1# $Id: configure.ac,v 1.571 2014/02/21 17:09:34 tim Exp $ 2# 3# Copyright (c) 1999-2004 Damien Miller 4# 5# Permission to use, copy, modify, and distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 18AC_REVISION($Revision: 1.571 $) 19AC_CONFIG_SRCDIR([ssh.c]) 20AC_LANG([C]) 21 22AC_CONFIG_HEADER([config.h]) 23AC_PROG_CC 24AC_CANONICAL_HOST 25AC_C_BIGENDIAN 26 27# Checks for programs. 28AC_PROG_AWK 29AC_PROG_CPP 30AC_PROG_RANLIB 31AC_PROG_INSTALL 32AC_PROG_EGREP 33AC_PATH_PROG([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROGS([PERL], [perl5 perl]) 37AC_PATH_PROG([SED], [sed]) 38AC_SUBST([PERL]) 39AC_PATH_PROG([ENT], [ent]) 40AC_SUBST([ENT]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 44AC_PATH_PROG([SH], [sh]) 45AC_PATH_PROG([GROFF], [groff]) 46AC_PATH_PROG([NROFF], [nroff]) 47AC_PATH_PROG([MANDOC], [mandoc]) 48AC_SUBST([TEST_SHELL], [sh]) 49 50dnl select manpage formatter 51if test "x$MANDOC" != "x" ; then 52 MANFMT="$MANDOC" 53elif test "x$NROFF" != "x" ; then 54 MANFMT="$NROFF -mandoc" 55elif test "x$GROFF" != "x" ; then 56 MANFMT="$GROFF -mandoc -Tascii" 57else 58 AC_MSG_WARN([no manpage formatted found]) 59 MANFMT="false" 60fi 61AC_SUBST([MANFMT]) 62 63dnl for buildpkg.sh 64AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 67 [/usr/sbin${PATH_SEPARATOR}/etc]) 68AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 69if test -x /sbin/sh; then 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 71else 72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 73fi 74 75# System features 76AC_SYS_LARGEFILE 77 78if test -z "$AR" ; then 79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 80fi 81 82# Use LOGIN_PROGRAM from environment if possible 83if test ! -z "$LOGIN_PROGRAM" ; then 84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], 85 [If your header files don't define LOGIN_PROGRAM, 86 then use this (detected) from environment and PATH]) 87else 88 # Search for login 89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) 90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) 92 fi 93fi 94 95AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 96if test ! -z "$PATH_PASSWD_PROG" ; then 97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 98 [Full path of your "passwd" program]) 99fi 100 101if test -z "$LD" ; then 102 LD=$CC 103fi 104AC_SUBST([LD]) 105 106AC_C_INLINE 107 108AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 109AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 110 #include <sys/types.h> 111 #include <sys/param.h> 112 #include <dev/systrace.h> 113]) 114AC_CHECK_DECL([RLIMIT_NPROC], 115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 116 #include <sys/types.h> 117 #include <sys/resource.h> 118]) 119AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 120 #include <sys/types.h> 121 #include <linux/prctl.h> 122]) 123 124use_stack_protector=1 125use_toolchain_hardening=1 126AC_ARG_WITH([stackprotect], 127 [ --without-stackprotect Don't use compiler's stack protection], [ 128 if test "x$withval" = "xno"; then 129 use_stack_protector=0 130 fi ]) 131AC_ARG_WITH([hardening], 132 [ --without-hardening Don't use toolchain hardening flags], [ 133 if test "x$withval" = "xno"; then 134 use_toolchain_hardening=0 135 fi ]) 136 137# We use -Werror for the tests only so that we catch warnings like "this is 138# on by default" for things like -fPIE. 139AC_MSG_CHECKING([if $CC supports -Werror]) 140saved_CFLAGS="$CFLAGS" 141CFLAGS="$CFLAGS -Werror" 142AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 143 [ AC_MSG_RESULT([yes]) 144 WERROR="-Werror"], 145 [ AC_MSG_RESULT([no]) 146 WERROR="" ] 147) 148CFLAGS="$saved_CFLAGS" 149 150if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 151 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 152 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 153 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 154 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 155 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 161 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 162 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 163 if test "x$use_toolchain_hardening" = "x1"; then 164 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 165 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 166 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 167 # NB. -ftrapv expects certain support functions to be present in 168 # the compiler library (libgcc or similar) to detect integer operations 169 # that can overflow. We must check that the result of enabling it 170 # actually links. The test program compiled/linked includes a number 171 # of integer operations that should exercise this. 172 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 173 fi 174 AC_MSG_CHECKING([gcc version]) 175 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 176 case $GCC_VER in 177 1.*) no_attrib_nonnull=1 ;; 178 2.8* | 2.9*) 179 no_attrib_nonnull=1 180 ;; 181 2.*) no_attrib_nonnull=1 ;; 182 *) ;; 183 esac 184 AC_MSG_RESULT([$GCC_VER]) 185 186 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 187 saved_CFLAGS="$CFLAGS" 188 CFLAGS="$CFLAGS -fno-builtin-memset" 189 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 190 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 191 [ AC_MSG_RESULT([yes]) ], 192 [ AC_MSG_RESULT([no]) 193 CFLAGS="$saved_CFLAGS" ] 194 ) 195 196 # -fstack-protector-all doesn't always work for some GCC versions 197 # and/or platforms, so we test if we can. If it's not supported 198 # on a given platform gcc will emit a warning so we use -Werror. 199 if test "x$use_stack_protector" = "x1"; then 200 for t in -fstack-protector-strong -fstack-protector-all \ 201 -fstack-protector; do 202 AC_MSG_CHECKING([if $CC supports $t]) 203 saved_CFLAGS="$CFLAGS" 204 saved_LDFLAGS="$LDFLAGS" 205 CFLAGS="$CFLAGS $t -Werror" 206 LDFLAGS="$LDFLAGS $t -Werror" 207 AC_LINK_IFELSE( 208 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 209 [[ 210 char x[256]; 211 snprintf(x, sizeof(x), "XXX"); 212 ]])], 213 [ AC_MSG_RESULT([yes]) 214 CFLAGS="$saved_CFLAGS $t" 215 LDFLAGS="$saved_LDFLAGS $t" 216 AC_MSG_CHECKING([if $t works]) 217 AC_RUN_IFELSE( 218 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 219 [[ 220 char x[256]; 221 snprintf(x, sizeof(x), "XXX"); 222 ]])], 223 [ AC_MSG_RESULT([yes]) 224 break ], 225 [ AC_MSG_RESULT([no]) ], 226 [ AC_MSG_WARN([cross compiling: cannot test]) 227 break ] 228 ) 229 ], 230 [ AC_MSG_RESULT([no]) ] 231 ) 232 CFLAGS="$saved_CFLAGS" 233 LDFLAGS="$saved_LDFLAGS" 234 done 235 fi 236 237 if test -z "$have_llong_max"; then 238 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 239 unset ac_cv_have_decl_LLONG_MAX 240 saved_CFLAGS="$CFLAGS" 241 CFLAGS="$CFLAGS -std=gnu99" 242 AC_CHECK_DECL([LLONG_MAX], 243 [have_llong_max=1], 244 [CFLAGS="$saved_CFLAGS"], 245 [#include <limits.h>] 246 ) 247 fi 248fi 249 250AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 251AC_COMPILE_IFELSE( 252 [AC_LANG_PROGRAM([[ 253#include <stdlib.h> 254__attribute__((__unused__)) static void foo(void){return;}]], 255 [[ exit(0); ]])], 256 [ AC_MSG_RESULT([yes]) ], 257 [ AC_MSG_RESULT([no]) 258 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 259 [compiler does not accept __attribute__ on return types]) ] 260) 261 262if test "x$no_attrib_nonnull" != "x1" ; then 263 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 264fi 265 266AC_ARG_WITH([rpath], 267 [ --without-rpath Disable auto-added -R linker paths], 268 [ 269 if test "x$withval" = "xno" ; then 270 need_dash_r="" 271 fi 272 if test "x$withval" = "xyes" ; then 273 need_dash_r=1 274 fi 275 ] 276) 277 278# Allow user to specify flags 279AC_ARG_WITH([cflags], 280 [ --with-cflags Specify additional flags to pass to compiler], 281 [ 282 if test -n "$withval" && test "x$withval" != "xno" && \ 283 test "x${withval}" != "xyes"; then 284 CFLAGS="$CFLAGS $withval" 285 fi 286 ] 287) 288AC_ARG_WITH([cppflags], 289 [ --with-cppflags Specify additional flags to pass to preprocessor] , 290 [ 291 if test -n "$withval" && test "x$withval" != "xno" && \ 292 test "x${withval}" != "xyes"; then 293 CPPFLAGS="$CPPFLAGS $withval" 294 fi 295 ] 296) 297AC_ARG_WITH([ldflags], 298 [ --with-ldflags Specify additional flags to pass to linker], 299 [ 300 if test -n "$withval" && test "x$withval" != "xno" && \ 301 test "x${withval}" != "xyes"; then 302 LDFLAGS="$LDFLAGS $withval" 303 fi 304 ] 305) 306AC_ARG_WITH([libs], 307 [ --with-libs Specify additional libraries to link with], 308 [ 309 if test -n "$withval" && test "x$withval" != "xno" && \ 310 test "x${withval}" != "xyes"; then 311 LIBS="$LIBS $withval" 312 fi 313 ] 314) 315AC_ARG_WITH([Werror], 316 [ --with-Werror Build main code with -Werror], 317 [ 318 if test -n "$withval" && test "x$withval" != "xno"; then 319 werror_flags="-Werror" 320 if test "x${withval}" != "xyes"; then 321 werror_flags="$withval" 322 fi 323 fi 324 ] 325) 326 327AC_CHECK_HEADERS([ \ 328 blf.h \ 329 bstring.h \ 330 crypt.h \ 331 crypto/sha2.h \ 332 dirent.h \ 333 endian.h \ 334 elf.h \ 335 features.h \ 336 fcntl.h \ 337 floatingpoint.h \ 338 getopt.h \ 339 glob.h \ 340 ia.h \ 341 iaf.h \ 342 inttypes.h \ 343 limits.h \ 344 locale.h \ 345 login.h \ 346 maillock.h \ 347 ndir.h \ 348 net/if_tun.h \ 349 netdb.h \ 350 netgroup.h \ 351 pam/pam_appl.h \ 352 paths.h \ 353 poll.h \ 354 pty.h \ 355 readpassphrase.h \ 356 rpc/types.h \ 357 security/pam_appl.h \ 358 sha2.h \ 359 shadow.h \ 360 stddef.h \ 361 stdint.h \ 362 string.h \ 363 strings.h \ 364 sys/audit.h \ 365 sys/bitypes.h \ 366 sys/bsdtty.h \ 367 sys/capability.h \ 368 sys/cdefs.h \ 369 sys/dir.h \ 370 sys/mman.h \ 371 sys/ndir.h \ 372 sys/poll.h \ 373 sys/prctl.h \ 374 sys/pstat.h \ 375 sys/select.h \ 376 sys/stat.h \ 377 sys/stream.h \ 378 sys/stropts.h \ 379 sys/strtio.h \ 380 sys/statvfs.h \ 381 sys/sysmacros.h \ 382 sys/time.h \ 383 sys/timers.h \ 384 time.h \ 385 tmpdir.h \ 386 ttyent.h \ 387 ucred.h \ 388 unistd.h \ 389 usersec.h \ 390 util.h \ 391 utime.h \ 392 utmp.h \ 393 utmpx.h \ 394 vis.h \ 395]) 396 397# lastlog.h requires sys/time.h to be included first on Solaris 398AC_CHECK_HEADERS([lastlog.h], [], [], [ 399#ifdef HAVE_SYS_TIME_H 400# include <sys/time.h> 401#endif 402]) 403 404# sys/ptms.h requires sys/stream.h to be included first on Solaris 405AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 406#ifdef HAVE_SYS_STREAM_H 407# include <sys/stream.h> 408#endif 409]) 410 411# login_cap.h requires sys/types.h on NetBSD 412AC_CHECK_HEADERS([login_cap.h], [], [], [ 413#include <sys/types.h> 414]) 415 416# older BSDs need sys/param.h before sys/mount.h 417AC_CHECK_HEADERS([sys/mount.h], [], [], [ 418#include <sys/param.h> 419]) 420 421# Android requires sys/socket.h to be included before sys/un.h 422AC_CHECK_HEADERS([sys/un.h], [], [], [ 423#include <sys/types.h> 424#include <sys/socket.h> 425]) 426 427# Messages for features tested for in target-specific section 428SIA_MSG="no" 429SPC_MSG="no" 430SP_MSG="no" 431 432# Check for some target-specific stuff 433case "$host" in 434*-*-aix*) 435 # Some versions of VAC won't allow macro redefinitions at 436 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 437 # particularly with older versions of vac or xlc. 438 # It also throws errors about null macro argments, but these are 439 # not fatal. 