1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_REVISION($Revision: 1.583 $) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([ENT], [ent]) 38AC_SUBST([ENT]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 40AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 42AC_PATH_PROG([SH], [sh]) 43AC_PATH_PROG([GROFF], [groff]) 44AC_PATH_PROG([NROFF], [nroff]) 45AC_PATH_PROG([MANDOC], [mandoc]) 46AC_SUBST([TEST_SHELL], [sh]) 47 48dnl select manpage formatter 49if test "x$MANDOC" != "x" ; then 50 MANFMT="$MANDOC" 51elif test "x$NROFF" != "x" ; then 52 MANFMT="$NROFF -mandoc" 53elif test "x$GROFF" != "x" ; then 54 MANFMT="$GROFF -mandoc -Tascii" 55else 56 AC_MSG_WARN([no manpage formatted found]) 57 MANFMT="false" 58fi 59AC_SUBST([MANFMT]) 60 61dnl for buildpkg.sh 62AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 67if test -x /sbin/sh; then 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 69else 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 71fi 72 73# System features 74AC_SYS_LARGEFILE 75 76if test -z "$AR" ; then 77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 78fi 79 80AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 81if test ! -z "$PATH_PASSWD_PROG" ; then 82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 83 [Full path of your "passwd" program]) 84fi 85 86dnl Since autoconf doesn't support it very well, we no longer allow users to 87dnl override LD, however keeping the hook here for now in case there's a use 88dnl use case we overlooked and someone needs to re-enable it. Unless a good 89dnl reason is found we'll be removing this in future. 90LD="$CC" 91AC_SUBST([LD]) 92 93AC_C_INLINE 94 95AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 96AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 97 #include <sys/types.h> 98 #include <sys/param.h> 99 #include <dev/systrace.h> 100]) 101AC_CHECK_DECL([RLIMIT_NPROC], 102 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 103 #include <sys/types.h> 104 #include <sys/resource.h> 105]) 106AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 107 #include <sys/types.h> 108 #include <linux/prctl.h> 109]) 110 111openssl=yes 112AC_ARG_WITH([openssl], 113 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 114 [ if test "x$withval" = "xno" ; then 115 openssl=no 116 fi 117 ] 118) 119AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 120if test "x$openssl" = "xyes" ; then 121 AC_MSG_RESULT([yes]) 122 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 123else 124 AC_MSG_RESULT([no]) 125fi 126 127use_stack_protector=1 128use_toolchain_hardening=1 129AC_ARG_WITH([stackprotect], 130 [ --without-stackprotect Don't use compiler's stack protection], [ 131 if test "x$withval" = "xno"; then 132 use_stack_protector=0 133 fi ]) 134AC_ARG_WITH([hardening], 135 [ --without-hardening Don't use toolchain hardening flags], [ 136 if test "x$withval" = "xno"; then 137 use_toolchain_hardening=0 138 fi ]) 139 140# We use -Werror for the tests only so that we catch warnings like "this is 141# on by default" for things like -fPIE. 142AC_MSG_CHECKING([if $CC supports -Werror]) 143saved_CFLAGS="$CFLAGS" 144CFLAGS="$CFLAGS -Werror" 145AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 146 [ AC_MSG_RESULT([yes]) 147 WERROR="-Werror"], 148 [ AC_MSG_RESULT([no]) 149 WERROR="" ] 150) 151CFLAGS="$saved_CFLAGS" 152 153if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 154 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 155 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 165 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 166 if test "x$use_toolchain_hardening" = "x1"; then 167 # Cygwin GCC 7.x allows thunking on the CLI, but produces non-working 168 # code. Unfortunately you only notice this at link time. 169 case "$host" in 170 *-*-cygwin*) ;; 171 *) 172 OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc 173 OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc 174 ;; 175 esac 176 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 177 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 178 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 179 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 180 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 181 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 182 # NB. -ftrapv expects certain support functions to be present in 183 # the compiler library (libgcc or similar) to detect integer operations 184 # that can overflow. We must check that the result of enabling it 185 # actually links. The test program compiled/linked includes a number 186 # of integer operations that should exercise this. 187 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 188 fi 189 AC_MSG_CHECKING([gcc version]) 190 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 191 case $GCC_VER in 192 1.*) no_attrib_nonnull=1 ;; 193 2.8* | 2.9*) 194 no_attrib_nonnull=1 195 ;; 196 2.*) no_attrib_nonnull=1 ;; 197 *) ;; 198 esac 199 AC_MSG_RESULT([$GCC_VER]) 200 201 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 202 saved_CFLAGS="$CFLAGS" 203 CFLAGS="$CFLAGS -fno-builtin-memset" 204 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 205 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 206 [ AC_MSG_RESULT([yes]) ], 207 [ AC_MSG_RESULT([no]) 208 CFLAGS="$saved_CFLAGS" ] 209 ) 210 211 # -fstack-protector-all doesn't always work for some GCC versions 212 # and/or platforms, so we test if we can. If it's not supported 213 # on a given platform gcc will emit a warning so we use -Werror. 214 if test "x$use_stack_protector" = "x1"; then 215 for t in -fstack-protector-strong -fstack-protector-all \ 216 -fstack-protector; do 217 AC_MSG_CHECKING([if $CC supports $t]) 218 saved_CFLAGS="$CFLAGS" 219 saved_LDFLAGS="$LDFLAGS" 220 CFLAGS="$CFLAGS $t -Werror" 221 LDFLAGS="$LDFLAGS $t -Werror" 222 AC_LINK_IFELSE( 223 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 224 [[ 225 char x[256]; 226 snprintf(x, sizeof(x), "XXX"); 227 ]])], 228 [ AC_MSG_RESULT([yes]) 229 CFLAGS="$saved_CFLAGS $t" 230 LDFLAGS="$saved_LDFLAGS $t" 231 AC_MSG_CHECKING([if $t works]) 232 AC_RUN_IFELSE( 233 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 234 [[ 235 char x[256]; 236 snprintf(x, sizeof(x), "XXX"); 237 ]])], 238 [ AC_MSG_RESULT([yes]) 239 break ], 240 [ AC_MSG_RESULT([no]) ], 241 [ AC_MSG_WARN([cross compiling: cannot test]) 242 break ] 243 ) 244 ], 245 [ AC_MSG_RESULT([no]) ] 246 ) 247 CFLAGS="$saved_CFLAGS" 248 LDFLAGS="$saved_LDFLAGS" 249 done 250 fi 251 252 if test -z "$have_llong_max"; then 253 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 254 unset ac_cv_have_decl_LLONG_MAX 255 saved_CFLAGS="$CFLAGS" 256 CFLAGS="$CFLAGS -std=gnu99" 257 AC_CHECK_DECL([LLONG_MAX], 258 [have_llong_max=1], 259 [CFLAGS="$saved_CFLAGS"], 260 [#include <limits.h>] 261 ) 262 fi 263fi 264 265AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 266AC_COMPILE_IFELSE( 267 [AC_LANG_PROGRAM([[ 268#include <stdlib.h> 269__attribute__((__unused__)) static void foo(void){return;}]], 270 [[ exit(0); ]])], 271 [ AC_MSG_RESULT([yes]) ], 272 [ AC_MSG_RESULT([no]) 273 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 274 [compiler does not accept __attribute__ on return types]) ] 275) 276 277AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 278AC_COMPILE_IFELSE( 279 [AC_LANG_PROGRAM([[ 280#include <stdlib.h> 281typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 282 [[ exit(0); ]])], 283 [ AC_MSG_RESULT([yes]) ], 284 [ AC_MSG_RESULT([no]) 285 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 286 [compiler does not accept __attribute__ on prototype args]) ] 287) 288 289if test "x$no_attrib_nonnull" != "x1" ; then 290 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 291fi 292 293AC_ARG_WITH([rpath], 294 [ --without-rpath Disable auto-added -R linker paths], 295 [ 296 if test "x$withval" = "xno" ; then 297 need_dash_r="" 298 fi 299 if test "x$withval" = "xyes" ; then 300 need_dash_r=1 301 fi 302 ] 303) 304 305# Allow user to specify flags 306AC_ARG_WITH([cflags], 307 [ --with-cflags Specify additional flags to pass to compiler], 308 [ 309 if test -n "$withval" && test "x$withval" != "xno" && \ 310 test "x${withval}" != "xyes"; then 311 CFLAGS="$CFLAGS $withval" 312 fi 313 ] 314) 315 316AC_ARG_WITH([cflags-after], 317 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 318 [ 319 if test -n "$withval" && test "x$withval" != "xno" && \ 320 test "x${withval}" != "xyes"; then 321 CFLAGS_AFTER="$withval" 322 fi 323 ] 324) 325AC_ARG_WITH([cppflags], 326 [ --with-cppflags Specify additional flags to pass to preprocessor] , 327 [ 328 if test -n "$withval" && test "x$withval" != "xno" && \ 329 test "x${withval}" != "xyes"; then 330 CPPFLAGS="$CPPFLAGS $withval" 331 fi 332 ] 333) 334AC_ARG_WITH([ldflags], 335 [ --with-ldflags Specify additional flags to pass to linker], 336 [ 337 if test -n "$withval" && test "x$withval" != "xno" && \ 338 test "x${withval}" != "xyes"; then 339 LDFLAGS="$LDFLAGS $withval" 340 fi 341 ] 342) 343AC_ARG_WITH([ldflags-after], 344 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 345 [ 346 if test -n "$withval" && test "x$withval" != "xno" && \ 347 test "x${withval}" != "xyes"; then 348 LDFLAGS_AFTER="$withval" 349 fi 350 ] 351) 352AC_ARG_WITH([libs], 353 [ --with-libs Specify additional libraries to link with], 354 [ 355 if test -n "$withval" && test "x$withval" != "xno" && \ 356 test "x${withval}" != "xyes"; then 357 LIBS="$LIBS $withval" 358 fi 359 ] 360) 361AC_ARG_WITH([Werror], 362 [ --with-Werror Build main code with -Werror], 363 [ 364 if test -n "$withval" && test "x$withval" != "xno"; then 365 werror_flags="-Werror" 366 if test "x${withval}" != "xyes"; then 367 werror_flags="$withval" 368 fi 369 fi 370 ] 371) 372 373AC_CHECK_HEADERS([ \ 374 blf.h \ 375 bstring.h \ 376 crypt.h \ 377 crypto/sha2.h \ 378 dirent.h \ 379 endian.h \ 380 elf.h \ 381 err.h \ 382 features.h \ 383 fcntl.h \ 384 floatingpoint.h \ 385 getopt.h \ 386 glob.h \ 387 ia.h \ 388 iaf.h \ 389 ifaddrs.h \ 390 inttypes.h \ 391 langinfo.h \ 392 limits.h \ 393 locale.h \ 394 login.h \ 395 maillock.h \ 396 ndir.h \ 397 net/if_tun.h \ 398 netdb.h \ 399 netgroup.h \ 400 pam/pam_appl.h \ 401 paths.h \ 402 poll.h \ 403 pty.h \ 404 readpassphrase.h \ 405 rpc/types.h \ 406 security/pam_appl.h \ 407 sha2.h \ 408 shadow.h \ 409 stddef.h \ 410 stdint.h \ 411 string.h \ 412 strings.h \ 413 sys/bitypes.h \ 414 sys/bsdtty.h \ 415 sys/cdefs.h \ 416 sys/dir.h \ 417 sys/file.h \ 418 sys/mman.h \ 419 sys/label.h \ 420 sys/ndir.h \ 421 sys/poll.h \ 422 sys/prctl.h \ 423 sys/pstat.h \ 424 sys/ptrace.h \ 425 sys/random.h \ 426 sys/select.h \ 427 sys/stat.h \ 428 sys/stream.h \ 429 sys/stropts.h \ 430 sys/strtio.h \ 431 sys/statvfs.h \ 432 sys/sysmacros.h \ 433 sys/time.h \ 434 sys/timers.h \ 435 sys/vfs.h \ 436 time.h \ 437 tmpdir.h \ 438 ttyent.h \ 439 ucred.h \ 440 unistd.h \ 441 usersec.h \ 442 util.h \ 443 utime.h \ 444 utmp.h \ 445 utmpx.h \ 446 vis.h \ 447 wchar.h \ 448]) 449 450# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 451# to be included first. 452AC_CHECK_HEADERS([sys/audit.h], [], [], [ 453#ifdef HAVE_SYS_TIME_H 454# include <sys/time.h> 455#endif 456#ifdef HAVE_SYS_TYPES_H 457# include <sys/types.h> 458#endif 459#ifdef HAVE_SYS_LABEL_H 460# include <sys/label.h> 461#endif 462]) 463 464# sys/capsicum.h requires sys/types.h 465AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 466#ifdef HAVE_SYS_TYPES_H 467# include <sys/types.h> 468#endif 469]) 470 471# net/route.h requires sys/socket.h and sys/types.h. 472# sys/sysctl.h also requires sys/param.h 473AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 474#ifdef HAVE_SYS_TYPES_H 475# include <sys/types.h> 476#endif 477#include <sys/param.h> 478#include <sys/socket.h> 479]) 480 481# lastlog.h requires sys/time.h to be included first on Solaris 482AC_CHECK_HEADERS([lastlog.h], [], [], [ 483#ifdef HAVE_SYS_TIME_H 484# include <sys/time.h> 485#endif 486]) 487 488# sys/ptms.h requires sys/stream.h to be included first on Solaris 489AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 490#ifdef HAVE_SYS_STREAM_H 491# include <sys/stream.h> 492#endif 493]) 494 495# login_cap.h requires sys/types.h on NetBSD 496AC_CHECK_HEADERS([login_cap.h], [], [], [ 497#include <sys/types.h> 498]) 499 500# older BSDs need sys/param.h before sys/mount.h 501AC_CHECK_HEADERS([sys/mount.h], [], [], [ 502#include <sys/param.h> 503]) 504 505# Android requires sys/socket.h to be included before sys/un.h 506AC_CHECK_HEADERS([sys/un.h], [], [], [ 507#include <sys/types.h> 508#include <sys/socket.h> 509]) 510 511# Messages for features tested for in target-specific section 512SIA_MSG="no" 513SPC_MSG="no" 514SP_MSG="no" 515SPP_MSG="no" 516 517# Support for Solaris/Illumos privileges (this test is used by both 518# the --with-solaris-privs option and --with-sandbox=solaris). 519SOLARIS_PRIVS="no" 520 521# Check for some target-specific stuff 522case "$host" in 523*-*-aix*) 524 # Some versions of VAC won't allow macro redefinitions at 525 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 526 # particularly with older versions of vac or xlc. 527 # It also throws errors about null macro arguments, but these are 528 # not fatal. 529 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 530 AC_COMPILE_IFELSE( 531 [AC_LANG_PROGRAM([[ 532#define testmacro foo 533#define testmacro bar]], 534 [[ exit(0); ]])], 535 [ AC_MSG_RESULT([yes]) ], 536 [ AC_MSG_RESULT([no]) 537 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 538 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 539 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 540 ] 541 ) 542 543 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 544 if (test -z "$blibpath"); then 545 blibpath="/usr/lib:/lib" 546 fi 547 saved_LDFLAGS="$LDFLAGS" 548 if test "$GCC" = "yes"; then 549 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 550 else 551 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 552 fi 553 for tryflags in $flags ;do 554 if (test -z "$blibflags"); then 555 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 556 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 557 [blibflags=$tryflags], []) 558 fi 559 done 560 if (test -z "$blibflags"); then 561 AC_MSG_RESULT([not found]) 562 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 563 else 564 AC_MSG_RESULT([$blibflags]) 565 fi 566 LDFLAGS="$saved_LDFLAGS" 567 dnl Check for authenticate. Might be in libs.a on older AIXes 568 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 569 [Define if you want to enable AIX4's authenticate function])], 570 [AC_CHECK_LIB([s], [authenticate], 571 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 572 LIBS="$LIBS -ls" 573 ]) 574 ]) 575 dnl Check for various auth function declarations in headers. 576 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 577 passwdexpired, setauthdb], , , [#include <usersec.h>]) 578 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 579 AC_CHECK_DECLS([loginfailed], 580 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 581 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 582 [[ (void)loginfailed("user","host","tty",0); ]])], 583 [AC_MSG_RESULT([yes]) 584 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 585 [Define if your AIX loginfailed() function 586 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 587 ])], 588 [], 589 [#include <usersec.h>] 590 ) 591 AC_CHECK_FUNCS([getgrset setauthdb]) 592 AC_CHECK_DECL([F_CLOSEM], 593 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 594 [], 595 [ #include <limits.h> 596 #include <fcntl.h> ] 597 ) 598 check_for_aix_broken_getaddrinfo=1 599 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 600 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 601 [Define if your platform breaks doing a seteuid before a setuid]) 602 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 603 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 604 dnl AIX handles lastlog as part of its login message 605 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 606 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 607 [Some systems need a utmpx entry for /bin/login to work]) 608 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 609 [Define to a Set Process Title type if your system is 610 supported by bsd-setproctitle.c]) 611 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 612 [AIX 5.2 and 5.3 (and presumably newer) require this]) 613 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 614 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 615 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 616 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 617 ;; 618*-*-android*) 619 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 620 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 621 ;; 622*-*-cygwin*) 623 check_for_libcrypt_later=1 624 LIBS="$LIBS /usr/lib/textreadmode.o" 625 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 626 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 627 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 628 [Define to disable UID restoration test]) 629 AC_DEFINE([DISABLE_SHADOW], [1], 630 [Define if you want to disable shadow passwords]) 631 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 632 [Define if X11 doesn't support AF_UNIX sockets on that system]) 633 AC_DEFINE([DISABLE_FD_PASSING], [1], 634 [Define if your platform needs to skip post auth 635 file descriptor passing]) 636 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 637 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 638 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 639 # reasons which cause compile warnings, so we disable those warnings. 