xyes" ; then 3390 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3391fi 3392 3393AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3394 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3395 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3396 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3397 ]) 3398]) 3399if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3400 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3401 have_u_intxx_t=1 3402fi 3403 3404if test -z "$have_u_intxx_t" ; then 3405 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3406 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3407 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3408 [ 3409 AC_DEFINE([HAVE_U_INTXX_T]) 3410 AC_MSG_RESULT([yes]) 3411 ], [ AC_MSG_RESULT([no]) 3412 ]) 3413fi 3414 3415AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3416 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3417 [[ u_int64_t a; a = 1;]])], 3418 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3419 ]) 3420]) 3421if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3422 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3423 have_u_int64_t=1 3424fi 3425 3426if (test -z "$have_u_int64_t" && \ 3427 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3428then 3429 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3430 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3431 [[ u_int64_t a; a = 1]])], 3432 [ 3433 AC_DEFINE([HAVE_U_INT64_T]) 3434 AC_MSG_RESULT([yes]) 3435 ], [ AC_MSG_RESULT([no]) 3436 ]) 3437fi 3438 3439if test -z "$have_u_intxx_t" ; then 3440 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3442#include <sys/types.h> 3443 ]], [[ 3444 uint8_t a; 3445 uint16_t b; 3446 uint32_t c; 3447 a = b = c = 1; 3448 ]])], 3449 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3450 ]) 3451 ]) 3452 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3453 AC_DEFINE([HAVE_UINTXX_T], [1], 3454 [define if you have uintxx_t data type]) 3455 fi 3456fi 3457 3458if (test -z "$have_uintxx_t" && \ 3459 test "x$ac_cv_header_stdint_h" = "xyes") 3460then 3461 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3463 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3464 [ 3465 AC_DEFINE([HAVE_UINTXX_T]) 3466 AC_MSG_RESULT([yes]) 3467 ], [ AC_MSG_RESULT([no]) 3468 ]) 3469fi 3470 3471if (test -z "$have_uintxx_t" && \ 3472 test "x$ac_cv_header_inttypes_h" = "xyes") 3473then 3474 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3475 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3476 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3477 [ 3478 AC_DEFINE([HAVE_UINTXX_T]) 3479 AC_MSG_RESULT([yes]) 3480 ], [ AC_MSG_RESULT([no]) 3481 ]) 3482fi 3483 3484if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3485 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3486then 3487 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3488 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3489#include <sys/bitypes.h> 3490 ]], [[ 3491 int8_t a; int16_t b; int32_t c; 3492 u_int8_t e; u_int16_t f; u_int32_t g; 3493 a = b = c = e = f = g = 1; 3494 ]])], 3495 [ 3496 AC_DEFINE([HAVE_U_INTXX_T]) 3497 AC_DEFINE([HAVE_INTXX_T]) 3498 AC_MSG_RESULT([yes]) 3499 ], [AC_MSG_RESULT([no]) 3500 ]) 3501fi 3502 3503 3504AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3505 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3506 [[ u_char foo; foo = 125; ]])], 3507 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3508 ]) 3509]) 3510if test "x$ac_cv_have_u_char" = "xyes" ; then 3511 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3512fi 3513 3514AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3515#include <sys/types.h> 3516#include <stdint.h> 3517]) 3518 3519TYPE_SOCKLEN_T 3520 3521AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3522AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3523#include <sys/types.h> 3524#ifdef HAVE_SYS_BITYPES_H 3525#include <sys/bitypes.h> 3526#endif 3527#ifdef HAVE_SYS_STATFS_H 3528#include <sys/statfs.h> 3529#endif 3530#ifdef HAVE_SYS_STATVFS_H 3531#include <sys/statvfs.h> 3532#endif 3533]) 3534 3535AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3536[#include <sys/types.h> 3537#include <netinet/in.h>]) 3538 3539AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3540 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3541 [[ size_t foo; foo = 1235; ]])], 3542 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3543 ]) 3544]) 3545if test "x$ac_cv_have_size_t" = "xyes" ; then 3546 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3547fi 3548 3549AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3550 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3551 [[ ssize_t foo; foo = 1235; ]])], 3552 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3553 ]) 3554]) 3555if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3556 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3557fi 3558 3559AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3560 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3561 [[ clock_t foo; foo = 1235; ]])], 3562 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3563 ]) 3564]) 3565if test "x$ac_cv_have_clock_t" = "xyes" ; then 3566 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3567fi 3568 3569AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3570 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3571#include <sys/types.h> 3572#include <sys/socket.h> 3573 ]], [[ sa_family_t foo; foo = 1235; ]])], 3574 [ ac_cv_have_sa_family_t="yes" ], 3575 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3576#include <sys/types.h> 3577#include <sys/socket.h> 3578#include <netinet/in.h> 3579 ]], [[ sa_family_t foo; foo = 1235; ]])], 3580 [ ac_cv_have_sa_family_t="yes" ], 3581 [ ac_cv_have_sa_family_t="no" ] 3582 ) 3583 ]) 3584]) 3585if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3586 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3587 [define if you have sa_family_t data type]) 3588fi 3589 3590AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3591 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3592 [[ pid_t foo; foo = 1235; ]])], 3593 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3594 ]) 3595]) 3596if test "x$ac_cv_have_pid_t" = "xyes" ; then 3597 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3598fi 3599 3600AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3601 