1# $Id: configure.ac,v 1.536 2013/08/04 11:48:41 dtucker Exp $ 2# 3# Copyright (c) 1999-2004 Damien Miller 4# 5# Permission to use, copy, modify, and distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 18AC_REVISION($Revision: 1.536 $) 19AC_CONFIG_SRCDIR([ssh.c]) 20AC_LANG([C]) 21 22AC_CONFIG_HEADER([config.h]) 23AC_PROG_CC 24AC_CANONICAL_HOST 25AC_C_BIGENDIAN 26 27# Checks for programs. 28AC_PROG_AWK 29AC_PROG_CPP 30AC_PROG_RANLIB 31AC_PROG_INSTALL 32AC_PROG_EGREP 33AC_PATH_PROG([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROGS([PERL], [perl5 perl]) 37AC_PATH_PROG([SED], [sed]) 38AC_SUBST([PERL]) 39AC_PATH_PROG([ENT], [ent]) 40AC_SUBST([ENT]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 44AC_PATH_PROG([SH], [sh]) 45AC_PATH_PROG([GROFF], [groff]) 46AC_PATH_PROG([NROFF], [nroff]) 47AC_PATH_PROG([MANDOC], [mandoc]) 48AC_SUBST([TEST_SHELL], [sh]) 49 50dnl select manpage formatter 51if test "x$MANDOC" != "x" ; then 52 MANFMT="$MANDOC" 53elif test "x$NROFF" != "x" ; then 54 MANFMT="$NROFF -mandoc" 55elif test "x$GROFF" != "x" ; then 56 MANFMT="$GROFF -mandoc -Tascii" 57else 58 AC_MSG_WARN([no manpage formatted found]) 59 MANFMT="false" 60fi 61AC_SUBST([MANFMT]) 62 63dnl for buildpkg.sh 64AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 67 [/usr/sbin${PATH_SEPARATOR}/etc]) 68AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 69if test -x /sbin/sh; then 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 71else 72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 73fi 74 75# System features 76AC_SYS_LARGEFILE 77 78if test -z "$AR" ; then 79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 80fi 81 82# Use LOGIN_PROGRAM from environment if possible 83if test ! -z "$LOGIN_PROGRAM" ; then 84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], 85 [If your header files don't define LOGIN_PROGRAM, 86 then use this (detected) from environment and PATH]) 87else 88 # Search for login 89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) 90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) 92 fi 93fi 94 95AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 96if test ! -z "$PATH_PASSWD_PROG" ; then 97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 98 [Full path of your "passwd" program]) 99fi 100 101if test -z "$LD" ; then 102 LD=$CC 103fi 104AC_SUBST([LD]) 105 106AC_C_INLINE 107 108AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 109AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 110 #include <sys/types.h> 111 #include <sys/param.h> 112 #include <dev/systrace.h> 113]) 114AC_CHECK_DECL([RLIMIT_NPROC], 115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 116 #include <sys/types.h> 117 #include <sys/resource.h> 118]) 119AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 120 #include <sys/types.h> 121 #include <linux/prctl.h> 122]) 123use_stack_protector=1 124AC_ARG_WITH([stackprotect], 125 [ --without-stackprotect Don't use compiler's stack protection], [ 126 if test "x$withval" = "xno"; then 127 use_stack_protector=0 128 fi ]) 129 130 131if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 132 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments -Werror], 133 [-Qunused-arguments]) 134 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option -Werror], 135 [-Wno-unknown-warning-option]) 136 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 137 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 138 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 139 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 140 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 141 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 142 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 143 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 144 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 145 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 146 AC_MSG_CHECKING([gcc version]) 147 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 148 case $GCC_VER in 149 1.*) no_attrib_nonnull=1 ;; 150 2.8* | 2.9*) 151 no_attrib_nonnull=1 152 ;; 153 2.*) no_attrib_nonnull=1 ;; 154 *) ;; 155 esac 156 AC_MSG_RESULT([$GCC_VER]) 157 158 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 159 saved_CFLAGS="$CFLAGS" 160 CFLAGS="$CFLAGS -fno-builtin-memset" 161 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 162 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 163 [ AC_MSG_RESULT([yes]) ], 164 [ AC_MSG_RESULT([no]) 165 CFLAGS="$saved_CFLAGS" ] 166 ) 167 168 # -fstack-protector-all doesn't always work for some GCC versions 169 # and/or platforms, so we test if we can. If it's not supported 170 # on a given platform gcc will emit a warning so we use -Werror. 171 if test "x$use_stack_protector" = "x1"; then 172 for t in -fstack-protector-all -fstack-protector; do 173 AC_MSG_CHECKING([if $CC supports $t]) 174 saved_CFLAGS="$CFLAGS" 175 saved_LDFLAGS="$LDFLAGS" 176 CFLAGS="$CFLAGS $t -Werror" 177 LDFLAGS="$LDFLAGS $t -Werror" 178 AC_LINK_IFELSE( 179 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 180 [[ 181 char x[256]; 182 snprintf(x, sizeof(x), "XXX"); 183 ]])], 184 [ AC_MSG_RESULT([yes]) 185 CFLAGS="$saved_CFLAGS $t" 186 LDFLAGS="$saved_LDFLAGS $t" 187 AC_MSG_CHECKING([if $t works]) 188 AC_RUN_IFELSE( 189 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 190 [[ 191 char x[256]; 192 snprintf(x, sizeof(x), "XXX"); 193 ]])], 194 [ AC_MSG_RESULT([yes]) 195 break ], 196 [ AC_MSG_RESULT([no]) ], 197 [ AC_MSG_WARN([cross compiling: cannot test]) 198 break ] 199 ) 200 ], 201 [ AC_MSG_RESULT([no]) ] 202 ) 203 CFLAGS="$saved_CFLAGS" 204 LDFLAGS="$saved_LDFLAGS" 205 done 206 fi 207 208 if test -z "$have_llong_max"; then 209 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 210 unset ac_cv_have_decl_LLONG_MAX 211 saved_CFLAGS="$CFLAGS" 212 CFLAGS="$CFLAGS -std=gnu99" 213 AC_CHECK_DECL([LLONG_MAX], 214 [have_llong_max=1], 215 [CFLAGS="$saved_CFLAGS"], 216 [#include <limits.h>] 217 ) 218 fi 219fi 220 221AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 222AC_COMPILE_IFELSE( 223 [AC_LANG_PROGRAM([[ 224#include <stdlib.h> 225__attribute__((__unused__)) static void foo(void){return;}]], 226 [[ exit(0); ]])], 227 [ AC_MSG_RESULT([yes]) ], 228 [ AC_MSG_RESULT([no]) 229 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 230 [compiler does not accept __attribute__ on return types]) ] 231) 232 233if test "x$no_attrib_nonnull" != "x1" ; then 234 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 235fi 236 237AC_ARG_WITH([rpath], 238 [ --without-rpath Disable auto-added -R linker paths], 239 [ 240 if test "x$withval" = "xno" ; then 241 need_dash_r="" 242 fi 243 if test "x$withval" = "xyes" ; then 244 need_dash_r=1 245 fi 246 ] 247) 248 249# Allow user to specify flags 250AC_ARG_WITH([cflags], 251 [ --with-cflags Specify additional flags to pass to compiler], 252 [ 253 if test -n "$withval" && test "x$withval" != "xno" && \ 254 test "x${withval}" != "xyes"; then 255 CFLAGS="$CFLAGS $withval" 256 fi 257 ] 258) 259AC_ARG_WITH([cppflags], 260 [ --with-cppflags Specify additional flags to pass to preprocessor] , 261 [ 262 if test -n "$withval" && test "x$withval" != "xno" && \ 263 test "x${withval}" != "xyes"; then 264 CPPFLAGS="$CPPFLAGS $withval" 265 fi 266 ] 267) 268AC_ARG_WITH([ldflags], 269 [ --with-ldflags Specify additional flags to pass to linker], 270 [ 271 if test -n "$withval" && test "x$withval" != "xno" && \ 272 test "x${withval}" != "xyes"; then 273 LDFLAGS="$LDFLAGS $withval" 274 fi 275 ] 276) 277AC_ARG_WITH([libs], 278 [ --with-libs Specify additional libraries to link with], 279 [ 280 if test -n "$withval" && test "x$withval" != "xno" && \ 281 test "x${withval}" != "xyes"; then 282 LIBS="$LIBS $withval" 283 fi 284 ] 285) 286AC_ARG_WITH([Werror], 287 [ --with-Werror Build main code with -Werror], 288 [ 289 if test -n "$withval" && test "x$withval" != "xno"; then 290 werror_flags="-Werror" 291 if test "x${withval}" != "xyes"; then 292 werror_flags="$withval" 293 fi 294 fi 295 ] 296) 297 298AC_CHECK_HEADERS([ \ 299 bstring.h \ 300 crypt.h \ 301 crypto/sha2.h \ 302 dirent.h \ 303 endian.h \ 304 elf.h \ 305 features.h \ 306 fcntl.h \ 307 floatingpoint.h \ 308 getopt.h \ 309 glob.h \ 310 ia.h \ 311 iaf.h \ 312 limits.h \ 313 locale.h \ 314 login.h \ 315 maillock.h \ 316 ndir.h \ 317 net/if_tun.h \ 318 netdb.h \ 319 netgroup.h \ 320 pam/pam_appl.h \ 321 paths.h \ 322 poll.h \ 323 pty.h \ 324 readpassphrase.h \ 325 rpc/types.h \ 326 security/pam_appl.h \ 327 sha2.h \ 328 shadow.h \ 329 stddef.h \ 330 stdint.h \ 331 string.h \ 332 strings.h \ 333 sys/audit.h \ 334 sys/bitypes.h \ 335 sys/bsdtty.h \ 336 sys/cdefs.h \ 337 sys/dir.h \ 338 sys/mman.h \ 339 sys/ndir.h \ 340 sys/poll.h \ 341 sys/prctl.h \ 342 sys/pstat.h \ 343 sys/select.h \ 344 sys/stat.h \ 345 sys/stream.h \ 346 sys/stropts.h \ 347 sys/strtio.h \ 348 sys/statvfs.h \ 349 sys/sysmacros.h \ 350 sys/time.h \ 351 sys/timers.h \ 352 time.h \ 353 tmpdir.h \ 354 ttyent.h \ 355 ucred.h \ 356 unistd.h \ 357 usersec.h \ 358 util.h \ 359 utime.h \ 360 utmp.h \ 361 utmpx.h \ 362 vis.h \ 363]) 364 365# lastlog.h requires sys/time.h to be included first on Solaris 366AC_CHECK_HEADERS([lastlog.h], [], [], [ 367#ifdef HAVE_SYS_TIME_H 368# include <sys/time.h> 369#endif 370]) 371 372# sys/ptms.h requires sys/stream.h to be included first on Solaris 373AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 374#ifdef HAVE_SYS_STREAM_H 375# include <sys/stream.h> 376#endif 377]) 378 379# login_cap.h requires sys/types.h on NetBSD 380AC_CHECK_HEADERS([login_cap.h], [], [], [ 381#include <sys/types.h> 382]) 383 384# older BSDs need sys/param.h before sys/mount.h 385AC_CHECK_HEADERS([sys/mount.h], [], [], [ 386#include <sys/param.h> 387]) 388 389# Android requires sys/socket.h to be included before sys/un.h 390AC_CHECK_HEADERS([sys/un.h], [], [], [ 391#include <sys/types.h> 392#include <sys/socket.h> 393]) 394 395# Messages for features tested for in target-specific section 396SIA_MSG="no" 397SPC_MSG="no" 398SP_MSG="no" 399 400# Check for some target-specific stuff 401case "$host" in 402*-*-aix*) 403 # Some versions of VAC won't allow macro redefinitions at 404 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 405 # particularly with older versions of vac or xlc. 406 # It also throws errors about null macro argments, but these are 407 # not fatal. 408 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 409 AC_COMPILE_IFELSE( 410 [AC_LANG_PROGRAM([[ 411#define testmacro foo 412#define testmacro bar]], 413 [[ exit(0); ]])], 414 [ AC_MSG_RESULT([yes]) ], 415 [ AC_MSG_RESULT([no]) 416 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 417 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 418 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 419 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 420 ] 421 ) 422 423 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 424 if (test -z "$blibpath"); then 425 blibpath="/usr/lib:/lib" 426 fi 427 saved_LDFLAGS="$LDFLAGS" 428 if test "$GCC" = "yes"; then 429 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 430 else 431 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 432 fi 433 for tryflags in $flags ;do 434 if (test -z "$blibflags"); then 435 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 436 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 437 [blibflags=$tryflags], []) 438 fi 439 done 440 if (test -z "$blibflags"); then 441 AC_MSG_RESULT([not found]) 442 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 443 else 444 AC_MSG_RESULT([$blibflags]) 445 fi 446 LDFLAGS="$saved_LDFLAGS" 447 dnl Check for authenticate. Might be in libs.a on older AIXes 448 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 449 [Define if you want to enable AIX4's authenticate function])], 450 [AC_CHECK_LIB([s], [authenticate], 451 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 452 LIBS="$LIBS -ls" 453 ]) 454 ]) 455 dnl Check for various auth function declarations in headers. 456 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 457 passwdexpired, setauthdb], , , [#include <usersec.h>]) 458 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 459 AC_CHECK_DECLS([loginfailed], 460 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 461 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 462 [[ (void)loginfailed("user","host","tty",0); ]])], 463 [AC_MSG_RESULT([yes]) 464 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 465 [Define if your AIX loginfailed() function 466 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 467 ])], 468 [], 469 [#include <usersec.h>] 470 ) 471 AC_CHECK_FUNCS([getgrset setauthdb]) 472 AC_CHECK_DECL([F_CLOSEM], 473 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 474 [], 475 [ #include <limits.h> 476 #include <fcntl.h> ] 477 ) 478 check_for_aix_broken_getaddrinfo=1 479 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 480 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 481 [Define if your platform breaks doing a seteuid before a setuid]) 482 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 483 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 484 dnl AIX handles lastlog as part of its login message 485 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 486 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 487 [Some systems need a utmpx entry for /bin/login to work]) 488 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 489 [Define to a Set Process Title type if your system is 490 supported by bsd-setproctitle.c]) 491 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 492 [AIX 5.2 and 5.3 (and presumably newer) require this]) 493 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 494 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 495 ;; 496*-*-android*) 497 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 498 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 499 ;; 500*-*-cygwin*) 501 check_for_libcrypt_later=1 502 LIBS="$LIBS /usr/lib/textreadmode.o" 503 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 504 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 505 AC_DEFINE([DISABLE_SHADOW], [1], 506 [Define if you want to disable shadow passwords]) 507 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 508 [Define if X11 doesn't support AF_UNIX sockets on that system]) 509 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], 510 [Define if the concept of ports only accessible to 511 superusers isn't known]) 512 AC_DEFINE([DISABLE_FD_PASSING], [1], 513 [Define if your platform needs to skip post auth 514 file descriptor passing]) 515 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 516 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 517 ;; 518*-*-dgux*) 519 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 520 [Define if your system choked on IP TOS setting]) 521 AC_DEFINE([SETEUID_BREAKS_SETUID]) 522 AC_DEFINE([BROKEN_SETREUID]) 523 AC_DEFINE([BROKEN_SETREGID]) 524 ;; 525*-*-darwin*) 526 AC_MSG_CHECKING([if we have working getaddrinfo]) 527 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 528main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 529 exit(0); 530 else 531 exit(1); 532} 533 ]])], 534 [AC_MSG_RESULT([working])], 535 [AC_MSG_RESULT([buggy]) 536 AC_DEFINE([BROKEN_GETADDRINFO], [1], 537 [getaddrinfo is broken (if present)]) 538 ], 539 [AC_MSG_RESULT([assume it is working])]) 540 AC_DEFINE([SETEUID_BREAKS_SETUID]) 541 AC_DEFINE([BROKEN_SETREUID]) 542 AC_DEFINE([BROKEN_SETREGID]) 543 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 544 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 545 [Define if your resolver libs need this for getrrsetbyname]) 546 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 547 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 548 [Use tunnel device compatibility to OpenBSD]) 549 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 550 [Prepend the address family to IP tunnel traffic]) 551 m4_pattern_allow([AU_IPv]) 552 AC_CHECK_DECL([AU_IPv4], [], 553 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 554 [#include <bsm/audit.h>] 555 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 556 [Define if pututxline updates lastlog too]) 557 ) 558 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 559 [Define to a Set Process Title type if your system is 560 supported by bsd-setproctitle.c]) 561 AC_CHECK_FUNCS([sandbox_init]) 562 AC_CHECK_HEADERS([sandbox.h]) 563 ;; 564*-*-dragonfly*) 565 SSHDLIBS="$SSHDLIBS -lcrypt" 566 ;; 567*-*-haiku*) 568 LIBS="$LIBS -lbsd " 569 AC_CHECK_LIB([network], [socket]) 570 AC_DEFINE([HAVE_U_INT64_T]) 571 MANTYPE=man 572 ;; 573*-*-hpux*) 574 # first we define all of the options common to all HP-UX releases 575 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 576 IPADDR_IN_DISPLAY=yes 577 AC_DEFINE([USE_PIPES]) 578 AC_DEFINE([LOGIN_NO_ENDOPT], [1], 579 [Define if your login program cannot handle end of options ("--")]) 580 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 581 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 582 [String used in /etc/passwd to denote locked account]) 583 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 584 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 585 maildir="/var/mail" 586 LIBS="$LIBS -lsec" 587 AC_CHECK_LIB([xnet], [t_error], , 588 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 