640 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 641 ;; 642*-*-dgux*) 643 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 644 [Define if your system choked on IP TOS setting]) 645 AC_DEFINE([SETEUID_BREAKS_SETUID]) 646 AC_DEFINE([BROKEN_SETREUID]) 647 AC_DEFINE([BROKEN_SETREGID]) 648 ;; 649*-*-darwin*) 650 use_pie=auto 651 AC_MSG_CHECKING([if we have working getaddrinfo]) 652 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 653main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 654 exit(0); 655 else 656 exit(1); 657} 658 ]])], 659 [AC_MSG_RESULT([working])], 660 [AC_MSG_RESULT([buggy]) 661 AC_DEFINE([BROKEN_GETADDRINFO], [1], 662 [getaddrinfo is broken (if present)]) 663 ], 664 [AC_MSG_RESULT([assume it is working])]) 665 AC_DEFINE([SETEUID_BREAKS_SETUID]) 666 AC_DEFINE([BROKEN_SETREUID]) 667 AC_DEFINE([BROKEN_SETREGID]) 668 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 669 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 670 [Define if your resolver libs need this for getrrsetbyname]) 671 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 672 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 673 [Use tunnel device compatibility to OpenBSD]) 674 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 675 [Prepend the address family to IP tunnel traffic]) 676 m4_pattern_allow([AU_IPv]) 677 AC_CHECK_DECL([AU_IPv4], [], 678 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 679 [#include <bsm/audit.h>] 680 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 681 [Define if pututxline updates lastlog too]) 682 ) 683 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 684 [Define to a Set Process Title type if your system is 685 supported by bsd-setproctitle.c]) 686 AC_CHECK_FUNCS([sandbox_init]) 687 AC_CHECK_HEADERS([sandbox.h]) 688 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 689 SSHDLIBS="$SSHDLIBS -lsandbox" 690 ]) 691 ;; 692*-*-dragonfly*) 693 SSHDLIBS="$SSHDLIBS -lcrypt" 694 TEST_MALLOC_OPTIONS="AFGJPRX" 695 ;; 696*-*-haiku*) 697 LIBS="$LIBS -lbsd " 698 AC_CHECK_LIB([network], [socket]) 699 AC_DEFINE([HAVE_U_INT64_T]) 700 MANTYPE=man 701 ;; 702*-*-hpux*) 703 # first we define all of the options common to all HP-UX releases 704 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 705 IPADDR_IN_DISPLAY=yes 706 AC_DEFINE([USE_PIPES]) 707 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 708 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 709 [String used in /etc/passwd to denote locked account]) 710 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 711 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 712 maildir="/var/mail" 713 LIBS="$LIBS -lsec" 714 AC_CHECK_LIB([xnet], [t_error], , 715 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 716 717 # next, we define all of the options specific to major releases 718 case "$host" in 719 *-*-hpux10*) 720 if test -z "$GCC"; then 721 CFLAGS="$CFLAGS -Ae" 722 fi 723 ;; 724 *-*-hpux11*) 725 AC_DEFINE([PAM_SUN_CODEBASE], [1], 726 [Define if you are using Solaris-derived PAM which 727 passes pam_messages to the conversation function 728 with an extra level of indirection]) 729 AC_DEFINE([DISABLE_UTMP], [1], 730 [Define if you don't want to use utmp]) 731 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 732 check_for_hpux_broken_getaddrinfo=1 733 check_for_conflicting_getspnam=1 734 ;; 735 esac 736 737 # lastly, we define options specific to minor releases 738 case "$host" in 739 *-*-hpux10.26) 740 AC_DEFINE([HAVE_SECUREWARE], [1], 741 [Define if you have SecureWare-based 742 protected password database]) 743 disable_ptmx_check=yes 744 LIBS="$LIBS -lsecpw" 745 ;; 746 esac 747 ;; 748*-*-irix5*) 749 PATH="$PATH:/usr/etc" 750 AC_DEFINE([BROKEN_INET_NTOA], [1], 751 [Define if you system's inet_ntoa is busted 752 (e.g. Irix gcc issue)]) 753 AC_DEFINE([SETEUID_BREAKS_SETUID]) 754 AC_DEFINE([BROKEN_SETREUID]) 755 AC_DEFINE([BROKEN_SETREGID]) 756 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 757 [Define if you shouldn't strip 'tty' from your 758 ttyname in [uw]tmp]) 759 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 760 ;; 761*-*-irix6*) 762 PATH="$PATH:/usr/etc" 763 AC_DEFINE([WITH_IRIX_ARRAY], [1], 764 [Define if you have/want arrays 765 (cluster-wide session management, not C arrays)]) 766 AC_DEFINE([WITH_IRIX_PROJECT], [1], 767 [Define if you want IRIX project management]) 768 AC_DEFINE([WITH_IRIX_AUDIT], [1], 769 [Define if you want IRIX audit trails]) 770 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 771 [Define if you want IRIX kernel jobs])]) 772 AC_DEFINE([BROKEN_INET_NTOA]) 773 AC_DEFINE([SETEUID_BREAKS_SETUID]) 774 AC_DEFINE([BROKEN_SETREUID]) 775 AC_DEFINE([BROKEN_SETREGID]) 776 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 777 AC_DEFINE([WITH_ABBREV_NO_TTY]) 778 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 779 ;; 780*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 781 check_for_libcrypt_later=1 782 AC_DEFINE([PAM_TTY_KLUDGE]) 783 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 784 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 785 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 786 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 787 ;; 788*-*-linux*) 789 no_dev_ptmx=1 790 use_pie=auto 791 check_for_libcrypt_later=1 792 check_for_openpty_ctty_bug=1 793 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 794 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 795 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 796 AC_DEFINE([PAM_TTY_KLUDGE], [1], 797 [Work around problematic Linux PAM modules handling of PAM_TTY]) 798 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 799 [String used in /etc/passwd to denote locked account]) 800 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 801 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 802 [Define to whatever link() returns for "not supported" 803 if it doesn't return EOPNOTSUPP.]) 804 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 805 AC_DEFINE([USE_BTMP]) 806 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 807 inet6_default_4in6=yes 808 case `uname -r` in 809 1.*|2.0.*) 810 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 811 [Define if cmsg_type is not passed correctly]) 812 ;; 813 esac 814 # tun(4) forwarding compat code 815 AC_CHECK_HEADERS([linux/if_tun.h]) 816 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 817 AC_DEFINE([SSH_TUN_LINUX], [1], 818 [Open tunnel devices the Linux tun/tap way]) 819 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 820 [Use tunnel device compatibility to OpenBSD]) 821 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 822 [Prepend the address family to IP tunnel traffic]) 823 fi 824 AC_CHECK_HEADER([linux/if.h], 825 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 826 [Support routing domains using Linux VRF]), [], [ 827#ifdef HAVE_SYS_TYPES_H 828# include <sys/types.H> 829#endif 830 ]) 831 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 832 [], [#include <linux/types.h>]) 833 # Obtain MIPS ABI 834 case "$host" in 835 mips*) 836 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 837#if _MIPS_SIM != _ABIO32 838#error 839#endif 840 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 841#if _MIPS_SIM != _ABIN32 842#error 843#endif 844 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 845#if _MIPS_SIM != _ABI64 846#error 847#endif 848 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 849 ]) 850 ]) 851 ]) 852 ;; 853 esac 854 AC_MSG_CHECKING([for seccomp architecture]) 855 seccomp_audit_arch= 856 case "$host" in 857 x86_64-*) 858 seccomp_audit_arch=AUDIT_ARCH_X86_64 859 ;; 860 i*86-*) 861 seccomp_audit_arch=AUDIT_ARCH_I386 862 ;; 863 arm*-*) 864 seccomp_audit_arch=AUDIT_ARCH_ARM 865 ;; 866 aarch64*-*) 867 seccomp_audit_arch=AUDIT_ARCH_AARCH64 868 ;; 869 s390x-*) 870 seccomp_audit_arch=AUDIT_ARCH_S390X 871 ;; 872 s390-*) 873 seccomp_audit_arch=AUDIT_ARCH_S390 874 ;; 875 powerpc64-*) 876 seccomp_audit_arch=AUDIT_ARCH_PPC64 877 ;; 878 powerpc64le-*) 879 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 880 ;; 881 mips-*) 882 seccomp_audit_arch=AUDIT_ARCH_MIPS 883 ;; 884 mipsel-*) 885 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 886 ;; 887 mips64-*) 888 case "$mips_abi" in 889 "n32") 890 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 891 ;; 892 "n64") 893 seccomp_audit_arch=AUDIT_ARCH_MIPS64 894 ;; 895 esac 896 ;; 897 mips64el-*) 898 case "$mips_abi" in 899 "n32") 900 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 901 ;; 902 "n64") 903 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 904 ;; 905 esac 906 ;; 907 esac 908 if test "x$seccomp_audit_arch" != "x" ; then 909 AC_MSG_RESULT(["$seccomp_audit_arch"]) 910 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 911 [Specify the system call convention in use]) 912 else 913 AC_MSG_RESULT([architecture not supported]) 914 fi 915 ;; 916mips-sony-bsd|mips-sony-newsos4) 917 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 918 SONY=1 919 ;; 920*-*-netbsd*) 921 check_for_libcrypt_before=1 922 if test "x$withval" != "xno" ; then 923 need_dash_r=1 924 fi 925 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 926 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 927 AC_CHECK_HEADER([net/if_tap.h], , 928 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 929 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 930 [Prepend the address family to IP tunnel traffic]) 931 TEST_MALLOC_OPTIONS="AJRX" 932 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 933 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 934 ;; 935*-*-freebsd*) 936 check_for_libcrypt_later=1 937 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 938 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 939 AC_CHECK_HEADER([net/if_tap.h], , 940 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 941 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 942 TEST_MALLOC_OPTIONS="AJRX" 943 # Preauth crypto occasionally uses file descriptors for crypto offload 944 # and will crash if they cannot be opened. 945 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 946 [define if setrlimit RLIMIT_NOFILE breaks things]) 947 ;; 948*-*-bsdi*) 949 AC_DEFINE([SETEUID_BREAKS_SETUID]) 950 AC_DEFINE([BROKEN_SETREUID]) 951 AC_DEFINE([BROKEN_SETREGID]) 952 ;; 953*-next-*) 954 conf_lastlog_location="/usr/adm/lastlog" 955 conf_utmp_location=/etc/utmp 956 conf_wtmp_location=/usr/adm/wtmp 957 maildir=/usr/spool/mail 958 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 959 AC_DEFINE([BROKEN_REALPATH]) 960 AC_DEFINE([USE_PIPES]) 961 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 962 ;; 963*-*-openbsd*) 964 use_pie=auto 965 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 966 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 967 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 968 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 969 [syslog_r function is safe to use in in a signal handler]) 970 TEST_MALLOC_OPTIONS="AFGJPRX" 971 ;; 972*-*-solaris*) 973 if test "x$withval" != "xno" ; then 974 need_dash_r=1 975 fi 976 AC_DEFINE([PAM_SUN_CODEBASE]) 977 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 978 AC_DEFINE([PAM_TTY_KLUDGE]) 979 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 980 [Define if pam_chauthtok wants real uid set 981 to the unpriv'ed user]) 982 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 983 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 984 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 985 [Define if sshd somehow reacquires a controlling TTY 986 after setsid()]) 987 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 988 in case the name is longer than 8 chars]) 989 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 990 external_path_file=/etc/default/login 991 # hardwire lastlog location (can't detect it on some versions) 992 conf_lastlog_location="/var/adm/lastlog" 993 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 994 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 995 if test "$sol2ver" -ge 8; then 996 AC_MSG_RESULT([yes]) 997 AC_DEFINE([DISABLE_UTMP]) 998 AC_DEFINE([DISABLE_WTMP], [1], 999 [Define if you don't want to use wtmp]) 1000 else 1001 AC_MSG_RESULT([no]) 1002 fi 1003 AC_CHECK_FUNCS([setpflags]) 1004 AC_CHECK_FUNCS([setppriv]) 1005 AC_CHECK_FUNCS([priv_basicset]) 1006 AC_CHECK_HEADERS([priv.h]) 1007 AC_ARG_WITH([solaris-contracts], 1008 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1009 [ 1010 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1011 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1012 [Define if you have Solaris process contracts]) 1013 LIBS="$LIBS -lcontract" 1014 SPC_MSG="yes" ], ) 1015 ], 1016 ) 1017 AC_ARG_WITH([solaris-projects], 1018 [ --with-solaris-projects Enable Solaris projects (experimental)], 1019 [ 1020 AC_CHECK_LIB([project], [setproject], 1021 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1022 [Define if you have Solaris projects]) 1023 LIBS="$LIBS -lproject" 1024 SP_MSG="yes" ], ) 1025 ], 1026 ) 1027 AC_ARG_WITH([solaris-privs], 1028 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1029 [ 1030 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1031 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1032 "x$ac_cv_header_priv_h" = "xyes" ; then 1033 SOLARIS_PRIVS=yes 1034 AC_MSG_RESULT([found]) 1035 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1036 [Define to disable UID restoration test]) 1037 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1038 [Define if you have Solaris privileges]) 1039 SPP_MSG="yes" 1040 else 1041 AC_MSG_RESULT([not found]) 1042 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1043 fi 1044 ], 1045 ) 1046 TEST_SHELL=$SHELL # let configure find us a capable shell 1047 ;; 1048*-*-sunos4*) 1049 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1050 AC_CHECK_FUNCS([getpwanam]) 1051 AC_DEFINE([PAM_SUN_CODEBASE]) 1052 conf_utmp_location=/etc/utmp 1053 conf_wtmp_location=/var/adm/wtmp 1054 conf_lastlog_location=/var/adm/lastlog 1055 AC_DEFINE([USE_PIPES]) 1056 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1057 ;; 1058*-ncr-sysv*) 1059 LIBS="$LIBS -lc89" 1060 AC_DEFINE([USE_PIPES]) 1061 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1062 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1063 AC_DEFINE([BROKEN_SETREUID]) 1064 AC_DEFINE([BROKEN_SETREGID]) 1065 ;; 1066*-sni-sysv*) 1067 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1068 AC_CHECK_LIB([dl], [dlsym], ,) 1069 # -lresolv needs to be at the end of LIBS or DNS lookups break 1070 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1071 IPADDR_IN_DISPLAY=yes 1072 AC_DEFINE([USE_PIPES]) 1073 AC_DEFINE([IP_TOS_IS_BROKEN]) 1074 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1075 AC_DEFINE([BROKEN_SETREUID]) 1076 AC_DEFINE([BROKEN_SETREGID]) 1077 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1078 external_path_file=/etc/default/login 1079 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1080 # Attention: always take care to bind libsocket and libnsl before libc, 1081 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1082 ;; 1083# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1084*-*-sysv4.2*) 1085 AC_DEFINE([USE_PIPES]) 1086 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1087 AC_DEFINE([BROKEN_SETREUID]) 1088 AC_DEFINE([BROKEN_SETREGID]) 1089 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1090 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1091 TEST_SHELL=$SHELL # let configure find us a capable shell 1092 ;; 1093# UnixWare 7.x, OpenUNIX 8 1094*-*-sysv5*) 1095 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1096 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1097 AC_DEFINE([USE_PIPES]) 1098 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1099 AC_DEFINE([BROKEN_GETADDRINFO]) 1100 AC_DEFINE([BROKEN_SETREUID]) 1101 AC_DEFINE([BROKEN_SETREGID]) 1102 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1103 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1104 TEST_SHELL=$SHELL # let configure find us a capable shell 1105 check_for_libcrypt_later=1 1106 case "$host" in 1107 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1108 maildir=/var/spool/mail 1109 AC_DEFINE([BROKEN_UPDWTMPX]) 1110 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1111 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1112 ], , ) 1113 ;; 1114 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1115 ;; 1116 esac 1117 ;; 1118*-*-sysv*) 1119 ;; 1120# SCO UNIX and OEM versions of SCO UNIX 1121*-*-sco3.2v4*) 1122 AC_MSG_ERROR("This Platform is no longer supported.") 1123 ;; 1124# SCO OpenServer 5.x 1125*-*-sco3.2v5*) 1126 if test -z "$GCC"; then 1127 CFLAGS="$CFLAGS -belf" 1128 fi 1129 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1130 no_dev_ptmx=1 1131 AC_DEFINE([USE_PIPES]) 1132 AC_DEFINE([HAVE_SECUREWARE]) 1133 AC_DEFINE([DISABLE_SHADOW]) 1134 AC_DEFINE([DISABLE_FD_PASSING]) 1135 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1136 AC_DEFINE([BROKEN_GETADDRINFO]) 1137 AC_DEFINE([BROKEN_SETREUID]) 1138 AC_DEFINE([BROKEN_SETREGID]) 1139 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1140 AC_DEFINE([BROKEN_UPDWTMPX]) 1141 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1142 AC_CHECK_FUNCS([getluid setluid]) 1143 MANTYPE=man 1144 TEST_SHELL=$SHELL # let configure find us a capable shell 1145 SKIP_DISABLE_LASTLOG_DEFINE=yes 1146 ;; 1147*-dec-osf*) 1148 AC_MSG_CHECKING([for Digital Unix SIA]) 1149 no_osfsia="" 1150 AC_ARG_WITH([osfsia], 1151 [ --with-osfsia Enable Digital Unix SIA], 1152 [ 1153 if test "x$withval" = "xno" ; then 1154 AC_MSG_RESULT([disabled]) 1155 no_osfsia=1 1156 fi 1157 ], 1158 ) 1159 if test -z "$no_osfsia" ; then 1160 if test -f /etc/sia/matrix.conf; then 1161 AC_MSG_RESULT([yes]) 1162 AC_DEFINE([HAVE_OSF_SIA], [1], 1163 [Define if you have Digital Unix Security 1164 Integration Architecture]) 1165 AC_DEFINE([DISABLE_LOGIN], [1], 1166 [Define if you don't want to use your 1167 system's login() call]) 1168 AC_DEFINE([DISABLE_FD_PASSING]) 1169 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1170 SIA_MSG="yes" 1171 else 1172 AC_MSG_RESULT([no]) 1173 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1174 [String used in /etc/passwd to denote locked account]) 1175 fi 1176 fi 1177 AC_DEFINE([BROKEN_GETADDRINFO]) 1178 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1179 AC_DEFINE([BROKEN_SETREUID]) 1180 AC_DEFINE([BROKEN_SETREGID]) 1181 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1182 ;; 1183 1184*-*-nto-qnx*) 1185 AC_DEFINE([USE_PIPES]) 1186 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1187 AC_DEFINE([DISABLE_LASTLOG]) 1188 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1189 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1190 enable_etc_default_login=no # has incompatible /etc/default/login 1191 case "$host" in 1192 *-*-nto-qnx6*) 1193 AC_DEFINE([DISABLE_FD_PASSING]) 1194 ;; 1195 esac 1196 ;; 1197 1198*-*-ultrix*) 1199 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1200 AC_DEFINE([NEED_SETPGRP]) 1201 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1202 ;; 1203 1204*-*-lynxos) 1205 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1206 AC_DEFINE([BROKEN_SETVBUF], [1], 1207 [LynxOS has broken setvbuf() implementation]) 1208 ;; 1209esac 1210 1211AC_MSG_CHECKING([compiler and flags for sanity]) 1212AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1213 [ AC_MSG_RESULT([yes]) ], 1214 [ 1215 AC_MSG_RESULT([no]) 1216 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1217 ], 1218 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1219) 1220 1221dnl Checks for header files. 1222# Checks for libraries. 1223AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1224 1225dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1226AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1227 AC_CHECK_LIB([gen], [dirname], [ 1228 AC_CACHE_CHECK([for broken dirname], 1229 ac_cv_have_broken_dirname, [ 1230 save_LIBS="$LIBS" 1231 LIBS="$LIBS -lgen" 1232 AC_RUN_IFELSE( 1233 [AC_LANG_SOURCE([[ 1234#include <libgen.h> 1235#include <string.h> 1236 1237int main(int argc, char **argv) { 1238 char *s, buf[32]; 1239 1240 strncpy(buf,"/etc", 32); 1241 s = dirname(buf); 1242 if (!s || strncmp(s, "/", 32) != 0) { 1243 exit(1); 1244 } else { 1245 exit(0); 1246 } 1247} 1248 ]])], 1249 [ ac_cv_have_broken_dirname="no" ], 1250 [ ac_cv_have_broken_dirname="yes" ], 1251 [ ac_cv_have_broken_dirname="no" ], 1252 ) 1253 LIBS="$save_LIBS" 1254 ]) 1255 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1256 LIBS="$LIBS -lgen" 1257 AC_DEFINE([HAVE_DIRNAME]) 1258 AC_CHECK_HEADERS([libgen.h]) 1259 fi 1260 ]) 1261]) 1262 1263AC_CHECK_FUNC([getspnam], , 1264 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1265AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1266 [Define if you have the basename function.])]) 1267 1268dnl zlib is required 1269AC_ARG_WITH([zlib], 1270 [ --with-zlib=PATH Use zlib in PATH], 1271 [ if test "x$withval" = "xno" ; then 1272 AC_MSG_ERROR([*** zlib is required ***]) 1273 elif test "x$withval" != "xyes"; then 1274 if test -d "$withval/lib"; then 1275 if test -n "${need_dash_r}"; then 1276 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1277 else 1278 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1279 fi 1280 else 1281 if test -n "${need_dash_r}"; then 1282 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1283 else 1284 LDFLAGS="-L${withval} ${LDFLAGS}" 1285 fi 1286 fi 1287 if test -d "$withval/include"; then 1288 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1289 else 1290 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1291 fi 1292 fi ] 1293) 1294 1295AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1296AC_CHECK_LIB([z], [deflate], , 1297 [ 1298 saved_CPPFLAGS="$CPPFLAGS" 1299 saved_LDFLAGS="$LDFLAGS" 1300 save_LIBS="$LIBS" 1301 dnl Check default zlib install dir 1302 if test -n "${need_dash_r}"; then 1303 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1304 else 1305 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1306 fi 1307 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1308 LIBS="$LIBS -lz" 1309 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1310 [ 1311 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1312 ] 1313 ) 1314 ] 1315) 1316 1317AC_ARG_WITH([zlib-version-check], 1318 [ --without-zlib-version-check Disable zlib version check], 1319 [ if test "x$withval" = "xno" ; then 1320 zlib_check_nonfatal=1 1321 fi 1322 ] 1323) 1324 1325AC_MSG_CHECKING([for possibly buggy zlib]) 1326AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1327#include <stdio.h> 1328#include <stdlib.h> 1329#include <zlib.h> 1330 ]], 1331 [[ 1332 int a=0, b=0, c=0, d=0, n, v; 1333 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1334 if (n != 3 && n != 4) 1335 exit(1); 1336 v = a*1000000 + b*10000 + c*100 + d; 1337 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1338 1339 /* 1.1.4 is OK */ 1340 if (a == 1 && b == 1 && c >= 4) 1341 exit(0); 1342 1343 /* 1.2.3 and up are OK */ 1344 if (v >= 1020300) 1345 exit(0); 1346 1347 exit(2); 1348 ]])], 1349 AC_MSG_RESULT([no]), 1350 [ AC_MSG_RESULT([yes]) 1351 if test -z "$zlib_check_nonfatal" ; then 1352 AC_MSG_ERROR([*** zlib too old - check config.log *** 1353Your reported zlib version has known security problems. It's possible your 1354vendor has fixed these problems without changing the version number. If you 1355are sure this is the case, you can disable the check by running 1356"./configure --without-zlib-version-check". 