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3602 [[ mode_t foo; foo = 1235; ]])], 3603 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3604 ]) 3605]) 3606if test "x$ac_cv_have_mode_t" = "xyes" ; then 3607 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3608fi 3609 3610 3611AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3612 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3613#include <sys/types.h> 3614#include <sys/socket.h> 3615 ]], [[ struct sockaddr_storage s; ]])], 3616 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3617 [ ac_cv_have_struct_sockaddr_storage="no" 3618 ]) 3619]) 3620if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3621 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3622 [define if you have struct sockaddr_storage data type]) 3623fi 3624 3625AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3626 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3627#include <sys/types.h> 3628#include <netinet/in.h> 3629 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3630 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3631 [ ac_cv_have_struct_sockaddr_in6="no" 3632 ]) 3633]) 3634if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3635 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3636 [define if you have struct sockaddr_in6 data type]) 3637fi 3638 3639AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3640 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3641#include <sys/types.h> 3642#include <netinet/in.h> 3643 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3644 [ ac_cv_have_struct_in6_addr="yes" ], 3645 [ ac_cv_have_struct_in6_addr="no" 3646 ]) 3647]) 3648if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3649 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3650 [define if you have struct in6_addr data type]) 3651 3652dnl Now check for sin6_scope_id 3653 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3654 [ 3655#ifdef HAVE_SYS_TYPES_H 3656#include <sys/types.h> 3657#endif 3658#include <netinet/in.h> 3659 ]) 3660fi 3661 3662AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3663 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3664#include <sys/types.h> 3665#include <sys/socket.h> 3666#include <netdb.h> 3667 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3668 [ ac_cv_have_struct_addrinfo="yes" ], 3669 [ ac_cv_have_struct_addrinfo="no" 3670 ]) 3671]) 3672if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3673 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3674 [define if you have struct addrinfo data type]) 3675fi 3676 3677AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3678 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3679 [[ struct timeval tv; tv.tv_sec = 1;]])], 3680 [ ac_cv_have_struct_timeval="yes" ], 3681 [ ac_cv_have_struct_timeval="no" 3682 ]) 3683]) 3684if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3685 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3686 have_struct_timeval=1 3687fi 3688 3689AC_CHECK_TYPES([struct timespec]) 3690 3691# We need int64_t or else certian parts of the compile will fail. 3692if test "x$ac_cv_have_int64_t" = "xno" && \ 3693 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3694 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3695 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3696 echo "an alternative compiler (I.E., GCC) before continuing." 3697 echo "" 3698 exit 1; 3699else 3700dnl test snprintf (broken on SCO w/gcc) 3701 AC_RUN_IFELSE( 3702 [AC_LANG_SOURCE([[ 3703#include <stdio.h> 3704#include <string.h> 3705#ifdef HAVE_SNPRINTF 3706main() 3707{ 3708 char buf[50]; 3709 char expected_out[50]; 3710 int mazsize = 50 ; 3711#if (SIZEOF_LONG_INT == 8) 3712 long int num = 0x7fffffffffffffff; 3713#else 3714 long long num = 0x7fffffffffffffffll; 3715#endif 3716 strcpy(expected_out, "9223372036854775807"); 3717 snprintf(buf, mazsize, "%lld", num); 3718 if(strcmp(buf, expected_out) != 0) 3719 exit(1); 3720 exit(0); 3721} 3722#else 3723main() { exit(0); } 3724#endif 3725 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3726 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3727 ) 3728fi 3729 3730dnl Checks for structure members 3731OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3732OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3733OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3734OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3735OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3736OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3737OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3738OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3739OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3740OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3741OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3742OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3743OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3744OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3745OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3746OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3747OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3748 3749AC_CHECK_MEMBERS([struct stat.st_blksize]) 3750AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3751struct passwd.pw_change, struct passwd.pw_expire], 3752[], [], [[ 3753#include <sys/types.h> 3754#include <pwd.h> 3755]]) 3756 3757AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3758 [Define if we don't have struct __res_state in resolv.h])], 3759[[ 3760#include <stdio.h> 3761#if HAVE_SYS_TYPES_H 3762# include <sys/types.h> 3763#endif 3764#include <netinet/in.h> 3765#include <arpa/nameser.h> 3766#include <resolv.h> 3767]]) 3768 3769AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3770 ac_cv_have_ss_family_in_struct_ss, [ 3771 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3772#include <sys/types.h> 3773#include <sys/socket.h> 3774 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3775 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3776 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3777]) 3778if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3779 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3780fi 3781 3782AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3783 ac_cv_have___ss_family_in_struct_ss, [ 3784 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3785#include <sys/types.h> 3786#include <sys/socket.h> 3787 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3788 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3789 [ ac_cv_have___ss_family_in_struct_ss="no" 3790 ]) 3791]) 3792if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3793 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3794 [Fields in struct sockaddr_storage]) 3795fi 3796 3797dnl make sure we're using the real structure members and not defines 3798AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3799 ac_cv_have_accrights_in_msghdr, [ 3800 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3801#include <sys/types.h> 3802#include <sys/socket.h> 3803#include <sys/uio.h> 3804 ]], [[ 3805#ifdef msg_accrights 3806#error "msg_accrights is a macro" 3807exit(1); 3808#endif 3809struct msghdr m; 3810m.msg_accrights = 0; 3811exit(0); 3812 ]])], 3813 [ ac_cv_have_accrights_in_msghdr="yes" ], 3814 [ ac_cv_have_accrights_in_msghdr="no" ] 3815 ) 3816]) 3817if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3818 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3819 [Define if your system uses access rights style 3820 file descriptor passing]) 3821fi 3822 3823AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3824AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3825#include <sys/param.h> 3826#include <sys/stat.h> 3827#ifdef HAVE_SYS_TIME_H 3828# include <sys/time.h> 3829#endif 3830#ifdef HAVE_SYS_MOUNT_H 3831#include <sys/mount.h> 3832#endif 3833#ifdef HAVE_SYS_STATVFS_H 3834#include <sys/statvfs.h> 3835#endif 3836 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3837 [ AC_MSG_RESULT([yes]) ], 3838 [ AC_MSG_RESULT([no]) 3839 3840 AC_MSG_CHECKING([if fsid_t has member val]) 3841 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3842#include <sys/types.h> 3843#include <sys/statvfs.h> 3844 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3845 [ AC_MSG_RESULT([yes]) 3846 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3847 [ AC_MSG_RESULT([no]) ]) 3848 3849 AC_MSG_CHECKING([if f_fsid has member __val]) 3850 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3851#include <sys/types.h> 3852#include <sys/statvfs.h> 3853 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3854 [ AC_MSG_RESULT([yes]) 3855 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3856 [ AC_MSG_RESULT([no]) ]) 3857]) 3858 3859AC_CACHE_CHECK([for msg_control field in struct msghdr], 3860 ac_cv_have_control_in_msghdr, [ 3861 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3862#include <sys/types.h> 3863#include <sys/socket.h> 3864#include <sys/uio.h> 3865 ]], [[ 3866#ifdef msg_control 3867#error "msg_control is a macro" 3868exit(1); 3869#endif 3870struct msghdr m; 3871m.msg_control = 0; 3872exit(0); 3873 ]])], 3874 [ ac_cv_have_control_in_msghdr="yes" ], 3875 [ ac_cv_have_control_in_msghdr="no" ] 3876 ) 3877]) 3878if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3879 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3880 [Define if your system uses ancillary data style 3881 file descriptor passing]) 3882fi 3883 3884AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3885 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3886 [[ extern char *__progname; printf("%s", __progname); ]])], 3887 [ ac_cv_libc_defines___progname="yes" ], 3888 [ ac_cv_libc_defines___progname="no" 3889 ]) 3890]) 3891if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3892 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3893fi 3894 3895AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3896 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3897 [[ printf("%s", __FUNCTION__); ]])], 3898 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3899 [ ac_cv_cc_implements___FUNCTION__="no" 3900 ]) 3901]) 3902if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 3903 AC_DEFINE([HAVE___FUNCTION__], [1], 3904 [Define if compiler implements __FUNCTION__]) 3905fi 3906 3907AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 3908 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3909 [[ printf("%s", __func__); ]])], 3910 [ ac_cv_cc_implements___func__="yes" ], 3911 [ ac_cv_cc_implements___func__="no" 3912 ]) 3913]) 3914if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 3915 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 3916fi 3917 3918AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 3919 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3920#include <stdarg.h> 3921va_list x,y; 3922 ]], [[ va_copy(x,y); ]])], 3923 [ ac_cv_have_va_copy="yes" ], 3924 [ ac_cv_have_va_copy="no" 3925 ]) 3926]) 3927if test "x$ac_cv_have_va_copy" = "xyes" ; then 3928 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 3929fi 3930 3931AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 3932 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3933#include <stdarg.h> 3934va_list x,y; 3935 ]], [[ __va_copy(x,y); ]])], 3936 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 3937 ]) 3938]) 3939if test "x$ac_cv_have___va_copy" = "xyes" ; then 3940 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 3941fi 3942 3943AC_CACHE_CHECK([whether getopt has optreset support], 3944 ac_cv_have_getopt_optreset, [ 3945 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 3946 [[ extern int optreset; optreset = 0; ]])], 3947 [ ac_cv_have_getopt_optreset="yes" ], 3948 [ ac_cv_have_getopt_optreset="no" 3949 ]) 3950]) 3951if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 3952 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 3953 [Define if your getopt(3) defines and uses optreset]) 3954fi 3955 3956AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 3957 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3958[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 3959 [ ac_cv_libc_defines_sys_errlist="yes" ], 3960 [ ac_cv_libc_defines_sys_errlist="no" 3961 ]) 3962]) 3963if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 3964 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 3965 [Define if your system defines sys_errlist[]]) 3966fi 3967 3968 3969AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 3970 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3971[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 3972 [ ac_cv_libc_defines_sys_nerr="yes" ], 3973 [ ac_cv_libc_defines_sys_nerr="no" 3974 ]) 3975]) 3976if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 3977 