1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADERS([config.h]) 22AC_PROG_CC([cc gcc clang]) 23 24# XXX relax this after reimplementing logit() etc. 25AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 26AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 27int f(int a, int b, int c) { return a + b + c; } 28#define F(a, ...) f(a, __VA_ARGS__) 29]], [[return F(1, 2, -3);]])], 30 [ AC_MSG_RESULT([yes]) ], 31 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 32) 33 34AC_CANONICAL_HOST 35AC_C_BIGENDIAN 36 37# Checks for programs. 38AC_PROG_AWK 39AC_PROG_CPP 40AC_PROG_RANLIB 41AC_PROG_INSTALL 42AC_PROG_EGREP 43AC_PROG_MKDIR_P 44AC_CHECK_TOOLS([AR], [ar]) 45AC_PATH_PROG([CAT], [cat]) 46AC_PATH_PROG([KILL], [kill]) 47AC_PATH_PROG([SED], [sed]) 48AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 49AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 50AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 51AC_PATH_PROG([SH], [bash]) 52AC_PATH_PROG([SH], [ksh]) 53AC_PATH_PROG([SH], [sh]) 54AC_PATH_PROG([GROFF], [groff]) 55AC_PATH_PROG([NROFF], [nroff awf]) 56AC_PATH_PROG([MANDOC], [mandoc]) 57AC_SUBST([TEST_SHELL], [sh]) 58 59dnl select manpage formatter to be used to build "cat" format pages. 60if test "x$MANDOC" != "x" ; then 61 MANFMT="$MANDOC" 62elif test "x$NROFF" != "x" ; then 63 MANFMT="$NROFF -mandoc" 64elif test "x$GROFF" != "x" ; then 65 MANFMT="$GROFF -mandoc -Tascii" 66else 67 AC_MSG_WARN([no manpage formatter found]) 68 MANFMT="false" 69fi 70AC_SUBST([MANFMT]) 71 72dnl for buildpkg.sh 73AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 74 [/usr/sbin${PATH_SEPARATOR}/etc]) 75AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 76 [/usr/sbin${PATH_SEPARATOR}/etc]) 77AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 78if test -x /sbin/sh; then 79 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 80else 81 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 82fi 83 84# System features 85AC_SYS_LARGEFILE 86 87if test -z "$AR" ; then 88 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 89fi 90 91AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 92if test ! -z "$PATH_PASSWD_PROG" ; then 93 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 94 [Full path of your "passwd" program]) 95fi 96 97dnl Since autoconf doesn't support it very well, we no longer allow users to 98dnl override LD, however keeping the hook here for now in case there's a use 99dnl use case we overlooked and someone needs to re-enable it. Unless a good 100dnl reason is found we'll be removing this in future. 101LD="$CC" 102AC_SUBST([LD]) 103 104AC_C_INLINE 105 106AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 107AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 108AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 109 #include <sys/types.h> 110 #include <sys/param.h> 111 #include <dev/systrace.h> 112]) 113AC_CHECK_DECL([RLIMIT_NPROC], 114 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 115 #include <sys/types.h> 116 #include <sys/resource.h> 117]) 118AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 119 #include <sys/types.h> 120 #include <linux/prctl.h> 121]) 122 123openssl=yes 124AC_ARG_WITH([openssl], 125 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 126 [ if test "x$withval" = "xno" ; then 127 openssl=no 128 fi 129 ] 130) 131AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 132if test "x$openssl" = "xyes" ; then 133 AC_MSG_RESULT([yes]) 134 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 135else 136 AC_MSG_RESULT([no]) 137fi 138 139use_stack_protector=1 140use_toolchain_hardening=1 141AC_ARG_WITH([stackprotect], 142 [ --without-stackprotect Don't use compiler's stack protection], [ 143 if test "x$withval" = "xno"; then 144 use_stack_protector=0 145 fi ]) 146AC_ARG_WITH([hardening], 147 [ --without-hardening Don't use toolchain hardening flags], [ 148 if test "x$withval" = "xno"; then 149 use_toolchain_hardening=0 150 fi ]) 151 152# We use -Werror for the tests only so that we catch warnings like "this is 153# on by default" for things like -fPIE. 154AC_MSG_CHECKING([if $CC supports -Werror]) 155saved_CFLAGS="$CFLAGS" 156CFLAGS="$CFLAGS -Werror" 157AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 158 [ AC_MSG_RESULT([yes]) 159 WERROR="-Werror"], 160 [ AC_MSG_RESULT([no]) 161 WERROR="" ] 162) 163CFLAGS="$saved_CFLAGS" 164 165if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 166 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 167 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 169 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 170 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 171 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 172 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 173 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 174 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 175 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 178 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 179 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 180 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 181 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 182 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 183 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 184 if test "x$use_toolchain_hardening" = "x1"; then 185 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 186 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 187 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 188 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 189 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 190 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 191 # NB. -ftrapv expects certain support functions to be present in 192 # the compiler library (libgcc or similar) to detect integer operations 193 # that can overflow. We must check that the result of enabling it 194 # actually links. The test program compiled/linked includes a number 195 # of integer operations that should exercise this. 196 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 197 OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) 198 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 199 fi 200 AC_MSG_CHECKING([gcc version]) 201 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 202 case $GCC_VER in 203 1.*) no_attrib_nonnull=1 ;; 204 2.8* | 2.9*) 205 no_attrib_nonnull=1 206 ;; 207 2.*) no_attrib_nonnull=1 ;; 208 *) ;; 209 esac 210 AC_MSG_RESULT([$GCC_VER]) 211 212 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 213 saved_CFLAGS="$CFLAGS" 214 CFLAGS="$CFLAGS -fno-builtin-memset" 215 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 216 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 217 [ AC_MSG_RESULT([yes]) ], 218 [ AC_MSG_RESULT([no]) 219 CFLAGS="$saved_CFLAGS" ] 220 ) 221 222 # -fstack-protector-all doesn't always work for some GCC versions 223 # and/or platforms, so we test if we can. If it's not supported 224 # on a given platform gcc will emit a warning so we use -Werror. 225 if test "x$use_stack_protector" = "x1"; then 226 for t in -fstack-protector-strong -fstack-protector-all \ 227 -fstack-protector; do 228 AC_MSG_CHECKING([if $CC supports $t]) 229 saved_CFLAGS="$CFLAGS" 230 saved_LDFLAGS="$LDFLAGS" 231 CFLAGS="$CFLAGS $t -Werror" 232 LDFLAGS="$LDFLAGS $t -Werror" 233 AC_LINK_IFELSE( 234 [AC_LANG_PROGRAM([[ 235 #include <stdio.h> 236 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 237 ]], 238 [[ 239 char x[256]; 240 snprintf(x, sizeof(x), "XXX%d", func(1)); 241 ]])], 242 [ AC_MSG_RESULT([yes]) 243 CFLAGS="$saved_CFLAGS $t" 244 LDFLAGS="$saved_LDFLAGS $t" 245 AC_MSG_CHECKING([if $t works]) 246 AC_RUN_IFELSE( 247 [AC_LANG_PROGRAM([[ 248 #include <stdio.h> 249 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 250 ]], 251 [[ 252 char x[256]; 253 snprintf(x, sizeof(x), "XXX%d", func(1)); 254 ]])], 255 [ AC_MSG_RESULT([yes]) 256 break ], 257 [ AC_MSG_RESULT([no]) ], 258 [ AC_MSG_WARN([cross compiling: cannot test]) 259 break ] 260 ) 261 ], 262 [ AC_MSG_RESULT([no]) ] 263 ) 264 CFLAGS="$saved_CFLAGS" 265 LDFLAGS="$saved_LDFLAGS" 266 done 267 fi 268 269 if test -z "$have_llong_max"; then 270 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 271 unset ac_cv_have_decl_LLONG_MAX 272 saved_CFLAGS="$CFLAGS" 273 CFLAGS="$CFLAGS -std=gnu99" 274 AC_CHECK_DECL([LLONG_MAX], 275 [have_llong_max=1], 276 [CFLAGS="$saved_CFLAGS"], 277 [#include <limits.h>] 278 ) 279 fi 280fi 281 282AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 283AC_COMPILE_IFELSE( 284 [AC_LANG_PROGRAM([[ 285#include <stdlib.h> 286__attribute__((__unused__)) static void foo(void){return;}]], 287 [[ exit(0); ]])], 288 [ AC_MSG_RESULT([yes]) ], 289 [ AC_MSG_RESULT([no]) 290 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 291 [compiler does not accept __attribute__ on return types]) ] 292) 293 294AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 295AC_COMPILE_IFELSE( 296 [AC_LANG_PROGRAM([[ 297#include <stdlib.h> 298typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 299 [[ exit(0); ]])], 300 [ AC_MSG_RESULT([yes]) ], 301 [ AC_MSG_RESULT([no]) 302 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 303 [compiler does not accept __attribute__ on prototype args]) ] 304) 305 306AC_MSG_CHECKING([if compiler supports variable length arrays]) 307AC_COMPILE_IFELSE( 308 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 309 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 310 [ AC_MSG_RESULT([yes]) 311 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 312 [compiler supports variable length arrays]) ], 313 [ AC_MSG_RESULT([no]) ] 314) 315 316AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 317AC_COMPILE_IFELSE( 318 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 319 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 320 [ AC_MSG_RESULT([yes]) 321 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 322 [compiler variable declarations after code]) ], 323 [ AC_MSG_RESULT([no]) ] 324) 325 326if test "x$no_attrib_nonnull" != "x1" ; then 327 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 328fi 329 330AC_ARG_WITH([rpath], 331 [ --without-rpath Disable auto-added -R linker paths], 332 [ 333 if test "x$withval" = "xno" ; then 334 rpath_opt="" 335 elif test "x$withval" = "xyes" ; then 336 rpath_opt="-R" 337 else 338 rpath_opt="$withval" 339 fi 340 ] 341) 342 343# Allow user to specify flags 344AC_ARG_WITH([cflags], 345 [ --with-cflags Specify additional flags to pass to compiler], 346 [ 347 if test -n "$withval" && test "x$withval" != "xno" && \ 348 test "x${withval}" != "xyes"; then 349 CFLAGS="$CFLAGS $withval" 350 fi 351 ] 352) 353 354AC_ARG_WITH([cflags-after], 355 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 356 [ 357 if test -n "$withval" && test "x$withval" != "xno" && \ 358 test "x${withval}" != "xyes"; then 359 CFLAGS_AFTER="$withval" 360 fi 361 ] 362) 363AC_ARG_WITH([cppflags], 364 [ --with-cppflags Specify additional flags to pass to preprocessor] , 365 [ 366 if test -n "$withval" && test "x$withval" != "xno" && \ 367 test "x${withval}" != "xyes"; then 368 CPPFLAGS="$CPPFLAGS $withval" 369 fi 370 ] 371) 372AC_ARG_WITH([ldflags], 373 [ --with-ldflags Specify additional flags to pass to linker], 374 [ 375 if test -n "$withval" && test "x$withval" != "xno" && \ 376 test "x${withval}" != "xyes"; then 377 LDFLAGS="$LDFLAGS $withval" 378 fi 379 ] 380) 381AC_ARG_WITH([ldflags-after], 382 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 383 [ 384 if test -n "$withval" && test "x$withval" != "xno" && \ 385 test "x${withval}" != "xyes"; then 386 LDFLAGS_AFTER="$withval" 387 fi 388 ] 389) 390AC_ARG_WITH([libs], 391 [ --with-libs Specify additional libraries to link with], 392 [ 393 if test -n "$withval" && test "x$withval" != "xno" && \ 394 test "x${withval}" != "xyes"; then 395 LIBS="$LIBS $withval" 396 fi 397 ] 398) 399AC_ARG_WITH([Werror], 400 [ --with-Werror Build main code with -Werror], 401 [ 402 if test -n "$withval" && test "x$withval" != "xno"; then 403 werror_flags="-Werror" 404 if test "x${withval}" != "xyes"; then 405 werror_flags="$withval" 406 fi 407 fi 408 ] 409) 410 411AC_CHECK_HEADERS([ \ 412 blf.h \ 413 bstring.h \ 414 crypt.h \ 415 crypto/sha2.h \ 416 dirent.h \ 417 endian.h \ 418 elf.h \ 419 err.h \ 420 features.h \ 421 fcntl.h \ 422 floatingpoint.h \ 423 fnmatch.h \ 424 getopt.h \ 425 glob.h \ 426 ia.h \ 427 iaf.h \ 428 ifaddrs.h \ 429 inttypes.h \ 430 langinfo.h \ 431 limits.h \ 432 locale.h \ 433 login.h \ 434 maillock.h \ 435 ndir.h \ 436 net/if_tun.h \ 437 netdb.h \ 438 netgroup.h \ 439 pam/pam_appl.h \ 440 paths.h \ 441 poll.h \ 442 pty.h \ 443 readpassphrase.h \ 444 rpc/types.h \ 445 security/pam_appl.h \ 446 sha2.h \ 447 shadow.h \ 448 stddef.h \ 449 stdint.h \ 450 string.h \ 451 strings.h \ 452 sys/bitypes.h \ 453 sys/byteorder.h \ 454 sys/bsdtty.h \ 455 sys/cdefs.h \ 456 sys/dir.h \ 457 sys/file.h \ 458 sys/mman.h \ 459 sys/label.h \ 460 sys/ndir.h \ 461 sys/param.h \ 462 sys/poll.h \ 463 sys/prctl.h \ 464 sys/procctl.h \ 465 sys/pstat.h \ 466 sys/ptrace.h \ 467 sys/random.h \ 468 sys/select.h \ 469 sys/stat.h \ 470 sys/stream.h \ 471 sys/stropts.h \ 472 sys/strtio.h \ 473 sys/statvfs.h \ 474 sys/sysmacros.h \ 475 sys/time.h \ 476 sys/timers.h \ 477 sys/vfs.h \ 478 time.h \ 479 tmpdir.h \ 480 ttyent.h \ 481 ucred.h \ 482 unistd.h \ 483 usersec.h \ 484 util.h \ 485 utime.h \ 486 utmp.h \ 487 utmpx.h \ 488 vis.h \ 489 wchar.h \ 490]) 491 492# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 493# to be included first. 494AC_CHECK_HEADERS([sys/audit.h], [], [], [ 495#ifdef HAVE_SYS_TIME_H 496# include <sys/time.h> 497#endif 498#ifdef HAVE_SYS_TYPES_H 499# include <sys/types.h> 500#endif 501#ifdef HAVE_SYS_LABEL_H 502# include <sys/label.h> 503#endif 504]) 505 506# sys/capsicum.h requires sys/types.h 507AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 508#ifdef HAVE_SYS_TYPES_H 509# include <sys/types.h> 510#endif 511]) 512 513# net/route.h requires sys/socket.h and sys/types.h. 514# sys/sysctl.h also requires sys/param.h 515AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 516#ifdef HAVE_SYS_TYPES_H 517# include <sys/types.h> 518#endif 519#include <sys/param.h> 520#include <sys/socket.h> 521]) 522 523# lastlog.h requires sys/time.h to be included first on Solaris 524AC_CHECK_HEADERS([lastlog.h], [], [], [ 525#ifdef HAVE_SYS_TIME_H 526# include <sys/time.h> 527#endif 528]) 529 530# sys/ptms.h requires sys/stream.h to be included first on Solaris 531AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 532#ifdef HAVE_SYS_STREAM_H 533# include <sys/stream.h> 534#endif 535]) 536 537# login_cap.h requires sys/types.h on NetBSD 538AC_CHECK_HEADERS([login_cap.h], [], [], [ 539#include <sys/types.h> 540]) 541 542# older BSDs need sys/param.h before sys/mount.h 543AC_CHECK_HEADERS([sys/mount.h], [], [], [ 544#include <sys/param.h> 545]) 546 547# Android requires sys/socket.h to be included before sys/un.h 548AC_CHECK_HEADERS([sys/un.h], [], [], [ 549#include <sys/types.h> 550#include <sys/socket.h> 551]) 552 553# Messages for features tested for in target-specific section 554SIA_MSG="no" 555SPC_MSG="no" 556SP_MSG="no" 557SPP_MSG="no" 558 559# Support for Solaris/Illumos privileges (this test is used by both 560# the --with-solaris-privs option and --with-sandbox=solaris). 561SOLARIS_PRIVS="no" 562 563# Check for some target-specific stuff 564case "$host" in 565*-*-aix*) 566 # Some versions of VAC won't allow macro redefinitions at 567 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 568 # particularly with older versions of vac or xlc. 569 # It also throws errors about null macro arguments, but these are 570 # not fatal. 571 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 572 AC_COMPILE_IFELSE( 573 [AC_LANG_PROGRAM([[ 574#define testmacro foo 575#define testmacro bar]], 576 [[ exit(0); ]])], 577 [ AC_MSG_RESULT([yes]) ], 578 [ AC_MSG_RESULT([no]) 579 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 580 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 581 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 582 ] 583 ) 584 585 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 586 if (test -z "$blibpath"); then 587 blibpath="/usr/lib:/lib" 588 fi 589 saved_LDFLAGS="$LDFLAGS" 590 if test "$GCC" = "yes"; then 591 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 592 else 593 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 594 fi 595 for tryflags in $flags ;do 596 if (test -z "$blibflags"); then 597 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 598 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 599 [blibflags=$tryflags], []) 600 fi 601 done 602 if (test -z "$blibflags"); then 603 AC_MSG_RESULT([not found]) 604 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 605 else 606 AC_MSG_RESULT([$blibflags]) 607 fi 608 LDFLAGS="$saved_LDFLAGS" 609 dnl Check for authenticate. Might be in libs.a on older AIXes 610 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 611 [Define if you want to enable AIX4's authenticate function])], 612 [AC_CHECK_LIB([s], [authenticate], 613 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 614 LIBS="$LIBS -ls" 615 ]) 616 ]) 617 dnl Check for various auth function declarations in headers. 618 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 619 passwdexpired, setauthdb], , , [#include <usersec.h>]) 620 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 621 AC_CHECK_DECLS([loginfailed], 622 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 623 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 624 [[ (void)loginfailed("user","host","tty",0); ]])], 625 [AC_MSG_RESULT([yes]) 626 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 627 [Define if your AIX loginfailed() function 628 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 629 ])], 630 [], 631 [#include <usersec.h>] 632 ) 633 AC_CHECK_FUNCS([getgrset setauthdb]) 634 AC_CHECK_DECL([F_CLOSEM], 635 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 636 [], 637 [ #include <limits.h> 638 #include <fcntl.h> ] 639 ) 640 check_for_aix_broken_getaddrinfo=1 641 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 642 [Define if your platform breaks doing a seteuid before a setuid]) 643 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 644 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 645 dnl AIX handles lastlog as part of its login message 646 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 647 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 648 [Some systems need a utmpx entry for /bin/login to work]) 649 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 650 [Define to a Set Process Title type if your system is 651 supported by bsd-setproctitle.c]) 652 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 653 [AIX 5.2 and 5.3 (and presumably newer) require this]) 654 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 655 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 656 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 657 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 658 ;; 659*-*-android*) 660 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 661 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 662 ;; 663*-*-cygwin*) 664 check_for_libcrypt_later=1 665 LIBS="$LIBS /usr/lib/textreadmode.o" 666 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 667 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 668 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 669 [Define to disable UID restoration test]) 670 AC_DEFINE([DISABLE_SHADOW], [1], 671 [Define if you want to disable shadow passwords]) 672 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 673 [Define if X11 doesn't support AF_UNIX sockets on that system]) 674 AC_DEFINE([DISABLE_FD_PASSING], [1], 675 [Define if your platform needs to skip post auth 676 file descriptor passing]) 677 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 678 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 679 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 680 # reasons which cause compile warnings, so we disable those warnings. 681 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 682 ;; 683*-*-dgux*) 684 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 685 [Define if your system choked on IP TOS setting]) 686 AC_DEFINE([SETEUID_BREAKS_SETUID]) 687 AC_DEFINE([BROKEN_SETREUID]) 688 AC_DEFINE([BROKEN_SETREGID]) 689 ;; 690*-*-darwin*) 691 use_pie=auto 692 AC_MSG_CHECKING([if we have working getaddrinfo]) 693 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 694#include <mach-o/dyld.h> 695#include <stdlib.h> 696main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 697 exit(0); 698 else 699 exit(1); 700} 701 ]])], 702 [AC_MSG_RESULT([working])], 703 [AC_MSG_RESULT([buggy]) 704 AC_DEFINE([BROKEN_GETADDRINFO], [1], 705 [getaddrinfo is broken (if present)]) 706 ], 707 [AC_MSG_RESULT([assume it is working])]) 708 AC_DEFINE([SETEUID_BREAKS_SETUID]) 709 AC_DEFINE([BROKEN_SETREUID]) 710 AC_DEFINE([BROKEN_SETREGID]) 711 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 712 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 713 [Define if your resolver libs need this for getrrsetbyname]) 714 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 715 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 716 [Use tunnel device compatibility to OpenBSD]) 717 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 718 [Prepend the address family to IP tunnel traffic]) 719 m4_pattern_allow([AU_IPv]) 720 AC_CHECK_DECL([AU_IPv4], [], 721 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 722 [#include <bsm/audit.h>] 723 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 724 [Define if pututxline updates lastlog too]) 725 ) 726 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 727 [Define to a Set Process Title type if your system is 728 supported by bsd-setproctitle.c]) 729 AC_CHECK_FUNCS([sandbox_init]) 730 AC_CHECK_HEADERS([sandbox.h]) 731 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 732 SSHDLIBS="$SSHDLIBS -lsandbox" 733 ]) 734 # proc_pidinfo()-based closefrom() replacement. 