589 590 # next, we define all of the options specific to major releases 591 case "$host" in 592 *-*-hpux10*) 593 if test -z "$GCC"; then 594 CFLAGS="$CFLAGS -Ae" 595 fi 596 ;; 597 *-*-hpux11*) 598 AC_DEFINE([PAM_SUN_CODEBASE], [1], 599 [Define if you are using Solaris-derived PAM which 600 passes pam_messages to the conversation function 601 with an extra level of indirection]) 602 AC_DEFINE([DISABLE_UTMP], [1], 603 [Define if you don't want to use utmp]) 604 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 605 check_for_hpux_broken_getaddrinfo=1 606 check_for_conflicting_getspnam=1 607 ;; 608 esac 609 610 # lastly, we define options specific to minor releases 611 case "$host" in 612 *-*-hpux10.26) 613 AC_DEFINE([HAVE_SECUREWARE], [1], 614 [Define if you have SecureWare-based 615 protected password database]) 616 disable_ptmx_check=yes 617 LIBS="$LIBS -lsecpw" 618 ;; 619 esac 620 ;; 621*-*-irix5*) 622 PATH="$PATH:/usr/etc" 623 AC_DEFINE([BROKEN_INET_NTOA], [1], 624 [Define if you system's inet_ntoa is busted 625 (e.g. Irix gcc issue)]) 626 AC_DEFINE([SETEUID_BREAKS_SETUID]) 627 AC_DEFINE([BROKEN_SETREUID]) 628 AC_DEFINE([BROKEN_SETREGID]) 629 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 630 [Define if you shouldn't strip 'tty' from your 631 ttyname in [uw]tmp]) 632 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 633 ;; 634*-*-irix6*) 635 PATH="$PATH:/usr/etc" 636 AC_DEFINE([WITH_IRIX_ARRAY], [1], 637 [Define if you have/want arrays 638 (cluster-wide session managment, not C arrays)]) 639 AC_DEFINE([WITH_IRIX_PROJECT], [1], 640 [Define if you want IRIX project management]) 641 AC_DEFINE([WITH_IRIX_AUDIT], [1], 642 [Define if you want IRIX audit trails]) 643 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 644 [Define if you want IRIX kernel jobs])]) 645 AC_DEFINE([BROKEN_INET_NTOA]) 646 AC_DEFINE([SETEUID_BREAKS_SETUID]) 647 AC_DEFINE([BROKEN_SETREUID]) 648 AC_DEFINE([BROKEN_SETREGID]) 649 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 650 AC_DEFINE([WITH_ABBREV_NO_TTY]) 651 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 652 ;; 653*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 654 check_for_libcrypt_later=1 655 AC_DEFINE([PAM_TTY_KLUDGE]) 656 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 657 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 658 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 659 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 660 ;; 661*-*-linux*) 662 no_dev_ptmx=1 663 check_for_libcrypt_later=1 664 check_for_openpty_ctty_bug=1 665 AC_DEFINE([PAM_TTY_KLUDGE], [1], 666 [Work around problematic Linux PAM modules handling of PAM_TTY]) 667 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 668 [String used in /etc/passwd to denote locked account]) 669 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 670 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 671 [Define to whatever link() returns for "not supported" 672 if it doesn't return EOPNOTSUPP.]) 673 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 674 AC_DEFINE([USE_BTMP]) 675 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 676 inet6_default_4in6=yes 677 case `uname -r` in 678 1.*|2.0.*) 679 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 680 [Define if cmsg_type is not passed correctly]) 681 ;; 682 esac 683 # tun(4) forwarding compat code 684 AC_CHECK_HEADERS([linux/if_tun.h]) 685 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 686 AC_DEFINE([SSH_TUN_LINUX], [1], 687 [Open tunnel devices the Linux tun/tap way]) 688 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 689 [Use tunnel device compatibility to OpenBSD]) 690 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 691 [Prepend the address family to IP tunnel traffic]) 692 fi 693 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 694 [], [#include <linux/types.h>]) 695 AC_CHECK_FUNCS([prctl]) 696 AC_MSG_CHECKING([for seccomp architecture]) 697 seccomp_audit_arch= 698 case "$host" in 699 x86_64-*) 700 seccomp_audit_arch=AUDIT_ARCH_X86_64 701 ;; 702 i*86-*) 703 seccomp_audit_arch=AUDIT_ARCH_I386 704 ;; 705 arm*-*) 706 seccomp_audit_arch=AUDIT_ARCH_ARM 707 ;; 708 esac 709 if test "x$seccomp_audit_arch" != "x" ; then 710 AC_MSG_RESULT(["$seccomp_audit_arch"]) 711 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 712 [Specify the system call convention in use]) 713 else 714 AC_MSG_RESULT([architecture not supported]) 715 fi 716 ;; 717mips-sony-bsd|mips-sony-newsos4) 718 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 719 SONY=1 720 ;; 721*-*-netbsd*) 722 check_for_libcrypt_before=1 723 if test "x$withval" != "xno" ; then 724 need_dash_r=1 725 fi 726 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 727 AC_CHECK_HEADER([net/if_tap.h], , 728 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 729 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 730 [Prepend the address family to IP tunnel traffic]) 731 ;; 732*-*-freebsd*) 733 check_for_libcrypt_later=1 734 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 735 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 736 AC_CHECK_HEADER([net/if_tap.h], , 737 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 738 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 739 AC_DEFINE([BROKEN_STRNVIS], [1], [FreeBSD strnvis does not do what we need]) 740 ;; 741*-*-bsdi*) 742 AC_DEFINE([SETEUID_BREAKS_SETUID]) 743 AC_DEFINE([BROKEN_SETREUID]) 744 AC_DEFINE([BROKEN_SETREGID]) 745 ;; 746*-next-*) 747 conf_lastlog_location="/usr/adm/lastlog" 748 conf_utmp_location=/etc/utmp 749 conf_wtmp_location=/usr/adm/wtmp 750 maildir=/usr/spool/mail 751 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 752 AC_DEFINE([BROKEN_REALPATH]) 753 AC_DEFINE([USE_PIPES]) 754 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 755 ;; 756*-*-openbsd*) 757 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 758 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 759 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 760 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 761 [syslog_r function is safe to use in in a signal handler]) 762 ;; 763*-*-solaris*) 764 if test "x$withval" != "xno" ; then 765 need_dash_r=1 766 fi 767 AC_DEFINE([PAM_SUN_CODEBASE]) 768 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 769 AC_DEFINE([LOGIN_NEEDS_TERM], [1], 770 [Some versions of /bin/login need the TERM supplied 771 on the commandline]) 772 AC_DEFINE([PAM_TTY_KLUDGE]) 773 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 774 [Define if pam_chauthtok wants real uid set 775 to the unpriv'ed user]) 776 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 777 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 778 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 779 [Define if sshd somehow reacquires a controlling TTY 780 after setsid()]) 781 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 782 in case the name is longer than 8 chars]) 783 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 784 external_path_file=/etc/default/login 785 # hardwire lastlog location (can't detect it on some versions) 786 conf_lastlog_location="/var/adm/lastlog" 787 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 788 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 789 if test "$sol2ver" -ge 8; then 790 AC_MSG_RESULT([yes]) 791 AC_DEFINE([DISABLE_UTMP]) 792 AC_DEFINE([DISABLE_WTMP], [1], 793 [Define if you don't want to use wtmp]) 794 else 795 AC_MSG_RESULT([no]) 796 fi 797 AC_ARG_WITH([solaris-contracts], 798 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 799 [ 800 AC_CHECK_LIB([contract], [ct_tmpl_activate], 801 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 802 [Define if you have Solaris process contracts]) 803 SSHDLIBS="$SSHDLIBS -lcontract" 804 SPC_MSG="yes" ], ) 805 ], 806 ) 807 AC_ARG_WITH([solaris-projects], 808 [ --with-solaris-projects Enable Solaris projects (experimental)], 809 [ 810 AC_CHECK_LIB([project], [setproject], 811 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 812 [Define if you have Solaris projects]) 813 SSHDLIBS="$SSHDLIBS -lproject" 814 SP_MSG="yes" ], ) 815 ], 816 ) 817 TEST_SHELL=$SHELL # let configure find us a capable shell 818 ;; 819*-*-sunos4*) 820 CPPFLAGS="$CPPFLAGS -DSUNOS4" 821 AC_CHECK_FUNCS([getpwanam]) 822 AC_DEFINE([PAM_SUN_CODEBASE]) 823 conf_utmp_location=/etc/utmp 824 conf_wtmp_location=/var/adm/wtmp 825 conf_lastlog_location=/var/adm/lastlog 826 AC_DEFINE([USE_PIPES]) 827 ;; 828*-ncr-sysv*) 829 LIBS="$LIBS -lc89" 830 AC_DEFINE([USE_PIPES]) 831 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 832 AC_DEFINE([SETEUID_BREAKS_SETUID]) 833 AC_DEFINE([BROKEN_SETREUID]) 834 AC_DEFINE([BROKEN_SETREGID]) 835 ;; 836*-sni-sysv*) 837 # /usr/ucblib MUST NOT be searched on ReliantUNIX 838 AC_CHECK_LIB([dl], [dlsym], ,) 839 # -lresolv needs to be at the end of LIBS or DNS lookups break 840 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 841 IPADDR_IN_DISPLAY=yes 842 AC_DEFINE([USE_PIPES]) 843 AC_DEFINE([IP_TOS_IS_BROKEN]) 844 AC_DEFINE([SETEUID_BREAKS_SETUID]) 845 AC_DEFINE([BROKEN_SETREUID]) 846 AC_DEFINE([BROKEN_SETREGID]) 847 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 848 external_path_file=/etc/default/login 849 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 850 # Attention: always take care to bind libsocket and libnsl before libc, 851 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 852 ;; 853# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 854*-*-sysv4.2*) 855 AC_DEFINE([USE_PIPES]) 856 AC_DEFINE([SETEUID_BREAKS_SETUID]) 857 AC_DEFINE([BROKEN_SETREUID]) 858 AC_DEFINE([BROKEN_SETREGID]) 859 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 860 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 861 TEST_SHELL=$SHELL # let configure find us a capable shell 862 ;; 863# UnixWare 7.x, OpenUNIX 8 864*-*-sysv5*) 865 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 866 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 867 AC_DEFINE([USE_PIPES]) 868 AC_DEFINE([SETEUID_BREAKS_SETUID]) 869 AC_DEFINE([BROKEN_GETADDRINFO]) 870 AC_DEFINE([BROKEN_SETREUID]) 871 AC_DEFINE([BROKEN_SETREGID]) 872 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 873 TEST_SHELL=$SHELL # let configure find us a capable shell 874 case "$host" in 875 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 876 maildir=/var/spool/mail 877 AC_DEFINE([BROKEN_LIBIAF], [1], 878 [ia_uinfo routines not supported by OS yet]) 879 AC_DEFINE([BROKEN_UPDWTMPX]) 880 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 881 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 882 AC_DEFINE([HAVE_SECUREWARE]) 883 AC_DEFINE([DISABLE_SHADOW]) 884 ], , ) 885 ;; 886 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 887 check_for_libcrypt_later=1 888 ;; 889 esac 890 ;; 891*-*-sysv*) 892 ;; 893# SCO UNIX and OEM versions of SCO UNIX 894*-*-sco3.2v4*) 895 AC_MSG_ERROR("This Platform is no longer supported.") 896 ;; 897# SCO OpenServer 5.x 898*-*-sco3.2v5*) 899 if test -z "$GCC"; then 900 CFLAGS="$CFLAGS -belf" 901 fi 902 LIBS="$LIBS -lprot -lx -ltinfo -lm" 903 no_dev_ptmx=1 904 AC_DEFINE([USE_PIPES]) 905 AC_DEFINE([HAVE_SECUREWARE]) 906 AC_DEFINE([DISABLE_SHADOW]) 907 AC_DEFINE([DISABLE_FD_PASSING]) 908 AC_DEFINE([SETEUID_BREAKS_SETUID]) 909 AC_DEFINE([BROKEN_GETADDRINFO]) 910 AC_DEFINE([BROKEN_SETREUID]) 911 AC_DEFINE([BROKEN_SETREGID]) 912 AC_DEFINE([WITH_ABBREV_NO_TTY]) 913 AC_DEFINE([BROKEN_UPDWTMPX]) 914 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 915 AC_CHECK_FUNCS([getluid setluid]) 916 MANTYPE=man 917 TEST_SHELL=$SHELL # let configure find us a capable shell 918 SKIP_DISABLE_LASTLOG_DEFINE=yes 919 ;; 920*-*-unicosmk*) 921 AC_DEFINE([NO_SSH_LASTLOG], [1], 922 [Define if you don't want to use lastlog in session.c]) 923 AC_DEFINE([SETEUID_BREAKS_SETUID]) 924 AC_DEFINE([BROKEN_SETREUID]) 925 AC_DEFINE([BROKEN_SETREGID]) 926 AC_DEFINE([USE_PIPES]) 927 AC_DEFINE([DISABLE_FD_PASSING]) 928 LDFLAGS="$LDFLAGS" 929 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 930 MANTYPE=cat 931 ;; 932*-*-unicosmp*) 933 AC_DEFINE([SETEUID_BREAKS_SETUID]) 934 AC_DEFINE([BROKEN_SETREUID]) 935 AC_DEFINE([BROKEN_SETREGID]) 936 AC_DEFINE([WITH_ABBREV_NO_TTY]) 937 AC_DEFINE([USE_PIPES]) 938 AC_DEFINE([DISABLE_FD_PASSING]) 939 LDFLAGS="$LDFLAGS" 940 LIBS="$LIBS -lgen -lacid -ldb" 941 MANTYPE=cat 942 ;; 943*-*-unicos*) 944 AC_DEFINE([SETEUID_BREAKS_SETUID]) 945 AC_DEFINE([BROKEN_SETREUID]) 946 AC_DEFINE([BROKEN_SETREGID]) 947 AC_DEFINE([USE_PIPES]) 948 AC_DEFINE([DISABLE_FD_PASSING]) 949 AC_DEFINE([NO_SSH_LASTLOG]) 950 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 951 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 952 MANTYPE=cat 953 ;; 954*-dec-osf*) 955 AC_MSG_CHECKING([for Digital Unix SIA]) 956 no_osfsia="" 957 AC_ARG_WITH([osfsia], 958 [ --with-osfsia Enable Digital Unix SIA], 959 [ 960 if test "x$withval" = "xno" ; then 961 AC_MSG_RESULT([disabled]) 962 no_osfsia=1 963 fi 964 ], 965 ) 966 if test -z "$no_osfsia" ; then 967 if test -f /etc/sia/matrix.conf; then 968 AC_MSG_RESULT([yes]) 969 AC_DEFINE([HAVE_OSF_SIA], [1], 970 [Define if you have Digital Unix Security 971 Integration Architecture]) 972 AC_DEFINE([DISABLE_LOGIN], [1], 973 [Define if you don't want to use your 974 system's login() call]) 975 AC_DEFINE([DISABLE_FD_PASSING]) 976 LIBS="$LIBS -lsecurity -ldb -lm -laud" 977 SIA_MSG="yes" 978 else 979 AC_MSG_RESULT([no]) 980 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 981 [String used in /etc/passwd to denote locked account]) 982 fi 983 fi 984 AC_DEFINE([BROKEN_GETADDRINFO]) 985 AC_DEFINE([SETEUID_BREAKS_SETUID]) 986 AC_DEFINE([BROKEN_SETREUID]) 987 AC_DEFINE([BROKEN_SETREGID]) 988 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 989 ;; 990 991*-*-nto-qnx*) 992 AC_DEFINE([USE_PIPES]) 993 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 994 AC_DEFINE([DISABLE_LASTLOG]) 995 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 996 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 997 enable_etc_default_login=no # has incompatible /etc/default/login 998 case "$host" in 999 *-*-nto-qnx6*) 1000 AC_DEFINE([DISABLE_FD_PASSING]) 1001 ;; 1002 esac 1003 ;; 1004 1005*-*-ultrix*) 1006 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1007 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) 1008 AC_DEFINE([NEED_SETPGRP]) 1009 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1010 ;; 1011 1012*-*-lynxos) 1013 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1014 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) 1015 ;; 1016esac 1017 1018AC_MSG_CHECKING([compiler and flags for sanity]) 1019AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1020 [ AC_MSG_RESULT([yes]) ], 1021 [ 1022 AC_MSG_RESULT([no]) 1023 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1024 ], 1025 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1026) 1027 1028dnl Checks for header files. 1029# Checks for libraries. 1030AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) 1031AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1032 1033dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1034AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1035 AC_CHECK_LIB([gen], [dirname], [ 1036 AC_CACHE_CHECK([for broken dirname], 1037 ac_cv_have_broken_dirname, [ 1038 save_LIBS="$LIBS" 1039 LIBS="$LIBS -lgen" 1040 AC_RUN_IFELSE( 1041 [AC_LANG_SOURCE([[ 1042#include <libgen.h> 1043#include <string.h> 1044 1045int main(int argc, char **argv) { 1046 char *s, buf[32]; 1047 1048 strncpy(buf,"/etc", 32); 1049 s = dirname(buf); 1050 if (!s || strncmp(s, "/", 32) != 0) { 1051 exit(1); 1052 } else { 1053 exit(0); 1054 } 1055} 1056 ]])], 1057 [ ac_cv_have_broken_dirname="no" ], 1058 [ ac_cv_have_broken_dirname="yes" ], 1059 [ ac_cv_have_broken_dirname="no" ], 1060 ) 1061 LIBS="$save_LIBS" 1062 ]) 1063 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1064 LIBS="$LIBS -lgen" 1065 AC_DEFINE([HAVE_DIRNAME]) 1066 AC_CHECK_HEADERS([libgen.h]) 1067 fi 1068 ]) 1069]) 1070 1071AC_CHECK_FUNC([getspnam], , 1072 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1073AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1074 [Define if you have the basename function.])]) 