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 3978fi 3979 3980# Check libraries needed by DNS fingerprint support 3981AC_SEARCH_LIBS([getrrsetbyname], [resolv], 3982 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 3983 [Define if getrrsetbyname() exists])], 3984 [ 3985 # Needed by our getrrsetbyname() 3986 AC_SEARCH_LIBS([res_query], [resolv]) 3987 AC_SEARCH_LIBS([dn_expand], [resolv]) 3988 AC_MSG_CHECKING([if res_query will link]) 3989 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3990#include <sys/types.h> 3991#include <netinet/in.h> 3992#include <arpa/nameser.h> 3993#include <netdb.h> 3994#include <resolv.h> 3995 ]], [[ 3996 res_query (0, 0, 0, 0, 0); 3997 ]])], 3998 AC_MSG_RESULT([yes]), 3999 [AC_MSG_RESULT([no]) 4000 saved_LIBS="$LIBS" 4001 LIBS="$LIBS -lresolv" 4002 AC_MSG_CHECKING([for res_query in -lresolv]) 4003 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4004#include <sys/types.h> 4005#include <netinet/in.h> 4006#include <arpa/nameser.h> 4007#include <netdb.h> 4008#include <resolv.h> 4009 ]], [[ 4010 res_query (0, 0, 0, 0, 0); 4011 ]])], 4012 [AC_MSG_RESULT([yes])], 4013 [LIBS="$saved_LIBS" 4014 AC_MSG_RESULT([no])]) 4015 ]) 4016 AC_CHECK_FUNCS([_getshort _getlong]) 4017 AC_CHECK_DECLS([_getshort, _getlong], , , 4018 [#include <sys/types.h> 4019 #include <arpa/nameser.h>]) 4020 AC_CHECK_MEMBER([HEADER.ad], 4021 [AC_DEFINE([HAVE_HEADER_AD], [1], 4022 [Define if HEADER.ad exists in arpa/nameser.h])], , 4023 [#include <arpa/nameser.h>]) 4024 ]) 4025 4026AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4027AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4028#include <stdio.h> 4029#if HAVE_SYS_TYPES_H 4030# include <sys/types.h> 4031#endif 4032#include <netinet/in.h> 4033#include <arpa/nameser.h> 4034#include <resolv.h> 4035extern struct __res_state _res; 4036 ]], [[ ]])], 4037 [AC_MSG_RESULT([yes]) 4038 AC_DEFINE([HAVE__RES_EXTERN], [1], 4039 [Define if you have struct __res_state _res as an extern]) 4040 ], 4041 [ AC_MSG_RESULT([no]) ] 4042) 4043 4044# Check whether user wants SELinux support 4045SELINUX_MSG="no" 4046LIBSELINUX="" 4047AC_ARG_WITH([selinux], 4048 [ --with-selinux Enable SELinux support], 4049 [ if test "x$withval" != "xno" ; then 4050 save_LIBS="$LIBS" 4051 AC_DEFINE([WITH_SELINUX], [1], 4052 [Define if you want SELinux support.]) 4053 SELINUX_MSG="yes" 4054 AC_CHECK_HEADER([selinux/selinux.h], , 4055 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4056 AC_CHECK_LIB([selinux], [setexeccon], 4057 [ LIBSELINUX="-lselinux" 4058 LIBS="$LIBS -lselinux" 4059 ], 4060 AC_MSG_ERROR([SELinux support requires libselinux library])) 4061 SSHLIBS="$SSHLIBS $LIBSELINUX" 4062 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4063 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4064 LIBS="$save_LIBS" 4065 fi ] 4066) 4067AC_SUBST([SSHLIBS]) 4068AC_SUBST([SSHDLIBS]) 4069 4070# Check whether user wants Kerberos 5 support 4071KRB5_MSG="no" 4072AC_ARG_WITH([kerberos5], 4073 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4074 [ if test "x$withval" != "xno" ; then 4075 if test "x$withval" = "xyes" ; then 4076 KRB5ROOT="/usr/local" 4077 else 4078 KRB5ROOT=${withval} 4079 fi 4080 4081 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4082 KRB5_MSG="yes" 4083 4084 AC_PATH_PROG([KRB5CONF], [krb5-config], 4085 [$KRB5ROOT/bin/krb5-config], 4086 [$KRB5ROOT/bin:$PATH]) 4087 if test -x $KRB5CONF ; then 4088 K5CFLAGS="`$KRB5CONF --cflags`" 4089 K5LIBS="`$KRB5CONF --libs`" 4090 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4091 4092 AC_MSG_CHECKING([for gssapi support]) 4093 if $KRB5CONF | grep gssapi >/dev/null ; then 4094 AC_MSG_RESULT([yes]) 4095 AC_DEFINE([GSSAPI], [1], 4096 [Define this if you want GSSAPI 4097 support in the version 2 protocol]) 4098 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4099 GSSLIBS="`$KRB5CONF --libs gssapi`" 4100 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4101 else 4102 AC_MSG_RESULT([no]) 4103 fi 4104 AC_MSG_CHECKING([whether we are using Heimdal]) 4105 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4106 ]], [[ char *tmp = heimdal_version; ]])], 4107 [ AC_MSG_RESULT([yes]) 4108 AC_DEFINE([HEIMDAL], [1], 4109 [Define this if you are using the Heimdal 4110 version of Kerberos V5]) ], 4111 [AC_MSG_RESULT([no]) 4112 ]) 4113 else 4114 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4115 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4116 AC_MSG_CHECKING([whether we are using Heimdal]) 4117 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4118 ]], [[ char *tmp = heimdal_version; ]])], 4119 [ AC_MSG_RESULT([yes]) 4120 AC_DEFINE([HEIMDAL]) 4121 K5LIBS="-lkrb5" 4122 K5LIBS="$K5LIBS -lcom_err -lasn1" 4123 AC_CHECK_LIB([roken], [net_write], 4124 [K5LIBS="$K5LIBS -lroken"]) 4125 AC_CHECK_LIB([des], [des_cbc_encrypt], 4126 [K5LIBS="$K5LIBS -ldes"]) 4127 ], [ AC_MSG_RESULT([no]) 4128 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4129 4130 ]) 4131 AC_SEARCH_LIBS([dn_expand], [resolv]) 4132 4133 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4134 [ AC_DEFINE([GSSAPI]) 4135 GSSLIBS="-lgssapi_krb5" ], 4136 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4137 [ AC_DEFINE([GSSAPI]) 4138 GSSLIBS="-lgssapi" ], 4139 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4140 [ AC_DEFINE([GSSAPI]) 4141 GSSLIBS="-lgss" ], 4142 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4143 ]) 4144 ]) 4145 4146 AC_CHECK_HEADER([gssapi.h], , 4147 [ unset ac_cv_header_gssapi_h 4148 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4149 AC_CHECK_HEADERS([gssapi.h], , 4150 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4151 ) 4152 ] 4153 ) 4154 4155 oldCPP="$CPPFLAGS" 4156 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4157 AC_CHECK_HEADER([gssapi_krb5.h], , 4158 [ CPPFLAGS="$oldCPP" ]) 4159 4160 fi 4161 if test ! -z "$need_dash_r" ; then 4162 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4163 fi 4164 if test ! -z "$blibpath" ; then 4165 blibpath="$blibpath:${KRB5ROOT}/lib" 4166 fi 4167 4168 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4169 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4170 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4171 4172 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4173 [Define this if you want to use libkafs' AFS support])]) 4174 4175 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4176#ifdef HAVE_GSSAPI_H 4177# include <gssapi.h> 4178#elif defined(HAVE_GSSAPI_GSSAPI_H) 4179# include <gssapi/gssapi.h> 4180#endif 4181 4182#ifdef HAVE_GSSAPI_GENERIC_H 4183# include <gssapi_generic.h> 4184#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4185# include <gssapi/gssapi_generic.h> 4186#endif 4187 ]]) 4188 saved_LIBS="$LIBS" 4189 LIBS="$LIBS $K5LIBS" 4190 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4191 LIBS="$saved_LIBS" 4192 4193 fi 4194 ] 4195) 4196AC_SUBST([GSSLIBS]) 4197AC_SUBST([K5LIBS]) 4198 4199# Looking for programs, paths and files 4200 4201PRIVSEP_PATH=/var/empty 4202AC_ARG_WITH([privsep-path], 4203 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4204 [ 4205 if test -n "$withval" && test "x$withval" != "xno" && \ 4206 test "x${withval}" != "xyes"; then 4207 PRIVSEP_PATH=$withval 4208 fi 4209 ] 4210) 4211AC_SUBST([PRIVSEP_PATH]) 4212 4213AC_ARG_WITH([xauth], 4214 [ --with-xauth=PATH Specify path to xauth program ], 4215 [ 4216 if test -n "$withval" && test "x$withval" != "xno" && \ 4217 test "x${withval}" != "xyes"; then 4218 xauth_path=$withval 4219 fi 4220 ], 4221 [ 4222 TestPath="$PATH" 4223 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4224 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4225 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4226 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4227 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4228 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4229 xauth_path="/usr/openwin/bin/xauth" 4230 fi 4231 ] 4232) 4233 4234STRIP_OPT=-s 4235AC_ARG_ENABLE([strip], 4236 [ --disable-strip Disable calling strip(1) on install], 4237 [ 4238 if test "x$enableval" = "xno" ; then 4239 STRIP_OPT= 4240 fi 4241 ] 4242) 4243AC_SUBST([STRIP_OPT]) 4244 4245if test -z "$xauth_path" ; then 4246 XAUTH_PATH="undefined" 4247 AC_SUBST([XAUTH_PATH]) 4248else 4249 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4250 [Define if xauth is found in your path]) 4251 XAUTH_PATH=$xauth_path 4252 AC_SUBST([XAUTH_PATH]) 4253fi 4254 4255dnl # --with-maildir=/path/to/mail gets top priority. 4256dnl # if maildir is set in the platform case statement above we use that. 4257dnl # Otherwise we run a program to get the dir from system headers. 4258dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4259dnl # If we find _PATH_MAILDIR we do nothing because that is what 4260dnl # session.c expects anyway. Otherwise we set to the value found 4261dnl # stripping any trailing slash. If for some strage reason our program 4262dnl # does not find what it needs, we default to /var/spool/mail. 4263# Check for mail directory 4264AC_ARG_WITH([maildir], 4265 [ --with-maildir=/path/to/mail Specify your system mail directory], 4266 [ 4267 if test "X$withval" != X && test "x$withval" != xno && \ 4268 test "x${withval}" != xyes; then 4269 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4270 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4271 fi 4272 ],[ 4273 if test "X$maildir" != "X"; then 4274 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4275 else 4276 AC_MSG_CHECKING([Discovering system mail directory]) 4277 AC_RUN_IFELSE( 4278 [AC_LANG_PROGRAM([[ 4279#include <stdio.h> 4280#include <string.h> 4281#ifdef HAVE_PATHS_H 4282#include <paths.h> 4283#endif 4284#ifdef HAVE_MAILLOCK_H 4285#include <maillock.h> 4286#endif 4287#define DATA "conftest.maildir" 4288 ]], [[ 4289 FILE *fd; 4290 int rc; 4291 4292 fd = fopen(DATA,"w"); 4293 if(fd == NULL) 4294 exit(1); 4295 4296#if defined (_PATH_MAILDIR) 4297 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4298 exit(1); 4299#elif defined (MAILDIR) 4300 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4301 exit(1); 4302#elif defined (_PATH_MAIL) 4303 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4304 exit(1); 4305#else 4306 exit (2); 4307#endif 4308 4309 exit(0); 4310 ]])], 4311 [ 4312 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4313 maildir=`awk -F: '{print $2}' conftest.maildir \ 4314 | sed 's|/$||'` 4315 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4316 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4317 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4318 fi 4319 ], 4320 [ 4321 if test "X$ac_status" = "X2";then 4322# our test program didn't find it. Default to /var/spool/mail 4323 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4324 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4325 else 4326 AC_MSG_RESULT([*** not found ***]) 4327 fi 4328 ], 4329 [ 4330 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4331 ] 4332 ) 4333 fi 4334 ] 4335) # maildir 4336 4337if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4338 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4339 disable_ptmx_check=yes 4340fi 4341if test -z "$no_dev_ptmx" ; then 4342 if test "x$disable_ptmx_check" != "xyes" ; then 4343 AC_CHECK_FILE(["/dev/ptmx"], 4344 [ 4345 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4346 [Define if you have /dev/ptmx]) 4347 have_dev_ptmx=1 4348 ] 4349 ) 4350 fi 4351fi 4352 4353if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4354 AC_CHECK_FILE(["/dev/ptc"], 4355 [ 4356 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4357 [Define if you have /dev/ptc]) 4358 have_dev_ptc=1 4359 ] 4360 ) 4361else 4362 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4363fi 4364 4365# Options from here on. Some of these are preset by platform above 4366AC_ARG_WITH([mantype], 4367 [ --with-mantype=man|cat|doc Set man page type], 4368 [ 4369 case "$withval" in 4370 man|cat|doc) 4371 MANTYPE=$withval 4372 ;; 4373 *) 4374 AC_MSG_ERROR([invalid man type: $withval]) 4375 ;; 4376 esac 4377 ] 4378) 4379if test -z "$MANTYPE"; then 4380 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4381 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4382 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4383 MANTYPE=doc 4384 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4385 MANTYPE=man 4386 else 4387 MANTYPE=cat 4388 fi 4389fi 4390AC_SUBST([MANTYPE]) 4391if test "$MANTYPE" = "doc"; then 4392 mansubdir=man; 4393else 4394 mansubdir=$MANTYPE; 4395fi 4396AC_SUBST([mansubdir]) 4397 4398# Check whether to enable MD5 passwords 4399MD5_MSG="no" 4400AC_ARG_WITH([md5-passwords], 4401 [ --with-md5-passwords Enable use of MD5 passwords], 4402 [ 4403 if test "x$withval" != "xno" ; then 4404 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4405 [Define if you want to allow MD5 