735 AC_CHECK_HEADERS([libproc.h]) 736 AC_CHECK_FUNCS([proc_pidinfo]) 737 # poll(2) is broken for character-special devices (at least). 738 # cf. Apple bug 3710161 (not public, but searchable) 739 AC_DEFINE([BROKEN_POLL], [1], 740 [System poll(2) implementation is broken]) 741 ;; 742*-*-dragonfly*) 743 SSHDLIBS="$SSHDLIBS -lcrypt" 744 TEST_MALLOC_OPTIONS="AFGJPRX" 745 ;; 746*-*-haiku*) 747 LIBS="$LIBS -lbsd " 748 CFLAGS="$CFLAGS -D_BSD_SOURCE" 749 AC_CHECK_LIB([network], [socket]) 750 AC_DEFINE([HAVE_U_INT64_T]) 751 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 752 MANTYPE=man 753 ;; 754*-*-hpux*) 755 # first we define all of the options common to all HP-UX releases 756 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 757 IPADDR_IN_DISPLAY=yes 758 AC_DEFINE([USE_PIPES]) 759 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 760 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 761 [String used in /etc/passwd to denote locked account]) 762 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 763 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 764 maildir="/var/mail" 765 LIBS="$LIBS -lsec" 766 AC_CHECK_LIB([xnet], [t_error], , 767 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 768 769 # next, we define all of the options specific to major releases 770 case "$host" in 771 *-*-hpux10*) 772 if test -z "$GCC"; then 773 CFLAGS="$CFLAGS -Ae" 774 fi 775 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 776 ;; 777 *-*-hpux11*) 778 AC_DEFINE([PAM_SUN_CODEBASE], [1], 779 [Define if you are using Solaris-derived PAM which 780 passes pam_messages to the conversation function 781 with an extra level of indirection]) 782 AC_DEFINE([DISABLE_UTMP], [1], 783 [Define if you don't want to use utmp]) 784 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 785 check_for_hpux_broken_getaddrinfo=1 786 check_for_conflicting_getspnam=1 787 ;; 788 esac 789 790 # lastly, we define options specific to minor releases 791 case "$host" in 792 *-*-hpux10.26) 793 AC_DEFINE([HAVE_SECUREWARE], [1], 794 [Define if you have SecureWare-based 795 protected password database]) 796 disable_ptmx_check=yes 797 LIBS="$LIBS -lsecpw" 798 ;; 799 esac 800 ;; 801*-*-irix5*) 802 PATH="$PATH:/usr/etc" 803 AC_DEFINE([BROKEN_INET_NTOA], [1], 804 [Define if you system's inet_ntoa is busted 805 (e.g. Irix gcc issue)]) 806 AC_DEFINE([SETEUID_BREAKS_SETUID]) 807 AC_DEFINE([BROKEN_SETREUID]) 808 AC_DEFINE([BROKEN_SETREGID]) 809 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 810 [Define if you shouldn't strip 'tty' from your 811 ttyname in [uw]tmp]) 812 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 813 ;; 814*-*-irix6*) 815 PATH="$PATH:/usr/etc" 816 AC_DEFINE([WITH_IRIX_ARRAY], [1], 817 [Define if you have/want arrays 818 (cluster-wide session management, not C arrays)]) 819 AC_DEFINE([WITH_IRIX_PROJECT], [1], 820 [Define if you want IRIX project management]) 821 AC_DEFINE([WITH_IRIX_AUDIT], [1], 822 [Define if you want IRIX audit trails]) 823 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 824 [Define if you want IRIX kernel jobs])]) 825 AC_DEFINE([BROKEN_INET_NTOA]) 826 AC_DEFINE([SETEUID_BREAKS_SETUID]) 827 AC_DEFINE([BROKEN_SETREUID]) 828 AC_DEFINE([BROKEN_SETREGID]) 829 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 830 AC_DEFINE([WITH_ABBREV_NO_TTY]) 831 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 832 ;; 833*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 834 check_for_libcrypt_later=1 835 AC_DEFINE([PAM_TTY_KLUDGE]) 836 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 837 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 838 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 839 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 840 ;; 841*-*-linux*) 842 no_dev_ptmx=1 843 use_pie=auto 844 check_for_libcrypt_later=1 845 check_for_openpty_ctty_bug=1 846 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 847 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 848 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 849 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 850 AC_DEFINE([PAM_TTY_KLUDGE], [1], 851 [Work around problematic Linux PAM modules handling of PAM_TTY]) 852 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 853 [String used in /etc/passwd to denote locked account]) 854 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 855 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 856 [Define to whatever link() returns for "not supported" 857 if it doesn't return EOPNOTSUPP.]) 858 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 859 AC_DEFINE([USE_BTMP]) 860 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 861 inet6_default_4in6=yes 862 case `uname -r` in 863 1.*|2.0.*) 864 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 865 [Define if cmsg_type is not passed correctly]) 866 ;; 867 esac 868 # tun(4) forwarding compat code 869 AC_CHECK_HEADERS([linux/if_tun.h]) 870 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 871 AC_DEFINE([SSH_TUN_LINUX], [1], 872 [Open tunnel devices the Linux tun/tap way]) 873 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 874 [Use tunnel device compatibility to OpenBSD]) 875 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 876 [Prepend the address family to IP tunnel traffic]) 877 fi 878 AC_CHECK_HEADER([linux/if.h], 879 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 880 [Support routing domains using Linux VRF]), [], [ 881#ifdef HAVE_SYS_TYPES_H 882# include <sys/types.h> 883#endif 884 ]) 885 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 886 [], [#include <linux/types.h>]) 887 # Obtain MIPS ABI 888 case "$host" in 889 mips*) 890 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 891#if _MIPS_SIM != _ABIO32 892#error 893#endif 894 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 895#if _MIPS_SIM != _ABIN32 896#error 897#endif 898 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 899#if _MIPS_SIM != _ABI64 900#error 901#endif 902 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 903 ]) 904 ]) 905 ]) 906 ;; 907 esac 908 AC_MSG_CHECKING([for seccomp architecture]) 909 seccomp_audit_arch= 910 case "$host" in 911 x86_64-*) 912 seccomp_audit_arch=AUDIT_ARCH_X86_64 913 ;; 914 i*86-*) 915 seccomp_audit_arch=AUDIT_ARCH_I386 916 ;; 917 arm*-*) 918 seccomp_audit_arch=AUDIT_ARCH_ARM 919 ;; 920 aarch64*-*) 921 seccomp_audit_arch=AUDIT_ARCH_AARCH64 922 ;; 923 s390x-*) 924 seccomp_audit_arch=AUDIT_ARCH_S390X 925 ;; 926 s390-*) 927 seccomp_audit_arch=AUDIT_ARCH_S390 928 ;; 929 powerpc64-*) 930 seccomp_audit_arch=AUDIT_ARCH_PPC64 931 ;; 932 powerpc64le-*) 933 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 934 ;; 935 mips-*) 936 seccomp_audit_arch=AUDIT_ARCH_MIPS 937 ;; 938 mipsel-*) 939 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 940 ;; 941 mips64-*) 942 case "$mips_abi" in 943 "n32") 944 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 945 ;; 946 "n64") 947 seccomp_audit_arch=AUDIT_ARCH_MIPS64 948 ;; 949 esac 950 ;; 951 mips64el-*) 952 case "$mips_abi" in 953 "n32") 954 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 955 ;; 956 "n64") 957 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 958 ;; 959 esac 960 ;; 961 riscv64-*) 962 seccomp_audit_arch=AUDIT_ARCH_RISCV64 963 ;; 964 esac 965 if test "x$seccomp_audit_arch" != "x" ; then 966 AC_MSG_RESULT(["$seccomp_audit_arch"]) 967 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 968 [Specify the system call convention in use]) 969 else 970 AC_MSG_RESULT([architecture not supported]) 971 fi 972 ;; 973*-*-minix) 974 AC_DEFINE([SETEUID_BREAKS_SETUID]) 975 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 976 AC_DEFINE([BROKEN_POLL], [1], 977 [System poll(2) implementation is broken]) 978 ;; 979mips-sony-bsd|mips-sony-newsos4) 980 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 981 SONY=1 982 ;; 983*-*-netbsd*) 984 check_for_libcrypt_before=1 985 if test "x$withval" != "xno" ; then 986 rpath_opt="-R" 987 fi 988 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 989 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 990 AC_CHECK_HEADER([net/if_tap.h], , 991 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 992 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 993 [Prepend the address family to IP tunnel traffic]) 994 TEST_MALLOC_OPTIONS="AJRX" 995 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 996 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 997 ;; 998*-*-freebsd*) 999 check_for_libcrypt_later=1 1000 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1001 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1002 AC_CHECK_HEADER([net/if_tap.h], , 1003 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1004 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1005 TEST_MALLOC_OPTIONS="AJRX" 1006 # Preauth crypto occasionally uses file descriptors for crypto offload 1007 # and will crash if they cannot be opened. 1008 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1009 [define if setrlimit RLIMIT_NOFILE breaks things]) 1010 case "$host" in 1011 *-*-freebsd9.*|*-*-freebsd10.*) 1012 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1013 disable_capsicum=yes 1014 esac 1015 ;; 1016*-*-bsdi*) 1017 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1018 AC_DEFINE([BROKEN_SETREUID]) 1019 AC_DEFINE([BROKEN_SETREGID]) 1020 ;; 1021*-next-*) 1022 conf_lastlog_location="/usr/adm/lastlog" 1023 conf_utmp_location=/etc/utmp 1024 conf_wtmp_location=/usr/adm/wtmp 1025 maildir=/usr/spool/mail 1026 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1027 AC_DEFINE([USE_PIPES]) 1028 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1029 ;; 1030*-*-openbsd*) 1031 use_pie=auto 1032 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1033 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1034 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1035 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1036 [syslog_r function is safe to use in in a signal handler]) 1037 TEST_MALLOC_OPTIONS="AFGJPRX" 1038 ;; 1039*-*-solaris*) 1040 if test "x$withval" != "xno" ; then 1041 rpath_opt="-R" 1042 fi 1043 AC_DEFINE([PAM_SUN_CODEBASE]) 1044 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1045 AC_DEFINE([PAM_TTY_KLUDGE]) 1046 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1047 [Define if pam_chauthtok wants real uid set 1048 to the unpriv'ed user]) 1049 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1050 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1051 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1052 [Define if sshd somehow reacquires a controlling TTY 1053 after setsid()]) 1054 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1055 in case the name is longer than 8 chars]) 1056 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1057 external_path_file=/etc/default/login 1058 # hardwire lastlog location (can't detect it on some versions) 1059 conf_lastlog_location="/var/adm/lastlog" 1060 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1061 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1062 if test "$sol2ver" -ge 8; then 1063 AC_MSG_RESULT([yes]) 1064 AC_DEFINE([DISABLE_UTMP]) 1065 AC_DEFINE([DISABLE_WTMP], [1], 1066 [Define if you don't want to use wtmp]) 1067 else 1068 AC_MSG_RESULT([no]) 1069 fi 1070 AC_CHECK_FUNCS([setpflags]) 1071 AC_CHECK_FUNCS([setppriv]) 1072 AC_CHECK_FUNCS([priv_basicset]) 1073 AC_CHECK_HEADERS([priv.h]) 1074 AC_ARG_WITH([solaris-contracts], 1075 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1076 [ 1077 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1078 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1079 [Define if you have Solaris process contracts]) 1080 LIBS="$LIBS -lcontract" 1081 SPC_MSG="yes" ], ) 1082 ], 1083 ) 1084 AC_ARG_WITH([solaris-projects], 1085 [ --with-solaris-projects Enable Solaris projects (experimental)], 1086 [ 1087 AC_CHECK_LIB([project], [setproject], 1088 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1089 [Define if you have Solaris projects]) 1090 LIBS="$LIBS -lproject" 1091 SP_MSG="yes" ], ) 1092 ], 1093 ) 1094 AC_ARG_WITH([solaris-privs], 1095 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1096 [ 1097 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1098 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1099 "x$ac_cv_header_priv_h" = "xyes" ; then 1100 SOLARIS_PRIVS=yes 1101 AC_MSG_RESULT([found]) 1102 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1103 [Define to disable UID restoration test]) 1104 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1105 [Define if you have Solaris privileges]) 1106 SPP_MSG="yes" 1107 else 1108 AC_MSG_RESULT([not found]) 1109 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1110 fi 1111 ], 1112 ) 1113 TEST_SHELL=$SHELL # let configure find us a capable shell 1114 ;; 1115*-*-sunos4*) 1116 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1117 AC_CHECK_FUNCS([getpwanam]) 1118 AC_DEFINE([PAM_SUN_CODEBASE]) 1119 conf_utmp_location=/etc/utmp 1120 conf_wtmp_location=/var/adm/wtmp 1121 conf_lastlog_location=/var/adm/lastlog 1122 AC_DEFINE([USE_PIPES]) 1123 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1124 ;; 1125*-ncr-sysv*) 1126 LIBS="$LIBS -lc89" 1127 AC_DEFINE([USE_PIPES]) 1128 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1129 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1130 AC_DEFINE([BROKEN_SETREUID]) 1131 AC_DEFINE([BROKEN_SETREGID]) 1132 ;; 1133*-sni-sysv*) 1134 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1135 AC_CHECK_LIB([dl], [dlsym], ,) 1136 # -lresolv needs to be at the end of LIBS or DNS lookups break 1137 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1138 IPADDR_IN_DISPLAY=yes 1139 AC_DEFINE([USE_PIPES]) 1140 AC_DEFINE([IP_TOS_IS_BROKEN]) 1141 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1142 AC_DEFINE([BROKEN_SETREUID]) 1143 AC_DEFINE([BROKEN_SETREGID]) 1144 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1145 external_path_file=/etc/default/login 1146 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1147 # Attention: always take care to bind libsocket and libnsl before libc, 1148 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1149 ;; 1150# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1151*-*-sysv4.2*) 1152 AC_DEFINE([USE_PIPES]) 1153 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1154 AC_DEFINE([BROKEN_SETREUID]) 1155 AC_DEFINE([BROKEN_SETREGID]) 1156 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1157 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1158 TEST_SHELL=$SHELL # let configure find us a capable shell 1159 ;; 1160# UnixWare 7.x, OpenUNIX 8 1161*-*-sysv5*) 1162 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1163 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1164 AC_DEFINE([USE_PIPES]) 1165 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1166 AC_DEFINE([BROKEN_GETADDRINFO]) 1167 AC_DEFINE([BROKEN_SETREUID]) 1168 AC_DEFINE([BROKEN_SETREGID]) 1169 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1170 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1171 TEST_SHELL=$SHELL # let configure find us a capable shell 1172 check_for_libcrypt_later=1 1173 case "$host" in 1174 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1175 maildir=/var/spool/mail 1176 AC_DEFINE([BROKEN_UPDWTMPX]) 1177 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1178 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1179 ], , ) 1180 ;; 1181 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1182 ;; 1183 esac 1184 ;; 1185*-*-sysv*) 1186 ;; 1187# SCO UNIX and OEM versions of SCO UNIX 1188*-*-sco3.2v4*) 1189 AC_MSG_ERROR("This Platform is no longer supported.") 1190 ;; 1191# SCO OpenServer 5.x 1192*-*-sco3.2v5*) 1193 if test -z "$GCC"; then 1194 CFLAGS="$CFLAGS -belf" 1195 fi 1196 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1197 no_dev_ptmx=1 1198 AC_DEFINE([USE_PIPES]) 1199 AC_DEFINE([HAVE_SECUREWARE]) 1200 AC_DEFINE([DISABLE_SHADOW]) 1201 AC_DEFINE([DISABLE_FD_PASSING]) 1202 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1203 AC_DEFINE([BROKEN_GETADDRINFO]) 1204 AC_DEFINE([BROKEN_SETREUID]) 1205 AC_DEFINE([BROKEN_SETREGID]) 1206 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1207 AC_DEFINE([BROKEN_UPDWTMPX]) 1208 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1209 AC_CHECK_FUNCS([getluid setluid]) 1210 MANTYPE=man 1211 TEST_SHELL=$SHELL # let configure find us a capable shell 1212 SKIP_DISABLE_LASTLOG_DEFINE=yes 1213 ;; 1214*-dec-osf*) 1215 AC_MSG_CHECKING([for Digital Unix SIA]) 1216 no_osfsia="" 1217 AC_ARG_WITH([osfsia], 1218 [ --with-osfsia Enable Digital Unix SIA], 1219 [ 1220 if test "x$withval" = "xno" ; then 1221 AC_MSG_RESULT([disabled]) 1222 no_osfsia=1 1223 fi 1224 ], 1225 ) 1226 if test -z "$no_osfsia" ; then 1227 if test -f /etc/sia/matrix.conf; then 1228 AC_MSG_RESULT([yes]) 1229 AC_DEFINE([HAVE_OSF_SIA], [1], 1230 [Define if you have Digital Unix Security 1231 Integration Architecture]) 1232 AC_DEFINE([DISABLE_LOGIN], [1], 1233 [Define if you don't want to use your 1234 system's login() call]) 1235 AC_DEFINE([DISABLE_FD_PASSING]) 1236 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1237 SIA_MSG="yes" 1238 else 1239 AC_MSG_RESULT([no]) 1240 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1241 [String used in /etc/passwd to denote locked account]) 1242 fi 1243 fi 1244 AC_DEFINE([BROKEN_GETADDRINFO]) 1245 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1246 AC_DEFINE([BROKEN_SETREUID]) 1247 AC_DEFINE([BROKEN_SETREGID]) 1248 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1249 ;; 1250 1251*-*-nto-qnx*) 1252 AC_DEFINE([USE_PIPES]) 1253 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1254 AC_DEFINE([DISABLE_LASTLOG]) 1255 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1256 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1257 enable_etc_default_login=no # has incompatible /etc/default/login 1258 case "$host" in 1259 *-*-nto-qnx6*) 1260 AC_DEFINE([DISABLE_FD_PASSING]) 1261 ;; 1262 esac 1263 ;; 1264 1265*-*-ultrix*) 1266 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1267 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1268 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1269 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1270 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1271 # don't get a controlling tty. 1272 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1273 # On Ultrix some headers are not protected against multiple includes, 1274 # so we create wrappers and put it where the compiler will find it. 1275 AC_MSG_WARN([creating compat wrappers for headers]) 1276 mkdir -p netinet 1277 for header in netinet/ip.h netdb.h resolv.h; do 1278 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1279 cat >$header <<EOD 1280#ifndef _SSH_COMPAT_${name} 1281#define _SSH_COMPAT_${name} 1282#include "/usr/include/${header}" 1283#endif 1284EOD 1285 done 1286 ;; 1287 1288*-*-lynxos) 1289 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1290 AC_DEFINE([BROKEN_SETVBUF], [1], 1291 [LynxOS has broken setvbuf() implementation]) 1292 ;; 1293esac 1294 1295AC_MSG_CHECKING([compiler and flags for sanity]) 1296AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1297 [ AC_MSG_RESULT([yes]) ], 1298 [ 1299 AC_MSG_RESULT([no]) 1300 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1301 ], 1302 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1303) 1304 1305dnl Checks for header files. 1306# Checks for libraries. 1307AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1308 1309dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1310AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1311 AC_CHECK_LIB([gen], [dirname], [ 1312 AC_CACHE_CHECK([for broken dirname], 1313 ac_cv_have_broken_dirname, [ 1314 save_LIBS="$LIBS" 1315 LIBS="$LIBS -lgen" 1316 AC_RUN_IFELSE( 1317 [AC_LANG_SOURCE([[ 1318#include <libgen.h> 1319#include <string.h> 1320#include <stdlib.h> 1321 1322int main(int argc, char **argv) { 1323 char *s, buf[32]; 1324 1325 strncpy(buf,"/etc", 32); 1326 s = dirname(buf); 1327 if (!s || strncmp(s, "/", 32) != 0) { 1328 exit(1); 1329 } else { 1330 exit(0); 1331 } 1332} 1333 ]])], 1334 [ ac_cv_have_broken_dirname="no" ], 1335 [ ac_cv_have_broken_dirname="yes" ], 1336 [ ac_cv_have_broken_dirname="no" ], 1337 ) 1338 LIBS="$save_LIBS" 1339 ]) 1340 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1341 LIBS="$LIBS -lgen" 1342 AC_DEFINE([HAVE_DIRNAME]) 1343 AC_CHECK_HEADERS([libgen.h]) 1344 fi 1345 ]) 1346]) 1347 1348AC_CHECK_FUNC([getspnam], , 1349 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1350AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1351 [Define if you have the basename function.])]) 