1357If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1358See http://www.gzip.org/zlib/ for details.]) 1359 else 1360 AC_MSG_WARN([zlib version may have security problems]) 1361 fi 1362 ], 1363 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1364) 1365 1366dnl UnixWare 2.x 1367AC_CHECK_FUNC([strcasecmp], 1368 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1369) 1370AC_CHECK_FUNCS([utimes], 1371 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1372 LIBS="$LIBS -lc89"]) ] 1373) 1374 1375dnl Checks for libutil functions 1376AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1377AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1378AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1379AC_SEARCH_LIBS([login], [util bsd]) 1380AC_SEARCH_LIBS([logout], [util bsd]) 1381AC_SEARCH_LIBS([logwtmp], [util bsd]) 1382AC_SEARCH_LIBS([openpty], [util bsd]) 1383AC_SEARCH_LIBS([updwtmp], [util bsd]) 1384AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1385 1386# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1387# or libnsl. 1388AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1389AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1390 1391# "Particular Function Checks" 1392# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1393AC_FUNC_STRFTIME 1394AC_FUNC_MALLOC 1395AC_FUNC_REALLOC 1396# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1397AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1398AC_RUN_IFELSE( 1399 [AC_LANG_PROGRAM( 1400 [[ #include <stdlib.h> ]], 1401 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1402 )], 1403 [ func_calloc_0_nonnull=yes ], 1404 [ func_calloc_0_nonnull=no ], 1405 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1406 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1407) 1408AC_MSG_RESULT([$func_calloc_0_nonnull]) 1409 1410if test "x$func_calloc_0_nonnull" = "xyes"; then 1411 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1412else 1413 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1414 AC_DEFINE(calloc, rpl_calloc, 1415 [Define to rpl_calloc if the replacement function should be used.]) 1416fi 1417 1418# Check for ALTDIRFUNC glob() extension 1419AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1420AC_EGREP_CPP([FOUNDIT], 1421 [ 1422 #include <glob.h> 1423 #ifdef GLOB_ALTDIRFUNC 1424 FOUNDIT 1425 #endif 1426 ], 1427 [ 1428 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1429 [Define if your system glob() function has 1430 the GLOB_ALTDIRFUNC extension]) 1431 AC_MSG_RESULT([yes]) 1432 ], 1433 [ 1434 AC_MSG_RESULT([no]) 1435 ] 1436) 1437 1438# Check for g.gl_matchc glob() extension 1439AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1440AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1441 [[ glob_t g; g.gl_matchc = 1; ]])], 1442 [ 1443 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1444 [Define if your system glob() function has 1445 gl_matchc options in glob_t]) 1446 AC_MSG_RESULT([yes]) 1447 ], [ 1448 AC_MSG_RESULT([no]) 1449]) 1450 1451# Check for g.gl_statv glob() extension 1452AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1453AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1454#ifndef GLOB_KEEPSTAT 1455#error "glob does not support GLOB_KEEPSTAT extension" 1456#endif 1457glob_t g; 1458g.gl_statv = NULL; 1459]])], 1460 [ 1461 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1462 [Define if your system glob() function has 1463 gl_statv options in glob_t]) 1464 AC_MSG_RESULT([yes]) 1465 ], [ 1466 AC_MSG_RESULT([no]) 1467 1468]) 1469 1470AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1471 1472AC_CHECK_DECL([VIS_ALL], , 1473 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1474 1475AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1476AC_RUN_IFELSE( 1477 [AC_LANG_PROGRAM([[ 1478#include <sys/types.h> 1479#include <dirent.h>]], 1480 [[ 1481 struct dirent d; 1482 exit(sizeof(d.d_name)<=sizeof(char)); 1483 ]])], 1484 [AC_MSG_RESULT([yes])], 1485 [ 1486 AC_MSG_RESULT([no]) 1487 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1488 [Define if your struct dirent expects you to 1489 allocate extra space for d_name]) 1490 ], 1491 [ 1492 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1493 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1494 ] 1495) 1496 1497AC_MSG_CHECKING([for /proc/pid/fd directory]) 1498if test -d "/proc/$$/fd" ; then 1499 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1500 AC_MSG_RESULT([yes]) 1501else 1502 AC_MSG_RESULT([no]) 1503fi 1504 1505# Check whether user wants TCP wrappers support 1506TCPW_MSG="no" 1507AC_ARG_WITH([tcp-wrappers], 1508 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1509 [ 1510 if test "x$withval" != "xno" ; then 1511 saved_LIBS="$LIBS" 1512 saved_LDFLAGS="$LDFLAGS" 1513 saved_CPPFLAGS="$CPPFLAGS" 1514 if test -n "${withval}" && \ 1515 test "x${withval}" != "xyes"; then 1516 if test -d "${withval}/lib"; then 1517 if test -n "${need_dash_r}"; then 1518 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1519 else 1520 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1521 fi 1522 else 1523 if test -n "${need_dash_r}"; then 1524 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1525 else 1526 LDFLAGS="-L${withval} ${LDFLAGS}" 1527 fi 1528 fi 1529 if test -d "${withval}/include"; then 1530 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1531 else 1532 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1533 fi 1534 fi 1535 LIBS="-lwrap $LIBS" 1536 AC_MSG_CHECKING([for libwrap]) 1537 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1538#include <sys/types.h> 1539#include <sys/socket.h> 1540#include <netinet/in.h> 1541#include <tcpd.h> 1542int deny_severity = 0, allow_severity = 0; 1543 ]], [[ 1544 hosts_access(0); 1545 ]])], [ 1546 AC_MSG_RESULT([yes]) 1547 AC_DEFINE([LIBWRAP], [1], 1548 [Define if you want 1549 TCP Wrappers support]) 1550 SSHDLIBS="$SSHDLIBS -lwrap" 1551 TCPW_MSG="yes" 1552 ], [ 1553 AC_MSG_ERROR([*** libwrap missing]) 1554 ]) 1555 LIBS="$saved_LIBS" 1556 fi 1557 ] 1558) 1559 1560# Check whether user wants to use ldns 1561LDNS_MSG="no" 1562AC_ARG_WITH(ldns, 1563 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1564 [ 1565 ldns="" 1566 if test "x$withval" = "xyes" ; then 1567 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1568 if test "x$LDNSCONFIG" = "xno"; then 1569 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1570 LDFLAGS="$LDFLAGS -L${withval}/lib" 1571 LIBS="-lldns $LIBS" 1572 ldns=yes 1573 else 1574 LIBS="$LIBS `$LDNSCONFIG --libs`" 1575 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1576 ldns=yes 1577 fi 1578 elif test "x$withval" != "xno" ; then 1579 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1580 LDFLAGS="$LDFLAGS -L${withval}/lib" 1581 LIBS="-lldns $LIBS" 1582 ldns=yes 1583 fi 1584 1585 # Verify that it works. 1586 if test "x$ldns" = "xyes" ; then 1587 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1588 LDNS_MSG="yes" 1589 AC_MSG_CHECKING([for ldns support]) 1590 AC_LINK_IFELSE( 1591 [AC_LANG_SOURCE([[ 1592#include <stdio.h> 1593#include <stdlib.h> 1594#include <stdint.h> 1595#include <ldns/ldns.h> 1596int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1597 ]]) 1598 ], 1599 [AC_MSG_RESULT(yes)], 1600 [ 1601 AC_MSG_RESULT(no) 1602 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1603 ]) 1604 fi 1605]) 1606 1607# Check whether user wants libedit support 1608LIBEDIT_MSG="no" 1609AC_ARG_WITH([libedit], 1610 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1611 [ if test "x$withval" != "xno" ; then 1612 if test "x$withval" = "xyes" ; then 1613 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1614 if test "x$PKGCONFIG" != "xno"; then 1615 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1616 if "$PKGCONFIG" libedit; then 1617 AC_MSG_RESULT([yes]) 1618 use_pkgconfig_for_libedit=yes 1619 else 1620 AC_MSG_RESULT([no]) 1621 fi 1622 fi 1623 else 1624 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1625 if test -n "${need_dash_r}"; then 1626 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1627 else 1628 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1629 fi 1630 fi 1631 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1632 LIBEDIT=`$PKGCONFIG --libs libedit` 1633 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1634 else 1635 LIBEDIT="-ledit -lcurses" 1636 fi 1637 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1638 AC_CHECK_LIB([edit], [el_init], 1639 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1640 LIBEDIT_MSG="yes" 1641 AC_SUBST([LIBEDIT]) 1642 ], 1643 [ AC_MSG_ERROR([libedit not found]) ], 1644 [ $OTHERLIBS ] 1645 ) 1646 AC_MSG_CHECKING([if libedit version is compatible]) 1647 AC_COMPILE_IFELSE( 1648 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1649 [[ 1650 int i = H_SETSIZE; 1651 el_init("", NULL, NULL, NULL); 1652 exit(0); 1653 ]])], 1654 [ AC_MSG_RESULT([yes]) ], 1655 [ AC_MSG_RESULT([no]) 1656 AC_MSG_ERROR([libedit version is not compatible]) ] 1657 ) 1658 fi ] 1659) 1660 1661AUDIT_MODULE=none 1662AC_ARG_WITH([audit], 1663 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1664 [ 1665 AC_MSG_CHECKING([for supported audit module]) 1666 case "$withval" in 1667 bsm) 1668 AC_MSG_RESULT([bsm]) 1669 AUDIT_MODULE=bsm 1670 dnl Checks for headers, libs and functions 1671 AC_CHECK_HEADERS([bsm/audit.h], [], 1672 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1673 [ 1674#ifdef HAVE_TIME_H 1675# include <time.h> 1676#endif 1677 ] 1678) 1679 AC_CHECK_LIB([bsm], [getaudit], [], 1680 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1681 AC_CHECK_FUNCS([getaudit], [], 1682 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1683 # These are optional 1684 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1685 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1686 if test "$sol2ver" -ge 11; then 1687 SSHDLIBS="$SSHDLIBS -lscf" 1688 AC_DEFINE([BROKEN_BSM_API], [1], 1689 [The system has incomplete BSM API]) 1690 fi 1691 ;; 1692 linux) 1693 AC_MSG_RESULT([linux]) 1694 AUDIT_MODULE=linux 1695 dnl Checks for headers, libs and functions 1696 AC_CHECK_HEADERS([libaudit.h]) 1697 SSHDLIBS="$SSHDLIBS -laudit" 1698 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1699 ;; 1700 debug) 1701 AUDIT_MODULE=debug 1702 AC_MSG_RESULT([debug]) 1703 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1704 ;; 1705 no) 1706 AC_MSG_RESULT([no]) 1707 ;; 1708 *) 1709 AC_MSG_ERROR([Unknown audit module $withval]) 1710 ;; 1711 esac ] 1712) 1713 1714AC_ARG_WITH([pie], 1715 [ --with-pie Build Position Independent Executables if possible], [ 1716 if test "x$withval" = "xno"; then 1717 use_pie=no 1718 fi 1719 if test "x$withval" = "xyes"; then 1720 use_pie=yes 1721 fi 1722 ] 1723) 1724if test "x$use_pie" = "x"; then 1725 use_pie=no 1726fi 1727if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1728 # Turn off automatic PIE when toolchain hardening is off. 1729 use_pie=no 1730fi 1731if test "x$use_pie" = "xauto"; then 1732 # Automatic PIE requires gcc >= 4.x 1733 AC_MSG_CHECKING([for gcc >= 4.x]) 1734 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1735#if !defined(__GNUC__) || __GNUC__ < 4 1736#error gcc is too old 1737#endif 1738]])], 1739 [ AC_MSG_RESULT([yes]) ], 1740 [ AC_MSG_RESULT([no]) 1741 use_pie=no ] 1742) 1743fi 1744if test "x$use_pie" != "xno"; then 1745 SAVED_CFLAGS="$CFLAGS" 1746 SAVED_LDFLAGS="$LDFLAGS" 1747 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1748 OSSH_CHECK_LDFLAG_LINK([-pie]) 1749 # We use both -fPIE and -pie or neither. 1750 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1751 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1752 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1753 AC_MSG_RESULT([yes]) 1754 else 1755 AC_MSG_RESULT([no]) 1756 CFLAGS="$SAVED_CFLAGS" 1757 LDFLAGS="$SAVED_LDFLAGS" 1758 fi 1759fi 1760 1761dnl Checks for library functions. Please keep in alphabetical order 1762AC_CHECK_FUNCS([ \ 1763 Blowfish_initstate \ 1764 Blowfish_expandstate \ 1765 Blowfish_expand0state \ 1766 Blowfish_stream2word \ 1767 asprintf \ 1768 b64_ntop \ 1769 __b64_ntop \ 1770 b64_pton \ 1771 __b64_pton \ 1772 bcopy \ 1773 bcrypt_pbkdf \ 1774 bindresvport_sa \ 1775 blf_enc \ 1776 bzero \ 1777 cap_rights_limit \ 1778 clock \ 1779 closefrom \ 1780 dirfd \ 1781 endgrent \ 1782 err \ 1783 errx \ 1784 explicit_bzero \ 1785 fchmod \ 1786 fchown \ 1787 flock \ 1788 freeaddrinfo \ 1789 freezero \ 1790 fstatfs \ 1791 fstatvfs \ 1792 futimes \ 1793 getaddrinfo \ 1794 getcwd \ 1795 getgrouplist \ 1796 getline \ 1797 getnameinfo \ 1798 getopt \ 1799 getpagesize \ 1800 getpeereid \ 1801 getpeerucred \ 1802 getpgid \ 1803 _getpty \ 1804 getrlimit \ 1805 getrandom \ 1806 getsid \ 1807 getttyent \ 1808 glob \ 1809 group_from_gid \ 1810 inet_aton \ 1811 inet_ntoa \ 1812 inet_ntop \ 1813 innetgr \ 1814 llabs \ 1815 login_getcapbool \ 1816 md5_crypt \ 1817 memmove \ 1818 memset_s \ 1819 mkdtemp \ 1820 ngetaddrinfo \ 1821 nsleep \ 1822 ogetaddrinfo \ 1823 openlog_r \ 1824 pledge \ 1825 poll \ 1826 prctl \ 1827 pstat \ 1828 raise \ 1829 readpassphrase \ 1830 reallocarray \ 1831 recvmsg \ 1832 recallocarray \ 1833 rresvport_af \ 1834 sendmsg \ 1835 setdtablesize \ 1836 setegid \ 1837 setenv \ 1838 seteuid \ 1839 setgroupent \ 1840 setgroups \ 1841 setlinebuf \ 1842 setlogin \ 1843 setpassent\ 1844 setpcred \ 1845 setproctitle \ 1846 setregid \ 1847 setreuid \ 1848 setrlimit \ 1849 setsid \ 1850 setvbuf \ 1851 sigaction \ 1852 sigvec \ 1853 snprintf \ 1854 socketpair \ 1855 statfs \ 1856 statvfs \ 1857 strcasestr \ 1858 strdup \ 1859 strerror \ 1860 strlcat \ 1861 strlcpy \ 1862 strmode \ 1863 strndup \ 1864 strnlen \ 1865 strnvis \ 1866 strptime \ 1867 strsignal \ 1868 strtonum \ 1869 strtoll \ 1870 strtoul \ 1871 strtoull \ 1872 swap32 \ 1873 sysconf \ 1874 tcgetpgrp \ 1875 timingsafe_bcmp \ 1876 truncate \ 1877 unsetenv \ 1878 updwtmpx \ 1879 user_from_uid \ 1880 usleep \ 1881 vasprintf \ 1882 vsnprintf \ 1883 waitpid \ 1884 warn \ 1885]) 1886 1887AC_CHECK_DECLS([bzero]) 1888 1889dnl Wide character support. 1890AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1891 1892TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1893AC_MSG_CHECKING([for utf8 locale support]) 1894AC_RUN_IFELSE( 1895 [AC_LANG_PROGRAM([[ 1896#include <locale.h> 1897#include <stdlib.h> 1898 ]], [[ 1899 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1900 if (loc != NULL) 1901 exit(0); 1902 exit(1); 1903 ]])], 1904 AC_MSG_RESULT(yes), 1905 [AC_MSG_RESULT(no) 1906 TEST_SSH_UTF8=no], 1907 AC_MSG_WARN([cross compiling: assuming yes]) 1908) 1909 1910AC_LINK_IFELSE( 1911 [AC_LANG_PROGRAM( 1912 [[ #include <ctype.h> ]], 1913 [[ return (isblank('a')); ]])], 1914 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1915]) 1916 1917disable_pkcs11= 1918AC_ARG_ENABLE([pkcs11], 1919 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1920 [ 1921 if test "x$enableval" = "xno" ; then 1922 disable_pkcs11=1 1923 fi 1924 ] 1925) 1926 1927# PKCS11 depends on OpenSSL. 1928if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 1929 # PKCS#11 support requires dlopen() and co 1930 AC_SEARCH_LIBS([dlopen], [dl], 1931 AC_CHECK_DECL([RTLD_NOW], 1932 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]), 1933 [], [#include <dlfcn.h>] 1934 ) 1935 ) 1936fi 1937 1938# IRIX has a const char return value for gai_strerror() 1939AC_CHECK_FUNCS([gai_strerror], [ 1940 AC_DEFINE([HAVE_GAI_STRERROR]) 1941 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1942#include <sys/types.h> 1943#include <sys/socket.h> 1944#include <netdb.h> 1945 1946const char *gai_strerror(int); 1947 ]], [[ 1948 char *str; 1949 str = gai_strerror(0); 1950 ]])], [ 1951 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1952 [Define if gai_strerror() returns const char *])], [])]) 1953 1954AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1955 [Some systems put nanosleep outside of libc])]) 1956 1957AC_SEARCH_LIBS([clock_gettime], [rt], 1958 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1959 1960dnl Make sure prototypes are defined for these before using them. 1961AC_CHECK_DECL([strsep], 1962 [AC_CHECK_FUNCS([strsep])], 1963 [], 1964 [ 1965#ifdef HAVE_STRING_H 1966# include <string.h> 1967#endif 1968 ]) 1969 1970dnl tcsendbreak might be a macro 1971AC_CHECK_DECL([tcsendbreak], 1972 [AC_DEFINE([HAVE_TCSENDBREAK])], 1973 [AC_CHECK_FUNCS([tcsendbreak])], 1974 [#include <termios.h>] 1975) 1976 1977AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1978 1979AC_CHECK_DECLS([SHUT_RD], , , 1980 [ 1981#include <sys/types.h> 1982#include <sys/socket.h> 1983 ]) 1984 1985AC_CHECK_DECLS([O_NONBLOCK], , , 1986 [ 1987#include <sys/types.h> 1988#ifdef HAVE_SYS_STAT_H 1989# include <sys/stat.h> 1990#endif 1991#ifdef HAVE_FCNTL_H 1992# include <fcntl.h> 1993#endif 1994 ]) 1995 1996AC_CHECK_DECLS([readv, writev], , , [ 1997#include <sys/types.h> 1998#include <sys/uio.h> 1999#include <unistd.h> 2000 ]) 2001 2002AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2003#include <sys/param.h> 2004 ]) 2005 2006AC_CHECK_DECLS([offsetof], , , [ 2007#include <stddef.h> 2008 ]) 2009 2010# extra bits for select(2) 2011AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2012#include <sys/param.h> 2013#include <sys/types.h> 2014#ifdef HAVE_SYS_SYSMACROS_H 2015#include <sys/sysmacros.h> 2016#endif 2017#ifdef HAVE_SYS_SELECT_H 2018#include <sys/select.h> 2019#endif 2020#ifdef HAVE_SYS_TIME_H 2021#include <sys/time.h> 2022#endif 2023#ifdef HAVE_UNISTD_H 2024#include <unistd.h> 2025#endif 2026 ]]) 2027AC_CHECK_TYPES([fd_mask], [], [], [[ 2028#include <sys/param.h> 2029#include <sys/types.h> 2030#ifdef HAVE_SYS_SELECT_H 2031#include <sys/select.h> 2032#endif 2033#ifdef HAVE_SYS_TIME_H 2034#include <sys/time.h> 2035#endif 2036#ifdef HAVE_UNISTD_H 2037#include <unistd.h> 2038#endif 2039 ]]) 2040 2041AC_CHECK_FUNCS([setresuid], [ 2042 dnl Some platorms have setresuid that isn't implemented, test for this 2043 AC_MSG_CHECKING([if setresuid seems to work]) 2044 AC_RUN_IFELSE( 2045 [AC_LANG_PROGRAM([[ 2046#include <stdlib.h> 2047#include <errno.h> 2048 ]], [[ 2049 errno=0; 2050 setresuid(0,0,0); 2051 if (errno==ENOSYS) 2052 exit(1); 2053 else 2054 exit(0); 2055 ]])], 2056 [AC_MSG_RESULT([yes])], 2057 [AC_DEFINE([BROKEN_SETRESUID], [1], 2058 [Define if your setresuid() is broken]) 2059 AC_MSG_RESULT([not implemented])], 2060 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2061 ) 2062]) 2063 2064AC_CHECK_FUNCS([setresgid], [ 2065 dnl Some platorms have setresgid that isn't implemented, test for this 2066 AC_MSG_CHECKING([if setresgid seems to work]) 2067 AC_RUN_IFELSE( 2068 [AC_LANG_PROGRAM([[ 2069#include <stdlib.h> 2070#include <errno.h> 2071 ]], [[ 2072 errno=0; 2073 setresgid(0,0,0); 2074 if (errno==ENOSYS) 2075 exit(1); 2076 else 2077 exit(0); 2078 ]])], 2079 [AC_MSG_RESULT([yes])], 2080 [AC_DEFINE([BROKEN_SETRESGID], [1], 2081 [Define if your setresgid() is broken]) 2082 AC_MSG_RESULT([not implemented])], 2083 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2084 ) 2085]) 2086 2087AC_CHECK_FUNCS([realpath], [ 2088 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 2089 dnl path name", however some implementations of realpath (and some 2090 dnl versions of the POSIX spec) do not work on non-existent files, 2091 dnl so we use the OpenBSD implementation on those platforms. 