1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADERS([config.h]) 22AC_PROG_CC([cc gcc]) 23 24# XXX relax this after reimplementing logit() etc. 25AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 26AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 27int f(int a, int b, int c) { return a + b + c; } 28#define F(a, ...) f(a, __VA_ARGS__) 29]], [[return F(1, 2, -3);]])], 30 [ AC_MSG_RESULT([yes]) ], 31 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 32) 33 34AC_CANONICAL_HOST 35AC_C_BIGENDIAN 36 37# Checks for programs. 38AC_PROG_AWK 39AC_PROG_CPP 40AC_PROG_RANLIB 41AC_PROG_INSTALL 42AC_PROG_EGREP 43AC_PROG_MKDIR_P 44AC_CHECK_TOOLS([AR], [ar]) 45AC_PATH_PROG([CAT], [cat]) 46AC_PATH_PROG([KILL], [kill]) 47AC_PATH_PROG([SED], [sed]) 48AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 49AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 50AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 51AC_PATH_PROG([SH], [sh]) 52AC_PATH_PROG([GROFF], [groff]) 53AC_PATH_PROG([NROFF], [nroff awf]) 54AC_PATH_PROG([MANDOC], [mandoc]) 55AC_SUBST([TEST_SHELL], [sh]) 56 57dnl select manpage formatter to be used to build "cat" format pages. 58if test "x$MANDOC" != "x" ; then 59 MANFMT="$MANDOC" 60elif test "x$NROFF" != "x" ; then 61 MANFMT="$NROFF -mandoc" 62elif test "x$GROFF" != "x" ; then 63 MANFMT="$GROFF -mandoc -Tascii" 64else 65 AC_MSG_WARN([no manpage formatter found]) 66 MANFMT="false" 67fi 68AC_SUBST([MANFMT]) 69 70dnl for buildpkg.sh 71AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 72 [/usr/sbin${PATH_SEPARATOR}/etc]) 73AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 74 [/usr/sbin${PATH_SEPARATOR}/etc]) 75AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 76if test -x /sbin/sh; then 77 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 78else 79 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 80fi 81 82# System features 83AC_SYS_LARGEFILE 84 85if test -z "$AR" ; then 86 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 87fi 88 89AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 90if test ! -z "$PATH_PASSWD_PROG" ; then 91 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 92 [Full path of your "passwd" program]) 93fi 94 95dnl Since autoconf doesn't support it very well, we no longer allow users to 96dnl override LD, however keeping the hook here for now in case there's a use 97dnl use case we overlooked and someone needs to re-enable it. Unless a good 98dnl reason is found we'll be removing this in future. 99LD="$CC" 100AC_SUBST([LD]) 101 102AC_C_INLINE 103 104AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 105AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 106AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 107 #include <sys/types.h> 108 #include <sys/param.h> 109 #include <dev/systrace.h> 110]) 111AC_CHECK_DECL([RLIMIT_NPROC], 112 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 113 #include <sys/types.h> 114 #include <sys/resource.h> 115]) 116AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 117 #include <sys/types.h> 118 #include <linux/prctl.h> 119]) 120 121openssl=yes 122AC_ARG_WITH([openssl], 123 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 124 [ if test "x$withval" = "xno" ; then 125 openssl=no 126 fi 127 ] 128) 129AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 130if test "x$openssl" = "xyes" ; then 131 AC_MSG_RESULT([yes]) 132 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 133else 134 AC_MSG_RESULT([no]) 135fi 136 137use_stack_protector=1 138use_toolchain_hardening=1 139AC_ARG_WITH([stackprotect], 140 [ --without-stackprotect Don't use compiler's stack protection], [ 141 if test "x$withval" = "xno"; then 142 use_stack_protector=0 143 fi ]) 144AC_ARG_WITH([hardening], 145 [ --without-hardening Don't use toolchain hardening flags], [ 146 if test "x$withval" = "xno"; then 147 use_toolchain_hardening=0 148 fi ]) 149 150# We use -Werror for the tests only so that we catch warnings like "this is 151# on by default" for things like -fPIE. 152AC_MSG_CHECKING([if $CC supports -Werror]) 153saved_CFLAGS="$CFLAGS" 154CFLAGS="$CFLAGS -Werror" 155AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 156 [ AC_MSG_RESULT([yes]) 157 WERROR="-Werror"], 158 [ AC_MSG_RESULT([no]) 159 WERROR="" ] 160) 161CFLAGS="$saved_CFLAGS" 162 163if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 164 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 167 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 169 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 170 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 171 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 172 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 173 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 174 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 175 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 178 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 179 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 180 if test "x$use_toolchain_hardening" = "x1"; then 181 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 182 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 183 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 184 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 185 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 186 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 187 # NB. -ftrapv expects certain support functions to be present in 188 # the compiler library (libgcc or similar) to detect integer operations 189 # that can overflow. We must check that the result of enabling it 190 # actually links. The test program compiled/linked includes a number 191 # of integer operations that should exercise this. 192 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 193 fi 194 AC_MSG_CHECKING([gcc version]) 195 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 196 case $GCC_VER in 197 1.*) no_attrib_nonnull=1 ;; 198 2.8* | 2.9*) 199 no_attrib_nonnull=1 200 ;; 201 2.*) no_attrib_nonnull=1 ;; 202 *) ;; 203 esac 204 AC_MSG_RESULT([$GCC_VER]) 205 206 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 207 saved_CFLAGS="$CFLAGS" 208 CFLAGS="$CFLAGS -fno-builtin-memset" 209 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 210 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 211 [ AC_MSG_RESULT([yes]) ], 212 [ AC_MSG_RESULT([no]) 213 CFLAGS="$saved_CFLAGS" ] 214 ) 215 216 # -fstack-protector-all doesn't always work for some GCC versions 217 # and/or platforms, so we test if we can. If it's not supported 218 # on a given platform gcc will emit a warning so we use -Werror. 219 if test "x$use_stack_protector" = "x1"; then 220 for t in -fstack-protector-strong -fstack-protector-all \ 221 -fstack-protector; do 222 AC_MSG_CHECKING([if $CC supports $t]) 223 saved_CFLAGS="$CFLAGS" 224 saved_LDFLAGS="$LDFLAGS" 225 CFLAGS="$CFLAGS $t -Werror" 226 LDFLAGS="$LDFLAGS $t -Werror" 227 AC_LINK_IFELSE( 228 [AC_LANG_PROGRAM([[ 229 #include <stdio.h> 230 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 231 ]], 232 [[ 233 char x[256]; 234 snprintf(x, sizeof(x), "XXX%d", func(1)); 235 ]])], 236 [ AC_MSG_RESULT([yes]) 237 CFLAGS="$saved_CFLAGS $t" 238 LDFLAGS="$saved_LDFLAGS $t" 239 AC_MSG_CHECKING([if $t works]) 240 AC_RUN_IFELSE( 241 [AC_LANG_PROGRAM([[ 242 #include <stdio.h> 243 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 244 ]], 245 [[ 246 char x[256]; 247 snprintf(x, sizeof(x), "XXX%d", func(1)); 248 ]])], 249 [ AC_MSG_RESULT([yes]) 250 break ], 251 [ AC_MSG_RESULT([no]) ], 252 [ AC_MSG_WARN([cross compiling: cannot test]) 253 break ] 254 ) 255 ], 256 [ AC_MSG_RESULT([no]) ] 257 ) 258 CFLAGS="$saved_CFLAGS" 259 LDFLAGS="$saved_LDFLAGS" 260 done 261 fi 262 263 if test -z "$have_llong_max"; then 264 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 265 unset ac_cv_have_decl_LLONG_MAX 266 saved_CFLAGS="$CFLAGS" 267 CFLAGS="$CFLAGS -std=gnu99" 268 AC_CHECK_DECL([LLONG_MAX], 269 [have_llong_max=1], 270 [CFLAGS="$saved_CFLAGS"], 271 [#include <limits.h>] 272 ) 273 fi 274fi 275 276AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 277AC_COMPILE_IFELSE( 278 [AC_LANG_PROGRAM([[ 279#include <stdlib.h> 280__attribute__((__unused__)) static void foo(void){return;}]], 281 [[ exit(0); ]])], 282 [ AC_MSG_RESULT([yes]) ], 283 [ AC_MSG_RESULT([no]) 284 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 285 [compiler does not accept __attribute__ on return types]) ] 286) 287 288AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 289AC_COMPILE_IFELSE( 290 [AC_LANG_PROGRAM([[ 291#include <stdlib.h> 292typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 293 [[ exit(0); ]])], 294 [ AC_MSG_RESULT([yes]) ], 295 [ AC_MSG_RESULT([no]) 296 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 297 [compiler does not accept __attribute__ on prototype args]) ] 298) 299 300AC_MSG_CHECKING([if compiler supports variable length arrays]) 301AC_COMPILE_IFELSE( 302 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 303 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 304 [ AC_MSG_RESULT([yes]) 305 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 306 [compiler supports variable length arrays]) ], 307 [ AC_MSG_RESULT([no]) ] 308) 309 310AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 311AC_COMPILE_IFELSE( 312 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 313 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 314 [ AC_MSG_RESULT([yes]) 315 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 316 [compiler variable declarations after code]) ], 317 [ AC_MSG_RESULT([no]) ] 318) 319 320if test "x$no_attrib_nonnull" != "x1" ; then 321 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 322fi 323 324AC_ARG_WITH([rpath], 325 [ --without-rpath Disable auto-added -R linker paths], 326 [ 327 if test "x$withval" = "xno" ; then 328 rpath_opt="" 329 elif test "x$withval" = "xyes" ; then 330 rpath_opt="-R" 331 else 332 rpath_opt="$withval" 333 fi 334 ] 335) 336 337# Allow user to specify flags 338AC_ARG_WITH([cflags], 339 [ --with-cflags Specify additional flags to pass to compiler], 340 [ 341 if test -n "$withval" && test "x$withval" != "xno" && \ 342 test "x${withval}" != "xyes"; then 343 CFLAGS="$CFLAGS $withval" 344 fi 345 ] 346) 347 348AC_ARG_WITH([cflags-after], 349 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 350 [ 351 if test -n "$withval" && test "x$withval" != "xno" && \ 352 test "x${withval}" != "xyes"; then 353 CFLAGS_AFTER="$withval" 354 fi 355 ] 356) 357AC_ARG_WITH([cppflags], 358 [ --with-cppflags Specify additional flags to pass to preprocessor] , 359 [ 360 if test -n "$withval" && test "x$withval" != "xno" && \ 361 test "x${withval}" != "xyes"; then 362 CPPFLAGS="$CPPFLAGS $withval" 363 fi 364 ] 365) 366AC_ARG_WITH([ldflags], 367 [ --with-ldflags Specify additional flags to pass to linker], 368 [ 369 if test -n "$withval" && test "x$withval" != "xno" && \ 370 test "x${withval}" != "xyes"; then 371 LDFLAGS="$LDFLAGS $withval" 372 fi 373 ] 374) 375AC_ARG_WITH([ldflags-after], 376 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 377 [ 378 if test -n "$withval" && test "x$withval" != "xno" && \ 379 test "x${withval}" != "xyes"; then 380 LDFLAGS_AFTER="$withval" 381 fi 382 ] 383) 384AC_ARG_WITH([libs], 385 [ --with-libs Specify additional libraries to link with], 386 [ 387 if test -n "$withval" && test "x$withval" != "xno" && \ 388 test "x${withval}" != "xyes"; then 389 LIBS="$LIBS $withval" 390 fi 391 ] 392) 393AC_ARG_WITH([Werror], 394 [ --with-Werror Build main code with -Werror], 395 [ 396 if test -n "$withval" && test "x$withval" != "xno"; then 397 werror_flags="-Werror" 398 if test "x${withval}" != "xyes"; then 399 werror_flags="$withval" 400 fi 401 fi 402 ] 403) 404 405AC_CHECK_HEADERS([ \ 406 blf.h \ 407 bstring.h \ 408 crypt.h \ 409 crypto/sha2.h \ 410 dirent.h \ 411 endian.h \ 412 elf.h \ 413 err.h \ 414 features.h \ 415 fcntl.h \ 416 floatingpoint.h \ 417 fnmatch.h \ 418 getopt.h \ 419 glob.h \ 420 ia.h \ 421 iaf.h \ 422 ifaddrs.h \ 423 inttypes.h \ 424 langinfo.h \ 425 limits.h \ 426 locale.h \ 427 login.h \ 428 maillock.h \ 429 ndir.h \ 430 net/if_tun.h \ 431 netdb.h \ 432 netgroup.h \ 433 pam/pam_appl.h \ 434 paths.h \ 435 poll.h \ 436 pty.h \ 437 readpassphrase.h \ 438 rpc/types.h \ 439 security/pam_appl.h \ 440 sha2.h \ 441 shadow.h \ 442 stddef.h \ 443 stdint.h \ 444 string.h \ 445 strings.h \ 446 sys/bitypes.h \ 447 sys/byteorder.h \ 448 sys/bsdtty.h \ 449 sys/cdefs.h \ 450 sys/dir.h \ 451 sys/file.h \ 452 sys/mman.h \ 453 sys/label.h \ 454 sys/ndir.h \ 455 sys/poll.h \ 456 sys/prctl.h \ 457 sys/pstat.h \ 458 sys/ptrace.h \ 459 sys/random.h \ 460 sys/select.h \ 461 sys/stat.h \ 462 sys/stream.h \ 463 sys/stropts.h \ 464 sys/strtio.h \ 465 sys/statvfs.h \ 466 sys/sysmacros.h \ 467 sys/time.h \ 468 sys/timers.h \ 469 sys/vfs.h \ 470 time.h \ 471 tmpdir.h \ 472 ttyent.h \ 473 ucred.h \ 474 unistd.h \ 475 usersec.h \ 476 util.h \ 477 utime.h \ 478 utmp.h \ 479 utmpx.h \ 480 vis.h \ 481 wchar.h \ 482]) 483 484# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 485# to be included first. 486AC_CHECK_HEADERS([sys/audit.h], [], [], [ 487#ifdef HAVE_SYS_TIME_H 488# include <sys/time.h> 489#endif 490#ifdef HAVE_SYS_TYPES_H 491# include <sys/types.h> 492#endif 493#ifdef HAVE_SYS_LABEL_H 494# include <sys/label.h> 495#endif 496]) 497 498# sys/capsicum.h requires sys/types.h 499AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 500#ifdef HAVE_SYS_TYPES_H 501# include <sys/types.h> 502#endif 503]) 504 505# net/route.h requires sys/socket.h and sys/types.h. 506# sys/sysctl.h also requires sys/param.h 507AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 508#ifdef HAVE_SYS_TYPES_H 509# include <sys/types.h> 510#endif 511#include <sys/param.h> 512#include <sys/socket.h> 513]) 514 515# lastlog.h requires sys/time.h to be included first on Solaris 516AC_CHECK_HEADERS([lastlog.h], [], [], [ 517#ifdef HAVE_SYS_TIME_H 518# include <sys/time.h> 519#endif 520]) 521 522# sys/ptms.h requires sys/stream.h to be included first on Solaris 523AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 524#ifdef HAVE_SYS_STREAM_H 525# include <sys/stream.h> 526#endif 527]) 528 529# login_cap.h requires sys/types.h on NetBSD 530AC_CHECK_HEADERS([login_cap.h], [], [], [ 531#include <sys/types.h> 532]) 533 534# older BSDs need sys/param.h before sys/mount.h 535AC_CHECK_HEADERS([sys/mount.h], [], [], [ 536#include <sys/param.h> 537]) 538 539# Android requires sys/socket.h to be included before sys/un.h 540AC_CHECK_HEADERS([sys/un.h], [], [], [ 541#include <sys/types.h> 542#include <sys/socket.h> 543]) 544 545# Messages for features tested for in target-specific section 546SIA_MSG="no" 547SPC_MSG="no" 548SP_MSG="no" 549SPP_MSG="no" 550 551# Support for Solaris/Illumos privileges (this test is used by both 552# the --with-solaris-privs option and --with-sandbox=solaris). 553SOLARIS_PRIVS="no" 554 555# Check for some target-specific stuff 556case "$host" in 557*-*-aix*) 558 # Some versions of VAC won't allow macro redefinitions at 559 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 560 # particularly with older versions of vac or xlc. 561 # It also throws errors about null macro arguments, but these are 562 # not fatal. 563 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 564 AC_COMPILE_IFELSE( 565 [AC_LANG_PROGRAM([[ 566#define testmacro foo 567#define testmacro bar]], 568 [[ exit(0); ]])], 569 [ AC_MSG_RESULT([yes]) ], 570 [ AC_MSG_RESULT([no]) 571 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 572 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 573 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 574 ] 575 ) 576 577 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 578 if (test -z "$blibpath"); then 579 blibpath="/usr/lib:/lib" 580 fi 581 saved_LDFLAGS="$LDFLAGS" 582 if test "$GCC" = "yes"; then 583 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 584 else 585 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 586 fi 587 for tryflags in $flags ;do 588 if (test -z "$blibflags"); then 589 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 590 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 591 [blibflags=$tryflags], []) 592 fi 593 done 594 if (test -z "$blibflags"); then 595 AC_MSG_RESULT([not found]) 596 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 597 else 598 AC_MSG_RESULT([$blibflags]) 599 fi 600 LDFLAGS="$saved_LDFLAGS" 601 dnl Check for authenticate. Might be in libs.a on older AIXes 602 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 603 [Define if you want to enable AIX4's authenticate function])], 604 [AC_CHECK_LIB([s], [authenticate], 605 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 606 LIBS="$LIBS -ls" 607 ]) 608 ]) 609 dnl Check for various auth function declarations in headers. 610 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 611 passwdexpired, setauthdb], , , [#include <usersec.h>]) 612 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 613 AC_CHECK_DECLS([loginfailed], 614 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 615 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 616 [[ (void)loginfailed("user","host","tty",0); ]])], 617 [AC_MSG_RESULT([yes]) 618 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 619 [Define if your AIX loginfailed() function 620 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 621 ])], 622 [], 623 [#include <usersec.h>] 624 ) 625 AC_CHECK_FUNCS([getgrset setauthdb]) 626 AC_CHECK_DECL([F_CLOSEM], 627 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 628 [], 629 [ #include <limits.h> 630 #include <fcntl.h> ] 631 ) 632 check_for_aix_broken_getaddrinfo=1 633 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 634 [Define if your platform breaks doing a seteuid before a setuid]) 635 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 636 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 637 dnl AIX handles lastlog as part of its login message 638 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 639 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 640 [Some systems need a utmpx entry for /bin/login to work]) 641 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 642 [Define to a Set Process Title type if your system is 643 supported by bsd-setproctitle.c]) 644 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 645 [AIX 5.2 and 5.3 (and presumably newer) require this]) 646 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 647 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 648 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 649 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 650 ;; 651*-*-android*) 652 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 653 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 654 ;; 655*-*-cygwin*) 656 check_for_libcrypt_later=1 657 LIBS="$LIBS /usr/lib/textreadmode.o" 658 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 659 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 660 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 661 [Define to disable UID restoration test]) 662 AC_DEFINE([DISABLE_SHADOW], [1], 663 [Define if you want to disable shadow passwords]) 664 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 665 [Define if X11 doesn't support AF_UNIX sockets on that system]) 666 AC_DEFINE([DISABLE_FD_PASSING], [1], 667 [Define if your platform needs to skip post auth 668 file descriptor passing]) 669 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 670 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 671 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 672 # reasons which cause compile warnings, so we disable those warnings. 673 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 674 ;; 675*-*-dgux*) 676 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 677 [Define if your system choked on IP TOS setting]) 678 AC_DEFINE([SETEUID_BREAKS_SETUID]) 679 AC_DEFINE([BROKEN_SETREUID]) 680 AC_DEFINE([BROKEN_SETREGID]) 681 ;; 682*-*-darwin*) 683 use_pie=auto 684 AC_MSG_CHECKING([if we have working getaddrinfo]) 685 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 686#include <mach-o/dyld.h> 687#include <stdlib.h> 688main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 689 exit(0); 690 else 691 exit(1); 692} 693 ]])], 694 [AC_MSG_RESULT([working])], 695 [AC_MSG_RESULT([buggy]) 696 AC_DEFINE([BROKEN_GETADDRINFO], [1], 697 [getaddrinfo is broken (if present)]) 698 ], 699 [AC_MSG_RESULT([assume it is working])]) 700 AC_DEFINE([SETEUID_BREAKS_SETUID]) 701 AC_DEFINE([BROKEN_SETREUID]) 702 AC_DEFINE([BROKEN_SETREGID]) 703 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 704 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 705 [Define if your resolver libs need this for getrrsetbyname]) 706 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 707 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 708 [Use tunnel device compatibility to OpenBSD]) 709 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 710 [Prepend the address family to IP tunnel traffic]) 711 m4_pattern_allow([AU_IPv]) 712 AC_CHECK_DECL([AU_IPv4], [], 713 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 714 [#include <bsm/audit.h>] 715 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 716 [Define if pututxline updates lastlog too]) 717 ) 718 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 719 [Define to a Set Process Title type if your system is 720 supported by bsd-setproctitle.c]) 721 AC_CHECK_FUNCS([sandbox_init]) 722 AC_CHECK_HEADERS([sandbox.h]) 723 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 724 SSHDLIBS="$SSHDLIBS -lsandbox" 725 ]) 726 # proc_pidinfo()-based closefrom() replacement. 