1352 1353dnl zlib defaults to enabled 1354zlib=yes 1355AC_ARG_WITH([zlib], 1356 [ --with-zlib=PATH Use zlib in PATH], 1357 [ if test "x$withval" = "xno" ; then 1358 zlib=no 1359 elif test "x$withval" != "xyes"; then 1360 if test -d "$withval/lib"; then 1361 if test -n "${rpath_opt}"; then 1362 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1363 else 1364 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1365 fi 1366 else 1367 if test -n "${rpath_opt}"; then 1368 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1369 else 1370 LDFLAGS="-L${withval} ${LDFLAGS}" 1371 fi 1372 fi 1373 if test -d "$withval/include"; then 1374 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1375 else 1376 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1377 fi 1378 fi ] 1379) 1380 1381AC_MSG_CHECKING([for zlib]) 1382if test "x${zlib}" = "xno"; then 1383 AC_MSG_RESULT([no]) 1384else 1385 AC_MSG_RESULT([yes]) 1386 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1387 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1388 AC_CHECK_LIB([z], [deflate], , 1389 [ 1390 saved_CPPFLAGS="$CPPFLAGS" 1391 saved_LDFLAGS="$LDFLAGS" 1392 save_LIBS="$LIBS" 1393 dnl Check default zlib install dir 1394 if test -n "${rpath_opt}"; then 1395 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1396 else 1397 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1398 fi 1399 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1400 LIBS="$LIBS -lz" 1401 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1402 [ 1403 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1404 ] 1405 ) 1406 ] 1407 ) 1408 1409 AC_ARG_WITH([zlib-version-check], 1410 [ --without-zlib-version-check Disable zlib version check], 1411 [ if test "x$withval" = "xno" ; then 1412 zlib_check_nonfatal=1 1413 fi 1414 ] 1415 ) 1416 1417 AC_MSG_CHECKING([for possibly buggy zlib]) 1418 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1419#include <stdio.h> 1420#include <stdlib.h> 1421#include <zlib.h> 1422 ]], 1423 [[ 1424 int a=0, b=0, c=0, d=0, n, v; 1425 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1426 if (n != 3 && n != 4) 1427 exit(1); 1428 v = a*1000000 + b*10000 + c*100 + d; 1429 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1430 1431 /* 1.1.4 is OK */ 1432 if (a == 1 && b == 1 && c >= 4) 1433 exit(0); 1434 1435 /* 1.2.3 and up are OK */ 1436 if (v >= 1020300) 1437 exit(0); 1438 1439 exit(2); 1440 ]])], 1441 AC_MSG_RESULT([no]), 1442 [ AC_MSG_RESULT([yes]) 1443 if test -z "$zlib_check_nonfatal" ; then 1444 AC_MSG_ERROR([*** zlib too old - check config.log *** 1445Your reported zlib version has known security problems. It's possible your 1446vendor has fixed these problems without changing the version number. If you 1447are sure this is the case, you can disable the check by running 1448"./configure --without-zlib-version-check". 1449If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1450See http://www.gzip.org/zlib/ for details.]) 1451 else 1452 AC_MSG_WARN([zlib version may have security problems]) 1453 fi 1454 ], 1455 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1456 ) 1457fi 1458 1459dnl UnixWare 2.x 1460AC_CHECK_FUNC([strcasecmp], 1461 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1462) 1463AC_CHECK_FUNCS([utimes], 1464 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1465 LIBS="$LIBS -lc89"]) ] 1466) 1467 1468dnl Checks for libutil functions 1469AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1470AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1471AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1472AC_SEARCH_LIBS([login], [util bsd]) 1473AC_SEARCH_LIBS([logout], [util bsd]) 1474AC_SEARCH_LIBS([logwtmp], [util bsd]) 1475AC_SEARCH_LIBS([openpty], [util bsd]) 1476AC_SEARCH_LIBS([updwtmp], [util bsd]) 1477AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1478 1479# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1480# or libnsl. 1481AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1482AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1483 1484# Some Linux distribtions ship the BSD libc hashing functions in 1485# separate libraries. 1486AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1487 1488# "Particular Function Checks" 1489# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1490AC_FUNC_STRFTIME 1491AC_FUNC_MALLOC 1492AC_FUNC_REALLOC 1493# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1494AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1495AC_RUN_IFELSE( 1496 [AC_LANG_PROGRAM( 1497 [[ #include <stdlib.h> ]], 1498 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1499 )], 1500 [ func_calloc_0_nonnull=yes ], 1501 [ func_calloc_0_nonnull=no ], 1502 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1503 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1504) 1505AC_MSG_RESULT([$func_calloc_0_nonnull]) 1506 1507if test "x$func_calloc_0_nonnull" = "xyes"; then 1508 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1509else 1510 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1511 AC_DEFINE(calloc, rpl_calloc, 1512 [Define to rpl_calloc if the replacement function should be used.]) 1513fi 1514 1515# Check for ALTDIRFUNC glob() extension 1516AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1517AC_EGREP_CPP([FOUNDIT], 1518 [ 1519 #include <glob.h> 1520 #ifdef GLOB_ALTDIRFUNC 1521 FOUNDIT 1522 #endif 1523 ], 1524 [ 1525 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1526 [Define if your system glob() function has 1527 the GLOB_ALTDIRFUNC extension]) 1528 AC_MSG_RESULT([yes]) 1529 ], 1530 [ 1531 AC_MSG_RESULT([no]) 1532 ] 1533) 1534 1535# Check for g.gl_matchc glob() extension 1536AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1537AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1538 [[ glob_t g; g.gl_matchc = 1; ]])], 1539 [ 1540 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1541 [Define if your system glob() function has 1542 gl_matchc options in glob_t]) 1543 AC_MSG_RESULT([yes]) 1544 ], [ 1545 AC_MSG_RESULT([no]) 1546]) 1547 1548# Check for g.gl_statv glob() extension 1549AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1550AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1551#ifndef GLOB_KEEPSTAT 1552#error "glob does not support GLOB_KEEPSTAT extension" 1553#endif 1554glob_t g; 1555g.gl_statv = NULL; 1556]])], 1557 [ 1558 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1559 [Define if your system glob() function has 1560 gl_statv options in glob_t]) 1561 AC_MSG_RESULT([yes]) 1562 ], [ 1563 AC_MSG_RESULT([no]) 1564 1565]) 1566 1567AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1568 1569AC_CHECK_DECL([VIS_ALL], , 1570 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1571 1572AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1573AC_RUN_IFELSE( 1574 [AC_LANG_PROGRAM([[ 1575#include <sys/types.h> 1576#include <dirent.h> 1577#include <stdlib.h> 1578 ]], 1579 [[ 1580 struct dirent d; 1581 exit(sizeof(d.d_name)<=sizeof(char)); 1582 ]])], 1583 [AC_MSG_RESULT([yes])], 1584 [ 1585 AC_MSG_RESULT([no]) 1586 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1587 [Define if your struct dirent expects you to 1588 allocate extra space for d_name]) 1589 ], 1590 [ 1591 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1592 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1593 ] 1594) 1595 1596AC_MSG_CHECKING([for /proc/pid/fd directory]) 1597if test -d "/proc/$$/fd" ; then 1598 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1599 AC_MSG_RESULT([yes]) 1600else 1601 AC_MSG_RESULT([no]) 1602fi 1603 1604# Check whether user wants TCP wrappers support 1605TCPW_MSG="no" 1606AC_ARG_WITH([tcp-wrappers], 1607 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1608 [ 1609 if test "x$withval" != "xno" ; then 1610 saved_LIBS="$LIBS" 1611 saved_LDFLAGS="$LDFLAGS" 1612 saved_CPPFLAGS="$CPPFLAGS" 1613 if test -n "${withval}" && \ 1614 test "x${withval}" != "xyes"; then 1615 if test -d "${withval}/lib"; then 1616 if test -n "${need_dash_r}"; then 1617 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1618 else 1619 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1620 fi 1621 else 1622 if test -n "${need_dash_r}"; then 1623 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1624 else 1625 LDFLAGS="-L${withval} ${LDFLAGS}" 1626 fi 1627 fi 1628 if test -d "${withval}/include"; then 1629 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1630 else 1631 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1632 fi 1633 fi 1634 LIBS="-lwrap $LIBS" 1635 AC_MSG_CHECKING([for libwrap]) 1636 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1637#include <sys/types.h> 1638#include <sys/socket.h> 1639#include <netinet/in.h> 1640#include <tcpd.h> 1641int deny_severity = 0, allow_severity = 0; 1642 ]], [[ 1643 hosts_access(0); 1644 ]])], [ 1645 AC_MSG_RESULT([yes]) 1646 AC_DEFINE([LIBWRAP], [1], 1647 [Define if you want 1648 TCP Wrappers support]) 1649 SSHDLIBS="$SSHDLIBS -lwrap" 1650 TCPW_MSG="yes" 1651 ], [ 1652 AC_MSG_ERROR([*** libwrap missing]) 1653 ]) 1654 LIBS="$saved_LIBS" 1655 fi 1656 ] 1657) 1658 1659# Check whether user wants to use ldns 1660LDNS_MSG="no" 1661AC_ARG_WITH(ldns, 1662 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1663 [ 1664 ldns="" 1665 if test "x$withval" = "xyes" ; then 1666 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1667 if test "x$LDNSCONFIG" = "xno"; then 1668 LIBS="-lldns $LIBS" 1669 ldns=yes 1670 else 1671 LIBS="$LIBS `$LDNSCONFIG --libs`" 1672 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1673 ldns=yes 1674 fi 1675 elif test "x$withval" != "xno" ; then 1676 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1677 LDFLAGS="$LDFLAGS -L${withval}/lib" 1678 LIBS="-lldns $LIBS" 1679 ldns=yes 1680 fi 1681 1682 # Verify that it works. 1683 if test "x$ldns" = "xyes" ; then 1684 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1685 LDNS_MSG="yes" 1686 AC_MSG_CHECKING([for ldns support]) 1687 AC_LINK_IFELSE( 1688 [AC_LANG_SOURCE([[ 1689#include <stdio.h> 1690#include <stdlib.h> 1691#ifdef HAVE_STDINT_H 1692# include <stdint.h> 1693#endif 1694#include <ldns/ldns.h> 1695int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1696 ]]) 1697 ], 1698 [AC_MSG_RESULT(yes)], 1699 [ 1700 AC_MSG_RESULT(no) 1701 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1702 ]) 1703 fi 1704]) 1705 1706# Check whether user wants libedit support 1707LIBEDIT_MSG="no" 1708AC_ARG_WITH([libedit], 1709 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1710 [ if test "x$withval" != "xno" ; then 1711 if test "x$withval" = "xyes" ; then 1712 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1713 if test "x$PKGCONFIG" != "xno"; then 1714 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1715 if "$PKGCONFIG" libedit; then 1716 AC_MSG_RESULT([yes]) 1717 use_pkgconfig_for_libedit=yes 1718 else 1719 AC_MSG_RESULT([no]) 1720 fi 1721 fi 1722 else 1723 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1724 if test -n "${rpath_opt}"; then 1725 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1726 else 1727 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1728 fi 1729 fi 1730 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1731 LIBEDIT=`$PKGCONFIG --libs libedit` 1732 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1733 else 1734 LIBEDIT="-ledit -lcurses" 1735 fi 1736 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1737 AC_CHECK_LIB([edit], [el_init], 1738 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1739 LIBEDIT_MSG="yes" 1740 AC_SUBST([LIBEDIT]) 1741 ], 1742 [ AC_MSG_ERROR([libedit not found]) ], 1743 [ $OTHERLIBS ] 1744 ) 1745 AC_MSG_CHECKING([if libedit version is compatible]) 1746 AC_COMPILE_IFELSE( 1747 [AC_LANG_PROGRAM([[ 1748#include <histedit.h> 1749#include <stdlib.h> 1750 ]], 1751 [[ 1752 int i = H_SETSIZE; 1753 el_init("", NULL, NULL, NULL); 1754 exit(0); 1755 ]])], 1756 [ AC_MSG_RESULT([yes]) ], 1757 [ AC_MSG_RESULT([no]) 1758 AC_MSG_ERROR([libedit version is not compatible]) ] 1759 ) 1760 fi ] 1761) 1762 1763AUDIT_MODULE=none 1764AC_ARG_WITH([audit], 1765 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1766 [ 1767 AC_MSG_CHECKING([for supported audit module]) 1768 case "$withval" in 1769 bsm) 1770 AC_MSG_RESULT([bsm]) 1771 AUDIT_MODULE=bsm 1772 dnl Checks for headers, libs and functions 1773 AC_CHECK_HEADERS([bsm/audit.h], [], 1774 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1775 [ 1776#ifdef HAVE_TIME_H 1777# include <time.h> 1778#endif 1779 ] 1780) 1781 AC_CHECK_LIB([bsm], [getaudit], [], 1782 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1783 AC_CHECK_FUNCS([getaudit], [], 1784 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1785 # These are optional 1786 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1787 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1788 if test "$sol2ver" -ge 11; then 1789 SSHDLIBS="$SSHDLIBS -lscf" 1790 AC_DEFINE([BROKEN_BSM_API], [1], 1791 [The system has incomplete BSM API]) 1792 fi 1793 ;; 1794 linux) 1795 AC_MSG_RESULT([linux]) 1796 AUDIT_MODULE=linux 1797 dnl Checks for headers, libs and functions 1798 AC_CHECK_HEADERS([libaudit.h]) 1799 SSHDLIBS="$SSHDLIBS -laudit" 1800 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1801 ;; 1802 debug) 1803 AUDIT_MODULE=debug 1804 AC_MSG_RESULT([debug]) 1805 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1806 ;; 1807 no) 1808 AC_MSG_RESULT([no]) 1809 ;; 1810 *) 1811 AC_MSG_ERROR([Unknown audit module $withval]) 1812 ;; 1813 esac ] 1814) 1815 1816AC_ARG_WITH([pie], 1817 [ --with-pie Build Position Independent Executables if possible], [ 1818 if test "x$withval" = "xno"; then 1819 use_pie=no 1820 fi 1821 if test "x$withval" = "xyes"; then 1822 use_pie=yes 1823 fi 1824 ] 1825) 1826if test "x$use_pie" = "x"; then 1827 use_pie=no 1828fi 1829if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1830 # Turn off automatic PIE when toolchain hardening is off. 1831 use_pie=no 1832fi 1833if test "x$use_pie" = "xauto"; then 1834 # Automatic PIE requires gcc >= 4.x 1835 AC_MSG_CHECKING([for gcc >= 4.x]) 1836 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1837#if !defined(__GNUC__) || __GNUC__ < 4 1838#error gcc is too old 1839#endif 1840]])], 1841 [ AC_MSG_RESULT([yes]) ], 1842 [ AC_MSG_RESULT([no]) 1843 use_pie=no ] 1844) 1845fi 1846if test "x$use_pie" != "xno"; then 1847 SAVED_CFLAGS="$CFLAGS" 1848 SAVED_LDFLAGS="$LDFLAGS" 1849 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1850 OSSH_CHECK_LDFLAG_LINK([-pie]) 1851 # We use both -fPIE and -pie or neither. 1852 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1853 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1854 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1855 AC_MSG_RESULT([yes]) 1856 else 1857 AC_MSG_RESULT([no]) 1858 CFLAGS="$SAVED_CFLAGS" 1859 LDFLAGS="$SAVED_LDFLAGS" 1860 fi 1861fi 1862 1863AC_MSG_CHECKING([whether -fPIC is accepted]) 1864SAVED_CFLAGS="$CFLAGS" 1865CFLAGS="$CFLAGS -fPIC" 1866AC_COMPILE_IFELSE( 1867 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1868 [AC_MSG_RESULT([yes]) 1869 PICFLAG="-fPIC"; ], 1870 [AC_MSG_RESULT([no]) 1871 PICFLAG=""; ]) 1872CFLAGS="$SAVED_CFLAGS" 1873AC_SUBST([PICFLAG]) 1874 1875dnl Checks for library functions. Please keep in alphabetical order 1876AC_CHECK_FUNCS([ \ 1877 auth_hostok \ 1878 auth_timeok \ 1879 Blowfish_initstate \ 1880 Blowfish_expandstate \ 1881 Blowfish_expand0state \ 1882 Blowfish_stream2word \ 1883 SHA256Update \ 1884 SHA384Update \ 1885 SHA512Update \ 1886 asprintf \ 1887 b64_ntop \ 1888 __b64_ntop \ 1889 b64_pton \ 1890 __b64_pton \ 1891 bcopy \ 1892 bcrypt_pbkdf \ 1893 bindresvport_sa \ 1894 blf_enc \ 1895 bzero \ 1896 cap_rights_limit \ 1897 clock \ 1898 closefrom \ 1899 close_range \ 1900 dirfd \ 1901 endgrent \ 1902 err \ 1903 errx \ 1904 explicit_bzero \ 1905 explicit_memset \ 1906 fchmod \ 1907 fchmodat \ 1908 fchown \ 1909 fchownat \ 1910 flock \ 1911 fnmatch \ 1912 freeaddrinfo \ 1913 freezero \ 1914 fstatfs \ 1915 fstatvfs \ 1916 futimes \ 1917 getaddrinfo \ 1918 getcwd \ 1919 getgrouplist \ 1920 getline \ 1921 getnameinfo \ 1922 getopt \ 1923 getpagesize \ 1924 getpeereid \ 1925 getpeerucred \ 1926 getpgid \ 1927 _getpty \ 1928 getrlimit \ 1929 getrandom \ 1930 getsid \ 1931 getttyent \ 1932 glob \ 1933 group_from_gid \ 1934 inet_aton \ 1935 inet_ntoa \ 1936 inet_ntop \ 1937 innetgr \ 1938 killpg \ 1939 llabs \ 1940 localtime_r \ 1941 login_getcapbool \ 1942 login_getpwclass \ 1943 memmem \ 1944 memmove \ 1945 memset_s \ 1946 mkdtemp \ 1947 ngetaddrinfo \ 1948 nsleep \ 1949 ogetaddrinfo \ 1950 openlog_r \ 1951 pledge \ 1952 poll \ 1953 ppoll \ 1954 prctl \ 1955 procctl \ 1956 pselect \ 1957 pstat \ 1958 raise \ 1959 readpassphrase \ 1960 reallocarray \ 1961 realpath \ 1962 recvmsg \ 1963 recallocarray \ 1964 rresvport_af \ 1965 sendmsg \ 1966 setdtablesize \ 1967 setegid \ 1968 setenv \ 1969 seteuid \ 1970 setgroupent \ 1971 setgroups \ 1972 setlinebuf \ 1973 setlogin \ 1974 setpassent\ 1975 setpcred \ 1976 setproctitle \ 1977 setregid \ 1978 setreuid \ 1979 setrlimit \ 1980 setsid \ 1981 setvbuf \ 1982 sigaction \ 1983 sigvec \ 1984 snprintf \ 1985 socketpair \ 1986 statfs \ 1987 statvfs \ 1988 strcasestr \ 1989 strdup \ 1990 strerror \ 1991 strlcat \ 1992 strlcpy \ 1993 strmode \ 1994 strndup \ 1995 strnlen \ 1996 strnvis \ 1997 strptime \ 1998 strsignal \ 1999 strtonum \ 2000 strtoll \ 2001 strtoul \ 2002 strtoull \ 2003 swap32 \ 2004 sysconf \ 2005 tcgetpgrp \ 2006 timingsafe_bcmp \ 2007 truncate \ 2008 unsetenv \ 2009 updwtmpx \ 2010 utimensat \ 2011 user_from_uid \ 2012 usleep \ 2013 vasprintf \ 2014 vsnprintf \ 2015 waitpid \ 2016 warn \ 2017]) 2018 2019AC_CHECK_DECLS([bzero, memmem]) 2020 2021dnl Wide character support. 2022AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2023 2024TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2025AC_MSG_CHECKING([for utf8 locale support]) 2026AC_RUN_IFELSE( 2027 [AC_LANG_PROGRAM([[ 2028#include <locale.h> 2029#include <stdlib.h> 2030 ]], [[ 2031 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2032 if (loc != NULL) 2033 exit(0); 2034 exit(1); 2035 ]])], 2036 AC_MSG_RESULT(yes), 2037 [AC_MSG_RESULT(no) 2038 TEST_SSH_UTF8=no], 2039 AC_MSG_WARN([cross compiling: assuming yes]) 2040) 2041 2042AC_LINK_IFELSE( 2043 [AC_LANG_PROGRAM( 2044 [[ #include <ctype.h> ]], 2045 [[ return (isblank('a')); ]])], 2046 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2047]) 2048 2049disable_pkcs11= 2050AC_ARG_ENABLE([pkcs11], 2051 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2052 [ 2053 if test "x$enableval" = "xno" ; then 2054 disable_pkcs11=1 2055 fi 2056 ] 2057) 2058 2059disable_sk= 2060AC_ARG_ENABLE([security-key], 2061 [ --disable-security-key disable U2F/FIDO support code [no]], 2062 [ 2063 if test "x$enableval" = "xno" ; then 2064 disable_sk=1 2065 fi 2066 ] 2067) 2068enable_sk_internal= 2069AC_ARG_WITH([security-key-builtin], 2070 [ --with-security-key-builtin include builtin U2F/FIDO support], 2071 [ 2072 if test "x$withval" != "xno" ; then 2073 enable_sk_internal=yes 2074 fi 2075 ] 2076) 2077test "x$disable_sk" != "x" && enable_sk_internal="" 2078 2079AC_SEARCH_LIBS([dlopen], [dl]) 2080AC_CHECK_FUNCS([dlopen]) 2081AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2082 2083# IRIX has a const char return value for gai_strerror() 2084AC_CHECK_FUNCS([gai_strerror], [ 2085 AC_DEFINE([HAVE_GAI_STRERROR]) 2086 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2087#include <sys/types.h> 2088#include <sys/socket.h> 2089#include <netdb.h> 2090 2091const char *gai_strerror(int); 2092 ]], [[ 2093 char *str; 2094 str = gai_strerror(0); 2095 ]])], [ 2096 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2097 [Define if gai_strerror() returns const char *])], [])]) 2098 2099AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2100 [Some systems put nanosleep outside of libc])]) 2101 2102AC_SEARCH_LIBS([clock_gettime], [rt], 2103 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2104 2105dnl check if we need -D_REENTRANT for localtime_r declaration. 