1075 1076dnl zlib is required 1077AC_ARG_WITH([zlib], 1078 [ --with-zlib=PATH Use zlib in PATH], 1079 [ if test "x$withval" = "xno" ; then 1080 AC_MSG_ERROR([*** zlib is required ***]) 1081 elif test "x$withval" != "xyes"; then 1082 if test -d "$withval/lib"; then 1083 if test -n "${need_dash_r}"; then 1084 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1085 else 1086 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1087 fi 1088 else 1089 if test -n "${need_dash_r}"; then 1090 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1091 else 1092 LDFLAGS="-L${withval} ${LDFLAGS}" 1093 fi 1094 fi 1095 if test -d "$withval/include"; then 1096 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1097 else 1098 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1099 fi 1100 fi ] 1101) 1102 1103AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1104AC_CHECK_LIB([z], [deflate], , 1105 [ 1106 saved_CPPFLAGS="$CPPFLAGS" 1107 saved_LDFLAGS="$LDFLAGS" 1108 save_LIBS="$LIBS" 1109 dnl Check default zlib install dir 1110 if test -n "${need_dash_r}"; then 1111 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1112 else 1113 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1114 fi 1115 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1116 LIBS="$LIBS -lz" 1117 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1118 [ 1119 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1120 ] 1121 ) 1122 ] 1123) 1124 1125AC_ARG_WITH([zlib-version-check], 1126 [ --without-zlib-version-check Disable zlib version check], 1127 [ if test "x$withval" = "xno" ; then 1128 zlib_check_nonfatal=1 1129 fi 1130 ] 1131) 1132 1133AC_MSG_CHECKING([for possibly buggy zlib]) 1134AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1135#include <stdio.h> 1136#include <stdlib.h> 1137#include <zlib.h> 1138 ]], 1139 [[ 1140 int a=0, b=0, c=0, d=0, n, v; 1141 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1142 if (n != 3 && n != 4) 1143 exit(1); 1144 v = a*1000000 + b*10000 + c*100 + d; 1145 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1146 1147 /* 1.1.4 is OK */ 1148 if (a == 1 && b == 1 && c >= 4) 1149 exit(0); 1150 1151 /* 1.2.3 and up are OK */ 1152 if (v >= 1020300) 1153 exit(0); 1154 1155 exit(2); 1156 ]])], 1157 AC_MSG_RESULT([no]), 1158 [ AC_MSG_RESULT([yes]) 1159 if test -z "$zlib_check_nonfatal" ; then 1160 AC_MSG_ERROR([*** zlib too old - check config.log *** 1161Your reported zlib version has known security problems. It's possible your 1162vendor has fixed these problems without changing the version number. If you 1163are sure this is the case, you can disable the check by running 1164"./configure --without-zlib-version-check". 1165If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1166See http://www.gzip.org/zlib/ for details.]) 1167 else 1168 AC_MSG_WARN([zlib version may have security problems]) 1169 fi 1170 ], 1171 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1172) 1173 1174dnl UnixWare 2.x 1175AC_CHECK_FUNC([strcasecmp], 1176 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1177) 1178AC_CHECK_FUNCS([utimes], 1179 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1180 LIBS="$LIBS -lc89"]) ] 1181) 1182 1183dnl Checks for libutil functions 1184AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1185AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1186AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1187AC_SEARCH_LIBS([login], [util bsd]) 1188AC_SEARCH_LIBS([logout], [util bsd]) 1189AC_SEARCH_LIBS([logwtmp], [util bsd]) 1190AC_SEARCH_LIBS([openpty], [util bsd]) 1191AC_SEARCH_LIBS([updwtmp], [util bsd]) 1192AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1193 1194AC_FUNC_STRFTIME 1195 1196# Check for ALTDIRFUNC glob() extension 1197AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1198AC_EGREP_CPP([FOUNDIT], 1199 [ 1200 #include <glob.h> 1201 #ifdef GLOB_ALTDIRFUNC 1202 FOUNDIT 1203 #endif 1204 ], 1205 [ 1206 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1207 [Define if your system glob() function has 1208 the GLOB_ALTDIRFUNC extension]) 1209 AC_MSG_RESULT([yes]) 1210 ], 1211 [ 1212 AC_MSG_RESULT([no]) 1213 ] 1214) 1215 1216# Check for g.gl_matchc glob() extension 1217AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1218AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1219 [[ glob_t g; g.gl_matchc = 1; ]])], 1220 [ 1221 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1222 [Define if your system glob() function has 1223 gl_matchc options in glob_t]) 1224 AC_MSG_RESULT([yes]) 1225 ], [ 1226 AC_MSG_RESULT([no]) 1227]) 1228 1229# Check for g.gl_statv glob() extension 1230AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1231AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1232#ifndef GLOB_KEEPSTAT 1233#error "glob does not support GLOB_KEEPSTAT extension" 1234#endif 1235glob_t g; 1236g.gl_statv = NULL; 1237]])], 1238 [ 1239 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1240 [Define if your system glob() function has 1241 gl_statv options in glob_t]) 1242 AC_MSG_RESULT([yes]) 1243 ], [ 1244 AC_MSG_RESULT([no]) 1245 1246]) 1247 1248AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1249 1250AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1251AC_RUN_IFELSE( 1252 [AC_LANG_PROGRAM([[ 1253#include <sys/types.h> 1254#include <dirent.h>]], 1255 [[ 1256 struct dirent d; 1257 exit(sizeof(d.d_name)<=sizeof(char)); 1258 ]])], 1259 [AC_MSG_RESULT([yes])], 1260 [ 1261 AC_MSG_RESULT([no]) 1262 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1263 [Define if your struct dirent expects you to 1264 allocate extra space for d_name]) 1265 ], 1266 [ 1267 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1268 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1269 ] 1270) 1271 1272AC_MSG_CHECKING([for /proc/pid/fd directory]) 1273if test -d "/proc/$$/fd" ; then 1274 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1275 AC_MSG_RESULT([yes]) 1276else 1277 AC_MSG_RESULT([no]) 1278fi 1279 1280# Check whether user wants S/Key support 1281SKEY_MSG="no" 1282AC_ARG_WITH([skey], 1283 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1284 [ 1285 if test "x$withval" != "xno" ; then 1286 1287 if test "x$withval" != "xyes" ; then 1288 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1289 LDFLAGS="$LDFLAGS -L${withval}/lib" 1290 fi 1291 1292 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1293 LIBS="-lskey $LIBS" 1294 SKEY_MSG="yes" 1295 1296 AC_MSG_CHECKING([for s/key support]) 1297 AC_LINK_IFELSE( 1298 [AC_LANG_PROGRAM([[ 1299#include <stdio.h> 1300#include <skey.h> 1301 ]], [[ 1302 char *ff = skey_keyinfo(""); ff=""; 1303 exit(0); 1304 ]])], 1305 [AC_MSG_RESULT([yes])], 1306 [ 1307 AC_MSG_RESULT([no]) 1308 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1309 ]) 1310 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1311 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1312#include <stdio.h> 1313#include <skey.h> 1314 ]], [[ 1315 (void)skeychallenge(NULL,"name","",0); 1316 ]])], 1317 [ 1318 AC_MSG_RESULT([yes]) 1319 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1320 [Define if your skeychallenge() 1321 function takes 4 arguments (NetBSD)])], 1322 [ 1323 AC_MSG_RESULT([no]) 1324 ]) 1325 fi 1326 ] 1327) 1328 1329# Check whether user wants TCP wrappers support 1330TCPW_MSG="no" 1331AC_ARG_WITH([tcp-wrappers], 1332 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1333 [ 1334 if test "x$withval" != "xno" ; then 1335 saved_LIBS="$LIBS" 1336 saved_LDFLAGS="$LDFLAGS" 1337 saved_CPPFLAGS="$CPPFLAGS" 1338 if test -n "${withval}" && \ 1339 test "x${withval}" != "xyes"; then 1340 if test -d "${withval}/lib"; then 1341 if test -n "${need_dash_r}"; then 1342 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1343 else 1344 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1345 fi 1346 else 1347 if test -n "${need_dash_r}"; then 1348 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1349 else 1350 LDFLAGS="-L${withval} ${LDFLAGS}" 1351 fi 1352 fi 1353 if test -d "${withval}/include"; then 1354 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1355 else 1356 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1357 fi 1358 fi 1359 LIBS="-lwrap $LIBS" 1360 AC_MSG_CHECKING([for libwrap]) 1361 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1362#include <sys/types.h> 1363#include <sys/socket.h> 1364#include <netinet/in.h> 1365#include <tcpd.h> 1366int deny_severity = 0, allow_severity = 0; 1367 ]], [[ 1368 hosts_access(0); 1369 ]])], [ 1370 AC_MSG_RESULT([yes]) 1371 AC_DEFINE([LIBWRAP], [1], 1372 [Define if you want 1373 TCP Wrappers support]) 1374 SSHDLIBS="$SSHDLIBS -lwrap" 1375 TCPW_MSG="yes" 1376 ], [ 1377 AC_MSG_ERROR([*** libwrap missing]) 1378 1379 ]) 1380 LIBS="$saved_LIBS" 1381 fi 1382 ] 1383) 1384 1385# Check whether user wants to use ldns 1386LDNS_MSG="no" 1387AC_ARG_WITH(ldns, 1388 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1389 [ 1390 if test "x$withval" != "xno" ; then 1391 1392 if test "x$withval" != "xyes" ; then 1393 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1394 LDFLAGS="$LDFLAGS -L${withval}/lib" 1395 fi 1396 1397 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1398 LIBS="-lldns $LIBS" 1399 LDNS_MSG="yes" 1400 1401 AC_MSG_CHECKING([for ldns support]) 1402 AC_LINK_IFELSE( 1403 [AC_LANG_SOURCE([[ 1404#include <stdio.h> 1405#include <stdlib.h> 1406#include <stdint.h> 1407#include <ldns/ldns.h> 1408int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1409 ]]) 1410 ], 1411 [AC_MSG_RESULT(yes)], 1412 [ 1413 AC_MSG_RESULT(no) 1414 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1415 ]) 1416 fi 1417 ] 1418) 1419 1420# Check whether user wants libedit support 1421LIBEDIT_MSG="no" 1422AC_ARG_WITH([libedit], 1423 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1424 [ if test "x$withval" != "xno" ; then 1425 if test "x$withval" = "xyes" ; then 1426 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1427 if test "x$PKGCONFIG" != "xno"; then 1428 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1429 if "$PKGCONFIG" libedit; then 1430 AC_MSG_RESULT([yes]) 1431 use_pkgconfig_for_libedit=yes 1432 else 1433 AC_MSG_RESULT([no]) 1434 fi 1435 fi 1436 else 1437 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1438 if test -n "${need_dash_r}"; then 1439 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1440 else 1441 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1442 fi 1443 fi 1444 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1445 LIBEDIT=`$PKGCONFIG --libs-only-l libedit` 1446 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1447 else 1448 LIBEDIT="-ledit -lcurses" 1449 fi 1450 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1451 AC_CHECK_LIB([edit], [el_init], 1452 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1453 LIBEDIT_MSG="yes" 1454 AC_SUBST([LIBEDIT]) 1455 ], 1456 [ AC_MSG_ERROR([libedit not found]) ], 1457 [ $OTHERLIBS ] 1458 ) 1459 AC_MSG_CHECKING([if libedit version is compatible]) 1460 AC_COMPILE_IFELSE( 1461 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1462 [[ 1463 int i = H_SETSIZE; 1464 el_init("", NULL, NULL, NULL); 1465 exit(0); 1466 ]])], 1467 [ AC_MSG_RESULT([yes]) ], 1468 [ AC_MSG_RESULT([no]) 1469 AC_MSG_ERROR([libedit version is not compatible]) ] 1470 ) 1471 fi ] 1472) 1473 1474AUDIT_MODULE=none 1475AC_ARG_WITH([audit], 1476 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1477 [ 1478 AC_MSG_CHECKING([for supported audit module]) 1479 case "$withval" in 1480 bsm) 1481 AC_MSG_RESULT([bsm]) 1482 AUDIT_MODULE=bsm 1483 dnl Checks for headers, libs and functions 1484 AC_CHECK_HEADERS([bsm/audit.h], [], 1485 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1486 [ 1487#ifdef HAVE_TIME_H 1488# include <time.h> 1489#endif 1490 ] 1491) 1492 AC_CHECK_LIB([bsm], [getaudit], [], 1493 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1494 AC_CHECK_FUNCS([getaudit], [], 1495 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1496 # These are optional 1497 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1498 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1499 if test "$sol2ver" -eq 11; then 1500 SSHDLIBS="$SSHDLIBS -lscf" 1501 AC_DEFINE([BROKEN_BSM_API], [1], 1502 [The system has incomplete BSM API]) 1503 fi 1504 ;; 1505 linux) 1506 AC_MSG_RESULT([linux]) 1507 AUDIT_MODULE=linux 1508 dnl Checks for headers, libs and functions 1509 AC_CHECK_HEADERS([libaudit.h]) 1510 SSHDLIBS="$SSHDLIBS -laudit" 1511 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1512 ;; 1513 debug) 1514 AUDIT_MODULE=debug 1515 AC_MSG_RESULT([debug]) 1516 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1517 ;; 1518 no) 1519 AC_MSG_RESULT([no]) 1520 ;; 1521 *) 1522 AC_MSG_ERROR([Unknown audit module $withval]) 1523 ;; 1524 esac ] 1525) 1526 1527dnl Checks for library functions. Please keep in alphabetical order 1528AC_CHECK_FUNCS([ \ 1529 arc4random \ 1530 arc4random_buf \ 1531 arc4random_uniform \ 1532 asprintf \ 1533 b64_ntop \ 1534 __b64_ntop \ 1535 b64_pton \ 1536 __b64_pton \ 1537 bcopy \ 1538 bindresvport_sa \ 1539 clock \ 1540 closefrom \ 1541 dirfd \ 1542 endgrent \ 1543 fchmod \ 1544 fchown \ 1545 freeaddrinfo \ 1546 fstatvfs \ 1547 futimes \ 1548 getaddrinfo \ 1549 getcwd \ 1550 getgrouplist \ 1551 getnameinfo \ 1552 getopt \ 1553 getpeereid \ 1554 getpeerucred \ 1555 getpgid \ 1556 getpgrp \ 1557 _getpty \ 1558 getrlimit \ 1559 getttyent \ 1560 glob \ 1561 group_from_gid \ 1562 inet_aton \ 1563 inet_ntoa \ 1564 inet_ntop \ 1565 innetgr \ 1566 login_getcapbool \ 1567 mblen \ 1568 md5_crypt \ 1569 memmove \ 1570 mkdtemp \ 1571 mmap \ 1572 ngetaddrinfo \ 1573 nsleep \ 1574 ogetaddrinfo \ 1575 openlog_r \ 1576 poll \ 1577 prctl \ 1578 pstat \ 1579 readpassphrase \ 1580 realpath \ 1581 recvmsg \ 1582 rresvport_af \ 1583 sendmsg \ 1584 setdtablesize \ 1585 setegid \ 1586 setenv \ 1587 seteuid \ 1588 setgroupent \ 1589 setgroups \ 1590 setlinebuf \ 1591 setlogin \ 1592 setpassent\ 1593 setpcred \ 1594 setproctitle \ 1595 setregid \ 1596 setreuid \ 1597 setrlimit \ 1598 setsid \ 1599 setvbuf \ 1600 sigaction \ 1601 sigvec \ 1602 snprintf \ 1603 socketpair \ 1604 statfs \ 1605 statvfs \ 1606 strdup \ 1607 strerror \ 1608 strlcat \ 1609 strlcpy \ 1610 strmode \ 1611 strnlen \ 1612 strnvis \ 1613 strptime \ 1614 strtonum \ 1615 strtoll \ 1616 strtoul \ 1617 strtoull \ 1618 swap32 \ 1619 sysconf \ 1620 tcgetpgrp \ 1621 timingsafe_bcmp \ 1622 truncate \ 1623 unsetenv \ 1624 updwtmpx \ 1625 user_from_uid \ 1626 usleep \ 1627 vasprintf \ 1628 vhangup \ 1629 vsnprintf \ 1630 waitpid \ 1631]) 1632 1633AC_LINK_IFELSE( 1634 [AC_LANG_PROGRAM( 1635 [[ #include <ctype.h> ]], 1636 [[ return (isblank('a')); ]])], 1637 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1638]) 1639 1640# PKCS#11 support requires dlopen() and co 1641AC_SEARCH_LIBS([dlopen], [dl], 1642 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1643) 1644 1645# IRIX has a const char return value for gai_strerror() 1646AC_CHECK_FUNCS([gai_strerror], [ 1647 AC_DEFINE([HAVE_GAI_STRERROR]) 1648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1649#include <sys/types.h> 1650#include <sys/socket.h> 1651#include <netdb.h> 1652 1653const char *gai_strerror(int); 1654 ]], [[ 1655 char *str; 1656 str = gai_strerror(0); 1657 ]])], [ 1658 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1659 [Define if gai_strerror() returns const char *])], [])]) 1660 1661AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1662 [Some systems put nanosleep outside of libc])]) 1663 1664AC_SEARCH_LIBS([clock_gettime], [rt], 1665 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1666 1667dnl Make sure prototypes are defined for these before using them. 1668AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1669AC_CHECK_DECL([strsep], 1670 [AC_CHECK_FUNCS([strsep])], 1671 [], 1672 [ 1673#ifdef HAVE_STRING_H 1674# include <string.h> 1675#endif 1676 ]) 1677 1678dnl tcsendbreak might be a macro 1679AC_CHECK_DECL([tcsendbreak], 1680 [AC_DEFINE([HAVE_TCSENDBREAK])], 1681 [AC_CHECK_FUNCS([tcsendbreak])], 1682 [#include <termios.h>] 1683) 1684 1685AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1686 1687AC_CHECK_DECLS([SHUT_RD], , , 1688 [ 1689#include <sys/types.h> 1690#include <sys/socket.h> 1691 ]) 1692 1693AC_CHECK_DECLS([O_NONBLOCK], , , 1694 [ 1695#include <sys/types.h> 1696#ifdef HAVE_SYS_STAT_H 1697# include <sys/stat.h> 1698#endif 1699#ifdef HAVE_FCNTL_H 1700# include <fcntl.h> 1701#endif 1702 ]) 1703 1704AC_CHECK_DECLS([writev], , , [ 1705#include <sys/types.h> 1706#include <sys/uio.h> 1707#include <unistd.h> 1708 ]) 1709 1710AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1711#include <sys/param.h> 1712 ]) 1713 1714AC_CHECK_DECLS([offsetof], , , [ 1715#include <stddef.h> 1716 ]) 1717 1718# extra bits for select(2) 1719AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1720#include <sys/param.h> 1721#include <sys/types.h> 1722#ifdef HAVE_SYS_SYSMACROS_H 1723#include <sys/sysmacros.h> 1724#endif 1725#ifdef HAVE_SYS_SELECT_H 1726#include <sys/select.h> 1727#endif 1728#ifdef HAVE_SYS_TIME_H 1729#include <sys/time.h> 1730#endif 1731#ifdef HAVE_UNISTD_H 1732#include <unistd.h> 1733#endif 1734 ]]) 1735AC_CHECK_TYPES([fd_mask], [], [], [[ 1736#include <sys/param.h> 1737#include <sys/types.h> 1738#ifdef HAVE_SYS_SELECT_H 1739#include <sys/select.h> 1740#endif 1741#ifdef HAVE_SYS_TIME_H 1742#include <sys/time.h> 1743#endif 1744#ifdef HAVE_UNISTD_H 1745#include <unistd.h> 1746#endif 1747 ]]) 1748 1749AC_CHECK_FUNCS([setresuid], [ 1750 dnl Some platorms have setresuid that isn't implemented, test for this 1751 AC_MSG_CHECKING([if setresuid seems to work]) 1752 AC_RUN_IFELSE( 1753 [AC_LANG_PROGRAM([[ 1754#include <stdlib.h> 1755#include <errno.h> 1756 ]], [[ 1757 errno=0; 1758 setresuid(0,0,0); 1759 if (errno==ENOSYS) 1760 exit(1); 1761 else 1762 exit(0); 1763 ]])], 1764 [AC_MSG_RESULT([yes])], 1765 [AC_DEFINE([BROKEN_SETRESUID], [1], 1766 [Define if your setresuid() is broken]) 1767 AC_MSG_RESULT([not implemented])], 1768 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1769 ) 1770]) 1771 1772AC_CHECK_FUNCS([setresgid], [ 1773 dnl Some platorms have setresgid that isn't implemented, test for this 1774 AC_MSG_CHECKING([if setresgid seems to work]) 1775 AC_RUN_IFELSE( 1776 [AC_LANG_PROGRAM([[ 1777#include <stdlib.h> 1778#include <errno.h> 1779 ]], [[ 1780 errno=0; 1781 setresgid(0,0,0); 1782 if (errno==ENOSYS) 1783 exit(1); 1784 else 1785 exit(0); 1786 ]])], 1787 [AC_MSG_RESULT([yes])], 1788 [AC_DEFINE([BROKEN_SETRESGID], [1], 1789 [Define if your setresgid() is broken]) 1790 AC_MSG_RESULT([not implemented])], 1791 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1792 ) 1793]) 1794 1795dnl Checks for time functions 1796AC_CHECK_FUNCS([gettimeofday time]) 1797dnl Checks for utmp functions 1798AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 1799AC_CHECK_FUNCS([utmpname]) 1800dnl Checks for utmpx functions 1801AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 1802AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 1803dnl Checks for lastlog functions 1804AC_CHECK_FUNCS([getlastlogxbyname]) 1805 1806AC_CHECK_FUNC([daemon], 1807 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 1808 [AC_CHECK_LIB([bsd], [daemon], 1809 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 1810) 1811 1812AC_CHECK_FUNC([getpagesize], 1813 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 1814 [Define if your libraries define getpagesize()])], 1815 [AC_CHECK_LIB([ucb], [getpagesize], 1816 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 1817) 1818 1819# Check for broken snprintf 1820if test "x$ac_cv_func_snprintf" = "xyes" ; then 1821 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 1822 AC_RUN_IFELSE( 1823 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 1824 [[ 1825 char b[5]; 1826 snprintf(b,5,"123456789"); 1827 exit(b[4]!