727 AC_CHECK_HEADERS([libproc.h]) 728 AC_CHECK_FUNCS([proc_pidinfo]) 729 ;; 730*-*-dragonfly*) 731 SSHDLIBS="$SSHDLIBS -lcrypt" 732 TEST_MALLOC_OPTIONS="AFGJPRX" 733 ;; 734*-*-haiku*) 735 LIBS="$LIBS -lbsd " 736 CFLAGS="$CFLAGS -D_BSD_SOURCE" 737 AC_CHECK_LIB([network], [socket]) 738 AC_DEFINE([HAVE_U_INT64_T]) 739 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 740 MANTYPE=man 741 ;; 742*-*-hpux*) 743 # first we define all of the options common to all HP-UX releases 744 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 745 IPADDR_IN_DISPLAY=yes 746 AC_DEFINE([USE_PIPES]) 747 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 748 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 749 [String used in /etc/passwd to denote locked account]) 750 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 751 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 752 maildir="/var/mail" 753 LIBS="$LIBS -lsec" 754 AC_CHECK_LIB([xnet], [t_error], , 755 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 756 757 # next, we define all of the options specific to major releases 758 case "$host" in 759 *-*-hpux10*) 760 if test -z "$GCC"; then 761 CFLAGS="$CFLAGS -Ae" 762 fi 763 ;; 764 *-*-hpux11*) 765 AC_DEFINE([PAM_SUN_CODEBASE], [1], 766 [Define if you are using Solaris-derived PAM which 767 passes pam_messages to the conversation function 768 with an extra level of indirection]) 769 AC_DEFINE([DISABLE_UTMP], [1], 770 [Define if you don't want to use utmp]) 771 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 772 check_for_hpux_broken_getaddrinfo=1 773 check_for_conflicting_getspnam=1 774 ;; 775 esac 776 777 # lastly, we define options specific to minor releases 778 case "$host" in 779 *-*-hpux10.26) 780 AC_DEFINE([HAVE_SECUREWARE], [1], 781 [Define if you have SecureWare-based 782 protected password database]) 783 disable_ptmx_check=yes 784 LIBS="$LIBS -lsecpw" 785 ;; 786 esac 787 ;; 788*-*-irix5*) 789 PATH="$PATH:/usr/etc" 790 AC_DEFINE([BROKEN_INET_NTOA], [1], 791 [Define if you system's inet_ntoa is busted 792 (e.g. Irix gcc issue)]) 793 AC_DEFINE([SETEUID_BREAKS_SETUID]) 794 AC_DEFINE([BROKEN_SETREUID]) 795 AC_DEFINE([BROKEN_SETREGID]) 796 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 797 [Define if you shouldn't strip 'tty' from your 798 ttyname in [uw]tmp]) 799 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 800 ;; 801*-*-irix6*) 802 PATH="$PATH:/usr/etc" 803 AC_DEFINE([WITH_IRIX_ARRAY], [1], 804 [Define if you have/want arrays 805 (cluster-wide session management, not C arrays)]) 806 AC_DEFINE([WITH_IRIX_PROJECT], [1], 807 [Define if you want IRIX project management]) 808 AC_DEFINE([WITH_IRIX_AUDIT], [1], 809 [Define if you want IRIX audit trails]) 810 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 811 [Define if you want IRIX kernel jobs])]) 812 AC_DEFINE([BROKEN_INET_NTOA]) 813 AC_DEFINE([SETEUID_BREAKS_SETUID]) 814 AC_DEFINE([BROKEN_SETREUID]) 815 AC_DEFINE([BROKEN_SETREGID]) 816 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 817 AC_DEFINE([WITH_ABBREV_NO_TTY]) 818 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 819 ;; 820*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 821 check_for_libcrypt_later=1 822 AC_DEFINE([PAM_TTY_KLUDGE]) 823 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 824 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 825 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 826 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 827 ;; 828*-*-linux*) 829 no_dev_ptmx=1 830 use_pie=auto 831 check_for_libcrypt_later=1 832 check_for_openpty_ctty_bug=1 833 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 834 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 835 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 836 AC_DEFINE([PAM_TTY_KLUDGE], [1], 837 [Work around problematic Linux PAM modules handling of PAM_TTY]) 838 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 839 [String used in /etc/passwd to denote locked account]) 840 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 841 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 842 [Define to whatever link() returns for "not supported" 843 if it doesn't return EOPNOTSUPP.]) 844 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 845 AC_DEFINE([USE_BTMP]) 846 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 847 inet6_default_4in6=yes 848 case `uname -r` in 849 1.*|2.0.*) 850 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 851 [Define if cmsg_type is not passed correctly]) 852 ;; 853 esac 854 # tun(4) forwarding compat code 855 AC_CHECK_HEADERS([linux/if_tun.h]) 856 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 857 AC_DEFINE([SSH_TUN_LINUX], [1], 858 [Open tunnel devices the Linux tun/tap way]) 859 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 860 [Use tunnel device compatibility to OpenBSD]) 861 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 862 [Prepend the address family to IP tunnel traffic]) 863 fi 864 AC_CHECK_HEADER([linux/if.h], 865 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 866 [Support routing domains using Linux VRF]), [], [ 867#ifdef HAVE_SYS_TYPES_H 868# include <sys/types.h> 869#endif 870 ]) 871 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 872 [], [#include <linux/types.h>]) 873 # Obtain MIPS ABI 874 case "$host" in 875 mips*) 876 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 877#if _MIPS_SIM != _ABIO32 878#error 879#endif 880 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 881#if _MIPS_SIM != _ABIN32 882#error 883#endif 884 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 885#if _MIPS_SIM != _ABI64 886#error 887#endif 888 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 889 ]) 890 ]) 891 ]) 892 ;; 893 esac 894 AC_MSG_CHECKING([for seccomp architecture]) 895 seccomp_audit_arch= 896 case "$host" in 897 x86_64-*) 898 seccomp_audit_arch=AUDIT_ARCH_X86_64 899 ;; 900 i*86-*) 901 seccomp_audit_arch=AUDIT_ARCH_I386 902 ;; 903 arm*-*) 904 seccomp_audit_arch=AUDIT_ARCH_ARM 905 ;; 906 aarch64*-*) 907 seccomp_audit_arch=AUDIT_ARCH_AARCH64 908 ;; 909 s390x-*) 910 seccomp_audit_arch=AUDIT_ARCH_S390X 911 ;; 912 s390-*) 913 seccomp_audit_arch=AUDIT_ARCH_S390 914 ;; 915 powerpc64-*) 916 seccomp_audit_arch=AUDIT_ARCH_PPC64 917 ;; 918 powerpc64le-*) 919 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 920 ;; 921 mips-*) 922 seccomp_audit_arch=AUDIT_ARCH_MIPS 923 ;; 924 mipsel-*) 925 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 926 ;; 927 mips64-*) 928 case "$mips_abi" in 929 "n32") 930 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 931 ;; 932 "n64") 933 seccomp_audit_arch=AUDIT_ARCH_MIPS64 934 ;; 935 esac 936 ;; 937 mips64el-*) 938 case "$mips_abi" in 939 "n32") 940 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 941 ;; 942 "n64") 943 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 944 ;; 945 esac 946 ;; 947 riscv64-*) 948 seccomp_audit_arch=AUDIT_ARCH_RISCV64 949 ;; 950 esac 951 if test "x$seccomp_audit_arch" != "x" ; then 952 AC_MSG_RESULT(["$seccomp_audit_arch"]) 953 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 954 [Specify the system call convention in use]) 955 else 956 AC_MSG_RESULT([architecture not supported]) 957 fi 958 ;; 959mips-sony-bsd|mips-sony-newsos4) 960 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 961 SONY=1 962 ;; 963*-*-netbsd*) 964 check_for_libcrypt_before=1 965 if test "x$withval" != "xno" ; then 966 rpath_opt="-R" 967 fi 968 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 969 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 970 AC_CHECK_HEADER([net/if_tap.h], , 971 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 972 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 973 [Prepend the address family to IP tunnel traffic]) 974 TEST_MALLOC_OPTIONS="AJRX" 975 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 976 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 977 ;; 978*-*-freebsd*) 979 check_for_libcrypt_later=1 980 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 981 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 982 AC_CHECK_HEADER([net/if_tap.h], , 983 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 984 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 985 TEST_MALLOC_OPTIONS="AJRX" 986 # Preauth crypto occasionally uses file descriptors for crypto offload 987 # and will crash if they cannot be opened. 988 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 989 [define if setrlimit RLIMIT_NOFILE breaks things]) 990 ;; 991*-*-bsdi*) 992 AC_DEFINE([SETEUID_BREAKS_SETUID]) 993 AC_DEFINE([BROKEN_SETREUID]) 994 AC_DEFINE([BROKEN_SETREGID]) 995 ;; 996*-next-*) 997 conf_lastlog_location="/usr/adm/lastlog" 998 conf_utmp_location=/etc/utmp 999 conf_wtmp_location=/usr/adm/wtmp 1000 maildir=/usr/spool/mail 1001 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1002 AC_DEFINE([USE_PIPES]) 1003 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1004 ;; 1005*-*-openbsd*) 1006 use_pie=auto 1007 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1008 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1009 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1010 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1011 [syslog_r function is safe to use in in a signal handler]) 1012 TEST_MALLOC_OPTIONS="AFGJPRX" 1013 ;; 1014*-*-solaris*) 1015 if test "x$withval" != "xno" ; then 1016 rpath_opt="-R" 1017 fi 1018 AC_DEFINE([PAM_SUN_CODEBASE]) 1019 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1020 AC_DEFINE([PAM_TTY_KLUDGE]) 1021 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1022 [Define if pam_chauthtok wants real uid set 1023 to the unpriv'ed user]) 1024 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1025 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1026 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1027 [Define if sshd somehow reacquires a controlling TTY 1028 after setsid()]) 1029 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1030 in case the name is longer than 8 chars]) 1031 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1032 external_path_file=/etc/default/login 1033 # hardwire lastlog location (can't detect it on some versions) 1034 conf_lastlog_location="/var/adm/lastlog" 1035 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1036 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1037 if test "$sol2ver" -ge 8; then 1038 AC_MSG_RESULT([yes]) 1039 AC_DEFINE([DISABLE_UTMP]) 1040 AC_DEFINE([DISABLE_WTMP], [1], 1041 [Define if you don't want to use wtmp]) 1042 else 1043 AC_MSG_RESULT([no]) 1044 fi 1045 AC_CHECK_FUNCS([setpflags]) 1046 AC_CHECK_FUNCS([setppriv]) 1047 AC_CHECK_FUNCS([priv_basicset]) 1048 AC_CHECK_HEADERS([priv.h]) 1049 AC_ARG_WITH([solaris-contracts], 1050 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1051 [ 1052 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1053 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1054 [Define if you have Solaris process contracts]) 1055 LIBS="$LIBS -lcontract" 1056 SPC_MSG="yes" ], ) 1057 ], 1058 ) 1059 AC_ARG_WITH([solaris-projects], 1060 [ --with-solaris-projects Enable Solaris projects (experimental)], 1061 [ 1062 AC_CHECK_LIB([project], [setproject], 1063 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1064 [Define if you have Solaris projects]) 1065 LIBS="$LIBS -lproject" 1066 SP_MSG="yes" ], ) 1067 ], 1068 ) 1069 AC_ARG_WITH([solaris-privs], 1070 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1071 [ 1072 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1073 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1074 "x$ac_cv_header_priv_h" = "xyes" ; then 1075 SOLARIS_PRIVS=yes 1076 AC_MSG_RESULT([found]) 1077 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1078 [Define to disable UID restoration test]) 1079 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1080 [Define if you have Solaris privileges]) 1081 SPP_MSG="yes" 1082 else 1083 AC_MSG_RESULT([not found]) 1084 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1085 fi 1086 ], 1087 ) 1088 TEST_SHELL=$SHELL # let configure find us a capable shell 1089 ;; 1090*-*-sunos4*) 1091 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1092 AC_CHECK_FUNCS([getpwanam]) 1093 AC_DEFINE([PAM_SUN_CODEBASE]) 1094 conf_utmp_location=/etc/utmp 1095 conf_wtmp_location=/var/adm/wtmp 1096 conf_lastlog_location=/var/adm/lastlog 1097 AC_DEFINE([USE_PIPES]) 1098 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1099 ;; 1100*-ncr-sysv*) 1101 LIBS="$LIBS -lc89" 1102 AC_DEFINE([USE_PIPES]) 1103 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1104 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1105 AC_DEFINE([BROKEN_SETREUID]) 1106 AC_DEFINE([BROKEN_SETREGID]) 1107 ;; 1108*-sni-sysv*) 1109 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1110 AC_CHECK_LIB([dl], [dlsym], ,) 1111 # -lresolv needs to be at the end of LIBS or DNS lookups break 1112 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1113 IPADDR_IN_DISPLAY=yes 1114 AC_DEFINE([USE_PIPES]) 1115 AC_DEFINE([IP_TOS_IS_BROKEN]) 1116 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1117 AC_DEFINE([BROKEN_SETREUID]) 1118 AC_DEFINE([BROKEN_SETREGID]) 1119 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1120 external_path_file=/etc/default/login 1121 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1122 # Attention: always take care to bind libsocket and libnsl before libc, 1123 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1124 ;; 1125# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1126*-*-sysv4.2*) 1127 AC_DEFINE([USE_PIPES]) 1128 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1129 AC_DEFINE([BROKEN_SETREUID]) 1130 AC_DEFINE([BROKEN_SETREGID]) 1131 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1132 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1133 TEST_SHELL=$SHELL # let configure find us a capable shell 1134 ;; 1135# UnixWare 7.x, OpenUNIX 8 1136*-*-sysv5*) 1137 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1138 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1139 AC_DEFINE([USE_PIPES]) 1140 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1141 AC_DEFINE([BROKEN_GETADDRINFO]) 1142 AC_DEFINE([BROKEN_SETREUID]) 1143 AC_DEFINE([BROKEN_SETREGID]) 1144 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1145 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1146 TEST_SHELL=$SHELL # let configure find us a capable shell 1147 check_for_libcrypt_later=1 1148 case "$host" in 1149 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1150 maildir=/var/spool/mail 1151 AC_DEFINE([BROKEN_UPDWTMPX]) 1152 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1153 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1154 ], , ) 1155 ;; 1156 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1157 ;; 1158 esac 1159 ;; 1160*-*-sysv*) 1161 ;; 1162# SCO UNIX and OEM versions of SCO UNIX 1163*-*-sco3.2v4*) 1164 AC_MSG_ERROR("This Platform is no longer supported.") 1165 ;; 1166# SCO OpenServer 5.x 1167*-*-sco3.2v5*) 1168 if test -z "$GCC"; then 1169 CFLAGS="$CFLAGS -belf" 1170 fi 1171 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1172 no_dev_ptmx=1 1173 AC_DEFINE([USE_PIPES]) 1174 AC_DEFINE([HAVE_SECUREWARE]) 1175 AC_DEFINE([DISABLE_SHADOW]) 1176 AC_DEFINE([DISABLE_FD_PASSING]) 1177 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1178 AC_DEFINE([BROKEN_GETADDRINFO]) 1179 AC_DEFINE([BROKEN_SETREUID]) 1180 AC_DEFINE([BROKEN_SETREGID]) 1181 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1182 AC_DEFINE([BROKEN_UPDWTMPX]) 1183 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1184 AC_CHECK_FUNCS([getluid setluid]) 1185 MANTYPE=man 1186 TEST_SHELL=$SHELL # let configure find us a capable shell 1187 SKIP_DISABLE_LASTLOG_DEFINE=yes 1188 ;; 1189*-dec-osf*) 1190 AC_MSG_CHECKING([for Digital Unix SIA]) 1191 no_osfsia="" 1192 AC_ARG_WITH([osfsia], 1193 [ --with-osfsia Enable Digital Unix SIA], 1194 [ 1195 if test "x$withval" = "xno" ; then 1196 AC_MSG_RESULT([disabled]) 1197 no_osfsia=1 1198 fi 1199 ], 1200 ) 1201 if test -z "$no_osfsia" ; then 1202 if test -f /etc/sia/matrix.conf; then 1203 AC_MSG_RESULT([yes]) 1204 AC_DEFINE([HAVE_OSF_SIA], [1], 1205 [Define if you have Digital Unix Security 1206 Integration Architecture]) 1207 AC_DEFINE([DISABLE_LOGIN], [1], 1208 [Define if you don't want to use your 1209 system's login() call]) 1210 AC_DEFINE([DISABLE_FD_PASSING]) 1211 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1212 SIA_MSG="yes" 1213 else 1214 AC_MSG_RESULT([no]) 1215 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1216 [String used in /etc/passwd to denote locked account]) 1217 fi 1218 fi 1219 AC_DEFINE([BROKEN_GETADDRINFO]) 1220 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1221 AC_DEFINE([BROKEN_SETREUID]) 1222 AC_DEFINE([BROKEN_SETREGID]) 1223 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1224 ;; 1225 1226*-*-nto-qnx*) 1227 AC_DEFINE([USE_PIPES]) 1228 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1229 AC_DEFINE([DISABLE_LASTLOG]) 1230 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1231 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1232 enable_etc_default_login=no # has incompatible /etc/default/login 1233 case "$host" in 1234 *-*-nto-qnx6*) 1235 AC_DEFINE([DISABLE_FD_PASSING]) 1236 ;; 1237 esac 1238 ;; 1239 1240*-*-ultrix*) 1241 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1242 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1243 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1244 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1245 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1246 # don't get a controlling tty. 1247 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1248 # On Ultrix some headers are not protected against multiple includes, 1249 # so we create wrappers and put it where the compiler will find it. 1250 AC_MSG_WARN([creating compat wrappers for headers]) 1251 mkdir -p netinet 1252 for header in netinet/ip.h netdb.h resolv.h; do 1253 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1254 cat >$header <<EOD 1255#ifndef _SSH_COMPAT_${name} 1256#define _SSH_COMPAT_${name} 1257#include "/usr/include/${header}" 1258#endif 1259EOD 1260 done 1261 ;; 1262 1263*-*-lynxos) 1264 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1265 AC_DEFINE([BROKEN_SETVBUF], [1], 1266 [LynxOS has broken setvbuf() implementation]) 1267 ;; 1268esac 1269 1270AC_MSG_CHECKING([compiler and flags for sanity]) 1271AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1272 [ AC_MSG_RESULT([yes]) ], 1273 [ 1274 AC_MSG_RESULT([no]) 1275 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1276 ], 1277 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1278) 1279 1280dnl Checks for header files. 1281# Checks for libraries. 1282AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1283 1284dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1285AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1286 AC_CHECK_LIB([gen], [dirname], [ 1287 AC_CACHE_CHECK([for broken dirname], 1288 ac_cv_have_broken_dirname, [ 1289 save_LIBS="$LIBS" 1290 LIBS="$LIBS -lgen" 1291 AC_RUN_IFELSE( 1292 [AC_LANG_SOURCE([[ 1293#include <libgen.h> 1294#include <string.h> 1295#include <stdlib.h> 1296 1297int main(int argc, char **argv) { 1298 char *s, buf[32]; 1299 1300 strncpy(buf,"/etc", 32); 1301 s = dirname(buf); 1302 if (!s || strncmp(s, "/", 32) != 0) { 1303 exit(1); 1304 } else { 1305 exit(0); 1306 } 1307} 1308 ]])], 1309 [ ac_cv_have_broken_dirname="no" ], 1310 [ ac_cv_have_broken_dirname="yes" ], 1311 [ ac_cv_have_broken_dirname="no" ], 1312 ) 1313 LIBS="$save_LIBS" 1314 ]) 1315 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1316 LIBS="$LIBS -lgen" 1317 AC_DEFINE([HAVE_DIRNAME]) 1318 AC_CHECK_HEADERS([libgen.h]) 1319 fi 1320 ]) 1321]) 1322 1323AC_CHECK_FUNC([getspnam], , 1324 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1325AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1326 [Define if you have the basename function.])]) 