2106AC_CHECK_DECL([localtime_r], [], 2107 [ saved_CPPFLAGS="$CPPFLAGS" 2108 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2109 unset ac_cv_have_decl_localtime_r 2110 AC_CHECK_DECL([localtime_r], [], 2111 [ CPPFLAGS="$saved_CPPFLAGS" ], 2112 [ #include <time.h> ] 2113 ) 2114 ], 2115 [ #include <time.h> ] 2116) 2117 2118dnl Make sure prototypes are defined for these before using them. 2119AC_CHECK_DECL([strsep], 2120 [AC_CHECK_FUNCS([strsep])], 2121 [], 2122 [ 2123#ifdef HAVE_STRING_H 2124# include <string.h> 2125#endif 2126 ]) 2127 2128dnl tcsendbreak might be a macro 2129AC_CHECK_DECL([tcsendbreak], 2130 [AC_DEFINE([HAVE_TCSENDBREAK])], 2131 [AC_CHECK_FUNCS([tcsendbreak])], 2132 [#include <termios.h>] 2133) 2134 2135AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2136 2137AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2138 [ 2139#include <sys/types.h> 2140#include <sys/socket.h> 2141#include <unistd.h> 2142 ]) 2143 2144AC_CHECK_DECLS([O_NONBLOCK], , , 2145 [ 2146#include <sys/types.h> 2147#ifdef HAVE_SYS_STAT_H 2148# include <sys/stat.h> 2149#endif 2150#ifdef HAVE_FCNTL_H 2151# include <fcntl.h> 2152#endif 2153 ]) 2154 2155AC_CHECK_DECLS([ftruncate], , , 2156 [ 2157#include <sys/types.h> 2158#include <unistd.h> 2159 ]) 2160 2161AC_CHECK_DECLS([readv, writev], , , [ 2162#include <sys/types.h> 2163#include <sys/uio.h> 2164#include <unistd.h> 2165 ]) 2166 2167AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2168#include <sys/param.h> 2169 ]) 2170 2171AC_CHECK_DECLS([offsetof], , , [ 2172#include <stddef.h> 2173 ]) 2174 2175# extra bits for select(2) 2176AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2177#include <sys/param.h> 2178#include <sys/types.h> 2179#ifdef HAVE_SYS_SYSMACROS_H 2180#include <sys/sysmacros.h> 2181#endif 2182#ifdef HAVE_SYS_SELECT_H 2183#include <sys/select.h> 2184#endif 2185#ifdef HAVE_SYS_TIME_H 2186#include <sys/time.h> 2187#endif 2188#ifdef HAVE_UNISTD_H 2189#include <unistd.h> 2190#endif 2191 ]]) 2192AC_CHECK_TYPES([fd_mask], [], [], [[ 2193#include <sys/param.h> 2194#include <sys/types.h> 2195#ifdef HAVE_SYS_SELECT_H 2196#include <sys/select.h> 2197#endif 2198#ifdef HAVE_SYS_TIME_H 2199#include <sys/time.h> 2200#endif 2201#ifdef HAVE_UNISTD_H 2202#include <unistd.h> 2203#endif 2204 ]]) 2205 2206AC_CHECK_FUNCS([setresuid], [ 2207 dnl Some platorms have setresuid that isn't implemented, test for this 2208 AC_MSG_CHECKING([if setresuid seems to work]) 2209 AC_RUN_IFELSE( 2210 [AC_LANG_PROGRAM([[ 2211#include <stdlib.h> 2212#include <errno.h> 2213 ]], [[ 2214 errno=0; 2215 setresuid(0,0,0); 2216 if (errno==ENOSYS) 2217 exit(1); 2218 else 2219 exit(0); 2220 ]])], 2221 [AC_MSG_RESULT([yes])], 2222 [AC_DEFINE([BROKEN_SETRESUID], [1], 2223 [Define if your setresuid() is broken]) 2224 AC_MSG_RESULT([not implemented])], 2225 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2226 ) 2227]) 2228 2229AC_CHECK_FUNCS([setresgid], [ 2230 dnl Some platorms have setresgid that isn't implemented, test for this 2231 AC_MSG_CHECKING([if setresgid seems to work]) 2232 AC_RUN_IFELSE( 2233 [AC_LANG_PROGRAM([[ 2234#include <stdlib.h> 2235#include <errno.h> 2236 ]], [[ 2237 errno=0; 2238 setresgid(0,0,0); 2239 if (errno==ENOSYS) 2240 exit(1); 2241 else 2242 exit(0); 2243 ]])], 2244 [AC_MSG_RESULT([yes])], 2245 [AC_DEFINE([BROKEN_SETRESGID], [1], 2246 [Define if your setresgid() is broken]) 2247 AC_MSG_RESULT([not implemented])], 2248 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2249 ) 2250]) 2251 2252AC_MSG_CHECKING([for working fflush(NULL)]) 2253AC_RUN_IFELSE( 2254 [AC_LANG_PROGRAM([[ 2255#include <stdio.h> 2256#include <stdlib.h> 2257 ]], 2258 [[fflush(NULL); exit(0);]])], 2259 AC_MSG_RESULT([yes]), 2260 [AC_MSG_RESULT([no]) 2261 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2262 [define if fflush(NULL) does not work])], 2263 AC_MSG_WARN([cross compiling: assuming working]) 2264) 2265 2266dnl Checks for time functions 2267AC_CHECK_FUNCS([gettimeofday time]) 2268dnl Checks for utmp functions 2269AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2270AC_CHECK_FUNCS([utmpname]) 2271dnl Checks for utmpx functions 2272AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2273AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2274dnl Checks for lastlog functions 2275AC_CHECK_FUNCS([getlastlogxbyname]) 2276 2277AC_CHECK_FUNC([daemon], 2278 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2279 [AC_CHECK_LIB([bsd], [daemon], 2280 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2281) 2282 2283AC_CHECK_FUNC([getpagesize], 2284 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2285 [Define if your libraries define getpagesize()])], 2286 [AC_CHECK_LIB([ucb], [getpagesize], 2287 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2288) 2289 2290# Check for broken snprintf 2291if test "x$ac_cv_func_snprintf" = "xyes" ; then 2292 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2293 AC_RUN_IFELSE( 2294 [AC_LANG_PROGRAM([[ 2295#include <stdio.h> 2296#include <stdlib.h> 2297 ]], 2298 [[ 2299 char b[5]; 2300 snprintf(b,5,"123456789"); 2301 exit(b[4]!='\0'); 2302 ]])], 2303 [AC_MSG_RESULT([yes])], 2304 [ 2305 AC_MSG_RESULT([no]) 2306 AC_DEFINE([BROKEN_SNPRINTF], [1], 2307 [Define if your snprintf is busted]) 2308 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2309 ], 2310 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2311 ) 2312fi 2313 2314if test "x$ac_cv_func_snprintf" = "xyes" ; then 2315 AC_MSG_CHECKING([whether snprintf understands %zu]) 2316 AC_RUN_IFELSE( 2317 [AC_LANG_PROGRAM([[ 2318#include <sys/types.h> 2319#include <stdio.h> 2320#include <stdlib.h> 2321#include <string.h> 2322 ]], 2323 [[ 2324 size_t a = 1, b = 2; 2325 char z[128]; 2326 snprintf(z, sizeof z, "%zu%zu", a, b); 2327 exit(strcmp(z, "12")); 2328 ]])], 2329 [AC_MSG_RESULT([yes])], 2330 [ 2331 AC_MSG_RESULT([no]) 2332 AC_DEFINE([BROKEN_SNPRINTF], [1], 2333 [snprintf does not understand %zu]) 2334 ], 2335 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2336 ) 2337fi 2338 2339# We depend on vsnprintf returning the right thing on overflow: the 2340# number of characters it tried to create (as per SUSv3) 2341if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2342 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2343 AC_RUN_IFELSE( 2344 [AC_LANG_PROGRAM([[ 2345#include <sys/types.h> 2346#include <stdio.h> 2347#include <stdarg.h> 2348 2349int x_snprintf(char *str, size_t count, const char *fmt, ...) 2350{ 2351 size_t ret; 2352 va_list ap; 2353 2354 va_start(ap, fmt); 2355 ret = vsnprintf(str, count, fmt, ap); 2356 va_end(ap); 2357 return ret; 2358} 2359 ]], [[ 2360char x[1]; 2361if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2362 return 1; 2363if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2364 return 1; 2365return 0; 2366 ]])], 2367 [AC_MSG_RESULT([yes])], 2368 [ 2369 AC_MSG_RESULT([no]) 2370 AC_DEFINE([BROKEN_SNPRINTF], [1], 2371 [Define if your snprintf is busted]) 2372 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2373 ], 2374 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2375 ) 2376fi 2377 2378# On systems where [v]snprintf is broken, but is declared in stdio, 2379# check that the fmt argument is const char * or just char *. 2380# This is only useful for when BROKEN_SNPRINTF 2381AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2382AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2383#include <stdio.h> 2384int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2385 ]], [[ 2386 snprintf(0, 0, 0); 2387 ]])], 2388 [AC_MSG_RESULT([yes]) 2389 AC_DEFINE([SNPRINTF_CONST], [const], 2390 [Define as const if snprintf() can declare const char *fmt])], 2391 [AC_MSG_RESULT([no]) 2392 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2393 2394# Check for missing getpeereid (or equiv) support 2395NO_PEERCHECK="" 2396if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2397 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2398 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2399#include <sys/types.h> 2400#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2401 [ AC_MSG_RESULT([yes]) 2402 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2403 ], [AC_MSG_RESULT([no]) 2404 NO_PEERCHECK=1 2405 ]) 2406fi 2407 2408dnl make sure that openpty does not reacquire controlling terminal 2409if test ! -z "$check_for_openpty_ctty_bug"; then 2410 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2411 AC_RUN_IFELSE( 2412 [AC_LANG_PROGRAM([[ 2413#include <stdio.h> 2414#include <stdlib.h> 2415#include <unistd.h> 2416#include <sys/fcntl.h> 2417#include <sys/types.h> 2418#include <sys/wait.h> 2419 ]], [[ 2420 pid_t pid; 2421 int fd, ptyfd, ttyfd, status; 2422 2423 pid = fork(); 2424 if (pid < 0) { /* failed */ 2425 exit(1); 2426 } else if (pid > 0) { /* parent */ 2427 waitpid(pid, &status, 0); 2428 if (WIFEXITED(status)) 2429 exit(WEXITSTATUS(status)); 2430 else 2431 exit(2); 2432 } else { /* child */ 2433 close(0); close(1); close(2); 2434 setsid(); 2435 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2436 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2437 if (fd >= 0) 2438 exit(3); /* Acquired ctty: broken */ 2439 else 2440 exit(0); /* Did not acquire ctty: OK */ 2441 } 2442 ]])], 2443 [ 2444 AC_MSG_RESULT([yes]) 2445 ], 2446 [ 2447 AC_MSG_RESULT([no]) 2448 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2449 ], 2450 [ 2451 AC_MSG_RESULT([cross-compiling, assuming yes]) 2452 ] 2453 ) 2454fi 2455 2456if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2457 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2458 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2459 AC_RUN_IFELSE( 2460 [AC_LANG_PROGRAM([[ 2461#include <stdio.h> 2462#include <stdlib.h> 2463#include <sys/socket.h> 2464#include <netdb.h> 2465#include <errno.h> 2466#include <netinet/in.h> 2467 2468#define TEST_PORT "2222" 2469 ]], [[ 2470 int err, sock; 2471 struct addrinfo *gai_ai, *ai, hints; 2472 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2473 2474 memset(&hints, 0, sizeof(hints)); 2475 hints.ai_family = PF_UNSPEC; 2476 hints.ai_socktype = SOCK_STREAM; 2477 hints.ai_flags = AI_PASSIVE; 2478 2479 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2480 if (err != 0) { 2481 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2482 exit(1); 2483 } 2484 2485 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2486 if (ai->ai_family != AF_INET6) 2487 continue; 2488 2489 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2490 sizeof(ntop), strport, sizeof(strport), 2491 NI_NUMERICHOST|NI_NUMERICSERV); 2492 2493 if (err != 0) { 2494 if (err == EAI_SYSTEM) 2495 perror("getnameinfo EAI_SYSTEM"); 2496 else 2497 fprintf(stderr, "getnameinfo failed: %s\n", 2498 gai_strerror(err)); 2499 exit(2); 2500 } 2501 2502 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2503 if (sock < 0) 2504 perror("socket"); 2505 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2506 if (errno == EBADF) 2507 exit(3); 2508 } 2509 } 2510 exit(0); 2511 ]])], 2512 [ 2513 AC_MSG_RESULT([yes]) 2514 ], 2515 [ 2516 AC_MSG_RESULT([no]) 2517 AC_DEFINE([BROKEN_GETADDRINFO]) 2518 ], 2519 [ 2520 AC_MSG_RESULT([cross-compiling, assuming yes]) 2521 ] 2522 ) 2523fi 2524 2525if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2526 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2527 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2528 AC_RUN_IFELSE( 2529 [AC_LANG_PROGRAM([[ 2530#include <stdio.h> 2531#include <stdlib.h> 2532#include <sys/socket.h> 2533#include <netdb.h> 2534#include <errno.h> 2535#include <netinet/in.h> 2536 2537#define TEST_PORT "2222" 2538 ]], [[ 2539 int err, sock; 2540 struct addrinfo *gai_ai, *ai, hints; 2541 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2542 2543 memset(&hints, 0, sizeof(hints)); 2544 hints.ai_family = PF_UNSPEC; 2545 hints.ai_socktype = SOCK_STREAM; 2546 hints.ai_flags = AI_PASSIVE; 2547 2548 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2549 if (err != 0) { 2550 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2551 exit(1); 2552 } 2553 2554 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2555 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2556 continue; 2557 2558 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2559 sizeof(ntop), strport, sizeof(strport), 2560 NI_NUMERICHOST|NI_NUMERICSERV); 2561 2562 if (ai->ai_family == AF_INET && err != 0) { 2563 perror("getnameinfo"); 2564 exit(2); 2565 } 2566 } 2567 exit(0); 2568 ]])], 2569 [ 2570 AC_MSG_RESULT([yes]) 2571 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2572 [Define if you have a getaddrinfo that fails 2573 for the all-zeros IPv6 address]) 2574 ], 2575 [ 2576 AC_MSG_RESULT([no]) 2577 AC_DEFINE([BROKEN_GETADDRINFO]) 2578 ], 2579 [ 2580 AC_MSG_RESULT([cross-compiling, assuming no]) 2581 ] 2582 ) 2583fi 2584 2585if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2586 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2587 [#include <sys/types.h> 2588 #include <sys/socket.h> 2589 #include <netdb.h>]) 2590fi 2591 2592if test "x$check_for_conflicting_getspnam" = "x1"; then 2593 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2594 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2595#include <shadow.h> 2596#include <stdlib.h> 2597 ]], 2598 [[ exit(0); ]])], 2599 [ 2600 AC_MSG_RESULT([no]) 2601 ], 2602 [ 2603 AC_MSG_RESULT([yes]) 2604 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2605 [Conflicting defs for getspnam]) 2606 ] 2607 ) 2608fi 2609 2610dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2611dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2612dnl for over ten years). Despite this incompatibility being reported during 2613dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2614dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2615dnl implementation. Try to detect this mess, and assume the only safe option 2616dnl if we're cross compiling. 2617dnl 2618dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2619dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2620if test "x$ac_cv_func_strnvis" = "xyes"; then 2621 AC_MSG_CHECKING([for working strnvis]) 2622 AC_RUN_IFELSE( 2623 [AC_LANG_PROGRAM([[ 2624#include <signal.h> 2625#include <stdlib.h> 2626#include <string.h> 2627#include <unistd.h> 2628#include <vis.h> 2629static void sighandler(int sig) { _exit(1); } 2630 ]], [[ 2631 char dst[16]; 2632 2633 signal(SIGSEGV, sighandler); 2634 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2635 exit(0); 2636 exit(1) 2637 ]])], 2638 [AC_MSG_RESULT([yes])], 2639 [AC_MSG_RESULT([no]) 2640 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2641 [AC_MSG_WARN([cross compiling: assuming broken]) 2642 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2643 ) 2644fi 2645 2646AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2647AC_RUN_IFELSE( 2648 [AC_LANG_PROGRAM([[ 2649#ifdef HAVE_SYS_SELECT 2650# include <sys/select.h> 2651#endif 2652#include <sys/types.h> 2653#include <sys/time.h> 2654#include <stdlib.h> 2655#include <signal.h> 2656#include <unistd.h> 2657static void sighandler(int sig) { } 2658 ]], [[ 2659 int r; 2660 pid_t pid; 2661 struct sigaction sa; 2662 2663 sa.sa_handler = sighandler; 2664 sa.sa_flags = SA_RESTART; 2665 (void)sigaction(SIGTERM, &sa, NULL); 2666 if ((pid = fork()) == 0) { /* child */ 2667 pid = getppid(); 2668 sleep(1); 2669 kill(pid, SIGTERM); 2670 sleep(1); 2671 if (getppid() == pid) /* if parent did not exit, shoot it */ 2672 kill(pid, SIGKILL); 2673 exit(0); 2674 } else { /* parent */ 2675 r = select(0, NULL, NULL, NULL, NULL); 2676 } 2677 exit(r == -1 ? 0 : 1); 2678 ]])], 2679 [AC_MSG_RESULT([yes])], 2680 [AC_MSG_RESULT([no]) 2681 AC_DEFINE([NO_SA_RESTART], [1], 2682 [SA_RESTARTed signals do no interrupt select])], 2683 [AC_MSG_WARN([cross compiling: assuming yes])] 2684) 2685 2686AC_CHECK_FUNCS([getpgrp],[ 2687 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2688 AC_COMPILE_IFELSE( 2689 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2690 [ AC_MSG_RESULT([yes]) 2691 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2692 [ AC_MSG_RESULT([no]) 2693 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2694 ) 2695]) 2696 2697# Search for OpenSSL 2698saved_CPPFLAGS="$CPPFLAGS" 2699saved_LDFLAGS="$LDFLAGS" 2700AC_ARG_WITH([ssl-dir], 2701 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2702 [ 2703 if test "x$openssl" = "xno" ; then 2704 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2705 fi 2706 if test "x$withval" != "xno" ; then 2707 case "$withval" in 2708 # Relative paths 2709 ./*|../*) withval="`pwd`/$withval" 2710 esac 2711 if test -d "$withval/lib"; then 2712 libcrypto_path="${withval}/lib" 2713 elif test -d "$withval/lib64"; then 2714 libcrypto_path="$withval/lib64" 2715 else 2716 # Built but not installed 2717 libcrypto_path="${withval}" 2718 fi 2719 if test -n "${rpath_opt}"; then 2720 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2721 else 2722 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2723 fi 2724 if test -d "$withval/include"; then 2725 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2726 else 2727 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2728 fi 2729 fi 2730 ] 2731) 2732 2733AC_ARG_WITH([openssl-header-check], 2734 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2735 [ 2736 if test "x$withval" = "xno" ; then 2737 openssl_check_nonfatal=1 2738 fi 2739 ] 2740) 2741 2742openssl_engine=no 2743AC_ARG_WITH([ssl-engine], 2744 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2745 [ 2746 if test "x$withval" != "xno" ; then 2747 if test "x$openssl" = "xno" ; then 2748 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2749 fi 2750 openssl_engine=yes 2751 fi 2752 ] 2753) 2754 2755if test "x$openssl" = "xyes" ; then 2756 LIBS="-lcrypto $LIBS" 2757 AC_TRY_LINK_FUNC([RAND_add], , 2758 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2759 AC_CHECK_HEADER([openssl/opensslv.h], , 2760 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2761 2762 # Determine OpenSSL header version 2763 AC_MSG_CHECKING([OpenSSL header version]) 2764 AC_RUN_IFELSE( 2765 [AC_LANG_PROGRAM([[ 2766 #include <stdlib.h> 2767 #include <stdio.h> 2768 #include <string.h> 2769 #include <openssl/opensslv.h> 2770 #define DATA "conftest.sslincver" 2771 ]], [[ 2772 FILE *fd; 2773 int rc; 2774 2775 fd = fopen(DATA,"w"); 2776 if(fd == NULL) 2777 exit(1); 2778 2779 if ((rc = fprintf(fd, "%08lx (%s)\n", 2780 (unsigned long)OPENSSL_VERSION_NUMBER, 2781 OPENSSL_VERSION_TEXT)) < 0) 2782 exit(1); 2783 2784 exit(0); 2785 ]])], 2786 [ 2787 ssl_header_ver=`cat conftest.sslincver` 2788 AC_MSG_RESULT([$ssl_header_ver]) 2789 ], 2790 [ 2791 AC_MSG_RESULT([not found]) 2792 AC_MSG_ERROR([OpenSSL version header not found.]) 2793 ], 2794 [ 2795 AC_MSG_WARN([cross compiling: not checking]) 2796 ] 2797 ) 2798 2799 # Determining OpenSSL library version is version dependent. 2800 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2801 2802 # Determine OpenSSL library version 2803 AC_MSG_CHECKING([OpenSSL library version]) 2804 AC_RUN_IFELSE( 2805 [AC_LANG_PROGRAM([[ 2806 #include <stdio.h> 2807 #include <stdlib.h> 2808 #include <string.h> 2809 #include <openssl/opensslv.h> 2810 #include <openssl/crypto.h> 2811 #define DATA "conftest.ssllibver" 2812 ]], [[ 2813 FILE *fd; 2814 int rc; 2815 2816 fd = fopen(DATA,"w"); 2817 if(fd == NULL) 2818 exit(1); 2819#ifndef OPENSSL_VERSION 2820# define OPENSSL_VERSION SSLEAY_VERSION 2821#endif 2822#ifndef HAVE_OPENSSL_VERSION 2823# define OpenSSL_version SSLeay_version 2824#endif 2825#ifndef HAVE_OPENSSL_VERSION_NUM 2826# define OpenSSL_version_num SSLeay 2827#endif 2828 if ((rc = fprintf(fd, "%08lx (%s)\n", 2829 (unsigned long)OpenSSL_version_num(), 2830 OpenSSL_version(OPENSSL_VERSION))) < 0) 2831 exit(1); 2832 2833 exit(0); 2834 ]])], 2835 [ 2836 ssl_library_ver=`cat conftest.ssllibver` 2837 # Check version is supported. 2838 case "$ssl_library_ver" in 2839 10000*|0*) 2840 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2841 ;; 2842 100*) ;; # 1.0.x 2843 101000[[0123456]]*) 2844 # https://github.com/openssl/openssl/pull/4613 2845 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2846 ;; 2847 101*) ;; # 1.1.x 2848 200*) ;; # LibreSSL 2849 300*) ;; # OpenSSL 3 2850 301*) ;; # OpenSSL development branch. 2851 *) 2852 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2853 ;; 2854 esac 2855 AC_MSG_RESULT([$ssl_library_ver]) 2856 ], 2857 [ 2858 AC_MSG_RESULT([not found]) 2859 AC_MSG_ERROR([OpenSSL library not found.]) 2860 ], 2861 [ 2862 AC_MSG_WARN([cross compiling: not checking]) 2863 ] 2864 ) 2865 2866 # Sanity check OpenSSL headers 2867 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2868 AC_RUN_IFELSE( 2869 [AC_LANG_PROGRAM([[ 2870 #include <stdlib.h> 2871 #include <string.h> 2872 #include <openssl/opensslv.h> 2873 #include <openssl/crypto.h> 2874 ]], [[ 2875#ifndef HAVE_OPENSSL_VERSION_NUM 2876# define OpenSSL_version_num SSLeay 2877#endif 2878 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2879 ]])], 2880 [ 2881 AC_MSG_RESULT([yes]) 2882 ], 2883 [ 2884 AC_MSG_RESULT([no]) 2885 if test "x$openssl_check_nonfatal" = "x"; then 2886 AC_MSG_ERROR([Your OpenSSL headers do not match your 2887 library. Check config.log for details. 2888 If you are sure your installation is consistent, you can disable the check 2889 by running "./configure --without-openssl-header-check". 2890 Also see contrib/findssl.sh for help identifying header/library mismatches. 2891 ]) 2892 else 2893 AC_MSG_WARN([Your OpenSSL headers do not match your 2894 library. Check config.log for details. 2895 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2896 fi 2897 ], 2898 [ 2899 AC_MSG_WARN([cross compiling: not checking]) 2900 ] 2901 ) 2902 2903 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2904 AC_LINK_IFELSE( 2905 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2906 [[ ERR_load_crypto_strings(); ]])], 2907 [ 2908 AC_MSG_RESULT([yes]) 2909 ], 2910 [ 2911 AC_MSG_RESULT([no]) 2912 saved_LIBS="$LIBS" 2913 LIBS="$LIBS -ldl" 2914 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2915 AC_LINK_IFELSE( 2916 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2917 [[ ERR_load_crypto_strings(); ]])], 2918 [ 2919 AC_MSG_RESULT([yes]) 2920 ], 2921 [ 2922 AC_MSG_RESULT([no]) 2923 LIBS="$saved_LIBS" 2924 ] 2925 ) 2926 ] 2927 ) 2928 2929 AC_CHECK_FUNCS([ \ 2930 BN_is_prime_ex \ 2931 DSA_generate_parameters_ex \ 2932 EVP_CIPHER_CTX_ctrl \ 2933 EVP_DigestFinal_ex \ 2934 EVP_DigestInit_ex \ 2935 EVP_MD_CTX_cleanup \ 2936 EVP_MD_CTX_copy_ex \ 2937 EVP_MD_CTX_init \ 2938 HMAC_CTX_init \ 2939 RSA_generate_key_ex \ 2940 RSA_get_default_method \ 2941 ]) 2942 2943 # OpenSSL_add_all_algorithms may be a macro. 