passwords]) 4406 MD5_MSG="yes" 4407 fi 4408 ] 4409) 4410 4411# Whether to disable shadow password support 4412AC_ARG_WITH([shadow], 4413 [ --without-shadow Disable shadow password support], 4414 [ 4415 if test "x$withval" = "xno" ; then 4416 AC_DEFINE([DISABLE_SHADOW]) 4417 disable_shadow=yes 4418 fi 4419 ] 4420) 4421 4422if test -z "$disable_shadow" ; then 4423 AC_MSG_CHECKING([if the systems has expire shadow information]) 4424 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4425#include <sys/types.h> 4426#include <shadow.h> 4427struct spwd sp; 4428 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4429 [ sp_expire_available=yes ], [ 4430 ]) 4431 4432 if test "x$sp_expire_available" = "xyes" ; then 4433 AC_MSG_RESULT([yes]) 4434 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4435 [Define if you want to use shadow password expire field]) 4436 else 4437 AC_MSG_RESULT([no]) 4438 fi 4439fi 4440 4441# Use ip address instead of hostname in $DISPLAY 4442if test ! -z "$IPADDR_IN_DISPLAY" ; then 4443 DISPLAY_HACK_MSG="yes" 4444 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4445 [Define if you need to use IP address 4446 instead of hostname in $DISPLAY]) 4447else 4448 DISPLAY_HACK_MSG="no" 4449 AC_ARG_WITH([ipaddr-display], 4450 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4451 [ 4452 if test "x$withval" != "xno" ; then 4453 AC_DEFINE([IPADDR_IN_DISPLAY]) 4454 DISPLAY_HACK_MSG="yes" 4455 fi 4456 ] 4457 ) 4458fi 4459 4460# check for /etc/default/login and use it if present. 4461AC_ARG_ENABLE([etc-default-login], 4462 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4463 [ if test "x$enableval" = "xno"; then 4464 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4465 etc_default_login=no 4466 else 4467 etc_default_login=yes 4468 fi ], 4469 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4470 then 4471 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4472 etc_default_login=no 4473 else 4474 etc_default_login=yes 4475 fi ] 4476) 4477 4478if test "x$etc_default_login" != "xno"; then 4479 AC_CHECK_FILE(["/etc/default/login"], 4480 [ external_path_file=/etc/default/login ]) 4481 if test "x$external_path_file" = "x/etc/default/login"; then 4482 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4483 [Define if your system has /etc/default/login]) 4484 fi 4485fi 4486 4487dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4488if test $ac_cv_func_login_getcapbool = "yes" && \ 4489 test $ac_cv_header_login_cap_h = "yes" ; then 4490 external_path_file=/etc/login.conf 4491fi 4492 4493# Whether to mess with the default path 4494SERVER_PATH_MSG="(default)" 4495AC_ARG_WITH([default-path], 4496 [ --with-default-path= Specify default $PATH environment for server], 4497 [ 4498 if test "x$external_path_file" = "x/etc/login.conf" ; then 4499 AC_MSG_WARN([ 4500--with-default-path=PATH has no effect on this system. 4501Edit /etc/login.conf instead.]) 4502 elif test "x$withval" != "xno" ; then 4503 if test ! -z "$external_path_file" ; then 4504 AC_MSG_WARN([ 4505--with-default-path=PATH will only be used if PATH is not defined in 4506$external_path_file .]) 4507 fi 4508 user_path="$withval" 4509 SERVER_PATH_MSG="$withval" 4510 fi 4511 ], 4512 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4513 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4514 else 4515 if test ! -z "$external_path_file" ; then 4516 AC_MSG_WARN([ 4517If PATH is defined in $external_path_file, ensure the path to scp is included, 4518otherwise scp will not work.]) 4519 fi 4520 AC_RUN_IFELSE( 4521 [AC_LANG_PROGRAM([[ 4522/* find out what STDPATH is */ 4523#include <stdio.h> 4524#ifdef HAVE_PATHS_H 4525# include <paths.h> 4526#endif 4527#ifndef _PATH_STDPATH 4528# ifdef _PATH_USERPATH /* Irix */ 4529# define _PATH_STDPATH _PATH_USERPATH 4530# else 4531# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4532# endif 4533#endif 4534#include <sys/types.h> 4535#include <sys/stat.h> 4536#include <fcntl.h> 4537#define DATA "conftest.stdpath" 4538 ]], [[ 4539 FILE *fd; 4540 int rc; 4541 4542 fd = fopen(DATA,"w"); 4543 if(fd == NULL) 4544 exit(1); 4545 4546 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4547 exit(1); 4548 4549 exit(0); 4550 ]])], 4551 [ user_path=`cat conftest.stdpath` ], 4552 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4553 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4554 ) 4555# make sure $bindir is in USER_PATH so scp will work 4556 t_bindir="${bindir}" 4557 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4558 t_bindir=`eval echo ${t_bindir}` 4559 case $t_bindir in 4560 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4561 esac 4562 case $t_bindir in 4563 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4564 esac 4565 done 4566 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4567 if test $? -ne 0 ; then 4568 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4569 if test $? -ne 0 ; then 4570 user_path=$user_path:$t_bindir 4571 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4572 fi 4573 fi 4574 fi ] 4575) 4576if test "x$external_path_file" != "x/etc/login.conf" ; then 4577 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4578 AC_SUBST([user_path]) 4579fi 4580 4581# Set superuser path separately to user path 4582AC_ARG_WITH([superuser-path], 4583 [ --with-superuser-path= Specify different path for super-user], 4584 [ 4585 if test -n "$withval" && test "x$withval" != "xno" && \ 4586 test "x${withval}" != "xyes"; then 4587 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4588 [Define if you want a different $PATH 4589 for the superuser]) 4590 superuser_path=$withval 4591 fi 4592 ] 4593) 4594 4595 4596AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4597IPV4_IN6_HACK_MSG="no" 4598AC_ARG_WITH(4in6, 4599 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4600 [ 4601 if test "x$withval" != "xno" ; then 4602 AC_MSG_RESULT([yes]) 4603 AC_DEFINE([IPV4_IN_IPV6], [1], 4604 [Detect IPv4 in IPv6 mapped addresses 4605 and treat as IPv4]) 4606 IPV4_IN6_HACK_MSG="yes" 4607 else 4608 AC_MSG_RESULT([no]) 4609 fi 4610 ], [ 4611 if test "x$inet6_default_4in6" = "xyes"; then 4612 AC_MSG_RESULT([yes (default)]) 4613 AC_DEFINE([IPV4_IN_IPV6]) 4614 IPV4_IN6_HACK_MSG="yes" 4615 else 4616 AC_MSG_RESULT([no (default)]) 4617 fi 4618 ] 4619) 4620 4621# Whether to enable BSD auth support 4622BSD_AUTH_MSG=no 4623AC_ARG_WITH([bsd-auth], 4624 [ --with-bsd-auth Enable BSD