1327 1328dnl zlib defaults to enabled 1329zlib=yes 1330AC_ARG_WITH([zlib], 1331 [ --with-zlib=PATH Use zlib in PATH], 1332 [ if test "x$withval" = "xno" ; then 1333 zlib=no 1334 elif test "x$withval" != "xyes"; then 1335 if test -d "$withval/lib"; then 1336 if test -n "${rpath_opt}"; then 1337 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1338 else 1339 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1340 fi 1341 else 1342 if test -n "${rpath_opt}"; then 1343 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1344 else 1345 LDFLAGS="-L${withval} ${LDFLAGS}" 1346 fi 1347 fi 1348 if test -d "$withval/include"; then 1349 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1350 else 1351 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1352 fi 1353 fi ] 1354) 1355 1356AC_MSG_CHECKING([for zlib]) 1357if test "x${zlib}" = "xno"; then 1358 AC_MSG_RESULT([no]) 1359else 1360 AC_MSG_RESULT([yes]) 1361 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1362 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1363 AC_CHECK_LIB([z], [deflate], , 1364 [ 1365 saved_CPPFLAGS="$CPPFLAGS" 1366 saved_LDFLAGS="$LDFLAGS" 1367 save_LIBS="$LIBS" 1368 dnl Check default zlib install dir 1369 if test -n "${rpath_opt}"; then 1370 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1371 else 1372 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1373 fi 1374 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1375 LIBS="$LIBS -lz" 1376 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1377 [ 1378 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1379 ] 1380 ) 1381 ] 1382 ) 1383 1384 AC_ARG_WITH([zlib-version-check], 1385 [ --without-zlib-version-check Disable zlib version check], 1386 [ if test "x$withval" = "xno" ; then 1387 zlib_check_nonfatal=1 1388 fi 1389 ] 1390 ) 1391 1392 AC_MSG_CHECKING([for possibly buggy zlib]) 1393 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1394#include <stdio.h> 1395#include <stdlib.h> 1396#include <zlib.h> 1397 ]], 1398 [[ 1399 int a=0, b=0, c=0, d=0, n, v; 1400 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1401 if (n != 3 && n != 4) 1402 exit(1); 1403 v = a*1000000 + b*10000 + c*100 + d; 1404 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1405 1406 /* 1.1.4 is OK */ 1407 if (a == 1 && b == 1 && c >= 4) 1408 exit(0); 1409 1410 /* 1.2.3 and up are OK */ 1411 if (v >= 1020300) 1412 exit(0); 1413 1414 exit(2); 1415 ]])], 1416 AC_MSG_RESULT([no]), 1417 [ AC_MSG_RESULT([yes]) 1418 if test -z "$zlib_check_nonfatal" ; then 1419 AC_MSG_ERROR([*** zlib too old - check config.log *** 1420Your reported zlib version has known security problems. It's possible your 1421vendor has fixed these problems without changing the version number. If you 1422are sure this is the case, you can disable the check by running 1423"./configure --without-zlib-version-check". 1424If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1425See http://www.gzip.org/zlib/ for details.]) 1426 else 1427 AC_MSG_WARN([zlib version may have security problems]) 1428 fi 1429 ], 1430 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1431 ) 1432fi 1433 1434dnl UnixWare 2.x 1435AC_CHECK_FUNC([strcasecmp], 1436 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1437) 1438AC_CHECK_FUNCS([utimes], 1439 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1440 LIBS="$LIBS -lc89"]) ] 1441) 1442 1443dnl Checks for libutil functions 1444AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1445AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1446AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1447AC_SEARCH_LIBS([login], [util bsd]) 1448AC_SEARCH_LIBS([logout], [util bsd]) 1449AC_SEARCH_LIBS([logwtmp], [util bsd]) 1450AC_SEARCH_LIBS([openpty], [util bsd]) 1451AC_SEARCH_LIBS([updwtmp], [util bsd]) 1452AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1453 1454# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1455# or libnsl. 1456AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1457AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1458 1459# Some Linux distribtions ship the BSD libc hashing functions in 1460# separate libraries. 1461AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1462 1463# "Particular Function Checks" 1464# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1465AC_FUNC_STRFTIME 1466AC_FUNC_MALLOC 1467AC_FUNC_REALLOC 1468# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1469AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1470AC_RUN_IFELSE( 1471 [AC_LANG_PROGRAM( 1472 [[ #include <stdlib.h> ]], 1473 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1474 )], 1475 [ func_calloc_0_nonnull=yes ], 1476 [ func_calloc_0_nonnull=no ], 1477 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1478 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1479) 1480AC_MSG_RESULT([$func_calloc_0_nonnull]) 1481 1482if test "x$func_calloc_0_nonnull" = "xyes"; then 1483 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1484else 1485 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1486 AC_DEFINE(calloc, rpl_calloc, 1487 [Define to rpl_calloc if the replacement function should be used.]) 1488fi 1489 1490# Check for ALTDIRFUNC glob() extension 1491AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1492AC_EGREP_CPP([FOUNDIT], 1493 [ 1494 #include <glob.h> 1495 #ifdef GLOB_ALTDIRFUNC 1496 FOUNDIT 1497 #endif 1498 ], 1499 [ 1500 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1501 [Define if your system glob() function has 1502 the GLOB_ALTDIRFUNC extension]) 1503 AC_MSG_RESULT([yes]) 1504 ], 1505 [ 1506 AC_MSG_RESULT([no]) 1507 ] 1508) 1509 1510# Check for g.gl_matchc glob() extension 1511AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1512AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1513 [[ glob_t g; g.gl_matchc = 1; ]])], 1514 [ 1515 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1516 [Define if your system glob() function has 1517 gl_matchc options in glob_t]) 1518 AC_MSG_RESULT([yes]) 1519 ], [ 1520 AC_MSG_RESULT([no]) 1521]) 1522 1523# Check for g.gl_statv glob() extension 1524AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1525AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1526#ifndef GLOB_KEEPSTAT 1527#error "glob does not support GLOB_KEEPSTAT extension" 1528#endif 1529glob_t g; 1530g.gl_statv = NULL; 1531]])], 1532 [ 1533 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1534 [Define if your system glob() function has 1535 gl_statv options in glob_t]) 1536 AC_MSG_RESULT([yes]) 1537 ], [ 1538 AC_MSG_RESULT([no]) 1539 1540]) 1541 1542AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1543 1544AC_CHECK_DECL([VIS_ALL], , 1545 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1546 1547AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1548AC_RUN_IFELSE( 1549 [AC_LANG_PROGRAM([[ 1550#include <sys/types.h> 1551#include <dirent.h> 1552#include <stdlib.h> 1553 ]], 1554 [[ 1555 struct dirent d; 1556 exit(sizeof(d.d_name)<=sizeof(char)); 1557 ]])], 1558 [AC_MSG_RESULT([yes])], 1559 [ 1560 AC_MSG_RESULT([no]) 1561 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1562 [Define if your struct dirent expects you to 1563 allocate extra space for d_name]) 1564 ], 1565 [ 1566 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1567 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1568 ] 1569) 1570 1571AC_MSG_CHECKING([for /proc/pid/fd directory]) 1572if test -d "/proc/$$/fd" ; then 1573 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1574 AC_MSG_RESULT([yes]) 1575else 1576 AC_MSG_RESULT([no]) 1577fi 1578 1579# Check whether user wants TCP wrappers support 1580TCPW_MSG="no" 1581AC_ARG_WITH([tcp-wrappers], 1582 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1583 [ 1584 if test "x$withval" != "xno" ; then 1585 saved_LIBS="$LIBS" 1586 saved_LDFLAGS="$LDFLAGS" 1587 saved_CPPFLAGS="$CPPFLAGS" 1588 if test -n "${withval}" && \ 1589 test "x${withval}" != "xyes"; then 1590 if test -d "${withval}/lib"; then 1591 if test -n "${need_dash_r}"; then 1592 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1593 else 1594 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1595 fi 1596 else 1597 if test -n "${need_dash_r}"; then 1598 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1599 else 1600 LDFLAGS="-L${withval} ${LDFLAGS}" 1601 fi 1602 fi 1603 if test -d "${withval}/include"; then 1604 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1605 else 1606 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1607 fi 1608 fi 1609 LIBS="-lwrap $LIBS" 1610 AC_MSG_CHECKING([for libwrap]) 1611 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1612#include <sys/types.h> 1613#include <sys/socket.h> 1614#include <netinet/in.h> 1615#include <tcpd.h> 1616int deny_severity = 0, allow_severity = 0; 1617 ]], [[ 1618 hosts_access(0); 1619 ]])], [ 1620 AC_MSG_RESULT([yes]) 1621 AC_DEFINE([LIBWRAP], [1], 1622 [Define if you want 1623 TCP Wrappers support]) 1624 SSHDLIBS="$SSHDLIBS -lwrap" 1625 TCPW_MSG="yes" 1626 ], [ 1627 AC_MSG_ERROR([*** libwrap missing]) 1628 ]) 1629 LIBS="$saved_LIBS" 1630 fi 1631 ] 1632) 1633 1634# Check whether user wants to use ldns 1635LDNS_MSG="no" 1636AC_ARG_WITH(ldns, 1637 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1638 [ 1639 ldns="" 1640 if test "x$withval" = "xyes" ; then 1641 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1642 if test "x$LDNSCONFIG" = "xno"; then 1643 LIBS="-lldns $LIBS" 1644 ldns=yes 1645 else 1646 LIBS="$LIBS `$LDNSCONFIG --libs`" 1647 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1648 ldns=yes 1649 fi 1650 elif test "x$withval" != "xno" ; then 1651 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1652 LDFLAGS="$LDFLAGS -L${withval}/lib" 1653 LIBS="-lldns $LIBS" 1654 ldns=yes 1655 fi 1656 1657 # Verify that it works. 1658 if test "x$ldns" = "xyes" ; then 1659 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1660 LDNS_MSG="yes" 1661 AC_MSG_CHECKING([for ldns support]) 1662 AC_LINK_IFELSE( 1663 [AC_LANG_SOURCE([[ 1664#include <stdio.h> 1665#include <stdlib.h> 1666#ifdef HAVE_STDINT_H 1667# include <stdint.h> 1668#endif 1669#include <ldns/ldns.h> 1670int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1671 ]]) 1672 ], 1673 [AC_MSG_RESULT(yes)], 1674 [ 1675 AC_MSG_RESULT(no) 1676 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1677 ]) 1678 fi 1679]) 1680 1681# Check whether user wants libedit support 1682LIBEDIT_MSG="no" 1683AC_ARG_WITH([libedit], 1684 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1685 [ if test "x$withval" != "xno" ; then 1686 if test "x$withval" = "xyes" ; then 1687 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1688 if test "x$PKGCONFIG" != "xno"; then 1689 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1690 if "$PKGCONFIG" libedit; then 1691 AC_MSG_RESULT([yes]) 1692 use_pkgconfig_for_libedit=yes 1693 else 1694 AC_MSG_RESULT([no]) 1695 fi 1696 fi 1697 else 1698 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1699 if test -n "${rpath_opt}"; then 1700 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1701 else 1702 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1703 fi 1704 fi 1705 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1706 LIBEDIT=`$PKGCONFIG --libs libedit` 1707 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1708 else 1709 LIBEDIT="-ledit -lcurses" 1710 fi 1711 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1712 AC_CHECK_LIB([edit], [el_init], 1713 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1714 LIBEDIT_MSG="yes" 1715 AC_SUBST([LIBEDIT]) 1716 ], 1717 [ AC_MSG_ERROR([libedit not found]) ], 1718 [ $OTHERLIBS ] 1719 ) 1720 AC_MSG_CHECKING([if libedit version is compatible]) 1721 AC_COMPILE_IFELSE( 1722 [AC_LANG_PROGRAM([[ 1723#include <histedit.h> 1724#include <stdlib.h> 1725 ]], 1726 [[ 1727 int i = H_SETSIZE; 1728 el_init("", NULL, NULL, NULL); 1729 exit(0); 1730 ]])], 1731 [ AC_MSG_RESULT([yes]) ], 1732 [ AC_MSG_RESULT([no]) 1733 AC_MSG_ERROR([libedit version is not compatible]) ] 1734 ) 1735 fi ] 1736) 1737 1738AUDIT_MODULE=none 1739AC_ARG_WITH([audit], 1740 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1741 [ 1742 AC_MSG_CHECKING([for supported audit module]) 1743 case "$withval" in 1744 bsm) 1745 AC_MSG_RESULT([bsm]) 1746 AUDIT_MODULE=bsm 1747 dnl Checks for headers, libs and functions 1748 AC_CHECK_HEADERS([bsm/audit.h], [], 1749 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1750 [ 1751#ifdef HAVE_TIME_H 1752# include <time.h> 1753#endif 1754 ] 1755) 1756 AC_CHECK_LIB([bsm], [getaudit], [], 1757 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1758 AC_CHECK_FUNCS([getaudit], [], 1759 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1760 # These are optional 1761 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1762 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1763 if test "$sol2ver" -ge 11; then 1764 SSHDLIBS="$SSHDLIBS -lscf" 1765 AC_DEFINE([BROKEN_BSM_API], [1], 1766 [The system has incomplete BSM API]) 1767 fi 1768 ;; 1769 linux) 1770 AC_MSG_RESULT([linux]) 1771 AUDIT_MODULE=linux 1772 dnl Checks for headers, libs and functions 1773 AC_CHECK_HEADERS([libaudit.h]) 1774 SSHDLIBS="$SSHDLIBS -laudit" 1775 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1776 ;; 1777 debug) 1778 AUDIT_MODULE=debug 1779 AC_MSG_RESULT([debug]) 1780 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1781 ;; 1782 no) 1783 AC_MSG_RESULT([no]) 1784 ;; 1785 *) 1786 AC_MSG_ERROR([Unknown audit module $withval]) 1787 ;; 1788 esac ] 1789) 1790 1791AC_ARG_WITH([pie], 1792 [ --with-pie Build Position Independent Executables if possible], [ 1793 if test "x$withval" = "xno"; then 1794 use_pie=no 1795 fi 1796 if test "x$withval" = "xyes"; then 1797 use_pie=yes 1798 fi 1799 ] 1800) 1801if test "x$use_pie" = "x"; then 1802 use_pie=no 1803fi 1804if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1805 # Turn off automatic PIE when toolchain hardening is off. 1806 use_pie=no 1807fi 1808if test "x$use_pie" = "xauto"; then 1809 # Automatic PIE requires gcc >= 4.x 1810 AC_MSG_CHECKING([for gcc >= 4.x]) 1811 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1812#if !defined(__GNUC__) || __GNUC__ < 4 1813#error gcc is too old 1814#endif 1815]])], 1816 [ AC_MSG_RESULT([yes]) ], 1817 [ AC_MSG_RESULT([no]) 1818 use_pie=no ] 1819) 1820fi 1821if test "x$use_pie" != "xno"; then 1822 SAVED_CFLAGS="$CFLAGS" 1823 SAVED_LDFLAGS="$LDFLAGS" 1824 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1825 OSSH_CHECK_LDFLAG_LINK([-pie]) 1826 # We use both -fPIE and -pie or neither. 1827 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1828 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1829 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1830 AC_MSG_RESULT([yes]) 1831 else 1832 AC_MSG_RESULT([no]) 1833 CFLAGS="$SAVED_CFLAGS" 1834 LDFLAGS="$SAVED_LDFLAGS" 1835 fi 1836fi 1837 1838AC_MSG_CHECKING([whether -fPIC is accepted]) 1839SAVED_CFLAGS="$CFLAGS" 1840CFLAGS="$CFLAGS -fPIC" 1841AC_COMPILE_IFELSE( 1842 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1843 [AC_MSG_RESULT([yes]) 1844 PICFLAG="-fPIC"; ], 1845 [AC_MSG_RESULT([no]) 1846 PICFLAG=""; ]) 1847CFLAGS="$SAVED_CFLAGS" 1848AC_SUBST([PICFLAG]) 1849 1850dnl Checks for library functions. Please keep in alphabetical order 1851AC_CHECK_FUNCS([ \ 1852 auth_hostok \ 1853 auth_timeok \ 1854 Blowfish_initstate \ 1855 Blowfish_expandstate \ 1856 Blowfish_expand0state \ 1857 Blowfish_stream2word \ 1858 SHA256Update \ 1859 SHA384Update \ 1860 SHA512Update \ 1861 asprintf \ 1862 b64_ntop \ 1863 __b64_ntop \ 1864 b64_pton \ 1865 __b64_pton \ 1866 bcopy \ 1867 bcrypt_pbkdf \ 1868 bindresvport_sa \ 1869 blf_enc \ 1870 bzero \ 1871 cap_rights_limit \ 1872 clock \ 1873 closefrom \ 1874 dirfd \ 1875 endgrent \ 1876 err \ 1877 errx \ 1878 explicit_bzero \ 1879 explicit_memset \ 1880 fchmod \ 1881 fchmodat \ 1882 fchown \ 1883 fchownat \ 1884 flock \ 1885 fnmatch \ 1886 freeaddrinfo \ 1887 freezero \ 1888 fstatfs \ 1889 fstatvfs \ 1890 futimes \ 1891 getaddrinfo \ 1892 getcwd \ 1893 getgrouplist \ 1894 getline \ 1895 getnameinfo \ 1896 getopt \ 1897 getpagesize \ 1898 getpeereid \ 1899 getpeerucred \ 1900 getpgid \ 1901 _getpty \ 1902 getrlimit \ 1903 getrandom \ 1904 getsid \ 1905 getttyent \ 1906 glob \ 1907 group_from_gid \ 1908 inet_aton \ 1909 inet_ntoa \ 1910 inet_ntop \ 1911 innetgr \ 1912 llabs \ 1913 localtime_r \ 1914 login_getcapbool \ 1915 login_getpwclass \ 1916 md5_crypt \ 1917 memmem \ 1918 memmove \ 1919 memset_s \ 1920 mkdtemp \ 1921 ngetaddrinfo \ 1922 nsleep \ 1923 ogetaddrinfo \ 1924 openlog_r \ 1925 pledge \ 1926 poll \ 1927 prctl \ 1928 pselect \ 1929 pstat \ 1930 raise \ 1931 readpassphrase \ 1932 reallocarray \ 1933 realpath \ 1934 recvmsg \ 1935 recallocarray \ 1936 rresvport_af \ 1937 sendmsg \ 1938 setdtablesize \ 1939 setegid \ 1940 setenv \ 1941 seteuid \ 1942 setgroupent \ 1943 setgroups \ 1944 setlinebuf \ 1945 setlogin \ 1946 setpassent\ 1947 setpcred \ 1948 setproctitle \ 1949 setregid \ 1950 setreuid \ 1951 setrlimit \ 1952 setsid \ 1953 setvbuf \ 1954 sigaction \ 1955 sigvec \ 1956 snprintf \ 1957 socketpair \ 1958 statfs \ 1959 statvfs \ 1960 strcasestr \ 1961 strdup \ 1962 strerror \ 1963 strlcat \ 1964 strlcpy \ 1965 strmode \ 1966 strndup \ 1967 strnlen \ 1968 strnvis \ 1969 strptime \ 1970 strsignal \ 1971 strtonum \ 1972 strtoll \ 1973 strtoul \ 1974 strtoull \ 1975 swap32 \ 1976 sysconf \ 1977 tcgetpgrp \ 1978 timingsafe_bcmp \ 1979 truncate \ 1980 unsetenv \ 1981 updwtmpx \ 1982 utimensat \ 1983 user_from_uid \ 1984 usleep \ 1985 vasprintf \ 1986 vsnprintf \ 1987 waitpid \ 1988 warn \ 1989]) 1990 1991AC_CHECK_DECLS([bzero, memmem]) 1992 1993dnl Wide character support. 1994AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1995 1996TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1997AC_MSG_CHECKING([for utf8 locale support]) 1998AC_RUN_IFELSE( 1999 [AC_LANG_PROGRAM([[ 2000#include <locale.h> 2001#include <stdlib.h> 2002 ]], [[ 2003 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2004 if (loc != NULL) 2005 exit(0); 2006 exit(1); 2007 ]])], 2008 AC_MSG_RESULT(yes), 2009 [AC_MSG_RESULT(no) 2010 TEST_SSH_UTF8=no], 2011 AC_MSG_WARN([cross compiling: assuming yes]) 2012) 2013 2014AC_LINK_IFELSE( 2015 [AC_LANG_PROGRAM( 2016 [[ #include <ctype.h> ]], 2017 [[ return (isblank('a')); ]])], 2018 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2019]) 2020 2021disable_pkcs11= 2022AC_ARG_ENABLE([pkcs11], 2023 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2024 [ 2025 if test "x$enableval" = "xno" ; then 2026 disable_pkcs11=1 2027 fi 2028 ] 2029) 2030 2031disable_sk= 2032AC_ARG_ENABLE([security-key], 2033 [ --disable-security-key disable U2F/FIDO support code [no]], 2034 [ 2035 if test "x$enableval" = "xno" ; then 2036 disable_sk=1 2037 fi 2038 ] 2039) 2040enable_sk_internal= 2041AC_ARG_WITH([security-key-builtin], 2042 [ --with-security-key-builtin include builtin U2F/FIDO support], 2043 [ 2044 if test "x$withval" != "xno" ; then 2045 enable_sk_internal=yes 2046 fi 2047 ] 2048) 2049test "x$disable_sk" != "x" && enable_sk_internal="" 2050 2051AC_SEARCH_LIBS([dlopen], [dl]) 2052AC_CHECK_FUNCS([dlopen]) 2053AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2054 2055# IRIX has a const char return value for gai_strerror() 2056AC_CHECK_FUNCS([gai_strerror], [ 2057 AC_DEFINE([HAVE_GAI_STRERROR]) 2058 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2059#include <sys/types.h> 2060#include <sys/socket.h> 2061#include <netdb.h> 2062 2063const char *gai_strerror(int); 2064 ]], [[ 2065 char *str; 2066 str = gai_strerror(0); 2067 ]])], [ 2068 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2069 [Define if gai_strerror() returns const char *])], [])]) 2070 2071AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2072 [Some systems put nanosleep outside of libc])]) 2073 2074AC_SEARCH_LIBS([clock_gettime], [rt], 2075 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2076 2077dnl check if we need -D_REENTRANT for localtime_r declaration. 