2944 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2945 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2946 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2947 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2948 [[#include <openssl/evp.h>]] 2949 ) 2950 ) 2951 2952 # LibreSSL/OpenSSL 1.1x API 2953 AC_CHECK_FUNCS([ \ 2954 OPENSSL_init_crypto \ 2955 DH_get0_key \ 2956 DH_get0_pqg \ 2957 DH_set0_key \ 2958 DH_set_length \ 2959 DH_set0_pqg \ 2960 DSA_get0_key \ 2961 DSA_get0_pqg \ 2962 DSA_set0_key \ 2963 DSA_set0_pqg \ 2964 DSA_SIG_get0 \ 2965 DSA_SIG_set0 \ 2966 ECDSA_SIG_get0 \ 2967 ECDSA_SIG_set0 \ 2968 EVP_CIPHER_CTX_iv \ 2969 EVP_CIPHER_CTX_iv_noconst \ 2970 EVP_CIPHER_CTX_get_iv \ 2971 EVP_CIPHER_CTX_get_updated_iv \ 2972 EVP_CIPHER_CTX_set_iv \ 2973 RSA_get0_crt_params \ 2974 RSA_get0_factors \ 2975 RSA_get0_key \ 2976 RSA_set0_crt_params \ 2977 RSA_set0_factors \ 2978 RSA_set0_key \ 2979 RSA_meth_free \ 2980 RSA_meth_dup \ 2981 RSA_meth_set1_name \ 2982 RSA_meth_get_finish \ 2983 RSA_meth_set_priv_enc \ 2984 RSA_meth_set_priv_dec \ 2985 RSA_meth_set_finish \ 2986 EVP_PKEY_get0_RSA \ 2987 EVP_MD_CTX_new \ 2988 EVP_MD_CTX_free \ 2989 EVP_chacha20 \ 2990 ]) 2991 2992 if test "x$openssl_engine" = "xyes" ; then 2993 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2994 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2995 #include <openssl/engine.h> 2996 ]], [[ 2997 ENGINE_load_builtin_engines(); 2998 ENGINE_register_all_complete(); 2999 ]])], 3000 [ AC_MSG_RESULT([yes]) 3001 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3002 [Enable OpenSSL engine support]) 3003 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3004 ]) 3005 fi 3006 3007 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3008 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 3009 AC_LINK_IFELSE( 3010 [AC_LANG_PROGRAM([[ 3011 #include <stdlib.h> 3012 #include <string.h> 3013 #include <openssl/evp.h> 3014 ]], [[ 3015 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3016 ]])], 3017 [ 3018 AC_MSG_RESULT([no]) 3019 ], 3020 [ 3021 AC_MSG_RESULT([yes]) 3022 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3023 [libcrypto is missing AES 192 and 256 bit functions]) 3024 ] 3025 ) 3026 3027 # Check for OpenSSL with EVP_aes_*ctr 3028 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 3029 AC_LINK_IFELSE( 3030 [AC_LANG_PROGRAM([[ 3031 #include <stdlib.h> 3032 #include <string.h> 3033 #include <openssl/evp.h> 3034 ]], [[ 3035 exit(EVP_aes_128_ctr() == NULL || 3036 EVP_aes_192_cbc() == NULL || 3037 EVP_aes_256_cbc() == NULL); 3038 ]])], 3039 [ 3040 AC_MSG_RESULT([yes]) 3041 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 3042 [libcrypto has EVP AES CTR]) 3043 ], 3044 [ 3045 AC_MSG_RESULT([no]) 3046 ] 3047 ) 3048 3049 # Check for OpenSSL with EVP_aes_*gcm 3050 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 3051 AC_LINK_IFELSE( 3052 [AC_LANG_PROGRAM([[ 3053 #include <stdlib.h> 3054 #include <string.h> 3055 #include <openssl/evp.h> 3056 ]], [[ 3057 exit(EVP_aes_128_gcm() == NULL || 3058 EVP_aes_256_gcm() == NULL || 3059 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 3060 EVP_CTRL_GCM_IV_GEN == 0 || 3061 EVP_CTRL_GCM_SET_TAG == 0 || 3062 EVP_CTRL_GCM_GET_TAG == 0 || 3063 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 3064 ]])], 3065 [ 3066 AC_MSG_RESULT([yes]) 3067 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 3068 [libcrypto has EVP AES GCM]) 3069 ], 3070 [ 3071 AC_MSG_RESULT([no]) 3072 unsupported_algorithms="$unsupported_cipers \ 3073 aes128-gcm@openssh.com \ 3074 aes256-gcm@openssh.com" 3075 ] 3076 ) 3077 3078 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3079 AC_LINK_IFELSE( 3080 [AC_LANG_PROGRAM([[ 3081 #include <stdlib.h> 3082 #include <string.h> 3083 #include <openssl/evp.h> 3084 ]], [[ 3085 if(EVP_DigestUpdate(NULL, NULL,0)) 3086 exit(0); 3087 ]])], 3088 [ 3089 AC_MSG_RESULT([yes]) 3090 ], 3091 [ 3092 AC_MSG_RESULT([no]) 3093 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3094 [Define if EVP_DigestUpdate returns void]) 3095 ] 3096 ) 3097 3098 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 3099 # because the system crypt() is more featureful. 3100 if test "x$check_for_libcrypt_before" = "x1"; then 3101 AC_CHECK_LIB([crypt], [crypt]) 3102 fi 3103 3104 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 3105 # version in OpenSSL. 3106 if test "x$check_for_libcrypt_later" = "x1"; then 3107 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3108 fi 3109 AC_CHECK_FUNCS([crypt DES_crypt]) 3110 3111 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3112 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3113 3114 # Check complete ECC support in OpenSSL 3115 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3116 AC_LINK_IFELSE( 3117 [AC_LANG_PROGRAM([[ 3118 #include <openssl/ec.h> 3119 #include <openssl/ecdh.h> 3120 #include <openssl/ecdsa.h> 3121 #include <openssl/evp.h> 3122 #include <openssl/objects.h> 3123 #include <openssl/opensslv.h> 3124 ]], [[ 3125 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3126 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3127 ]])], 3128 [ AC_MSG_RESULT([yes]) 3129 enable_nistp256=1 ], 3130 [ AC_MSG_RESULT([no]) ] 3131 ) 3132 3133 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3134 AC_LINK_IFELSE( 3135 [AC_LANG_PROGRAM([[ 3136 #include <openssl/ec.h> 3137 #include <openssl/ecdh.h> 3138 #include <openssl/ecdsa.h> 3139 #include <openssl/evp.h> 3140 #include <openssl/objects.h> 3141 #include <openssl/opensslv.h> 3142 ]], [[ 3143 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3144 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3145 ]])], 3146 [ AC_MSG_RESULT([yes]) 3147 enable_nistp384=1 ], 3148 [ AC_MSG_RESULT([no]) ] 3149 ) 3150 3151 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3152 AC_LINK_IFELSE( 3153 [AC_LANG_PROGRAM([[ 3154 #include <openssl/ec.h> 3155 #include <openssl/ecdh.h> 3156 #include <openssl/ecdsa.h> 3157 #include <openssl/evp.h> 3158 #include <openssl/objects.h> 3159 #include <openssl/opensslv.h> 3160 ]], [[ 3161 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3162 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3163 ]])], 3164 [ AC_MSG_RESULT([yes]) 3165 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3166 AC_RUN_IFELSE( 3167 [AC_LANG_PROGRAM([[ 3168 #include <stdlib.h> 3169 #include <openssl/ec.h> 3170 #include <openssl/ecdh.h> 3171 #include <openssl/ecdsa.h> 3172 #include <openssl/evp.h> 3173 #include <openssl/objects.h> 3174 #include <openssl/opensslv.h> 3175 ]],[[ 3176 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3177 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3178 exit(e == NULL || m == NULL); 3179 ]])], 3180 [ AC_MSG_RESULT([yes]) 3181 enable_nistp521=1 ], 3182 [ AC_MSG_RESULT([no]) ], 3183 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3184 enable_nistp521=1 ] 3185 )], 3186 AC_MSG_RESULT([no]) 3187 ) 3188 3189 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3190 test x$enable_nistp521 = x1; then 3191 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3192 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3193 openssl_ecc=yes 3194 else 3195 openssl_ecc=no 3196 fi 3197 if test x$enable_nistp256 = x1; then 3198 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3199 [libcrypto has NID_X9_62_prime256v1]) 3200 else 3201 unsupported_algorithms="$unsupported_algorithms \ 3202 ecdsa-sha2-nistp256 \ 3203 ecdh-sha2-nistp256 \ 3204 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3205 fi 3206 if test x$enable_nistp384 = x1; then 3207 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3208 else 3209 unsupported_algorithms="$unsupported_algorithms \ 3210 ecdsa-sha2-nistp384 \ 3211 ecdh-sha2-nistp384 \ 3212 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3213 fi 3214 if test x$enable_nistp521 = x1; then 3215 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3216 else 3217 unsupported_algorithms="$unsupported_algorithms \ 3218 ecdh-sha2-nistp521 \ 3219 ecdsa-sha2-nistp521 \ 3220 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3221 fi 3222 3223else 3224 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3225 AC_CHECK_FUNCS([crypt]) 3226fi 3227 3228# PKCS11/U2F depend on OpenSSL and dlopen(). 3229enable_pkcs11=yes 3230enable_sk=yes 3231if test "x$openssl" != "xyes" ; then 3232 enable_pkcs11="disabled; missing libcrypto" 3233fi 3234if test "x$ac_cv_func_dlopen" != "xyes" ; then 3235 enable_pkcs11="disabled; missing dlopen(3)" 3236 enable_sk="disabled; missing dlopen(3)" 3237fi 3238if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3239 enable_pkcs11="disabled; missing RTLD_NOW" 3240 enable_sk="disabled; missing RTLD_NOW" 3241fi 3242if test ! -z "$disable_pkcs11" ; then 3243 enable_pkcs11="disabled by user" 3244fi 3245if test ! -z "$disable_sk" ; then 3246 enable_sk="disabled by user" 3247fi 3248 3249AC_MSG_CHECKING([whether to enable PKCS11]) 3250if test "x$enable_pkcs11" = "xyes" ; then 3251 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3252fi 3253AC_MSG_RESULT([$enable_pkcs11]) 3254 3255AC_MSG_CHECKING([whether to enable U2F]) 3256if test "x$enable_sk" = "xyes" ; then 3257 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3258 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3259else 3260 # Do not try to build sk-dummy library. 3261 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3262fi 3263AC_MSG_RESULT([$enable_sk]) 3264 3265# Now check for built-in security key support. 3266if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3267 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3268 use_pkgconfig_for_libfido2= 3269 if test "x$PKGCONFIG" != "xno"; then 3270 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3271 if "$PKGCONFIG" libfido2; then 3272 AC_MSG_RESULT([yes]) 3273 use_pkgconfig_for_libfido2=yes 3274 else 3275 AC_MSG_RESULT([no]) 3276 fi 3277 fi 3278 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3279 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3280 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3281 else 3282 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3283 fi 3284 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3285 AC_CHECK_LIB([privatefido2], [fido_init], 3286 [ 3287 AC_SUBST([LIBFIDO2]) 3288 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3289 [Enable for built-in U2F/FIDO support]) 3290 enable_sk="built-in" 3291 ], [ AC_MSG_ERROR([no usable libprivatefido2 found]) ], 3292 [ $OTHERLIBS ] 3293 ) 3294 saved_LIBS="$LIBS" 3295 LIBS="$LIBS $LIBFIDO2" 3296 AC_CHECK_FUNCS([ \ 3297 fido_assert_set_clientdata \ 3298 fido_cred_prot \ 3299 fido_cred_set_prot \ 3300 fido_cred_set_clientdata \ 3301 fido_dev_get_touch_begin \ 3302 fido_dev_get_touch_status \ 3303 fido_dev_supports_cred_prot \ 3304 ]) 3305 LIBS="$saved_LIBS" 3306 AC_CHECK_HEADER([fido.h], [], 3307 AC_MSG_ERROR([missing fido.h from libfido2])) 3308 AC_CHECK_HEADER([fido/credman.h], [], 3309 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3310 [#include <fido.h>] 3311 ) 3312fi 3313 3314AC_CHECK_FUNCS([ \ 3315 arc4random \ 3316 arc4random_buf \ 3317 arc4random_stir \ 3318 arc4random_uniform \ 3319]) 3320 3321saved_LIBS="$LIBS" 3322AC_CHECK_LIB([iaf], [ia_openinfo], [ 3323 LIBS="$LIBS -liaf" 3324 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3325 AC_DEFINE([HAVE_LIBIAF], [1], 3326 [Define if system has libiaf that supports set_id]) 3327 ]) 3328]) 3329LIBS="$saved_LIBS" 3330 3331### Configure cryptographic random number support 3332 3333# Check whether OpenSSL seeds itself 3334if test "x$openssl" = "xyes" ; then 3335 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3336 AC_RUN_IFELSE( 3337 [AC_LANG_PROGRAM([[ 3338 #include <stdlib.h> 3339 #include <string.h> 3340 #include <openssl/rand.h> 3341 ]], [[ 3342 exit(RAND_status() == 1 ? 0 : 1); 3343 ]])], 3344 [ 3345 OPENSSL_SEEDS_ITSELF=yes 3346 AC_MSG_RESULT([yes]) 3347 ], 3348 [ 3349 AC_MSG_RESULT([no]) 3350 ], 3351 [ 3352 AC_MSG_WARN([cross compiling: assuming yes]) 3353 # This is safe, since we will fatal() at runtime if 3354 # OpenSSL is not seeded correctly. 3355 OPENSSL_SEEDS_ITSELF=yes 3356 ] 3357 ) 3358fi 3359 3360# PRNGD TCP socket 3361AC_ARG_WITH([prngd-port], 3362 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3363 [ 3364 case "$withval" in 3365 no) 3366 withval="" 3367 ;; 3368 [[0-9]]*) 3369 ;; 3370 *) 3371 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3372 ;; 3373 esac 3374 if test ! -z "$withval" ; then 3375 PRNGD_PORT="$withval" 3376 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3377 [Port number of PRNGD/EGD random number socket]) 3378 fi 3379 ] 3380) 3381 3382# PRNGD Unix domain socket 3383AC_ARG_WITH([prngd-socket], 3384 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3385 [ 3386 case "$withval" in 3387 yes) 3388 withval="/var/run/egd-pool" 3389 ;; 3390 no) 3391 withval="" 3392 ;; 3393 /*) 3394 ;; 3395 *) 3396 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3397 ;; 3398 esac 3399 3400 if test ! -z "$withval" ; then 3401 if test ! -z "$PRNGD_PORT" ; then 3402 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3403 fi 3404 if test ! -r "$withval" ; then 3405 AC_MSG_WARN([Entropy socket is not readable]) 3406 fi 3407 PRNGD_SOCKET="$withval" 3408 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3409 [Location of PRNGD/EGD random number socket]) 3410 fi 3411 ], 3412 [ 3413 # Check for existing socket only if we don't have a random device already 3414 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3415 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3416 # Insert other locations here 3417 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3418 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3419 PRNGD_SOCKET="$sock" 3420 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3421 break; 3422 fi 3423 done 3424 if test ! -z "$PRNGD_SOCKET" ; then 3425 AC_MSG_RESULT([$PRNGD_SOCKET]) 3426 else 3427 AC_MSG_RESULT([not found]) 3428 fi 3429 fi 3430 ] 3431) 3432 3433# Which randomness source do we use? 3434if test ! -z "$PRNGD_PORT" ; then 3435 RAND_MSG="PRNGd port $PRNGD_PORT" 3436elif test ! -z "$PRNGD_SOCKET" ; then 3437 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3438elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3439 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3440 [Define if you want the OpenSSL internally seeded PRNG only]) 3441 RAND_MSG="OpenSSL internal ONLY" 3442elif test "x$openssl" = "xno" ; then 3443 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3444else 3445 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3446fi 3447 3448# Check for PAM libs 3449PAM_MSG="no" 3450AC_ARG_WITH([pam], 3451 [ --with-pam Enable PAM support ], 3452 [ 3453 if test "x$withval" != "xno" ; then 3454 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3455 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3456 AC_MSG_ERROR([PAM headers not found]) 3457 fi 3458 3459 saved_LIBS="$LIBS" 3460 AC_CHECK_LIB([dl], [dlopen], , ) 3461 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3462 AC_CHECK_FUNCS([pam_getenvlist]) 3463 AC_CHECK_FUNCS([pam_putenv]) 3464 LIBS="$saved_LIBS" 3465 3466 PAM_MSG="yes" 3467 3468 SSHDLIBS="$SSHDLIBS -lpam" 3469 AC_DEFINE([USE_PAM], [1], 3470 [Define if you want to enable PAM support]) 3471 3472 if test $ac_cv_lib_dl_dlopen = yes; then 3473 case "$LIBS" in 3474 *-ldl*) 3475 # libdl already in LIBS 3476 ;; 3477 *) 3478 SSHDLIBS="$SSHDLIBS -ldl" 3479 ;; 3480 esac 3481 fi 3482 fi 3483 ] 3484) 3485 3486AC_ARG_WITH([pam-service], 3487 [ --with-pam-service=name Specify PAM service name ], 3488 [ 3489 if test "x$withval" != "xno" && \ 3490 test "x$withval" != "xyes" ; then 3491 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3492 ["$withval"], [sshd PAM service name]) 3493 fi 3494 ] 3495) 3496 3497# Check for older PAM 3498if test "x$PAM_MSG" = "xyes" ; then 3499 # Check PAM strerror arguments (old PAM) 3500 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3501 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3502#include <stdlib.h> 3503#if defined(HAVE_SECURITY_PAM_APPL_H) 3504#include <security/pam_appl.h> 3505#elif defined (HAVE_PAM_PAM_APPL_H) 3506#include <pam/pam_appl.h> 3507#endif 3508 ]], [[ 3509(void)pam_strerror((pam_handle_t *)NULL, -1); 3510 ]])], [AC_MSG_RESULT([no])], [ 3511 AC_DEFINE([HAVE_OLD_PAM], [1], 3512 [Define if you have an old version of PAM 3513 which takes only one argument to pam_strerror]) 3514 AC_MSG_RESULT([yes]) 3515 PAM_MSG="yes (old library)" 3516 3517 ]) 3518fi 3519 3520case "$host" in 3521*-*-cygwin*) 3522 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3523 ;; 3524*) 3525 SSH_PRIVSEP_USER=sshd 3526 ;; 3527esac 3528AC_ARG_WITH([privsep-user], 3529 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3530 [ 3531 if test -n "$withval" && test "x$withval" != "xno" && \ 3532 test "x${withval}" != "xyes"; then 3533 SSH_PRIVSEP_USER=$withval 3534 fi 3535 ] 3536) 3537if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3538 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3539 [Cygwin function to fetch non-privileged user for privilege separation]) 3540else 3541 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3542 [non-privileged user for privilege separation]) 3543fi 3544AC_SUBST([SSH_PRIVSEP_USER]) 3545 3546if test "x$have_linux_no_new_privs" = "x1" ; then 3547AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3548 #include <sys/types.h> 3549 #include <linux/seccomp.h> 3550]) 3551fi 3552if test "x$have_seccomp_filter" = "x1" ; then 3553AC_MSG_CHECKING([kernel for seccomp_filter support]) 3554AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3555 #include <errno.h> 3556 #include <elf.h> 3557 #include <linux/audit.h> 3558 #include <linux/seccomp.h> 3559 #include <stdlib.h> 3560 #include <sys/prctl.h> 3561 ]], 3562 [[ int i = $seccomp_audit_arch; 3563 errno = 0; 3564 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3565 exit(errno == EFAULT ? 0 : 1); ]])], 3566 [ AC_MSG_RESULT([yes]) ], [ 3567 AC_MSG_RESULT([no]) 3568 # Disable seccomp filter as a target 3569 have_seccomp_filter=0 3570 ] 3571) 3572fi 3573 3574# Decide which sandbox style to use 3575sandbox_arg="" 3576AC_ARG_WITH([sandbox], 3577 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3578 [ 3579 if test "x$withval" = "xyes" ; then 3580 sandbox_arg="" 3581 else 3582 sandbox_arg="$withval" 3583 fi 3584 ] 3585) 3586 3587# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3588# is greater than OPEN_MAX". On some platforms that includes implementions 3589# ofselect in userspace on top of poll() so check both work with rlimit NOFILES 3590# so check that both work before enabling the rlimit sandbox. 3591AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3592AC_RUN_IFELSE( 3593 [AC_LANG_PROGRAM([[ 3594#include <sys/types.h> 3595#ifdef HAVE_SYS_TIME_H 3596# include <sys/time.h> 3597#endif 3598#include <sys/resource.h> 3599#ifdef HAVE_SYS_SELECT_H 3600# include <sys/select.h> 3601#endif 3602#ifdef HAVE_POLL_H 3603# include <poll.h> 3604#elif HAVE_SYS_POLL_H 3605# include <sys/poll.h> 3606#endif 3607#include <errno.h> 3608#include <fcntl.h> 3609#include <stdlib.h> 3610 ]],[[ 3611 struct rlimit rl_zero; 3612 int fd, r; 3613 fd_set fds; 3614 struct timeval tv; 3615#ifdef HAVE_POLL 3616 struct pollfd pfd; 3617#endif 3618 3619 fd = open("/dev/null", O_RDONLY); 3620 FD_ZERO(&fds); 3621 FD_SET(fd, &fds); 3622 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3623 setrlimit(RLIMIT_FSIZE, &rl_zero); 3624 setrlimit(RLIMIT_NOFILE, &rl_zero); 3625 tv.tv_sec = 1; 3626 tv.tv_usec = 0; 3627 r = select(fd+1, &fds, NULL, NULL, &tv); 3628 if (r == -1) 3629 exit(1); 3630#ifdef HAVE_POLL 3631 pfd.fd = fd; 3632 pfd.events = POLLIN; 3633 r = poll(&pfd, 1, 1); 3634 if (r == -1) 3635 exit(2); 3636#endif 3637 exit(0); 3638 ]])], 3639 [AC_MSG_RESULT([yes]) 3640 select_works_with_rlimit=yes], 3641 [AC_MSG_RESULT([no]) 3642 select_works_with_rlimit=no], 3643 [AC_MSG_WARN([cross compiling: assuming no]) 3644 select_works_with_rlimit=no] 3645) 3646 3647AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3648#include <sys/types.h> 3649#ifdef HAVE_POLL_H 3650#include <poll.h> 3651#endif 3652#ifdef HAVE_SYS_POLL_H 3653#include <sys/poll.h> 3654#endif 3655]]) 3656 3657AC_CHECK_TYPES([nfds_t], , , [ 3658#include <sys/types.h> 3659#ifdef HAVE_POLL_H 3660#include <poll.h> 3661#endif 3662#ifdef HAVE_SYS_POLL_H 3663#include <sys/poll.h> 3664#endif 3665]) 3666 3667AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3668AC_RUN_IFELSE( 3669 [AC_LANG_PROGRAM([[ 3670#include <sys/types.h> 3671#ifdef HAVE_SYS_TIME_H 3672# include <sys/time.h> 3673#endif 3674#include <sys/resource.h> 3675#include <errno.h> 3676#include <stdlib.h> 3677 ]],[[ 3678 struct rlimit rl_zero; 3679 int r; 3680 3681 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3682 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3683 exit (r == -1 ? 