2092 AC_MSG_CHECKING([if realpath works with non-existent files]) 2093 AC_RUN_IFELSE( 2094 [AC_LANG_PROGRAM([[ 2095#include <limits.h> 2096#include <stdlib.h> 2097#include <errno.h> 2098 ]], [[ 2099 char buf[PATH_MAX]; 2100 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 2101 if (errno == ENOENT) 2102 exit(1); 2103 exit(0); 2104 ]])], 2105 [AC_MSG_RESULT([yes])], 2106 [AC_DEFINE([BROKEN_REALPATH], [1], 2107 [realpath does not work with nonexistent files]) 2108 AC_MSG_RESULT([no])], 2109 [AC_MSG_WARN([cross compiling: assuming working])] 2110 ) 2111]) 2112 2113AC_MSG_CHECKING([for working fflush(NULL)]) 2114AC_RUN_IFELSE( 2115 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2116 AC_MSG_RESULT([yes]), 2117 [AC_MSG_RESULT([no]) 2118 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2119 [define if fflush(NULL) does not work])], 2120 AC_MSG_WARN([cross compiling: assuming working]) 2121) 2122 2123dnl Checks for time functions 2124AC_CHECK_FUNCS([gettimeofday time]) 2125dnl Checks for utmp functions 2126AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2127AC_CHECK_FUNCS([utmpname]) 2128dnl Checks for utmpx functions 2129AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2130AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2131dnl Checks for lastlog functions 2132AC_CHECK_FUNCS([getlastlogxbyname]) 2133 2134AC_CHECK_FUNC([daemon], 2135 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2136 [AC_CHECK_LIB([bsd], [daemon], 2137 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2138) 2139 2140AC_CHECK_FUNC([getpagesize], 2141 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2142 [Define if your libraries define getpagesize()])], 2143 [AC_CHECK_LIB([ucb], [getpagesize], 2144 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2145) 2146 2147# Check for broken snprintf 2148if test "x$ac_cv_func_snprintf" = "xyes" ; then 2149 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2150 AC_RUN_IFELSE( 2151 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2152 [[ 2153 char b[5]; 2154 snprintf(b,5,"123456789"); 2155 exit(b[4]!='\0'); 2156 ]])], 2157 [AC_MSG_RESULT([yes])], 2158 [ 2159 AC_MSG_RESULT([no]) 2160 AC_DEFINE([BROKEN_SNPRINTF], [1], 2161 [Define if your snprintf is busted]) 2162 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2163 ], 2164 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2165 ) 2166fi 2167 2168# We depend on vsnprintf returning the right thing on overflow: the 2169# number of characters it tried to create (as per SUSv3) 2170if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2171 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2172 AC_RUN_IFELSE( 2173 [AC_LANG_PROGRAM([[ 2174#include <sys/types.h> 2175#include <stdio.h> 2176#include <stdarg.h> 2177 2178int x_snprintf(char *str, size_t count, const char *fmt, ...) 2179{ 2180 size_t ret; 2181 va_list ap; 2182 2183 va_start(ap, fmt); 2184 ret = vsnprintf(str, count, fmt, ap); 2185 va_end(ap); 2186 return ret; 2187} 2188 ]], [[ 2189char x[1]; 2190if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2191 return 1; 2192if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2193 return 1; 2194return 0; 2195 ]])], 2196 [AC_MSG_RESULT([yes])], 2197 [ 2198 AC_MSG_RESULT([no]) 2199 AC_DEFINE([BROKEN_SNPRINTF], [1], 2200 [Define if your snprintf is busted]) 2201 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2202 ], 2203 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2204 ) 2205fi 2206 2207# On systems where [v]snprintf is broken, but is declared in stdio, 2208# check that the fmt argument is const char * or just char *. 2209# This is only useful for when BROKEN_SNPRINTF 2210AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2211AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2212#include <stdio.h> 2213int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2214 ]], [[ 2215 snprintf(0, 0, 0); 2216 ]])], 2217 [AC_MSG_RESULT([yes]) 2218 AC_DEFINE([SNPRINTF_CONST], [const], 2219 [Define as const if snprintf() can declare const char *fmt])], 2220 [AC_MSG_RESULT([no]) 2221 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2222 2223# Check for missing getpeereid (or equiv) support 2224NO_PEERCHECK="" 2225if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2226 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2227 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2228#include <sys/types.h> 2229#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2230 [ AC_MSG_RESULT([yes]) 2231 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2232 ], [AC_MSG_RESULT([no]) 2233 NO_PEERCHECK=1 2234 ]) 2235fi 2236 2237dnl see whether mkstemp() requires XXXXXX 2238if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2239AC_MSG_CHECKING([for (overly) strict mkstemp]) 2240AC_RUN_IFELSE( 2241 [AC_LANG_PROGRAM([[ 2242#include <stdlib.h> 2243 ]], [[ 2244 char template[]="conftest.mkstemp-test"; 2245 if (mkstemp(template) == -1) 2246 exit(1); 2247 unlink(template); 2248 exit(0); 2249 ]])], 2250 [ 2251 AC_MSG_RESULT([no]) 2252 ], 2253 [ 2254 AC_MSG_RESULT([yes]) 2255 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2256 ], 2257 [ 2258 AC_MSG_RESULT([yes]) 2259 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2260 ] 2261) 2262fi 2263 2264dnl make sure that openpty does not reacquire controlling terminal 2265if test ! -z "$check_for_openpty_ctty_bug"; then 2266 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2267 AC_RUN_IFELSE( 2268 [AC_LANG_PROGRAM([[ 2269#include <stdio.h> 2270#include <sys/fcntl.h> 2271#include <sys/types.h> 2272#include <sys/wait.h> 2273 ]], [[ 2274 pid_t pid; 2275 int fd, ptyfd, ttyfd, status; 2276 2277 pid = fork(); 2278 if (pid < 0) { /* failed */ 2279 exit(1); 2280 } else if (pid > 0) { /* parent */ 2281 waitpid(pid, &status, 0); 2282 if (WIFEXITED(status)) 2283 exit(WEXITSTATUS(status)); 2284 else 2285 exit(2); 2286 } else { /* child */ 2287 close(0); close(1); close(2); 2288 setsid(); 2289 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2290 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2291 if (fd >= 0) 2292 exit(3); /* Acquired ctty: broken */ 2293 else 2294 exit(0); /* Did not acquire ctty: OK */ 2295 } 2296 ]])], 2297 [ 2298 AC_MSG_RESULT([yes]) 2299 ], 2300 [ 2301 AC_MSG_RESULT([no]) 2302 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2303 ], 2304 [ 2305 AC_MSG_RESULT([cross-compiling, assuming yes]) 2306 ] 2307 ) 2308fi 2309 2310if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2311 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2312 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2313 AC_RUN_IFELSE( 2314 [AC_LANG_PROGRAM([[ 2315#include <stdio.h> 2316#include <sys/socket.h> 2317#include <netdb.h> 2318#include <errno.h> 2319#include <netinet/in.h> 2320 2321#define TEST_PORT "2222" 2322 ]], [[ 2323 int err, sock; 2324 struct addrinfo *gai_ai, *ai, hints; 2325 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2326 2327 memset(&hints, 0, sizeof(hints)); 2328 hints.ai_family = PF_UNSPEC; 2329 hints.ai_socktype = SOCK_STREAM; 2330 hints.ai_flags = AI_PASSIVE; 2331 2332 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2333 if (err != 0) { 2334 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2335 exit(1); 2336 } 2337 2338 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2339 if (ai->ai_family != AF_INET6) 2340 continue; 2341 2342 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2343 sizeof(ntop), strport, sizeof(strport), 2344 NI_NUMERICHOST|NI_NUMERICSERV); 2345 2346 if (err != 0) { 2347 if (err == EAI_SYSTEM) 2348 perror("getnameinfo EAI_SYSTEM"); 2349 else 2350 fprintf(stderr, "getnameinfo failed: %s\n", 2351 gai_strerror(err)); 2352 exit(2); 2353 } 2354 2355 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2356 if (sock < 0) 2357 perror("socket"); 2358 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2359 if (errno == EBADF) 2360 exit(3); 2361 } 2362 } 2363 exit(0); 2364 ]])], 2365 [ 2366 AC_MSG_RESULT([yes]) 2367 ], 2368 [ 2369 AC_MSG_RESULT([no]) 2370 AC_DEFINE([BROKEN_GETADDRINFO]) 2371 ], 2372 [ 2373 AC_MSG_RESULT([cross-compiling, assuming yes]) 2374 ] 2375 ) 2376fi 2377 2378if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2379 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2380 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2381 AC_RUN_IFELSE( 2382 [AC_LANG_PROGRAM([[ 2383#include <stdio.h> 2384#include <sys/socket.h> 2385#include <netdb.h> 2386#include <errno.h> 2387#include <netinet/in.h> 2388 2389#define TEST_PORT "2222" 2390 ]], [[ 2391 int err, sock; 2392 struct addrinfo *gai_ai, *ai, hints; 2393 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2394 2395 memset(&hints, 0, sizeof(hints)); 2396 hints.ai_family = PF_UNSPEC; 2397 hints.ai_socktype = SOCK_STREAM; 2398 hints.ai_flags = AI_PASSIVE; 2399 2400 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2401 if (err != 0) { 2402 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2403 exit(1); 2404 } 2405 2406 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2407 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2408 continue; 2409 2410 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2411 sizeof(ntop), strport, sizeof(strport), 2412 NI_NUMERICHOST|NI_NUMERICSERV); 2413 2414 if (ai->ai_family == AF_INET && err != 0) { 2415 perror("getnameinfo"); 2416 exit(2); 2417 } 2418 } 2419 exit(0); 2420 ]])], 2421 [ 2422 AC_MSG_RESULT([yes]) 2423 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2424 [Define if you have a getaddrinfo that fails 2425 for the all-zeros IPv6 address]) 2426 ], 2427 [ 2428 AC_MSG_RESULT([no]) 2429 AC_DEFINE([BROKEN_GETADDRINFO]) 2430 ], 2431 [ 2432 AC_MSG_RESULT([cross-compiling, assuming no]) 2433 ] 2434 ) 2435fi 2436 2437if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2438 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2439 [#include <sys/types.h> 2440 #include <sys/socket.h> 2441 #include <netdb.h>]) 2442fi 2443 2444if test "x$check_for_conflicting_getspnam" = "x1"; then 2445 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2446 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2447 [[ exit(0); ]])], 2448 [ 2449 AC_MSG_RESULT([no]) 2450 ], 2451 [ 2452 AC_MSG_RESULT([yes]) 2453 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2454 [Conflicting defs for getspnam]) 2455 ] 2456 ) 2457fi 2458 2459dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2460dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2461dnl for over ten years). Despite this incompatibility being reported during 2462dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2463dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2464dnl implementation. Try to detect this mess, and assume the only safe option 2465dnl if we're cross compiling. 2466dnl 2467dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2468dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2469if test "x$ac_cv_func_strnvis" = "xyes"; then 2470 AC_MSG_CHECKING([for working strnvis]) 2471 AC_RUN_IFELSE( 2472 [AC_LANG_PROGRAM([[ 2473#include <signal.h> 2474#include <stdlib.h> 2475#include <string.h> 2476#include <vis.h> 2477static void sighandler(int sig) { _exit(1); } 2478 ]], [[ 2479 char dst[16]; 2480 2481 signal(SIGSEGV, sighandler); 2482 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2483 exit(0); 2484 exit(1) 2485 ]])], 2486 [AC_MSG_RESULT([yes])], 2487 [AC_MSG_RESULT([no]) 2488 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2489 [AC_MSG_WARN([cross compiling: assuming broken]) 2490 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2491 ) 2492fi 2493 2494AC_CHECK_FUNCS([getpgrp],[ 2495 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2496 AC_COMPILE_IFELSE( 2497 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2498 [ AC_MSG_RESULT([yes]) 2499 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2500 [ AC_MSG_RESULT([no]) 2501 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2502 ) 2503]) 2504 2505# Search for OpenSSL 2506saved_CPPFLAGS="$CPPFLAGS" 2507saved_LDFLAGS="$LDFLAGS" 2508AC_ARG_WITH([ssl-dir], 2509 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2510 [ 2511 if test "x$openssl" = "xno" ; then 2512 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2513 fi 2514 if test "x$withval" != "xno" ; then 2515 case "$withval" in 2516 # Relative paths 2517 ./*|../*) withval="`pwd`/$withval" 2518 esac 2519 if test -d "$withval/lib"; then 2520 if test -n "${need_dash_r}"; then 2521 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2522 else 2523 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2524 fi 2525 elif test -d "$withval/lib64"; then 2526 if test -n "${need_dash_r}"; then 2527 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2528 else 2529 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2530 fi 2531 else 2532 if test -n "${need_dash_r}"; then 2533 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2534 else 2535 LDFLAGS="-L${withval} ${LDFLAGS}" 2536 fi 2537 fi 2538 if test -d "$withval/include"; then 2539 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2540 else 2541 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2542 fi 2543 fi 2544 ] 2545) 2546 2547AC_ARG_WITH([openssl-header-check], 2548 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2549 [ 2550 if test "x$withval" = "xno" ; then 2551 openssl_check_nonfatal=1 2552 fi 2553 ] 2554) 2555 2556openssl_engine=no 2557AC_ARG_WITH([ssl-engine], 2558 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2559 [ 2560 if test "x$withval" != "xno" ; then 2561 if test "x$openssl" = "xno" ; then 2562 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2563 fi 2564 openssl_engine=yes 2565 fi 2566 ] 2567) 2568 2569if test "x$openssl" = "xyes" ; then 2570 LIBS="-lcrypto $LIBS" 2571 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2572 [Define if your ssl headers are included 2573 with #include <openssl/header.h>])], 2574 [ 2575 dnl Check default openssl install dir 2576 if test -n "${need_dash_r}"; then 2577 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2578 else 2579 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2580 fi 2581 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2582 AC_CHECK_HEADER([openssl/opensslv.h], , 2583 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2584 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2585 [ 2586 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2587 ] 2588 ) 2589 ] 2590 ) 2591 2592 # Determine OpenSSL header version 2593 AC_MSG_CHECKING([OpenSSL header version]) 2594 AC_RUN_IFELSE( 2595 [AC_LANG_PROGRAM([[ 2596 #include <stdlib.h> 2597 #include <stdio.h> 2598 #include <string.h> 2599 #include <openssl/opensslv.h> 2600 #define DATA "conftest.sslincver" 2601 ]], [[ 2602 FILE *fd; 2603 int rc; 2604 2605 fd = fopen(DATA,"w"); 2606 if(fd == NULL) 2607 exit(1); 2608 2609 if ((rc = fprintf(fd, "%08lx (%s)\n", 2610 (unsigned long)OPENSSL_VERSION_NUMBER, 2611 OPENSSL_VERSION_TEXT)) < 0) 2612 exit(1); 2613 2614 exit(0); 2615 ]])], 2616 [ 2617 ssl_header_ver=`cat conftest.sslincver` 2618 AC_MSG_RESULT([$ssl_header_ver]) 2619 ], 2620 [ 2621 AC_MSG_RESULT([not found]) 2622 AC_MSG_ERROR([OpenSSL version header not found.]) 2623 ], 2624 [ 2625 AC_MSG_WARN([cross compiling: not checking]) 2626 ] 2627 ) 2628 2629 # Determine OpenSSL library version 2630 AC_MSG_CHECKING([OpenSSL library version]) 2631 AC_RUN_IFELSE( 2632 [AC_LANG_PROGRAM([[ 2633 #include <stdio.h> 2634 #include <string.h> 2635 #include <openssl/opensslv.h> 2636 #include <openssl/crypto.h> 2637 #define DATA "conftest.ssllibver" 2638 ]], [[ 2639 FILE *fd; 2640 int rc; 2641 2642 fd = fopen(DATA,"w"); 2643 if(fd == NULL) 2644 exit(1); 2645 2646 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), 2647 SSLeay_version(SSLEAY_VERSION))) < 0) 2648 exit(1); 2649 2650 exit(0); 2651 ]])], 2652 [ 2653 ssl_library_ver=`cat conftest.ssllibver` 2654 # Check version is supported. 2655 case "$ssl_library_ver" in 2656 10000*|0*) 2657 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2658 ;; 2659 100*) ;; # 1.0.x 2660 101*) ;; # 1.1.x 2661 200*) ;; # LibreSSL 2662 *) 2663 AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")]) 2664 ;; 2665 esac 2666 AC_MSG_RESULT([$ssl_library_ver]) 2667 ], 2668 [ 2669 AC_MSG_RESULT([not found]) 2670 AC_MSG_ERROR([OpenSSL library not found.]) 2671 ], 2672 [ 2673 AC_MSG_WARN([cross compiling: not checking]) 2674 ] 2675 ) 2676 2677 # Sanity check OpenSSL headers 2678 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2679 AC_RUN_IFELSE( 2680 [AC_LANG_PROGRAM([[ 2681 #include <string.h> 2682 #include <openssl/opensslv.h> 2683 #include <openssl/crypto.h> 2684 ]], [[ 2685 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2686 ]])], 2687 [ 2688 AC_MSG_RESULT([yes]) 2689 ], 2690 [ 2691 AC_MSG_RESULT([no]) 2692 if test "x$openssl_check_nonfatal" = "x"; then 2693 AC_MSG_ERROR([Your OpenSSL headers do not match your 2694 library. Check config.log for details. 2695 If you are sure your installation is consistent, you can disable the check 2696 by running "./configure --without-openssl-header-check". 2697 Also see contrib/findssl.sh for help identifying header/library mismatches. 2698 ]) 2699 else 2700 AC_MSG_WARN([Your OpenSSL headers do not match your 2701 library. Check config.log for details. 2702 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2703 fi 2704 ], 2705 [ 2706 AC_MSG_WARN([cross compiling: not checking]) 2707 ] 2708 ) 2709 2710 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2711 AC_LINK_IFELSE( 2712 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2713 [[ SSLeay_add_all_algorithms(); ]])], 2714 [ 2715 AC_MSG_RESULT([yes]) 2716 ], 2717 [ 2718 AC_MSG_RESULT([no]) 2719 saved_LIBS="$LIBS" 2720 LIBS="$LIBS -ldl" 2721 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2722 AC_LINK_IFELSE( 2723 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2724 [[ SSLeay_add_all_algorithms(); ]])], 2725 [ 2726 AC_MSG_RESULT([yes]) 2727 ], 2728 [ 2729 AC_MSG_RESULT([no]) 2730 LIBS="$saved_LIBS" 2731 ] 2732 ) 2733 ] 2734 ) 2735 2736 AC_CHECK_FUNCS([ \ 2737 BN_is_prime_ex \ 2738 DSA_generate_parameters_ex \ 2739 EVP_DigestInit_ex \ 2740 EVP_DigestFinal_ex \ 2741 EVP_MD_CTX_init \ 2742 EVP_MD_CTX_cleanup \ 2743 EVP_MD_CTX_copy_ex \ 2744 HMAC_CTX_init \ 2745 RSA_generate_key_ex \ 2746 RSA_get_default_method \ 2747 ]) 2748 2749 if test "x$openssl_engine" = "xyes" ; then 2750 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2751 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2752 #include <openssl/engine.h> 2753 ]], [[ 2754 ENGINE_load_builtin_engines(); 2755 ENGINE_register_all_complete(); 2756 ]])], 2757 [ AC_MSG_RESULT([yes]) 2758 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2759 [Enable OpenSSL engine support]) 2760 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2761 ]) 2762 fi 2763 2764 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2765 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2766 AC_LINK_IFELSE( 2767 [AC_LANG_PROGRAM([[ 2768 #include <string.h> 2769 #include <openssl/evp.h> 2770 ]], [[ 2771 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2772 ]])], 2773 [ 2774 AC_MSG_RESULT([no]) 2775 ], 2776 [ 2777 AC_MSG_RESULT([yes]) 2778 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2779 [libcrypto is missing AES 192 and 256 bit functions]) 2780 ] 2781 ) 2782 2783 # Check for OpenSSL with EVP_aes_*ctr 2784 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2785 AC_LINK_IFELSE( 2786 [AC_LANG_PROGRAM([[ 2787 #include <string.h> 2788 #include <openssl/evp.h> 2789 ]], [[ 2790 exit(EVP_aes_128_ctr() == NULL || 2791 EVP_aes_192_cbc() == NULL || 2792 EVP_aes_256_cbc() == NULL); 2793 ]])], 2794 [ 2795 AC_MSG_RESULT([yes]) 2796 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2797 [libcrypto has EVP AES CTR]) 2798 ], 2799 [ 2800 AC_MSG_RESULT([no]) 2801 ] 2802 ) 2803 2804 # Check for OpenSSL with EVP_aes_*gcm 2805 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2806 AC_LINK_IFELSE( 2807 [AC_LANG_PROGRAM([[ 2808 #include <string.h> 2809 #include <openssl/evp.h> 2810 ]], [[ 2811 exit(EVP_aes_128_gcm() == NULL || 2812 EVP_aes_256_gcm() == NULL || 2813 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2814 EVP_CTRL_GCM_IV_GEN == 0 || 2815 EVP_CTRL_GCM_SET_TAG == 0 || 2816 EVP_CTRL_GCM_GET_TAG == 0 || 2817 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2818 ]])], 2819 [ 2820 AC_MSG_RESULT([yes]) 2821 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2822 [libcrypto has EVP AES GCM]) 2823 ], 2824 [ 2825 AC_MSG_RESULT([no]) 2826 