auth support], 4625 [ 4626 if test "x$withval" != "xno" ; then 4627 AC_DEFINE([BSD_AUTH], [1], 4628 [Define if you have BSD auth support]) 4629 BSD_AUTH_MSG=yes 4630 fi 4631 ] 4632) 4633 4634# Where to place sshd.pid 4635piddir=/var/run 4636# make sure the directory exists 4637if test ! -d $piddir ; then 4638 piddir=`eval echo ${sysconfdir}` 4639 case $piddir in 4640 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4641 esac 4642fi 4643 4644AC_ARG_WITH([pid-dir], 4645 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4646 [ 4647 if test -n "$withval" && test "x$withval" != "xno" && \ 4648 test "x${withval}" != "xyes"; then 4649 piddir=$withval 4650 if test ! -d $piddir ; then 4651 AC_MSG_WARN([** no $piddir directory on this system **]) 4652 fi 4653 fi 4654 ] 4655) 4656 4657AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4658 [Specify location of ssh.pid]) 4659AC_SUBST([piddir]) 4660 4661dnl allow user to disable some login recording features 4662AC_ARG_ENABLE([lastlog], 4663 [ --disable-lastlog disable use of lastlog even if detected [no]], 4664 [ 4665 if test "x$enableval" = "xno" ; then 4666 AC_DEFINE([DISABLE_LASTLOG]) 4667 fi 4668 ] 4669) 4670AC_ARG_ENABLE([utmp], 4671 [ --disable-utmp disable use of utmp even if detected [no]], 4672 [ 4673 if test "x$enableval" = "xno" ; then 4674 AC_DEFINE([DISABLE_UTMP]) 4675 fi 4676 ] 4677) 4678AC_ARG_ENABLE([utmpx], 4679 [ --disable-utmpx disable use of utmpx even if detected [no]], 4680 [ 4681 if test "x$enableval" = "xno" ; then 4682 AC_DEFINE([DISABLE_UTMPX], [1], 4683 [Define if you don't want to use utmpx]) 4684 fi 4685 ] 4686) 4687AC_ARG_ENABLE([wtmp], 4688 [ --disable-wtmp disable use of wtmp even if detected [no]], 4689 [ 4690 if test "x$enableval" = "xno" ; then 4691 AC_DEFINE([DISABLE_WTMP]) 4692 fi 4693 ] 4694) 4695AC_ARG_ENABLE([wtmpx], 4696 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4697 [ 4698 if test "x$enableval" = "xno" ; then 4699 AC_DEFINE([DISABLE_WTMPX], [1], 4700 [Define if you don't want to use wtmpx]) 4701 fi 4702 ] 4703) 4704AC_ARG_ENABLE([libutil], 4705 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4706 [ 4707 if test "x$enableval" = "xno" ; then 4708 AC_DEFINE([DISABLE_LOGIN]) 4709 fi 4710 ] 4711) 4712AC_ARG_ENABLE([pututline], 4713 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4714 [ 4715 if test "x$enableval" = "xno" ; then 4716 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4717 [Define if you don't want to use pututline() 4718 etc. to write [uw]tmp]) 4719 fi 4720 ] 4721) 4722AC_ARG_ENABLE([pututxline], 4723 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4724 [ 4725 if test "x$enableval" = "xno" ; then 4726 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4727 [Define if you don't want to use pututxline() 4728 etc. to write [uw]tmpx]) 4729 fi 4730 ] 4731) 4732AC_ARG_WITH([lastlog], 4733 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4734 [ 4735 if test "x$withval" = "xno" ; then 4736 AC_DEFINE([DISABLE_LASTLOG]) 4737 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4738 conf_lastlog_location=$withval 4739 fi 4740 ] 4741) 4742 4743dnl lastlog, [uw]tmpx? detection 4744dnl NOTE: set the paths in the platform section to avoid the 4745dnl need for command-line parameters 4746dnl lastlog and [uw]tmp are subject to a file search if all else fails 4747 4748dnl lastlog detection 4749dnl NOTE: the code itself will detect if lastlog is a directory 4750AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4751AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4752#include <sys/types.h> 4753#include <utmp.h> 4754#ifdef HAVE_LASTLOG_H 4755# include <lastlog.h> 4756#endif 4757#ifdef HAVE_PATHS_H 4758# include <paths.h> 4759#endif 4760#ifdef HAVE_LOGIN_H 4761# include <login.h> 4762#endif 4763 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4764 [ AC_MSG_RESULT([yes]) ], 4765 [ 4766 AC_MSG_RESULT([no]) 4767 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4768 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4769#include <sys/types.h> 4770#include <utmp.h> 4771#ifdef HAVE_LASTLOG_H 4772# include <lastlog.h> 4773#endif 4774#ifdef HAVE_PATHS_H 4775# include <paths.h> 4776#endif 4777 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4778 [ AC_MSG_RESULT([yes]) ], 4779 [ 4780 AC_MSG_RESULT([no]) 4781 system_lastlog_path=no 4782 ]) 4783]) 4784 4785if test -z "$conf_lastlog_location"; then 4786 if test x"$system_lastlog_path" = x"no" ; then 4787 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4788 if (test -d "$f" || test -f "$f") ; then 4789 conf_lastlog_location=$f 4790 fi 4791 done 4792 if test -z "$conf_lastlog_location"; then 4793 AC_MSG_WARN([** Cannot find lastlog **]) 4794 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4795 fi 4796 fi 4797fi 4798 4799if test -n "$conf_lastlog_location"; then 4800 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4801 [Define if you want to specify the path to your lastlog file]) 4802fi 4803 4804dnl utmp detection 4805AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4806AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4807#include <sys/types.h> 4808#include <utmp.h> 4809#ifdef HAVE_PATHS_H 4810# include <paths.h> 4811#endif 4812 ]], [[ char *utmp = UTMP_FILE; ]])], 4813 [ AC_MSG_RESULT([yes]) ], 4814 [ AC_MSG_RESULT([no]) 4815 system_utmp_path=no 4816]) 4817if test -z "$conf_utmp_location"; then 4818 if test x"$system_utmp_path" = x"no" ; then 4819 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4820 if test -f $f ; then 4821 conf_utmp_location=$f 4822 fi 4823 done 4824 if test -z "$conf_utmp_location"; then 4825 AC_DEFINE([DISABLE_UTMP]) 4826 fi 4827 fi 4828fi 4829if test -n "$conf_utmp_location"; then 4830 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4831 [Define if you want to specify the path to your utmp file]) 4832fi 4833 4834dnl wtmp detection 4835AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4836AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4837#include <sys/types.h> 4838#include <utmp.h> 4839#ifdef HAVE_PATHS_H 4840# include <paths.h> 4841#endif 4842 ]], [[ char *wtmp = WTMP_FILE; ]])], 4843 [ AC_MSG_RESULT([yes]) ], 4844 [ AC_MSG_RESULT([no]) 4845 system_wtmp_path=no 4846]) 4847if test -z "$conf_wtmp_location"; then 4848 if test x"$system_wtmp_path" = x"no" ; then 4849 for f in /usr/adm/wtmp /var/log/wtmp; do 4850 if test -f $f ; then 4851 conf_wtmp_location=$f 4852 fi 4853 