1 : 0); 3684 ]])], 3685 [AC_MSG_RESULT([yes]) 3686 rlimit_nofile_zero_works=yes], 3687 [AC_MSG_RESULT([no]) 3688 rlimit_nofile_zero_works=no], 3689 [AC_MSG_WARN([cross compiling: assuming yes]) 3690 rlimit_nofile_zero_works=yes] 3691) 3692 3693AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3694AC_RUN_IFELSE( 3695 [AC_LANG_PROGRAM([[ 3696#include <sys/types.h> 3697#include <sys/resource.h> 3698#include <stdlib.h> 3699 ]],[[ 3700 struct rlimit rl_zero; 3701 3702 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3703 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3704 ]])], 3705 [AC_MSG_RESULT([yes])], 3706 [AC_MSG_RESULT([no]) 3707 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3708 [setrlimit RLIMIT_FSIZE works])], 3709 [AC_MSG_WARN([cross compiling: assuming yes])] 3710) 3711 3712if test "x$sandbox_arg" = "xpledge" || \ 3713 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3714 test "x$ac_cv_func_pledge" != "xyes" && \ 3715 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3716 SANDBOX_STYLE="pledge" 3717 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3718elif test "x$sandbox_arg" = "xsystrace" || \ 3719 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3720 test "x$have_systr_policy_kill" != "x1" && \ 3721 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3722 SANDBOX_STYLE="systrace" 3723 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3724elif test "x$sandbox_arg" = "xdarwin" || \ 3725 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3726 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3727 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3728 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3729 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3730 SANDBOX_STYLE="darwin" 3731 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3732elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3733 ( test -z "$sandbox_arg" && \ 3734 test "x$have_seccomp_filter" = "x1" && \ 3735 test "x$ac_cv_header_elf_h" = "xyes" && \ 3736 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3737 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3738 test "x$seccomp_audit_arch" != "x" && \ 3739 test "x$have_linux_no_new_privs" = "x1" && \ 3740 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3741 test "x$seccomp_audit_arch" = "x" && \ 3742 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3743 test "x$have_linux_no_new_privs" != "x1" && \ 3744 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3745 test "x$have_seccomp_filter" != "x1" && \ 3746 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3747 test "x$ac_cv_func_prctl" != "xyes" && \ 3748 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3749 SANDBOX_STYLE="seccomp_filter" 3750 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3751elif test "x$sandbox_arg" = "xcapsicum" || \ 3752 ( test -z "$sandbox_arg" && \ 3753 test "x$disable_capsicum" != "xyes" && \ 3754 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3755 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3756 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3757 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3758 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3759 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3760 SANDBOX_STYLE="capsicum" 3761 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3762elif test "x$sandbox_arg" = "xrlimit" || \ 3763 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3764 test "x$select_works_with_rlimit" = "xyes" && \ 3765 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3766 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3767 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3768 test "x$select_works_with_rlimit" != "xyes" && \ 3769 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3770 SANDBOX_STYLE="rlimit" 3771 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3772elif test "x$sandbox_arg" = "xsolaris" || \ 3773 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3774 SANDBOX_STYLE="solaris" 3775 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3776elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3777 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3778 SANDBOX_STYLE="none" 3779 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3780else 3781 AC_MSG_ERROR([unsupported --with-sandbox]) 3782fi 3783 3784# Cheap hack to ensure NEWS-OS libraries are arranged right. 3785if test ! -z "$SONY" ; then 3786 LIBS="$LIBS -liberty"; 3787fi 3788 3789# Check for long long datatypes 3790AC_CHECK_TYPES([long long, unsigned long long, long double]) 3791 3792# Check datatype sizes 3793AC_CHECK_SIZEOF([short int]) 3794AC_CHECK_SIZEOF([int]) 3795AC_CHECK_SIZEOF([long int]) 3796AC_CHECK_SIZEOF([long long int]) 3797AC_CHECK_SIZEOF([time_t], [], [[ 3798 #include <sys/types.h> 3799 #ifdef HAVE_SYS_TIME_H 3800 # include <sys/time.h> 3801 #endif 3802 #ifdef HAVE_TIME_H 3803 # include <time.h> 3804 #endif 3805 ]] 3806) 3807 3808# Sanity check long long for some platforms (AIX) 3809if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3810 ac_cv_sizeof_long_long_int=0 3811fi 3812 3813# compute LLONG_MIN and LLONG_MAX if we don't know them. 3814if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3815 AC_MSG_CHECKING([for max value of long long]) 3816 AC_RUN_IFELSE( 3817 [AC_LANG_PROGRAM([[ 3818#include <stdio.h> 3819#include <stdlib.h> 3820/* Why is this so damn hard? */ 3821#ifdef __GNUC__ 3822# undef __GNUC__ 3823#endif 3824#define __USE_ISOC99 3825#include <limits.h> 3826#define DATA "conftest.llminmax" 3827#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3828 3829/* 3830 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3831 * we do this the hard way. 3832 */ 3833static int 3834fprint_ll(FILE *f, long long n) 3835{ 3836 unsigned int i; 3837 int l[sizeof(long long) * 8]; 3838 3839 if (n < 0) 3840 if (fprintf(f, "-") < 0) 3841 return -1; 3842 for (i = 0; n != 0; i++) { 3843 l[i] = my_abs(n % 10); 3844 n /= 10; 3845 } 3846 do { 3847 if (fprintf(f, "%d", l[--i]) < 0) 3848 return -1; 3849 } while (i != 0); 3850 if (fprintf(f, " ") < 0) 3851 return -1; 3852 return 0; 3853} 3854 ]], [[ 3855 FILE *f; 3856 long long i, llmin, llmax = 0; 3857 3858 if((f = fopen(DATA,"w")) == NULL) 3859 exit(1); 3860 3861#if defined(LLONG_MIN) && defined(LLONG_MAX) 3862 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3863 llmin = LLONG_MIN; 3864 llmax = LLONG_MAX; 3865#else 3866 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3867 /* This will work on one's complement and two's complement */ 3868 for (i = 1; i > llmax; i <<= 1, i++) 3869 llmax = i; 3870 llmin = llmax + 1LL; /* wrap */ 3871#endif 3872 3873 /* Sanity check */ 3874 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3875 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3876 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3877 fprintf(f, "unknown unknown\n"); 3878 exit(2); 3879 } 3880 3881 if (fprint_ll(f, llmin) < 0) 3882 exit(3); 3883 if (fprint_ll(f, llmax) < 0) 3884 exit(4); 3885 if (fclose(f) < 0) 3886 exit(5); 3887 exit(0); 3888 ]])], 3889 [ 3890 llong_min=`$AWK '{print $1}' conftest.llminmax` 3891 llong_max=`$AWK '{print $2}' conftest.llminmax` 3892 3893 AC_MSG_RESULT([$llong_max]) 3894 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3895 [max value of long long calculated by configure]) 3896 AC_MSG_CHECKING([for min value of long long]) 3897 AC_MSG_RESULT([$llong_min]) 3898 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3899 [min value of long long calculated by configure]) 3900 ], 3901 [ 3902 AC_MSG_RESULT([not found]) 3903 ], 3904 [ 3905 AC_MSG_WARN([cross compiling: not checking]) 3906 ] 3907 ) 3908fi 3909 3910AC_CHECK_DECLS([UINT32_MAX], , , [[ 3911#ifdef HAVE_SYS_LIMITS_H 3912# include <sys/limits.h> 3913#endif 3914#ifdef HAVE_LIMITS_H 3915# include <limits.h> 3916#endif 3917#ifdef HAVE_STDINT_H 3918# include <stdint.h> 3919#endif 3920]]) 3921 3922# More checks for data types 3923AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3924 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3925 [[ u_int a; a = 1;]])], 3926 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3927 ]) 3928]) 3929if test "x$ac_cv_have_u_int" = "xyes" ; then 3930 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3931 have_u_int=1 3932fi 3933 3934AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3935 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3936 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3937 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3938 ]) 3939]) 3940if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3941 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3942 have_intxx_t=1 3943fi 3944 3945if (test -z "$have_intxx_t" && \ 3946 test "x$ac_cv_header_stdint_h" = "xyes") 3947then 3948 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3949 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3950 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3951 [ 3952 AC_DEFINE([HAVE_INTXX_T]) 3953 AC_MSG_RESULT([yes]) 3954 ], [ AC_MSG_RESULT([no]) 3955 ]) 3956fi 3957 3958AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3959 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3960#include <sys/types.h> 3961#ifdef HAVE_STDINT_H 3962# include <stdint.h> 3963#endif 3964#include <sys/socket.h> 3965#ifdef HAVE_SYS_BITYPES_H 3966# include <sys/bitypes.h> 3967#endif 3968 ]], [[ 3969int64_t a; a = 1; 3970 ]])], 3971 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3972 ]) 3973]) 3974if test "x$ac_cv_have_int64_t" = "xyes" ; then 3975 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3976fi 3977 3978AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3979 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3980 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3981 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3982 ]) 3983]) 3984if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3985 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3986 have_u_intxx_t=1 3987fi 3988 3989if test -z "$have_u_intxx_t" ; then 3990 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3991 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3992 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3993 [ 3994 AC_DEFINE([HAVE_U_INTXX_T]) 3995 AC_MSG_RESULT([yes]) 3996 ], [ AC_MSG_RESULT([no]) 3997 ]) 3998fi 3999 4000AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4001 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4002 [[ u_int64_t a; a = 1;]])], 4003 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4004 ]) 4005]) 4006if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4007 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4008 have_u_int64_t=1 4009fi 4010 4011if (test -z "$have_u_int64_t" && \ 4012 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4013then 4014 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4015 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4016 [[ u_int64_t a; a = 1]])], 4017 [ 4018 AC_DEFINE([HAVE_U_INT64_T]) 4019 AC_MSG_RESULT([yes]) 4020 ], [ AC_MSG_RESULT([no]) 4021 ]) 4022fi 4023 4024if test -z "$have_u_intxx_t" ; then 4025 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4026 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4027#include <sys/types.h> 4028 ]], [[ 4029 uint8_t a; 4030 uint16_t b; 4031 uint32_t c; 4032 a = b = c = 1; 4033 ]])], 4034 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4035 ]) 4036 ]) 4037 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4038 AC_DEFINE([HAVE_UINTXX_T], [1], 4039 [define if you have uintxx_t data type]) 4040 fi 4041fi 4042 4043if (test -z "$have_uintxx_t" && \ 4044 test "x$ac_cv_header_stdint_h" = "xyes") 4045then 4046 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4047 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4048 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4049 [ 4050 AC_DEFINE([HAVE_UINTXX_T]) 4051 AC_MSG_RESULT([yes]) 4052 ], [ AC_MSG_RESULT([no]) 4053 ]) 4054fi 4055 4056if (test -z "$have_uintxx_t" && \ 4057 test "x$ac_cv_header_inttypes_h" = "xyes") 4058then 4059 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4060 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4061 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4062 [ 4063 AC_DEFINE([HAVE_UINTXX_T]) 4064 AC_MSG_RESULT([yes]) 4065 ], [ AC_MSG_RESULT([no]) 4066 ]) 4067fi 4068 4069if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4070 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4071then 4072 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4073 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4074#include <sys/bitypes.h> 4075 ]], [[ 4076 int8_t a; int16_t b; int32_t c; 4077 u_int8_t e; u_int16_t f; u_int32_t g; 4078 a = b = c = e = f = g = 1; 4079 ]])], 4080 [ 4081 AC_DEFINE([HAVE_U_INTXX_T]) 4082 AC_DEFINE([HAVE_INTXX_T]) 4083 AC_MSG_RESULT([yes]) 4084 ], [AC_MSG_RESULT([no]) 4085 ]) 4086fi 4087 4088 4089AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4090 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4091 [[ u_char foo; foo = 125; ]])], 4092 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4093 ]) 4094]) 4095if test "x$ac_cv_have_u_char" = "xyes" ; then 4096 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4097fi 4098 4099AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4100#include <sys/types.h> 4101#ifdef HAVE_STDINT_H 4102# include <stdint.h> 4103#endif 4104]) 4105 4106TYPE_SOCKLEN_T 4107 4108AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4109AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4110#include <sys/types.h> 4111#ifdef HAVE_SYS_BITYPES_H 4112#include <sys/bitypes.h> 4113#endif 4114#ifdef HAVE_SYS_STATFS_H 4115#include <sys/statfs.h> 4116#endif 4117#ifdef HAVE_SYS_STATVFS_H 4118#include <sys/statvfs.h> 4119#endif 4120]) 4121 4122AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4123#include <sys/param.h> 4124#include <sys/types.h> 4125#ifdef HAVE_SYS_BITYPES_H 4126#include <sys/bitypes.h> 4127#endif 4128#ifdef HAVE_SYS_STATFS_H 4129#include <sys/statfs.h> 4130#endif 4131#ifdef HAVE_SYS_STATVFS_H 4132#include <sys/statvfs.h> 4133#endif 4134#ifdef HAVE_SYS_VFS_H 4135#include <sys/vfs.h> 4136#endif 4137#ifdef HAVE_SYS_MOUNT_H 4138#include <sys/mount.h> 4139#endif 4140]]) 4141 4142 4143AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4144[#include <sys/types.h> 4145#include <netinet/in.h>]) 4146 4147AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4148 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4149 [[ size_t foo; foo = 1235; ]])], 4150 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4151 ]) 4152]) 4153if test "x$ac_cv_have_size_t" = "xyes" ; then 4154 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4155fi 4156 4157AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4158 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4159 [[ ssize_t foo; foo = 1235; ]])], 4160 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4161 ]) 4162]) 4163if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4164 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4165fi 4166 4167AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4168 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4169 [[ clock_t foo; foo = 1235; ]])], 4170 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4171 ]) 4172]) 4173if test "x$ac_cv_have_clock_t" = "xyes" ; then 4174 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4175fi 4176 4177AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4178 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4179#include <sys/types.h> 4180#include <sys/socket.h> 4181 ]], [[ sa_family_t foo; foo = 1235; ]])], 4182 [ ac_cv_have_sa_family_t="yes" ], 4183 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4184#include <sys/types.h> 4185#include <sys/socket.h> 4186#include <netinet/in.h> 4187 ]], [[ sa_family_t foo; foo = 1235; ]])], 4188 [ ac_cv_have_sa_family_t="yes" ], 4189 [ ac_cv_have_sa_family_t="no" ] 4190 ) 4191 ]) 4192]) 4193if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4194 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4195 [define if you have sa_family_t data type]) 4196fi 4197 4198AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4199 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4200 [[ pid_t foo; foo = 1235; ]])], 4201 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4202 ]) 4203]) 4204if test "x$ac_cv_have_pid_t" = "xyes" ; then 4205 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4206fi 4207 4208AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4209 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4210 [[ mode_t foo; foo = 1235; ]])], 4211 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4212 ]) 4213]) 4214if test "x$ac_cv_have_mode_t" = "xyes" ; then 4215 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4216fi 4217 4218 4219AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4220 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4221#include <sys/types.h> 4222#include <sys/socket.h> 4223 ]], [[ struct sockaddr_storage s; ]])], 4224 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4225 [ ac_cv_have_struct_sockaddr_storage="no" 4226 ]) 4227]) 4228if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4229 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4230 [define if you have struct sockaddr_storage data type]) 4231fi 4232 4233AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4234 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4235#include <sys/types.h> 4236#include <netinet/in.h> 4237 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4238 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4239 [ ac_cv_have_struct_sockaddr_in6="no" 4240 ]) 4241]) 4242if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4243 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4244 [define if you have struct sockaddr_in6 data type]) 4245fi 4246 4247AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4248 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4249#include <sys/types.h> 4250#include <netinet/in.h> 4251 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4252 [ ac_cv_have_struct_in6_addr="yes" ], 4253 [ ac_cv_have_struct_in6_addr="no" 4254 ]) 4255]) 4256if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4257 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4258 [define if you have struct in6_addr data type]) 4259 4260dnl Now check for sin6_scope_id 4261 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4262 [ 4263#ifdef HAVE_SYS_TYPES_H 4264#include <sys/types.h> 4265#endif 4266#include <netinet/in.h> 4267 ]) 4268fi 4269 4270AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4271 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4272#include <sys/types.h> 4273#include <sys/socket.h> 4274#include <netdb.h> 4275 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4276 [ ac_cv_have_struct_addrinfo="yes" ], 4277 [ ac_cv_have_struct_addrinfo="no" 4278 ]) 4279]) 4280if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4281 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4282 [define if you have struct addrinfo data type]) 4283fi 4284 4285AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4286 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4287 [[ struct timeval tv; tv.tv_sec = 1;]])], 4288 [ ac_cv_have_struct_timeval="yes" ], 4289 [ ac_cv_have_struct_timeval="no" 4290 ]) 4291]) 4292if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4293 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4294 have_struct_timeval=1 4295fi 4296 4297AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4298 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4299 #ifdef HAVE_SYS_TIME_H 4300 # include <sys/time.h> 4301 #endif 4302 #ifdef HAVE_TIME_H 4303 # include <time.h> 4304 #endif 4305 ]], 4306 [[ struct timespec ts; ts.tv_sec = 1;]])], 4307 [ ac_cv_have_struct_timespec="yes" ], 4308 [ ac_cv_have_struct_timespec="no" 4309 ]) 4310]) 4311if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4312 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4313 have_struct_timespec=1 4314fi 4315 4316# We need int64_t or else certain parts of the compile will fail. 4317if test "x$ac_cv_have_int64_t" = "xno" && \ 4318 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4319 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4320 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4321 echo "an alternative compiler (I.E., GCC) before continuing." 