='\0'); 1828 ]])], 1829 [AC_MSG_RESULT([yes])], 1830 [ 1831 AC_MSG_RESULT([no]) 1832 AC_DEFINE([BROKEN_SNPRINTF], [1], 1833 [Define if your snprintf is busted]) 1834 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 1835 ], 1836 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 1837 ) 1838fi 1839 1840# If we don't have a working asprintf, then we strongly depend on vsnprintf 1841# returning the right thing on overflow: the number of characters it tried to 1842# create (as per SUSv3) 1843if test "x$ac_cv_func_asprintf" != "xyes" && \ 1844 test "x$ac_cv_func_vsnprintf" = "xyes" ; then 1845 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 1846 AC_RUN_IFELSE( 1847 [AC_LANG_PROGRAM([[ 1848#include <sys/types.h> 1849#include <stdio.h> 1850#include <stdarg.h> 1851 1852int x_snprintf(char *str,size_t count,const char *fmt,...) 1853{ 1854 size_t ret; va_list ap; 1855 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); 1856 return ret; 1857} 1858 ]], [[ 1859 char x[1]; 1860 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); 1861 ]])], 1862 [AC_MSG_RESULT([yes])], 1863 [ 1864 AC_MSG_RESULT([no]) 1865 AC_DEFINE([BROKEN_SNPRINTF], [1], 1866 [Define if your snprintf is busted]) 1867 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 1868 ], 1869 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 1870 ) 1871fi 1872 1873# On systems where [v]snprintf is broken, but is declared in stdio, 1874# check that the fmt argument is const char * or just char *. 1875# This is only useful for when BROKEN_SNPRINTF 1876AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 1877AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1878#include <stdio.h> 1879int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 1880 ]], [[ 1881 snprintf(0, 0, 0); 1882 ]])], 1883 [AC_MSG_RESULT([yes]) 1884 AC_DEFINE([SNPRINTF_CONST], [const], 1885 [Define as const if snprintf() can declare const char *fmt])], 1886 [AC_MSG_RESULT([no]) 1887 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 1888 1889# Check for missing getpeereid (or equiv) support 1890NO_PEERCHECK="" 1891if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 1892 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 1893 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1894#include <sys/types.h> 1895#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 1896 [ AC_MSG_RESULT([yes]) 1897 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 1898 ], [AC_MSG_RESULT([no]) 1899 NO_PEERCHECK=1 1900 ]) 1901fi 1902 1903dnl see whether mkstemp() requires XXXXXX 1904if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 1905AC_MSG_CHECKING([for (overly) strict mkstemp]) 1906AC_RUN_IFELSE( 1907 [AC_LANG_PROGRAM([[ 1908#include <stdlib.h> 1909 ]], [[ 1910 char template[]="conftest.mkstemp-test"; 1911 if (mkstemp(template) == -1) 1912 exit(1); 1913 unlink(template); 1914 exit(0); 1915 ]])], 1916 [ 1917 AC_MSG_RESULT([no]) 1918 ], 1919 [ 1920 AC_MSG_RESULT([yes]) 1921 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 1922 ], 1923 [ 1924 AC_MSG_RESULT([yes]) 1925 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 1926 ] 1927) 1928fi 1929 1930dnl make sure that openpty does not reacquire controlling terminal 1931if test ! -z "$check_for_openpty_ctty_bug"; then 1932 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 1933 AC_RUN_IFELSE( 1934 [AC_LANG_PROGRAM([[ 1935#include <stdio.h> 1936#include <sys/fcntl.h> 1937#include <sys/types.h> 1938#include <sys/wait.h> 1939 ]], [[ 1940 pid_t pid; 1941 int fd, ptyfd, ttyfd, status; 1942 1943 pid = fork(); 1944 if (pid < 0) { /* failed */ 1945 exit(1); 1946 } else if (pid > 0) { /* parent */ 1947 waitpid(pid, &status, 0); 1948 if (WIFEXITED(status)) 1949 exit(WEXITSTATUS(status)); 1950 else 1951 exit(2); 1952 } else { /* child */ 1953 close(0); close(1); close(2); 1954 setsid(); 1955 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 1956 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 1957 if (fd >= 0) 1958 exit(3); /* Acquired ctty: broken */ 1959 else 1960 exit(0); /* Did not acquire ctty: OK */ 1961 } 1962 ]])], 1963 [ 1964 AC_MSG_RESULT([yes]) 1965 ], 1966 [ 1967 AC_MSG_RESULT([no]) 1968 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1969 ], 1970 [ 1971 AC_MSG_RESULT([cross-compiling, assuming yes]) 1972 ] 1973 ) 1974fi 1975 1976if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 1977 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 1978 AC_MSG_CHECKING([if getaddrinfo seems to work]) 1979 AC_RUN_IFELSE( 1980 [AC_LANG_PROGRAM([[ 1981#include <stdio.h> 1982#include <sys/socket.h> 1983#include <netdb.h> 1984#include <errno.h> 1985#include <netinet/in.h> 1986 1987#define TEST_PORT "2222" 1988 ]], [[ 1989 int err, sock; 1990 struct addrinfo *gai_ai, *ai, hints; 1991 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 1992 1993 memset(&hints, 0, sizeof(hints)); 1994 hints.ai_family = PF_UNSPEC; 1995 hints.ai_socktype = SOCK_STREAM; 1996 hints.ai_flags = AI_PASSIVE; 1997 1998 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 1999 if (err != 0) { 2000 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2001 exit(1); 2002 } 2003 2004 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2005 if (ai->ai_family != AF_INET6) 2006 continue; 2007 2008 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2009 sizeof(ntop), strport, sizeof(strport), 2010 NI_NUMERICHOST|NI_NUMERICSERV); 2011 2012 if (err != 0) { 2013 if (err == EAI_SYSTEM) 2014 perror("getnameinfo EAI_SYSTEM"); 2015 else 2016 fprintf(stderr, "getnameinfo failed: %s\n", 2017 gai_strerror(err)); 2018 exit(2); 2019 } 2020 2021 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2022 if (sock < 0) 2023 perror("socket"); 2024 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2025 if (errno == EBADF) 2026 exit(3); 2027 } 2028 } 2029 exit(0); 2030 ]])], 2031 [ 2032 AC_MSG_RESULT([yes]) 2033 ], 2034 [ 2035 AC_MSG_RESULT([no]) 2036 AC_DEFINE([BROKEN_GETADDRINFO]) 2037 ], 2038 [ 2039 AC_MSG_RESULT([cross-compiling, assuming yes]) 2040 ] 2041 ) 2042fi 2043 2044if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2045 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2046 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2047 AC_RUN_IFELSE( 2048 [AC_LANG_PROGRAM([[ 2049#include <stdio.h> 2050#include <sys/socket.h> 2051#include <netdb.h> 2052#include <errno.h> 2053#include <netinet/in.h> 2054 2055#define TEST_PORT "2222" 2056 ]], [[ 2057 int err, sock; 2058 struct addrinfo *gai_ai, *ai, hints; 2059 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2060 2061 memset(&hints, 0, sizeof(hints)); 2062 hints.ai_family = PF_UNSPEC; 2063 hints.ai_socktype = SOCK_STREAM; 2064 hints.ai_flags = AI_PASSIVE; 2065 2066 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2067 if (err != 0) { 2068 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2069 exit(1); 2070 } 2071 2072 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2073 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2074 continue; 2075 2076 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2077 sizeof(ntop), strport, sizeof(strport), 2078 NI_NUMERICHOST|NI_NUMERICSERV); 2079 2080 if (ai->ai_family == AF_INET && err != 0) { 2081 perror("getnameinfo"); 2082 exit(2); 2083 } 2084 } 2085 exit(0); 2086 ]])], 2087 [ 2088 AC_MSG_RESULT([yes]) 2089 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2090 [Define if you have a getaddrinfo that fails 2091 for the all-zeros IPv6 address]) 2092 ], 2093 [ 2094 AC_MSG_RESULT([no]) 2095 AC_DEFINE([BROKEN_GETADDRINFO]) 2096 ], 2097 [ 2098 AC_MSG_RESULT([cross-compiling, assuming no]) 2099 ] 2100 ) 2101fi 2102 2103if test "x$check_for_conflicting_getspnam" = "x1"; then 2104 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2105 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2106 [[ exit(0); ]])], 2107 [ 2108 AC_MSG_RESULT([no]) 2109 ], 2110 [ 2111 AC_MSG_RESULT([yes]) 2112 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2113 [Conflicting defs for getspnam]) 2114 ] 2115 ) 2116fi 2117 2118AC_FUNC_GETPGRP 2119 2120# Search for OpenSSL 2121saved_CPPFLAGS="$CPPFLAGS" 2122saved_LDFLAGS="$LDFLAGS" 2123AC_ARG_WITH([ssl-dir], 2124 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2125 [ 2126 if test "x$withval" != "xno" ; then 2127 case "$withval" in 2128 # Relative paths 2129 ./*|../*) withval="`pwd`/$withval" 2130 esac 2131 if test -d "$withval/lib"; then 2132 if test -n "${need_dash_r}"; then 2133 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2134 else 2135 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2136 fi 2137 elif test -d "$withval/lib64"; then 2138 if test -n "${need_dash_r}"; then 2139 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2140 else 2141 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2142 fi 2143 else 2144 if test -n "${need_dash_r}"; then 2145 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2146 else 2147 LDFLAGS="-L${withval} ${LDFLAGS}" 2148 fi 2149 fi 2150 if test -d "$withval/include"; then 2151 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2152 else 2153 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2154 fi 2155 fi 2156 ] 2157) 2158LIBS="-lcrypto $LIBS" 2159AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2160 [Define if your ssl headers are included 2161 with #include <openssl/header.h>])], 2162 [ 2163 dnl Check default openssl install dir 2164 if test -n "${need_dash_r}"; then 2165 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2166 else 2167 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2168 fi 2169 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2170 AC_CHECK_HEADER([openssl/opensslv.h], , 2171 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2172 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2173 [ 2174 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2175 ] 2176 ) 2177 ] 2178) 2179 2180# Determine OpenSSL header version 2181AC_MSG_CHECKING([OpenSSL header version]) 2182AC_RUN_IFELSE( 2183 [AC_LANG_PROGRAM([[ 2184#include <stdio.h> 2185#include <string.h> 2186#include <openssl/opensslv.h> 2187#define DATA "conftest.sslincver" 2188 ]], [[ 2189 FILE *fd; 2190 int rc; 2191 2192 fd = fopen(DATA,"w"); 2193 if(fd == NULL) 2194 exit(1); 2195 2196 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 2197 exit(1); 2198 2199 exit(0); 2200 ]])], 2201 [ 2202 ssl_header_ver=`cat conftest.sslincver` 2203 AC_MSG_RESULT([$ssl_header_ver]) 2204 ], 2205 [ 2206 AC_MSG_RESULT([not found]) 2207 AC_MSG_ERROR([OpenSSL version header not found.]) 2208 ], 2209 [ 2210 AC_MSG_WARN([cross compiling: not checking]) 2211 ] 2212) 2213 2214# Determine OpenSSL library version 2215AC_MSG_CHECKING([OpenSSL library version]) 2216AC_RUN_IFELSE( 2217 [AC_LANG_PROGRAM([[ 2218#include <stdio.h> 2219#include <string.h> 2220#include <openssl/opensslv.h> 2221#include <openssl/crypto.h> 2222#define DATA "conftest.ssllibver" 2223 ]], [[ 2224 FILE *fd; 2225 int rc; 2226 2227 fd = fopen(DATA,"w"); 2228 if(fd == NULL) 2229 exit(1); 2230 2231 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) 2232 exit(1); 2233 2234 exit(0); 2235 ]])], 2236 [ 2237 ssl_library_ver=`cat conftest.ssllibver` 2238 AC_MSG_RESULT([$ssl_library_ver]) 2239 ], 2240 [ 2241 AC_MSG_RESULT([not found]) 2242 AC_MSG_ERROR([OpenSSL library not found.]) 2243 ], 2244 [ 2245 AC_MSG_WARN([cross compiling: not checking]) 2246 ] 2247) 2248 2249AC_ARG_WITH([openssl-header-check], 2250 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2251 [ if test "x$withval" = "xno" ; then 2252 openssl_check_nonfatal=1 2253 fi 2254 ] 2255) 2256 2257# Sanity check OpenSSL headers 2258AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2259AC_RUN_IFELSE( 2260 [AC_LANG_PROGRAM([[ 2261#include <string.h> 2262#include <openssl/opensslv.h> 2263 ]], [[ 2264 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2265 ]])], 2266 [ 2267 AC_MSG_RESULT([yes]) 2268 ], 2269 [ 2270 AC_MSG_RESULT([no]) 2271 if test "x$openssl_check_nonfatal" = "x"; then 2272 AC_MSG_ERROR([Your OpenSSL headers do not match your 2273library. Check config.log for details. 2274If you are sure your installation is consistent, you can disable the check 2275by running "./configure --without-openssl-header-check". 2276Also see contrib/findssl.sh for help identifying header/library mismatches. 2277]) 2278 else 2279 AC_MSG_WARN([Your OpenSSL headers do not match your 2280library. Check config.log for details. 2281Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2282 fi 2283 ], 2284 [ 2285 AC_MSG_WARN([cross compiling: not checking]) 2286 ] 2287) 2288 2289AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2290AC_LINK_IFELSE( 2291 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2292 [[ SSLeay_add_all_algorithms(); ]])], 2293 [ 2294 AC_MSG_RESULT([yes]) 2295 ], 2296 [ 2297 AC_MSG_RESULT([no]) 2298 saved_LIBS="$LIBS" 2299 LIBS="$LIBS -ldl" 2300 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2301 AC_LINK_IFELSE( 2302 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2303 [[ SSLeay_add_all_algorithms(); ]])], 2304 [ 2305 AC_MSG_RESULT([yes]) 2306 ], 2307 [ 2308 AC_MSG_RESULT([no]) 2309 LIBS="$saved_LIBS" 2310 ] 2311 ) 2312 ] 2313) 2314 2315AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init]) 2316 2317AC_ARG_WITH([ssl-engine], 2318 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2319 [ if test "x$withval" != "xno" ; then 2320 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2321 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2322#include <openssl/engine.h> 2323 ]], [[ 2324 ENGINE_load_builtin_engines(); 2325 ENGINE_register_all_complete(); 2326 ]])], 2327 [ AC_MSG_RESULT([yes]) 2328 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2329 [Enable OpenSSL engine support]) 2330 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2331 ]) 2332 fi ] 2333) 2334 2335# Check for OpenSSL without EVP_aes_{192,256}_cbc 2336AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2337AC_LINK_IFELSE( 2338 [AC_LANG_PROGRAM([[ 2339#include <string.h> 2340#include <openssl/evp.h> 2341 ]], [[ 2342 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2343 ]])], 2344 [ 2345 AC_MSG_RESULT([no]) 2346 ], 2347 [ 2348 AC_MSG_RESULT([yes]) 2349 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2350 [libcrypto is missing AES 192 and 256 bit functions]) 2351 ] 2352) 2353 2354# Check for OpenSSL with EVP_aes_*ctr 2355AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2356AC_LINK_IFELSE( 2357 [AC_LANG_PROGRAM([[ 2358#include <string.h> 2359#include <openssl/evp.h> 2360 ]], [[ 2361 exit(EVP_aes_128_ctr() == NULL || 2362 EVP_aes_192_cbc() == NULL || 2363 EVP_aes_256_cbc() == NULL); 2364 ]])], 2365 [ 2366 AC_MSG_RESULT([yes]) 2367 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2368 [libcrypto has EVP AES CTR]) 2369 ], 2370 [ 2371 AC_MSG_RESULT([no]) 2372 ] 2373) 2374 2375# Check for OpenSSL with EVP_aes_*gcm 2376AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2377AC_LINK_IFELSE( 2378 [AC_LANG_PROGRAM([[ 2379#include <string.h> 2380#include <openssl/evp.h> 2381 ]], [[ 2382 exit(EVP_aes_128_gcm() == NULL || 2383 EVP_aes_256_gcm() == NULL || 2384 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2385 EVP_CTRL_GCM_IV_GEN == 0 || 2386 EVP_CTRL_GCM_SET_TAG == 0 || 2387 EVP_CTRL_GCM_GET_TAG == 0 || 2388 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2389 ]])], 2390 [ 2391 AC_MSG_RESULT([yes]) 2392 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2393 [libcrypto has EVP AES GCM]) 2394 ], 2395 [ 2396 AC_MSG_RESULT([no]) 2397 unsupported_algorithms="$unsupported_cipers \ 2398 aes128-gcm@openssh.com aes256-gcm@openssh.com" 2399 ] 2400) 2401 2402AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2403 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2404 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2405 2406AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2407AC_LINK_IFELSE( 2408 [AC_LANG_PROGRAM([[ 2409#include <string.h> 2410#include <openssl/evp.h> 2411 ]], [[ 2412 if(EVP_DigestUpdate(NULL, NULL,0)) 2413 exit(0); 2414 ]])], 2415 [ 2416 AC_MSG_RESULT([yes]) 2417 ], 2418 [ 2419 AC_MSG_RESULT([no]) 2420 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2421 [Define if EVP_DigestUpdate returns void]) 2422 ] 2423) 2424 2425# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2426# because the system crypt() is more featureful. 