440 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 441 AC_COMPILE_IFELSE( 442 [AC_LANG_PROGRAM([[ 443#define testmacro foo 444#define testmacro bar]], 445 [[ exit(0); ]])], 446 [ AC_MSG_RESULT([yes]) ], 447 [ AC_MSG_RESULT([no]) 448 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 449 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 450 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 451 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 452 ] 453 ) 454 455 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 456 if (test -z "$blibpath"); then 457 blibpath="/usr/lib:/lib" 458 fi 459 saved_LDFLAGS="$LDFLAGS" 460 if test "$GCC" = "yes"; then 461 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 462 else 463 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 464 fi 465 for tryflags in $flags ;do 466 if (test -z "$blibflags"); then 467 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 468 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 469 [blibflags=$tryflags], []) 470 fi 471 done 472 if (test -z "$blibflags"); then 473 AC_MSG_RESULT([not found]) 474 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 475 else 476 AC_MSG_RESULT([$blibflags]) 477 fi 478 LDFLAGS="$saved_LDFLAGS" 479 dnl Check for authenticate. Might be in libs.a on older AIXes 480 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 481 [Define if you want to enable AIX4's authenticate function])], 482 [AC_CHECK_LIB([s], [authenticate], 483 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 484 LIBS="$LIBS -ls" 485 ]) 486 ]) 487 dnl Check for various auth function declarations in headers. 488 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 489 passwdexpired, setauthdb], , , [#include <usersec.h>]) 490 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 491 AC_CHECK_DECLS([loginfailed], 492 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 493 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 494 [[ (void)loginfailed("user","host","tty",0); ]])], 495 [AC_MSG_RESULT([yes]) 496 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 497 [Define if your AIX loginfailed() function 498 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 499 ])], 500 [], 501 [#include <usersec.h>] 502 ) 503 AC_CHECK_FUNCS([getgrset setauthdb]) 504 AC_CHECK_DECL([F_CLOSEM], 505 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 506 [], 507 [ #include <limits.h> 508 #include <fcntl.h> ] 509 ) 510 check_for_aix_broken_getaddrinfo=1 511 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 512 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 513 [Define if your platform breaks doing a seteuid before a setuid]) 514 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 515 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 516 dnl AIX handles lastlog as part of its login message 517 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 518 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 519 [Some systems need a utmpx entry for /bin/login to work]) 520 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 521 [Define to a Set Process Title type if your system is 522 supported by bsd-setproctitle.c]) 523 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 524 [AIX 5.2 and 5.3 (and presumably newer) require this]) 525 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 526 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 527 ;; 528*-*-android*) 529 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 530 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 531 ;; 532*-*-cygwin*) 533 check_for_libcrypt_later=1 534 LIBS="$LIBS /usr/lib/textreadmode.o" 535 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 536 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 537 AC_DEFINE([DISABLE_SHADOW], [1], 538 [Define if you want to disable shadow passwords]) 539 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 540 [Define if X11 doesn't support AF_UNIX sockets on that system]) 541 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], 542 [Define if the concept of ports only accessible to 543 superusers isn't known]) 544 AC_DEFINE([DISABLE_FD_PASSING], [1], 545 [Define if your platform needs to skip post auth 546 file descriptor passing]) 547 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 548 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 549 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 550 # reasons which cause compile warnings, so we disable those warnings. 551 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 552 ;; 553*-*-dgux*) 554 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 555 [Define if your system choked on IP TOS setting]) 556 AC_DEFINE([SETEUID_BREAKS_SETUID]) 557 AC_DEFINE([BROKEN_SETREUID]) 558 AC_DEFINE([BROKEN_SETREGID]) 559 ;; 560*-*-darwin*) 561 use_pie=auto 562 AC_MSG_CHECKING([if we have working getaddrinfo]) 563 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 564main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 565 exit(0); 566 else 567 exit(1); 568} 569 ]])], 570 [AC_MSG_RESULT([working])], 571 [AC_MSG_RESULT([buggy]) 572 AC_DEFINE([BROKEN_GETADDRINFO], [1], 573 [getaddrinfo is broken (if present)]) 574 ], 575 [AC_MSG_RESULT([assume it is working])]) 576 AC_DEFINE([SETEUID_BREAKS_SETUID]) 577 AC_DEFINE([BROKEN_SETREUID]) 578 AC_DEFINE([BROKEN_SETREGID]) 579 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 580 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 581 [Define if your resolver libs need this for getrrsetbyname]) 582 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 583 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 584 [Use tunnel device compatibility to OpenBSD]) 585 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 586 [Prepend the address family to IP tunnel traffic]) 587 m4_pattern_allow([AU_IPv]) 588 AC_CHECK_DECL([AU_IPv4], [], 589 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 590 [#include <bsm/audit.h>] 591 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 592 [Define if pututxline updates lastlog too]) 593 ) 594 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 595 [Define to a Set Process Title type if your system is 596 supported by bsd-setproctitle.c]) 597 AC_CHECK_FUNCS([sandbox_init]) 598 AC_CHECK_HEADERS([sandbox.h]) 599 ;; 600*-*-dragonfly*) 601 SSHDLIBS="$SSHDLIBS -lcrypt" 602 TEST_MALLOC_OPTIONS="AFGJPRX" 603 ;; 604*-*-haiku*) 605 LIBS="$LIBS -lbsd " 606 AC_CHECK_LIB([network], [socket]) 607 AC_DEFINE([HAVE_U_INT64_T]) 608 MANTYPE=man 609 ;; 610*-*-hpux*) 611 # first we define all of the options common to all HP-UX releases 612 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 613 IPADDR_IN_DISPLAY=yes 614 AC_DEFINE([USE_PIPES]) 615 AC_DEFINE([LOGIN_NO_ENDOPT], [1], 616 [Define if your login program cannot handle end of options ("--")]) 617 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 618 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 619 [String used in /etc/passwd to denote locked account]) 620 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 621 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 622 maildir="/var/mail" 623 LIBS="$LIBS -lsec" 624 AC_CHECK_LIB([xnet], [t_error], , 625 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 626 627 # next, we define all of the options specific to major releases 628 case "$host" in 629 *-*-hpux10*) 630 if test -z "$GCC"; then 631 CFLAGS="$CFLAGS -Ae" 632 fi 633 ;; 634 *-*-hpux11*) 635 AC_DEFINE([PAM_SUN_CODEBASE], [1], 636 [Define if you are using Solaris-derived PAM which 637 passes pam_messages to the conversation function 638 with an extra level of indirection]) 639 AC_DEFINE([DISABLE_UTMP], [1], 640 [Define if you don't want to use utmp]) 641 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 642 check_for_hpux_broken_getaddrinfo=1 643 check_for_conflicting_getspnam=1 644 ;; 645 esac 646 647 # lastly, we define options specific to minor releases 648 case "$host" in 649 *-*-hpux10.26) 650 AC_DEFINE([HAVE_SECUREWARE], [1], 651 [Define if you have SecureWare-based 652 protected password database]) 653 disable_ptmx_check=yes 654 LIBS="$LIBS -lsecpw" 655 ;; 656 esac 657 ;; 658*-*-irix5*) 659 PATH="$PATH:/usr/etc" 660 AC_DEFINE([BROKEN_INET_NTOA], [1], 661 [Define if you system's inet_ntoa is busted 662 (e.g. Irix gcc issue)]) 663 AC_DEFINE([SETEUID_BREAKS_SETUID]) 664 AC_DEFINE([BROKEN_SETREUID]) 665 AC_DEFINE([BROKEN_SETREGID]) 666 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 667 [Define if you shouldn't strip 'tty' from your 668 ttyname in [uw]tmp]) 669 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 670 ;; 671*-*-irix6*) 672 PATH="$PATH:/usr/etc" 673 AC_DEFINE([WITH_IRIX_ARRAY], [1], 674 [Define if you have/want arrays 675 (cluster-wide session managment, not C arrays)]) 676 AC_DEFINE([WITH_IRIX_PROJECT], [1], 677 [Define if you want IRIX project management]) 678 AC_DEFINE([WITH_IRIX_AUDIT], [1], 679 [Define if you want IRIX audit trails]) 680 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 681 [Define if you want IRIX kernel jobs])]) 682 AC_DEFINE([BROKEN_INET_NTOA]) 683 AC_DEFINE([SETEUID_BREAKS_SETUID]) 684 AC_DEFINE([BROKEN_SETREUID]) 685 AC_DEFINE([BROKEN_SETREGID]) 686 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 687 AC_DEFINE([WITH_ABBREV_NO_TTY]) 688 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 689 ;; 690*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 691 check_for_libcrypt_later=1 692 AC_DEFINE([PAM_TTY_KLUDGE]) 693 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 694 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 695 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 696 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 697 ;; 698*-*-linux*) 699 no_dev_ptmx=1 700 use_pie=auto 701 check_for_libcrypt_later=1 702 check_for_openpty_ctty_bug=1 703 AC_DEFINE([PAM_TTY_KLUDGE], [1], 704 [Work around problematic Linux PAM modules handling of PAM_TTY]) 705 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 706 [String used in /etc/passwd to denote locked account]) 707 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 708 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 709 [Define to whatever link() returns for "not supported" 710 if it doesn't return EOPNOTSUPP.]) 711 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 712 AC_DEFINE([USE_BTMP]) 713 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 714 inet6_default_4in6=yes 715 case `uname -r` in 716 1.*|2.0.*) 717 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 718 [Define if cmsg_type is not passed correctly]) 719 ;; 720 esac 721 # tun(4) forwarding compat code 722 AC_CHECK_HEADERS([linux/if_tun.h]) 723 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 724 AC_DEFINE([SSH_TUN_LINUX], [1], 725 [Open tunnel devices the Linux tun/tap way]) 726 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 727 [Use tunnel device compatibility to OpenBSD]) 728 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 729 [Prepend the address family to IP tunnel traffic]) 730 fi 731 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 732 [], [#include <linux/types.h>]) 733 AC_CHECK_FUNCS([prctl]) 734 AC_MSG_CHECKING([for seccomp architecture]) 735 seccomp_audit_arch= 736 case "$host" in 737 x86_64-*) 738 seccomp_audit_arch=AUDIT_ARCH_X86_64 739 ;; 740 i*86-*) 741 seccomp_audit_arch=AUDIT_ARCH_I386 742 ;; 743 arm*-*) 744 seccomp_audit_arch=AUDIT_ARCH_ARM 745 ;; 746 esac 747 if test "x$seccomp_audit_arch" != "x" ; then 748 AC_MSG_RESULT(["$seccomp_audit_arch"]) 749 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 750 [Specify the system call convention in use]) 751 else 752 AC_MSG_RESULT([architecture not supported]) 753 fi 754 ;; 755mips-sony-bsd|mips-sony-newsos4) 756 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 757 SONY=1 758 ;; 759*-*-netbsd*) 760 check_for_libcrypt_before=1 761 if test "x$withval" != "xno" ; then 762 need_dash_r=1 763 fi 764 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 765 AC_CHECK_HEADER([net/if_tap.h], , 766 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 767 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 768 [Prepend the address family to IP tunnel traffic]) 769 TEST_MALLOC_OPTIONS="AJRX" 770 AC_DEFINE([BROKEN_STRNVIS], [1], 771 [NetBSD strnvis argument order is swapped compared to OpenBSD]) 772 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 773 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 774 ;; 775*-*-freebsd*) 776 check_for_libcrypt_later=1 777 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 778 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 779 AC_CHECK_HEADER([net/if_tap.h], , 780 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 781 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 782 AC_DEFINE([BROKEN_STRNVIS], [1], 783 [FreeBSD strnvis argument order is swapped compared to OpenBSD]) 784 TEST_MALLOC_OPTIONS="AJRX" 785 # Preauth crypto occasionally uses file descriptors for crypto offload 786 # and will crash if they cannot be opened. 