2078AC_CHECK_DECL([localtime_r], [], 2079 [ saved_CPPFLAGS="$CPPFLAGS" 2080 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2081 unset ac_cv_have_decl_localtime_r 2082 AC_CHECK_DECL([localtime_r], [], 2083 [ CPPFLAGS="$saved_CPPFLAGS" ], 2084 [ #include <time.h> ] 2085 ) 2086 ], 2087 [ #include <time.h> ] 2088) 2089 2090dnl Make sure prototypes are defined for these before using them. 2091AC_CHECK_DECL([strsep], 2092 [AC_CHECK_FUNCS([strsep])], 2093 [], 2094 [ 2095#ifdef HAVE_STRING_H 2096# include <string.h> 2097#endif 2098 ]) 2099 2100dnl tcsendbreak might be a macro 2101AC_CHECK_DECL([tcsendbreak], 2102 [AC_DEFINE([HAVE_TCSENDBREAK])], 2103 [AC_CHECK_FUNCS([tcsendbreak])], 2104 [#include <termios.h>] 2105) 2106 2107AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2108 2109AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2110 [ 2111#include <sys/types.h> 2112#include <sys/socket.h> 2113#include <unistd.h> 2114 ]) 2115 2116AC_CHECK_DECLS([O_NONBLOCK], , , 2117 [ 2118#include <sys/types.h> 2119#ifdef HAVE_SYS_STAT_H 2120# include <sys/stat.h> 2121#endif 2122#ifdef HAVE_FCNTL_H 2123# include <fcntl.h> 2124#endif 2125 ]) 2126 2127AC_CHECK_DECLS([readv, writev], , , [ 2128#include <sys/types.h> 2129#include <sys/uio.h> 2130#include <unistd.h> 2131 ]) 2132 2133AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2134#include <sys/param.h> 2135 ]) 2136 2137AC_CHECK_DECLS([offsetof], , , [ 2138#include <stddef.h> 2139 ]) 2140 2141# extra bits for select(2) 2142AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2143#include <sys/param.h> 2144#include <sys/types.h> 2145#ifdef HAVE_SYS_SYSMACROS_H 2146#include <sys/sysmacros.h> 2147#endif 2148#ifdef HAVE_SYS_SELECT_H 2149#include <sys/select.h> 2150#endif 2151#ifdef HAVE_SYS_TIME_H 2152#include <sys/time.h> 2153#endif 2154#ifdef HAVE_UNISTD_H 2155#include <unistd.h> 2156#endif 2157 ]]) 2158AC_CHECK_TYPES([fd_mask], [], [], [[ 2159#include <sys/param.h> 2160#include <sys/types.h> 2161#ifdef HAVE_SYS_SELECT_H 2162#include <sys/select.h> 2163#endif 2164#ifdef HAVE_SYS_TIME_H 2165#include <sys/time.h> 2166#endif 2167#ifdef HAVE_UNISTD_H 2168#include <unistd.h> 2169#endif 2170 ]]) 2171 2172AC_CHECK_FUNCS([setresuid], [ 2173 dnl Some platorms have setresuid that isn't implemented, test for this 2174 AC_MSG_CHECKING([if setresuid seems to work]) 2175 AC_RUN_IFELSE( 2176 [AC_LANG_PROGRAM([[ 2177#include <stdlib.h> 2178#include <errno.h> 2179 ]], [[ 2180 errno=0; 2181 setresuid(0,0,0); 2182 if (errno==ENOSYS) 2183 exit(1); 2184 else 2185 exit(0); 2186 ]])], 2187 [AC_MSG_RESULT([yes])], 2188 [AC_DEFINE([BROKEN_SETRESUID], [1], 2189 [Define if your setresuid() is broken]) 2190 AC_MSG_RESULT([not implemented])], 2191 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2192 ) 2193]) 2194 2195AC_CHECK_FUNCS([setresgid], [ 2196 dnl Some platorms have setresgid that isn't implemented, test for this 2197 AC_MSG_CHECKING([if setresgid seems to work]) 2198 AC_RUN_IFELSE( 2199 [AC_LANG_PROGRAM([[ 2200#include <stdlib.h> 2201#include <errno.h> 2202 ]], [[ 2203 errno=0; 2204 setresgid(0,0,0); 2205 if (errno==ENOSYS) 2206 exit(1); 2207 else 2208 exit(0); 2209 ]])], 2210 [AC_MSG_RESULT([yes])], 2211 [AC_DEFINE([BROKEN_SETRESGID], [1], 2212 [Define if your setresgid() is broken]) 2213 AC_MSG_RESULT([not implemented])], 2214 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2215 ) 2216]) 2217 2218AC_MSG_CHECKING([for working fflush(NULL)]) 2219AC_RUN_IFELSE( 2220 [AC_LANG_PROGRAM([[ 2221#include <stdio.h> 2222#include <stdlib.h> 2223 ]], 2224 [[fflush(NULL); exit(0);]])], 2225 AC_MSG_RESULT([yes]), 2226 [AC_MSG_RESULT([no]) 2227 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2228 [define if fflush(NULL) does not work])], 2229 AC_MSG_WARN([cross compiling: assuming working]) 2230) 2231 2232dnl Checks for time functions 2233AC_CHECK_FUNCS([gettimeofday time]) 2234dnl Checks for utmp functions 2235AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2236AC_CHECK_FUNCS([utmpname]) 2237dnl Checks for utmpx functions 2238AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2239AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2240dnl Checks for lastlog functions 2241AC_CHECK_FUNCS([getlastlogxbyname]) 2242 2243AC_CHECK_FUNC([daemon], 2244 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2245 [AC_CHECK_LIB([bsd], [daemon], 2246 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2247) 2248 2249AC_CHECK_FUNC([getpagesize], 2250 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2251 [Define if your libraries define getpagesize()])], 2252 [AC_CHECK_LIB([ucb], [getpagesize], 2253 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2254) 2255 2256# Check for broken snprintf 2257if test "x$ac_cv_func_snprintf" = "xyes" ; then 2258 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2259 AC_RUN_IFELSE( 2260 [AC_LANG_PROGRAM([[ 2261#include <stdio.h> 2262#include <stdlib.h> 2263 ]], 2264 [[ 2265 char b[5]; 2266 snprintf(b,5,"123456789"); 2267 exit(b[4]!='\0'); 2268 ]])], 2269 [AC_MSG_RESULT([yes])], 2270 [ 2271 AC_MSG_RESULT([no]) 2272 AC_DEFINE([BROKEN_SNPRINTF], [1], 2273 [Define if your snprintf is busted]) 2274 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2275 ], 2276 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2277 ) 2278fi 2279 2280if test "x$ac_cv_func_snprintf" = "xyes" ; then 2281 AC_MSG_CHECKING([whether snprintf understands %zu]) 2282 AC_RUN_IFELSE( 2283 [AC_LANG_PROGRAM([[ 2284#include <sys/types.h> 2285#include <stdio.h> 2286#include <stdlib.h> 2287#include <string.h> 2288 ]], 2289 [[ 2290 size_t a = 1, b = 2; 2291 char z[128]; 2292 snprintf(z, sizeof z, "%zu%zu", a, b); 2293 exit(strcmp(z, "12")); 2294 ]])], 2295 [AC_MSG_RESULT([yes])], 2296 [ 2297 AC_MSG_RESULT([no]) 2298 AC_DEFINE([BROKEN_SNPRINTF], [1], 2299 [snprintf does not understand %zu]) 2300 ], 2301 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2302 ) 2303fi 2304 2305# We depend on vsnprintf returning the right thing on overflow: the 2306# number of characters it tried to create (as per SUSv3) 2307if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2308 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2309 AC_RUN_IFELSE( 2310 [AC_LANG_PROGRAM([[ 2311#include <sys/types.h> 2312#include <stdio.h> 2313#include <stdarg.h> 2314 2315int x_snprintf(char *str, size_t count, const char *fmt, ...) 2316{ 2317 size_t ret; 2318 va_list ap; 2319 2320 va_start(ap, fmt); 2321 ret = vsnprintf(str, count, fmt, ap); 2322 va_end(ap); 2323 return ret; 2324} 2325 ]], [[ 2326char x[1]; 2327if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2328 return 1; 2329if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2330 return 1; 2331return 0; 2332 ]])], 2333 [AC_MSG_RESULT([yes])], 2334 [ 2335 AC_MSG_RESULT([no]) 2336 AC_DEFINE([BROKEN_SNPRINTF], [1], 2337 [Define if your snprintf is busted]) 2338 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2339 ], 2340 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2341 ) 2342fi 2343 2344# On systems where [v]snprintf is broken, but is declared in stdio, 2345# check that the fmt argument is const char * or just char *. 2346# This is only useful for when BROKEN_SNPRINTF 2347AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2348AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2349#include <stdio.h> 2350int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2351 ]], [[ 2352 snprintf(0, 0, 0); 2353 ]])], 2354 [AC_MSG_RESULT([yes]) 2355 AC_DEFINE([SNPRINTF_CONST], [const], 2356 [Define as const if snprintf() can declare const char *fmt])], 2357 [AC_MSG_RESULT([no]) 2358 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2359 2360# Check for missing getpeereid (or equiv) support 2361NO_PEERCHECK="" 2362if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2363 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2364 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2365#include <sys/types.h> 2366#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2367 [ AC_MSG_RESULT([yes]) 2368 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2369 ], [AC_MSG_RESULT([no]) 2370 NO_PEERCHECK=1 2371 ]) 2372fi 2373 2374dnl make sure that openpty does not reacquire controlling terminal 2375if test ! -z "$check_for_openpty_ctty_bug"; then 2376 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2377 AC_RUN_IFELSE( 2378 [AC_LANG_PROGRAM([[ 2379#include <stdio.h> 2380#include <stdlib.h> 2381#include <unistd.h> 2382#include <sys/fcntl.h> 2383#include <sys/types.h> 2384#include <sys/wait.h> 2385 ]], [[ 2386 pid_t pid; 2387 int fd, ptyfd, ttyfd, status; 2388 2389 pid = fork(); 2390 if (pid < 0) { /* failed */ 2391 exit(1); 2392 } else if (pid > 0) { /* parent */ 2393 waitpid(pid, &status, 0); 2394 if (WIFEXITED(status)) 2395 exit(WEXITSTATUS(status)); 2396 else 2397 exit(2); 2398 } else { /* child */ 2399 close(0); close(1); close(2); 2400 setsid(); 2401 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2402 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2403 if (fd >= 0) 2404 exit(3); /* Acquired ctty: broken */ 2405 else 2406 exit(0); /* Did not acquire ctty: OK */ 2407 } 2408 ]])], 2409 [ 2410 AC_MSG_RESULT([yes]) 2411 ], 2412 [ 2413 AC_MSG_RESULT([no]) 2414 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2415 ], 2416 [ 2417 AC_MSG_RESULT([cross-compiling, assuming yes]) 2418 ] 2419 ) 2420fi 2421 2422if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2423 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2424 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2425 AC_RUN_IFELSE( 2426 [AC_LANG_PROGRAM([[ 2427#include <stdio.h> 2428#include <stdlib.h> 2429#include <sys/socket.h> 2430#include <netdb.h> 2431#include <errno.h> 2432#include <netinet/in.h> 2433 2434#define TEST_PORT "2222" 2435 ]], [[ 2436 int err, sock; 2437 struct addrinfo *gai_ai, *ai, hints; 2438 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2439 2440 memset(&hints, 0, sizeof(hints)); 2441 hints.ai_family = PF_UNSPEC; 2442 hints.ai_socktype = SOCK_STREAM; 2443 hints.ai_flags = AI_PASSIVE; 2444 2445 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2446 if (err != 0) { 2447 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2448 exit(1); 2449 } 2450 2451 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2452 if (ai->ai_family != AF_INET6) 2453 continue; 2454 2455 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2456 sizeof(ntop), strport, sizeof(strport), 2457 NI_NUMERICHOST|NI_NUMERICSERV); 2458 2459 if (err != 0) { 2460 if (err == EAI_SYSTEM) 2461 perror("getnameinfo EAI_SYSTEM"); 2462 else 2463 fprintf(stderr, "getnameinfo failed: %s\n", 2464 gai_strerror(err)); 2465 exit(2); 2466 } 2467 2468 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2469 if (sock < 0) 2470 perror("socket"); 2471 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2472 if (errno == EBADF) 2473 exit(3); 2474 } 2475 } 2476 exit(0); 2477 ]])], 2478 [ 2479 AC_MSG_RESULT([yes]) 2480 ], 2481 [ 2482 AC_MSG_RESULT([no]) 2483 AC_DEFINE([BROKEN_GETADDRINFO]) 2484 ], 2485 [ 2486 AC_MSG_RESULT([cross-compiling, assuming yes]) 2487 ] 2488 ) 2489fi 2490 2491if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2492 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2493 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2494 AC_RUN_IFELSE( 2495 [AC_LANG_PROGRAM([[ 2496#include <stdio.h> 2497#include <stdlib.h> 2498#include <sys/socket.h> 2499#include <netdb.h> 2500#include <errno.h> 2501#include <netinet/in.h> 2502 2503#define TEST_PORT "2222" 2504 ]], [[ 2505 int err, sock; 2506 struct addrinfo *gai_ai, *ai, hints; 2507 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2508 2509 memset(&hints, 0, sizeof(hints)); 2510 hints.ai_family = PF_UNSPEC; 2511 hints.ai_socktype = SOCK_STREAM; 2512 hints.ai_flags = AI_PASSIVE; 2513 2514 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2515 if (err != 0) { 2516 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2517 exit(1); 2518 } 2519 2520 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2521 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2522 continue; 2523 2524 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2525 sizeof(ntop), strport, sizeof(strport), 2526 NI_NUMERICHOST|NI_NUMERICSERV); 2527 2528 if (ai->ai_family == AF_INET && err != 0) { 2529 perror("getnameinfo"); 2530 exit(2); 2531 } 2532 } 2533 exit(0); 2534 ]])], 2535 [ 2536 AC_MSG_RESULT([yes]) 2537 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2538 [Define if you have a getaddrinfo that fails 2539 for the all-zeros IPv6 address]) 2540 ], 2541 [ 2542 AC_MSG_RESULT([no]) 2543 AC_DEFINE([BROKEN_GETADDRINFO]) 2544 ], 2545 [ 2546 AC_MSG_RESULT([cross-compiling, assuming no]) 2547 ] 2548 ) 2549fi 2550 2551if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2552 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2553 [#include <sys/types.h> 2554 #include <sys/socket.h> 2555 #include <netdb.h>]) 2556fi 2557 2558if test "x$check_for_conflicting_getspnam" = "x1"; then 2559 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2560 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2561#include <shadow.h> 2562#include <stdlib.h> 2563 ]], 2564 [[ exit(0); ]])], 2565 [ 2566 AC_MSG_RESULT([no]) 2567 ], 2568 [ 2569 AC_MSG_RESULT([yes]) 2570 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2571 [Conflicting defs for getspnam]) 2572 ] 2573 ) 2574fi 2575 2576dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2577dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2578dnl for over ten years). Despite this incompatibility being reported during 2579dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2580dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2581dnl implementation. Try to detect this mess, and assume the only safe option 2582dnl if we're cross compiling. 2583dnl 2584dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2585dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2586if test "x$ac_cv_func_strnvis" = "xyes"; then 2587 AC_MSG_CHECKING([for working strnvis]) 2588 AC_RUN_IFELSE( 2589 [AC_LANG_PROGRAM([[ 2590#include <signal.h> 2591#include <stdlib.h> 2592#include <string.h> 2593#include <unistd.h> 2594#include <vis.h> 2595static void sighandler(int sig) { _exit(1); } 2596 ]], [[ 2597 char dst[16]; 2598 2599 signal(SIGSEGV, sighandler); 2600 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2601 exit(0); 2602 exit(1) 2603 ]])], 2604 [AC_MSG_RESULT([yes])], 2605 [AC_MSG_RESULT([no]) 2606 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2607 [AC_MSG_WARN([cross compiling: assuming broken]) 2608 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2609 ) 2610fi 2611 2612AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2613AC_RUN_IFELSE( 2614 [AC_LANG_PROGRAM([[ 2615#ifdef HAVE_SYS_SELECT 2616# include <sys/select.h> 2617#endif 2618#include <sys/types.h> 2619#include <sys/time.h> 2620#include <stdlib.h> 2621#include <signal.h> 2622#include <unistd.h> 2623static void sighandler(int sig) { } 2624 ]], [[ 2625 int r; 2626 pid_t pid; 2627 struct sigaction sa; 2628 2629 sa.sa_handler = sighandler; 2630 sa.sa_flags = SA_RESTART; 2631 (void)sigaction(SIGTERM, &sa, NULL); 2632 if ((pid = fork()) == 0) { /* child */ 2633 pid = getppid(); 2634 sleep(1); 2635 kill(pid, SIGTERM); 2636 sleep(1); 2637 if (getppid() == pid) /* if parent did not exit, shoot it */ 2638 kill(pid, SIGKILL); 2639 exit(0); 2640 } else { /* parent */ 2641 r = select(0, NULL, NULL, NULL, NULL); 2642 } 2643 exit(r == -1 ? 0 : 1); 2644 ]])], 2645 [AC_MSG_RESULT([yes])], 2646 [AC_MSG_RESULT([no]) 2647 AC_DEFINE([NO_SA_RESTART], [1], 2648 [SA_RESTARTed signals do no interrupt select])], 2649 [AC_MSG_WARN([cross compiling: assuming yes])] 2650) 2651 2652AC_CHECK_FUNCS([getpgrp],[ 2653 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2654 AC_COMPILE_IFELSE( 2655 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2656 [ AC_MSG_RESULT([yes]) 2657 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2658 [ AC_MSG_RESULT([no]) 2659 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2660 ) 2661]) 2662 2663# Search for OpenSSL 2664saved_CPPFLAGS="$CPPFLAGS" 2665saved_LDFLAGS="$LDFLAGS" 2666AC_ARG_WITH([ssl-dir], 2667 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2668 [ 2669 if test "x$openssl" = "xno" ; then 2670 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2671 fi 2672 if test "x$withval" != "xno" ; then 2673 case "$withval" in 2674 # Relative paths 2675 ./*|../*) withval="`pwd`/$withval" 2676 esac 2677 if test -d "$withval/lib"; then 2678 if test -n "${rpath_opt}"; then 2679 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2680 else 2681 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2682 fi 2683 elif test -d "$withval/lib64"; then 2684 if test -n "${rpath_opt}"; then 2685 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2686 else 2687 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2688 fi 2689 else 2690 if test -n "${rpath_opt}"; then 2691 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2692 else 2693 LDFLAGS="-L${withval} ${LDFLAGS}" 2694 fi 2695 fi 2696 if test -d "$withval/include"; then 2697 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2698 else 2699 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2700 fi 2701 fi 2702 ] 2703) 2704 2705AC_ARG_WITH([openssl-header-check], 2706 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2707 [ 2708 if test "x$withval" = "xno" ; then 2709 openssl_check_nonfatal=1 2710 fi 2711 ] 2712) 2713 2714openssl_engine=no 2715AC_ARG_WITH([ssl-engine], 2716 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2717 [ 2718 if test "x$withval" != "xno" ; then 2719 if test "x$openssl" = "xno" ; then 2720 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2721 fi 2722 openssl_engine=yes 2723 fi 2724 ] 2725) 2726 2727if test "x$openssl" = "xyes" ; then 2728 LIBS="-lcrypto $LIBS" 2729 AC_TRY_LINK_FUNC([RAND_add], , 2730 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2731 AC_CHECK_HEADER([openssl/opensslv.h], , 2732 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2733 2734 # Determine OpenSSL header version 2735 AC_MSG_CHECKING([OpenSSL header version]) 2736 AC_RUN_IFELSE( 2737 [AC_LANG_PROGRAM([[ 2738 #include <stdlib.h> 2739 #include <stdio.h> 2740 #include <string.h> 2741 #include <openssl/opensslv.h> 2742 #define DATA "conftest.sslincver" 2743 ]], [[ 2744 FILE *fd; 2745 int rc; 2746 2747 fd = fopen(DATA,"w"); 2748 if(fd == NULL) 2749 exit(1); 2750 2751 if ((rc = fprintf(fd, "%08lx (%s)\n", 2752 (unsigned long)OPENSSL_VERSION_NUMBER, 2753 OPENSSL_VERSION_TEXT)) < 0) 2754 exit(1); 2755 2756 exit(0); 2757 ]])], 2758 [ 2759 ssl_header_ver=`cat conftest.sslincver` 2760 AC_MSG_RESULT([$ssl_header_ver]) 2761 ], 2762 [ 2763 AC_MSG_RESULT([not found]) 2764 AC_MSG_ERROR([OpenSSL version header not found.]) 2765 ], 2766 [ 2767 AC_MSG_WARN([cross compiling: not checking]) 2768 ] 2769 ) 2770 2771 # Determining OpenSSL library version is version dependent. 2772 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2773 2774 # Determine OpenSSL library version 2775 AC_MSG_CHECKING([OpenSSL library version]) 2776 AC_RUN_IFELSE( 2777 [AC_LANG_PROGRAM([[ 2778 #include <stdio.h> 2779 #include <stdlib.h> 2780 #include <string.h> 2781 #include <openssl/opensslv.h> 2782 #include <openssl/crypto.h> 2783 #define DATA "conftest.ssllibver" 2784 ]], [[ 2785 FILE *fd; 2786 int rc; 2787 2788 fd = fopen(DATA,"w"); 2789 if(fd == NULL) 2790 exit(1); 2791#ifndef OPENSSL_VERSION 2792# define OPENSSL_VERSION SSLEAY_VERSION 2793#endif 2794#ifndef HAVE_OPENSSL_VERSION 2795# define OpenSSL_version SSLeay_version 2796#endif 2797#ifndef HAVE_OPENSSL_VERSION_NUM 2798# define OpenSSL_version_num SSLeay 2799#endif 2800 if ((rc = fprintf(fd, "%08lx (%s)\n", 2801 (unsigned long)OpenSSL_version_num(), 2802 OpenSSL_version(OPENSSL_VERSION))) < 0) 2803 exit(1); 2804 2805 exit(0); 2806 ]])], 2807 [ 2808 ssl_library_ver=`cat conftest.ssllibver` 2809 # Check version is supported. 2810 case "$ssl_library_ver" in 2811 10000*|0*) 2812 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2813 ;; 2814 100*) ;; # 1.0.x 2815 101000[[0123456]]*) 2816 # https://github.com/openssl/openssl/pull/4613 2817 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2818 ;; 2819 101*) ;; # 1.1.x 2820 200*) ;; # LibreSSL 2821 300*) ;; # OpenSSL development branch. 2822 *) 2823 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2824 ;; 2825 esac 2826 AC_MSG_RESULT([$ssl_library_ver]) 2827 ], 2828 [ 2829 AC_MSG_RESULT([not found]) 2830 AC_MSG_ERROR([OpenSSL library not found.]) 2831 ], 2832 [ 2833 AC_MSG_WARN([cross compiling: not checking]) 2834 ] 2835 ) 2836 2837 # Sanity check OpenSSL headers 2838 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2839 AC_RUN_IFELSE( 2840 [AC_LANG_PROGRAM([[ 2841 #include <stdlib.h> 2842 #include <string.h> 2843 #include <openssl/opensslv.h> 2844 #include <openssl/crypto.h> 2845 ]], [[ 2846#ifndef HAVE_OPENSSL_VERSION_NUM 2847# define OpenSSL_version_num SSLeay 2848#endif 2849 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2850 ]])], 2851 [ 2852 AC_MSG_RESULT([yes]) 2853 ], 2854 [ 2855 AC_MSG_RESULT([no]) 2856 if test "x$openssl_check_nonfatal" = "x"; then 2857 AC_MSG_ERROR([Your OpenSSL headers do not match your 2858 library. Check config.log for details. 2859 If you are sure your installation is consistent, you can disable the check 2860 by running "./configure --without-openssl-header-check". 2861 Also see contrib/findssl.sh for help identifying header/library mismatches. 2862 ]) 2863 else 2864 AC_MSG_WARN([Your OpenSSL headers do not match your 2865 library. Check config.log for details. 2866 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2867 fi 2868 ], 2869 [ 2870 AC_MSG_WARN([cross compiling: not checking]) 2871 ] 2872 ) 2873 2874 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2875 AC_LINK_IFELSE( 2876 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2877 [[ ERR_load_crypto_strings(); ]])], 2878 [ 2879 AC_MSG_RESULT([yes]) 2880 ], 2881 [ 2882 AC_MSG_RESULT([no]) 2883 saved_LIBS="$LIBS" 2884 LIBS="$LIBS -ldl" 2885 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2886 AC_LINK_IFELSE( 2887 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2888 [[ ERR_load_crypto_strings(); ]])], 2889 [ 2890 AC_MSG_RESULT([yes]) 2891 ], 2892 [ 2893 AC_MSG_RESULT([no]) 2894 LIBS="$saved_LIBS" 2895 ] 2896 ) 2897 ] 2898 ) 2899 2900 AC_CHECK_FUNCS([ \ 2901 BN_is_prime_ex \ 2902 DSA_generate_parameters_ex \ 2903 EVP_CIPHER_CTX_ctrl \ 2904 EVP_DigestFinal_ex \ 2905 EVP_DigestInit_ex \ 2906 EVP_MD_CTX_cleanup \ 2907 EVP_MD_CTX_copy_ex \ 2908 EVP_MD_CTX_init \ 2909 HMAC_CTX_init \ 2910 RSA_generate_key_ex \ 2911 RSA_get_default_method \ 2912 ]) 2913 2914 # OpenSSL_add_all_algorithms may be a macro. 