4322 echo "" 4323 exit 1; 4324else 4325dnl test snprintf (broken on SCO w/gcc) 4326 AC_RUN_IFELSE( 4327 [AC_LANG_SOURCE([[ 4328#include <stdio.h> 4329#include <stdlib.h> 4330#include <string.h> 4331#ifdef HAVE_SNPRINTF 4332main() 4333{ 4334 char buf[50]; 4335 char expected_out[50]; 4336 int mazsize = 50 ; 4337#if (SIZEOF_LONG_INT == 8) 4338 long int num = 0x7fffffffffffffff; 4339#else 4340 long long num = 0x7fffffffffffffffll; 4341#endif 4342 strcpy(expected_out, "9223372036854775807"); 4343 snprintf(buf, mazsize, "%lld", num); 4344 if(strcmp(buf, expected_out) != 0) 4345 exit(1); 4346 exit(0); 4347} 4348#else 4349main() { exit(0); } 4350#endif 4351 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4352 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4353 ) 4354fi 4355 4356dnl Checks for structure members 4357OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4358OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4359OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4360OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4361OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4362OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4363OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4364OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4365OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4366OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4367OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4368OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4369OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4370OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4371OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4372OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4373OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4374OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4375 4376AC_CHECK_MEMBERS([struct stat.st_blksize]) 4377AC_CHECK_MEMBERS([struct stat.st_mtim]) 4378AC_CHECK_MEMBERS([struct stat.st_mtime]) 4379AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4380struct passwd.pw_change, struct passwd.pw_expire], 4381[], [], [[ 4382#include <sys/types.h> 4383#include <pwd.h> 4384]]) 4385 4386AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4387 [Define if we don't have struct __res_state in resolv.h])], 4388[[ 4389#include <stdio.h> 4390#if HAVE_SYS_TYPES_H 4391# include <sys/types.h> 4392#endif 4393#include <netinet/in.h> 4394#include <arpa/nameser.h> 4395#include <resolv.h> 4396]]) 4397 4398AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4399 ac_cv_have_ss_family_in_struct_ss, [ 4400 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4401#include <sys/types.h> 4402#include <sys/socket.h> 4403 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4404 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4405 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4406]) 4407if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4408 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4409fi 4410 4411AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4412 ac_cv_have___ss_family_in_struct_ss, [ 4413 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4414#include <sys/types.h> 4415#include <sys/socket.h> 4416 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4417 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4418 [ ac_cv_have___ss_family_in_struct_ss="no" 4419 ]) 4420]) 4421if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4422 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4423 [Fields in struct sockaddr_storage]) 4424fi 4425 4426dnl make sure we're using the real structure members and not defines 4427AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4428 ac_cv_have_accrights_in_msghdr, [ 4429 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4430#include <sys/types.h> 4431#include <sys/socket.h> 4432#include <sys/uio.h> 4433#include <stdlib.h> 4434 ]], [[ 4435#ifdef msg_accrights 4436#error "msg_accrights is a macro" 4437exit(1); 4438#endif 4439struct msghdr m; 4440m.msg_accrights = 0; 4441exit(0); 4442 ]])], 4443 [ ac_cv_have_accrights_in_msghdr="yes" ], 4444 [ ac_cv_have_accrights_in_msghdr="no" ] 4445 ) 4446]) 4447if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4448 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4449 [Define if your system uses access rights style 4450 file descriptor passing]) 4451fi 4452 4453AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4454AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4455#include <sys/param.h> 4456#include <sys/stat.h> 4457#ifdef HAVE_SYS_TIME_H 4458# include <sys/time.h> 4459#endif 4460#ifdef HAVE_SYS_MOUNT_H 4461#include <sys/mount.h> 4462#endif 4463#ifdef HAVE_SYS_STATVFS_H 4464#include <sys/statvfs.h> 4465#endif 4466 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4467 [ AC_MSG_RESULT([yes]) ], 4468 [ AC_MSG_RESULT([no]) 4469 4470 AC_MSG_CHECKING([if fsid_t has member val]) 4471 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4472#include <sys/types.h> 4473#include <sys/statvfs.h> 4474 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4475 [ AC_MSG_RESULT([yes]) 4476 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4477 [ AC_MSG_RESULT([no]) ]) 4478 4479 AC_MSG_CHECKING([if f_fsid has member __val]) 4480 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4481#include <sys/types.h> 4482#include <sys/statvfs.h> 4483 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4484 [ AC_MSG_RESULT([yes]) 4485 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4486 [ AC_MSG_RESULT([no]) ]) 4487]) 4488 4489AC_CACHE_CHECK([for msg_control field in struct msghdr], 4490 ac_cv_have_control_in_msghdr, [ 4491 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4492#include <sys/types.h> 4493#include <sys/socket.h> 4494#include <sys/uio.h> 4495#include <stdlib.h> 4496 ]], [[ 4497#ifdef msg_control 4498#error "msg_control is a macro" 4499exit(1); 4500#endif 4501struct msghdr m; 4502m.msg_control = 0; 4503exit(0); 4504 ]])], 4505 [ ac_cv_have_control_in_msghdr="yes" ], 4506 [ ac_cv_have_control_in_msghdr="no" ] 4507 ) 4508]) 4509if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4510 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4511 [Define if your system uses ancillary data style 4512 file descriptor passing]) 4513fi 4514 4515AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4516 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4517 [[ extern char *__progname; printf("%s", __progname); ]])], 4518 [ ac_cv_libc_defines___progname="yes" ], 4519 [ ac_cv_libc_defines___progname="no" 4520 ]) 4521]) 4522if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4523 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4524fi 4525 4526AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4527 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4528 [[ printf("%s", __FUNCTION__); ]])], 4529 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4530 [ ac_cv_cc_implements___FUNCTION__="no" 4531 ]) 4532]) 4533if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4534 AC_DEFINE([HAVE___FUNCTION__], [1], 4535 [Define if compiler implements __FUNCTION__]) 4536fi 4537 4538AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4539 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4540 [[ printf("%s", __func__); ]])], 4541 [ ac_cv_cc_implements___func__="yes" ], 4542 [ ac_cv_cc_implements___func__="no" 4543 ]) 4544]) 4545if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4546 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4547fi 4548 4549AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4550 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4551#include <stdarg.h> 4552va_list x,y; 4553 ]], [[ va_copy(x,y); ]])], 4554 [ ac_cv_have_va_copy="yes" ], 4555 [ ac_cv_have_va_copy="no" 4556 ]) 4557]) 4558if test "x$ac_cv_have_va_copy" = "xyes" ; then 4559 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4560fi 4561 4562AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4563 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4564#include <stdarg.h> 4565va_list x,y; 4566 ]], [[ __va_copy(x,y); ]])], 4567 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4568 ]) 4569]) 4570if test "x$ac_cv_have___va_copy" = "xyes" ; then 4571 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4572fi 4573 4574AC_CACHE_CHECK([whether getopt has optreset support], 4575 ac_cv_have_getopt_optreset, [ 4576 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4577 [[ extern int optreset; optreset = 0; ]])], 4578 [ ac_cv_have_getopt_optreset="yes" ], 4579 [ ac_cv_have_getopt_optreset="no" 4580 ]) 4581]) 4582if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4583 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4584 [Define if your getopt(3) defines and uses optreset]) 4585fi 4586 4587AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4588 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4589[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4590 [ ac_cv_libc_defines_sys_errlist="yes" ], 4591 [ ac_cv_libc_defines_sys_errlist="no" 4592 ]) 4593]) 4594if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4595 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4596 [Define if your system defines sys_errlist[]]) 4597fi 4598 4599 4600AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4601 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4602[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4603 [ ac_cv_libc_defines_sys_nerr="yes" ], 4604 [ ac_cv_libc_defines_sys_nerr="no" 4605 ]) 4606]) 4607if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4608 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4609fi 4610 4611# Check libraries needed by DNS fingerprint support 4612AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4613 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4614 [Define if getrrsetbyname() exists])], 4615 [ 4616 # Needed by our getrrsetbyname() 4617 AC_SEARCH_LIBS([res_query], [resolv]) 4618 AC_SEARCH_LIBS([dn_expand], [resolv]) 4619 AC_MSG_CHECKING([if res_query will link]) 4620 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4621#include <sys/types.h> 4622#include <netinet/in.h> 4623#include <arpa/nameser.h> 4624#include <netdb.h> 4625#include <resolv.h> 4626 ]], [[ 4627 res_query (0, 0, 0, 0, 0); 4628 ]])], 4629 AC_MSG_RESULT([yes]), 4630 [AC_MSG_RESULT([no]) 4631 saved_LIBS="$LIBS" 4632 LIBS="$LIBS -lresolv" 4633 AC_MSG_CHECKING([for res_query in -lresolv]) 4634 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4635#include <sys/types.h> 4636#include <netinet/in.h> 4637#include <arpa/nameser.h> 4638#include <netdb.h> 4639#include <resolv.h> 4640 ]], [[ 4641 res_query (0, 0, 0, 0, 0); 4642 ]])], 4643 [AC_MSG_RESULT([yes])], 4644 [LIBS="$saved_LIBS" 4645 AC_MSG_RESULT([no])]) 4646 ]) 4647 AC_CHECK_FUNCS([_getshort _getlong]) 4648 AC_CHECK_DECLS([_getshort, _getlong], , , 4649 [#include <sys/types.h> 4650 #include <arpa/nameser.h>]) 4651 AC_CHECK_MEMBER([HEADER.ad], 4652 [AC_DEFINE([HAVE_HEADER_AD], [1], 4653 [Define if HEADER.ad exists in arpa/nameser.h])], , 4654 [#include <arpa/nameser.h>]) 4655 ]) 4656 4657AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4658AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4659#include <stdio.h> 4660#if HAVE_SYS_TYPES_H 4661# include <sys/types.h> 4662#endif 4663#include <netinet/in.h> 4664#include <arpa/nameser.h> 4665#include <resolv.h> 4666extern struct __res_state _res; 4667 ]], [[ 4668struct __res_state *volatile p = &_res; /* force resolution of _res */ 4669return 0; 4670 ]],)], 4671 [AC_MSG_RESULT([yes]) 4672 AC_DEFINE([HAVE__RES_EXTERN], [1], 4673 [Define if you have struct __res_state _res as an extern]) 4674 ], 4675 [ AC_MSG_RESULT([no]) ] 4676) 4677 4678# Check whether user wants SELinux support 4679SELINUX_MSG="no" 4680LIBSELINUX="" 4681AC_ARG_WITH([selinux], 4682 [ --with-selinux Enable SELinux support], 4683 [ if test "x$withval" != "xno" ; then 4684 save_LIBS="$LIBS" 4685 AC_DEFINE([WITH_SELINUX], [1], 4686 [Define if you want SELinux support.]) 4687 SELINUX_MSG="yes" 4688 AC_CHECK_HEADER([selinux/selinux.h], , 4689 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4690 AC_CHECK_LIB([selinux], [setexeccon], 4691 [ LIBSELINUX="-lselinux" 4692 LIBS="$LIBS -lselinux" 4693 ], 4694 AC_MSG_ERROR([SELinux support requires libselinux library])) 4695 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4696 LIBS="$save_LIBS $LIBSELINUX" 4697 fi ] 4698) 4699AC_SUBST([SSHDLIBS]) 4700 4701# Check whether user wants Kerberos 5 support 4702KRB5_MSG="no" 4703AC_ARG_WITH([kerberos5], 4704 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4705 [ if test "x$withval" != "xno" ; then 4706 if test "x$withval" = "xyes" ; then 4707 KRB5ROOT="/usr/local" 4708 else 4709 KRB5ROOT=${withval} 4710 fi 4711 4712 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4713 KRB5_MSG="yes" 4714 4715 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 4716 use_pkgconfig_for_krb5= 4717 if test "x$PKGCONFIG" != "xno"; then 4718 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4719 if "$PKGCONFIG" krb5; then 4720 AC_MSG_RESULT([yes]) 4721 use_pkgconfig_for_krb5=yes 4722 else 4723 AC_MSG_RESULT([no]) 4724 fi 4725 fi 4726 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4727 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4728 K5LIBS=`$PKGCONFIG --libs krb5` 4729 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4730 4731 AC_MSG_CHECKING([for gssapi support]) 4732 if "$PKGCONFIG" krb5-gssapi; then 4733 AC_MSG_RESULT([yes]) 4734 AC_DEFINE([GSSAPI], [1], 4735 [Define this if you want GSSAPI 4736 support in the version 2 protocol]) 4737 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4738 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4739 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4740 else 4741 AC_MSG_RESULT([no]) 4742 fi 4743 AC_MSG_CHECKING([whether we are using Heimdal]) 4744 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4745 ]], [[ char *tmp = heimdal_version; ]])], 4746 [ AC_MSG_RESULT([yes]) 4747 AC_DEFINE([HEIMDAL], [1], 4748 [Define this if you are using the Heimdal 4749 version of Kerberos V5]) ], 4750 [AC_MSG_RESULT([no]) 4751 ]) 4752 else 4753 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4754 [$KRB5ROOT/bin/krb5-config], 4755 [$KRB5ROOT/bin:$PATH]) 4756 if test -x $KRB5CONF ; then 4757 K5CFLAGS="`$KRB5CONF --cflags`" 4758 K5LIBS="`$KRB5CONF --libs`" 4759 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4760 4761 AC_MSG_CHECKING([for gssapi support]) 4762 if $KRB5CONF | grep gssapi >/dev/null ; then 4763 AC_MSG_RESULT([yes]) 4764 AC_DEFINE([GSSAPI], [1], 4765 [Define this if you want GSSAPI 4766 support in the version 2 protocol]) 4767 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4768 GSSLIBS="`$KRB5CONF --libs gssapi`" 4769 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4770 else 4771 AC_MSG_RESULT([no]) 4772 fi 4773 AC_MSG_CHECKING([whether we are using Heimdal]) 4774 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4775 ]], [[ char *tmp = heimdal_version; ]])], 4776 [ AC_MSG_RESULT([yes]) 4777 AC_DEFINE([HEIMDAL], [1], 4778 [Define this if you are using the Heimdal 4779 version of Kerberos V5]) ], 4780 [AC_MSG_RESULT([no]) 4781 ]) 4782 else 4783 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4784 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4785 AC_MSG_CHECKING([whether we are using Heimdal]) 4786 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4787 ]], [[ char *tmp = heimdal_version; ]])], 4788 [ AC_MSG_RESULT([yes]) 4789 AC_DEFINE([HEIMDAL]) 4790 K5LIBS="-lkrb5" 4791 K5LIBS="$K5LIBS -lcom_err -lasn1" 4792 AC_CHECK_LIB([roken], [net_write], 4793 [K5LIBS="$K5LIBS -lroken"]) 4794 AC_CHECK_LIB([des], [des_cbc_encrypt], 4795 [K5LIBS="$K5LIBS -ldes"]) 4796 ], [ AC_MSG_RESULT([no]) 4797 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4798 ]) 4799 AC_SEARCH_LIBS([dn_expand], [resolv]) 4800 4801 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4802 [ AC_DEFINE([GSSAPI]) 4803 GSSLIBS="-lgssapi_krb5" ], 4804 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4805 [ AC_DEFINE([GSSAPI]) 4806 GSSLIBS="-lgssapi" ], 4807 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4808 [ AC_DEFINE([GSSAPI]) 4809 GSSLIBS="-lgss" ], 4810 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4811 ]) 4812 ]) 4813 4814 AC_CHECK_HEADER([gssapi.h], , 4815 [ unset ac_cv_header_gssapi_h 4816 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4817 AC_CHECK_HEADERS([gssapi.h], , 4818 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4819 ) 4820 ] 4821 ) 4822 4823 oldCPP="$CPPFLAGS" 4824 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4825 AC_CHECK_HEADER([gssapi_krb5.h], , 4826 [ CPPFLAGS="$oldCPP" ]) 4827 4828 fi 4829 fi 4830 if test -n "${rpath_opt}" ; then 4831 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4832 fi 4833 if test ! -z "$blibpath" ; then 4834 blibpath="$blibpath:${KRB5ROOT}/lib" 4835 fi 4836 4837 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4838 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4839 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4840 4841 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4842 [Define this if you want to use libkafs' AFS support])]) 4843 4844 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4845#ifdef HAVE_GSSAPI_H 4846# include <gssapi.h> 4847#elif defined(HAVE_GSSAPI_GSSAPI_H) 4848# include <gssapi/gssapi.h> 4849#endif 4850 4851#ifdef HAVE_GSSAPI_GENERIC_H 4852# include <gssapi_generic.h> 4853#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4854# include <gssapi/gssapi_generic.h> 4855#endif 4856 ]]) 4857 saved_LIBS="$LIBS" 4858 LIBS="$LIBS $K5LIBS" 4859 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4860 LIBS="$saved_LIBS" 4861 4862 fi 4863 ] 4864) 4865AC_SUBST([GSSLIBS]) 4866AC_SUBST([K5LIBS]) 4867 4868# Looking for programs, paths and files 4869 4870PRIVSEP_PATH=/var/empty 4871AC_ARG_WITH([privsep-path], 4872 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4873 [ 4874 if test -n "$withval" && test "x$withval" != "xno" && \ 4875 test "x${withval}" != "xyes"; then 4876 PRIVSEP_PATH=$withval 4877 fi 4878 ] 4879) 4880AC_SUBST([PRIVSEP_PATH]) 4881 4882AC_ARG_WITH([xauth], 4883 [ --with-xauth=PATH Specify path to xauth program ], 4884 [ 4885 if test -n "$withval" && test "x$withval" != "xno" && \ 4886 test "x${withval}" != "xyes"; then 4887 xauth_path=$withval 4888 fi 4889 ], 4890 [ 4891 TestPath="$PATH" 4892 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4893 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4894 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4895 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4896 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4897 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4898 xauth_path="/usr/openwin/bin/xauth" 4899 fi 4900 ] 4901) 4902 4903STRIP_OPT=-s 4904AC_ARG_ENABLE([strip], 4905 [ --disable-strip Disable calling strip(1) on install], 4906 [ 4907 if test "x$enableval" = "xno" ; then 4908 STRIP_OPT= 4909 fi 4910 ] 4911) 4912AC_SUBST([STRIP_OPT]) 4913 4914if test -z "$xauth_path" ; then 4915 XAUTH_PATH="undefined" 4916 AC_SUBST([XAUTH_PATH]) 4917else 4918 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4919 [Define if xauth is found in your path]) 4920 XAUTH_PATH=$xauth_path 4921 AC_SUBST([XAUTH_PATH]) 4922fi 4923 4924dnl # --with-maildir=/path/to/mail gets top priority. 4925dnl # if maildir is set in the platform case statement above we use that. 4926dnl # Otherwise we run a program to get the dir from system headers. 