787 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 788 [define if setrlimit RLIMIT_NOFILE breaks things]) 789 ;; 790*-*-bsdi*) 791 AC_DEFINE([SETEUID_BREAKS_SETUID]) 792 AC_DEFINE([BROKEN_SETREUID]) 793 AC_DEFINE([BROKEN_SETREGID]) 794 ;; 795*-next-*) 796 conf_lastlog_location="/usr/adm/lastlog" 797 conf_utmp_location=/etc/utmp 798 conf_wtmp_location=/usr/adm/wtmp 799 maildir=/usr/spool/mail 800 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 801 AC_DEFINE([BROKEN_REALPATH]) 802 AC_DEFINE([USE_PIPES]) 803 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 804 ;; 805*-*-openbsd*) 806 use_pie=auto 807 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 808 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 809 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 810 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 811 [syslog_r function is safe to use in in a signal handler]) 812 TEST_MALLOC_OPTIONS="AFGJPRX" 813 ;; 814*-*-solaris*) 815 if test "x$withval" != "xno" ; then 816 need_dash_r=1 817 fi 818 AC_DEFINE([PAM_SUN_CODEBASE]) 819 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 820 AC_DEFINE([LOGIN_NEEDS_TERM], [1], 821 [Some versions of /bin/login need the TERM supplied 822 on the commandline]) 823 AC_DEFINE([PAM_TTY_KLUDGE]) 824 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 825 [Define if pam_chauthtok wants real uid set 826 to the unpriv'ed user]) 827 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 828 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 829 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 830 [Define if sshd somehow reacquires a controlling TTY 831 after setsid()]) 832 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 833 in case the name is longer than 8 chars]) 834 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 835 external_path_file=/etc/default/login 836 # hardwire lastlog location (can't detect it on some versions) 837 conf_lastlog_location="/var/adm/lastlog" 838 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 839 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 840 if test "$sol2ver" -ge 8; then 841 AC_MSG_RESULT([yes]) 842 AC_DEFINE([DISABLE_UTMP]) 843 AC_DEFINE([DISABLE_WTMP], [1], 844 [Define if you don't want to use wtmp]) 845 else 846 AC_MSG_RESULT([no]) 847 fi 848 AC_ARG_WITH([solaris-contracts], 849 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 850 [ 851 AC_CHECK_LIB([contract], [ct_tmpl_activate], 852 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 853 [Define if you have Solaris process contracts]) 854 SSHDLIBS="$SSHDLIBS -lcontract" 855 SPC_MSG="yes" ], ) 856 ], 857 ) 858 AC_ARG_WITH([solaris-projects], 859 [ --with-solaris-projects Enable Solaris projects (experimental)], 860 [ 861 AC_CHECK_LIB([project], [setproject], 862 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 863 [Define if you have Solaris projects]) 864 SSHDLIBS="$SSHDLIBS -lproject" 865 SP_MSG="yes" ], ) 866 ], 867 ) 868 TEST_SHELL=$SHELL # let configure find us a capable shell 869 ;; 870*-*-sunos4*) 871 CPPFLAGS="$CPPFLAGS -DSUNOS4" 872 AC_CHECK_FUNCS([getpwanam]) 873 AC_DEFINE([PAM_SUN_CODEBASE]) 874 conf_utmp_location=/etc/utmp 875 conf_wtmp_location=/var/adm/wtmp 876 conf_lastlog_location=/var/adm/lastlog 877 AC_DEFINE([USE_PIPES]) 878 ;; 879*-ncr-sysv*) 880 LIBS="$LIBS -lc89" 881 AC_DEFINE([USE_PIPES]) 882 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 883 AC_DEFINE([SETEUID_BREAKS_SETUID]) 884 AC_DEFINE([BROKEN_SETREUID]) 885 AC_DEFINE([BROKEN_SETREGID]) 886 ;; 887*-sni-sysv*) 888 # /usr/ucblib MUST NOT be searched on ReliantUNIX 889 AC_CHECK_LIB([dl], [dlsym], ,) 890 # -lresolv needs to be at the end of LIBS or DNS lookups break 891 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 892 IPADDR_IN_DISPLAY=yes 893 AC_DEFINE([USE_PIPES]) 894 AC_DEFINE([IP_TOS_IS_BROKEN]) 895 AC_DEFINE([SETEUID_BREAKS_SETUID]) 896 AC_DEFINE([BROKEN_SETREUID]) 897 AC_DEFINE([BROKEN_SETREGID]) 898 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 899 external_path_file=/etc/default/login 900 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 901 # Attention: always take care to bind libsocket and libnsl before libc, 902 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 903 ;; 904# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 905*-*-sysv4.2*) 906 AC_DEFINE([USE_PIPES]) 907 AC_DEFINE([SETEUID_BREAKS_SETUID]) 908 AC_DEFINE([BROKEN_SETREUID]) 909 AC_DEFINE([BROKEN_SETREGID]) 910 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 911 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 912 TEST_SHELL=$SHELL # let configure find us a capable shell 913 ;; 914# UnixWare 7.x, OpenUNIX 8 915*-*-sysv5*) 916 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 917 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 918 AC_DEFINE([USE_PIPES]) 919 AC_DEFINE([SETEUID_BREAKS_SETUID]) 920 AC_DEFINE([BROKEN_GETADDRINFO]) 921 AC_DEFINE([BROKEN_SETREUID]) 922 AC_DEFINE([BROKEN_SETREGID]) 923 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 924 TEST_SHELL=$SHELL # let configure find us a capable shell 925 case "$host" in 926 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 927 maildir=/var/spool/mail 928 AC_DEFINE([BROKEN_LIBIAF], [1], 929 [ia_uinfo routines not supported by OS yet]) 930 AC_DEFINE([BROKEN_UPDWTMPX]) 931 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 932 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 933 AC_DEFINE([HAVE_SECUREWARE]) 934 AC_DEFINE([DISABLE_SHADOW]) 935 ], , ) 936 ;; 937 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 938 check_for_libcrypt_later=1 939 ;; 940 esac 941 ;; 942*-*-sysv*) 943 ;; 944# SCO UNIX and OEM versions of SCO UNIX 945*-*-sco3.2v4*) 946 AC_MSG_ERROR("This Platform is no longer supported.") 947 ;; 948# SCO OpenServer 5.x 949*-*-sco3.2v5*) 950 if test -z "$GCC"; then 951 CFLAGS="$CFLAGS -belf" 952 fi 953 LIBS="$LIBS -lprot -lx -ltinfo -lm" 954 no_dev_ptmx=1 955 AC_DEFINE([USE_PIPES]) 956 AC_DEFINE([HAVE_SECUREWARE]) 957 AC_DEFINE([DISABLE_SHADOW]) 958 AC_DEFINE([DISABLE_FD_PASSING]) 959 AC_DEFINE([SETEUID_BREAKS_SETUID]) 960 AC_DEFINE([BROKEN_GETADDRINFO]) 961 AC_DEFINE([BROKEN_SETREUID]) 962 AC_DEFINE([BROKEN_SETREGID]) 963 AC_DEFINE([WITH_ABBREV_NO_TTY]) 964 AC_DEFINE([BROKEN_UPDWTMPX]) 965 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 966 AC_CHECK_FUNCS([getluid setluid]) 967 MANTYPE=man 968 TEST_SHELL=$SHELL # let configure find us a capable shell 969 SKIP_DISABLE_LASTLOG_DEFINE=yes 970 ;; 971*-*-unicosmk*) 972 AC_DEFINE([NO_SSH_LASTLOG], [1], 973 [Define if you don't want to use lastlog in session.c]) 974 AC_DEFINE([SETEUID_BREAKS_SETUID]) 975 AC_DEFINE([BROKEN_SETREUID]) 976 AC_DEFINE([BROKEN_SETREGID]) 977 AC_DEFINE([USE_PIPES]) 978 AC_DEFINE([DISABLE_FD_PASSING]) 979 LDFLAGS="$LDFLAGS" 980 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 981 MANTYPE=cat 982 ;; 983*-*-unicosmp*) 984 AC_DEFINE([SETEUID_BREAKS_SETUID]) 985 AC_DEFINE([BROKEN_SETREUID]) 986 AC_DEFINE([BROKEN_SETREGID]) 987 AC_DEFINE([WITH_ABBREV_NO_TTY]) 988 AC_DEFINE([USE_PIPES]) 989 AC_DEFINE([DISABLE_FD_PASSING]) 990 LDFLAGS="$LDFLAGS" 991 LIBS="$LIBS -lgen -lacid -ldb" 992 MANTYPE=cat 993 ;; 994*-*-unicos*) 995 AC_DEFINE([SETEUID_BREAKS_SETUID]) 996 AC_DEFINE([BROKEN_SETREUID]) 997 AC_DEFINE([BROKEN_SETREGID]) 998 AC_DEFINE([USE_PIPES]) 999 AC_DEFINE([DISABLE_FD_PASSING]) 1000 AC_DEFINE([NO_SSH_LASTLOG]) 1001 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1002 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1003 MANTYPE=cat 1004 ;; 1005*-dec-osf*) 1006 AC_MSG_CHECKING([for Digital Unix SIA]) 1007 no_osfsia="" 1008 AC_ARG_WITH([osfsia], 1009 [ --with-osfsia Enable Digital Unix SIA], 1010 [ 1011 if test "x$withval" = "xno" ; then 1012 AC_MSG_RESULT([disabled]) 1013 no_osfsia=1 1014 fi 1015 ], 1016 ) 1017 if test -z "$no_osfsia" ; then 1018 if test -f /etc/sia/matrix.conf; then 1019 AC_MSG_RESULT([yes]) 1020 AC_DEFINE([HAVE_OSF_SIA], [1], 1021 [Define if you have Digital Unix Security 1022 Integration Architecture]) 1023 AC_DEFINE([DISABLE_LOGIN], [1], 1024 [Define if you don't want to use your 1025 system's login() call]) 1026 AC_DEFINE([DISABLE_FD_PASSING]) 1027 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1028 SIA_MSG="yes" 1029 else 1030 AC_MSG_RESULT([no]) 1031 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1032 [String used in /etc/passwd to denote locked account]) 1033 fi 1034 fi 1035 AC_DEFINE([BROKEN_GETADDRINFO]) 1036 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1037 AC_DEFINE([BROKEN_SETREUID]) 1038 AC_DEFINE([BROKEN_SETREGID]) 1039 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1040 ;; 1041 1042*-*-nto-qnx*) 1043 AC_DEFINE([USE_PIPES]) 1044 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1045 AC_DEFINE([DISABLE_LASTLOG]) 1046 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1047 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1048 enable_etc_default_login=no # has incompatible /etc/default/login 1049 case "$host" in 1050 *-*-nto-qnx6*) 1051 AC_DEFINE([DISABLE_FD_PASSING]) 1052 ;; 1053 esac 1054 ;; 1055 1056*-*-ultrix*) 1057 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1058 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) 1059 AC_DEFINE([NEED_SETPGRP]) 1060 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1061 ;; 1062 1063*-*-lynxos) 1064 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1065 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) 1066 ;; 1067esac 1068 1069AC_MSG_CHECKING([compiler and flags for sanity]) 1070AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1071 [ AC_MSG_RESULT([yes]) ], 1072 [ 1073 AC_MSG_RESULT([no]) 1074 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1075 ], 1076 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1077) 1078 1079dnl Checks for header files. 1080# Checks for libraries. 1081AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) 1082AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1083 1084dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1085AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1086 AC_CHECK_LIB([gen], [dirname], [ 1087 AC_CACHE_CHECK([for broken dirname], 1088 ac_cv_have_broken_dirname, [ 1089 save_LIBS="$LIBS" 1090 LIBS="$LIBS -lgen" 1091 AC_RUN_IFELSE( 1092 [AC_LANG_SOURCE([[ 1093#include <libgen.h> 1094#include <string.h> 1095 1096int main(int argc, char **argv) { 1097 char *s, buf[32]; 1098 1099 strncpy(buf,"/etc", 32); 1100 s = dirname(buf); 1101 if (!s || strncmp(s, "/", 32) != 0) { 1102 exit(1); 1103 } else { 1104 exit(0); 1105 } 1106} 1107 ]])], 1108 [ ac_cv_have_broken_dirname="no" ], 1109 [ ac_cv_have_broken_dirname="yes" ], 1110 [ ac_cv_have_broken_dirname="no" ], 1111 ) 1112 LIBS="$save_LIBS" 1113 ]) 1114 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1115 LIBS="$LIBS -lgen" 1116 AC_DEFINE([HAVE_DIRNAME]) 1117 AC_CHECK_HEADERS([libgen.h]) 1118 fi 1119 ]) 1120]) 1121 1122AC_CHECK_FUNC([getspnam], , 1123 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1124AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1125 [Define if you have the basename function.])]) 