2915 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2916 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2917 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2918 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2919 [[#include <openssl/evp.h>]] 2920 ) 2921 ) 2922 2923 # LibreSSL/OpenSSL 1.1x API 2924 AC_CHECK_FUNCS([ \ 2925 OPENSSL_init_crypto \ 2926 DH_get0_key \ 2927 DH_get0_pqg \ 2928 DH_set0_key \ 2929 DH_set_length \ 2930 DH_set0_pqg \ 2931 DSA_get0_key \ 2932 DSA_get0_pqg \ 2933 DSA_set0_key \ 2934 DSA_set0_pqg \ 2935 DSA_SIG_get0 \ 2936 DSA_SIG_set0 \ 2937 ECDSA_SIG_get0 \ 2938 ECDSA_SIG_set0 \ 2939 EVP_CIPHER_CTX_iv \ 2940 EVP_CIPHER_CTX_iv_noconst \ 2941 EVP_CIPHER_CTX_get_iv \ 2942 EVP_CIPHER_CTX_get_updated_iv \ 2943 EVP_CIPHER_CTX_set_iv \ 2944 RSA_get0_crt_params \ 2945 RSA_get0_factors \ 2946 RSA_get0_key \ 2947 RSA_set0_crt_params \ 2948 RSA_set0_factors \ 2949 RSA_set0_key \ 2950 RSA_meth_free \ 2951 RSA_meth_dup \ 2952 RSA_meth_set1_name \ 2953 RSA_meth_get_finish \ 2954 RSA_meth_set_priv_enc \ 2955 RSA_meth_set_priv_dec \ 2956 RSA_meth_set_finish \ 2957 EVP_PKEY_get0_RSA \ 2958 EVP_MD_CTX_new \ 2959 EVP_MD_CTX_free \ 2960 EVP_chacha20 \ 2961 ]) 2962 2963 if test "x$openssl_engine" = "xyes" ; then 2964 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2965 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2966 #include <openssl/engine.h> 2967 ]], [[ 2968 ENGINE_load_builtin_engines(); 2969 ENGINE_register_all_complete(); 2970 ]])], 2971 [ AC_MSG_RESULT([yes]) 2972 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2973 [Enable OpenSSL engine support]) 2974 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2975 ]) 2976 fi 2977 2978 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2979 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2980 AC_LINK_IFELSE( 2981 [AC_LANG_PROGRAM([[ 2982 #include <stdlib.h> 2983 #include <string.h> 2984 #include <openssl/evp.h> 2985 ]], [[ 2986 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2987 ]])], 2988 [ 2989 AC_MSG_RESULT([no]) 2990 ], 2991 [ 2992 AC_MSG_RESULT([yes]) 2993 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2994 [libcrypto is missing AES 192 and 256 bit functions]) 2995 ] 2996 ) 2997 2998 # Check for OpenSSL with EVP_aes_*ctr 2999 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 3000 AC_LINK_IFELSE( 3001 [AC_LANG_PROGRAM([[ 3002 #include <stdlib.h> 3003 #include <string.h> 3004 #include <openssl/evp.h> 3005 ]], [[ 3006 exit(EVP_aes_128_ctr() == NULL || 3007 EVP_aes_192_cbc() == NULL || 3008 EVP_aes_256_cbc() == NULL); 3009 ]])], 3010 [ 3011 AC_MSG_RESULT([yes]) 3012 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 3013 [libcrypto has EVP AES CTR]) 3014 ], 3015 [ 3016 AC_MSG_RESULT([no]) 3017 ] 3018 ) 3019 3020 # Check for OpenSSL with EVP_aes_*gcm 3021 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 3022 AC_LINK_IFELSE( 3023 [AC_LANG_PROGRAM([[ 3024 #include <stdlib.h> 3025 #include <string.h> 3026 #include <openssl/evp.h> 3027 ]], [[ 3028 exit(EVP_aes_128_gcm() == NULL || 3029 EVP_aes_256_gcm() == NULL || 3030 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 3031 EVP_CTRL_GCM_IV_GEN == 0 || 3032 EVP_CTRL_GCM_SET_TAG == 0 || 3033 EVP_CTRL_GCM_GET_TAG == 0 || 3034 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 3035 ]])], 3036 [ 3037 AC_MSG_RESULT([yes]) 3038 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 3039 [libcrypto has EVP AES GCM]) 3040 ], 3041 [ 3042 AC_MSG_RESULT([no]) 3043 unsupported_algorithms="$unsupported_cipers \ 3044 aes128-gcm@openssh.com \ 3045 aes256-gcm@openssh.com" 3046 ] 3047 ) 3048 3049 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3050 AC_LINK_IFELSE( 3051 [AC_LANG_PROGRAM([[ 3052 #include <stdlib.h> 3053 #include <string.h> 3054 #include <openssl/evp.h> 3055 ]], [[ 3056 if(EVP_DigestUpdate(NULL, NULL,0)) 3057 exit(0); 3058 ]])], 3059 [ 3060 AC_MSG_RESULT([yes]) 3061 ], 3062 [ 3063 AC_MSG_RESULT([no]) 3064 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3065 [Define if EVP_DigestUpdate returns void]) 3066 ] 3067 ) 3068 3069 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 3070 # because the system crypt() is more featureful. 3071 if test "x$check_for_libcrypt_before" = "x1"; then 3072 AC_CHECK_LIB([crypt], [crypt]) 3073 fi 3074 3075 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 3076 # version in OpenSSL. 3077 if test "x$check_for_libcrypt_later" = "x1"; then 3078 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3079 fi 3080 AC_CHECK_FUNCS([crypt DES_crypt]) 3081 3082 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3083 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3084 3085 # Check complete ECC support in OpenSSL 3086 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3087 AC_LINK_IFELSE( 3088 [AC_LANG_PROGRAM([[ 3089 #include <openssl/ec.h> 3090 #include <openssl/ecdh.h> 3091 #include <openssl/ecdsa.h> 3092 #include <openssl/evp.h> 3093 #include <openssl/objects.h> 3094 #include <openssl/opensslv.h> 3095 ]], [[ 3096 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3097 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3098 ]])], 3099 [ AC_MSG_RESULT([yes]) 3100 enable_nistp256=1 ], 3101 [ AC_MSG_RESULT([no]) ] 3102 ) 3103 3104 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3105 AC_LINK_IFELSE( 3106 [AC_LANG_PROGRAM([[ 3107 #include <openssl/ec.h> 3108 #include <openssl/ecdh.h> 3109 #include <openssl/ecdsa.h> 3110 #include <openssl/evp.h> 3111 #include <openssl/objects.h> 3112 #include <openssl/opensslv.h> 3113 ]], [[ 3114 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3115 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3116 ]])], 3117 [ AC_MSG_RESULT([yes]) 3118 enable_nistp384=1 ], 3119 [ AC_MSG_RESULT([no]) ] 3120 ) 3121 3122 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3123 AC_LINK_IFELSE( 3124 [AC_LANG_PROGRAM([[ 3125 #include <openssl/ec.h> 3126 #include <openssl/ecdh.h> 3127 #include <openssl/ecdsa.h> 3128 #include <openssl/evp.h> 3129 #include <openssl/objects.h> 3130 #include <openssl/opensslv.h> 3131 ]], [[ 3132 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3133 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3134 ]])], 3135 [ AC_MSG_RESULT([yes]) 3136 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3137 AC_RUN_IFELSE( 3138 [AC_LANG_PROGRAM([[ 3139 #include <stdlib.h> 3140 #include <openssl/ec.h> 3141 #include <openssl/ecdh.h> 3142 #include <openssl/ecdsa.h> 3143 #include <openssl/evp.h> 3144 #include <openssl/objects.h> 3145 #include <openssl/opensslv.h> 3146 ]],[[ 3147 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3148 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3149 exit(e == NULL || m == NULL); 3150 ]])], 3151 [ AC_MSG_RESULT([yes]) 3152 enable_nistp521=1 ], 3153 [ AC_MSG_RESULT([no]) ], 3154 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3155 enable_nistp521=1 ] 3156 )], 3157 AC_MSG_RESULT([no]) 3158 ) 3159 3160 COMMENT_OUT_ECC="#no ecc#" 3161 TEST_SSH_ECC=no 3162 3163 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3164 test x$enable_nistp521 = x1; then 3165 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3166 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3167 openssl_ecc=yes 3168 else 3169 openssl_ecc=no 3170 fi 3171 if test x$enable_nistp256 = x1; then 3172 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3173 [libcrypto has NID_X9_62_prime256v1]) 3174 TEST_SSH_ECC=yes 3175 COMMENT_OUT_ECC="" 3176 else 3177 unsupported_algorithms="$unsupported_algorithms \ 3178 ecdsa-sha2-nistp256 \ 3179 ecdh-sha2-nistp256 \ 3180 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3181 fi 3182 if test x$enable_nistp384 = x1; then 3183 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3184 TEST_SSH_ECC=yes 3185 COMMENT_OUT_ECC="" 3186 else 3187 unsupported_algorithms="$unsupported_algorithms \ 3188 ecdsa-sha2-nistp384 \ 3189 ecdh-sha2-nistp384 \ 3190 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3191 fi 3192 if test x$enable_nistp521 = x1; then 3193 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3194 TEST_SSH_ECC=yes 3195 COMMENT_OUT_ECC="" 3196 else 3197 unsupported_algorithms="$unsupported_algorithms \ 3198 ecdh-sha2-nistp521 \ 3199 ecdsa-sha2-nistp521 \ 3200 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3201 fi 3202 3203 AC_SUBST([TEST_SSH_ECC]) 3204 AC_SUBST([COMMENT_OUT_ECC]) 3205else 3206 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3207 AC_CHECK_FUNCS([crypt]) 3208fi 3209 3210# PKCS11/U2F depend on OpenSSL and dlopen(). 3211enable_pkcs11=yes 3212enable_sk=yes 3213if test "x$openssl" != "xyes" ; then 3214 enable_pkcs11="disabled; missing libcrypto" 3215 enable_sk="disabled; missing libcrypto" 3216fi 3217if test "x$openssl_ecc" != "xyes" ; then 3218 enable_sk="disabled; OpenSSL has no ECC support" 3219fi 3220if test "x$ac_cv_func_dlopen" != "xyes" ; then 3221 enable_pkcs11="disabled; missing dlopen(3)" 3222 enable_sk="disabled; missing dlopen(3)" 3223fi 3224if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3225 enable_pkcs11="disabled; missing RTLD_NOW" 3226 enable_sk="disabled; missing RTLD_NOW" 3227fi 3228if test ! -z "$disable_pkcs11" ; then 3229 enable_pkcs11="disabled by user" 3230fi 3231if test ! -z "$disable_sk" ; then 3232 enable_sk="disabled by user" 3233fi 3234 3235AC_MSG_CHECKING([whether to enable PKCS11]) 3236if test "x$enable_pkcs11" = "xyes" ; then 3237 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3238fi 3239AC_MSG_RESULT([$enable_pkcs11]) 3240 3241AC_MSG_CHECKING([whether to enable U2F]) 3242if test "x$enable_sk" = "xyes" ; then 3243 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3244 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3245else 3246 # Do not try to build sk-dummy library. 3247 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3248fi 3249AC_MSG_RESULT([$enable_sk]) 3250 3251# Now check for built-in security key support. 3252if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3253 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3254 use_pkgconfig_for_libfido2= 3255 if test "x$PKGCONFIG" != "xno"; then 3256 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3257 if "$PKGCONFIG" libfido2; then 3258 AC_MSG_RESULT([yes]) 3259 use_pkgconfig_for_libfido2=yes 3260 else 3261 AC_MSG_RESULT([no]) 3262 fi 3263 fi 3264 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3265 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3266 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3267 else 3268 LIBFIDO2="-lfido2 -lcbor" 3269 fi 3270 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3271 AC_CHECK_LIB([fido2], [fido_init], 3272 [ 3273 AC_SUBST([LIBFIDO2]) 3274 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3275 [Enable for built-in U2F/FIDO support]) 3276 enable_sk="built-in" 3277 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3278 [ $OTHERLIBS ] 3279 ) 3280 saved_LIBS="$LIBS" 3281 LIBS="$LIBS $LIBFIDO2" 3282 AC_CHECK_FUNCS([ \ 3283 fido_cred_prot \ 3284 fido_cred_set_prot \ 3285 fido_dev_get_touch_begin \ 3286 fido_dev_get_touch_status \ 3287 fido_dev_supports_cred_prot \ 3288 ]) 3289 LIBS="$saved_LIBS" 3290 AC_CHECK_HEADER([fido.h], [], 3291 AC_MSG_ERROR([missing fido.h from libfido2])) 3292 AC_CHECK_HEADER([fido/credman.h], [], 3293 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3294 [#include <fido.h>] 3295 ) 3296fi 3297 3298AC_CHECK_FUNCS([ \ 3299 arc4random \ 3300 arc4random_buf \ 3301 arc4random_stir \ 3302 arc4random_uniform \ 3303]) 3304 3305saved_LIBS="$LIBS" 3306AC_CHECK_LIB([iaf], [ia_openinfo], [ 3307 LIBS="$LIBS -liaf" 3308 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3309 AC_DEFINE([HAVE_LIBIAF], [1], 3310 [Define if system has libiaf that supports set_id]) 3311 ]) 3312]) 3313LIBS="$saved_LIBS" 3314 3315### Configure cryptographic random number support 3316 3317# Check whether OpenSSL seeds itself 3318if test "x$openssl" = "xyes" ; then 3319 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3320 AC_RUN_IFELSE( 3321 [AC_LANG_PROGRAM([[ 3322 #include <stdlib.h> 3323 #include <string.h> 3324 #include <openssl/rand.h> 3325 ]], [[ 3326 exit(RAND_status() == 1 ? 0 : 1); 3327 ]])], 3328 [ 3329 OPENSSL_SEEDS_ITSELF=yes 3330 AC_MSG_RESULT([yes]) 3331 ], 3332 [ 3333 AC_MSG_RESULT([no]) 3334 ], 3335 [ 3336 AC_MSG_WARN([cross compiling: assuming yes]) 3337 # This is safe, since we will fatal() at runtime if 3338 # OpenSSL is not seeded correctly. 3339 OPENSSL_SEEDS_ITSELF=yes 3340 ] 3341 ) 3342fi 3343 3344# PRNGD TCP socket 3345AC_ARG_WITH([prngd-port], 3346 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3347 [ 3348 case "$withval" in 3349 no) 3350 withval="" 3351 ;; 3352 [[0-9]]*) 3353 ;; 3354 *) 3355 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3356 ;; 3357 esac 3358 if test ! -z "$withval" ; then 3359 PRNGD_PORT="$withval" 3360 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3361 [Port number of PRNGD/EGD random number socket]) 3362 fi 3363 ] 3364) 3365 3366# PRNGD Unix domain socket 3367AC_ARG_WITH([prngd-socket], 3368 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3369 [ 3370 case "$withval" in 3371 yes) 3372 withval="/var/run/egd-pool" 3373 ;; 3374 no) 3375 withval="" 3376 ;; 3377 /*) 3378 ;; 3379 *) 3380 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3381 ;; 3382 esac 3383 3384 if test ! -z "$withval" ; then 3385 if test ! -z "$PRNGD_PORT" ; then 3386 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3387 fi 3388 if test ! -r "$withval" ; then 3389 AC_MSG_WARN([Entropy socket is not readable]) 3390 fi 3391 PRNGD_SOCKET="$withval" 3392 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3393 [Location of PRNGD/EGD random number socket]) 3394 fi 3395 ], 3396 [ 3397 # Check for existing socket only if we don't have a random device already 3398 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3399 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3400 # Insert other locations here 3401 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3402 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3403 PRNGD_SOCKET="$sock" 3404 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3405 break; 3406 fi 3407 done 3408 if test ! -z "$PRNGD_SOCKET" ; then 3409 AC_MSG_RESULT([$PRNGD_SOCKET]) 3410 else 3411 AC_MSG_RESULT([not found]) 3412 fi 3413 fi 3414 ] 3415) 3416 3417# Which randomness source do we use? 3418if test ! -z "$PRNGD_PORT" ; then 3419 RAND_MSG="PRNGd port $PRNGD_PORT" 3420elif test ! -z "$PRNGD_SOCKET" ; then 3421 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3422elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3423 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3424 [Define if you want the OpenSSL internally seeded PRNG only]) 3425 RAND_MSG="OpenSSL internal ONLY" 3426elif test "x$openssl" = "xno" ; then 3427 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3428else 3429 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3430fi 3431 3432# Check for PAM libs 3433PAM_MSG="no" 3434AC_ARG_WITH([pam], 3435 [ --with-pam Enable PAM support ], 3436 [ 3437 if test "x$withval" != "xno" ; then 3438 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3439 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3440 AC_MSG_ERROR([PAM headers not found]) 3441 fi 3442 3443 saved_LIBS="$LIBS" 3444 AC_CHECK_LIB([dl], [dlopen], , ) 3445 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3446 AC_CHECK_FUNCS([pam_getenvlist]) 3447 AC_CHECK_FUNCS([pam_putenv]) 3448 LIBS="$saved_LIBS" 3449 3450 PAM_MSG="yes" 3451 3452 SSHDLIBS="$SSHDLIBS -lpam" 3453 AC_DEFINE([USE_PAM], [1], 3454 [Define if you want to enable PAM support]) 3455 3456 if test $ac_cv_lib_dl_dlopen = yes; then 3457 case "$LIBS" in 3458 *-ldl*) 3459 # libdl already in LIBS 3460 ;; 3461 *) 3462 SSHDLIBS="$SSHDLIBS -ldl" 3463 ;; 3464 esac 3465 fi 3466 fi 3467 ] 3468) 3469 3470AC_ARG_WITH([pam-service], 3471 [ --with-pam-service=name Specify PAM service name ], 3472 [ 3473 if test "x$withval" != "xno" && \ 3474 test "x$withval" != "xyes" ; then 3475 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3476 ["$withval"], [sshd PAM service name]) 3477 fi 3478 ] 3479) 3480 3481# Check for older PAM 3482if test "x$PAM_MSG" = "xyes" ; then 3483 # Check PAM strerror arguments (old PAM) 3484 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3485 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3486#include <stdlib.h> 3487#if defined(HAVE_SECURITY_PAM_APPL_H) 3488#include <security/pam_appl.h> 3489#elif defined (HAVE_PAM_PAM_APPL_H) 3490#include <pam/pam_appl.h> 3491#endif 3492 ]], [[ 3493(void)pam_strerror((pam_handle_t *)NULL, -1); 3494 ]])], [AC_MSG_RESULT([no])], [ 3495 AC_DEFINE([HAVE_OLD_PAM], [1], 3496 [Define if you have an old version of PAM 3497 which takes only one argument to pam_strerror]) 3498 AC_MSG_RESULT([yes]) 3499 PAM_MSG="yes (old library)" 3500 3501 ]) 3502fi 3503 3504case "$host" in 3505*-*-cygwin*) 3506 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3507 ;; 3508*) 3509 SSH_PRIVSEP_USER=sshd 3510 ;; 3511esac 3512AC_ARG_WITH([privsep-user], 3513 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3514 [ 3515 if test -n "$withval" && test "x$withval" != "xno" && \ 3516 test "x${withval}" != "xyes"; then 3517 SSH_PRIVSEP_USER=$withval 3518 fi 3519 ] 3520) 3521if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3522 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3523 [Cygwin function to fetch non-privileged user for privilege separation]) 3524else 3525 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3526 [non-privileged user for privilege separation]) 3527fi 3528AC_SUBST([SSH_PRIVSEP_USER]) 3529 3530if test "x$have_linux_no_new_privs" = "x1" ; then 3531AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3532 #include <sys/types.h> 3533 #include <linux/seccomp.h> 3534]) 3535fi 3536if test "x$have_seccomp_filter" = "x1" ; then 3537AC_MSG_CHECKING([kernel for seccomp_filter support]) 3538AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3539 #include <errno.h> 3540 #include <elf.h> 3541 #include <linux/audit.h> 3542 #include <linux/seccomp.h> 3543 #include <stdlib.h> 3544 #include <sys/prctl.h> 3545 ]], 3546 [[ int i = $seccomp_audit_arch; 3547 errno = 0; 3548 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3549 exit(errno == EFAULT ? 0 : 1); ]])], 3550 [ AC_MSG_RESULT([yes]) ], [ 3551 AC_MSG_RESULT([no]) 3552 # Disable seccomp filter as a target 3553 have_seccomp_filter=0 3554 ] 3555) 3556fi 3557 3558# Decide which sandbox style to use 3559sandbox_arg="" 3560AC_ARG_WITH([sandbox], 3561 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3562 [ 3563 if test "x$withval" = "xyes" ; then 3564 sandbox_arg="" 3565 else 3566 sandbox_arg="$withval" 3567 fi 3568 ] 3569) 3570 3571# Some platforms (seems to be the ones that have a kernel poll(2)-type 3572# function with which they implement select(2)) use an extra file descriptor 3573# when calling select(2), which means we can't use the rlimit sandbox. 3574AC_MSG_CHECKING([if select works with descriptor rlimit]) 3575AC_RUN_IFELSE( 3576 [AC_LANG_PROGRAM([[ 3577#include <sys/types.h> 3578#ifdef HAVE_SYS_TIME_H 3579# include <sys/time.h> 3580#endif 3581#include <sys/resource.h> 3582#ifdef HAVE_SYS_SELECT_H 3583# include <sys/select.h> 3584#endif 3585#include <errno.h> 3586#include <fcntl.h> 3587#include <stdlib.h> 3588 ]],[[ 3589 struct rlimit rl_zero; 3590 int fd, r; 3591 fd_set fds; 3592 struct timeval tv; 3593 3594 fd = open("/dev/null", O_RDONLY); 3595 FD_ZERO(&fds); 3596 FD_SET(fd, &fds); 3597 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3598 setrlimit(RLIMIT_FSIZE, &rl_zero); 3599 setrlimit(RLIMIT_NOFILE, &rl_zero); 3600 tv.tv_sec = 1; 3601 tv.tv_usec = 0; 3602 r = select(fd+1, &fds, NULL, NULL, &tv); 3603 exit (r == -1 ? 1 : 0); 3604 ]])], 3605 [AC_MSG_RESULT([yes]) 3606 select_works_with_rlimit=yes], 3607 [AC_MSG_RESULT([no]) 3608 select_works_with_rlimit=no], 3609 [AC_MSG_WARN([cross compiling: assuming yes]) 3610 select_works_with_rlimit=yes] 3611) 3612 3613AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3614AC_RUN_IFELSE( 3615 [AC_LANG_PROGRAM([[ 3616#include <sys/types.h> 3617#ifdef HAVE_SYS_TIME_H 3618# include <sys/time.h> 3619#endif 3620#include <sys/resource.h> 3621#include <errno.h> 3622#include <stdlib.h> 3623 ]],[[ 3624 struct rlimit rl_zero; 3625 int r; 3626 3627 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3628 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3629 exit (r == -1 ? 