2427if test "x$check_for_libcrypt_before" = "x1"; then 2428 AC_CHECK_LIB([crypt], [crypt]) 2429fi 2430 2431# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2432# version in OpenSSL. 2433if test "x$check_for_libcrypt_later" = "x1"; then 2434 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2435fi 2436AC_CHECK_FUNCS([crypt DES_crypt]) 2437 2438# Search for SHA256 support in libc and/or OpenSSL 2439AC_CHECK_FUNCS([SHA256_Update EVP_sha256], 2440 [TEST_SSH_SHA256=yes], 2441 [TEST_SSH_SHA256=no 2442 unsupported_algorithms="$unsupported_algorithms \ 2443 hmac-sha2-256 hmac-sha2-512 \ 2444 diffie-hellman-group-exchange-sha256 \ 2445 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 2446 ] 2447) 2448AC_SUBST([TEST_SSH_SHA256]) 2449 2450# Check complete ECC support in OpenSSL 2451AC_MSG_CHECKING([whether OpenSSL has complete ECC support]) 2452AC_LINK_IFELSE( 2453 [AC_LANG_PROGRAM([[ 2454#include <openssl/ec.h> 2455#include <openssl/ecdh.h> 2456#include <openssl/ecdsa.h> 2457#include <openssl/evp.h> 2458#include <openssl/objects.h> 2459#include <openssl/opensslv.h> 2460#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2461# error "OpenSSL < 0.9.8g has unreliable ECC code" 2462#endif 2463 ]], [[ 2464 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2465 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2466 ]])], 2467 [ 2468 AC_MSG_RESULT([yes]) 2469 AC_DEFINE([OPENSSL_HAS_ECC], [1], 2470 [libcrypto includes complete ECC support]) 2471 TEST_SSH_ECC=yes 2472 COMMENT_OUT_ECC="" 2473 ], 2474 [ 2475 AC_MSG_RESULT([no]) 2476 TEST_SSH_ECC=no 2477 COMMENT_OUT_ECC="#no ecc#" 2478 unsupported_algorithms="$unsupported_algorithms \ 2479 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \ 2480 ecdsa-sha2-nistp256-cert-v01@openssh.com \ 2481 ecdsa-sha2-nistp384-cert-v01@openssh.com \ 2482 ecdsa-sha2-nistp521-cert-v01@openssh.com \ 2483 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521" 2484 ] 2485) 2486AC_SUBST([TEST_SSH_ECC]) 2487AC_SUBST([COMMENT_OUT_ECC]) 2488 2489saved_LIBS="$LIBS" 2490AC_CHECK_LIB([iaf], [ia_openinfo], [ 2491 LIBS="$LIBS -liaf" 2492 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2493 AC_DEFINE([HAVE_LIBIAF], [1], 2494 [Define if system has libiaf that supports set_id]) 2495 ]) 2496]) 2497LIBS="$saved_LIBS" 2498 2499### Configure cryptographic random number support 2500 2501# Check wheter OpenSSL seeds itself 2502AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2503AC_RUN_IFELSE( 2504 [AC_LANG_PROGRAM([[ 2505#include <string.h> 2506#include <openssl/rand.h> 2507 ]], [[ 2508 exit(RAND_status() == 1 ? 0 : 1); 2509 ]])], 2510 [ 2511 OPENSSL_SEEDS_ITSELF=yes 2512 AC_MSG_RESULT([yes]) 2513 ], 2514 [ 2515 AC_MSG_RESULT([no]) 2516 ], 2517 [ 2518 AC_MSG_WARN([cross compiling: assuming yes]) 2519 # This is safe, since we will fatal() at runtime if 2520 # OpenSSL is not seeded correctly. 2521 OPENSSL_SEEDS_ITSELF=yes 2522 ] 2523) 2524 2525# PRNGD TCP socket 2526AC_ARG_WITH([prngd-port], 2527 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2528 [ 2529 case "$withval" in 2530 no) 2531 withval="" 2532 ;; 2533 [[0-9]]*) 2534 ;; 2535 *) 2536 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2537 ;; 2538 esac 2539 if test ! -z "$withval" ; then 2540 PRNGD_PORT="$withval" 2541 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2542 [Port number of PRNGD/EGD random number socket]) 2543 fi 2544 ] 2545) 2546 2547# PRNGD Unix domain socket 2548AC_ARG_WITH([prngd-socket], 2549 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2550 [ 2551 case "$withval" in 2552 yes) 2553 withval="/var/run/egd-pool" 2554 ;; 2555 no) 2556 withval="" 2557 ;; 2558 /*) 2559 ;; 2560 *) 2561 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2562 ;; 2563 esac 2564 2565 if test ! -z "$withval" ; then 2566 if test ! -z "$PRNGD_PORT" ; then 2567 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2568 fi 2569 if test ! -r "$withval" ; then 2570 AC_MSG_WARN([Entropy socket is not readable]) 2571 fi 2572 PRNGD_SOCKET="$withval" 2573 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2574 [Location of PRNGD/EGD random number socket]) 2575 fi 2576 ], 2577 [ 2578 # Check for existing socket only if we don't have a random device already 2579 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2580 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2581 # Insert other locations here 2582 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2583 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2584 PRNGD_SOCKET="$sock" 2585 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2586 break; 2587 fi 2588 done 2589 if test ! -z "$PRNGD_SOCKET" ; then 2590 AC_MSG_RESULT([$PRNGD_SOCKET]) 2591 else 2592 AC_MSG_RESULT([not found]) 2593 fi 2594 fi 2595 ] 2596) 2597 2598# Which randomness source do we use? 2599if test ! -z "$PRNGD_PORT" ; then 2600 RAND_MSG="PRNGd port $PRNGD_PORT" 2601elif test ! -z "$PRNGD_SOCKET" ; then 2602 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 2603elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 2604 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 2605 [Define if you want OpenSSL's internally seeded PRNG only]) 2606 RAND_MSG="OpenSSL internal ONLY" 2607else 2608 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 2609fi 2610 2611# Check for PAM libs 2612PAM_MSG="no" 2613AC_ARG_WITH([pam], 2614 [ --with-pam Enable PAM support ], 2615 [ 2616 if test "x$withval" != "xno" ; then 2617 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 2618 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 2619 AC_MSG_ERROR([PAM headers not found]) 2620 fi 2621 2622 saved_LIBS="$LIBS" 2623 AC_CHECK_LIB([dl], [dlopen], , ) 2624 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 2625 AC_CHECK_FUNCS([pam_getenvlist]) 2626 AC_CHECK_FUNCS([pam_putenv]) 2627 LIBS="$saved_LIBS" 2628 2629 PAM_MSG="yes" 2630 2631 SSHDLIBS="$SSHDLIBS -lpam" 2632 AC_DEFINE([USE_PAM], [1], 2633 [Define if you want to enable PAM support]) 2634 2635 if test $ac_cv_lib_dl_dlopen = yes; then 2636 case "$LIBS" in 2637 *-ldl*) 2638 # libdl already in LIBS 2639 ;; 2640 *) 2641 SSHDLIBS="$SSHDLIBS -ldl" 2642 ;; 2643 esac 2644 fi 2645 fi 2646 ] 2647) 2648 2649# Check for older PAM 2650if test "x$PAM_MSG" = "xyes" ; then 2651 # Check PAM strerror arguments (old PAM) 2652 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 2653 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2654#include <stdlib.h> 2655#if defined(HAVE_SECURITY_PAM_APPL_H) 2656#include <security/pam_appl.h> 2657#elif defined (HAVE_PAM_PAM_APPL_H) 2658#include <pam/pam_appl.h> 2659#endif 2660 ]], [[ 2661(void)pam_strerror((pam_handle_t *)NULL, -1); 2662 ]])], [AC_MSG_RESULT([no])], [ 2663 AC_DEFINE([HAVE_OLD_PAM], [1], 2664 [Define if you have an old version of PAM 2665 which takes only one argument to pam_strerror]) 2666 AC_MSG_RESULT([yes]) 2667 PAM_MSG="yes (old library)" 2668 2669 ]) 2670fi 2671 2672SSH_PRIVSEP_USER=sshd 2673AC_ARG_WITH([privsep-user], 2674 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 2675 [ 2676 if test -n "$withval" && test "x$withval" != "xno" && \ 2677 test "x${withval}" != "xyes"; then 2678 SSH_PRIVSEP_USER=$withval 2679 fi 2680 ] 2681) 2682AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 2683 [non-privileged user for privilege separation]) 2684AC_SUBST([SSH_PRIVSEP_USER]) 2685 2686if test "x$have_linux_no_new_privs" = "x1" ; then 2687AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 2688 #include <sys/types.h> 2689 #include <linux/seccomp.h> 2690]) 2691fi 2692if test "x$have_seccomp_filter" = "x1" ; then 2693AC_MSG_CHECKING([kernel for seccomp_filter support]) 2694AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 2695 #include <errno.h> 2696 #include <elf.h> 2697 #include <linux/audit.h> 2698 #include <linux/seccomp.h> 2699 #include <stdlib.h> 2700 #include <sys/prctl.h> 2701 ]], 2702 [[ int i = $seccomp_audit_arch; 2703 errno = 0; 2704 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 2705 exit(errno == EFAULT ? 0 : 1); ]])], 2706 [ AC_MSG_RESULT([yes]) ], [ 2707 AC_MSG_RESULT([no]) 2708 # Disable seccomp filter as a target 2709 have_seccomp_filter=0 2710 ] 2711) 2712fi 2713 2714# Decide which sandbox style to use 2715sandbox_arg="" 2716AC_ARG_WITH([sandbox], 2717 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)], 2718 [ 2719 if test "x$withval" = "xyes" ; then 2720 sandbox_arg="" 2721 else 2722 sandbox_arg="$withval" 2723 fi 2724 ] 2725) 2726 2727# Some platforms (seems to be the ones that have a kernel poll(2)-type 2728# function with which they implement select(2)) use an extra file descriptor 2729# when calling select(2), which means we can't use the rlimit sandbox. 2730AC_MSG_CHECKING([if select works with descriptor rlimit]) 2731AC_RUN_IFELSE( 2732 [AC_LANG_PROGRAM([[ 2733#include <sys/types.h> 2734#ifdef HAVE_SYS_TIME_H 2735# include <sys/time.h> 2736#endif 2737#include <sys/resource.h> 2738#ifdef HAVE_SYS_SELECT_H 2739# include <sys/select.h> 2740#endif 2741#include <errno.h> 2742#include <fcntl.h> 2743#include <stdlib.h> 2744 ]],[[ 2745 struct rlimit rl_zero; 2746 int fd, r; 2747 fd_set fds; 2748 struct timeval tv; 2749 2750 fd = open("/dev/null", O_RDONLY); 2751 FD_ZERO(&fds); 2752 FD_SET(fd, &fds); 2753 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 2754 setrlimit(RLIMIT_FSIZE, &rl_zero); 2755 setrlimit(RLIMIT_NOFILE, &rl_zero); 2756 tv.tv_sec = 1; 2757 tv.tv_usec = 0; 2758 r = select(fd+1, &fds, NULL, NULL, &tv); 2759 exit (r == -1 ? 1 : 0); 2760 ]])], 2761 [AC_MSG_RESULT([yes]) 2762 select_works_with_rlimit=yes], 2763 [AC_MSG_RESULT([no]) 2764 select_works_with_rlimit=no], 2765 [AC_MSG_WARN([cross compiling: assuming yes])] 2766) 2767 2768AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 2769AC_RUN_IFELSE( 2770 [AC_LANG_PROGRAM([[ 2771#include <sys/types.h> 2772#ifdef HAVE_SYS_TIME_H 2773# include <sys/time.h> 2774#endif 2775#include <sys/resource.h> 2776#include <errno.h> 2777#include <stdlib.h> 2778 ]],[[ 2779 struct rlimit rl_zero; 2780 int fd, r; 2781 fd_set fds; 2782 2783 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 2784 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 2785 exit (r == -1 ? 1 : 0); 2786 ]])], 2787 [AC_MSG_RESULT([yes]) 2788 rlimit_nofile_zero_works=yes], 2789 [AC_MSG_RESULT([no]) 2790 rlimit_nofile_zero_works=no], 2791 [AC_MSG_WARN([cross compiling: assuming yes])] 2792) 2793 2794AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 2795AC_RUN_IFELSE( 2796 [AC_LANG_PROGRAM([[ 2797#include <sys/types.h> 2798#include <sys/resource.h> 2799#include <stdlib.h> 2800 ]],[[ 2801 struct rlimit rl_zero; 2802 2803 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 2804 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 2805 ]])], 2806 [AC_MSG_RESULT([yes])], 2807 [AC_MSG_RESULT([no]) 2808 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 2809 [setrlimit RLIMIT_FSIZE works])], 2810 [AC_MSG_WARN([cross compiling: assuming yes])] 2811) 2812 2813if test "x$sandbox_arg" = "xsystrace" || \ 2814 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 2815 test "x$have_systr_policy_kill" != "x1" && \ 2816 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 2817 SANDBOX_STYLE="systrace" 2818 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 2819elif test "x$sandbox_arg" = "xdarwin" || \ 2820 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 2821 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 2822 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 2823 "x$ac_cv_header_sandbox_h" != "xyes" && \ 2824 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 2825 SANDBOX_STYLE="darwin" 2826 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 2827elif test "x$sandbox_arg" = "xseccomp_filter" || \ 2828 ( test -z "$sandbox_arg" && \ 2829 test "x$have_seccomp_filter" = "x1" && \ 2830 test "x$ac_cv_header_elf_h" = "xyes" && \ 2831 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 2832 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 2833 test "x$seccomp_audit_arch" != "x" && \ 2834 test "x$have_linux_no_new_privs" = "x1" && \ 2835 test "x$ac_cv_func_prctl" = "xyes" ) ; then 2836 test "x$seccomp_audit_arch" = "x" && \ 2837 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 2838 test "x$have_linux_no_new_privs" != "x1" && \ 2839 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 2840 test "x$have_seccomp_filter" != "x1" && \ 2841 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 2842 test "x$ac_cv_func_prctl" != "xyes" && \ 2843 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 2844 SANDBOX_STYLE="seccomp_filter" 2845 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 2846elif test "x$sandbox_arg" = "xrlimit" || \ 2847 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 2848 test "x$select_works_with_rlimit" = "xyes" && \ 2849 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 2850 test "x$ac_cv_func_setrlimit" != "xyes" && \ 2851 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 2852 test "x$select_works_with_rlimit" != "xyes" && \ 2853 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 2854 SANDBOX_STYLE="rlimit" 2855 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 2856elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 2857 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 2858 SANDBOX_STYLE="none" 2859 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 2860else 2861 AC_MSG_ERROR([unsupported --with-sandbox]) 2862fi 2863 2864# Cheap hack to ensure NEWS-OS libraries are arranged right. 2865if test ! -z "$SONY" ; then 2866 LIBS="$LIBS -liberty"; 2867fi 2868 2869# Check for long long datatypes 2870AC_CHECK_TYPES([long long, unsigned long long, long double]) 2871 2872# Check datatype sizes 2873AC_CHECK_SIZEOF([short int], [2]) 2874AC_CHECK_SIZEOF([int], [4]) 2875AC_CHECK_SIZEOF([long int], [4]) 2876AC_CHECK_SIZEOF([long long int], [8]) 2877 2878# Sanity check long long for some platforms (AIX) 2879if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 2880 ac_cv_sizeof_long_long_int=0 2881fi 2882 2883# compute LLONG_MIN and LLONG_MAX if we don't know them. 2884if test -z "$have_llong_max"; then 2885 AC_MSG_CHECKING([for max value of long long]) 2886 AC_RUN_IFELSE( 2887 [AC_LANG_PROGRAM([[ 2888#include <stdio.h> 2889/* Why is this so damn hard? */ 2890#ifdef __GNUC__ 2891# undef __GNUC__ 2892#endif 2893#define __USE_ISOC99 2894#include <limits.h> 2895#define DATA "conftest.llminmax" 2896#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 2897 2898/* 2899 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 2900 * we do this the hard way. 2901 */ 2902static int 2903fprint_ll(FILE *f, long long n) 2904{ 2905 unsigned int i; 2906 int l[sizeof(long long) * 8]; 2907 2908 if (n < 0) 2909 if (fprintf(f, "-") < 0) 2910 return -1; 2911 for (i = 0; n != 0; i++) { 2912 l[i] = my_abs(n % 10); 2913 n /= 10; 2914 } 2915 do { 2916 if (fprintf(f, "%d", l[--i]) < 0) 2917 return -1; 2918 } while (i != 0); 2919 if (fprintf(f, " ") < 0) 2920 return -1; 2921 return 0; 2922} 2923 ]], [[ 2924 FILE *f; 2925 long long i, llmin, llmax = 0; 2926 2927 if((f = fopen(DATA,"w")) == NULL) 2928 exit(1); 2929 2930#if defined(LLONG_MIN) && defined(LLONG_MAX) 2931 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 2932 llmin = LLONG_MIN; 2933 llmax = LLONG_MAX; 2934#else 2935 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 2936 /* This will work on one's complement and two's complement */ 2937 for (i = 1; i > llmax; i <<= 1, i++) 2938 llmax = i; 2939 llmin = llmax + 1LL; /* wrap */ 2940#endif 2941 2942 /* Sanity check */ 2943 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 2944 || llmax - 1 > llmax || llmin == llmax || llmin == 0 2945 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 2946 fprintf(f, "unknown unknown\n"); 2947 exit(2); 2948 } 2949 2950 if (fprint_ll(f, llmin) < 0) 2951 exit(3); 2952 if (fprint_ll(f, llmax) < 0) 2953 exit(4); 2954 if (fclose(f) < 0) 2955 exit(5); 2956 exit(0); 2957 ]])], 2958 [ 2959 llong_min=`$AWK '{print $1}' conftest.llminmax` 2960 llong_max=`$AWK '{print $2}' conftest.llminmax` 2961 2962 AC_MSG_RESULT([$llong_max]) 2963 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 2964 [max value of long long calculated by configure]) 2965 AC_MSG_CHECKING([for min value of long long]) 2966 AC_MSG_RESULT([$llong_min]) 2967 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 2968 [min value of long long calculated by configure]) 2969 ], 2970 [ 2971 AC_MSG_RESULT([not found]) 2972 ], 2973 [ 2974 AC_MSG_WARN([cross compiling: not checking]) 2975 ] 2976 ) 2977fi 2978 2979 2980# More checks for data types 2981AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 2982 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 2983 [[ u_int a; a = 1;]])], 2984 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 2985 ]) 2986]) 2987if test "x$ac_cv_have_u_int" = "xyes" ; then 2988 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 2989 have_u_int=1 2990fi 2991 2992AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 2993 