unsupported_algorithms="$unsupported_cipers \ 2827 aes128-gcm@openssh.com \ 2828 aes256-gcm@openssh.com" 2829 ] 2830 ) 2831 2832 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2833 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2834 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2835 2836 # LibreSSL/OpenSSL 1.1x API 2837 AC_SEARCH_LIBS([DH_get0_key], [crypto], 2838 [AC_DEFINE([HAVE_DH_GET0_KEY], [1], 2839 [Define if libcrypto has DH_get0_key])]) 2840 AC_SEARCH_LIBS([DH_get0_pqg], [crypto], 2841 [AC_DEFINE([HAVE_DH_GET0_PQG], [1], 2842 [Define if libcrypto has DH_get0_pqg])]) 2843 AC_SEARCH_LIBS([DH_set0_key], [crypto], 2844 [AC_DEFINE([HAVE_DH_SET0_KEY], [1], 2845 [Define if libcrypto has DH_set0_key])]) 2846 AC_SEARCH_LIBS([DH_set_length], [crypto], 2847 [AC_DEFINE([HAVE_DH_SET_LENGTH], [1], 2848 [Define if libcrypto has DH_set_length])]) 2849 AC_SEARCH_LIBS([DH_set0_pqg], [crypto], 2850 [AC_DEFINE([HAVE_DH_SET0_PQG], [1], 2851 [Define if libcrypto has DH_set0_pqg])]) 2852 2853 AC_SEARCH_LIBS([DSA_get0_key], [crypto], 2854 [AC_DEFINE([HAVE_DSA_GET0_KEY], [1], 2855 [Define if libcrypto has DSA_get0_key])]) 2856 AC_SEARCH_LIBS([DSA_get0_pqg], [crypto], 2857 [AC_DEFINE([HAVE_DSA_GET0_PQG], [1], 2858 [Define if libcrypto has DSA_get0_pqg])]) 2859 AC_SEARCH_LIBS([DSA_set0_key], [crypto], 2860 [AC_DEFINE([HAVE_DSA_SET0_KEY], [1], 2861 [Define if libcrypto has DSA_set0_key])]) 2862 AC_SEARCH_LIBS([DSA_set0_pqg], [crypto], 2863 [AC_DEFINE([HAVE_DSA_SET0_PQG], [1], 2864 [Define if libcrypto has DSA_set0_pqg])]) 2865 2866 AC_SEARCH_LIBS([DSA_SIG_get0], [crypto], 2867 [AC_DEFINE([HAVE_DSA_SIG_GET0], [1], 2868 [Define if libcrypto has DSA_SIG_get0])]) 2869 AC_SEARCH_LIBS([DSA_SIG_set0], [crypto], 2870 [AC_DEFINE([HAVE_DSA_SIG_SET0], [1], 2871 [Define if libcrypto has DSA_SIG_set0])]) 2872 2873 AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto], 2874 [AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1], 2875 [Define if libcrypto has ECDSA_SIG_get0])]) 2876 AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto], 2877 [AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1], 2878 [Define if libcrypto has ECDSA_SIG_set0])]) 2879 2880 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto], 2881 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1], 2882 [Define if libcrypto has EVP_CIPHER_CTX_iv])]) 2883 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto], 2884 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1], 2885 [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])]) 2886 AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto], 2887 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], 2888 [Define if libcrypto has EVP_CIPHER_CTX_get_iv])]) 2889 AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto], 2890 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], 2891 [Define if libcrypto has EVP_CIPHER_CTX_set_iv])]) 2892 2893 AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto], 2894 [AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1], 2895 [Define if libcrypto has RSA_get0_crt_params])]) 2896 AC_SEARCH_LIBS([RSA_get0_factors], [crypto], 2897 [AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1], 2898 [Define if libcrypto has RSA_get0_factors])]) 2899 AC_SEARCH_LIBS([RSA_get0_key], [crypto], 2900 [AC_DEFINE([HAVE_RSA_GET0_KEY], [1], 2901 [Define if libcrypto has RSA_get0_key])]) 2902 AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto], 2903 [AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1], 2904 [Define if libcrypto has RSA_get0_srt_params])]) 2905 AC_SEARCH_LIBS([RSA_set0_factors], [crypto], 2906 [AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1], 2907 [Define if libcrypto has RSA_set0_factors])]) 2908 AC_SEARCH_LIBS([RSA_set0_key], [crypto], 2909 [AC_DEFINE([HAVE_RSA_SET0_KEY], [1], 2910 [Define if libcrypto has RSA_set0_key])]) 2911 2912 AC_SEARCH_LIBS([RSA_meth_free], [crypto], 2913 [AC_DEFINE([HAVE_RSA_METH_FREE], [1], 2914 [Define if libcrypto has RSA_meth_free])]) 2915 AC_SEARCH_LIBS([RSA_meth_dup], [crypto], 2916 [AC_DEFINE([HAVE_RSA_METH_DUP], [1], 2917 [Define if libcrypto has RSA_meth_dup])]) 2918 AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto], 2919 [AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1], 2920 [Define if libcrypto has RSA_meth_set1_name])]) 2921 AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto], 2922 [AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1], 2923 [Define if libcrypto has RSA_meth_get_finish])]) 2924 AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto], 2925 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1], 2926 [Define if libcrypto has RSA_meth_set_priv_enc])]) 2927 AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto], 2928 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1], 2929 [Define if libcrypto has RSA_meth_set_priv_dec])]) 2930 AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto], 2931 [AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1], 2932 [Define if libcrypto has RSA_meth_set_finish])]) 2933 2934 AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto], 2935 [AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1], 2936 [Define if libcrypto has EVP_PKEY_get0_RSA])]) 2937 2938 AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto], 2939 [AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], 2940 [Define if libcrypto has EVP_MD_CTX_new])]) 2941 AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto], 2942 [AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], 2943 [Define if libcrypto has EVP_MD_CTX_free])]) 2944 2945 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2946 AC_LINK_IFELSE( 2947 [AC_LANG_PROGRAM([[ 2948 #include <string.h> 2949 #include <openssl/evp.h> 2950 ]], [[ 2951 if(EVP_DigestUpdate(NULL, NULL,0)) 2952 exit(0); 2953 ]])], 2954 [ 2955 AC_MSG_RESULT([yes]) 2956 ], 2957 [ 2958 AC_MSG_RESULT([no]) 2959 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2960 [Define if EVP_DigestUpdate returns void]) 2961 ] 2962 ) 2963 2964 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2965 # because the system crypt() is more featureful. 2966 if test "x$check_for_libcrypt_before" = "x1"; then 2967 AC_CHECK_LIB([crypt], [crypt]) 2968 fi 2969 2970 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2971 # version in OpenSSL. 2972 if test "x$check_for_libcrypt_later" = "x1"; then 2973 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2974 fi 2975 AC_CHECK_FUNCS([crypt DES_crypt]) 2976 2977 # Search for SHA256 support in libc and/or OpenSSL 2978 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2979 [unsupported_algorithms="$unsupported_algorithms \ 2980 hmac-sha2-256 \ 2981 hmac-sha2-512 \ 2982 diffie-hellman-group-exchange-sha256 \ 2983 hmac-sha2-256-etm@openssh.com \ 2984 hmac-sha2-512-etm@openssh.com" 2985 ] 2986 ) 2987 # Search for RIPE-MD support in OpenSSL 2988 AC_CHECK_FUNCS([EVP_ripemd160], , 2989 [unsupported_algorithms="$unsupported_algorithms \ 2990 hmac-ripemd160 \ 2991 hmac-ripemd160@openssh.com \ 2992 hmac-ripemd160-etm@openssh.com" 2993 ] 2994 ) 2995 2996 # Check complete ECC support in OpenSSL 2997 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2998 AC_LINK_IFELSE( 2999 [AC_LANG_PROGRAM([[ 3000 #include <openssl/ec.h> 3001 #include <openssl/ecdh.h> 3002 #include <openssl/ecdsa.h> 3003 #include <openssl/evp.h> 3004 #include <openssl/objects.h> 3005 #include <openssl/opensslv.h> 3006 ]], [[ 3007 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3008 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3009 ]])], 3010 [ AC_MSG_RESULT([yes]) 3011 enable_nistp256=1 ], 3012 [ AC_MSG_RESULT([no]) ] 3013 ) 3014 3015 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3016 AC_LINK_IFELSE( 3017 [AC_LANG_PROGRAM([[ 3018 #include <openssl/ec.h> 3019 #include <openssl/ecdh.h> 3020 #include <openssl/ecdsa.h> 3021 #include <openssl/evp.h> 3022 #include <openssl/objects.h> 3023 #include <openssl/opensslv.h> 3024 ]], [[ 3025 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3026 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3027 ]])], 3028 [ AC_MSG_RESULT([yes]) 3029 enable_nistp384=1 ], 3030 [ AC_MSG_RESULT([no]) ] 3031 ) 3032 3033 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3034 AC_LINK_IFELSE( 3035 [AC_LANG_PROGRAM([[ 3036 #include <openssl/ec.h> 3037 #include <openssl/ecdh.h> 3038 #include <openssl/ecdsa.h> 3039 #include <openssl/evp.h> 3040 #include <openssl/objects.h> 3041 #include <openssl/opensslv.h> 3042 ]], [[ 3043 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3044 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3045 ]])], 3046 [ AC_MSG_RESULT([yes]) 3047 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3048 AC_RUN_IFELSE( 3049 [AC_LANG_PROGRAM([[ 3050 #include <openssl/ec.h> 3051 #include <openssl/ecdh.h> 3052 #include <openssl/ecdsa.h> 3053 #include <openssl/evp.h> 3054 #include <openssl/objects.h> 3055 #include <openssl/opensslv.h> 3056 ]],[[ 3057 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3058 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3059 exit(e == NULL || m == NULL); 3060 ]])], 3061 [ AC_MSG_RESULT([yes]) 3062 enable_nistp521=1 ], 3063 [ AC_MSG_RESULT([no]) ], 3064 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3065 enable_nistp521=1 ] 3066 )], 3067 AC_MSG_RESULT([no]) 3068 ) 3069 3070 COMMENT_OUT_ECC="#no ecc#" 3071 TEST_SSH_ECC=no 3072 3073 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3074 test x$enable_nistp521 = x1; then 3075 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3076 fi 3077 if test x$enable_nistp256 = x1; then 3078 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3079 [libcrypto has NID_X9_62_prime256v1]) 3080 TEST_SSH_ECC=yes 3081 COMMENT_OUT_ECC="" 3082 else 3083 unsupported_algorithms="$unsupported_algorithms \ 3084 ecdsa-sha2-nistp256 \ 3085 ecdh-sha2-nistp256 \ 3086 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3087 fi 3088 if test x$enable_nistp384 = x1; then 3089 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3090 TEST_SSH_ECC=yes 3091 COMMENT_OUT_ECC="" 3092 else 3093 unsupported_algorithms="$unsupported_algorithms \ 3094 ecdsa-sha2-nistp384 \ 3095 ecdh-sha2-nistp384 \ 3096 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3097 fi 3098 if test x$enable_nistp521 = x1; then 3099 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3100 TEST_SSH_ECC=yes 3101 COMMENT_OUT_ECC="" 3102 else 3103 unsupported_algorithms="$unsupported_algorithms \ 3104 ecdh-sha2-nistp521 \ 3105 ecdsa-sha2-nistp521 \ 3106 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3107 fi 3108 3109 AC_SUBST([TEST_SSH_ECC]) 3110 AC_SUBST([COMMENT_OUT_ECC]) 3111else 3112 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3113 AC_CHECK_FUNCS([crypt]) 3114fi 3115 3116AC_CHECK_FUNCS([ \ 3117 arc4random \ 3118 arc4random_buf \ 3119 arc4random_stir \ 3120 arc4random_uniform \ 3121]) 3122 3123saved_LIBS="$LIBS" 3124AC_CHECK_LIB([iaf], [ia_openinfo], [ 3125 LIBS="$LIBS -liaf" 3126 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3127 AC_DEFINE([HAVE_LIBIAF], [1], 3128 [Define if system has libiaf that supports set_id]) 3129 ]) 3130]) 3131LIBS="$saved_LIBS" 3132 3133### Configure cryptographic random number support 3134 3135# Check whether OpenSSL seeds itself 3136if test "x$openssl" = "xyes" ; then 3137 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3138 AC_RUN_IFELSE( 3139 [AC_LANG_PROGRAM([[ 3140 #include <string.h> 3141 #include <openssl/rand.h> 3142 ]], [[ 3143 exit(RAND_status() == 1 ? 0 : 1); 3144 ]])], 3145 [ 3146 OPENSSL_SEEDS_ITSELF=yes 3147 AC_MSG_RESULT([yes]) 3148 ], 3149 [ 3150 AC_MSG_RESULT([no]) 3151 ], 3152 [ 3153 AC_MSG_WARN([cross compiling: assuming yes]) 3154 # This is safe, since we will fatal() at runtime if 3155 # OpenSSL is not seeded correctly. 3156 OPENSSL_SEEDS_ITSELF=yes 3157 ] 3158 ) 3159fi 3160 3161# PRNGD TCP socket 3162AC_ARG_WITH([prngd-port], 3163 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3164 [ 3165 case "$withval" in 3166 no) 3167 withval="" 3168 ;; 3169 [[0-9]]*) 3170 ;; 3171 *) 3172 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3173 ;; 3174 esac 3175 if test ! -z "$withval" ; then 3176 PRNGD_PORT="$withval" 3177 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3178 [Port number of PRNGD/EGD random number socket]) 3179 fi 3180 ] 3181) 3182 3183# PRNGD Unix domain socket 3184AC_ARG_WITH([prngd-socket], 3185 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3186 [ 3187 case "$withval" in 3188 yes) 3189 withval="/var/run/egd-pool" 3190 ;; 3191 no) 3192 withval="" 3193 ;; 3194 /*) 3195 ;; 3196 *) 3197 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3198 ;; 3199 esac 3200 3201 if test ! -z "$withval" ; then 3202 if test ! -z "$PRNGD_PORT" ; then 3203 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3204 fi 3205 if test ! -r "$withval" ; then 3206 AC_MSG_WARN([Entropy socket is not readable]) 3207 fi 3208 PRNGD_SOCKET="$withval" 3209 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3210 [Location of PRNGD/EGD random number socket]) 3211 fi 3212 ], 3213 [ 3214 # Check for existing socket only if we don't have a random device already 3215 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3216 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3217 # Insert other locations here 3218 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3219 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3220 PRNGD_SOCKET="$sock" 3221 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3222 break; 3223 fi 3224 done 3225 if test ! -z "$PRNGD_SOCKET" ; then 3226 AC_MSG_RESULT([$PRNGD_SOCKET]) 3227 else 3228 AC_MSG_RESULT([not found]) 3229 fi 3230 fi 3231 ] 3232) 3233 3234# Which randomness source do we use? 3235if test ! -z "$PRNGD_PORT" ; then 3236 RAND_MSG="PRNGd port $PRNGD_PORT" 3237elif test ! -z "$PRNGD_SOCKET" ; then 3238 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3239elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3240 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3241 [Define if you want the OpenSSL internally seeded PRNG only]) 3242 RAND_MSG="OpenSSL internal ONLY" 3243elif test "x$openssl" = "xno" ; then 3244 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3245else 3246 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3247fi 3248 3249# Check for PAM libs 3250PAM_MSG="no" 3251AC_ARG_WITH([pam], 3252 [ --with-pam Enable PAM support ], 3253 [ 3254 if test "x$withval" != "xno" ; then 3255 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3256 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3257 AC_MSG_ERROR([PAM headers not found]) 3258 fi 3259 3260 saved_LIBS="$LIBS" 3261 AC_CHECK_LIB([dl], [dlopen], , ) 3262 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3263 AC_CHECK_FUNCS([pam_getenvlist]) 3264 AC_CHECK_FUNCS([pam_putenv]) 3265 LIBS="$saved_LIBS" 3266 3267 PAM_MSG="yes" 3268 3269 SSHDLIBS="$SSHDLIBS -lpam" 3270 AC_DEFINE([USE_PAM], [1], 3271 [Define if you want to enable PAM support]) 3272 3273 if test $ac_cv_lib_dl_dlopen = yes; then 3274 case "$LIBS" in 3275 *-ldl*) 3276 # libdl already in LIBS 3277 ;; 3278 *) 3279 SSHDLIBS="$SSHDLIBS -ldl" 3280 ;; 3281 esac 3282 fi 3283 fi 3284 ] 3285) 3286 3287AC_ARG_WITH([pam-service], 3288 [ --with-pam-service=name Specify PAM service name ], 3289 [ 3290 if test "x$withval" != "xno" && \ 3291 test "x$withval" != "xyes" ; then 3292 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3293 ["$withval"], [sshd PAM service name]) 3294 fi 3295 ] 3296) 3297 3298# Check for older PAM 3299if test "x$PAM_MSG" = "xyes" ; then 3300 # Check PAM strerror arguments (old PAM) 3301 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3302 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3303#include <stdlib.h> 3304#if defined(HAVE_SECURITY_PAM_APPL_H) 3305#include <security/pam_appl.h> 3306#elif defined (HAVE_PAM_PAM_APPL_H) 3307#include <pam/pam_appl.h> 3308#endif 3309 ]], [[ 3310(void)pam_strerror((pam_handle_t *)NULL, -1); 3311 ]])], [AC_MSG_RESULT([no])], [ 3312 AC_DEFINE([HAVE_OLD_PAM], [1], 3313 [Define if you have an old version of PAM 3314 which takes only one argument to pam_strerror]) 3315 AC_MSG_RESULT([yes]) 3316 PAM_MSG="yes (old library)" 3317 3318 ]) 3319fi 3320 3321case "$host" in 3322*-*-cygwin*) 3323 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3324 ;; 3325*) 3326 SSH_PRIVSEP_USER=sshd 3327 ;; 3328esac 3329AC_ARG_WITH([privsep-user], 3330 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3331 [ 3332 if test -n "$withval" && test "x$withval" != "xno" && \ 3333 test "x${withval}" != "xyes"; then 3334 SSH_PRIVSEP_USER=$withval 3335 fi 3336 ] 3337) 3338if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3339 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3340 [Cygwin function to fetch non-privileged user for privilege separation]) 3341else 3342 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3343 [non-privileged user for privilege separation]) 3344fi 3345AC_SUBST([SSH_PRIVSEP_USER]) 3346 3347if test "x$have_linux_no_new_privs" = "x1" ; then 3348AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3349 #include <sys/types.h> 3350 #include <linux/seccomp.h> 3351]) 3352fi 3353if test "x$have_seccomp_filter" = "x1" ; then 3354AC_MSG_CHECKING([kernel for seccomp_filter support]) 3355AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3356 #include <errno.h> 3357 #include <elf.h> 3358 #include <linux/audit.h> 3359 #include <linux/seccomp.h> 3360 #include <stdlib.h> 3361 #include <sys/prctl.h> 3362 ]], 3363 [[ int i = $seccomp_audit_arch; 3364 errno = 0; 3365 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3366 exit(errno == EFAULT ? 0 : 1); ]])], 3367 [ AC_MSG_RESULT([yes]) ], [ 3368 AC_MSG_RESULT([no]) 3369 # Disable seccomp filter as a target 3370 have_seccomp_filter=0 3371 ] 3372) 3373fi 3374 3375# Decide which sandbox style to use 3376sandbox_arg="" 3377AC_ARG_WITH([sandbox], 3378 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3379 [ 3380 if test "x$withval" = "xyes" ; then 3381 sandbox_arg="" 3382 else 3383 sandbox_arg="$withval" 3384 fi 3385 ] 3386) 3387 3388# Some platforms (seems to be the ones that have a kernel poll(2)-type 3389# function with which they implement select(2)) use an extra file descriptor 3390# when calling select(2), which means we can't use the rlimit sandbox. 3391AC_MSG_CHECKING([if select works with descriptor rlimit]) 3392AC_RUN_IFELSE( 3393 [AC_LANG_PROGRAM([[ 3394#include <sys/types.h> 3395#ifdef HAVE_SYS_TIME_H 3396# include <sys/time.h> 3397#endif 3398#include <sys/resource.h> 3399#ifdef HAVE_SYS_SELECT_H 3400# include <sys/select.h> 3401#endif 3402#include <errno.h> 3403#include <fcntl.h> 3404#include <stdlib.h> 3405 ]],[[ 3406 struct rlimit rl_zero; 3407 int fd, r; 3408 fd_set fds; 3409 struct timeval tv; 3410 3411 fd = open("/dev/null", O_RDONLY); 3412 FD_ZERO(&fds); 3413 FD_SET(fd, &fds); 3414 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3415 setrlimit(RLIMIT_FSIZE, &rl_zero); 3416 setrlimit(RLIMIT_NOFILE, &rl_zero); 3417 tv.tv_sec = 1; 3418 tv.tv_usec = 0; 3419 r = select(fd+1, &fds, NULL, NULL, &tv); 3420 exit (r == -1 ? 1 : 0); 3421 ]])], 3422 [AC_MSG_RESULT([yes]) 3423 select_works_with_rlimit=yes], 3424 [AC_MSG_RESULT([no]) 3425 select_works_with_rlimit=no], 3426 [AC_MSG_WARN([cross compiling: assuming yes]) 3427 select_works_with_rlimit=yes] 3428) 3429 3430AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3431AC_RUN_IFELSE( 3432 [AC_LANG_PROGRAM([[ 3433#include <sys/types.h> 3434#ifdef HAVE_SYS_TIME_H 3435# include <sys/time.h> 3436#endif 3437#include <sys/resource.h> 3438#include <errno.h> 3439#include <stdlib.h> 3440 ]],[[ 3441 struct rlimit rl_zero; 3442 int fd, r; 3443 fd_set fds; 3444 3445 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3446 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3447 exit (r == -1 ? 