1 : 0); 3630 ]])], 3631 [AC_MSG_RESULT([yes]) 3632 rlimit_nofile_zero_works=yes], 3633 [AC_MSG_RESULT([no]) 3634 rlimit_nofile_zero_works=no], 3635 [AC_MSG_WARN([cross compiling: assuming yes]) 3636 rlimit_nofile_zero_works=yes] 3637) 3638 3639AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3640AC_RUN_IFELSE( 3641 [AC_LANG_PROGRAM([[ 3642#include <sys/types.h> 3643#include <sys/resource.h> 3644#include <stdlib.h> 3645 ]],[[ 3646 struct rlimit rl_zero; 3647 3648 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3649 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3650 ]])], 3651 [AC_MSG_RESULT([yes])], 3652 [AC_MSG_RESULT([no]) 3653 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3654 [setrlimit RLIMIT_FSIZE works])], 3655 [AC_MSG_WARN([cross compiling: assuming yes])] 3656) 3657 3658if test "x$sandbox_arg" = "xpledge" || \ 3659 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3660 test "x$ac_cv_func_pledge" != "xyes" && \ 3661 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3662 SANDBOX_STYLE="pledge" 3663 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3664elif test "x$sandbox_arg" = "xsystrace" || \ 3665 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3666 test "x$have_systr_policy_kill" != "x1" && \ 3667 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3668 SANDBOX_STYLE="systrace" 3669 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3670elif test "x$sandbox_arg" = "xdarwin" || \ 3671 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3672 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3673 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3674 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3675 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3676 SANDBOX_STYLE="darwin" 3677 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3678elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3679 ( test -z "$sandbox_arg" && \ 3680 test "x$have_seccomp_filter" = "x1" && \ 3681 test "x$ac_cv_header_elf_h" = "xyes" && \ 3682 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3683 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3684 test "x$seccomp_audit_arch" != "x" && \ 3685 test "x$have_linux_no_new_privs" = "x1" && \ 3686 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3687 test "x$seccomp_audit_arch" = "x" && \ 3688 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3689 test "x$have_linux_no_new_privs" != "x1" && \ 3690 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3691 test "x$have_seccomp_filter" != "x1" && \ 3692 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3693 test "x$ac_cv_func_prctl" != "xyes" && \ 3694 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3695 SANDBOX_STYLE="seccomp_filter" 3696 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3697elif test "x$sandbox_arg" = "xcapsicum" || \ 3698 ( test -z "$sandbox_arg" && \ 3699 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3700 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3701 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3702 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3703 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3704 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3705 SANDBOX_STYLE="capsicum" 3706 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3707elif test "x$sandbox_arg" = "xrlimit" || \ 3708 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3709 test "x$select_works_with_rlimit" = "xyes" && \ 3710 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3711 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3712 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3713 test "x$select_works_with_rlimit" != "xyes" && \ 3714 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3715 SANDBOX_STYLE="rlimit" 3716 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3717elif test "x$sandbox_arg" = "xsolaris" || \ 3718 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3719 SANDBOX_STYLE="solaris" 3720 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3721elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3722 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3723 SANDBOX_STYLE="none" 3724 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3725else 3726 AC_MSG_ERROR([unsupported --with-sandbox]) 3727fi 3728 3729# Cheap hack to ensure NEWS-OS libraries are arranged right. 3730if test ! -z "$SONY" ; then 3731 LIBS="$LIBS -liberty"; 3732fi 3733 3734# Check for long long datatypes 3735AC_CHECK_TYPES([long long, unsigned long long, long double]) 3736 3737# Check datatype sizes 3738AC_CHECK_SIZEOF([short int]) 3739AC_CHECK_SIZEOF([int]) 3740AC_CHECK_SIZEOF([long int]) 3741AC_CHECK_SIZEOF([long long int]) 3742AC_CHECK_SIZEOF([time_t], [], [[ 3743 #include <sys/types.h> 3744 #ifdef HAVE_SYS_TIME_H 3745 # include <sys/time.h> 3746 #endif 3747 #ifdef HAVE_TIME_H 3748 # include <time.h> 3749 #endif 3750 ]] 3751) 3752 3753# Sanity check long long for some platforms (AIX) 3754if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3755 ac_cv_sizeof_long_long_int=0 3756fi 3757 3758# compute LLONG_MIN and LLONG_MAX if we don't know them. 3759if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3760 AC_MSG_CHECKING([for max value of long long]) 3761 AC_RUN_IFELSE( 3762 [AC_LANG_PROGRAM([[ 3763#include <stdio.h> 3764#include <stdlib.h> 3765/* Why is this so damn hard? */ 3766#ifdef __GNUC__ 3767# undef __GNUC__ 3768#endif 3769#define __USE_ISOC99 3770#include <limits.h> 3771#define DATA "conftest.llminmax" 3772#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3773 3774/* 3775 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3776 * we do this the hard way. 3777 */ 3778static int 3779fprint_ll(FILE *f, long long n) 3780{ 3781 unsigned int i; 3782 int l[sizeof(long long) * 8]; 3783 3784 if (n < 0) 3785 if (fprintf(f, "-") < 0) 3786 return -1; 3787 for (i = 0; n != 0; i++) { 3788 l[i] = my_abs(n % 10); 3789 n /= 10; 3790 } 3791 do { 3792 if (fprintf(f, "%d", l[--i]) < 0) 3793 return -1; 3794 } while (i != 0); 3795 if (fprintf(f, " ") < 0) 3796 return -1; 3797 return 0; 3798} 3799 ]], [[ 3800 FILE *f; 3801 long long i, llmin, llmax = 0; 3802 3803 if((f = fopen(DATA,"w")) == NULL) 3804 exit(1); 3805 3806#if defined(LLONG_MIN) && defined(LLONG_MAX) 3807 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3808 llmin = LLONG_MIN; 3809 llmax = LLONG_MAX; 3810#else 3811 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3812 /* This will work on one's complement and two's complement */ 3813 for (i = 1; i > llmax; i <<= 1, i++) 3814 llmax = i; 3815 llmin = llmax + 1LL; /* wrap */ 3816#endif 3817 3818 /* Sanity check */ 3819 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3820 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3821 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3822 fprintf(f, "unknown unknown\n"); 3823 exit(2); 3824 } 3825 3826 if (fprint_ll(f, llmin) < 0) 3827 exit(3); 3828 if (fprint_ll(f, llmax) < 0) 3829 exit(4); 3830 if (fclose(f) < 0) 3831 exit(5); 3832 exit(0); 3833 ]])], 3834 [ 3835 llong_min=`$AWK '{print $1}' conftest.llminmax` 3836 llong_max=`$AWK '{print $2}' conftest.llminmax` 3837 3838 AC_MSG_RESULT([$llong_max]) 3839 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3840 [max value of long long calculated by configure]) 3841 AC_MSG_CHECKING([for min value of long long]) 3842 AC_MSG_RESULT([$llong_min]) 3843 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3844 [min value of long long calculated by configure]) 3845 ], 3846 [ 3847 AC_MSG_RESULT([not found]) 3848 ], 3849 [ 3850 AC_MSG_WARN([cross compiling: not checking]) 3851 ] 3852 ) 3853fi 3854 3855AC_CHECK_DECLS([UINT32_MAX], , , [[ 3856#ifdef HAVE_SYS_LIMITS_H 3857# include <sys/limits.h> 3858#endif 3859#ifdef HAVE_LIMITS_H 3860# include <limits.h> 3861#endif 3862#ifdef HAVE_STDINT_H 3863# include <stdint.h> 3864#endif 3865]]) 3866 3867# More checks for data types 3868AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3869 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3870 [[ u_int a; a = 1;]])], 3871 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3872 ]) 3873]) 3874if test "x$ac_cv_have_u_int" = "xyes" ; then 3875 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3876 have_u_int=1 3877fi 3878 3879AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3880 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3881 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3882 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3883 ]) 3884]) 3885if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3886 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3887 have_intxx_t=1 3888fi 3889 3890if (test -z "$have_intxx_t" && \ 3891 test "x$ac_cv_header_stdint_h" = "xyes") 3892then 3893 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3894 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3895 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3896 [ 3897 AC_DEFINE([HAVE_INTXX_T]) 3898 AC_MSG_RESULT([yes]) 3899 ], [ AC_MSG_RESULT([no]) 3900 ]) 3901fi 3902 3903AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3904 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3905#include <sys/types.h> 3906#ifdef HAVE_STDINT_H 3907# include <stdint.h> 3908#endif 3909#include <sys/socket.h> 3910#ifdef HAVE_SYS_BITYPES_H 3911# include <sys/bitypes.h> 3912#endif 3913 ]], [[ 3914int64_t a; a = 1; 3915 ]])], 3916 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3917 ]) 3918]) 3919if test "x$ac_cv_have_int64_t" = "xyes" ; then 3920 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3921fi 3922 3923AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3924 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3925 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3926 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3927 ]) 3928]) 3929if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3930 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3931 have_u_intxx_t=1 3932fi 3933 3934if test -z "$have_u_intxx_t" ; then 3935 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3936 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3937 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3938 [ 3939 AC_DEFINE([HAVE_U_INTXX_T]) 3940 AC_MSG_RESULT([yes]) 3941 ], [ AC_MSG_RESULT([no]) 3942 ]) 3943fi 3944 3945AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3947 [[ u_int64_t a; a = 1;]])], 3948 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3949 ]) 3950]) 3951if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3952 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3953 have_u_int64_t=1 3954fi 3955 3956if (test -z "$have_u_int64_t" && \ 3957 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3958then 3959 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3960 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3961 [[ u_int64_t a; a = 1]])], 3962 [ 3963 AC_DEFINE([HAVE_U_INT64_T]) 3964 AC_MSG_RESULT([yes]) 3965 ], [ AC_MSG_RESULT([no]) 3966 ]) 3967fi 3968 3969if test -z "$have_u_intxx_t" ; then 3970 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3971 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3972#include <sys/types.h> 3973 ]], [[ 3974 uint8_t a; 3975 uint16_t b; 3976 uint32_t c; 3977 a = b = c = 1; 3978 ]])], 3979 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3980 ]) 3981 ]) 3982 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3983 AC_DEFINE([HAVE_UINTXX_T], [1], 3984 [define if you have uintxx_t data type]) 3985 fi 3986fi 3987 3988if (test -z "$have_uintxx_t" && \ 3989 test "x$ac_cv_header_stdint_h" = "xyes") 3990then 3991 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3992 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3993 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3994 [ 3995 AC_DEFINE([HAVE_UINTXX_T]) 3996 AC_MSG_RESULT([yes]) 3997 ], [ AC_MSG_RESULT([no]) 3998 ]) 3999fi 4000 4001if (test -z "$have_uintxx_t" && \ 4002 test "x$ac_cv_header_inttypes_h" = "xyes") 4003then 4004 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4005 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4006 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4007 [ 4008 AC_DEFINE([HAVE_UINTXX_T]) 4009 AC_MSG_RESULT([yes]) 4010 ], [ AC_MSG_RESULT([no]) 4011 ]) 4012fi 4013 4014if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4015 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4016then 4017 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4018 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4019#include <sys/bitypes.h> 4020 ]], [[ 4021 int8_t a; int16_t b; int32_t c; 4022 u_int8_t e; u_int16_t f; u_int32_t g; 4023 a = b = c = e = f = g = 1; 4024 ]])], 4025 [ 4026 AC_DEFINE([HAVE_U_INTXX_T]) 4027 AC_DEFINE([HAVE_INTXX_T]) 4028 AC_MSG_RESULT([yes]) 4029 ], [AC_MSG_RESULT([no]) 4030 ]) 4031fi 4032 4033 4034AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4035 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4036 [[ u_char foo; foo = 125; ]])], 4037 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4038 ]) 4039]) 4040if test "x$ac_cv_have_u_char" = "xyes" ; then 4041 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4042fi 4043 4044AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4045#include <sys/types.h> 4046#ifdef HAVE_STDINT_H 4047# include <stdint.h> 4048#endif 4049]) 4050 4051TYPE_SOCKLEN_T 4052 4053AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4054AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4055#include <sys/types.h> 4056#ifdef HAVE_SYS_BITYPES_H 4057#include <sys/bitypes.h> 4058#endif 4059#ifdef HAVE_SYS_STATFS_H 4060#include <sys/statfs.h> 4061#endif 4062#ifdef HAVE_SYS_STATVFS_H 4063#include <sys/statvfs.h> 4064#endif 4065]) 4066 4067AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4068#include <sys/param.h> 4069#include <sys/types.h> 4070#ifdef HAVE_SYS_BITYPES_H 4071#include <sys/bitypes.h> 4072#endif 4073#ifdef HAVE_SYS_STATFS_H 4074#include <sys/statfs.h> 4075#endif 4076#ifdef HAVE_SYS_STATVFS_H 4077#include <sys/statvfs.h> 4078#endif 4079#ifdef HAVE_SYS_VFS_H 4080#include <sys/vfs.h> 4081#endif 4082#ifdef HAVE_SYS_MOUNT_H 4083#include <sys/mount.h> 4084#endif 4085]]) 4086 4087 4088AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4089[#include <sys/types.h> 4090#include <netinet/in.h>]) 4091 4092AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4093 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4094 [[ size_t foo; foo = 1235; ]])], 4095 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4096 ]) 4097]) 4098if test "x$ac_cv_have_size_t" = "xyes" ; then 4099 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4100fi 4101 4102AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4103 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4104 [[ ssize_t foo; foo = 1235; ]])], 4105 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4106 ]) 4107]) 4108if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4109 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4110fi 4111 4112AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4113 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4114 [[ clock_t foo; foo = 1235; ]])], 4115 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4116 ]) 4117]) 4118if test "x$ac_cv_have_clock_t" = "xyes" ; then 4119 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4120fi 4121 4122AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4123 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4124#include <sys/types.h> 4125#include <sys/socket.h> 4126 ]], [[ sa_family_t foo; foo = 1235; ]])], 4127 [ ac_cv_have_sa_family_t="yes" ], 4128 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4129#include <sys/types.h> 4130#include <sys/socket.h> 4131#include <netinet/in.h> 4132 ]], [[ sa_family_t foo; foo = 1235; ]])], 4133 [ ac_cv_have_sa_family_t="yes" ], 4134 [ ac_cv_have_sa_family_t="no" ] 4135 ) 4136 ]) 4137]) 4138if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4139 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4140 [define if you have sa_family_t data type]) 4141fi 4142 4143AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4144 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4145 [[ pid_t foo; foo = 1235; ]])], 4146 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4147 ]) 4148]) 4149if test "x$ac_cv_have_pid_t" = "xyes" ; then 4150 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4151fi 4152 4153AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4154 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4155 [[ mode_t foo; foo = 1235; ]])], 4156 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4157 ]) 4158]) 4159if test "x$ac_cv_have_mode_t" = "xyes" ; then 4160 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4161fi 4162 4163 4164AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4165 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4166#include <sys/types.h> 4167#include <sys/socket.h> 4168 ]], [[ struct sockaddr_storage s; ]])], 4169 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4170 [ ac_cv_have_struct_sockaddr_storage="no" 4171 ]) 4172]) 4173if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4174 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4175 [define if you have struct sockaddr_storage data type]) 4176fi 4177 4178AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4179 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4180#include <sys/types.h> 4181#include <netinet/in.h> 4182 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4183 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4184 [ ac_cv_have_struct_sockaddr_in6="no" 4185 ]) 4186]) 4187if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4188 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4189 [define if you have struct sockaddr_in6 data type]) 4190fi 4191 4192AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4193 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4194#include <sys/types.h> 4195#include <netinet/in.h> 4196 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4197 [ ac_cv_have_struct_in6_addr="yes" ], 4198 [ ac_cv_have_struct_in6_addr="no" 4199 ]) 4200]) 4201if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4202 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4203 [define if you have struct in6_addr data type]) 4204 4205dnl Now check for sin6_scope_id 4206 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4207 [ 4208#ifdef HAVE_SYS_TYPES_H 4209#include <sys/types.h> 4210#endif 4211#include <netinet/in.h> 4212 ]) 4213fi 4214 4215AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4216 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4217#include <sys/types.h> 4218#include <sys/socket.h> 4219#include <netdb.h> 4220 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4221 [ ac_cv_have_struct_addrinfo="yes" ], 4222 [ ac_cv_have_struct_addrinfo="no" 4223 ]) 4224]) 4225if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4226 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4227 [define if you have struct addrinfo data type]) 4228fi 4229 4230AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4231 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4232 [[ struct timeval tv; tv.tv_sec = 1;]])], 4233 [ ac_cv_have_struct_timeval="yes" ], 4234 [ ac_cv_have_struct_timeval="no" 4235 ]) 4236]) 4237if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4238 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4239 have_struct_timeval=1 4240fi 4241 4242AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4243 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4244 #ifdef HAVE_SYS_TIME_H 4245 # include <sys/time.h> 4246 #endif 4247 #ifdef HAVE_TIME_H 4248 # include <time.h> 4249 #endif 4250 ]], 4251 [[ struct timespec ts; ts.tv_sec = 1;]])], 4252 [ ac_cv_have_struct_timespec="yes" ], 4253 [ ac_cv_have_struct_timespec="no" 4254 ]) 4255]) 4256if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4257 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4258 have_struct_timespec=1 4259fi 4260 4261# We need int64_t or else certain parts of the compile will fail. 4262if test "x$ac_cv_have_int64_t" = "xno" && \ 4263 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4264 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4265 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4266 echo "an alternative compiler (I.E., GCC) before continuing." 