done 4854 if test -z "$conf_wtmp_location"; then 4855 AC_DEFINE([DISABLE_WTMP]) 4856 fi 4857 fi 4858fi 4859if test -n "$conf_wtmp_location"; then 4860 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4861 [Define if you want to specify the path to your wtmp file]) 4862fi 4863 4864dnl wtmpx detection 4865AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4866AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4867#include <sys/types.h> 4868#include <utmp.h> 4869#ifdef HAVE_UTMPX_H 4870#include <utmpx.h> 4871#endif 4872#ifdef HAVE_PATHS_H 4873# include <paths.h> 4874#endif 4875 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4876 [ AC_MSG_RESULT([yes]) ], 4877 [ AC_MSG_RESULT([no]) 4878 system_wtmpx_path=no 4879]) 4880if test -z "$conf_wtmpx_location"; then 4881 if test x"$system_wtmpx_path" = x"no" ; then 4882 AC_DEFINE([DISABLE_WTMPX]) 4883 fi 4884else 4885 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4886 [Define if you want to specify the path to your wtmpx file]) 4887fi 4888 4889 4890if test ! -z "$blibpath" ; then 4891 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4892 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4893fi 4894 4895AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4896 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4897 AC_DEFINE([DISABLE_LASTLOG]) 4898 fi 4899 ], [ 4900#ifdef HAVE_SYS_TYPES_H 4901#include <sys/types.h> 4902#endif 4903#ifdef HAVE_UTMP_H 4904#include <utmp.h> 4905#endif 4906#ifdef HAVE_UTMPX_H 4907#include <utmpx.h> 4908#endif 4909#ifdef HAVE_LASTLOG_H 4910#include <lastlog.h> 4911#endif 4912 ]) 4913 4914AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 4915 AC_DEFINE([DISABLE_UTMP]) 4916 AC_DEFINE([DISABLE_WTMP]) 4917 ], [ 4918#ifdef HAVE_SYS_TYPES_H 4919#include <sys/types.h> 4920#endif 4921#ifdef HAVE_UTMP_H 4922#include <utmp.h> 4923#endif 4924#ifdef HAVE_UTMPX_H 4925#include <utmpx.h> 4926#endif 4927#ifdef HAVE_LASTLOG_H 4928#include <lastlog.h> 4929#endif 4930 ]) 4931 4932dnl Adding -Werror to CFLAGS early prevents configure tests from running. 4933dnl Add now. 4934CFLAGS="$CFLAGS $werror_flags" 4935 4936if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 4937 TEST_SSH_IPV6=no 4938else 4939 TEST_SSH_IPV6=yes 4940fi 4941AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 4942AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 4943AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 4944AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 4945 4946AC_EXEEXT 4947AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 4948 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 4949 survey.sh]) 4950AC_OUTPUT 4951 4952# Print summary of options 4953 4954# Someone please show me a better way :) 4955A=`eval echo ${prefix}` ; A=`eval echo ${A}` 4956B=`eval echo ${bindir}` ; B=`eval echo ${B}` 4957C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 4958D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 4959E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 4960F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 4961G=`eval echo ${piddir}` ; G=`eval echo ${G}` 4962H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 4963I=`eval echo ${user_path}` ; I=`eval echo ${I}` 4964J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 4965 4966echo "" 4967echo "OpenSSH has been configured with the following options:" 4968echo " User binaries: $B" 4969echo " System binaries: $C" 4970echo " Configuration files: $D" 4971echo " Askpass program: $E" 4972echo " Manual pages: $F" 4973echo " PID file: $G" 4974echo " Privilege separation chroot path: $H" 4975if test "x$external_path_file" = "x/etc/login.conf" ; then 4976echo " At runtime, sshd will use the path defined in $external_path_file" 4977echo " Make sure the path to scp is present, otherwise scp will not work" 4978else 4979echo " sshd default user PATH: $I" 4980 if test ! -z "$external_path_file"; then 4981echo " (If PATH is set in $external_path_file it will be used instead. If" 4982echo " used, ensure the path to scp is present, otherwise scp will not work.)" 4983 fi 4984fi 4985if test ! -z "$superuser_path" ; then 4986echo " sshd superuser user PATH: $J" 4987fi 4988echo " Manpage format: $MANTYPE" 4989echo " PAM support: $PAM_MSG" 4990echo " OSF SIA support: $SIA_MSG" 4991echo " KerberosV support: $KRB5_MSG" 4992echo " SELinux support: $SELINUX_MSG" 4993echo " Smartcard support: $SCARD_MSG" 4994echo " S/KEY support: $SKEY_MSG" 4995echo " TCP Wrappers support: $TCPW_MSG" 4996echo " MD5 password support: $MD5_MSG" 4997echo " libedit support: $LIBEDIT_MSG" 4998echo " Solaris process contract support: $SPC_MSG" 4999echo " Solaris project support: $SP_MSG" 5000echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5001echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5002echo " BSD Auth support: $BSD_AUTH_MSG" 5003echo " Random number source: $RAND_MSG" 5004echo " Privsep sandbox style: $SANDBOX_STYLE" 5005 5006echo "" 5007 5008echo " Host: ${host}" 5009echo " Compiler: ${CC}" 5010echo " Compiler flags: ${CFLAGS}" 5011echo "Preprocessor flags: ${CPPFLAGS}" 5012echo " Linker flags: ${LDFLAGS}" 5013echo " Libraries: ${LIBS}" 5014if test ! -z "${SSHDLIBS}"; then 5015echo " +for sshd: ${SSHDLIBS}" 5016fi 5017if test ! -z "${SSHLIBS}"; then 5018echo " +for ssh: ${SSHLIBS}" 5019fi 5020 5021echo "" 5022 5023if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5024 echo "SVR4 style packages are supported with \"make package\"" 5025 echo "" 5026fi 5027 5028if test "x$PAM_MSG" = "xyes" ; then 5029 echo "PAM is enabled. You may need to install a PAM control file " 5030 echo "for sshd, otherwise password authentication may fail. " 5031 echo "Example PAM control files can be found in the contrib/ " 5032 echo "subdirectory" 5033 echo "" 5034fi 5035 5036if test ! -z "$NO_PEERCHECK" ; then 5037 echo "WARNING: the operating system that you are using does not" 5038 echo "appear to support getpeereid(), getpeerucred() or the" 5039 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5040 echo "enforce security checks to prevent unauthorised connections to" 5041 echo "ssh-agent. Their absence increases the risk that a malicious" 5042 echo "user can connect to your agent." 5043 echo "" 5044fi 5045 5046if test "$AUDIT_MODULE" = "bsm" ; then 5047 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5048 echo "See the Solaris section in README.platform for details." 5049fi 5050