1 : 0); 3448 ]])], 3449 [AC_MSG_RESULT([yes]) 3450 rlimit_nofile_zero_works=yes], 3451 [AC_MSG_RESULT([no]) 3452 rlimit_nofile_zero_works=no], 3453 [AC_MSG_WARN([cross compiling: assuming yes]) 3454 rlimit_nofile_zero_works=yes] 3455) 3456 3457AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3458AC_RUN_IFELSE( 3459 [AC_LANG_PROGRAM([[ 3460#include <sys/types.h> 3461#include <sys/resource.h> 3462#include <stdlib.h> 3463 ]],[[ 3464 struct rlimit rl_zero; 3465 3466 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3467 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3468 ]])], 3469 [AC_MSG_RESULT([yes])], 3470 [AC_MSG_RESULT([no]) 3471 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3472 [setrlimit RLIMIT_FSIZE works])], 3473 [AC_MSG_WARN([cross compiling: assuming yes])] 3474) 3475 3476if test "x$sandbox_arg" = "xpledge" || \ 3477 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3478 test "x$ac_cv_func_pledge" != "xyes" && \ 3479 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3480 SANDBOX_STYLE="pledge" 3481 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3482elif test "x$sandbox_arg" = "xsystrace" || \ 3483 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3484 test "x$have_systr_policy_kill" != "x1" && \ 3485 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3486 SANDBOX_STYLE="systrace" 3487 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3488elif test "x$sandbox_arg" = "xdarwin" || \ 3489 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3490 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3491 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3492 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3493 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3494 SANDBOX_STYLE="darwin" 3495 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3496elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3497 ( test -z "$sandbox_arg" && \ 3498 test "x$have_seccomp_filter" = "x1" && \ 3499 test "x$ac_cv_header_elf_h" = "xyes" && \ 3500 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3501 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3502 test "x$seccomp_audit_arch" != "x" && \ 3503 test "x$have_linux_no_new_privs" = "x1" && \ 3504 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3505 test "x$seccomp_audit_arch" = "x" && \ 3506 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3507 test "x$have_linux_no_new_privs" != "x1" && \ 3508 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3509 test "x$have_seccomp_filter" != "x1" && \ 3510 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3511 test "x$ac_cv_func_prctl" != "xyes" && \ 3512 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3513 SANDBOX_STYLE="seccomp_filter" 3514 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3515elif test "x$sandbox_arg" = "xcapsicum" || \ 3516 ( test -z "$sandbox_arg" && \ 3517 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3518 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3519 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3520 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3521 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3522 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3523 SANDBOX_STYLE="capsicum" 3524 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3525elif test "x$sandbox_arg" = "xrlimit" || \ 3526 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3527 test "x$select_works_with_rlimit" = "xyes" && \ 3528 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3529 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3530 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3531 test "x$select_works_with_rlimit" != "xyes" && \ 3532 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3533 SANDBOX_STYLE="rlimit" 3534 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3535elif test "x$sandbox_arg" = "xsolaris" || \ 3536 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3537 SANDBOX_STYLE="solaris" 3538 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3539elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3540 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3541 SANDBOX_STYLE="none" 3542 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3543else 3544 AC_MSG_ERROR([unsupported --with-sandbox]) 3545fi 3546 3547# Cheap hack to ensure NEWS-OS libraries are arranged right. 3548if test ! -z "$SONY" ; then 3549 LIBS="$LIBS -liberty"; 3550fi 3551 3552# Check for long long datatypes 3553AC_CHECK_TYPES([long long, unsigned long long, long double]) 3554 3555# Check datatype sizes 3556AC_CHECK_SIZEOF([short int], [2]) 3557AC_CHECK_SIZEOF([int], [4]) 3558AC_CHECK_SIZEOF([long int], [4]) 3559AC_CHECK_SIZEOF([long long int], [8]) 3560 3561# Sanity check long long for some platforms (AIX) 3562if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3563 ac_cv_sizeof_long_long_int=0 3564fi 3565 3566# compute LLONG_MIN and LLONG_MAX if we don't know them. 3567if test -z "$have_llong_max"; then 3568 AC_MSG_CHECKING([for max value of long long]) 3569 AC_RUN_IFELSE( 3570 [AC_LANG_PROGRAM([[ 3571#include <stdio.h> 3572/* Why is this so damn hard? */ 3573#ifdef __GNUC__ 3574# undef __GNUC__ 3575#endif 3576#define __USE_ISOC99 3577#include <limits.h> 3578#define DATA "conftest.llminmax" 3579#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3580 3581/* 3582 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3583 * we do this the hard way. 3584 */ 3585static int 3586fprint_ll(FILE *f, long long n) 3587{ 3588 unsigned int i; 3589 int l[sizeof(long long) * 8]; 3590 3591 if (n < 0) 3592 if (fprintf(f, "-") < 0) 3593 return -1; 3594 for (i = 0; n != 0; i++) { 3595 l[i] = my_abs(n % 10); 3596 n /= 10; 3597 } 3598 do { 3599 if (fprintf(f, "%d", l[--i]) < 0) 3600 return -1; 3601 } while (i != 0); 3602 if (fprintf(f, " ") < 0) 3603 return -1; 3604 return 0; 3605} 3606 ]], [[ 3607 FILE *f; 3608 long long i, llmin, llmax = 0; 3609 3610 if((f = fopen(DATA,"w")) == NULL) 3611 exit(1); 3612 3613#if defined(LLONG_MIN) && defined(LLONG_MAX) 3614 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3615 llmin = LLONG_MIN; 3616 llmax = LLONG_MAX; 3617#else 3618 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3619 /* This will work on one's complement and two's complement */ 3620 for (i = 1; i > llmax; i <<= 1, i++) 3621 llmax = i; 3622 llmin = llmax + 1LL; /* wrap */ 3623#endif 3624 3625 /* Sanity check */ 3626 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3627 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3628 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3629 fprintf(f, "unknown unknown\n"); 3630 exit(2); 3631 } 3632 3633 if (fprint_ll(f, llmin) < 0) 3634 exit(3); 3635 if (fprint_ll(f, llmax) < 0) 3636 exit(4); 3637 if (fclose(f) < 0) 3638 exit(5); 3639 exit(0); 3640 ]])], 3641 [ 3642 llong_min=`$AWK '{print $1}' conftest.llminmax` 3643 llong_max=`$AWK '{print $2}' conftest.llminmax` 3644 3645 AC_MSG_RESULT([$llong_max]) 3646 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3647 [max value of long long calculated by configure]) 3648 AC_MSG_CHECKING([for min value of long long]) 3649 AC_MSG_RESULT([$llong_min]) 3650 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3651 [min value of long long calculated by configure]) 3652 ], 3653 [ 3654 AC_MSG_RESULT([not found]) 3655 ], 3656 [ 3657 AC_MSG_WARN([cross compiling: not checking]) 3658 ] 3659 ) 3660fi 3661 3662 3663# More checks for data types 3664AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3665 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3666 [[ u_int a; a = 1;]])], 3667 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3668 ]) 3669]) 3670if test "x$ac_cv_have_u_int" = "xyes" ; then 3671 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3672 have_u_int=1 3673fi 3674 3675AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3676 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3677 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3678 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3679 ]) 3680]) 3681if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3682 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3683 have_intxx_t=1 3684fi 3685 3686if (test -z "$have_intxx_t" && \ 3687 test "x$ac_cv_header_stdint_h" = "xyes") 3688then 3689 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3690 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3691 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3692 [ 3693 AC_DEFINE([HAVE_INTXX_T]) 3694 AC_MSG_RESULT([yes]) 3695 ], [ AC_MSG_RESULT([no]) 3696 ]) 3697fi 3698 3699AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3700 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3701#include <sys/types.h> 3702#ifdef HAVE_STDINT_H 3703# include <stdint.h> 3704#endif 3705#include <sys/socket.h> 3706#ifdef HAVE_SYS_BITYPES_H 3707# include <sys/bitypes.h> 3708#endif 3709 ]], [[ 3710int64_t a; a = 1; 3711 ]])], 3712 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3713 ]) 3714]) 3715if test "x$ac_cv_have_int64_t" = "xyes" ; then 3716 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3717fi 3718 3719AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3720 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3721 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3722 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3723 ]) 3724]) 3725if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3726 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3727 have_u_intxx_t=1 3728fi 3729 3730if test -z "$have_u_intxx_t" ; then 3731 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3732 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3733 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3734 [ 3735 AC_DEFINE([HAVE_U_INTXX_T]) 3736 AC_MSG_RESULT([yes]) 3737 ], [ AC_MSG_RESULT([no]) 3738 ]) 3739fi 3740 3741AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3742 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3743 [[ u_int64_t a; a = 1;]])], 3744 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3745 ]) 3746]) 3747if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3748 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3749 have_u_int64_t=1 3750fi 3751 3752if (test -z "$have_u_int64_t" && \ 3753 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3754then 3755 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3756 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3757 [[ u_int64_t a; a = 1]])], 3758 [ 3759 AC_DEFINE([HAVE_U_INT64_T]) 3760 AC_MSG_RESULT([yes]) 3761 ], [ AC_MSG_RESULT([no]) 3762 ]) 3763fi 3764 3765if test -z "$have_u_intxx_t" ; then 3766 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3767 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3768#include <sys/types.h> 3769 ]], [[ 3770 uint8_t a; 3771 uint16_t b; 3772 uint32_t c; 3773 a = b = c = 1; 3774 ]])], 3775 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3776 ]) 3777 ]) 3778 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3779 AC_DEFINE([HAVE_UINTXX_T], [1], 3780 [define if you have uintxx_t data type]) 3781 fi 3782fi 3783 3784if (test -z "$have_uintxx_t" && \ 3785 test "x$ac_cv_header_stdint_h" = "xyes") 3786then 3787 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3788 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3789 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3790 [ 3791 AC_DEFINE([HAVE_UINTXX_T]) 3792 AC_MSG_RESULT([yes]) 3793 ], [ AC_MSG_RESULT([no]) 3794 ]) 3795fi 3796 3797if (test -z "$have_uintxx_t" && \ 3798 test "x$ac_cv_header_inttypes_h" = "xyes") 3799then 3800 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3801 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3802 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3803 [ 3804 AC_DEFINE([HAVE_UINTXX_T]) 3805 AC_MSG_RESULT([yes]) 3806 ], [ AC_MSG_RESULT([no]) 3807 ]) 3808fi 3809 3810if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3811 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3812then 3813 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3814 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3815#include <sys/bitypes.h> 3816 ]], [[ 3817 int8_t a; int16_t b; int32_t c; 3818 u_int8_t e; u_int16_t f; u_int32_t g; 3819 a = b = c = e = f = g = 1; 3820 ]])], 3821 [ 3822 AC_DEFINE([HAVE_U_INTXX_T]) 3823 AC_DEFINE([HAVE_INTXX_T]) 3824 AC_MSG_RESULT([yes]) 3825 ], [AC_MSG_RESULT([no]) 3826 ]) 3827fi 3828 3829 3830AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3831 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3832 [[ u_char foo; foo = 125; ]])], 3833 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3834 ]) 3835]) 3836if test "x$ac_cv_have_u_char" = "xyes" ; then 3837 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3838fi 3839 3840AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3841#include <sys/types.h> 3842#include <stdint.h> 3843]) 3844 3845TYPE_SOCKLEN_T 3846 3847AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3848AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3849#include <sys/types.h> 3850#ifdef HAVE_SYS_BITYPES_H 3851#include <sys/bitypes.h> 3852#endif 3853#ifdef HAVE_SYS_STATFS_H 3854#include <sys/statfs.h> 3855#endif 3856#ifdef HAVE_SYS_STATVFS_H 3857#include <sys/statvfs.h> 3858#endif 3859]) 3860 3861AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[ 3862#include <sys/types.h> 3863#ifdef HAVE_SYS_BITYPES_H 3864#include <sys/bitypes.h> 3865#endif 3866#ifdef HAVE_SYS_STATFS_H 3867#include <sys/statfs.h> 3868#endif 3869#ifdef HAVE_SYS_STATVFS_H 3870#include <sys/statvfs.h> 3871#endif 3872#ifdef HAVE_SYS_VFS_H 3873#include <sys/vfs.h> 3874#endif 3875]]) 3876 3877 3878AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3879[#include <sys/types.h> 3880#include <netinet/in.h>]) 3881 3882AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3883 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3884 [[ size_t foo; foo = 1235; ]])], 3885 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3886 ]) 3887]) 3888if test "x$ac_cv_have_size_t" = "xyes" ; then 3889 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3890fi 3891 3892AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3893 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3894 [[ ssize_t foo; foo = 1235; ]])], 3895 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3896 ]) 3897]) 3898if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3899 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3900fi 3901 3902AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3903 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3904 [[ clock_t foo; foo = 1235; ]])], 3905 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3906 ]) 3907]) 3908if test "x$ac_cv_have_clock_t" = "xyes" ; then 3909 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3910fi 3911 3912AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3913 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3914#include <sys/types.h> 3915#include <sys/socket.h> 3916 ]], [[ sa_family_t foo; foo = 1235; ]])], 3917 [ ac_cv_have_sa_family_t="yes" ], 3918 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3919#include <sys/types.h> 3920#include <sys/socket.h> 3921#include <netinet/in.h> 3922 ]], [[ sa_family_t foo; foo = 1235; ]])], 3923 [ ac_cv_have_sa_family_t="yes" ], 3924 [ ac_cv_have_sa_family_t="no" ] 3925 ) 3926 ]) 3927]) 3928if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3929 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3930 [define if you have sa_family_t data type]) 3931fi 3932 3933AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3934 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3935 [[ pid_t foo; foo = 1235; ]])], 3936 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3937 ]) 3938]) 3939if test "x$ac_cv_have_pid_t" = "xyes" ; then 3940 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3941fi 3942 3943AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3944 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3945 [[ mode_t foo; foo = 1235; ]])], 3946 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3947 ]) 3948]) 3949if test "x$ac_cv_have_mode_t" = "xyes" ; then 3950 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3951fi 3952 3953 3954AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3955 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3956#include <sys/types.h> 3957#include <sys/socket.h> 3958 ]], [[ struct sockaddr_storage s; ]])], 3959 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3960 [ ac_cv_have_struct_sockaddr_storage="no" 3961 ]) 3962]) 3963if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3964 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3965 [define if you have struct sockaddr_storage data type]) 3966fi 3967 3968AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3969 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3970#include <sys/types.h> 3971#include <netinet/in.h> 3972 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3973 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3974 [ ac_cv_have_struct_sockaddr_in6="no" 3975 ]) 3976]) 3977if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3978 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3979 [define if you have struct sockaddr_in6 data type]) 3980fi 3981 3982AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3983 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3984#include <sys/types.h> 3985#include <netinet/in.h> 3986 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3987 [ ac_cv_have_struct_in6_addr="yes" ], 3988 [ ac_cv_have_struct_in6_addr="no" 3989 ]) 3990]) 3991if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3992 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3993 [define if you have struct in6_addr data type]) 3994 3995dnl Now check for sin6_scope_id 3996 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3997 [ 3998#ifdef HAVE_SYS_TYPES_H 3999#include <sys/types.h> 4000#endif 4001#include <netinet/in.h> 4002 ]) 4003fi 4004 4005AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4006 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4007#include <sys/types.h> 4008#include <sys/socket.h> 4009#include <netdb.h> 4010 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4011 [ ac_cv_have_struct_addrinfo="yes" ], 4012 [ ac_cv_have_struct_addrinfo="no" 4013 ]) 4014]) 4015if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4016 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4017 [define if you have struct addrinfo data type]) 4018fi 4019 4020AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4021 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4022 [[ struct timeval tv; tv.tv_sec = 1;]])], 4023 [ ac_cv_have_struct_timeval="yes" ], 4024 [ ac_cv_have_struct_timeval="no" 4025 ]) 4026]) 4027if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4028 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4029 have_struct_timeval=1 4030fi 4031 4032AC_CHECK_TYPES([struct timespec]) 4033 4034# We need int64_t or else certain parts of the compile will fail. 4035if test "x$ac_cv_have_int64_t" = "xno" && \ 4036 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4037 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4038 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4039 echo "an alternative compiler (I.E., GCC) before continuing." 