4267 echo "" 4268 exit 1; 4269else 4270dnl test snprintf (broken on SCO w/gcc) 4271 AC_RUN_IFELSE( 4272 [AC_LANG_SOURCE([[ 4273#include <stdio.h> 4274#include <stdlib.h> 4275#include <string.h> 4276#ifdef HAVE_SNPRINTF 4277main() 4278{ 4279 char buf[50]; 4280 char expected_out[50]; 4281 int mazsize = 50 ; 4282#if (SIZEOF_LONG_INT == 8) 4283 long int num = 0x7fffffffffffffff; 4284#else 4285 long long num = 0x7fffffffffffffffll; 4286#endif 4287 strcpy(expected_out, "9223372036854775807"); 4288 snprintf(buf, mazsize, "%lld", num); 4289 if(strcmp(buf, expected_out) != 0) 4290 exit(1); 4291 exit(0); 4292} 4293#else 4294main() { exit(0); } 4295#endif 4296 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4297 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4298 ) 4299fi 4300 4301dnl Checks for structure members 4302OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4303OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4304OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4305OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4306OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4307OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4308OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4309OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4310OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4311OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4312OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4313OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4314OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4315OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4316OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4317OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4318OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4319OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4320 4321AC_CHECK_MEMBERS([struct stat.st_blksize]) 4322AC_CHECK_MEMBERS([struct stat.st_mtim]) 4323AC_CHECK_MEMBERS([struct stat.st_mtime]) 4324AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4325struct passwd.pw_change, struct passwd.pw_expire], 4326[], [], [[ 4327#include <sys/types.h> 4328#include <pwd.h> 4329]]) 4330 4331AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4332 [Define if we don't have struct __res_state in resolv.h])], 4333[[ 4334#include <stdio.h> 4335#if HAVE_SYS_TYPES_H 4336# include <sys/types.h> 4337#endif 4338#include <netinet/in.h> 4339#include <arpa/nameser.h> 4340#include <resolv.h> 4341]]) 4342 4343AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4344 ac_cv_have_ss_family_in_struct_ss, [ 4345 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4346#include <sys/types.h> 4347#include <sys/socket.h> 4348 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4349 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4350 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4351]) 4352if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4353 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4354fi 4355 4356AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4357 ac_cv_have___ss_family_in_struct_ss, [ 4358 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4359#include <sys/types.h> 4360#include <sys/socket.h> 4361 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4362 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4363 [ ac_cv_have___ss_family_in_struct_ss="no" 4364 ]) 4365]) 4366if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4367 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4368 [Fields in struct sockaddr_storage]) 4369fi 4370 4371dnl make sure we're using the real structure members and not defines 4372AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4373 ac_cv_have_accrights_in_msghdr, [ 4374 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4375#include <sys/types.h> 4376#include <sys/socket.h> 4377#include <sys/uio.h> 4378#include <stdlib.h> 4379 ]], [[ 4380#ifdef msg_accrights 4381#error "msg_accrights is a macro" 4382exit(1); 4383#endif 4384struct msghdr m; 4385m.msg_accrights = 0; 4386exit(0); 4387 ]])], 4388 [ ac_cv_have_accrights_in_msghdr="yes" ], 4389 [ ac_cv_have_accrights_in_msghdr="no" ] 4390 ) 4391]) 4392if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4393 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4394 [Define if your system uses access rights style 4395 file descriptor passing]) 4396fi 4397 4398AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4399AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4400#include <sys/param.h> 4401#include <sys/stat.h> 4402#ifdef HAVE_SYS_TIME_H 4403# include <sys/time.h> 4404#endif 4405#ifdef HAVE_SYS_MOUNT_H 4406#include <sys/mount.h> 4407#endif 4408#ifdef HAVE_SYS_STATVFS_H 4409#include <sys/statvfs.h> 4410#endif 4411 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4412 [ AC_MSG_RESULT([yes]) ], 4413 [ AC_MSG_RESULT([no]) 4414 4415 AC_MSG_CHECKING([if fsid_t has member val]) 4416 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4417#include <sys/types.h> 4418#include <sys/statvfs.h> 4419 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4420 [ AC_MSG_RESULT([yes]) 4421 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4422 [ AC_MSG_RESULT([no]) ]) 4423 4424 AC_MSG_CHECKING([if f_fsid has member __val]) 4425 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4426#include <sys/types.h> 4427#include <sys/statvfs.h> 4428 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4429 [ AC_MSG_RESULT([yes]) 4430 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4431 [ AC_MSG_RESULT([no]) ]) 4432]) 4433 4434AC_CACHE_CHECK([for msg_control field in struct msghdr], 4435 ac_cv_have_control_in_msghdr, [ 4436 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4437#include <sys/types.h> 4438#include <sys/socket.h> 4439#include <sys/uio.h> 4440#include <stdlib.h> 4441 ]], [[ 4442#ifdef msg_control 4443#error "msg_control is a macro" 4444exit(1); 4445#endif 4446struct msghdr m; 4447m.msg_control = 0; 4448exit(0); 4449 ]])], 4450 [ ac_cv_have_control_in_msghdr="yes" ], 4451 [ ac_cv_have_control_in_msghdr="no" ] 4452 ) 4453]) 4454if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4455 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4456 [Define if your system uses ancillary data style 4457 file descriptor passing]) 4458fi 4459 4460AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4461 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4462 [[ extern char *__progname; printf("%s", __progname); ]])], 4463 [ ac_cv_libc_defines___progname="yes" ], 4464 [ ac_cv_libc_defines___progname="no" 4465 ]) 4466]) 4467if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4468 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4469fi 4470 4471AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4472 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4473 [[ printf("%s", __FUNCTION__); ]])], 4474 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4475 [ ac_cv_cc_implements___FUNCTION__="no" 4476 ]) 4477]) 4478if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4479 AC_DEFINE([HAVE___FUNCTION__], [1], 4480 [Define if compiler implements __FUNCTION__]) 4481fi 4482 4483AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4484 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4485 [[ printf("%s", __func__); ]])], 4486 [ ac_cv_cc_implements___func__="yes" ], 4487 [ ac_cv_cc_implements___func__="no" 4488 ]) 4489]) 4490if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4491 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4492fi 4493 4494AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4495 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4496#include <stdarg.h> 4497va_list x,y; 4498 ]], [[ va_copy(x,y); ]])], 4499 [ ac_cv_have_va_copy="yes" ], 4500 [ ac_cv_have_va_copy="no" 4501 ]) 4502]) 4503if test "x$ac_cv_have_va_copy" = "xyes" ; then 4504 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4505fi 4506 4507AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4508 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4509#include <stdarg.h> 4510va_list x,y; 4511 ]], [[ __va_copy(x,y); ]])], 4512 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4513 ]) 4514]) 4515if test "x$ac_cv_have___va_copy" = "xyes" ; then 4516 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4517fi 4518 4519AC_CACHE_CHECK([whether getopt has optreset support], 4520 ac_cv_have_getopt_optreset, [ 4521 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4522 [[ extern int optreset; optreset = 0; ]])], 4523 [ ac_cv_have_getopt_optreset="yes" ], 4524 [ ac_cv_have_getopt_optreset="no" 4525 ]) 4526]) 4527if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4528 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4529 [Define if your getopt(3) defines and uses optreset]) 4530fi 4531 4532AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4533 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4534[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4535 [ ac_cv_libc_defines_sys_errlist="yes" ], 4536 [ ac_cv_libc_defines_sys_errlist="no" 4537 ]) 4538]) 4539if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4540 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4541 [Define if your system defines sys_errlist[]]) 4542fi 4543 4544 4545AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4546 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4547[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4548 [ ac_cv_libc_defines_sys_nerr="yes" ], 4549 [ ac_cv_libc_defines_sys_nerr="no" 4550 ]) 4551]) 4552if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4553 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4554fi 4555 4556# Check libraries needed by DNS fingerprint support 4557AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4558 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4559 [Define if getrrsetbyname() exists])], 4560 [ 4561 # Needed by our getrrsetbyname() 4562 AC_SEARCH_LIBS([res_query], [resolv]) 4563 AC_SEARCH_LIBS([dn_expand], [resolv]) 4564 AC_MSG_CHECKING([if res_query will link]) 4565 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4566#include <sys/types.h> 4567#include <netinet/in.h> 4568#include <arpa/nameser.h> 4569#include <netdb.h> 4570#include <resolv.h> 4571 ]], [[ 4572 res_query (0, 0, 0, 0, 0); 4573 ]])], 4574 AC_MSG_RESULT([yes]), 4575 [AC_MSG_RESULT([no]) 4576 saved_LIBS="$LIBS" 4577 LIBS="$LIBS -lresolv" 4578 AC_MSG_CHECKING([for res_query in -lresolv]) 4579 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4580#include <sys/types.h> 4581#include <netinet/in.h> 4582#include <arpa/nameser.h> 4583#include <netdb.h> 4584#include <resolv.h> 4585 ]], [[ 4586 res_query (0, 0, 0, 0, 0); 4587 ]])], 4588 [AC_MSG_RESULT([yes])], 4589 [LIBS="$saved_LIBS" 4590 AC_MSG_RESULT([no])]) 4591 ]) 4592 AC_CHECK_FUNCS([_getshort _getlong]) 4593 AC_CHECK_DECLS([_getshort, _getlong], , , 4594 [#include <sys/types.h> 4595 #include <arpa/nameser.h>]) 4596 AC_CHECK_MEMBER([HEADER.ad], 4597 [AC_DEFINE([HAVE_HEADER_AD], [1], 4598 [Define if HEADER.ad exists in arpa/nameser.h])], , 4599 [#include <arpa/nameser.h>]) 4600 ]) 4601 4602AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4603AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4604#include <stdio.h> 4605#if HAVE_SYS_TYPES_H 4606# include <sys/types.h> 4607#endif 4608#include <netinet/in.h> 4609#include <arpa/nameser.h> 4610#include <resolv.h> 4611extern struct __res_state _res; 4612 ]], [[ 4613struct __res_state *volatile p = &_res; /* force resolution of _res */ 4614return 0; 4615 ]],)], 4616 [AC_MSG_RESULT([yes]) 4617 AC_DEFINE([HAVE__RES_EXTERN], [1], 4618 [Define if you have struct __res_state _res as an extern]) 4619 ], 4620 [ AC_MSG_RESULT([no]) ] 4621) 4622 4623# Check whether user wants SELinux support 4624SELINUX_MSG="no" 4625LIBSELINUX="" 4626AC_ARG_WITH([selinux], 4627 [ --with-selinux Enable SELinux support], 4628 [ if test "x$withval" != "xno" ; then 4629 save_LIBS="$LIBS" 4630 AC_DEFINE([WITH_SELINUX], [1], 4631 [Define if you want SELinux support.]) 4632 SELINUX_MSG="yes" 4633 AC_CHECK_HEADER([selinux/selinux.h], , 4634 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4635 AC_CHECK_LIB([selinux], [setexeccon], 4636 [ LIBSELINUX="-lselinux" 4637 LIBS="$LIBS -lselinux" 4638 ], 4639 AC_MSG_ERROR([SELinux support requires libselinux library])) 4640 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4641 LIBS="$save_LIBS $LIBSELINUX" 4642 fi ] 4643) 4644AC_SUBST([SSHDLIBS]) 4645 4646# Check whether user wants Kerberos 5 support 4647KRB5_MSG="no" 4648AC_ARG_WITH([kerberos5], 4649 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4650 [ if test "x$withval" != "xno" ; then 4651 if test "x$withval" = "xyes" ; then 4652 KRB5ROOT="/usr/local" 4653 else 4654 KRB5ROOT=${withval} 4655 fi 4656 4657 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4658 KRB5_MSG="yes" 4659 4660 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 4661 use_pkgconfig_for_krb5= 4662 if test "x$PKGCONFIG" != "xno"; then 4663 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4664 if "$PKGCONFIG" krb5; then 4665 AC_MSG_RESULT([yes]) 4666 use_pkgconfig_for_krb5=yes 4667 else 4668 AC_MSG_RESULT([no]) 4669 fi 4670 fi 4671 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4672 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4673 K5LIBS=`$PKGCONFIG --libs krb5` 4674 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4675 4676 AC_MSG_CHECKING([for gssapi support]) 4677 if "$PKGCONFIG" krb5-gssapi; then 4678 AC_MSG_RESULT([yes]) 4679 AC_DEFINE([GSSAPI], [1], 4680 [Define this if you want GSSAPI 4681 support in the version 2 protocol]) 4682 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4683 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4684 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4685 else 4686 AC_MSG_RESULT([no]) 4687 fi 4688 AC_MSG_CHECKING([whether we are using Heimdal]) 4689 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4690 ]], [[ char *tmp = heimdal_version; ]])], 4691 [ AC_MSG_RESULT([yes]) 4692 AC_DEFINE([HEIMDAL], [1], 4693 [Define this if you are using the Heimdal 4694 version of Kerberos V5]) ], 4695 [AC_MSG_RESULT([no]) 4696 ]) 4697 else 4698 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4699 [$KRB5ROOT/bin/krb5-config], 4700 [$KRB5ROOT/bin:$PATH]) 4701 if test -x $KRB5CONF ; then 4702 K5CFLAGS="`$KRB5CONF --cflags`" 4703 K5LIBS="`$KRB5CONF --libs`" 4704 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4705 4706 AC_MSG_CHECKING([for gssapi support]) 4707 if $KRB5CONF | grep gssapi >/dev/null ; then 4708 AC_MSG_RESULT([yes]) 4709 AC_DEFINE([GSSAPI], [1], 4710 [Define this if you want GSSAPI 4711 support in the version 2 protocol]) 4712 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4713 GSSLIBS="`$KRB5CONF --libs gssapi`" 4714 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4715 else 4716 AC_MSG_RESULT([no]) 4717 fi 4718 AC_MSG_CHECKING([whether we are using Heimdal]) 4719 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4720 ]], [[ char *tmp = heimdal_version; ]])], 4721 [ AC_MSG_RESULT([yes]) 4722 AC_DEFINE([HEIMDAL], [1], 4723 [Define this if you are using the Heimdal 4724 version of Kerberos V5]) ], 4725 [AC_MSG_RESULT([no]) 4726 ]) 4727 else 4728 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4729 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4730 AC_MSG_CHECKING([whether we are using Heimdal]) 4731 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4732 ]], [[ char *tmp = heimdal_version; ]])], 4733 [ AC_MSG_RESULT([yes]) 4734 AC_DEFINE([HEIMDAL]) 4735 K5LIBS="-lkrb5" 4736 K5LIBS="$K5LIBS -lcom_err -lasn1" 4737 AC_CHECK_LIB([roken], [net_write], 4738 [K5LIBS="$K5LIBS -lroken"]) 4739 AC_CHECK_LIB([des], [des_cbc_encrypt], 4740 [K5LIBS="$K5LIBS -ldes"]) 4741 ], [ AC_MSG_RESULT([no]) 4742 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4743 ]) 4744 AC_SEARCH_LIBS([dn_expand], [resolv]) 4745 4746 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4747 [ AC_DEFINE([GSSAPI]) 4748 GSSLIBS="-lgssapi_krb5" ], 4749 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4750 [ AC_DEFINE([GSSAPI]) 4751 GSSLIBS="-lgssapi" ], 4752 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4753 [ AC_DEFINE([GSSAPI]) 4754 GSSLIBS="-lgss" ], 4755 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4756 ]) 4757 ]) 4758 4759 AC_CHECK_HEADER([gssapi.h], , 4760 [ unset ac_cv_header_gssapi_h 4761 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4762 AC_CHECK_HEADERS([gssapi.h], , 4763 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4764 ) 4765 ] 4766 ) 4767 4768 oldCPP="$CPPFLAGS" 4769 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4770 AC_CHECK_HEADER([gssapi_krb5.h], , 4771 [ CPPFLAGS="$oldCPP" ]) 4772 4773 fi 4774 fi 4775 if test -n "${rpath_opt}" ; then 4776 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4777 fi 4778 if test ! -z "$blibpath" ; then 4779 blibpath="$blibpath:${KRB5ROOT}/lib" 4780 fi 4781 4782 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4783 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4784 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4785 4786 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4787 [Define this if you want to use libkafs' AFS support])]) 4788 4789 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4790#ifdef HAVE_GSSAPI_H 4791# include <gssapi.h> 4792#elif defined(HAVE_GSSAPI_GSSAPI_H) 4793# include <gssapi/gssapi.h> 4794#endif 4795 4796#ifdef HAVE_GSSAPI_GENERIC_H 4797# include <gssapi_generic.h> 4798#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4799# include <gssapi/gssapi_generic.h> 4800#endif 4801 ]]) 4802 saved_LIBS="$LIBS" 4803 LIBS="$LIBS $K5LIBS" 4804 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4805 LIBS="$saved_LIBS" 4806 4807 fi 4808 ] 4809) 4810AC_SUBST([GSSLIBS]) 4811AC_SUBST([K5LIBS]) 4812 4813# Looking for programs, paths and files 4814 4815PRIVSEP_PATH=/var/empty 4816AC_ARG_WITH([privsep-path], 4817 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4818 [ 4819 if test -n "$withval" && test "x$withval" != "xno" && \ 4820 test "x${withval}" != "xyes"; then 4821 PRIVSEP_PATH=$withval 4822 fi 4823 ] 4824) 4825AC_SUBST([PRIVSEP_PATH]) 4826 4827AC_ARG_WITH([xauth], 4828 [ --with-xauth=PATH Specify path to xauth program ], 4829 [ 4830 if test -n "$withval" && test "x$withval" != "xno" && \ 4831 test "x${withval}" != "xyes"; then 4832 xauth_path=$withval 4833 fi 4834 ], 4835 [ 4836 TestPath="$PATH" 4837 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4838 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4839 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4840 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4841 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4842 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4843 xauth_path="/usr/openwin/bin/xauth" 4844 fi 4845 ] 4846) 4847 4848STRIP_OPT=-s 4849AC_ARG_ENABLE([strip], 4850 [ --disable-strip Disable calling strip(1) on install], 4851 [ 4852 if test "x$enableval" = "xno" ; then 4853 STRIP_OPT= 4854 fi 4855 ] 4856) 4857AC_SUBST([STRIP_OPT]) 4858 4859if test -z "$xauth_path" ; then 4860 XAUTH_PATH="undefined" 4861 AC_SUBST([XAUTH_PATH]) 4862else 4863 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4864 [Define if xauth is found in your path]) 4865 XAUTH_PATH=$xauth_path 4866 AC_SUBST([XAUTH_PATH]) 4867fi 4868 4869dnl # --with-maildir=/path/to/mail gets top priority. 4870dnl # if maildir is set in the platform case statement above we use that. 4871dnl # Otherwise we run a program to get the dir from system headers. 