4927dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4928dnl # If we find _PATH_MAILDIR we do nothing because that is what 4929dnl # session.c expects anyway. Otherwise we set to the value found 4930dnl # stripping any trailing slash. If for some strage reason our program 4931dnl # does not find what it needs, we default to /var/spool/mail. 4932# Check for mail directory 4933AC_ARG_WITH([maildir], 4934 [ --with-maildir=/path/to/mail Specify your system mail directory], 4935 [ 4936 if test "X$withval" != X && test "x$withval" != xno && \ 4937 test "x${withval}" != xyes; then 4938 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4939 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4940 fi 4941 ],[ 4942 if test "X$maildir" != "X"; then 4943 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4944 else 4945 AC_MSG_CHECKING([Discovering system mail directory]) 4946 AC_RUN_IFELSE( 4947 [AC_LANG_PROGRAM([[ 4948#include <stdio.h> 4949#include <stdlib.h> 4950#include <string.h> 4951#ifdef HAVE_PATHS_H 4952#include <paths.h> 4953#endif 4954#ifdef HAVE_MAILLOCK_H 4955#include <maillock.h> 4956#endif 4957#define DATA "conftest.maildir" 4958 ]], [[ 4959 FILE *fd; 4960 int rc; 4961 4962 fd = fopen(DATA,"w"); 4963 if(fd == NULL) 4964 exit(1); 4965 4966#if defined (_PATH_MAILDIR) 4967 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4968 exit(1); 4969#elif defined (MAILDIR) 4970 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4971 exit(1); 4972#elif defined (_PATH_MAIL) 4973 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4974 exit(1); 4975#else 4976 exit (2); 4977#endif 4978 4979 exit(0); 4980 ]])], 4981 [ 4982 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4983 maildir=`awk -F: '{print $2}' conftest.maildir \ 4984 | sed 's|/$||'` 4985 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4986 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4987 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4988 fi 4989 ], 4990 [ 4991 if test "X$ac_status" = "X2";then 4992# our test program didn't find it. Default to /var/spool/mail 4993 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4994 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4995 else 4996 AC_MSG_RESULT([*** not found ***]) 4997 fi 4998 ], 4999 [ 5000 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5001 ] 5002 ) 5003 fi 5004 ] 5005) # maildir 5006 5007if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5008 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5009 disable_ptmx_check=yes 5010fi 5011if test -z "$no_dev_ptmx" ; then 5012 if test "x$disable_ptmx_check" != "xyes" ; then 5013 AC_CHECK_FILE(["/dev/ptmx"], 5014 [ 5015 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5016 [Define if you have /dev/ptmx]) 5017 have_dev_ptmx=1 5018 ] 5019 ) 5020 fi 5021fi 5022 5023if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5024 AC_CHECK_FILE(["/dev/ptc"], 5025 [ 5026 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5027 [Define if you have /dev/ptc]) 5028 have_dev_ptc=1 5029 ] 5030 ) 5031else 5032 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5033fi 5034 5035# Options from here on. Some of these are preset by platform above 5036AC_ARG_WITH([mantype], 5037 [ --with-mantype=man|cat|doc Set man page type], 5038 [ 5039 case "$withval" in 5040 man|cat|doc) 5041 MANTYPE=$withval 5042 ;; 5043 *) 5044 AC_MSG_ERROR([invalid man type: $withval]) 5045 ;; 5046 esac 5047 ] 5048) 5049if test -z "$MANTYPE"; then 5050 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5051 MANTYPE=doc 5052 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5053 MANTYPE=doc 5054 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5055 MANTYPE=man 5056 else 5057 MANTYPE=cat 5058 fi 5059fi 5060AC_SUBST([MANTYPE]) 5061if test "$MANTYPE" = "doc"; then 5062 mansubdir=man; 5063else 5064 mansubdir=$MANTYPE; 5065fi 5066AC_SUBST([mansubdir]) 5067 5068# Whether to disable shadow password support 5069AC_ARG_WITH([shadow], 5070 [ --without-shadow Disable shadow password support], 5071 [ 5072 if test "x$withval" = "xno" ; then 5073 AC_DEFINE([DISABLE_SHADOW]) 5074 disable_shadow=yes 5075 fi 5076 ] 5077) 5078 5079if test -z "$disable_shadow" ; then 5080 AC_MSG_CHECKING([if the systems has expire shadow information]) 5081 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5082#include <sys/types.h> 5083#include <shadow.h> 5084struct spwd sp; 5085 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5086 [ sp_expire_available=yes ], [ 5087 ]) 5088 5089 if test "x$sp_expire_available" = "xyes" ; then 5090 AC_MSG_RESULT([yes]) 5091 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5092 [Define if you want to use shadow password expire field]) 5093 else 5094 AC_MSG_RESULT([no]) 5095 fi 5096fi 5097 5098# Use ip address instead of hostname in $DISPLAY 5099if test ! -z "$IPADDR_IN_DISPLAY" ; then 5100 DISPLAY_HACK_MSG="yes" 5101 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5102 [Define if you need to use IP address 5103 instead of hostname in $DISPLAY]) 5104else 5105 DISPLAY_HACK_MSG="no" 5106 AC_ARG_WITH([ipaddr-display], 5107 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5108 [ 5109 if test "x$withval" != "xno" ; then 5110 AC_DEFINE([IPADDR_IN_DISPLAY]) 5111 DISPLAY_HACK_MSG="yes" 5112 fi 5113 ] 5114 ) 5115fi 5116 5117# check for /etc/default/login and use it if present. 5118AC_ARG_ENABLE([etc-default-login], 5119 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5120 [ if test "x$enableval" = "xno"; then 5121 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5122 etc_default_login=no 5123 else 5124 etc_default_login=yes 5125 fi ], 5126 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5127 then 5128 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5129 etc_default_login=no 5130 else 5131 etc_default_login=yes 5132 fi ] 5133) 5134 5135if test "x$etc_default_login" != "xno"; then 5136 AC_CHECK_FILE(["/etc/default/login"], 5137 [ external_path_file=/etc/default/login ]) 5138 if test "x$external_path_file" = "x/etc/default/login"; then 5139 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5140 [Define if your system has /etc/default/login]) 5141 fi 5142fi 5143 5144dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5145if test $ac_cv_func_login_getcapbool = "yes" && \ 5146 test $ac_cv_header_login_cap_h = "yes" ; then 5147 external_path_file=/etc/login.conf 5148fi 5149 5150# Whether to mess with the default path 5151SERVER_PATH_MSG="(default)" 5152AC_ARG_WITH([default-path], 5153 [ --with-default-path= Specify default $PATH environment for server], 5154 [ 5155 if test "x$external_path_file" = "x/etc/login.conf" ; then 5156 AC_MSG_WARN([ 5157--with-default-path=PATH has no effect on this system. 5158Edit /etc/login.conf instead.]) 5159 elif test "x$withval" != "xno" ; then 5160 if test ! -z "$external_path_file" ; then 5161 AC_MSG_WARN([ 5162--with-default-path=PATH will only be used if PATH is not defined in 5163$external_path_file .]) 5164 fi 5165 user_path="$withval" 5166 SERVER_PATH_MSG="$withval" 5167 fi 5168 ], 5169 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5170 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5171 else 5172 if test ! -z "$external_path_file" ; then 5173 AC_MSG_WARN([ 5174If PATH is defined in $external_path_file, ensure the path to scp is included, 5175otherwise scp will not work.]) 5176 fi 5177 AC_RUN_IFELSE( 5178 [AC_LANG_PROGRAM([[ 5179/* find out what STDPATH is */ 5180#include <stdio.h> 5181#include <stdlib.h> 5182#ifdef HAVE_PATHS_H 5183# include <paths.h> 5184#endif 5185#ifndef _PATH_STDPATH 5186# ifdef _PATH_USERPATH /* Irix */ 5187# define _PATH_STDPATH _PATH_USERPATH 5188# else 5189# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5190# endif 5191#endif 5192#include <sys/types.h> 5193#include <sys/stat.h> 5194#include <fcntl.h> 5195#define DATA "conftest.stdpath" 5196 ]], [[ 5197 FILE *fd; 5198 int rc; 5199 5200 fd = fopen(DATA,"w"); 5201 if(fd == NULL) 5202 exit(1); 5203 5204 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5205 exit(1); 5206 5207 exit(0); 5208 ]])], 5209 [ user_path=`cat conftest.stdpath` ], 5210 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5211 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5212 ) 5213# make sure $bindir is in USER_PATH so scp will work 5214 t_bindir="${bindir}" 5215 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5216 t_bindir=`eval echo ${t_bindir}` 5217 case $t_bindir in 5218 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5219 esac 5220 case $t_bindir in 5221 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5222 esac 5223 done 5224 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5225 if test $? -ne 0 ; then 5226 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5227 if test $? -ne 0 ; then 5228 user_path=$user_path:$t_bindir 5229 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5230 fi 5231 fi 5232 fi ] 5233) 5234if test "x$external_path_file" != "x/etc/login.conf" ; then 5235 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5236 AC_SUBST([user_path]) 5237fi 5238 5239# Set superuser path separately to user path 5240AC_ARG_WITH([superuser-path], 5241 [ --with-superuser-path= Specify different path for super-user], 5242 [ 5243 if test -n "$withval" && test "x$withval" != "xno" && \ 5244 test "x${withval}" != "xyes"; then 5245 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5246 [Define if you want a different $PATH 5247 for the superuser]) 5248 superuser_path=$withval 5249 fi 5250 ] 5251) 5252 5253 5254AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5255IPV4_IN6_HACK_MSG="no" 5256AC_ARG_WITH(4in6, 5257 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5258 [ 5259 if test "x$withval" != "xno" ; then 5260 AC_MSG_RESULT([yes]) 5261 AC_DEFINE([IPV4_IN_IPV6], [1], 5262 [Detect IPv4 in IPv6 mapped addresses 5263 and treat as IPv4]) 5264 IPV4_IN6_HACK_MSG="yes" 5265 else 5266 AC_MSG_RESULT([no]) 5267 fi 5268 ], [ 5269 if test "x$inet6_default_4in6" = "xyes"; then 5270 AC_MSG_RESULT([yes (default)]) 5271 AC_DEFINE([IPV4_IN_IPV6]) 5272 IPV4_IN6_HACK_MSG="yes" 5273 else 5274 AC_MSG_RESULT([no (default)]) 5275 fi 5276 ] 5277) 5278 5279# Whether to enable BSD auth support 5280BSD_AUTH_MSG=no 5281AC_ARG_WITH([bsd-auth], 5282 [ --with-bsd-auth Enable BSD auth support], 5283 [ 5284 if test "x$withval" != "xno" ; then 5285 AC_DEFINE([BSD_AUTH], [1], 5286 [Define if you have BSD auth support]) 5287 BSD_AUTH_MSG=yes 5288 fi 5289 ] 5290) 5291 5292# Where to place sshd.pid 5293piddir=/var/run 5294# make sure the directory exists 5295if test ! -d $piddir ; then 5296 piddir=`eval echo ${sysconfdir}` 5297 case $piddir in 5298 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5299 esac 5300fi 5301 5302AC_ARG_WITH([pid-dir], 5303 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5304 [ 5305 if test -n "$withval" && test "x$withval" != "xno" && \ 5306 test "x${withval}" != "xyes"; then 5307 piddir=$withval 5308 if test ! -d $piddir ; then 5309 AC_MSG_WARN([** no $piddir directory on this system **]) 5310 fi 5311 fi 5312 ] 5313) 5314 5315AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5316 [Specify location of ssh.pid]) 5317AC_SUBST([piddir]) 5318 5319dnl allow user to disable some login recording features 5320AC_ARG_ENABLE([lastlog], 5321 [ --disable-lastlog disable use of lastlog even if detected [no]], 5322 [ 5323 if test "x$enableval" = "xno" ; then 5324 AC_DEFINE([DISABLE_LASTLOG]) 5325 fi 5326 ] 5327) 5328AC_ARG_ENABLE([utmp], 5329 [ --disable-utmp disable use of utmp even if detected [no]], 5330 [ 5331 if test "x$enableval" = "xno" ; then 5332 AC_DEFINE([DISABLE_UTMP]) 5333 fi 5334 ] 5335) 5336AC_ARG_ENABLE([utmpx], 5337 [ --disable-utmpx disable use of utmpx even if detected [no]], 5338 [ 5339 if test "x$enableval" = "xno" ; then 5340 AC_DEFINE([DISABLE_UTMPX], [1], 5341 [Define if you don't want to use utmpx]) 5342 fi 5343 ] 5344) 5345AC_ARG_ENABLE([wtmp], 5346 [ --disable-wtmp disable use of wtmp even if detected [no]], 5347 [ 5348 if test "x$enableval" = "xno" ; then 5349 AC_DEFINE([DISABLE_WTMP]) 5350 fi 5351 ] 5352) 5353AC_ARG_ENABLE([wtmpx], 5354 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5355 [ 5356 if test "x$enableval" = "xno" ; then 5357 AC_DEFINE([DISABLE_WTMPX], [1], 5358 [Define if you don't want to use wtmpx]) 5359 fi 5360 ] 5361) 5362AC_ARG_ENABLE([libutil], 5363 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5364 [ 5365 if test "x$enableval" = "xno" ; then 5366 AC_DEFINE([DISABLE_LOGIN]) 5367 fi 5368 ] 5369) 5370AC_ARG_ENABLE([pututline], 5371 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5372 [ 5373 if test "x$enableval" = "xno" ; then 5374 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5375 [Define if you don't want to use pututline() 5376 etc. to write [uw]tmp]) 5377 fi 5378 ] 5379) 5380AC_ARG_ENABLE([pututxline], 5381 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5382 [ 5383 if test "x$enableval" = "xno" ; then 5384 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5385 [Define if you don't want to use pututxline() 5386 etc. to write [uw]tmpx]) 5387 fi 5388 ] 5389) 5390AC_ARG_WITH([lastlog], 5391 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5392 [ 5393 if test "x$withval" = "xno" ; then 5394 AC_DEFINE([DISABLE_LASTLOG]) 5395 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5396 conf_lastlog_location=$withval 5397 fi 5398 ] 5399) 5400 5401dnl lastlog, [uw]tmpx? detection 5402dnl NOTE: set the paths in the platform section to avoid the 5403dnl need for command-line parameters 5404dnl lastlog and [uw]tmp are subject to a file search if all else fails 5405 5406dnl lastlog detection 5407dnl NOTE: the code itself will detect if lastlog is a directory 5408AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5409AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5410#include <sys/types.h> 5411#include <utmp.h> 5412#ifdef HAVE_LASTLOG_H 5413# include <lastlog.h> 5414#endif 5415#ifdef HAVE_PATHS_H 5416# include <paths.h> 5417#endif 5418#ifdef HAVE_LOGIN_H 5419# include <login.h> 5420#endif 5421 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5422 [ AC_MSG_RESULT([yes]) ], 5423 [ 5424 AC_MSG_RESULT([no]) 5425 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5426 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5427#include <sys/types.h> 5428#include <utmp.h> 5429#ifdef HAVE_LASTLOG_H 5430# include <lastlog.h> 5431#endif 5432#ifdef HAVE_PATHS_H 5433# include <paths.h> 5434#endif 5435 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5436 [ AC_MSG_RESULT([yes]) ], 5437 [ 5438 AC_MSG_RESULT([no]) 5439 system_lastlog_path=no 5440 ]) 5441]) 5442 5443if test -z "$conf_lastlog_location"; then 5444 if test x"$system_lastlog_path" = x"no" ; then 5445 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5446 if (test -d "$f" || test -f "$f") ; then 5447 conf_lastlog_location=$f 5448 fi 5449 done 5450 if test -z "$conf_lastlog_location"; then 5451 AC_MSG_WARN([** Cannot find lastlog **]) 5452 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5453 fi 5454 fi 5455fi 5456 5457if test -n "$conf_lastlog_location"; then 5458 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5459 [Define if you want to specify the path to your lastlog file]) 5460fi 5461 5462dnl utmp detection 5463AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5464AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5465#include <sys/types.h> 5466#include <utmp.h> 5467#ifdef HAVE_PATHS_H 5468# include <paths.h> 5469#endif 5470 ]], [[ char *utmp = UTMP_FILE; ]])], 5471 [ AC_MSG_RESULT([yes]) ], 5472 [ AC_MSG_RESULT([no]) 5473 system_utmp_path=no 5474]) 5475if test -z "$conf_utmp_location"; then 5476 if test x"$system_utmp_path" = x"no" ; then 5477 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5478 if test -f $f ; then 5479 conf_utmp_location=$f 5480 fi 5481 done 5482 if test -z "$conf_utmp_location"; then 5483 AC_DEFINE([DISABLE_UTMP]) 5484 fi 5485 fi 5486fi 5487if test -n "$conf_utmp_location"; then 5488 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5489 [Define if you want to specify the path to your utmp file]) 5490fi 5491 5492dnl wtmp detection 5493AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5494AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5495#include <sys/types.h> 5496#include <utmp.h> 5497#ifdef HAVE_PATHS_H 5498# include <paths.h> 5499#endif 5500 ]], [[ char *wtmp = WTMP_FILE; ]])], 5501 [ AC_MSG_RESULT([yes]) ], 5502 [ AC_MSG_RESULT([no]) 5503 system_wtmp_path=no 5504]) 5505if test -z "$conf_wtmp_location"; then 5506 if test x"$system_wtmp_path" = x"no" ; then 5507 for f in /usr/adm/wtmp /var/log/wtmp; do 5508 if test -f $f ; then 5509 conf_wtmp_location=$f 5510 fi 5511 done 5512 if test -z "$conf_wtmp_location"; then 5513 AC_DEFINE([DISABLE_WTMP]) 5514 fi 5515 fi 5516fi 5517if test -n "$conf_wtmp_location"; then 5518 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5519 [Define if you want to specify the path to your wtmp file]) 5520fi 5521 5522dnl wtmpx detection 5523AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5524AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5525#include <sys/types.h> 5526#include <utmp.h> 5527#ifdef HAVE_UTMPX_H 5528#include <utmpx.h> 5529#endif 5530#ifdef HAVE_PATHS_H 5531# include <paths.h> 5532#endif 5533 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5534 [ AC_MSG_RESULT([yes]) ], 5535 [ AC_MSG_RESULT([no]) 5536 system_wtmpx_path=no 5537]) 5538if test -z "$conf_wtmpx_location"; then 5539 if test x"$system_wtmpx_path" = x"no" ; then 5540 AC_DEFINE([DISABLE_WTMPX]) 5541 fi 5542else 5543 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5544 [Define if you want to specify the path to your wtmpx file]) 5545fi 5546 5547 5548if test ! -z "$blibpath" ; then 5549 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5550 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5551fi 5552 5553AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5554 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5555 AC_DEFINE([DISABLE_LASTLOG]) 5556 fi 5557 ], [ 5558#ifdef HAVE_SYS_TYPES_H 5559#include <sys/types.h> 5560#endif 5561#ifdef HAVE_UTMP_H 5562#include <utmp.h> 5563#endif 5564#ifdef HAVE_UTMPX_H 5565#include <utmpx.h> 5566#endif 5567#ifdef HAVE_LASTLOG_H 5568#include <lastlog.h> 5569#endif 5570 ]) 5571 5572AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5573 AC_DEFINE([DISABLE_UTMP]) 5574 AC_DEFINE([DISABLE_WTMP]) 5575 ], [ 5576#ifdef HAVE_SYS_TYPES_H 5577#include <sys/types.h> 5578#endif 5579#ifdef HAVE_UTMP_H 5580#include <utmp.h> 5581#endif 5582#ifdef HAVE_UTMPX_H 5583#include <utmpx.h> 5584#endif 5585#ifdef HAVE_LASTLOG_H 5586#include <lastlog.h> 5587#endif 5588 ]) 5589 5590dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5591dnl Add now. 5592CFLAGS="$CFLAGS $werror_flags" 5593 5594if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5595 TEST_SSH_IPV6=no 5596else 5597 TEST_SSH_IPV6=yes 5598fi 5599AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5600AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5601AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5602AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5603AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5604AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5605 5606CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5607LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5608 5609# Make a copy of CFLAGS/LDFLAGS without PIE options. 5610LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5611CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5612AC_SUBST([LDFLAGS_NOPIE]) 5613AC_SUBST([CFLAGS_NOPIE]) 5614 5615AC_EXEEXT 5616AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5617 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5618 survey.sh]) 5619AC_OUTPUT 5620 5621# Print summary of options 5622 5623# Someone please show me a better way :) 5624A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5625B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5626C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5627D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5628E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5629F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5630G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5631H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5632I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5633J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5634 5635echo "" 5636echo "OpenSSH has been configured with the following options:" 5637echo " User binaries: $B" 5638echo " System binaries: $C" 5639echo " Configuration files: $D" 5640echo " Askpass program: $E" 5641echo " Manual pages: $F" 5642echo " PID file: $G" 5643echo " Privilege separation chroot path: $H" 5644if test "x$external_path_file" = "x/etc/login.conf" ; then 5645echo " At runtime, sshd will use the path defined in $external_path_file" 5646echo " Make sure the path to scp is present, otherwise scp will not work" 5647else 5648echo " sshd default user PATH: $I" 5649 if test ! -z "$external_path_file"; then 5650echo " (If PATH is set in $external_path_file it will be used instead. If" 5651echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5652 fi 5653fi 5654if test ! -z "$superuser_path" ; then 5655echo " sshd superuser user PATH: $J" 5656fi 5657echo " Manpage format: $MANTYPE" 5658echo " PAM support: $PAM_MSG" 5659echo " OSF SIA support: $SIA_MSG" 5660echo " KerberosV support: $KRB5_MSG" 5661echo " SELinux support: $SELINUX_MSG" 5662echo " TCP Wrappers support: $TCPW_MSG" 5663echo " libedit support: $LIBEDIT_MSG" 5664echo " libldns support: $LDNS_MSG" 5665echo " Solaris process contract support: $SPC_MSG" 5666echo " Solaris project support: $SP_MSG" 5667echo " Solaris privilege support: $SPP_MSG" 5668echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5669echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5670echo " BSD Auth support: $BSD_AUTH_MSG" 5671echo " Random number source: $RAND_MSG" 5672echo " Privsep sandbox style: $SANDBOX_STYLE" 5673echo " PKCS#11 support: $enable_pkcs11" 5674echo " U2F/FIDO support: $enable_sk" 5675 5676echo "" 5677 5678echo " Host: ${host}" 5679echo " Compiler: ${CC}" 5680echo " Compiler flags: ${CFLAGS}" 5681echo "Preprocessor flags: ${CPPFLAGS}" 5682echo " Linker flags: ${LDFLAGS}" 5683echo " Libraries: ${LIBS}" 5684if test ! -z "${SSHDLIBS}"; then 5685echo " +for sshd: ${SSHDLIBS}" 5686fi 5687 5688echo "" 5689 5690if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5691 echo "SVR4 style packages are supported with \"make package\"" 5692 echo "" 5693fi 5694 5695if test "x$PAM_MSG" = "xyes" ; then 5696 echo "PAM is enabled. You may need to install a PAM control file " 5697 echo "for sshd, otherwise password authentication may fail. " 5698 echo "Example PAM control files can be found in the contrib/ " 5699 echo "subdirectory" 5700 echo "" 5701fi 5702 5703if test ! -z "$NO_PEERCHECK" ; then 5704 echo "WARNING: the operating system that you are using does not" 5705 echo "appear to support getpeereid(), getpeerucred() or the" 5706 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5707 echo "enforce security checks to prevent unauthorised connections to" 5708 echo "ssh-agent. Their absence increases the risk that a malicious" 5709 echo "user can connect to your agent." 5710 echo "" 5711fi 5712 5713if test "$AUDIT_MODULE" = "bsm" ; then 5714 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5715 echo "See the Solaris section in README.platform for details." 5716fi 5717