1126 1127dnl zlib is required 1128AC_ARG_WITH([zlib], 1129 [ --with-zlib=PATH Use zlib in PATH], 1130 [ if test "x$withval" = "xno" ; then 1131 AC_MSG_ERROR([*** zlib is required ***]) 1132 elif test "x$withval" != "xyes"; then 1133 if test -d "$withval/lib"; then 1134 if test -n "${need_dash_r}"; then 1135 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1136 else 1137 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1138 fi 1139 else 1140 if test -n "${need_dash_r}"; then 1141 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1142 else 1143 LDFLAGS="-L${withval} ${LDFLAGS}" 1144 fi 1145 fi 1146 if test -d "$withval/include"; then 1147 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1148 else 1149 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1150 fi 1151 fi ] 1152) 1153 1154AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1155AC_CHECK_LIB([z], [deflate], , 1156 [ 1157 saved_CPPFLAGS="$CPPFLAGS" 1158 saved_LDFLAGS="$LDFLAGS" 1159 save_LIBS="$LIBS" 1160 dnl Check default zlib install dir 1161 if test -n "${need_dash_r}"; then 1162 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1163 else 1164 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1165 fi 1166 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1167 LIBS="$LIBS -lz" 1168 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1169 [ 1170 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1171 ] 1172 ) 1173 ] 1174) 1175 1176AC_ARG_WITH([zlib-version-check], 1177 [ --without-zlib-version-check Disable zlib version check], 1178 [ if test "x$withval" = "xno" ; then 1179 zlib_check_nonfatal=1 1180 fi 1181 ] 1182) 1183 1184AC_MSG_CHECKING([for possibly buggy zlib]) 1185AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1186#include <stdio.h> 1187#include <stdlib.h> 1188#include <zlib.h> 1189 ]], 1190 [[ 1191 int a=0, b=0, c=0, d=0, n, v; 1192 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1193 if (n != 3 && n != 4) 1194 exit(1); 1195 v = a*1000000 + b*10000 + c*100 + d; 1196 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1197 1198 /* 1.1.4 is OK */ 1199 if (a == 1 && b == 1 && c >= 4) 1200 exit(0); 1201 1202 /* 1.2.3 and up are OK */ 1203 if (v >= 1020300) 1204 exit(0); 1205 1206 exit(2); 1207 ]])], 1208 AC_MSG_RESULT([no]), 1209 [ AC_MSG_RESULT([yes]) 1210 if test -z "$zlib_check_nonfatal" ; then 1211 AC_MSG_ERROR([*** zlib too old - check config.log *** 1212Your reported zlib version has known security problems. It's possible your 1213vendor has fixed these problems without changing the version number. If you 1214are sure this is the case, you can disable the check by running 1215"./configure --without-zlib-version-check". 1216If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1217See http://www.gzip.org/zlib/ for details.]) 1218 else 1219 AC_MSG_WARN([zlib version may have security problems]) 1220 fi 1221 ], 1222 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1223) 1224 1225dnl UnixWare 2.x 1226AC_CHECK_FUNC([strcasecmp], 1227 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1228) 1229AC_CHECK_FUNCS([utimes], 1230 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1231 LIBS="$LIBS -lc89"]) ] 1232) 1233 1234dnl Checks for libutil functions 1235AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1236AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1237AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1238AC_SEARCH_LIBS([login], [util bsd]) 1239AC_SEARCH_LIBS([logout], [util bsd]) 1240AC_SEARCH_LIBS([logwtmp], [util bsd]) 1241AC_SEARCH_LIBS([openpty], [util bsd]) 1242AC_SEARCH_LIBS([updwtmp], [util bsd]) 1243AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1244 1245# On some platforms, inet_ntop may be found in libresolv or libnsl. 1246AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1247 1248AC_FUNC_STRFTIME 1249 1250# Check for ALTDIRFUNC glob() extension 1251AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1252AC_EGREP_CPP([FOUNDIT], 1253 [ 1254 #include <glob.h> 1255 #ifdef GLOB_ALTDIRFUNC 1256 FOUNDIT 1257 #endif 1258 ], 1259 [ 1260 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1261 [Define if your system glob() function has 1262 the GLOB_ALTDIRFUNC extension]) 1263 AC_MSG_RESULT([yes]) 1264 ], 1265 [ 1266 AC_MSG_RESULT([no]) 1267 ] 1268) 1269 1270# Check for g.gl_matchc glob() extension 1271AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1272AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1273 [[ glob_t g; g.gl_matchc = 1; ]])], 1274 [ 1275 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1276 [Define if your system glob() function has 1277 gl_matchc options in glob_t]) 1278 AC_MSG_RESULT([yes]) 1279 ], [ 1280 AC_MSG_RESULT([no]) 1281]) 1282 1283# Check for g.gl_statv glob() extension 1284AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1285AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1286#ifndef GLOB_KEEPSTAT 1287#error "glob does not support GLOB_KEEPSTAT extension" 1288#endif 1289glob_t g; 1290g.gl_statv = NULL; 1291]])], 1292 [ 1293 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1294 [Define if your system glob() function has 1295 gl_statv options in glob_t]) 1296 AC_MSG_RESULT([yes]) 1297 ], [ 1298 AC_MSG_RESULT([no]) 1299 1300]) 1301 1302AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1303 1304AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1305AC_RUN_IFELSE( 1306 [AC_LANG_PROGRAM([[ 1307#include <sys/types.h> 1308#include <dirent.h>]], 1309 [[ 1310 struct dirent d; 1311 exit(sizeof(d.d_name)<=sizeof(char)); 1312 ]])], 1313 [AC_MSG_RESULT([yes])], 1314 [ 1315 AC_MSG_RESULT([no]) 1316 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1317 [Define if your struct dirent expects you to 1318 allocate extra space for d_name]) 1319 ], 1320 [ 1321 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1322 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1323 ] 1324) 1325 1326AC_MSG_CHECKING([for /proc/pid/fd directory]) 1327if test -d "/proc/$$/fd" ; then 1328 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1329 AC_MSG_RESULT([yes]) 1330else 1331 AC_MSG_RESULT([no]) 1332fi 1333 1334# Check whether user wants S/Key support 1335SKEY_MSG="no" 1336AC_ARG_WITH([skey], 1337 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1338 [ 1339 if test "x$withval" != "xno" ; then 1340 1341 if test "x$withval" != "xyes" ; then 1342 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1343 LDFLAGS="$LDFLAGS -L${withval}/lib" 1344 fi 1345 1346 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1347 LIBS="-lskey $LIBS" 1348 SKEY_MSG="yes" 1349 1350 AC_MSG_CHECKING([for s/key support]) 1351 AC_LINK_IFELSE( 1352 [AC_LANG_PROGRAM([[ 1353#include <stdio.h> 1354#include <skey.h> 1355 ]], [[ 1356 char *ff = skey_keyinfo(""); ff=""; 1357 exit(0); 1358 ]])], 1359 [AC_MSG_RESULT([yes])], 1360 [ 1361 AC_MSG_RESULT([no]) 1362 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1363 ]) 1364 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1365 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1366#include <stdio.h> 1367#include <skey.h> 1368 ]], [[ 1369 (void)skeychallenge(NULL,"name","",0); 1370 ]])], 1371 [ 1372 AC_MSG_RESULT([yes]) 1373 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1374 [Define if your skeychallenge() 1375 function takes 4 arguments (NetBSD)])], 1376 [ 1377 AC_MSG_RESULT([no]) 1378 ]) 1379 fi 1380 ] 1381) 1382 1383# Check whether user wants TCP wrappers support 1384TCPW_MSG="no" 1385AC_ARG_WITH([tcp-wrappers], 1386 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1387 [ 1388 if test "x$withval" != "xno" ; then 1389 saved_LIBS="$LIBS" 1390 saved_LDFLAGS="$LDFLAGS" 1391 saved_CPPFLAGS="$CPPFLAGS" 1392 if test -n "${withval}" && \ 1393 test "x${withval}" != "xyes"; then 1394 if test -d "${withval}/lib"; then 1395 if test -n "${need_dash_r}"; then 1396 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1397 else 1398 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1399 fi 1400 else 1401 if test -n "${need_dash_r}"; then 1402 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1403 else 1404 LDFLAGS="-L${withval} ${LDFLAGS}" 1405 fi 1406 fi 1407 if test -d "${withval}/include"; then 1408 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1409 else 1410 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1411 fi 1412 fi 1413 LIBS="-lwrap $LIBS" 1414 AC_MSG_CHECKING([for libwrap]) 1415 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1416#include <sys/types.h> 1417#include <sys/socket.h> 1418#include <netinet/in.h> 1419#include <tcpd.h> 1420int deny_severity = 0, allow_severity = 0; 1421 ]], [[ 1422 hosts_access(0); 1423 ]])], [ 1424 AC_MSG_RESULT([yes]) 1425 AC_DEFINE([LIBWRAP], [1], 1426 [Define if you want 1427 TCP Wrappers support]) 1428 SSHDLIBS="$SSHDLIBS -lwrap" 1429 TCPW_MSG="yes" 1430 ], [ 1431 AC_MSG_ERROR([*** libwrap missing]) 1432 1433 ]) 1434 LIBS="$saved_LIBS" 1435 fi 1436 ] 1437) 1438 1439# Check whether user wants to use ldns 1440LDNS_MSG="no" 1441AC_ARG_WITH(ldns, 1442 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1443 [ 1444 if test "x$withval" != "xno" ; then 1445 1446 if test "x$withval" != "xyes" ; then 1447 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1448 LDFLAGS="$LDFLAGS -L${withval}/lib" 1449 fi 1450 1451 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1452 LIBS="-lldns $LIBS" 1453 LDNS_MSG="yes" 1454 1455 AC_MSG_CHECKING([for ldns support]) 1456 AC_LINK_IFELSE( 1457 [AC_LANG_SOURCE([[ 1458#include <stdio.h> 1459#include <stdlib.h> 1460#include <stdint.h> 1461#include <ldns/ldns.h> 1462int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1463 ]]) 1464 ], 1465 [AC_MSG_RESULT(yes)], 1466 [ 1467 AC_MSG_RESULT(no) 1468 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1469 ]) 1470 fi 1471 ] 1472) 1473 1474# Check whether user wants libedit support 1475LIBEDIT_MSG="no" 1476AC_ARG_WITH([libedit], 1477 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1478 [ if test "x$withval" != "xno" ; then 1479 if test "x$withval" = "xyes" ; then 1480 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1481 if test "x$PKGCONFIG" != "xno"; then 1482 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1483 if "$PKGCONFIG" libedit; then 1484 AC_MSG_RESULT([yes]) 1485 use_pkgconfig_for_libedit=yes 1486 else 1487 AC_MSG_RESULT([no]) 1488 fi 1489 fi 1490 else 1491 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1492 if test -n "${need_dash_r}"; then 1493 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1494 else 1495 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1496 fi 1497 fi 1498 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1499 LIBEDIT=`$PKGCONFIG --libs libedit` 1500 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1501 else 1502 LIBEDIT="-ledit -lcurses" 1503 fi 1504 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1505 AC_CHECK_LIB([edit], [el_init], 1506 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1507 LIBEDIT_MSG="yes" 1508 AC_SUBST([LIBEDIT]) 1509 ], 1510 [ AC_MSG_ERROR([libedit not found]) ], 1511 [ $OTHERLIBS ] 1512 ) 1513 AC_MSG_CHECKING([if libedit version is compatible]) 1514 AC_COMPILE_IFELSE( 1515 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1516 [[ 1517 int i = H_SETSIZE; 1518 el_init("", NULL, NULL, NULL); 1519 exit(0); 1520 ]])], 1521 [ AC_MSG_RESULT([yes]) ], 1522 [ AC_MSG_RESULT([no]) 1523 AC_MSG_ERROR([libedit version is not compatible]) ] 1524 ) 1525 fi ] 1526) 1527 1528AUDIT_MODULE=none 1529AC_ARG_WITH([audit], 1530 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1531 [ 1532 AC_MSG_CHECKING([for supported audit module]) 1533 case "$withval" in 1534 bsm) 1535 AC_MSG_RESULT([bsm]) 1536 AUDIT_MODULE=bsm 1537 dnl Checks for headers, libs and functions 1538 AC_CHECK_HEADERS([bsm/audit.h], [], 1539 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1540 [ 1541#ifdef HAVE_TIME_H 1542# include <time.h> 1543#endif 1544 ] 1545) 1546 AC_CHECK_LIB([bsm], [getaudit], [], 1547 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1548 AC_CHECK_FUNCS([getaudit], [], 1549 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1550 # These are optional 1551 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1552 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1553 if test "$sol2ver" -ge 11; then 1554 SSHDLIBS="$SSHDLIBS -lscf" 1555 AC_DEFINE([BROKEN_BSM_API], [1], 1556 [The system has incomplete BSM API]) 1557 fi 1558 ;; 1559 linux) 1560 AC_MSG_RESULT([linux]) 1561 AUDIT_MODULE=linux 1562 dnl Checks for headers, libs and functions 1563 AC_CHECK_HEADERS([libaudit.h]) 1564 SSHDLIBS="$SSHDLIBS -laudit" 1565 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1566 ;; 1567 debug) 1568 AUDIT_MODULE=debug 1569 AC_MSG_RESULT([debug]) 1570 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1571 ;; 1572 no) 1573 AC_MSG_RESULT([no]) 1574 ;; 1575 *) 1576 AC_MSG_ERROR([Unknown audit module $withval]) 1577 ;; 1578 esac ] 1579) 1580 1581AC_ARG_WITH([pie], 1582 [ --with-pie Build Position Independent Executables if possible], [ 1583 if test "x$withval" = "xno"; then 1584 use_pie=no 1585 fi 1586 if test "x$withval" = "xyes"; then 1587 use_pie=yes 1588 fi 1589 ] 1590) 1591if test "x$use_pie" = "x"; then 1592 use_pie=no 1593fi 1594if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1595 # Turn off automatic PIE when toolchain hardening is off. 1596 use_pie=no 1597fi 1598if test "x$use_pie" = "xauto"; then 1599 # Automatic PIE requires gcc >= 4.x 1600 AC_MSG_CHECKING([for gcc >= 4.x]) 1601 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1602#if !defined(__GNUC__) || __GNUC__ < 4 1603#error gcc is too old 1604#endif 1605]])], 1606 [ AC_MSG_RESULT([yes]) ], 1607 [ AC_MSG_RESULT([no]) 1608 use_pie=no ] 1609) 1610fi 1611if test "x$use_pie" != "xno"; then 1612 SAVED_CFLAGS="$CFLAGS" 1613 SAVED_LDFLAGS="$LDFLAGS" 1614 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1615 OSSH_CHECK_LDFLAG_LINK([-pie]) 1616 # We use both -fPIE and -pie or neither. 1617 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1618 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1619 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1620 AC_MSG_RESULT([yes]) 1621 else 1622 AC_MSG_RESULT([no]) 1623 CFLAGS="$SAVED_CFLAGS" 1624 LDFLAGS="$SAVED_LDFLAGS" 1625 fi 1626fi 1627 1628dnl Checks for library functions. Please keep in alphabetical order 1629AC_CHECK_FUNCS([ \ 1630 Blowfish_initstate \ 1631 Blowfish_expandstate \ 1632 Blowfish_expand0state \ 1633 Blowfish_stream2word \ 1634 arc4random \ 1635 arc4random_buf \ 1636 arc4random_stir \ 1637 arc4random_uniform \ 1638 asprintf \ 1639 b64_ntop \ 1640 __b64_ntop \ 1641 b64_pton \ 1642 __b64_pton \ 1643 bcopy \ 1644 bcrypt_pbkdf \ 1645 bindresvport_sa \ 1646 blf_enc \ 1647 cap_rights_limit \ 1648 clock \ 1649 closefrom \ 1650 dirfd \ 1651 endgrent \ 1652 explicit_bzero \ 1653 fchmod \ 1654 fchown \ 1655 freeaddrinfo \ 1656 fstatfs \ 1657 fstatvfs \ 1658 futimes \ 1659 getaddrinfo \ 1660 getcwd \ 1661 getgrouplist \ 1662 getnameinfo \ 1663 getopt \ 1664 getpeereid \ 1665 getpeerucred \ 1666 getpgid \ 1667 getpgrp \ 1668 _getpty \ 1669 getrlimit \ 1670 getttyent \ 1671 glob \ 1672 group_from_gid \ 1673 inet_aton \ 1674 inet_ntoa \ 1675 inet_ntop \ 1676 innetgr \ 1677 login_getcapbool \ 1678 mblen \ 1679 md5_crypt \ 1680 memmove \ 1681 mkdtemp \ 1682 mmap \ 1683 ngetaddrinfo \ 1684 nsleep \ 1685 ogetaddrinfo \ 1686 openlog_r \ 1687 poll \ 1688 prctl \ 1689 pstat \ 1690 readpassphrase \ 1691 realpath \ 1692 recvmsg \ 1693 rresvport_af \ 1694 sendmsg \ 1695 setdtablesize \ 1696 setegid \ 1697 setenv \ 1698 seteuid \ 1699 setgroupent \ 1700 setgroups \ 1701 setlinebuf \ 1702 setlogin \ 1703 setpassent\ 1704 setpcred \ 1705 setproctitle \ 1706 setregid \ 1707 setreuid \ 1708 setrlimit \ 1709 setsid \ 1710 setvbuf \ 1711 sigaction \ 1712 sigvec \ 1713 snprintf \ 1714 socketpair \ 1715 statfs \ 1716 statvfs \ 1717 strdup \ 1718 strerror \ 1719 strlcat \ 1720 strlcpy \ 1721 strmode \ 1722 strnlen \ 1723 strnvis \ 1724 strptime \ 1725 strtonum \ 1726 strtoll \ 1727 strtoul \ 1728 strtoull \ 1729 swap32 \ 1730 sysconf \ 1731 tcgetpgrp \ 1732 timingsafe_bcmp \ 1733 truncate \ 1734 unsetenv \ 1735 updwtmpx \ 1736 user_from_uid \ 1737 usleep \ 1738 vasprintf \ 1739 vhangup \ 1740 vsnprintf \ 1741 waitpid \ 1742]) 1743 1744AC_LINK_IFELSE( 1745 [AC_LANG_PROGRAM( 1746 [[ #include <ctype.h> ]], 1747 [[ return (isblank('a')); ]])], 1748 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1749]) 1750 1751# PKCS#11 support requires dlopen() and co 1752AC_SEARCH_LIBS([dlopen], [dl], 1753 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1754) 1755 1756# IRIX has a const char return value for gai_strerror() 1757AC_CHECK_FUNCS([gai_strerror], [ 1758 AC_DEFINE([HAVE_GAI_STRERROR]) 1759 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1760#include <sys/types.h> 1761#include <sys/socket.h> 1762#include <netdb.h> 1763 1764const char *gai_strerror(int); 1765 ]], [[ 1766 char *str; 1767 str = gai_strerror(0); 1768 ]])], [ 1769 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1770 [Define if gai_strerror() returns const char *])], [])]) 1771 1772AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1773 [Some systems put nanosleep outside of libc])]) 1774 1775AC_SEARCH_LIBS([clock_gettime], [rt], 1776 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1777 1778dnl Make sure prototypes are defined for these before using them. 1779AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1780AC_CHECK_DECL([strsep], 1781 [AC_CHECK_FUNCS([strsep])], 1782 [], 1783 [ 1784#ifdef HAVE_STRING_H 1785# include <string.h> 1786#endif 1787 ]) 1788 1789dnl tcsendbreak might be a macro 1790AC_CHECK_DECL([tcsendbreak], 1791 [AC_DEFINE([HAVE_TCSENDBREAK])], 1792 [AC_CHECK_FUNCS([tcsendbreak])], 1793 [#include <termios.h>] 1794) 1795 1796AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1797 1798AC_CHECK_DECLS([SHUT_RD], , , 1799 [ 1800#include <sys/types.h> 1801#include <sys/socket.h> 1802 ]) 1803 1804AC_CHECK_DECLS([O_NONBLOCK], , , 1805 [ 1806#include <sys/types.h> 1807#ifdef HAVE_SYS_STAT_H 1808# include <sys/stat.h> 1809#endif 1810#ifdef HAVE_FCNTL_H 1811# include <fcntl.h> 1812#endif 1813 ]) 1814 1815AC_CHECK_DECLS([writev], , , [ 1816#include <sys/types.h> 1817#include <sys/uio.h> 1818#include <unistd.h> 1819 ]) 1820 1821AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1822#include <sys/param.h> 1823 ]) 1824 1825AC_CHECK_DECLS([offsetof], , , [ 1826#include <stddef.h> 1827 ]) 1828 1829# extra bits for select(2) 1830AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1831#include <sys/param.h> 1832#include <sys/types.h> 1833#ifdef HAVE_SYS_SYSMACROS_H 1834#include <sys/sysmacros.h> 1835#endif 1836#ifdef HAVE_SYS_SELECT_H 1837#include <sys/select.h> 1838#endif 1839#ifdef HAVE_SYS_TIME_H 1840#include <sys/time.h> 1841#endif 1842#ifdef HAVE_UNISTD_H 1843#include <unistd.h> 1844#endif 1845 ]]) 1846AC_CHECK_TYPES([fd_mask], [], [], [[ 1847#include <sys/param.h> 1848#include <sys/types.h> 1849#ifdef HAVE_SYS_SELECT_H 1850#include <sys/select.h> 1851#endif 1852#ifdef HAVE_SYS_TIME_H 1853#include <sys/time.h> 1854#endif 1855#ifdef HAVE_UNISTD_H 1856#include <unistd.h> 1857#endif 1858 ]]) 1859 1860AC_CHECK_FUNCS([setresuid], [ 1861 dnl Some platorms have setresuid that isn't implemented, test for this 1862 AC_MSG_CHECKING([if setresuid seems to work]) 1863 AC_RUN_IFELSE( 1864 [AC_LANG_PROGRAM([[ 1865#include <stdlib.h> 1866#include <errno.h> 1867 ]], [[ 1868 errno=0; 1869 setresuid(0,0,0); 1870 if (errno==ENOSYS) 1871 exit(1); 1872 else 1873 exit(0); 1874 ]])], 1875 [AC_MSG_RESULT([yes])], 1876 [AC_DEFINE([BROKEN_SETRESUID], [1], 1877 [Define if your setresuid() is broken]) 1878 AC_MSG_RESULT([not implemented])], 1879 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1880 ) 1881]) 1882 1883AC_CHECK_FUNCS([setresgid], [ 1884 dnl Some platorms have setresgid that isn't implemented, test for this 1885 AC_MSG_CHECKING([if setresgid seems to work]) 1886 AC_RUN_IFELSE( 1887 [AC_LANG_PROGRAM([[ 1888#include <stdlib.h> 1889#include <errno.h> 1890 ]], [[ 1891 errno=0; 1892 setresgid(0,0,0); 1893 if (errno==ENOSYS) 1894 exit(1); 1895 else 1896 exit(0); 1897 ]])], 1898 [AC_MSG_RESULT([yes])], 1899 [AC_DEFINE([BROKEN_SETRESGID], [1], 1900 [Define if your setresgid() is broken]) 1901 AC_MSG_RESULT([not implemented])], 1902 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1903 ) 1904]) 1905 1906dnl Checks for time functions 1907AC_CHECK_FUNCS([gettimeofday time]) 1908dnl Checks for utmp functions 1909AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 1910AC_CHECK_FUNCS([utmpname]) 1911dnl Checks for utmpx functions 1912AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 1913AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 1914dnl Checks for lastlog functions 1915AC_CHECK_FUNCS([getlastlogxbyname]) 1916 1917AC_CHECK_FUNC([daemon], 1918 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 1919 [AC_CHECK_LIB([bsd], [daemon], 1920 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 1921) 1922 1923AC_CHECK_FUNC([getpagesize], 1924 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 1925 [Define if your libraries define getpagesize()])], 1926 [AC_CHECK_LIB([ucb], [getpagesize], 1927 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 1928) 1929 1930# Check for broken snprintf 1931if test "x$ac_cv_func_snprintf" = "xyes" ; then 1932 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 1933 AC_RUN_IFELSE( 1934 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 1935 [[ 1936 char b[5]; 1937 snprintf(b,5,"123456789"); 1938 exit(b[4]!='\0'); 1939 ]])], 1940 [AC_MSG_RESULT([yes])], 1941 [ 1942 AC_MSG_RESULT([no]) 1943 AC_DEFINE([BROKEN_SNPRINTF], [1], 1944 [Define if your snprintf is busted]) 1945 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 1946 ], 1947 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 1948 ) 1949fi 1950 1951# If we don't have a working asprintf, then we strongly depend on vsnprintf 1952# returning the right thing on overflow: the number of characters it tried to 1953# create (as per SUSv3) 1954if test "x$ac_cv_func_asprintf" != "xyes" && \ 1955 test "x$ac_cv_func_vsnprintf" = "xyes" ; then 1956 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 1957 AC_RUN_IFELSE( 1958 [AC_LANG_PROGRAM([[ 1959#include <sys/types.h> 1960#include <stdio.h> 1961#include <stdarg.h> 1962 1963int x_snprintf(char *str,size_t count,const char *fmt,...) 1964{ 1965 size_t ret; va_list ap; 1966 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); 1967 return ret; 1968} 1969 ]], [[ 1970 char x[1]; 1971 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); 1972 ]])], 1973 [AC_MSG_RESULT([yes])], 1974 [ 1975 AC_MSG_RESULT([no]) 1976 AC_DEFINE([BROKEN_SNPRINTF], [1], 1977 [Define if your snprintf is busted]) 1978 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 1979 ], 1980 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 1981 ) 1982fi 1983 1984# On systems where [v]snprintf is broken, but is declared in stdio, 1985# check that the fmt argument is const char * or just char *. 