4872dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4873dnl # If we find _PATH_MAILDIR we do nothing because that is what 4874dnl # session.c expects anyway. Otherwise we set to the value found 4875dnl # stripping any trailing slash. If for some strage reason our program 4876dnl # does not find what it needs, we default to /var/spool/mail. 4877# Check for mail directory 4878AC_ARG_WITH([maildir], 4879 [ --with-maildir=/path/to/mail Specify your system mail directory], 4880 [ 4881 if test "X$withval" != X && test "x$withval" != xno && \ 4882 test "x${withval}" != xyes; then 4883 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4884 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4885 fi 4886 ],[ 4887 if test "X$maildir" != "X"; then 4888 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4889 else 4890 AC_MSG_CHECKING([Discovering system mail directory]) 4891 AC_RUN_IFELSE( 4892 [AC_LANG_PROGRAM([[ 4893#include <stdio.h> 4894#include <stdlib.h> 4895#include <string.h> 4896#ifdef HAVE_PATHS_H 4897#include <paths.h> 4898#endif 4899#ifdef HAVE_MAILLOCK_H 4900#include <maillock.h> 4901#endif 4902#define DATA "conftest.maildir" 4903 ]], [[ 4904 FILE *fd; 4905 int rc; 4906 4907 fd = fopen(DATA,"w"); 4908 if(fd == NULL) 4909 exit(1); 4910 4911#if defined (_PATH_MAILDIR) 4912 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4913 exit(1); 4914#elif defined (MAILDIR) 4915 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4916 exit(1); 4917#elif defined (_PATH_MAIL) 4918 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4919 exit(1); 4920#else 4921 exit (2); 4922#endif 4923 4924 exit(0); 4925 ]])], 4926 [ 4927 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4928 maildir=`awk -F: '{print $2}' conftest.maildir \ 4929 | sed 's|/$||'` 4930 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4931 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4932 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4933 fi 4934 ], 4935 [ 4936 if test "X$ac_status" = "X2";then 4937# our test program didn't find it. Default to /var/spool/mail 4938 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4939 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4940 else 4941 AC_MSG_RESULT([*** not found ***]) 4942 fi 4943 ], 4944 [ 4945 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4946 ] 4947 ) 4948 fi 4949 ] 4950) # maildir 4951 4952if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4953 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4954 disable_ptmx_check=yes 4955fi 4956if test -z "$no_dev_ptmx" ; then 4957 if test "x$disable_ptmx_check" != "xyes" ; then 4958 AC_CHECK_FILE(["/dev/ptmx"], 4959 [ 4960 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4961 [Define if you have /dev/ptmx]) 4962 have_dev_ptmx=1 4963 ] 4964 ) 4965 fi 4966fi 4967 4968if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4969 AC_CHECK_FILE(["/dev/ptc"], 4970 [ 4971 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4972 [Define if you have /dev/ptc]) 4973 have_dev_ptc=1 4974 ] 4975 ) 4976else 4977 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4978fi 4979 4980# Options from here on. Some of these are preset by platform above 4981AC_ARG_WITH([mantype], 4982 [ --with-mantype=man|cat|doc Set man page type], 4983 [ 4984 case "$withval" in 4985 man|cat|doc) 4986 MANTYPE=$withval 4987 ;; 4988 *) 4989 AC_MSG_ERROR([invalid man type: $withval]) 4990 ;; 4991 esac 4992 ] 4993) 4994if test -z "$MANTYPE"; then 4995 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4996 MANTYPE=doc 4997 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4998 MANTYPE=doc 4999 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5000 MANTYPE=man 5001 else 5002 MANTYPE=cat 5003 fi 5004fi 5005AC_SUBST([MANTYPE]) 5006if test "$MANTYPE" = "doc"; then 5007 mansubdir=man; 5008else 5009 mansubdir=$MANTYPE; 5010fi 5011AC_SUBST([mansubdir]) 5012 5013# Check whether to enable MD5 passwords 5014MD5_MSG="no" 5015AC_ARG_WITH([md5-passwords], 5016 [ --with-md5-passwords Enable use of MD5 passwords], 5017 [ 5018 if test "x$withval" != "xno" ; then 5019 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 5020 [Define if you want to allow MD5 passwords]) 5021 MD5_MSG="yes" 5022 fi 5023 ] 5024) 5025 5026# Whether to disable shadow password support 5027AC_ARG_WITH([shadow], 5028 [ --without-shadow Disable shadow password support], 5029 [ 5030 if test "x$withval" = "xno" ; then 5031 AC_DEFINE([DISABLE_SHADOW]) 5032 disable_shadow=yes 5033 fi 5034 ] 5035) 5036 5037if test -z "$disable_shadow" ; then 5038 AC_MSG_CHECKING([if the systems has expire shadow information]) 5039 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5040#include <sys/types.h> 5041#include <shadow.h> 5042struct spwd sp; 5043 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5044 [ sp_expire_available=yes ], [ 5045 ]) 5046 5047 if test "x$sp_expire_available" = "xyes" ; then 5048 AC_MSG_RESULT([yes]) 5049 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5050 [Define if you want to use shadow password expire field]) 5051 else 5052 AC_MSG_RESULT([no]) 5053 fi 5054fi 5055 5056# Use ip address instead of hostname in $DISPLAY 5057if test ! -z "$IPADDR_IN_DISPLAY" ; then 5058 DISPLAY_HACK_MSG="yes" 5059 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5060 [Define if you need to use IP address 5061 instead of hostname in $DISPLAY]) 5062else 5063 DISPLAY_HACK_MSG="no" 5064 AC_ARG_WITH([ipaddr-display], 5065 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5066 [ 5067 if test "x$withval" != "xno" ; then 5068 AC_DEFINE([IPADDR_IN_DISPLAY]) 5069 DISPLAY_HACK_MSG="yes" 5070 fi 5071 ] 5072 ) 5073fi 5074 5075# check for /etc/default/login and use it if present. 5076AC_ARG_ENABLE([etc-default-login], 5077 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5078 [ if test "x$enableval" = "xno"; then 5079 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5080 etc_default_login=no 5081 else 5082 etc_default_login=yes 5083 fi ], 5084 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5085 then 5086 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5087 etc_default_login=no 5088 else 5089 etc_default_login=yes 5090 fi ] 5091) 5092 5093if test "x$etc_default_login" != "xno"; then 5094 AC_CHECK_FILE(["/etc/default/login"], 5095 [ external_path_file=/etc/default/login ]) 5096 if test "x$external_path_file" = "x/etc/default/login"; then 5097 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5098 [Define if your system has /etc/default/login]) 5099 fi 5100fi 5101 5102dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5103if test $ac_cv_func_login_getcapbool = "yes" && \ 5104 test $ac_cv_header_login_cap_h = "yes" ; then 5105 external_path_file=/etc/login.conf 5106fi 5107 5108# Whether to mess with the default path 5109SERVER_PATH_MSG="(default)" 5110AC_ARG_WITH([default-path], 5111 [ --with-default-path= Specify default $PATH environment for server], 5112 [ 5113 if test "x$external_path_file" = "x/etc/login.conf" ; then 5114 AC_MSG_WARN([ 5115--with-default-path=PATH has no effect on this system. 5116Edit /etc/login.conf instead.]) 5117 elif test "x$withval" != "xno" ; then 5118 if test ! -z "$external_path_file" ; then 5119 AC_MSG_WARN([ 5120--with-default-path=PATH will only be used if PATH is not defined in 5121$external_path_file .]) 5122 fi 5123 user_path="$withval" 5124 SERVER_PATH_MSG="$withval" 5125 fi 5126 ], 5127 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5128 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5129 else 5130 if test ! -z "$external_path_file" ; then 5131 AC_MSG_WARN([ 5132If PATH is defined in $external_path_file, ensure the path to scp is included, 5133otherwise scp will not work.]) 5134 fi 5135 AC_RUN_IFELSE( 5136 [AC_LANG_PROGRAM([[ 5137/* find out what STDPATH is */ 5138#include <stdio.h> 5139#include <stdlib.h> 5140#ifdef HAVE_PATHS_H 5141# include <paths.h> 5142#endif 5143#ifndef _PATH_STDPATH 5144# ifdef _PATH_USERPATH /* Irix */ 5145# define _PATH_STDPATH _PATH_USERPATH 5146# else 5147# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5148# endif 5149#endif 5150#include <sys/types.h> 5151#include <sys/stat.h> 5152#include <fcntl.h> 5153#define DATA "conftest.stdpath" 5154 ]], [[ 5155 FILE *fd; 5156 int rc; 5157 5158 fd = fopen(DATA,"w"); 5159 if(fd == NULL) 5160 exit(1); 5161 5162 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5163 exit(1); 5164 5165 exit(0); 5166 ]])], 5167 [ user_path=`cat conftest.stdpath` ], 5168 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5169 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5170 ) 5171# make sure $bindir is in USER_PATH so scp will work 5172 t_bindir="${bindir}" 5173 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5174 t_bindir=`eval echo ${t_bindir}` 5175 case $t_bindir in 5176 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5177 esac 5178 case $t_bindir in 5179 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5180 esac 5181 done 5182 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5183 if test $? -ne 0 ; then 5184 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5185 if test $? -ne 0 ; then 5186 user_path=$user_path:$t_bindir 5187 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5188 fi 5189 fi 5190 fi ] 5191) 5192if test "x$external_path_file" != "x/etc/login.conf" ; then 5193 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5194 AC_SUBST([user_path]) 5195fi 5196 5197# Set superuser path separately to user path 5198AC_ARG_WITH([superuser-path], 5199 [ --with-superuser-path= Specify different path for super-user], 5200 [ 5201 if test -n "$withval" && test "x$withval" != "xno" && \ 5202 test "x${withval}" != "xyes"; then 5203 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5204 [Define if you want a different $PATH 5205 for the superuser]) 5206 superuser_path=$withval 5207 fi 5208 ] 5209) 5210 5211 5212AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5213IPV4_IN6_HACK_MSG="no" 5214AC_ARG_WITH(4in6, 5215 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5216 [ 5217 if test "x$withval" != "xno" ; then 5218 AC_MSG_RESULT([yes]) 5219 AC_DEFINE([IPV4_IN_IPV6], [1], 5220 [Detect IPv4 in IPv6 mapped addresses 5221 and treat as IPv4]) 5222 IPV4_IN6_HACK_MSG="yes" 5223 else 5224 AC_MSG_RESULT([no]) 5225 fi 5226 ], [ 5227 if test "x$inet6_default_4in6" = "xyes"; then 5228 AC_MSG_RESULT([yes (default)]) 5229 AC_DEFINE([IPV4_IN_IPV6]) 5230 IPV4_IN6_HACK_MSG="yes" 5231 else 5232 AC_MSG_RESULT([no (default)]) 5233 fi 5234 ] 5235) 5236 5237# Whether to enable BSD auth support 5238BSD_AUTH_MSG=no 5239AC_ARG_WITH([bsd-auth], 5240 [ --with-bsd-auth Enable BSD auth support], 5241 [ 5242 if test "x$withval" != "xno" ; then 5243 AC_DEFINE([BSD_AUTH], [1], 5244 [Define if you have BSD auth support]) 5245 BSD_AUTH_MSG=yes 5246 fi 5247 ] 5248) 5249 5250# Where to place sshd.pid 5251piddir=/var/run 5252# make sure the directory exists 5253if test ! -d $piddir ; then 5254 piddir=`eval echo ${sysconfdir}` 5255 case $piddir in 5256 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5257 esac 5258fi 5259 5260AC_ARG_WITH([pid-dir], 5261 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5262 [ 5263 if test -n "$withval" && test "x$withval" != "xno" && \ 5264 test "x${withval}" != "xyes"; then 5265 piddir=$withval 5266 if test ! -d $piddir ; then 5267 AC_MSG_WARN([** no $piddir directory on this system **]) 5268 fi 5269 fi 5270 ] 5271) 5272 5273AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5274 [Specify location of ssh.pid]) 5275AC_SUBST([piddir]) 5276 5277dnl allow user to disable some login recording features 5278AC_ARG_ENABLE([lastlog], 5279 [ --disable-lastlog disable use of lastlog even if detected [no]], 5280 [ 5281 if test "x$enableval" = "xno" ; then 5282 AC_DEFINE([DISABLE_LASTLOG]) 5283 fi 5284 ] 5285) 5286AC_ARG_ENABLE([utmp], 5287 [ --disable-utmp disable use of utmp even if detected [no]], 5288 [ 5289 if test "x$enableval" = "xno" ; then 5290 AC_DEFINE([DISABLE_UTMP]) 5291 fi 5292 ] 5293) 5294AC_ARG_ENABLE([utmpx], 5295 [ --disable-utmpx disable use of utmpx even if detected [no]], 5296 [ 5297 if test "x$enableval" = "xno" ; then 5298 AC_DEFINE([DISABLE_UTMPX], [1], 5299 [Define if you don't want to use utmpx]) 5300 fi 5301 ] 5302) 5303AC_ARG_ENABLE([wtmp], 5304 [ --disable-wtmp disable use of wtmp even if detected [no]], 5305 [ 5306 if test "x$enableval" = "xno" ; then 5307 AC_DEFINE([DISABLE_WTMP]) 5308 fi 5309 ] 5310) 5311AC_ARG_ENABLE([wtmpx], 5312 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5313 [ 5314 if test "x$enableval" = "xno" ; then 5315 AC_DEFINE([DISABLE_WTMPX], [1], 5316 [Define if you don't want to use wtmpx]) 5317 fi 5318 ] 5319) 5320AC_ARG_ENABLE([libutil], 5321 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5322 [ 5323 if test "x$enableval" = "xno" ; then 5324 AC_DEFINE([DISABLE_LOGIN]) 5325 fi 5326 ] 5327) 5328AC_ARG_ENABLE([pututline], 5329 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5330 [ 5331 if test "x$enableval" = "xno" ; then 5332 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5333 [Define if you don't want to use pututline() 5334 etc. to write [uw]tmp]) 5335 fi 5336 ] 5337) 5338AC_ARG_ENABLE([pututxline], 5339 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5340 [ 5341 if test "x$enableval" = "xno" ; then 5342 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5343 [Define if you don't want to use pututxline() 5344 etc. to write [uw]tmpx]) 5345 fi 5346 ] 5347) 5348AC_ARG_WITH([lastlog], 5349 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5350 [ 5351 if test "x$withval" = "xno" ; then 5352 AC_DEFINE([DISABLE_LASTLOG]) 5353 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5354 conf_lastlog_location=$withval 5355 fi 5356 ] 5357) 5358 5359dnl lastlog, [uw]tmpx? detection 5360dnl NOTE: set the paths in the platform section to avoid the 5361dnl need for command-line parameters 5362dnl lastlog and [uw]tmp are subject to a file search if all else fails 5363 5364dnl lastlog detection 5365dnl NOTE: the code itself will detect if lastlog is a directory 5366AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5367AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5368#include <sys/types.h> 5369#include <utmp.h> 5370#ifdef HAVE_LASTLOG_H 5371# include <lastlog.h> 5372#endif 5373#ifdef HAVE_PATHS_H 5374# include <paths.h> 5375#endif 5376#ifdef HAVE_LOGIN_H 5377# include <login.h> 5378#endif 5379 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5380 [ AC_MSG_RESULT([yes]) ], 5381 [ 5382 AC_MSG_RESULT([no]) 5383 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5384 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5385#include <sys/types.h> 5386#include <utmp.h> 5387#ifdef HAVE_LASTLOG_H 5388# include <lastlog.h> 5389#endif 5390#ifdef HAVE_PATHS_H 5391# include <paths.h> 5392#endif 5393 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5394 [ AC_MSG_RESULT([yes]) ], 5395 [ 5396 AC_MSG_RESULT([no]) 5397 system_lastlog_path=no 5398 ]) 5399]) 5400 5401if test -z "$conf_lastlog_location"; then 5402 if test x"$system_lastlog_path" = x"no" ; then 5403 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5404 if (test -d "$f" || test -f "$f") ; then 5405 conf_lastlog_location=$f 5406 fi 5407 done 5408 if test -z "$conf_lastlog_location"; then 5409 AC_MSG_WARN([** Cannot find lastlog **]) 5410 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5411 fi 5412 fi 5413fi 5414 5415if test -n "$conf_lastlog_location"; then 5416 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5417 [Define if you want to specify the path to your lastlog file]) 5418fi 5419 5420dnl utmp detection 5421AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5422AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5423#include <sys/types.h> 5424#include <utmp.h> 5425#ifdef HAVE_PATHS_H 5426# include <paths.h> 5427#endif 5428 ]], [[ char *utmp = UTMP_FILE; ]])], 5429 [ AC_MSG_RESULT([yes]) ], 5430 [ AC_MSG_RESULT([no]) 5431 system_utmp_path=no 5432]) 5433if test -z "$conf_utmp_location"; then 5434 if test x"$system_utmp_path" = x"no" ; then 5435 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5436 if test -f $f ; then 5437 conf_utmp_location=$f 5438 fi 5439 done 5440 if test -z "$conf_utmp_location"; then 5441 AC_DEFINE([DISABLE_UTMP]) 5442 fi 5443 fi 5444fi 5445if test -n "$conf_utmp_location"; then 5446 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5447 [Define if you want to specify the path to your utmp file]) 5448fi 5449 5450dnl wtmp detection 5451AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5452AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5453#include <sys/types.h> 5454#include <utmp.h> 5455#ifdef HAVE_PATHS_H 5456# include <paths.h> 5457#endif 5458 ]], [[ char *wtmp = WTMP_FILE; ]])], 5459 [ AC_MSG_RESULT([yes]) ], 5460 [ AC_MSG_RESULT([no]) 5461 system_wtmp_path=no 5462]) 5463if test -z "$conf_wtmp_location"; then 5464 if test x"$system_wtmp_path" = x"no" ; then 5465 for f in /usr/adm/wtmp /var/log/wtmp; do 5466 if test -f $f ; then 5467 conf_wtmp_location=$f 5468 fi 5469 done 5470 if test -z "$conf_wtmp_location"; then 5471 AC_DEFINE([DISABLE_WTMP]) 5472 fi 5473 fi 5474fi 5475if test -n "$conf_wtmp_location"; then 5476 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5477 [Define if you want to specify the path to your wtmp file]) 5478fi 5479 5480dnl wtmpx detection 5481AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5482AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5483#include <sys/types.h> 5484#include <utmp.h> 5485#ifdef HAVE_UTMPX_H 5486#include <utmpx.h> 5487#endif 5488#ifdef HAVE_PATHS_H 5489# include <paths.h> 5490#endif 5491 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5492 [ AC_MSG_RESULT([yes]) ], 5493 [ AC_MSG_RESULT([no]) 5494 system_wtmpx_path=no 5495]) 5496if test -z "$conf_wtmpx_location"; then 5497 if test x"$system_wtmpx_path" = x"no" ; then 5498 AC_DEFINE([DISABLE_WTMPX]) 5499 fi 5500else 5501 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5502 [Define if you want to specify the path to your wtmpx file]) 5503fi 5504 5505 5506if test ! -z "$blibpath" ; then 5507 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5508 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5509fi 5510 5511AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5512 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5513 AC_DEFINE([DISABLE_LASTLOG]) 5514 fi 5515 ], [ 5516#ifdef HAVE_SYS_TYPES_H 5517#include <sys/types.h> 5518#endif 5519#ifdef HAVE_UTMP_H 5520#include <utmp.h> 5521#endif 5522#ifdef HAVE_UTMPX_H 5523#include <utmpx.h> 5524#endif 5525#ifdef HAVE_LASTLOG_H 5526#include <lastlog.h> 5527#endif 5528 ]) 5529 5530AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5531 AC_DEFINE([DISABLE_UTMP]) 5532 AC_DEFINE([DISABLE_WTMP]) 5533 ], [ 5534#ifdef HAVE_SYS_TYPES_H 5535#include <sys/types.h> 5536#endif 5537#ifdef HAVE_UTMP_H 5538#include <utmp.h> 5539#endif 5540#ifdef HAVE_UTMPX_H 5541#include <utmpx.h> 5542#endif 5543#ifdef HAVE_LASTLOG_H 5544#include <lastlog.h> 5545#endif 5546 ]) 5547 5548dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5549dnl Add now. 5550CFLAGS="$CFLAGS $werror_flags" 5551 5552if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5553 TEST_SSH_IPV6=no 5554else 5555 TEST_SSH_IPV6=yes 5556fi 5557AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5558AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5559AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5560AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5561AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5562AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5563 5564CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5565LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5566 5567# Make a copy of CFLAGS/LDFLAGS without PIE options. 5568LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5569CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5570AC_SUBST([LDFLAGS_NOPIE]) 5571AC_SUBST([CFLAGS_NOPIE]) 5572 5573AC_EXEEXT 5574AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5575 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5576 survey.sh]) 5577AC_OUTPUT 5578 5579# Print summary of options 5580 5581# Someone please show me a better way :) 5582A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5583B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5584C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5585D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5586E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5587F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5588G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5589H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5590I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5591J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5592 5593echo "" 5594echo "OpenSSH has been configured with the following options:" 5595echo " User binaries: $B" 5596echo " System binaries: $C" 5597echo " Configuration files: $D" 5598echo " Askpass program: $E" 5599echo " Manual pages: $F" 5600echo " PID file: $G" 5601echo " Privilege separation chroot path: $H" 5602if test "x$external_path_file" = "x/etc/login.conf" ; then 5603echo " At runtime, sshd will use the path defined in $external_path_file" 5604echo " Make sure the path to scp is present, otherwise scp will not work" 5605else 5606echo " sshd default user PATH: $I" 5607 if test ! -z "$external_path_file"; then 5608echo " (If PATH is set in $external_path_file it will be used instead. If" 5609echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5610 fi 5611fi 5612if test ! -z "$superuser_path" ; then 5613echo " sshd superuser user PATH: $J" 5614fi 5615echo " Manpage format: $MANTYPE" 5616echo " PAM support: $PAM_MSG" 5617echo " OSF SIA support: $SIA_MSG" 5618echo " KerberosV support: $KRB5_MSG" 5619echo " SELinux support: $SELINUX_MSG" 5620echo " TCP Wrappers support: $TCPW_MSG" 5621echo " MD5 password support: $MD5_MSG" 5622echo " libedit support: $LIBEDIT_MSG" 5623echo " libldns support: $LDNS_MSG" 5624echo " Solaris process contract support: $SPC_MSG" 5625echo " Solaris project support: $SP_MSG" 5626echo " Solaris privilege support: $SPP_MSG" 5627echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5628echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5629echo " BSD Auth support: $BSD_AUTH_MSG" 5630echo " Random number source: $RAND_MSG" 5631echo " Privsep sandbox style: $SANDBOX_STYLE" 5632echo " PKCS#11 support: $enable_pkcs11" 5633echo " U2F/FIDO support: $enable_sk" 5634 5635echo "" 5636 5637echo " Host: ${host}" 5638echo " Compiler: ${CC}" 5639echo " Compiler flags: ${CFLAGS}" 5640echo "Preprocessor flags: ${CPPFLAGS}" 5641echo " Linker flags: ${LDFLAGS}" 5642echo " Libraries: ${LIBS}" 5643if test ! -z "${SSHDLIBS}"; then 5644echo " +for sshd: ${SSHDLIBS}" 5645fi 5646 5647echo "" 5648 5649if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5650 echo "SVR4 style packages are supported with \"make package\"" 5651 echo "" 5652fi 5653 5654if test "x$PAM_MSG" = "xyes" ; then 5655 echo "PAM is enabled. You may need to install a PAM control file " 5656 echo "for sshd, otherwise password authentication may fail. " 5657 echo "Example PAM control files can be found in the contrib/ " 5658 echo "subdirectory" 5659 echo "" 5660fi 5661 5662if test ! -z "$NO_PEERCHECK" ; then 5663 echo "WARNING: the operating system that you are using does not" 5664 echo "appear to support getpeereid(), getpeerucred() or the" 5665 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5666 echo "enforce security checks to prevent unauthorised connections to" 5667 echo "ssh-agent. Their absence increases the risk that a malicious" 5668 echo "user can connect to your agent." 5669 echo "" 5670fi 5671 5672if test "$AUDIT_MODULE" = "bsm" ; then 5673 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5674 echo "See the Solaris section in README.platform for details." 5675fi 5676