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 2994 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 2995 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 2996 ]) 2997]) 2998if test "x$ac_cv_have_intxx_t" = "xyes" ; then 2999 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3000 have_intxx_t=1 3001fi 3002 3003if (test -z "$have_intxx_t" && \ 3004 test "x$ac_cv_header_stdint_h" = "xyes") 3005then 3006 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3007 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3008 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3009 [ 3010 AC_DEFINE([HAVE_INTXX_T]) 3011 AC_MSG_RESULT([yes]) 3012 ], [ AC_MSG_RESULT([no]) 3013 ]) 3014fi 3015 3016AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3017 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3018#include <sys/types.h> 3019#ifdef HAVE_STDINT_H 3020# include <stdint.h> 3021#endif 3022#include <sys/socket.h> 3023#ifdef HAVE_SYS_BITYPES_H 3024# include <sys/bitypes.h> 3025#endif 3026 ]], [[ 3027int64_t a; a = 1; 3028 ]])], 3029 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3030 ]) 3031]) 3032if test "x$ac_cv_have_int64_t" = "xyes" ; then 3033 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3034fi 3035 3036AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3037 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3038 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3039 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3040 ]) 3041]) 3042if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3043 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3044 have_u_intxx_t=1 3045fi 3046 3047if test -z "$have_u_intxx_t" ; then 3048 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3049 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3050 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3051 [ 3052 AC_DEFINE([HAVE_U_INTXX_T]) 3053 AC_MSG_RESULT([yes]) 3054 ], [ AC_MSG_RESULT([no]) 3055 ]) 3056fi 3057 3058AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3059 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3060 [[ u_int64_t a; a = 1;]])], 3061 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3062 ]) 3063]) 3064if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3065 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3066 have_u_int64_t=1 3067fi 3068 3069if test -z "$have_u_int64_t" ; then 3070 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3071 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3072 [[ u_int64_t a; a = 1]])], 3073 [ 3074 AC_DEFINE([HAVE_U_INT64_T]) 3075 AC_MSG_RESULT([yes]) 3076 ], [ AC_MSG_RESULT([no]) 3077 ]) 3078fi 3079 3080if test -z "$have_u_intxx_t" ; then 3081 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3082 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3083#include <sys/types.h> 3084 ]], [[ 3085 uint8_t a; 3086 uint16_t b; 3087 uint32_t c; 3088 a = b = c = 1; 3089 ]])], 3090 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3091 ]) 3092 ]) 3093 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3094 AC_DEFINE([HAVE_UINTXX_T], [1], 3095 [define if you have uintxx_t data type]) 3096 fi 3097fi 3098 3099if test -z "$have_uintxx_t" ; then 3100 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3101 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3102 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3103 [ 3104 AC_DEFINE([HAVE_UINTXX_T]) 3105 AC_MSG_RESULT([yes]) 3106 ], [ AC_MSG_RESULT([no]) 3107 ]) 3108fi 3109 3110if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3111 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3112then 3113 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3114 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3115#include <sys/bitypes.h> 3116 ]], [[ 3117 int8_t a; int16_t b; int32_t c; 3118 u_int8_t e; u_int16_t f; u_int32_t g; 3119 a = b = c = e = f = g = 1; 3120 ]])], 3121 [ 3122 AC_DEFINE([HAVE_U_INTXX_T]) 3123 AC_DEFINE([HAVE_INTXX_T]) 3124 AC_MSG_RESULT([yes]) 3125 ], [AC_MSG_RESULT([no]) 3126 ]) 3127fi 3128 3129 3130AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3131 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3132 [[ u_char foo; foo = 125; ]])], 3133 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3134 ]) 3135]) 3136if test "x$ac_cv_have_u_char" = "xyes" ; then 3137 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3138fi 3139 3140TYPE_SOCKLEN_T 3141 3142AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3143AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3144#include <sys/types.h> 3145#ifdef HAVE_SYS_BITYPES_H 3146#include <sys/bitypes.h> 3147#endif 3148#ifdef HAVE_SYS_STATFS_H 3149#include <sys/statfs.h> 3150#endif 3151#ifdef HAVE_SYS_STATVFS_H 3152#include <sys/statvfs.h> 3153#endif 3154]) 3155 3156AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3157[#include <sys/types.h> 3158#include <netinet/in.h>]) 3159 3160AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3161 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3162 [[ size_t foo; foo = 1235; ]])], 3163 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3164 ]) 3165]) 3166if test "x$ac_cv_have_size_t" = "xyes" ; then 3167 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3168fi 3169 3170AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3171 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3172 [[ ssize_t foo; foo = 1235; ]])], 3173 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3174 ]) 3175]) 3176if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3177 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3178fi 3179 3180AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3181 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3182 [[ clock_t foo; foo = 1235; ]])], 3183 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3184 ]) 3185]) 3186if test "x$ac_cv_have_clock_t" = "xyes" ; then 3187 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3188fi 3189 3190AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3191 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3192#include <sys/types.h> 3193#include <sys/socket.h> 3194 ]], [[ sa_family_t foo; foo = 1235; ]])], 3195 [ ac_cv_have_sa_family_t="yes" ], 3196 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3197#include <sys/types.h> 3198#include <sys/socket.h> 3199#include <netinet/in.h> 3200 ]], [[ sa_family_t foo; foo = 1235; ]])], 3201 [ ac_cv_have_sa_family_t="yes" ], 3202 [ ac_cv_have_sa_family_t="no" ] 3203 ) 3204 ]) 3205]) 3206if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3207 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3208 [define if you have sa_family_t data type]) 3209fi 3210 3211AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3212 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3213 [[ pid_t foo; foo = 1235; ]])], 3214 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3215 ]) 3216]) 3217if test "x$ac_cv_have_pid_t" = "xyes" ; then 3218 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3219fi 3220 3221AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3222 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3223 [[ mode_t foo; foo = 1235; ]])], 3224 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3225 ]) 3226]) 3227if test "x$ac_cv_have_mode_t" = "xyes" ; then 3228 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3229fi 3230 3231 3232AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3233 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3234#include <sys/types.h> 3235#include <sys/socket.h> 3236 ]], [[ struct sockaddr_storage s; ]])], 3237 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3238 [ ac_cv_have_struct_sockaddr_storage="no" 3239 ]) 3240]) 3241if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3242 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3243 [define if you have struct sockaddr_storage data type]) 3244fi 3245 3246AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3247 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3248#include <sys/types.h> 3249#include <netinet/in.h> 3250 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3251 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3252 [ ac_cv_have_struct_sockaddr_in6="no" 3253 ]) 3254]) 3255if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3256 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3257 [define if you have struct sockaddr_in6 data type]) 3258fi 3259 3260AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3261 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3262#include <sys/types.h> 3263#include <netinet/in.h> 3264 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3265 [ ac_cv_have_struct_in6_addr="yes" ], 3266 [ ac_cv_have_struct_in6_addr="no" 3267 ]) 3268]) 3269if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3270 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3271 [define if you have struct in6_addr data type]) 3272 3273dnl Now check for sin6_scope_id 3274 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3275 [ 3276#ifdef HAVE_SYS_TYPES_H 3277#include <sys/types.h> 3278#endif 3279#include <netinet/in.h> 3280 ]) 3281fi 3282 3283AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3284 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3285#include <sys/types.h> 3286#include <sys/socket.h> 3287#include <netdb.h> 3288 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3289 [ ac_cv_have_struct_addrinfo="yes" ], 3290 [ ac_cv_have_struct_addrinfo="no" 3291 ]) 3292]) 3293if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3294 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3295 [define if you have struct addrinfo data type]) 3296fi 3297 3298AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3299 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3300 [[ struct timeval tv; tv.tv_sec = 1;]])], 3301 [ ac_cv_have_struct_timeval="yes" ], 3302 [ ac_cv_have_struct_timeval="no" 3303 ]) 3304]) 3305if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3306 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3307 have_struct_timeval=1 3308fi 3309 3310AC_CHECK_TYPES([struct timespec]) 3311 3312# We need int64_t or else certian parts of the compile will fail. 3313if test "x$ac_cv_have_int64_t" = "xno" && \ 3314 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3315 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3316 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3317 echo "an alternative compiler (I.E., GCC) before continuing." 3318 echo "" 3319 exit 1; 3320else 3321dnl test snprintf (broken on SCO w/gcc) 3322 AC_RUN_IFELSE( 3323 [AC_LANG_SOURCE([[ 3324#include <stdio.h> 3325#include <string.h> 3326#ifdef HAVE_SNPRINTF 3327main() 3328{ 3329 char buf[50]; 3330 char expected_out[50]; 3331 int mazsize = 50 ; 3332#if (SIZEOF_LONG_INT == 8) 3333 long int num = 0x7fffffffffffffff; 3334#else 3335 long long num = 0x7fffffffffffffffll; 3336#endif 3337 strcpy(expected_out, "9223372036854775807"); 3338 snprintf(buf, mazsize, "%lld", num); 3339 if(strcmp(buf, expected_out) != 0) 3340 exit(1); 3341 exit(0); 3342} 3343#else 3344main() { exit(0); } 3345#endif 3346 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3347 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3348 ) 3349fi 3350 3351dnl Checks for structure members 3352OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3353OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3354OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3355OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3356OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3357OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3358OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3359OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3360OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3361OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3362OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3363OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3364OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3365OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3366OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3367OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3368OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3369 3370AC_CHECK_MEMBERS([struct stat.st_blksize]) 3371AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3372struct passwd.pw_change, struct passwd.pw_expire], 3373[], [], [[ 3374#include <sys/types.h> 3375#include <pwd.h> 3376]]) 3377 3378AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3379 [Define if we don't have struct __res_state in resolv.h])], 3380[[ 3381#include <stdio.h> 3382#if HAVE_SYS_TYPES_H 3383# include <sys/types.h> 3384#endif 3385#include <netinet/in.h> 3386#include <arpa/nameser.h> 3387#include <resolv.h> 3388]]) 3389 3390AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3391 ac_cv_have_ss_family_in_struct_ss, [ 3392 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3393#include <sys/types.h> 3394#include <sys/socket.h> 3395 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3396 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3397 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3398]) 3399if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3400 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3401fi 3402 3403AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3404 ac_cv_have___ss_family_in_struct_ss, [ 3405 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3406#include <sys/types.h> 3407#include <sys/socket.h> 3408 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3409 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3410 [ ac_cv_have___ss_family_in_struct_ss="no" 3411 ]) 3412]) 3413if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3414 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3415 [Fields in struct sockaddr_storage]) 3416fi 3417 3418dnl make sure we're using the real structure members and not defines 3419AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3420 ac_cv_have_accrights_in_msghdr, [ 3421 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3422#include <sys/types.h> 3423#include <sys/socket.h> 3424#include <sys/uio.h> 3425 ]], [[ 3426#ifdef msg_accrights 3427#error "msg_accrights is a macro" 3428exit(1); 3429#endif 3430struct msghdr m; 3431m.msg_accrights = 0; 3432exit(0); 3433 ]])], 3434 [ ac_cv_have_accrights_in_msghdr="yes" ], 3435 [ ac_cv_have_accrights_in_msghdr="no" ] 3436 ) 3437]) 3438if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3439 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3440 [Define if your system uses access rights style 3441 file descriptor passing]) 3442fi 3443 3444AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3445AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3446#include <sys/param.h> 3447#include <sys/stat.h> 3448#ifdef HAVE_SYS_TIME_H 3449# include <sys/time.h> 3450#endif 3451#ifdef HAVE_SYS_MOUNT_H 3452#include <sys/mount.h> 3453#endif 3454#ifdef HAVE_SYS_STATVFS_H 3455#include <sys/statvfs.h> 3456#endif 3457 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3458 [ AC_MSG_RESULT([yes]) ], 3459 [ AC_MSG_RESULT([no]) 3460 3461 AC_MSG_CHECKING([if fsid_t has member val]) 3462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3463#include <sys/types.h> 3464#include <sys/statvfs.h> 3465 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3466 [ AC_MSG_RESULT([yes]) 3467 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3468 [ AC_MSG_RESULT([no]) ]) 3469 3470 AC_MSG_CHECKING([if f_fsid has member __val]) 3471 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3472#include <sys/types.h> 3473#include <sys/statvfs.h> 3474 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3475 [ AC_MSG_RESULT([yes]) 3476 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3477 [ AC_MSG_RESULT([no]) ]) 3478]) 3479 3480AC_CACHE_CHECK([for msg_control field in struct msghdr], 3481 ac_cv_have_control_in_msghdr, [ 3482 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3483#include <sys/types.h> 3484#include <sys/socket.h> 3485#include <sys/uio.h> 3486 ]], [[ 3487#ifdef msg_control 3488#error "msg_control is a macro" 3489exit(1); 3490#endif 3491struct msghdr m; 3492m.msg_control = 0; 3493exit(0); 3494 ]])], 3495 [ ac_cv_have_control_in_msghdr="yes" ], 3496 [ ac_cv_have_control_in_msghdr="no" ] 3497 ) 3498]) 3499if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3500 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3501 [Define if your system uses ancillary data style 3502 file descriptor passing]) 3503fi 3504 3505AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3506 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3507 [[ extern char *__progname; printf("%s", __progname); ]])], 3508 [ ac_cv_libc_defines___progname="yes" ], 3509 [ ac_cv_libc_defines___progname="no" 3510 ]) 3511]) 3512if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3513 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3514fi 3515 3516AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3517 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3518 [[ printf("%s", __FUNCTION__); ]])], 3519 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3520 [ ac_cv_cc_implements___FUNCTION__="no" 3521 ]) 3522]) 3523if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 3524 