1986# This is only useful for when BROKEN_SNPRINTF 1987AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 1988AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1989#include <stdio.h> 1990int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 1991 ]], [[ 1992 snprintf(0, 0, 0); 1993 ]])], 1994 [AC_MSG_RESULT([yes]) 1995 AC_DEFINE([SNPRINTF_CONST], [const], 1996 [Define as const if snprintf() can declare const char *fmt])], 1997 [AC_MSG_RESULT([no]) 1998 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 1999 2000# Check for missing getpeereid (or equiv) support 2001NO_PEERCHECK="" 2002if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2003 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2004 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2005#include <sys/types.h> 2006#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2007 [ AC_MSG_RESULT([yes]) 2008 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2009 ], [AC_MSG_RESULT([no]) 2010 NO_PEERCHECK=1 2011 ]) 2012fi 2013 2014dnl see whether mkstemp() requires XXXXXX 2015if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2016AC_MSG_CHECKING([for (overly) strict mkstemp]) 2017AC_RUN_IFELSE( 2018 [AC_LANG_PROGRAM([[ 2019#include <stdlib.h> 2020 ]], [[ 2021 char template[]="conftest.mkstemp-test"; 2022 if (mkstemp(template) == -1) 2023 exit(1); 2024 unlink(template); 2025 exit(0); 2026 ]])], 2027 [ 2028 AC_MSG_RESULT([no]) 2029 ], 2030 [ 2031 AC_MSG_RESULT([yes]) 2032 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2033 ], 2034 [ 2035 AC_MSG_RESULT([yes]) 2036 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2037 ] 2038) 2039fi 2040 2041dnl make sure that openpty does not reacquire controlling terminal 2042if test ! -z "$check_for_openpty_ctty_bug"; then 2043 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2044 AC_RUN_IFELSE( 2045 [AC_LANG_PROGRAM([[ 2046#include <stdio.h> 2047#include <sys/fcntl.h> 2048#include <sys/types.h> 2049#include <sys/wait.h> 2050 ]], [[ 2051 pid_t pid; 2052 int fd, ptyfd, ttyfd, status; 2053 2054 pid = fork(); 2055 if (pid < 0) { /* failed */ 2056 exit(1); 2057 } else if (pid > 0) { /* parent */ 2058 waitpid(pid, &status, 0); 2059 if (WIFEXITED(status)) 2060 exit(WEXITSTATUS(status)); 2061 else 2062 exit(2); 2063 } else { /* child */ 2064 close(0); close(1); close(2); 2065 setsid(); 2066 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2067 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2068 if (fd >= 0) 2069 exit(3); /* Acquired ctty: broken */ 2070 else 2071 exit(0); /* Did not acquire ctty: OK */ 2072 } 2073 ]])], 2074 [ 2075 AC_MSG_RESULT([yes]) 2076 ], 2077 [ 2078 AC_MSG_RESULT([no]) 2079 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2080 ], 2081 [ 2082 AC_MSG_RESULT([cross-compiling, assuming yes]) 2083 ] 2084 ) 2085fi 2086 2087if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2088 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2089 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2090 AC_RUN_IFELSE( 2091 [AC_LANG_PROGRAM([[ 2092#include <stdio.h> 2093#include <sys/socket.h> 2094#include <netdb.h> 2095#include <errno.h> 2096#include <netinet/in.h> 2097 2098#define TEST_PORT "2222" 2099 ]], [[ 2100 int err, sock; 2101 struct addrinfo *gai_ai, *ai, hints; 2102 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2103 2104 memset(&hints, 0, sizeof(hints)); 2105 hints.ai_family = PF_UNSPEC; 2106 hints.ai_socktype = SOCK_STREAM; 2107 hints.ai_flags = AI_PASSIVE; 2108 2109 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2110 if (err != 0) { 2111 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2112 exit(1); 2113 } 2114 2115 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2116 if (ai->ai_family != AF_INET6) 2117 continue; 2118 2119 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2120 sizeof(ntop), strport, sizeof(strport), 2121 NI_NUMERICHOST|NI_NUMERICSERV); 2122 2123 if (err != 0) { 2124 if (err == EAI_SYSTEM) 2125 perror("getnameinfo EAI_SYSTEM"); 2126 else 2127 fprintf(stderr, "getnameinfo failed: %s\n", 2128 gai_strerror(err)); 2129 exit(2); 2130 } 2131 2132 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2133 if (sock < 0) 2134 perror("socket"); 2135 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2136 if (errno == EBADF) 2137 exit(3); 2138 } 2139 } 2140 exit(0); 2141 ]])], 2142 [ 2143 AC_MSG_RESULT([yes]) 2144 ], 2145 [ 2146 AC_MSG_RESULT([no]) 2147 AC_DEFINE([BROKEN_GETADDRINFO]) 2148 ], 2149 [ 2150 AC_MSG_RESULT([cross-compiling, assuming yes]) 2151 ] 2152 ) 2153fi 2154 2155if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2156 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2157 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2158 AC_RUN_IFELSE( 2159 [AC_LANG_PROGRAM([[ 2160#include <stdio.h> 2161#include <sys/socket.h> 2162#include <netdb.h> 2163#include <errno.h> 2164#include <netinet/in.h> 2165 2166#define TEST_PORT "2222" 2167 ]], [[ 2168 int err, sock; 2169 struct addrinfo *gai_ai, *ai, hints; 2170 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2171 2172 memset(&hints, 0, sizeof(hints)); 2173 hints.ai_family = PF_UNSPEC; 2174 hints.ai_socktype = SOCK_STREAM; 2175 hints.ai_flags = AI_PASSIVE; 2176 2177 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2178 if (err != 0) { 2179 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2180 exit(1); 2181 } 2182 2183 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2184 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2185 continue; 2186 2187 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2188 sizeof(ntop), strport, sizeof(strport), 2189 NI_NUMERICHOST|NI_NUMERICSERV); 2190 2191 if (ai->ai_family == AF_INET && err != 0) { 2192 perror("getnameinfo"); 2193 exit(2); 2194 } 2195 } 2196 exit(0); 2197 ]])], 2198 [ 2199 AC_MSG_RESULT([yes]) 2200 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2201 [Define if you have a getaddrinfo that fails 2202 for the all-zeros IPv6 address]) 2203 ], 2204 [ 2205 AC_MSG_RESULT([no]) 2206 AC_DEFINE([BROKEN_GETADDRINFO]) 2207 ], 2208 [ 2209 AC_MSG_RESULT([cross-compiling, assuming no]) 2210 ] 2211 ) 2212fi 2213 2214if test "x$check_for_conflicting_getspnam" = "x1"; then 2215 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2216 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2217 [[ exit(0); ]])], 2218 [ 2219 AC_MSG_RESULT([no]) 2220 ], 2221 [ 2222 AC_MSG_RESULT([yes]) 2223 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2224 [Conflicting defs for getspnam]) 2225 ] 2226 ) 2227fi 2228 2229AC_FUNC_GETPGRP 2230 2231# Search for OpenSSL 2232saved_CPPFLAGS="$CPPFLAGS" 2233saved_LDFLAGS="$LDFLAGS" 2234AC_ARG_WITH([ssl-dir], 2235 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2236 [ 2237 if test "x$withval" != "xno" ; then 2238 case "$withval" in 2239 # Relative paths 2240 ./*|../*) withval="`pwd`/$withval" 2241 esac 2242 if test -d "$withval/lib"; then 2243 if test -n "${need_dash_r}"; then 2244 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2245 else 2246 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2247 fi 2248 elif test -d "$withval/lib64"; then 2249 if test -n "${need_dash_r}"; then 2250 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2251 else 2252 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2253 fi 2254 else 2255 if test -n "${need_dash_r}"; then 2256 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2257 else 2258 LDFLAGS="-L${withval} ${LDFLAGS}" 2259 fi 2260 fi 2261 if test -d "$withval/include"; then 2262 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2263 else 2264 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2265 fi 2266 fi 2267 ] 2268) 2269LIBS="-lcrypto $LIBS" 2270AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2271 [Define if your ssl headers are included 2272 with #include <openssl/header.h>])], 2273 [ 2274 dnl Check default openssl install dir 2275 if test -n "${need_dash_r}"; then 2276 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2277 else 2278 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2279 fi 2280 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2281 AC_CHECK_HEADER([openssl/opensslv.h], , 2282 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2283 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2284 [ 2285 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2286 ] 2287 ) 2288 ] 2289) 2290 2291# Determine OpenSSL header version 2292AC_MSG_CHECKING([OpenSSL header version]) 2293AC_RUN_IFELSE( 2294 [AC_LANG_PROGRAM([[ 2295#include <stdio.h> 2296#include <string.h> 2297#include <openssl/opensslv.h> 2298#define DATA "conftest.sslincver" 2299 ]], [[ 2300 FILE *fd; 2301 int rc; 2302 2303 fd = fopen(DATA,"w"); 2304 if(fd == NULL) 2305 exit(1); 2306 2307 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 2308 exit(1); 2309 2310 exit(0); 2311 ]])], 2312 [ 2313 ssl_header_ver=`cat conftest.sslincver` 2314 AC_MSG_RESULT([$ssl_header_ver]) 2315 ], 2316 [ 2317 AC_MSG_RESULT([not found]) 2318 AC_MSG_ERROR([OpenSSL version header not found.]) 2319 ], 2320 [ 2321 AC_MSG_WARN([cross compiling: not checking]) 2322 ] 2323) 2324 2325# Determine OpenSSL library version 2326AC_MSG_CHECKING([OpenSSL library version]) 2327AC_RUN_IFELSE( 2328 [AC_LANG_PROGRAM([[ 2329#include <stdio.h> 2330#include <string.h> 2331#include <openssl/opensslv.h> 2332#include <openssl/crypto.h> 2333#define DATA "conftest.ssllibver" 2334 ]], [[ 2335 FILE *fd; 2336 int rc; 2337 2338 fd = fopen(DATA,"w"); 2339 if(fd == NULL) 2340 exit(1); 2341 2342 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) 2343 exit(1); 2344 2345 exit(0); 2346 ]])], 2347 [ 2348 ssl_library_ver=`cat conftest.ssllibver` 2349 AC_MSG_RESULT([$ssl_library_ver]) 2350 ], 2351 [ 2352 AC_MSG_RESULT([not found]) 2353 AC_MSG_ERROR([OpenSSL library not found.]) 2354 ], 2355 [ 2356 AC_MSG_WARN([cross compiling: not checking]) 2357 ] 2358) 2359 2360AC_ARG_WITH([openssl-header-check], 2361 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2362 [ if test "x$withval" = "xno" ; then 2363 openssl_check_nonfatal=1 2364 fi 2365 ] 2366) 2367 2368# Sanity check OpenSSL headers 2369AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2370AC_RUN_IFELSE( 2371 [AC_LANG_PROGRAM([[ 2372#include <string.h> 2373#include <openssl/opensslv.h> 2374 ]], [[ 2375 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2376 ]])], 2377 [ 2378 AC_MSG_RESULT([yes]) 2379 ], 2380 [ 2381 AC_MSG_RESULT([no]) 2382 if test "x$openssl_check_nonfatal" = "x"; then 2383 AC_MSG_ERROR([Your OpenSSL headers do not match your 2384library. Check config.log for details. 2385If you are sure your installation is consistent, you can disable the check 2386by running "./configure --without-openssl-header-check". 2387Also see contrib/findssl.sh for help identifying header/library mismatches. 2388]) 2389 else 2390 AC_MSG_WARN([Your OpenSSL headers do not match your 2391library. Check config.log for details. 