4040 echo "" 4041 exit 1; 4042else 4043dnl test snprintf (broken on SCO w/gcc) 4044 AC_RUN_IFELSE( 4045 [AC_LANG_SOURCE([[ 4046#include <stdio.h> 4047#include <string.h> 4048#ifdef HAVE_SNPRINTF 4049main() 4050{ 4051 char buf[50]; 4052 char expected_out[50]; 4053 int mazsize = 50 ; 4054#if (SIZEOF_LONG_INT == 8) 4055 long int num = 0x7fffffffffffffff; 4056#else 4057 long long num = 0x7fffffffffffffffll; 4058#endif 4059 strcpy(expected_out, "9223372036854775807"); 4060 snprintf(buf, mazsize, "%lld", num); 4061 if(strcmp(buf, expected_out) != 0) 4062 exit(1); 4063 exit(0); 4064} 4065#else 4066main() { exit(0); } 4067#endif 4068 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4069 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4070 ) 4071fi 4072 4073dnl Checks for structure members 4074OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4075OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4076OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4077OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4078OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4079OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4080OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4081OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4082OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4083OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4084OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4085OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4086OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4087OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4088OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4089OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4090OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4091 4092AC_CHECK_MEMBERS([struct stat.st_blksize]) 4093AC_CHECK_MEMBERS([struct stat.st_mtim]) 4094AC_CHECK_MEMBERS([struct stat.st_mtime]) 4095AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4096struct passwd.pw_change, struct passwd.pw_expire], 4097[], [], [[ 4098#include <sys/types.h> 4099#include <pwd.h> 4100]]) 4101 4102AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4103 [Define if we don't have struct __res_state in resolv.h])], 4104[[ 4105#include <stdio.h> 4106#if HAVE_SYS_TYPES_H 4107# include <sys/types.h> 4108#endif 4109#include <netinet/in.h> 4110#include <arpa/nameser.h> 4111#include <resolv.h> 4112]]) 4113 4114AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4115 ac_cv_have_ss_family_in_struct_ss, [ 4116 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4117#include <sys/types.h> 4118#include <sys/socket.h> 4119 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4120 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4121 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4122]) 4123if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4124 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4125fi 4126 4127AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4128 ac_cv_have___ss_family_in_struct_ss, [ 4129 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4130#include <sys/types.h> 4131#include <sys/socket.h> 4132 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4133 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4134 [ ac_cv_have___ss_family_in_struct_ss="no" 4135 ]) 4136]) 4137if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4138 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4139 [Fields in struct sockaddr_storage]) 4140fi 4141 4142dnl make sure we're using the real structure members and not defines 4143AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4144 ac_cv_have_accrights_in_msghdr, [ 4145 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4146#include <sys/types.h> 4147#include <sys/socket.h> 4148#include <sys/uio.h> 4149 ]], [[ 4150#ifdef msg_accrights 4151#error "msg_accrights is a macro" 4152exit(1); 4153#endif 4154struct msghdr m; 4155m.msg_accrights = 0; 4156exit(0); 4157 ]])], 4158 [ ac_cv_have_accrights_in_msghdr="yes" ], 4159 [ ac_cv_have_accrights_in_msghdr="no" ] 4160 ) 4161]) 4162if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4163 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4164 [Define if your system uses access rights style 4165 file descriptor passing]) 4166fi 4167 4168AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4169AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4170#include <sys/param.h> 4171#include <sys/stat.h> 4172#ifdef HAVE_SYS_TIME_H 4173# include <sys/time.h> 4174#endif 4175#ifdef HAVE_SYS_MOUNT_H 4176#include <sys/mount.h> 4177#endif 4178#ifdef HAVE_SYS_STATVFS_H 4179#include <sys/statvfs.h> 4180#endif 4181 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4182 [ AC_MSG_RESULT([yes]) ], 4183 [ AC_MSG_RESULT([no]) 4184 4185 AC_MSG_CHECKING([if fsid_t has member val]) 4186 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4187#include <sys/types.h> 4188#include <sys/statvfs.h> 4189 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4190 [ AC_MSG_RESULT([yes]) 4191 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4192 [ AC_MSG_RESULT([no]) ]) 4193 4194 AC_MSG_CHECKING([if f_fsid has member __val]) 4195 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4196#include <sys/types.h> 4197#include <sys/statvfs.h> 4198 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4199 [ AC_MSG_RESULT([yes]) 4200 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4201 [ AC_MSG_RESULT([no]) ]) 4202]) 4203 4204AC_CACHE_CHECK([for msg_control field in struct msghdr], 4205 ac_cv_have_control_in_msghdr, [ 4206 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4207#include <sys/types.h> 4208#include <sys/socket.h> 4209#include <sys/uio.h> 4210 ]], [[ 4211#ifdef msg_control 4212#error "msg_control is a macro" 4213exit(1); 4214#endif 4215struct msghdr m; 4216m.msg_control = 0; 4217exit(0); 4218 ]])], 4219 [ ac_cv_have_control_in_msghdr="yes" ], 4220 [ ac_cv_have_control_in_msghdr="no" ] 4221 ) 4222]) 4223if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4224 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4225 [Define if your system uses ancillary data style 4226 file descriptor passing]) 4227fi 4228 4229AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4230 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4231 [[ extern char *__progname; printf("%s", __progname); ]])], 4232 [ ac_cv_libc_defines___progname="yes" ], 4233 [ ac_cv_libc_defines___progname="no" 4234 ]) 4235]) 4236if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4237 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4238fi 4239 4240AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4241 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4242 [[ printf("%s", __FUNCTION__); ]])], 4243 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4244 [ ac_cv_cc_implements___FUNCTION__="no" 4245 ]) 4246]) 4247if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4248 AC_DEFINE([HAVE___FUNCTION__], [1], 4249 [Define if compiler implements __FUNCTION__]) 4250fi 4251 4252AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4253 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4254 [[ printf("%s", __func__); ]])], 4255 [ ac_cv_cc_implements___func__="yes" ], 4256 [ ac_cv_cc_implements___func__="no" 4257 ]) 4258]) 4259if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4260 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4261fi 4262 4263AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4264 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4265#include <stdarg.h> 4266va_list x,y; 4267 ]], [[ va_copy(x,y); ]])], 4268 [ ac_cv_have_va_copy="yes" ], 4269 [ ac_cv_have_va_copy="no" 4270 ]) 4271]) 4272if test "x$ac_cv_have_va_copy" = "xyes" ; then 4273 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4274fi 4275 4276AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4277 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4278#include <stdarg.h> 4279va_list x,y; 4280 ]], [[ __va_copy(x,y); ]])], 4281 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4282 ]) 4283]) 4284if test "x$ac_cv_have___va_copy" = "xyes" ; then 4285 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4286fi 4287 4288AC_CACHE_CHECK([whether getopt has optreset support], 4289 ac_cv_have_getopt_optreset, [ 4290 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4291 [[ extern int optreset; optreset = 0; ]])], 4292 [ ac_cv_have_getopt_optreset="yes" ], 4293 [ ac_cv_have_getopt_optreset="no" 4294 ]) 4295]) 4296if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4297 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4298 [Define if your getopt(3) defines and uses optreset]) 4299fi 4300 4301AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4302 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4303[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4304 [ ac_cv_libc_defines_sys_errlist="yes" ], 4305 [ ac_cv_libc_defines_sys_errlist="no" 4306 ]) 4307]) 4308if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4309 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4310 [Define if your system defines sys_errlist[]]) 4311fi 4312 4313 4314AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4315 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4316[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4317 [ ac_cv_libc_defines_sys_nerr="yes" ], 4318 [ ac_cv_libc_defines_sys_nerr="no" 4319 ]) 4320]) 4321if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4322 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4323fi 4324 4325# Check libraries needed by DNS fingerprint support 4326AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4327 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4328 [Define if getrrsetbyname() exists])], 4329 [ 4330 # Needed by our getrrsetbyname() 4331 AC_SEARCH_LIBS([res_query], [resolv]) 4332 AC_SEARCH_LIBS([dn_expand], [resolv]) 4333 AC_MSG_CHECKING([if res_query will link]) 4334 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4335#include <sys/types.h> 4336#include <netinet/in.h> 4337#include <arpa/nameser.h> 4338#include <netdb.h> 4339#include <resolv.h> 4340 ]], [[ 4341 res_query (0, 0, 0, 0, 0); 4342 ]])], 4343 AC_MSG_RESULT([yes]), 4344 [AC_MSG_RESULT([no]) 4345 saved_LIBS="$LIBS" 4346 LIBS="$LIBS -lresolv" 4347 AC_MSG_CHECKING([for res_query in -lresolv]) 4348 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4349#include <sys/types.h> 4350#include <netinet/in.h> 4351#include <arpa/nameser.h> 4352#include <netdb.h> 4353#include <resolv.h> 4354 ]], [[ 4355 res_query (0, 0, 0, 0, 0); 4356 ]])], 4357 [AC_MSG_RESULT([yes])], 4358 [LIBS="$saved_LIBS" 4359 AC_MSG_RESULT([no])]) 4360 ]) 4361 AC_CHECK_FUNCS([_getshort _getlong]) 4362 AC_CHECK_DECLS([_getshort, _getlong], , , 4363 [#include <sys/types.h> 4364 #include <arpa/nameser.h>]) 4365 AC_CHECK_MEMBER([HEADER.ad], 4366 [AC_DEFINE([HAVE_HEADER_AD], [1], 4367 [Define if HEADER.ad exists in arpa/nameser.h])], , 4368 [#include <arpa/nameser.h>]) 4369 ]) 4370 4371AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4372AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4373#include <stdio.h> 4374#if HAVE_SYS_TYPES_H 4375# include <sys/types.h> 4376#endif 4377#include <netinet/in.h> 4378#include <arpa/nameser.h> 4379#include <resolv.h> 4380extern struct __res_state _res; 4381 ]], [[ 4382struct __res_state *volatile p = &_res; /* force resolution of _res */ 4383return 0; 4384 ]],)], 4385 [AC_MSG_RESULT([yes]) 4386 AC_DEFINE([HAVE__RES_EXTERN], [1], 4387 [Define if you have struct __res_state _res as an extern]) 4388 ], 4389 [ AC_MSG_RESULT([no]) ] 4390) 4391 4392# Check whether user wants SELinux support 4393SELINUX_MSG="no" 4394LIBSELINUX="" 4395AC_ARG_WITH([selinux], 4396 [ --with-selinux Enable SELinux support], 4397 [ if test "x$withval" != "xno" ; then 4398 save_LIBS="$LIBS" 4399 AC_DEFINE([WITH_SELINUX], [1], 4400 [Define if you want SELinux support.]) 4401 SELINUX_MSG="yes" 4402 AC_CHECK_HEADER([selinux/selinux.h], , 4403 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4404 AC_CHECK_LIB([selinux], [setexeccon], 4405 [ LIBSELINUX="-lselinux" 4406 LIBS="$LIBS -lselinux" 4407 ], 4408 AC_MSG_ERROR([SELinux support requires libselinux library])) 4409 SSHLIBS="$SSHLIBS $LIBSELINUX" 4410 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4411 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4412 LIBS="$save_LIBS" 4413 fi ] 4414) 4415AC_SUBST([SSHLIBS]) 4416AC_SUBST([SSHDLIBS]) 4417 4418# Check whether user wants Kerberos 5 support 4419KRB5_MSG="no" 4420AC_ARG_WITH([kerberos5], 4421 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4422 [ if test "x$withval" != "xno" ; then 4423 if test "x$withval" = "xyes" ; then 4424 KRB5ROOT="/usr/local" 4425 else 4426 KRB5ROOT=${withval} 4427 fi 4428 4429 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4430 KRB5_MSG="yes" 4431 4432 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4433 [$KRB5ROOT/bin/krb5-config], 4434 [$KRB5ROOT/bin:$PATH]) 4435 if test -x $KRB5CONF ; then 4436 K5CFLAGS="`$KRB5CONF --cflags`" 4437 K5LIBS="`$KRB5CONF --libs`" 4438 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4439 4440 AC_MSG_CHECKING([for gssapi support]) 4441 if $KRB5CONF | grep gssapi >/dev/null ; then 4442 AC_MSG_RESULT([yes]) 4443 AC_DEFINE([GSSAPI], [1], 4444 [Define this if you want GSSAPI 4445 support in the version 2 protocol]) 4446 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4447 GSSLIBS="`$KRB5CONF --libs gssapi`" 4448 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4449 else 4450 AC_MSG_RESULT([no]) 4451 fi 4452 AC_MSG_CHECKING([whether we are using Heimdal]) 4453 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4454 ]], [[ char *tmp = heimdal_version; ]])], 4455 [ AC_MSG_RESULT([yes]) 4456 AC_DEFINE([HEIMDAL], [1], 4457 [Define this if you are using the Heimdal 4458 version of Kerberos V5]) ], 4459 [AC_MSG_RESULT([no]) 4460 ]) 4461 else 4462 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4463 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4464 AC_MSG_CHECKING([whether we are using Heimdal]) 4465 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4466 ]], [[ char *tmp = heimdal_version; ]])], 4467 [ AC_MSG_RESULT([yes]) 4468 AC_DEFINE([HEIMDAL]) 4469 K5LIBS="-lkrb5" 4470 K5LIBS="$K5LIBS -lcom_err -lasn1" 4471 AC_CHECK_LIB([roken], [net_write], 4472 [K5LIBS="$K5LIBS -lroken"]) 4473 AC_CHECK_LIB([des], [des_cbc_encrypt], 4474 [K5LIBS="$K5LIBS -ldes"]) 4475 ], [ AC_MSG_RESULT([no]) 4476 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4477 ]) 4478 AC_SEARCH_LIBS([dn_expand], [resolv]) 4479 4480 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4481 [ AC_DEFINE([GSSAPI]) 4482 GSSLIBS="-lgssapi_krb5" ], 4483 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4484 [ AC_DEFINE([GSSAPI]) 4485 GSSLIBS="-lgssapi" ], 4486 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4487 [ AC_DEFINE([GSSAPI]) 4488 GSSLIBS="-lgss" ], 4489 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4490 ]) 4491 ]) 4492 4493 AC_CHECK_HEADER([gssapi.h], , 4494 [ unset ac_cv_header_gssapi_h 4495 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4496 AC_CHECK_HEADERS([gssapi.h], , 4497 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4498 ) 4499 ] 4500 ) 4501 4502 oldCPP="$CPPFLAGS" 4503 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4504 AC_CHECK_HEADER([gssapi_krb5.h], , 4505 [ CPPFLAGS="$oldCPP" ]) 4506 4507 fi 4508 if test ! -z "$need_dash_r" ; then 4509 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4510 fi 4511 if test ! -z "$blibpath" ; then 4512 blibpath="$blibpath:${KRB5ROOT}/lib" 4513 fi 4514 4515 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4516 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4517 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4518 4519 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4520 [Define this if you want to use libkafs' AFS support])]) 4521 4522 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4523#ifdef HAVE_GSSAPI_H 4524# include <gssapi.h> 4525#elif defined(HAVE_GSSAPI_GSSAPI_H) 4526# include <gssapi/gssapi.h> 4527#endif 4528 4529#ifdef HAVE_GSSAPI_GENERIC_H 4530# include <gssapi_generic.h> 4531#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4532# include <gssapi/gssapi_generic.h> 4533#endif 4534 ]]) 4535 saved_LIBS="$LIBS" 4536 LIBS="$LIBS $K5LIBS" 4537 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4538 LIBS="$saved_LIBS" 4539 4540 fi 4541 ] 4542) 4543AC_SUBST([GSSLIBS]) 4544AC_SUBST([K5LIBS]) 4545 4546# Looking for programs, paths and files 4547 4548PRIVSEP_PATH=/var/empty 4549AC_ARG_WITH([privsep-path], 4550 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4551 [ 4552 if test -n "$withval" && test "x$withval" != "xno" && \ 4553 test "x${withval}" != "xyes"; then 4554 PRIVSEP_PATH=$withval 4555 fi 4556 ] 4557) 4558AC_SUBST([PRIVSEP_PATH]) 4559 4560AC_ARG_WITH([xauth], 4561 [ --with-xauth=PATH Specify path to xauth program ], 4562 [ 4563 if test -n "$withval" && test "x$withval" != "xno" && \ 4564 test "x${withval}" != "xyes"; then 4565 xauth_path=$withval 4566 fi 4567 ], 4568 [ 4569 TestPath="$PATH" 4570 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4571 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4572 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4573 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4574 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4575 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4576 xauth_path="/usr/openwin/bin/xauth" 4577 fi 4578 ] 4579) 4580 4581STRIP_OPT=-s 4582AC_ARG_ENABLE([strip], 4583 [ --disable-strip Disable calling strip(1) on install], 4584 [ 4585 if test "x$enableval" = "xno" ; then 4586 STRIP_OPT= 4587 fi 4588 ] 4589) 4590AC_SUBST([STRIP_OPT]) 4591 4592if test -z "$xauth_path" ; then 4593 XAUTH_PATH="undefined" 4594 AC_SUBST([XAUTH_PATH]) 4595else 4596 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4597 [Define if xauth is found in your path]) 4598 XAUTH_PATH=$xauth_path 4599 AC_SUBST([XAUTH_PATH]) 4600fi 4601 4602dnl # --with-maildir=/path/to/mail gets top priority. 4603dnl # if maildir is set in the platform case statement above we use that. 4604dnl # Otherwise we run a program to get the dir from system headers. 4605dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4606dnl # If we find _PATH_MAILDIR we do nothing because that is what 4607dnl # session.c expects anyway. Otherwise we set to the value found 4608dnl # stripping any trailing slash. If for some strage reason our program 4609dnl # does not find what it needs, we default to /var/spool/mail. 4610# Check for mail directory 4611AC_ARG_WITH([maildir], 4612 [ --with-maildir=/path/to/mail Specify your system mail directory], 4613 [ 4614 if test "X$withval" != X && test "x$withval" != xno && \ 4615 test "x${withval}" != xyes; then 4616 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4617 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4618 fi 4619 ],[ 4620 if test "X$maildir" != "X"; then 4621 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4622 else 4623 AC_MSG_CHECKING([Discovering system mail directory]) 4624 AC_RUN_IFELSE( 4625 [AC_LANG_PROGRAM([[ 4626#include <stdio.h> 4627#include <string.h> 4628#ifdef HAVE_PATHS_H 4629#include <paths.h> 4630#endif 4631#ifdef HAVE_MAILLOCK_H 4632#include <maillock.h> 4633#endif 4634#define DATA "conftest.maildir" 4635 ]], [[ 4636 FILE *fd; 4637 int rc; 4638 4639 fd = fopen(DATA,"w"); 4640 if(fd == NULL) 4641 exit(1); 4642 4643#if defined (_PATH_MAILDIR) 4644 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4645 exit(1); 4646#elif defined (MAILDIR) 4647 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4648 exit(1); 4649#elif defined (_PATH_MAIL) 4650 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4651 exit(1); 4652#else 4653 exit (2); 4654#endif 4655 4656 exit(0); 4657 ]])], 4658 [ 4659 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4660 maildir=`awk -F: '{print $2}' conftest.maildir \ 4661 | sed 's|/$||'` 4662 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4663 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4664 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4665 fi 4666 ], 4667 [ 4668 if test "X$ac_status" = "X2";then 4669# our test program didn't find it. Default to /var/spool/mail 4670 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4671 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4672 else 4673 AC_MSG_RESULT([*** not found ***]) 4674 fi 4675 ], 4676 [ 4677 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4678 ] 4679 ) 4680 fi 4681 ] 4682) # maildir 4683 4684if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4685 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4686 disable_ptmx_check=yes 4687fi 4688if test -z "$no_dev_ptmx" ; then 4689 if test "x$disable_ptmx_check" != "xyes" ; then 4690 AC_CHECK_FILE(["/dev/ptmx"], 4691 [ 4692 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4693 [Define if you have /dev/ptmx]) 4694 have_dev_ptmx=1 4695 ] 4696 ) 4697 fi 4698fi 4699 4700if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4701 AC_CHECK_FILE(["/dev/ptc"], 4702 [ 4703 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4704 [Define if you have /dev/ptc]) 4705 have_dev_ptc=1 4706 ] 4707 ) 4708else 4709 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4710fi 4711 4712# Options from here on. Some of these are preset by platform above 4713AC_ARG_WITH([mantype], 4714 [ --with-mantype=man|cat|doc Set man page type], 4715 [ 4716 case "$withval" in 4717 man|cat|doc) 4718 MANTYPE=$withval 4719 ;; 4720 *) 4721 AC_MSG_ERROR([invalid man type: $withval]) 4722 ;; 4723 esac 4724 ] 4725) 4726if test -z "$MANTYPE"; then 4727 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4728 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4729 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4730 MANTYPE=doc 4731 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4732 MANTYPE=man 4733 else 4734 MANTYPE=cat 4735 fi 4736fi 4737AC_SUBST([MANTYPE]) 4738if test "$MANTYPE" = "doc"; then 4739 mansubdir=man; 4740else 4741 mansubdir=$MANTYPE; 4742fi 4743AC_SUBST([mansubdir]) 4744 4745# Check whether to enable MD5 passwords 4746MD5_MSG="no" 4747AC_ARG_WITH([md5-passwords], 4748 [ --with-md5-passwords Enable use of MD5 passwords], 4749 [ 4750 if test "x$withval" != "xno" ; then 4751 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4752 [Define if you want to allow MD5 passwords]) 4753 MD5_MSG="yes" 4754 fi 4755 ] 4756) 4757 4758# Whether to disable shadow password support 4759AC_ARG_WITH([shadow], 4760 [ --without-shadow Disable shadow password support], 4761 [ 4762 if test "x$withval" = "xno" ; then 4763 AC_DEFINE([DISABLE_SHADOW]) 4764 disable_shadow=yes 4765 fi 4766 ] 4767) 4768 4769if test -z "$disable_shadow" ; then 4770 AC_MSG_CHECKING([if the systems has expire shadow information]) 4771 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4772#include <sys/types.h> 4773#include <shadow.h> 4774struct spwd sp; 4775 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4776 [ sp_expire_available=yes ], [ 4777 ]) 4778 4779 if test "x$sp_expire_available" = "xyes" ; then 4780 AC_MSG_RESULT([yes]) 4781 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4782 [Define if you want to use shadow password expire field]) 4783 else 4784 AC_MSG_RESULT([no]) 4785 fi 4786fi 4787 4788# Use ip address instead of hostname in $DISPLAY 4789if test ! -z "$IPADDR_IN_DISPLAY" ; then 4790 DISPLAY_HACK_MSG="yes" 4791 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4792 [Define if you need to use IP address 4793 instead of hostname in $DISPLAY]) 4794else 4795 DISPLAY_HACK_MSG="no" 4796 AC_ARG_WITH([ipaddr-display], 4797 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4798 [ 4799 if test "x$withval" != "xno" ; then 4800 AC_DEFINE([IPADDR_IN_DISPLAY]) 4801 DISPLAY_HACK_MSG="yes" 4802 fi 4803 ] 4804 ) 4805fi 4806 4807# check for /etc/default/login and use it if present. 