AC_DEFINE([HAVE___FUNCTION__], [1], 3525 [Define if compiler implements __FUNCTION__]) 3526fi 3527 3528AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 3529 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3530 [[ printf("%s", __func__); ]])], 3531 [ ac_cv_cc_implements___func__="yes" ], 3532 [ ac_cv_cc_implements___func__="no" 3533 ]) 3534]) 3535if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 3536 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 3537fi 3538 3539AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 3540 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3541#include <stdarg.h> 3542va_list x,y; 3543 ]], [[ va_copy(x,y); ]])], 3544 [ ac_cv_have_va_copy="yes" ], 3545 [ ac_cv_have_va_copy="no" 3546 ]) 3547]) 3548if test "x$ac_cv_have_va_copy" = "xyes" ; then 3549 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 3550fi 3551 3552AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 3553 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3554#include <stdarg.h> 3555va_list x,y; 3556 ]], [[ __va_copy(x,y); ]])], 3557 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 3558 ]) 3559]) 3560if test "x$ac_cv_have___va_copy" = "xyes" ; then 3561 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 3562fi 3563 3564AC_CACHE_CHECK([whether getopt has optreset support], 3565 ac_cv_have_getopt_optreset, [ 3566 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 3567 [[ extern int optreset; optreset = 0; ]])], 3568 [ ac_cv_have_getopt_optreset="yes" ], 3569 [ ac_cv_have_getopt_optreset="no" 3570 ]) 3571]) 3572if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 3573 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 3574 [Define if your getopt(3) defines and uses optreset]) 3575fi 3576 3577AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 3578 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3579[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 3580 [ ac_cv_libc_defines_sys_errlist="yes" ], 3581 [ ac_cv_libc_defines_sys_errlist="no" 3582 ]) 3583]) 3584if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 3585 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 3586 [Define if your system defines sys_errlist[]]) 3587fi 3588 3589 3590AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 3591 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3592[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 3593 [ ac_cv_libc_defines_sys_nerr="yes" ], 3594 [ ac_cv_libc_defines_sys_nerr="no" 3595 ]) 3596]) 3597if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 3598 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 3599fi 3600 3601# Check libraries needed by DNS fingerprint support 3602AC_SEARCH_LIBS([getrrsetbyname], [resolv], 3603 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 3604 [Define if getrrsetbyname() exists])], 3605 [ 3606 # Needed by our getrrsetbyname() 3607 AC_SEARCH_LIBS([res_query], [resolv]) 3608 AC_SEARCH_LIBS([dn_expand], [resolv]) 3609 AC_MSG_CHECKING([if res_query will link]) 3610 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3611#include <sys/types.h> 3612#include <netinet/in.h> 3613#include <arpa/nameser.h> 3614#include <netdb.h> 3615#include <resolv.h> 3616 ]], [[ 3617 res_query (0, 0, 0, 0, 0); 3618 ]])], 3619 AC_MSG_RESULT([yes]), 3620 [AC_MSG_RESULT([no]) 3621 saved_LIBS="$LIBS" 3622 LIBS="$LIBS -lresolv" 3623 AC_MSG_CHECKING([for res_query in -lresolv]) 3624 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3625#include <sys/types.h> 3626#include <netinet/in.h> 3627#include <arpa/nameser.h> 3628#include <netdb.h> 3629#include <resolv.h> 3630 ]], [[ 3631 res_query (0, 0, 0, 0, 0); 3632 ]])], 3633 [AC_MSG_RESULT([yes])], 3634 [LIBS="$saved_LIBS" 3635 AC_MSG_RESULT([no])]) 3636 ]) 3637 AC_CHECK_FUNCS([_getshort _getlong]) 3638 AC_CHECK_DECLS([_getshort, _getlong], , , 3639 [#include <sys/types.h> 3640 #include <arpa/nameser.h>]) 3641 AC_CHECK_MEMBER([HEADER.ad], 3642 [AC_DEFINE([HAVE_HEADER_AD], [1], 3643 [Define if HEADER.ad exists in arpa/nameser.h])], , 3644 [#include <arpa/nameser.h>]) 3645 ]) 3646 3647AC_MSG_CHECKING([if struct __res_state _res is an extern]) 3648AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3649#include <stdio.h> 3650#if HAVE_SYS_TYPES_H 3651# include <sys/types.h> 3652#endif 3653#include <netinet/in.h> 3654#include <arpa/nameser.h> 3655#include <resolv.h> 3656extern struct __res_state _res; 3657 ]], [[ ]])], 3658 [AC_MSG_RESULT([yes]) 3659 AC_DEFINE([HAVE__RES_EXTERN], [1], 3660 [Define if you have struct __res_state _res as an extern]) 3661 ], 3662 [ AC_MSG_RESULT([no]) ] 3663) 3664 3665# Check whether user wants SELinux support 3666SELINUX_MSG="no" 3667LIBSELINUX="" 3668AC_ARG_WITH([selinux], 3669 [ --with-selinux Enable SELinux support], 3670 [ if test "x$withval" != "xno" ; then 3671 save_LIBS="$LIBS" 3672 AC_DEFINE([WITH_SELINUX], [1], 3673 [Define if you want SELinux support.]) 3674 SELINUX_MSG="yes" 3675 AC_CHECK_HEADER([selinux/selinux.h], , 3676 AC_MSG_ERROR([SELinux support requires selinux.h header])) 3677 AC_CHECK_LIB([selinux], [setexeccon], 3678 [ LIBSELINUX="-lselinux" 3679 LIBS="$LIBS -lselinux" 3680 ], 3681 AC_MSG_ERROR([SELinux support requires libselinux library])) 3682 SSHLIBS="$SSHLIBS $LIBSELINUX" 3683 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 3684 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 3685 LIBS="$save_LIBS" 3686 fi ] 3687) 3688AC_SUBST([SSHLIBS]) 3689AC_SUBST([SSHDLIBS]) 3690 3691# Check whether user wants Kerberos 5 support 3692KRB5_MSG="no" 3693AC_ARG_WITH([kerberos5], 3694 [ --with-kerberos5=PATH Enable Kerberos 5 support], 3695 [ if test "x$withval" != "xno" ; then 3696 if test "x$withval" = "xyes" ; then 3697 KRB5ROOT="/usr/local" 3698 else 3699 KRB5ROOT=${withval} 3700 fi 3701 3702 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 3703 KRB5_MSG="yes" 3704 3705 AC_PATH_PROG([KRB5CONF], [krb5-config], 3706 [$KRB5ROOT/bin/krb5-config], 3707 [$KRB5ROOT/bin:$PATH]) 3708 if test -x $KRB5CONF ; then 3709 K5CFLAGS="`$KRB5CONF --cflags`" 3710 K5LIBS="`$KRB5CONF --libs`" 3711 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 3712 3713 AC_MSG_CHECKING([for gssapi support]) 3714 if $KRB5CONF | grep gssapi >/dev/null ; then 3715 AC_MSG_RESULT([yes]) 3716 AC_DEFINE([GSSAPI], [1], 3717 [Define this if you want GSSAPI 3718 support in the version 2 protocol]) 3719 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 3720 GSSLIBS="`$KRB5CONF --libs gssapi`" 3721 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 3722 else 3723 AC_MSG_RESULT([no]) 3724 fi 3725 AC_MSG_CHECKING([whether we are using Heimdal]) 3726 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 3727 ]], [[ char *tmp = heimdal_version; ]])], 3728 [ AC_MSG_RESULT([yes]) 3729 AC_DEFINE([HEIMDAL], [1], 3730 [Define this if you are using the Heimdal 3731 version of Kerberos V5]) ], 3732 [AC_MSG_RESULT([no]) 3733 ]) 3734 else 3735 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 3736 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 3737 AC_MSG_CHECKING([whether we are using Heimdal]) 3738 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 3739 ]], [[ char *tmp = heimdal_version; ]])], 3740 [ AC_MSG_RESULT([yes]) 3741 AC_DEFINE([HEIMDAL]) 3742 K5LIBS="-lkrb5" 3743 K5LIBS="$K5LIBS -lcom_err -lasn1" 3744 AC_CHECK_LIB([roken], [net_write], 3745 [K5LIBS="$K5LIBS -lroken"]) 3746 AC_CHECK_LIB([des], [des_cbc_encrypt], 3747 [K5LIBS="$K5LIBS -ldes"]) 3748 ], [ AC_MSG_RESULT([no]) 3749 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 3750 3751 ]) 3752 AC_SEARCH_LIBS([dn_expand], [resolv]) 3753 3754 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 3755 [ AC_DEFINE([GSSAPI]) 3756 GSSLIBS="-lgssapi_krb5" ], 3757 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 3758 [ AC_DEFINE([GSSAPI]) 3759 GSSLIBS="-lgssapi" ], 3760 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 3761 [ AC_DEFINE([GSSAPI]) 3762 GSSLIBS="-lgss" ], 3763 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 3764 ]) 3765 ]) 3766 3767 AC_CHECK_HEADER([gssapi.h], , 3768 [ unset ac_cv_header_gssapi_h 3769 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 3770 AC_CHECK_HEADERS([gssapi.h], , 3771 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 3772 ) 3773 ] 3774 ) 3775 3776 oldCPP="$CPPFLAGS" 3777 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 3778 AC_CHECK_HEADER([gssapi_krb5.h], , 3779 [ CPPFLAGS="$oldCPP" ]) 3780 3781 fi 3782 if test ! -z "$need_dash_r" ; then 3783 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 3784 fi 3785 if test ! -z "$blibpath" ; then 3786 blibpath="$blibpath:${KRB5ROOT}/lib" 3787 fi 3788 3789 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 3790 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 3791 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 3792 3793 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 3794 [Define this if you want to use libkafs' AFS support])]) 3795 3796 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 3797#ifdef HAVE_GSSAPI_H 3798# include <gssapi.h> 3799#elif defined(HAVE_GSSAPI_GSSAPI_H) 3800# include <gssapi/gssapi.h> 3801#endif 3802 3803#ifdef HAVE_GSSAPI_GENERIC_H 3804# include <gssapi_generic.h> 3805#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 3806# include <gssapi/gssapi_generic.h> 3807#endif 3808 ]]) 3809 saved_LIBS="$LIBS" 3810 LIBS="$LIBS $K5LIBS" 3811 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 3812 LIBS="$saved_LIBS" 3813 3814 fi 3815 ] 3816) 3817AC_SUBST([GSSLIBS]) 3818AC_SUBST([K5LIBS]) 3819 3820# Looking for programs, paths and files 3821 3822PRIVSEP_PATH=/var/empty 3823AC_ARG_WITH([privsep-path], 3824 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 3825 [ 3826 if test -n "$withval" && test "x$withval" != "xno" && \ 3827 test "x${withval}" != "xyes"; then 3828 PRIVSEP_PATH=$withval 3829 fi 3830 ] 3831) 3832AC_SUBST([PRIVSEP_PATH]) 3833 3834AC_ARG_WITH([xauth], 3835 [ --with-xauth=PATH Specify path to xauth program ], 3836 [ 3837 if test -n "$withval" && test "x$withval" != "xno" && \ 3838 test "x${withval}" != "xyes"; then 3839 xauth_path=$withval 3840 fi 3841 ], 3842 [ 3843 TestPath="$PATH" 3844 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 3845 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 3846 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 3847 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 3848 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 3849 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 3850 xauth_path="/usr/openwin/bin/xauth" 3851 fi 3852 ] 3853) 3854 3855STRIP_OPT=-s 3856AC_ARG_ENABLE([strip], 3857 [ --disable-strip Disable calling strip(1) on install], 3858 [ 3859 if test "x$enableval" = "xno" ; then 3860 STRIP_OPT= 3861 fi 3862 ] 3863) 3864AC_SUBST([STRIP_OPT]) 3865 3866if test -z "$xauth_path" ; then 3867 XAUTH_PATH="undefined" 3868 AC_SUBST([XAUTH_PATH]) 3869else 3870 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 3871 [Define if xauth is found in your path]) 3872 XAUTH_PATH=$xauth_path 3873 AC_SUBST([XAUTH_PATH]) 3874fi 3875 3876dnl # --with-maildir=/path/to/mail gets top priority. 3877dnl # if maildir is set in the platform case statement above we use that. 3878dnl # Otherwise we run a program to get the dir from system headers. 3879dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 3880dnl # If we find _PATH_MAILDIR we do nothing because that is what 3881dnl # session.c expects anyway. Otherwise we set to the value found 3882dnl # stripping any trailing slash. If for some strage reason our program 3883dnl # does not find what it needs, we default to /var/spool/mail. 3884# Check for mail directory 3885AC_ARG_WITH([maildir], 3886 [ --with-maildir=/path/to/mail Specify your system mail directory], 3887 [ 3888 if test "X$withval" != X && test "x$withval" != xno && \ 3889 test "x${withval}" != xyes; then 3890 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 3891 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 3892 fi 3893 ],[ 3894 if test "X$maildir" != "X"; then 3895 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 3896 else 3897 AC_MSG_CHECKING([Discovering system mail directory]) 3898 AC_RUN_IFELSE( 3899 [AC_LANG_PROGRAM([[ 3900#include <stdio.h> 3901#include <string.h> 3902#ifdef HAVE_PATHS_H 3903#include <paths.h> 3904#endif 3905#ifdef HAVE_MAILLOCK_H 3906#include <maillock.h> 3907#endif 3908#define DATA "conftest.maildir" 3909 ]], [[ 3910 FILE *fd; 3911 int rc; 3912 3913 fd = fopen(DATA,"w"); 3914 if(fd == NULL) 3915 exit(1); 3916 3917#if defined (_PATH_MAILDIR) 3918 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 3919 exit(1); 3920#elif defined (MAILDIR) 3921 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 3922 exit(1); 3923#elif defined (_PATH_MAIL) 3924 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 3925 exit(1); 3926#else 3927 exit (2); 3928#endif 3929 3930 exit(0); 3931 ]])], 3932 [ 3933 maildir_what=`awk -F: '{print $1}' conftest.maildir` 3934 maildir=`awk -F: '{print $2}' conftest.maildir \ 3935 | sed 's|/$||'` 3936 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 3937 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 3938 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 3939 fi 3940 ], 3941 [ 3942 if test "X$ac_status" = "X2";then 3943# our test program didn't find it. Default to /var/spool/mail 3944 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 3945 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 3946 else 3947 AC_MSG_RESULT([*** not found ***]) 3948 fi 3949 ], 3950 [ 3951 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 3952 ] 3953 ) 3954 fi 3955 ] 3956) # maildir 3957 3958if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 3959 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 3960 disable_ptmx_check=yes 3961fi 3962if test -z "$no_dev_ptmx" ; then 3963 if test "x$disable_ptmx_check" != "xyes" ; then 3964 AC_CHECK_FILE(["/dev/ptmx"], 3965 [ 3966 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 3967 [Define if you have /dev/ptmx]) 3968 have_dev_ptmx=1 3969 ] 3970 ) 3971 fi 3972fi 3973 3974if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 3975 AC_CHECK_FILE(["/dev/ptc"], 3976 [ 3977 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 3978 [Define if you have /dev/ptc]) 3979 have_dev_ptc=1 3980 ] 3981 ) 3982else 3983 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 3984fi 3985 3986# Options from here on. Some of these are preset by platform above 3987AC_ARG_WITH([mantype], 3988 [ --with-mantype=man|cat|doc Set man page type], 3989 [ 3990 case "$withval" in 3991 man|cat|doc) 3992 MANTYPE=$withval 3993 ;; 3994 *) 3995 AC_MSG_ERROR([invalid man type: $withval]) 3996 ;; 3997 esac 3998 ] 3999) 4000if test -z "$MANTYPE"; then 4001 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4002 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4003 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4004 MANTYPE=doc 4005 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4006 MANTYPE=man 4007 else 4008 MANTYPE=cat 4009 fi 4010fi 4011AC_SUBST([MANTYPE]) 4012if test "$MANTYPE" = "doc"; then 4013 mansubdir=man; 4014else 4015 mansubdir=$MANTYPE; 4016fi 4017AC_SUBST([mansubdir]) 4018 4019# Check whether to enable MD5 passwords 4020MD5_MSG="no" 4021AC_ARG_WITH([md5-passwords], 4022 [ --with-md5-passwords Enable use of MD5 passwords], 4023 [ 4024 if test "x$withval" != "xno" ; then 4025 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4026 [Define if you want to allow MD5 passwords]) 4027 MD5_MSG="yes" 4028 fi 4029 ] 4030) 4031 4032# Whether to disable shadow password support 4033AC_ARG_WITH([shadow], 4034 [ --without-shadow Disable shadow password support], 4035 [ 4036 if test "x$withval" = "xno" ; then 4037 AC_DEFINE([DISABLE_SHADOW]) 4038 disable_shadow=yes 4039 fi 4040 ] 4041) 4042 4043if test -z "$disable_shadow" ; then 4044 AC_MSG_CHECKING([if the systems has expire shadow information]) 4045 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4046#include <sys/types.h> 4047#include <shadow.h> 4048struct spwd sp; 4049 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4050 [ sp_expire_available=yes ], [ 4051 ]) 4052 4053 if test "x$sp_expire_available" = "xyes" ; then 4054 AC_MSG_RESULT([yes]) 4055 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4056 [Define if you want to use shadow password expire field]) 4057 else 4058 AC_MSG_RESULT([no]) 4059 fi 4060fi 4061 4062# Use ip address instead of hostname in $DISPLAY 4063if test ! -z "$IPADDR_IN_DISPLAY" ; then 4064 DISPLAY_HACK_MSG="yes" 4065 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4066 [Define if you need to use IP address 4067 instead of hostname in $DISPLAY]) 4068else 4069 DISPLAY_HACK_MSG="no" 4070 AC_ARG_WITH([ipaddr-display], 4071 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], 4072 [ 4073 if test "x$withval" != "xno" ; then 4074 AC_DEFINE([IPADDR_IN_DISPLAY]) 4075 DISPLAY_HACK_MSG="yes" 4076 fi 4077 ] 4078 ) 4079fi 4080 4081# check for /etc/default/login and use it if present. 