2392Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2393 fi 2394 ], 2395 [ 2396 AC_MSG_WARN([cross compiling: not checking]) 2397 ] 2398) 2399 2400AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2401AC_LINK_IFELSE( 2402 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2403 [[ SSLeay_add_all_algorithms(); ]])], 2404 [ 2405 AC_MSG_RESULT([yes]) 2406 ], 2407 [ 2408 AC_MSG_RESULT([no]) 2409 saved_LIBS="$LIBS" 2410 LIBS="$LIBS -ldl" 2411 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2412 AC_LINK_IFELSE( 2413 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2414 [[ SSLeay_add_all_algorithms(); ]])], 2415 [ 2416 AC_MSG_RESULT([yes]) 2417 ], 2418 [ 2419 AC_MSG_RESULT([no]) 2420 LIBS="$saved_LIBS" 2421 ] 2422 ) 2423 ] 2424) 2425 2426AC_CHECK_FUNCS([ \ 2427 BN_is_prime_ex \ 2428 DSA_generate_parameters_ex \ 2429 EVP_DigestInit_ex \ 2430 EVP_DigestFinal_ex \ 2431 EVP_MD_CTX_init \ 2432 EVP_MD_CTX_cleanup \ 2433 EVP_MD_CTX_copy_ex \ 2434 HMAC_CTX_init \ 2435 RSA_generate_key_ex \ 2436 RSA_get_default_method \ 2437]) 2438 2439AC_ARG_WITH([ssl-engine], 2440 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2441 [ if test "x$withval" != "xno" ; then 2442 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2443 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2444#include <openssl/engine.h> 2445 ]], [[ 2446 ENGINE_load_builtin_engines(); 2447 ENGINE_register_all_complete(); 2448 ]])], 2449 [ AC_MSG_RESULT([yes]) 2450 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2451 [Enable OpenSSL engine support]) 2452 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2453 ]) 2454 fi ] 2455) 2456 2457# Check for OpenSSL without EVP_aes_{192,256}_cbc 2458AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2459AC_LINK_IFELSE( 2460 [AC_LANG_PROGRAM([[ 2461#include <string.h> 2462#include <openssl/evp.h> 2463 ]], [[ 2464 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2465 ]])], 2466 [ 2467 AC_MSG_RESULT([no]) 2468 ], 2469 [ 2470 AC_MSG_RESULT([yes]) 2471 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2472 [libcrypto is missing AES 192 and 256 bit functions]) 2473 ] 2474) 2475 2476# Check for OpenSSL with EVP_aes_*ctr 2477AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2478AC_LINK_IFELSE( 2479 [AC_LANG_PROGRAM([[ 2480#include <string.h> 2481#include <openssl/evp.h> 2482 ]], [[ 2483 exit(EVP_aes_128_ctr() == NULL || 2484 EVP_aes_192_cbc() == NULL || 2485 EVP_aes_256_cbc() == NULL); 2486 ]])], 2487 [ 2488 AC_MSG_RESULT([yes]) 2489 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2490 [libcrypto has EVP AES CTR]) 2491 ], 2492 [ 2493 AC_MSG_RESULT([no]) 2494 ] 2495) 2496 2497# Check for OpenSSL with EVP_aes_*gcm 2498AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2499AC_LINK_IFELSE( 2500 [AC_LANG_PROGRAM([[ 2501#include <string.h> 2502#include <openssl/evp.h> 2503 ]], [[ 2504 exit(EVP_aes_128_gcm() == NULL || 2505 EVP_aes_256_gcm() == NULL || 2506 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2507 EVP_CTRL_GCM_IV_GEN == 0 || 2508 EVP_CTRL_GCM_SET_TAG == 0 || 2509 EVP_CTRL_GCM_GET_TAG == 0 || 2510 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2511 ]])], 2512 [ 2513 AC_MSG_RESULT([yes]) 2514 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2515 [libcrypto has EVP AES GCM]) 2516 ], 2517 [ 2518 AC_MSG_RESULT([no]) 2519 unsupported_algorithms="$unsupported_cipers \ 2520 aes128-gcm@openssh.com aes256-gcm@openssh.com" 2521 ] 2522) 2523 2524AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2525 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2526 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2527 2528AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2529AC_LINK_IFELSE( 2530 [AC_LANG_PROGRAM([[ 2531#include <string.h> 2532#include <openssl/evp.h> 2533 ]], [[ 2534 if(EVP_DigestUpdate(NULL, NULL,0)) 2535 exit(0); 2536 ]])], 2537 [ 2538 AC_MSG_RESULT([yes]) 2539 ], 2540 [ 2541 AC_MSG_RESULT([no]) 2542 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2543 [Define if EVP_DigestUpdate returns void]) 2544 ] 2545) 2546 2547# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2548# because the system crypt() is more featureful. 2549if test "x$check_for_libcrypt_before" = "x1"; then 2550 AC_CHECK_LIB([crypt], [crypt]) 2551fi 2552 2553# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2554# version in OpenSSL. 2555if test "x$check_for_libcrypt_later" = "x1"; then 2556 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2557fi 2558AC_CHECK_FUNCS([crypt DES_crypt]) 2559 2560# Search for SHA256 support in libc and/or OpenSSL 2561AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2562 [unsupported_algorithms="$unsupported_algorithms \ 2563 hmac-sha2-256 hmac-sha2-512 \ 2564 diffie-hellman-group-exchange-sha256 \ 2565 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 2566 ] 2567) 2568 2569# Check complete ECC support in OpenSSL 2570AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2571AC_LINK_IFELSE( 2572 [AC_LANG_PROGRAM([[ 2573#include <openssl/ec.h> 2574#include <openssl/ecdh.h> 2575#include <openssl/ecdsa.h> 2576#include <openssl/evp.h> 2577#include <openssl/objects.h> 2578#include <openssl/opensslv.h> 2579#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2580# error "OpenSSL < 0.9.8g has unreliable ECC code" 2581#endif 2582 ]], [[ 2583 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2584 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2585 ]])], 2586 [ AC_MSG_RESULT([yes]) 2587 enable_nistp256=1 ], 2588 [ AC_MSG_RESULT([no]) ] 2589) 2590 2591AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2592AC_LINK_IFELSE( 2593 [AC_LANG_PROGRAM([[ 2594#include <openssl/ec.h> 2595#include <openssl/ecdh.h> 2596#include <openssl/ecdsa.h> 2597#include <openssl/evp.h> 2598#include <openssl/objects.h> 2599#include <openssl/opensslv.h> 2600#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2601# error "OpenSSL < 0.9.8g has unreliable ECC code" 2602#endif 2603 ]], [[ 2604 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2605 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2606 ]])], 2607 [ AC_MSG_RESULT([yes]) 2608 enable_nistp384=1 ], 2609 [ AC_MSG_RESULT([no]) ] 2610) 2611 2612AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2613AC_LINK_IFELSE( 2614 [AC_LANG_PROGRAM([[ 2615#include <openssl/ec.h> 2616#include <openssl/ecdh.h> 2617#include <openssl/ecdsa.h> 2618#include <openssl/evp.h> 2619#include <openssl/objects.h> 2620#include <openssl/opensslv.h> 2621#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2622# error "OpenSSL < 0.9.8g has unreliable ECC code" 2623#endif 2624 ]], [[ 2625 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2626 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2627 ]])], 2628 [ AC_MSG_RESULT([yes]) 2629 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2630 AC_RUN_IFELSE( 2631 [AC_LANG_PROGRAM([[ 2632#include <openssl/ec.h> 2633#include <openssl/ecdh.h> 2634#include <openssl/ecdsa.h> 2635#include <openssl/evp.h> 2636#include <openssl/objects.h> 2637#include <openssl/opensslv.h> 2638 ]],[[ 2639 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2640 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2641 exit(e == NULL || m == NULL); 2642 ]])], 2643 [ AC_MSG_RESULT([yes]) 2644 enable_nistp521=1 ], 2645 [ AC_MSG_RESULT([no]) ], 2646 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2647 enable_nistp521=1 ] 2648 )], 2649 AC_MSG_RESULT([no]) 2650) 2651 2652COMMENT_OUT_ECC="#no ecc#" 2653TEST_SSH_ECC=no 2654 2655if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2656 test x$enable_nistp521 = x1; then 2657 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2658fi 2659if test x$enable_nistp256 = x1; then 2660 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2661 [libcrypto has NID_X9_62_prime256v1]) 2662 TEST_SSH_ECC=yes 2663 COMMENT_OUT_ECC="" 2664else 2665 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ 2666 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2667fi 2668if test x$enable_nistp384 = x1; then 2669 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2670 TEST_SSH_ECC=yes 2671 COMMENT_OUT_ECC="" 2672else 2673 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ 2674 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2675fi 2676if test x$enable_nistp521 = x1; then 2677 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2678 TEST_SSH_ECC=yes 2679 COMMENT_OUT_ECC="" 2680else 2681 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ 2682 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2683fi 2684 2685AC_SUBST([TEST_SSH_ECC]) 2686AC_SUBST([COMMENT_OUT_ECC]) 2687 2688saved_LIBS="$LIBS" 2689AC_CHECK_LIB([iaf], [ia_openinfo], [ 2690 LIBS="$LIBS -liaf" 2691 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2692 AC_DEFINE([HAVE_LIBIAF], [1], 2693 [Define if system has libiaf that supports set_id]) 2694 ]) 2695]) 2696LIBS="$saved_LIBS" 2697 2698### Configure cryptographic random number support 2699 2700# Check wheter OpenSSL seeds itself 2701AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2702AC_RUN_IFELSE( 2703 [AC_LANG_PROGRAM([[ 2704#include <string.h> 2705#include <openssl/rand.h> 2706 ]], [[ 2707 exit(RAND_status() == 1 ? 0 : 1); 2708 ]])], 2709 [ 2710 OPENSSL_SEEDS_ITSELF=yes 2711 AC_MSG_RESULT([yes]) 2712 ], 2713 [ 2714 AC_MSG_RESULT([no]) 2715 ], 2716 [ 2717 AC_MSG_WARN([cross compiling: assuming yes]) 2718 # This is safe, since we will fatal() at runtime if 2719 # OpenSSL is not seeded correctly. 2720 OPENSSL_SEEDS_ITSELF=yes 2721 ] 2722) 2723 2724# PRNGD TCP socket 2725AC_ARG_WITH([prngd-port], 2726 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2727 [ 2728 case "$withval" in 2729 no) 2730 withval="" 2731 ;; 2732 [[0-9]]*) 2733 ;; 2734 *) 2735 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2736 ;; 2737 esac 2738 if test ! -z "$withval" ; then 2739 PRNGD_PORT="$withval" 2740 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2741 [Port number of PRNGD/EGD random number socket]) 2742 fi 2743 ] 2744) 2745 2746# PRNGD Unix domain socket 2747AC_ARG_WITH([prngd-socket], 2748 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2749 [ 2750 case "$withval" in 2751 yes) 2752 withval="/var/run/egd-pool" 2753 ;; 2754 no) 2755 withval="" 2756 ;; 2757 /*) 2758 ;; 2759 *) 2760 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2761 ;; 2762 esac 2763 2764 if test ! -z "$withval" ; then 2765 if test ! -z "$PRNGD_PORT" ; then 2766 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2767 fi 2768 if test ! -r "$withval" ; then 2769 AC_MSG_WARN([Entropy socket is not readable]) 2770 fi 2771 PRNGD_SOCKET="$withval" 2772 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2773 [Location of PRNGD/EGD random number socket]) 2774 fi 2775 ], 2776 [ 2777 # Check for existing socket only if we don't have a random device already 2778 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2779 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2780 # Insert other locations here 2781 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2782 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2783 PRNGD_SOCKET="$sock" 2784 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2785 break; 2786 fi 2787 done 2788 if test ! -z "$PRNGD_SOCKET" ; then 2789 AC_MSG_RESULT([$PRNGD_SOCKET]) 2790 else 2791 AC_MSG_RESULT([not found]) 2792 fi 2793 fi 2794 ] 2795) 2796 2797# Which randomness source do we use? 2798if test ! -z "$PRNGD_PORT" ; then 2799 RAND_MSG="PRNGd port $PRNGD_PORT" 2800elif test ! -z "$PRNGD_SOCKET" ; then 2801 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 2802elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 2803 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 2804 [Define if you want OpenSSL's internally seeded PRNG only]) 2805 RAND_MSG="OpenSSL internal ONLY" 2806else 2807 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 2808fi 2809 2810# Check for PAM libs 2811PAM_MSG="no" 2812AC_ARG_WITH([pam], 2813 [ --with-pam Enable PAM support ], 2814 [ 2815 if test "x$withval" != "xno" ; then 2816 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 2817 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 2818 AC_MSG_ERROR([PAM headers not found]) 2819 fi 2820 2821 saved_LIBS="$LIBS" 2822 AC_CHECK_LIB([dl], [dlopen], , ) 2823 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 2824 AC_CHECK_FUNCS([pam_getenvlist]) 2825 AC_CHECK_FUNCS([pam_putenv]) 2826 LIBS="$saved_LIBS" 2827 2828 