4808AC_ARG_ENABLE([etc-default-login], 4809 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4810 [ if test "x$enableval" = "xno"; then 4811 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4812 etc_default_login=no 4813 else 4814 etc_default_login=yes 4815 fi ], 4816 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4817 then 4818 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4819 etc_default_login=no 4820 else 4821 etc_default_login=yes 4822 fi ] 4823) 4824 4825if test "x$etc_default_login" != "xno"; then 4826 AC_CHECK_FILE(["/etc/default/login"], 4827 [ external_path_file=/etc/default/login ]) 4828 if test "x$external_path_file" = "x/etc/default/login"; then 4829 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4830 [Define if your system has /etc/default/login]) 4831 fi 4832fi 4833 4834dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4835if test $ac_cv_func_login_getcapbool = "yes" && \ 4836 test $ac_cv_header_login_cap_h = "yes" ; then 4837 external_path_file=/etc/login.conf 4838fi 4839 4840# Whether to mess with the default path 4841SERVER_PATH_MSG="(default)" 4842AC_ARG_WITH([default-path], 4843 [ --with-default-path= Specify default $PATH environment for server], 4844 [ 4845 if test "x$external_path_file" = "x/etc/login.conf" ; then 4846 AC_MSG_WARN([ 4847--with-default-path=PATH has no effect on this system. 4848Edit /etc/login.conf instead.]) 4849 elif test "x$withval" != "xno" ; then 4850 if test ! -z "$external_path_file" ; then 4851 AC_MSG_WARN([ 4852--with-default-path=PATH will only be used if PATH is not defined in 4853$external_path_file .]) 4854 fi 4855 user_path="$withval" 4856 SERVER_PATH_MSG="$withval" 4857 fi 4858 ], 4859 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4860 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4861 else 4862 if test ! -z "$external_path_file" ; then 4863 AC_MSG_WARN([ 4864If PATH is defined in $external_path_file, ensure the path to scp is included, 4865otherwise scp will not work.]) 4866 fi 4867 AC_RUN_IFELSE( 4868 [AC_LANG_PROGRAM([[ 4869/* find out what STDPATH is */ 4870#include <stdio.h> 4871#ifdef HAVE_PATHS_H 4872# include <paths.h> 4873#endif 4874#ifndef _PATH_STDPATH 4875# ifdef _PATH_USERPATH /* Irix */ 4876# define _PATH_STDPATH _PATH_USERPATH 4877# else 4878# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4879# endif 4880#endif 4881#include <sys/types.h> 4882#include <sys/stat.h> 4883#include <fcntl.h> 4884#define DATA "conftest.stdpath" 4885 ]], [[ 4886 FILE *fd; 4887 int rc; 4888 4889 fd = fopen(DATA,"w"); 4890 if(fd == NULL) 4891 exit(1); 4892 4893 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4894 exit(1); 4895 4896 exit(0); 4897 ]])], 4898 [ user_path=`cat conftest.stdpath` ], 4899 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4900 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4901 ) 4902# make sure $bindir is in USER_PATH so scp will work 4903 t_bindir="${bindir}" 4904 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4905 t_bindir=`eval echo ${t_bindir}` 4906 case $t_bindir in 4907 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4908 esac 4909 case $t_bindir in 4910 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4911 esac 4912 done 4913 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4914 if test $? -ne 0 ; then 4915 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4916 if test $? -ne 0 ; then 4917 user_path=$user_path:$t_bindir 4918 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4919 fi 4920 fi 4921 fi ] 4922) 4923if test "x$external_path_file" != "x/etc/login.conf" ; then 4924 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4925 AC_SUBST([user_path]) 4926fi 4927 4928# Set superuser path separately to user path 4929AC_ARG_WITH([superuser-path], 4930 [ --with-superuser-path= Specify different path for super-user], 4931 [ 4932 if test -n "$withval" && test "x$withval" != "xno" && \ 4933 test "x${withval}" != "xyes"; then 4934 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4935 [Define if you want a different $PATH 4936 for the superuser]) 4937 superuser_path=$withval 4938 fi 4939 ] 4940) 4941 4942 4943AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4944IPV4_IN6_HACK_MSG="no" 4945AC_ARG_WITH(4in6, 4946 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4947 [ 4948 if test "x$withval" != "xno" ; then 4949 AC_MSG_RESULT([yes]) 4950 AC_DEFINE([IPV4_IN_IPV6], [1], 4951 [Detect IPv4 in IPv6 mapped addresses 4952 and treat as IPv4]) 4953 IPV4_IN6_HACK_MSG="yes" 4954 else 4955 AC_MSG_RESULT([no]) 4956 fi 4957 ], [ 4958 if test "x$inet6_default_4in6" = "xyes"; then 4959 AC_MSG_RESULT([yes (default)]) 4960 AC_DEFINE([IPV4_IN_IPV6]) 4961 IPV4_IN6_HACK_MSG="yes" 4962 else 4963 AC_MSG_RESULT([no (default)]) 4964 fi 4965 ] 4966) 4967 4968# Whether to enable BSD auth support 4969BSD_AUTH_MSG=no 4970AC_ARG_WITH([bsd-auth], 4971 [ --with-bsd-auth Enable BSD auth support], 4972 [ 4973 if test "x$withval" != "xno" ; then 4974 AC_DEFINE([BSD_AUTH], [1], 4975 [Define if you have BSD auth support]) 4976 BSD_AUTH_MSG=yes 4977 fi 4978 ] 4979) 4980 4981# Where to place sshd.pid 4982piddir=/var/run 4983# make sure the directory exists 4984if test ! -d $piddir ; then 4985 piddir=`eval echo ${sysconfdir}` 4986 case $piddir in 4987 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4988 esac 4989fi 4990 4991AC_ARG_WITH([pid-dir], 4992 [ --with-pid-dir=PATH Specify location of sshd.pid file], 4993 [ 4994 if test -n "$withval" && test "x$withval" != "xno" && \ 4995 test "x${withval}" != "xyes"; then 4996 piddir=$withval 4997 if test ! -d $piddir ; then 4998 AC_MSG_WARN([** no $piddir directory on this system **]) 4999 fi 5000 fi 5001 ] 5002) 5003 5004AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5005 [Specify location of ssh.pid]) 5006AC_SUBST([piddir]) 5007 5008dnl allow user to disable some login recording features 5009AC_ARG_ENABLE([lastlog], 5010 [ --disable-lastlog disable use of lastlog even if detected [no]], 5011 [ 5012 if test "x$enableval" = "xno" ; then 5013 AC_DEFINE([DISABLE_LASTLOG]) 5014 fi 5015 ] 5016) 5017AC_ARG_ENABLE([utmp], 5018 [ --disable-utmp disable use of utmp even if detected [no]], 5019 [ 5020 if test "x$enableval" = "xno" ; then 5021 AC_DEFINE([DISABLE_UTMP]) 5022 fi 5023 ] 5024) 5025AC_ARG_ENABLE([utmpx], 5026 [ --disable-utmpx disable use of utmpx even if detected [no]], 5027 [ 5028 if test "x$enableval" = "xno" ; then 5029 AC_DEFINE([DISABLE_UTMPX], [1], 5030 [Define if you don't want to use utmpx]) 5031 fi 5032 ] 5033) 5034AC_ARG_ENABLE([wtmp], 5035 [ --disable-wtmp disable use of wtmp even if detected [no]], 5036 [ 5037 if test "x$enableval" = "xno" ; then 5038 AC_DEFINE([DISABLE_WTMP]) 5039 fi 5040 ] 5041) 5042AC_ARG_ENABLE([wtmpx], 5043 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5044 [ 5045 if test "x$enableval" = "xno" ; then 5046 AC_DEFINE([DISABLE_WTMPX], [1], 5047 [Define if you don't want to use wtmpx]) 5048 fi 5049 ] 5050) 5051AC_ARG_ENABLE([libutil], 5052 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5053 [ 5054 if test "x$enableval" = "xno" ; then 5055 AC_DEFINE([DISABLE_LOGIN]) 5056 fi 5057 ] 5058) 5059AC_ARG_ENABLE([pututline], 5060 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5061 [ 5062 if test "x$enableval" = "xno" ; then 5063 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5064 [Define if you don't want to use pututline() 5065 etc. to write [uw]tmp]) 5066 fi 5067 ] 5068) 5069AC_ARG_ENABLE([pututxline], 5070 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5071 [ 5072 if test "x$enableval" = "xno" ; then 5073 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5074 [Define if you don't want to use pututxline() 5075 etc. to write [uw]tmpx]) 5076 fi 5077 ] 5078) 5079AC_ARG_WITH([lastlog], 5080 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5081 [ 5082 if test "x$withval" = "xno" ; then 5083 AC_DEFINE([DISABLE_LASTLOG]) 5084 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5085 conf_lastlog_location=$withval 5086 fi 5087 ] 5088) 5089 5090dnl lastlog, [uw]tmpx? detection 5091dnl NOTE: set the paths in the platform section to avoid the 5092dnl need for command-line parameters 5093dnl lastlog and [uw]tmp are subject to a file search if all else fails 5094 5095dnl lastlog detection 5096dnl NOTE: the code itself will detect if lastlog is a directory 5097AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5098AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5099#include <sys/types.h> 5100#include <utmp.h> 5101#ifdef HAVE_LASTLOG_H 5102# include <lastlog.h> 5103#endif 5104#ifdef HAVE_PATHS_H 5105# include <paths.h> 5106#endif 5107#ifdef HAVE_LOGIN_H 5108# include <login.h> 5109#endif 5110 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5111 [ AC_MSG_RESULT([yes]) ], 5112 [ 5113 AC_MSG_RESULT([no]) 5114 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5115 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5116#include <sys/types.h> 5117#include <utmp.h> 5118#ifdef HAVE_LASTLOG_H 5119# include <lastlog.h> 5120#endif 5121#ifdef HAVE_PATHS_H 5122# include <paths.h> 5123#endif 5124 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5125 [ AC_MSG_RESULT([yes]) ], 5126 [ 5127 AC_MSG_RESULT([no]) 5128 system_lastlog_path=no 5129 ]) 5130]) 5131 5132if test -z "$conf_lastlog_location"; then 5133 if test x"$system_lastlog_path" = x"no" ; then 5134 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5135 if (test -d "$f" || test -f "$f") ; then 5136 conf_lastlog_location=$f 5137 fi 5138 done 5139 if test -z "$conf_lastlog_location"; then 5140 AC_MSG_WARN([** Cannot find lastlog **]) 5141 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5142 fi 5143 fi 5144fi 5145 5146if test -n "$conf_lastlog_location"; then 5147 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5148 [Define if you want to specify the path to your lastlog file]) 5149fi 5150 5151dnl utmp detection 5152AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5153AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5154#include <sys/types.h> 5155#include <utmp.h> 5156#ifdef HAVE_PATHS_H 5157# include <paths.h> 5158#endif 5159 ]], [[ char *utmp = UTMP_FILE; ]])], 5160 [ AC_MSG_RESULT([yes]) ], 5161 [ AC_MSG_RESULT([no]) 5162 system_utmp_path=no 5163]) 5164if test -z "$conf_utmp_location"; then 5165 if test x"$system_utmp_path" = x"no" ; then 5166 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5167 if test -f $f ; then 5168 conf_utmp_location=$f 5169 fi 5170 done 5171 if test -z "$conf_utmp_location"; then 5172 AC_DEFINE([DISABLE_UTMP]) 5173 fi 5174 fi 5175fi 5176if test -n "$conf_utmp_location"; then 5177 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5178 [Define if you want to specify the path to your utmp file]) 5179fi 5180 5181dnl wtmp detection 5182AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5183AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5184#include <sys/types.h> 5185#include <utmp.h> 5186#ifdef HAVE_PATHS_H 5187# include <paths.h> 5188#endif 5189 ]], [[ char *wtmp = WTMP_FILE; ]])], 5190 [ AC_MSG_RESULT([yes]) ], 5191 [ AC_MSG_RESULT([no]) 5192 system_wtmp_path=no 5193]) 5194if test -z "$conf_wtmp_location"; then 5195 if test x"$system_wtmp_path" = x"no" ; then 5196 for f in /usr/adm/wtmp /var/log/wtmp; do 5197 if test -f $f ; then 5198 conf_wtmp_location=$f 5199 fi 5200 done 5201 if test -z "$conf_wtmp_location"; then 5202 AC_DEFINE([DISABLE_WTMP]) 5203 fi 5204 fi 5205fi 5206if test -n "$conf_wtmp_location"; then 5207 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5208 [Define if you want to specify the path to your wtmp file]) 5209fi 5210 5211dnl wtmpx detection 5212AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5213AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5214#include <sys/types.h> 5215#include <utmp.h> 5216#ifdef HAVE_UTMPX_H 5217#include <utmpx.h> 5218#endif 5219#ifdef HAVE_PATHS_H 5220# include <paths.h> 5221#endif 5222 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5223 [ AC_MSG_RESULT([yes]) ], 5224 [ AC_MSG_RESULT([no]) 5225 system_wtmpx_path=no 5226]) 5227if test -z "$conf_wtmpx_location"; then 5228 if test x"$system_wtmpx_path" = x"no" ; then 5229 AC_DEFINE([DISABLE_WTMPX]) 5230 fi 5231else 5232 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5233 [Define if you want to specify the path to your wtmpx file]) 5234fi 5235 5236 5237if test ! -z "$blibpath" ; then 5238 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5239 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5240fi 5241 5242AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5243 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5244 AC_DEFINE([DISABLE_LASTLOG]) 5245 fi 5246 ], [ 5247#ifdef HAVE_SYS_TYPES_H 5248#include <sys/types.h> 5249#endif 5250#ifdef HAVE_UTMP_H 5251#include <utmp.h> 5252#endif 5253#ifdef HAVE_UTMPX_H 5254#include <utmpx.h> 5255#endif 5256#ifdef HAVE_LASTLOG_H 5257#include <lastlog.h> 5258#endif 5259 ]) 5260 5261AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5262 AC_DEFINE([DISABLE_UTMP]) 5263 AC_DEFINE([DISABLE_WTMP]) 5264 ], [ 5265#ifdef HAVE_SYS_TYPES_H 5266#include <sys/types.h> 5267#endif 5268#ifdef HAVE_UTMP_H 5269#include <utmp.h> 5270#endif 5271#ifdef HAVE_UTMPX_H 5272#include <utmpx.h> 5273#endif 5274#ifdef HAVE_LASTLOG_H 5275#include <lastlog.h> 5276#endif 5277 ]) 5278 5279dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5280dnl Add now. 5281CFLAGS="$CFLAGS $werror_flags" 5282 5283if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5284 TEST_SSH_IPV6=no 5285else 5286 TEST_SSH_IPV6=yes 5287fi 5288AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5289AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5290AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5291AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5292AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5293AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5294 5295CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5296LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5297 5298AC_EXEEXT 5299AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5300 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5301 survey.sh]) 5302AC_OUTPUT 5303 5304# Print summary of options 5305 5306# Someone please show me a better way :) 5307A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5308B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5309C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5310D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5311E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5312F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5313G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5314H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5315I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5316J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5317 5318echo "" 5319echo "OpenSSH has been configured with the following options:" 5320echo " User binaries: $B" 5321echo " System binaries: $C" 5322echo " Configuration files: $D" 5323echo " Askpass program: $E" 5324echo " Manual pages: $F" 5325echo " PID file: $G" 5326echo " Privilege separation chroot path: $H" 5327if test "x$external_path_file" = "x/etc/login.conf" ; then 5328echo " At runtime, sshd will use the path defined in $external_path_file" 5329echo " Make sure the path to scp is present, otherwise scp will not work" 5330else 5331echo " sshd default user PATH: $I" 5332 if test ! -z "$external_path_file"; then 5333echo " (If PATH is set in $external_path_file it will be used instead. If" 5334echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5335 fi 5336fi 5337if test ! -z "$superuser_path" ; then 5338echo " sshd superuser user PATH: $J" 5339fi 5340echo " Manpage format: $MANTYPE" 5341echo " PAM support: $PAM_MSG" 5342echo " OSF SIA support: $SIA_MSG" 5343echo " KerberosV support: $KRB5_MSG" 5344echo " SELinux support: $SELINUX_MSG" 5345echo " TCP Wrappers support: $TCPW_MSG" 5346echo " MD5 password support: $MD5_MSG" 5347echo " libedit support: $LIBEDIT_MSG" 5348echo " libldns support: $LDNS_MSG" 5349echo " Solaris process contract support: $SPC_MSG" 5350echo " Solaris project support: $SP_MSG" 5351echo " Solaris privilege support: $SPP_MSG" 5352echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5353echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5354echo " BSD Auth support: $BSD_AUTH_MSG" 5355echo " Random number source: $RAND_MSG" 5356echo " Privsep sandbox style: $SANDBOX_STYLE" 5357 5358echo "" 5359 5360echo " Host: ${host}" 5361echo " Compiler: ${CC}" 5362echo " Compiler flags: ${CFLAGS}" 5363echo "Preprocessor flags: ${CPPFLAGS}" 5364echo " Linker flags: ${LDFLAGS}" 5365echo " Libraries: ${LIBS}" 5366if test ! -z "${SSHDLIBS}"; then 5367echo " +for sshd: ${SSHDLIBS}" 5368fi 5369if test ! -z "${SSHLIBS}"; then 5370echo " +for ssh: ${SSHLIBS}" 5371fi 5372 5373echo "" 5374 5375if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5376 echo "SVR4 style packages are supported with \"make package\"" 5377 echo "" 5378fi 5379 5380if test "x$PAM_MSG" = "xyes" ; then 5381 echo "PAM is enabled. You may need to install a PAM control file " 5382 echo "for sshd, otherwise password authentication may fail. " 5383 echo "Example PAM control files can be found in the contrib/ " 5384 echo "subdirectory" 5385 echo "" 5386fi 5387 5388if test ! -z "$NO_PEERCHECK" ; then 5389 echo "WARNING: the operating system that you are using does not" 5390 echo "appear to support getpeereid(), getpeerucred() or the" 5391 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5392 echo "enforce security checks to prevent unauthorised connections to" 5393 echo "ssh-agent. Their absence increases the risk that a malicious" 5394 echo "user can connect to your agent." 5395 echo "" 5396fi 5397 5398if test "$AUDIT_MODULE" = "bsm" ; then 5399 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5400 echo "See the Solaris section in README.platform for details." 5401fi 5402