4082AC_ARG_ENABLE([etc-default-login], 4083 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4084 [ if test "x$enableval" = "xno"; then 4085 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4086 etc_default_login=no 4087 else 4088 etc_default_login=yes 4089 fi ], 4090 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4091 then 4092 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4093 etc_default_login=no 4094 else 4095 etc_default_login=yes 4096 fi ] 4097) 4098 4099if test "x$etc_default_login" != "xno"; then 4100 AC_CHECK_FILE(["/etc/default/login"], 4101 [ external_path_file=/etc/default/login ]) 4102 if test "x$external_path_file" = "x/etc/default/login"; then 4103 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4104 [Define if your system has /etc/default/login]) 4105 fi 4106fi 4107 4108dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4109if test $ac_cv_func_login_getcapbool = "yes" && \ 4110 test $ac_cv_header_login_cap_h = "yes" ; then 4111 external_path_file=/etc/login.conf 4112fi 4113 4114# Whether to mess with the default path 4115SERVER_PATH_MSG="(default)" 4116AC_ARG_WITH([default-path], 4117 [ --with-default-path= Specify default \$PATH environment for server], 4118 [ 4119 if test "x$external_path_file" = "x/etc/login.conf" ; then 4120 AC_MSG_WARN([ 4121--with-default-path=PATH has no effect on this system. 4122Edit /etc/login.conf instead.]) 4123 elif test "x$withval" != "xno" ; then 4124 if test ! -z "$external_path_file" ; then 4125 AC_MSG_WARN([ 4126--with-default-path=PATH will only be used if PATH is not defined in 4127$external_path_file .]) 4128 fi 4129 user_path="$withval" 4130 SERVER_PATH_MSG="$withval" 4131 fi 4132 ], 4133 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4134 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4135 else 4136 if test ! -z "$external_path_file" ; then 4137 AC_MSG_WARN([ 4138If PATH is defined in $external_path_file, ensure the path to scp is included, 4139otherwise scp will not work.]) 4140 fi 4141 AC_RUN_IFELSE( 4142 [AC_LANG_PROGRAM([[ 4143/* find out what STDPATH is */ 4144#include <stdio.h> 4145#ifdef HAVE_PATHS_H 4146# include <paths.h> 4147#endif 4148#ifndef _PATH_STDPATH 4149# ifdef _PATH_USERPATH /* Irix */ 4150# define _PATH_STDPATH _PATH_USERPATH 4151# else 4152# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4153# endif 4154#endif 4155#include <sys/types.h> 4156#include <sys/stat.h> 4157#include <fcntl.h> 4158#define DATA "conftest.stdpath" 4159 ]], [[ 4160 FILE *fd; 4161 int rc; 4162 4163 fd = fopen(DATA,"w"); 4164 if(fd == NULL) 4165 exit(1); 4166 4167 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4168 exit(1); 4169 4170 exit(0); 4171 ]])], 4172 [ user_path=`cat conftest.stdpath` ], 4173 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4174 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4175 ) 4176# make sure $bindir is in USER_PATH so scp will work 4177 t_bindir="${bindir}" 4178 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4179 t_bindir=`eval echo ${t_bindir}` 4180 case $t_bindir in 4181 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4182 esac 4183 case $t_bindir in 4184 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4185 esac 4186 done 4187 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4188 if test $? -ne 0 ; then 4189 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4190 if test $? -ne 0 ; then 4191 user_path=$user_path:$t_bindir 4192 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4193 fi 4194 fi 4195 fi ] 4196) 4197if test "x$external_path_file" != "x/etc/login.conf" ; then 4198 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4199 AC_SUBST([user_path]) 4200fi 4201 4202# Set superuser path separately to user path 4203AC_ARG_WITH([superuser-path], 4204 [ --with-superuser-path= Specify different path for super-user], 4205 [ 4206 if test -n "$withval" && test "x$withval" != "xno" && \ 4207 test "x${withval}" != "xyes"; then 4208 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4209 [Define if you want a different $PATH 4210 for the superuser]) 4211 superuser_path=$withval 4212 fi 4213 ] 4214) 4215 4216 4217AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4218IPV4_IN6_HACK_MSG="no" 4219AC_ARG_WITH(4in6, 4220 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4221 [ 4222 if test "x$withval" != "xno" ; then 4223 AC_MSG_RESULT([yes]) 4224 AC_DEFINE([IPV4_IN_IPV6], [1], 4225 [Detect IPv4 in IPv6 mapped addresses 4226 and treat as IPv4]) 4227 IPV4_IN6_HACK_MSG="yes" 4228 else 4229 AC_MSG_RESULT([no]) 4230 fi 4231 ], [ 4232 if test "x$inet6_default_4in6" = "xyes"; then 4233 AC_MSG_RESULT([yes (default)]) 4234 AC_DEFINE([IPV4_IN_IPV6]) 4235 IPV4_IN6_HACK_MSG="yes" 4236 else 4237 AC_MSG_RESULT([no (default)]) 4238 fi 4239 ] 4240) 4241 4242# Whether to enable BSD auth support 4243BSD_AUTH_MSG=no 4244AC_ARG_WITH([bsd-auth], 4245 [ --with-bsd-auth Enable BSD auth support], 4246 [ 4247 if test "x$withval" != "xno" ; then 4248 AC_DEFINE([BSD_AUTH], [1], 4249 [Define if you have BSD auth support]) 4250 BSD_AUTH_MSG=yes 4251 fi 4252 ] 4253) 4254 4255# Where to place sshd.pid 4256piddir=/var/run 4257# make sure the directory exists 4258if test ! -d $piddir ; then 4259 piddir=`eval echo ${sysconfdir}` 4260 case $piddir in 4261 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4262 esac 4263fi 4264 4265AC_ARG_WITH([pid-dir], 4266 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4267 [ 4268 if test -n "$withval" && test "x$withval" != "xno" && \ 4269 test "x${withval}" != "xyes"; then 4270 piddir=$withval 4271 if test ! -d $piddir ; then 4272 AC_MSG_WARN([** no $piddir directory on this system **]) 4273 fi 4274 fi 4275 ] 4276) 4277 4278AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4279 [Specify location of ssh.pid]) 4280AC_SUBST([piddir]) 4281 4282dnl allow user to disable some login recording features 4283AC_ARG_ENABLE([lastlog], 4284 [ --disable-lastlog disable use of lastlog even if detected [no]], 4285 [ 4286 if test "x$enableval" = "xno" ; then 4287 AC_DEFINE([DISABLE_LASTLOG]) 4288 fi 4289 ] 4290) 4291AC_ARG_ENABLE([utmp], 4292 [ --disable-utmp disable use of utmp even if detected [no]], 4293 [ 4294 if test "x$enableval" = "xno" ; then 4295 AC_DEFINE([DISABLE_UTMP]) 4296 fi 4297 ] 4298) 4299AC_ARG_ENABLE([utmpx], 4300 [ --disable-utmpx disable use of utmpx even if detected [no]], 4301 [ 4302 if test "x$enableval" = "xno" ; then 4303 AC_DEFINE([DISABLE_UTMPX], [1], 4304 [Define if you don't want to use utmpx]) 4305 fi 4306 ] 4307) 4308AC_ARG_ENABLE([wtmp], 4309 [ --disable-wtmp disable use of wtmp even if detected [no]], 4310 [ 4311 if test "x$enableval" = "xno" ; then 4312 AC_DEFINE([DISABLE_WTMP]) 4313 fi 4314 ] 4315) 4316AC_ARG_ENABLE([wtmpx], 4317 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4318 [ 4319 if test "x$enableval" = "xno" ; then 4320 AC_DEFINE([DISABLE_WTMPX], [1], 4321 [Define if you don't want to use wtmpx]) 4322 fi 4323 ] 4324) 4325AC_ARG_ENABLE([libutil], 4326 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4327 [ 4328 if test "x$enableval" = "xno" ; then 4329 AC_DEFINE([DISABLE_LOGIN]) 4330 fi 4331 ] 4332) 4333AC_ARG_ENABLE([pututline], 4334 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4335 [ 4336 if test "x$enableval" = "xno" ; then 4337 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4338 [Define if you don't want to use pututline() 4339 etc. to write [uw]tmp]) 4340 fi 4341 ] 4342) 4343AC_ARG_ENABLE([pututxline], 4344 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4345 [ 4346 if test "x$enableval" = "xno" ; then 4347 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4348 [Define if you don't want to use pututxline() 4349 etc. to write [uw]tmpx]) 4350 fi 4351 ] 4352) 4353AC_ARG_WITH([lastlog], 4354 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4355 [ 4356 if test "x$withval" = "xno" ; then 4357 AC_DEFINE([DISABLE_LASTLOG]) 4358 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4359 conf_lastlog_location=$withval 4360 fi 4361 ] 4362) 4363 4364dnl lastlog, [uw]tmpx? detection 4365dnl NOTE: set the paths in the platform section to avoid the 4366dnl need for command-line parameters 4367dnl lastlog and [uw]tmp are subject to a file search if all else fails 4368 4369dnl lastlog detection 4370dnl NOTE: the code itself will detect if lastlog is a directory 4371AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4372AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4373#include <sys/types.h> 4374#include <utmp.h> 4375#ifdef HAVE_LASTLOG_H 4376# include <lastlog.h> 4377#endif 4378#ifdef HAVE_PATHS_H 4379# include <paths.h> 4380#endif 4381#ifdef HAVE_LOGIN_H 4382# include <login.h> 4383#endif 4384 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4385 [ AC_MSG_RESULT([yes]) ], 4386 [ 4387 AC_MSG_RESULT([no]) 4388 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4389 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4390#include <sys/types.h> 4391#include <utmp.h> 4392#ifdef HAVE_LASTLOG_H 4393# include <lastlog.h> 4394#endif 4395#ifdef HAVE_PATHS_H 4396# include <paths.h> 4397#endif 4398 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4399 [ AC_MSG_RESULT([yes]) ], 4400 [ 4401 AC_MSG_RESULT([no]) 4402 system_lastlog_path=no 4403 ]) 4404]) 4405 4406if test -z "$conf_lastlog_location"; then 4407 if test x"$system_lastlog_path" = x"no" ; then 4408 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4409 if (test -d "$f" || test -f "$f") ; then 4410 conf_lastlog_location=$f 4411 fi 4412 done 4413 if test -z "$conf_lastlog_location"; then 4414 AC_MSG_WARN([** Cannot find lastlog **]) 4415 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4416 fi 4417 fi 4418fi 4419 4420if test -n "$conf_lastlog_location"; then 4421 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4422 [Define if you want to specify the path to your lastlog file]) 4423fi 4424 4425dnl utmp detection 4426AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4427AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4428#include <sys/types.h> 4429#include <utmp.h> 4430#ifdef HAVE_PATHS_H 4431# include <paths.h> 4432#endif 4433 ]], [[ char *utmp = UTMP_FILE; ]])], 4434 [ AC_MSG_RESULT([yes]) ], 4435 [ AC_MSG_RESULT([no]) 4436 system_utmp_path=no 4437]) 4438if test -z "$conf_utmp_location"; then 4439 if test x"$system_utmp_path" = x"no" ; then 4440 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4441 if test -f $f ; then 4442 conf_utmp_location=$f 4443 fi 4444 done 4445 if test -z "$conf_utmp_location"; then 4446 AC_DEFINE([DISABLE_UTMP]) 4447 fi 4448 fi 4449fi 4450if test -n "$conf_utmp_location"; then 4451 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4452 [Define if you want to specify the path to your utmp file]) 4453fi 4454 4455dnl wtmp detection 4456AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4457AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4458#include <sys/types.h> 4459#include <utmp.h> 4460#ifdef HAVE_PATHS_H 4461# include <paths.h> 4462#endif 4463 ]], [[ char *wtmp = WTMP_FILE; ]])], 4464 [ AC_MSG_RESULT([yes]) ], 4465 [ AC_MSG_RESULT([no]) 4466 system_wtmp_path=no 4467]) 4468if test -z "$conf_wtmp_location"; then 4469 if test x"$system_wtmp_path" = x"no" ; then 4470 for f in /usr/adm/wtmp /var/log/wtmp; do 4471 if test -f $f ; then 4472 conf_wtmp_location=$f 4473 fi 4474 done 4475 if test -z "$conf_wtmp_location"; then 4476 AC_DEFINE([DISABLE_WTMP]) 4477 fi 4478 fi 4479fi 4480if test -n "$conf_wtmp_location"; then 4481 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4482 [Define if you want to specify the path to your wtmp file]) 4483fi 4484 4485dnl wtmpx detection 4486AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4487AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4488#include <sys/types.h> 4489#include <utmp.h> 4490#ifdef HAVE_UTMPX_H 4491#include <utmpx.h> 4492#endif 4493#ifdef HAVE_PATHS_H 4494# include <paths.h> 4495#endif 4496 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4497 [ AC_MSG_RESULT([yes]) ], 4498 [ AC_MSG_RESULT([no]) 4499 system_wtmpx_path=no 4500]) 4501if test -z "$conf_wtmpx_location"; then 4502 if test x"$system_wtmpx_path" = x"no" ; then 4503 AC_DEFINE([DISABLE_WTMPX]) 4504 fi 4505else 4506 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4507 [Define if you want to specify the path to your wtmpx file]) 4508fi 4509 4510 4511if test ! -z "$blibpath" ; then 4512 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4513 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4514fi 4515 4516AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4517 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4518 AC_DEFINE([DISABLE_LASTLOG]) 4519 fi 4520 ], [ 4521#ifdef HAVE_SYS_TYPES_H 4522#include <sys/types.h> 4523#endif 4524#ifdef HAVE_UTMP_H 4525#include <utmp.h> 4526#endif 4527#ifdef HAVE_UTMPX_H 4528#include <utmpx.h> 4529#endif 4530#ifdef HAVE_LASTLOG_H 4531#include <lastlog.h> 4532#endif 4533 ]) 4534 4535AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 4536 AC_DEFINE([DISABLE_UTMP]) 4537 AC_DEFINE([DISABLE_WTMP]) 4538 ], [ 4539#ifdef HAVE_SYS_TYPES_H 4540#include <sys/types.h> 4541#endif 4542#ifdef HAVE_UTMP_H 4543#include <utmp.h> 4544#endif 4545#ifdef HAVE_UTMPX_H 4546#include <utmpx.h> 4547#endif 4548#ifdef HAVE_LASTLOG_H 4549#include <lastlog.h> 4550#endif 4551 ]) 4552 4553dnl Adding -Werror to CFLAGS early prevents configure tests from running. 4554dnl Add now. 4555CFLAGS="$CFLAGS $werror_flags" 4556 4557if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 4558 TEST_SSH_IPV6=no 4559else 4560 TEST_SSH_IPV6=yes 4561fi 4562AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 4563AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 4564AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 4565 4566AC_EXEEXT 4567AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 4568 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 4569 survey.sh]) 4570AC_OUTPUT 4571 4572# Print summary of options 4573 4574# Someone please show me a better way :) 4575A=`eval echo ${prefix}` ; A=`eval echo ${A}` 4576B=`eval echo ${bindir}` ; B=`eval echo ${B}` 4577C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 4578D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 4579E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 4580F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 4581G=`eval echo ${piddir}` ; G=`eval echo ${G}` 4582H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 4583I=`eval echo ${user_path}` ; I=`eval echo ${I}` 4584J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 4585 4586echo "" 4587echo "OpenSSH has been configured with the following options:" 4588echo " User binaries: $B" 4589echo " System binaries: $C" 4590echo " Configuration files: $D" 4591echo " Askpass program: $E" 4592echo " Manual pages: $F" 4593echo " PID file: $G" 4594echo " Privilege separation chroot path: $H" 4595if test "x$external_path_file" = "x/etc/login.conf" ; then 4596echo " At runtime, sshd will use the path defined in $external_path_file" 4597echo " Make sure the path to scp is present, otherwise scp will not work" 4598else 4599echo " sshd default user PATH: $I" 4600 if test ! -z "$external_path_file"; then 4601echo " (If PATH is set in $external_path_file it will be used instead. If" 4602echo " used, ensure the path to scp is present, otherwise scp will not work.)" 4603 fi 4604fi 4605if test ! -z "$superuser_path" ; then 4606echo " sshd superuser user PATH: $J" 4607fi 4608echo " Manpage format: $MANTYPE" 4609echo " PAM support: $PAM_MSG" 4610echo " OSF SIA support: $SIA_MSG" 4611echo " KerberosV support: $KRB5_MSG" 4612echo " SELinux support: $SELINUX_MSG" 4613echo " Smartcard support: $SCARD_MSG" 4614echo " S/KEY support: $SKEY_MSG" 4615echo " TCP Wrappers support: $TCPW_MSG" 4616echo " MD5 password support: $MD5_MSG" 4617echo " libedit support: $LIBEDIT_MSG" 4618echo " Solaris process contract support: $SPC_MSG" 4619echo " Solaris project support: $SP_MSG" 4620echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 4621echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 4622echo " BSD Auth support: $BSD_AUTH_MSG" 4623echo " Random number source: $RAND_MSG" 4624echo " Privsep sandbox style: $SANDBOX_STYLE" 4625 4626echo "" 4627 4628echo " Host: ${host}" 4629echo " Compiler: ${CC}" 4630echo " Compiler flags: ${CFLAGS}" 4631echo "Preprocessor flags: ${CPPFLAGS}" 4632echo " Linker flags: ${LDFLAGS}" 4633echo " Libraries: ${LIBS}" 4634if test ! -z "${SSHDLIBS}"; then 4635echo " +for sshd: ${SSHDLIBS}" 4636fi 4637if test ! -z "${SSHLIBS}"; then 4638echo " +for ssh: ${SSHLIBS}" 4639fi 4640 4641echo "" 4642 4643if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 4644 echo "SVR4 style packages are supported with \"make package\"" 4645 echo "" 4646fi 4647 4648if test "x$PAM_MSG" = "xyes" ; then 4649 echo "PAM is enabled. You may need to install a PAM control file " 4650 echo "for sshd, otherwise password authentication may fail. " 4651 echo "Example PAM control files can be found in the contrib/ " 4652 echo "subdirectory" 4653 echo "" 4654fi 4655 4656if test ! -z "$NO_PEERCHECK" ; then 4657 echo "WARNING: the operating system that you are using does not" 4658 echo "appear to support getpeereid(), getpeerucred() or the" 4659 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 4660 echo "enforce security checks to prevent unauthorised connections to" 4661 echo "ssh-agent. Their absence increases the risk that a malicious" 4662 echo "user can connect to your agent." 4663 echo "" 4664fi 4665 4666if test "$AUDIT_MODULE" = "bsm" ; then 4667 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 4668 echo "See the Solaris section in README.platform for details." 4669fi 4670