PAM_MSG="yes" 2829 2830 SSHDLIBS="$SSHDLIBS -lpam" 2831 AC_DEFINE([USE_PAM], [1], 2832 [Define if you want to enable PAM support]) 2833 2834 if test $ac_cv_lib_dl_dlopen = yes; then 2835 case "$LIBS" in 2836 *-ldl*) 2837 # libdl already in LIBS 2838 ;; 2839 *) 2840 SSHDLIBS="$SSHDLIBS -ldl" 2841 ;; 2842 esac 2843 fi 2844 fi 2845 ] 2846) 2847 2848# Check for older PAM 2849if test "x$PAM_MSG" = "xyes" ; then 2850 # Check PAM strerror arguments (old PAM) 2851 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 2852 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2853#include <stdlib.h> 2854#if defined(HAVE_SECURITY_PAM_APPL_H) 2855#include <security/pam_appl.h> 2856#elif defined (HAVE_PAM_PAM_APPL_H) 2857#include <pam/pam_appl.h> 2858#endif 2859 ]], [[ 2860(void)pam_strerror((pam_handle_t *)NULL, -1); 2861 ]])], [AC_MSG_RESULT([no])], [ 2862 AC_DEFINE([HAVE_OLD_PAM], [1], 2863 [Define if you have an old version of PAM 2864 which takes only one argument to pam_strerror]) 2865 AC_MSG_RESULT([yes]) 2866 PAM_MSG="yes (old library)" 2867 2868 ]) 2869fi 2870 2871SSH_PRIVSEP_USER=sshd 2872AC_ARG_WITH([privsep-user], 2873 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 2874 [ 2875 if test -n "$withval" && test "x$withval" != "xno" && \ 2876 test "x${withval}" != "xyes"; then 2877 SSH_PRIVSEP_USER=$withval 2878 fi 2879 ] 2880) 2881AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 2882 [non-privileged user for privilege separation]) 2883AC_SUBST([SSH_PRIVSEP_USER]) 2884 2885if test "x$have_linux_no_new_privs" = "x1" ; then 2886AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 2887 #include <sys/types.h> 2888 #include <linux/seccomp.h> 2889]) 2890fi 2891if test "x$have_seccomp_filter" = "x1" ; then 2892AC_MSG_CHECKING([kernel for seccomp_filter support]) 2893AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 2894 #include <errno.h> 2895 #include <elf.h> 2896 #include <linux/audit.h> 2897 #include <linux/seccomp.h> 2898 #include <stdlib.h> 2899 #include <sys/prctl.h> 2900 ]], 2901 [[ int i = $seccomp_audit_arch; 2902 errno = 0; 2903 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 2904 exit(errno == EFAULT ? 0 : 1); ]])], 2905 [ AC_MSG_RESULT([yes]) ], [ 2906 AC_MSG_RESULT([no]) 2907 # Disable seccomp filter as a target 2908 have_seccomp_filter=0 2909 ] 2910) 2911fi 2912 2913# Decide which sandbox style to use 2914sandbox_arg="" 2915AC_ARG_WITH([sandbox], 2916 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], 2917 [ 2918 if test "x$withval" = "xyes" ; then 2919 sandbox_arg="" 2920 else 2921 sandbox_arg="$withval" 2922 fi 2923 ] 2924) 2925 2926# Some platforms (seems to be the ones that have a kernel poll(2)-type 2927# function with which they implement select(2)) use an extra file descriptor 2928# when calling select(2), which means we can't use the rlimit sandbox. 2929AC_MSG_CHECKING([if select works with descriptor rlimit]) 2930AC_RUN_IFELSE( 2931 [AC_LANG_PROGRAM([[ 2932#include <sys/types.h> 2933#ifdef HAVE_SYS_TIME_H 2934# include <sys/time.h> 2935#endif 2936#include <sys/resource.h> 2937#ifdef HAVE_SYS_SELECT_H 2938# include <sys/select.h> 2939#endif 2940#include <errno.h> 2941#include <fcntl.h> 2942#include <stdlib.h> 2943 ]],[[ 2944 struct rlimit rl_zero; 2945 int fd, r; 2946 fd_set fds; 2947 struct timeval tv; 2948 2949 fd = open("/dev/null", O_RDONLY); 2950 FD_ZERO(&fds); 2951 FD_SET(fd, &fds); 2952 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 2953 setrlimit(RLIMIT_FSIZE, &rl_zero); 2954 setrlimit(RLIMIT_NOFILE, &rl_zero); 2955 tv.tv_sec = 1; 2956 tv.tv_usec = 0; 2957 r = select(fd+1, &fds, NULL, NULL, &tv); 2958 exit (r == -1 ? 1 : 0); 2959 ]])], 2960 [AC_MSG_RESULT([yes]) 2961 select_works_with_rlimit=yes], 2962 [AC_MSG_RESULT([no]) 2963 select_works_with_rlimit=no], 2964 [AC_MSG_WARN([cross compiling: assuming yes])] 2965) 2966 2967AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 2968AC_RUN_IFELSE( 2969 [AC_LANG_PROGRAM([[ 2970#include <sys/types.h> 2971#ifdef HAVE_SYS_TIME_H 2972# include <sys/time.h> 2973#endif 2974#include <sys/resource.h> 2975#include <errno.h> 2976#include <stdlib.h> 2977 ]],[[ 2978 struct rlimit rl_zero; 2979 int fd, r; 2980 fd_set fds; 2981 2982 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 2983 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 2984 exit (r == -1 ? 1 : 0); 2985 ]])], 2986 [AC_MSG_RESULT([yes]) 2987 rlimit_nofile_zero_works=yes], 2988 [AC_MSG_RESULT([no]) 2989 rlimit_nofile_zero_works=no], 2990 [AC_MSG_WARN([cross compiling: assuming yes])] 2991) 2992 2993AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 2994AC_RUN_IFELSE( 2995 [AC_LANG_PROGRAM([[ 2996#include <sys/types.h> 2997#include <sys/resource.h> 2998#include <stdlib.h> 2999 ]],[[ 3000 struct rlimit rl_zero; 3001 3002 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3003 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3004 ]])], 3005 [AC_MSG_RESULT([yes])], 3006 [AC_MSG_RESULT([no]) 3007 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3008 [setrlimit RLIMIT_FSIZE works])], 3009 [AC_MSG_WARN([cross compiling: assuming yes])] 3010) 3011 3012if test "x$sandbox_arg" = "xsystrace" || \ 3013 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3014 test "x$have_systr_policy_kill" != "x1" && \ 3015 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3016 SANDBOX_STYLE="systrace" 3017 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3018elif test "x$sandbox_arg" = "xdarwin" || \ 3019 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3020 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3021 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3022 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3023 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3024 SANDBOX_STYLE="darwin" 3025 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3026elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3027 ( test -z "$sandbox_arg" && \ 3028 test "x$have_seccomp_filter" = "x1" && \ 3029 test "x$ac_cv_header_elf_h" = "xyes" && \ 3030 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3031 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3032 test "x$seccomp_audit_arch" != "x" && \ 3033 test "x$have_linux_no_new_privs" = "x1" && \ 3034 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3035 test "x$seccomp_audit_arch" = "x" && \ 3036 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3037 test "x$have_linux_no_new_privs" != "x1" && \ 3038 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3039 test "x$have_seccomp_filter" != "x1" && \ 3040 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3041 test "x$ac_cv_func_prctl" != "xyes" && \ 3042 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3043 SANDBOX_STYLE="seccomp_filter" 3044 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3045elif test "x$sandbox_arg" = "xcapsicum" || \ 3046 ( test -z "$sandbox_arg" && \ 3047 test "x$ac_cv_header_sys_capability_h" = "xyes" && \ 3048 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3049 test "x$ac_cv_header_sys_capability_h" != "xyes" && \ 3050 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header]) 3051 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3052 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3053 SANDBOX_STYLE="capsicum" 3054 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3055elif test "x$sandbox_arg" = "xrlimit" || \ 3056 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3057 test "x$select_works_with_rlimit" = "xyes" && \ 3058 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3059 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3060 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3061 test "x$select_works_with_rlimit" != "xyes" && \ 3062 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3063 SANDBOX_STYLE="rlimit" 3064 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3065elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3066 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3067 SANDBOX_STYLE="none" 3068 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3069else 3070 AC_MSG_ERROR([unsupported --with-sandbox]) 3071fi 3072 3073# Cheap hack to ensure NEWS-OS libraries are arranged right. 3074if test ! -z "$SONY" ; then 3075 LIBS="$LIBS -liberty"; 3076fi 3077 3078# Check for long long datatypes 3079AC_CHECK_TYPES([long long, unsigned long long, long double]) 3080 3081# Check datatype sizes 3082AC_CHECK_SIZEOF([short int], [2]) 3083AC_CHECK_SIZEOF([int], [4]) 3084AC_CHECK_SIZEOF([long int], [4]) 3085AC_CHECK_SIZEOF([long long int], [8]) 3086 3087# Sanity check long long for some platforms (AIX) 3088if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3089 ac_cv_sizeof_long_long_int=0 3090fi 3091 3092# compute LLONG_MIN and LLONG_MAX if we don't know them. 3093if test -z "$have_llong_max"; then 3094 AC_MSG_CHECKING([for max value of long long]) 3095 AC_RUN_IFELSE( 3096 [AC_LANG_PROGRAM([[ 3097#include <stdio.h> 3098/* Why is this so damn hard? */ 3099#ifdef __GNUC__ 3100# undef __GNUC__ 3101#endif 3102#define __USE_ISOC99 3103#include <limits.h> 3104#define DATA "conftest.llminmax" 3105#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3106 3107/* 3108 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3109 * we do this the hard way. 3110 */ 3111static int 3112fprint_ll(FILE *f, long long n) 3113{ 3114 unsigned int i; 3115 int l[sizeof(long long) * 8]; 3116 3117 if (n < 0) 3118 if (fprintf(f, "-") < 0) 3119 return -1; 3120 for (i = 0; n != 0; i++) { 3121 l[i] = my_abs(n % 10); 3122 n /= 10; 3123 } 3124 do { 3125 if (fprintf(f, "%d", l[--i]) < 0) 3126 return -1; 3127 } while (i != 0); 3128 if (fprintf(f, " ") < 0) 3129 return -1; 3130 return 0; 3131} 3132 ]], [[ 3133 FILE *f; 3134 long long i, llmin, llmax = 0; 3135 3136 if((f = fopen(DATA,"w")) == NULL) 3137 exit(1); 3138 3139#if defined(LLONG_MIN) && defined(LLONG_MAX) 3140 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3141 llmin = LLONG_MIN; 3142 llmax = LLONG_MAX; 3143#else 3144 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3145 /* This will work on one's complement and two's complement */ 3146 for (i = 1; i > llmax; i <<= 1, i++) 3147 llmax = i; 3148 llmin = llmax + 1LL; /* wrap */ 3149#endif 3150 3151 /* Sanity check */ 3152 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3153 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3154 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3155 fprintf(f, "unknown unknown\n"); 3156 exit(2); 3157 } 3158 3159 if (fprint_ll(f, llmin) < 0) 3160 exit(3); 3161 if (fprint_ll(f, llmax) < 0) 3162 exit(4); 3163 if (fclose(f) < 0) 3164 exit(5); 3165 exit(0); 3166 ]])], 3167 [ 3168 llong_min=`$AWK '{print $1}' conftest.llminmax` 3169 llong_max=`$AWK '{print $2}' conftest.llminmax` 3170 3171 AC_MSG_RESULT([$llong_max]) 3172 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3173 [max value of long long calculated by configure]) 3174 AC_MSG_CHECKING([for min value of long long]) 3175 AC_MSG_RESULT([$llong_min]) 3176 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3177 [min value of long long calculated by configure]) 3178 ], 3179 [ 3180 AC_MSG_RESULT([not found]) 3181 ], 3182 [ 3183 AC_MSG_WARN([cross compiling: not checking]) 3184 ] 3185 ) 3186fi 3187 3188 3189# More checks for data types 3190AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3191 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3192 [[ u_int a; a = 1;]])], 3193 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3194 ]) 3195]) 3196if test "x$ac_cv_have_u_int" = "xyes" ; then 3197 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3198 have_u_int=1 3199fi 3200 3201AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3202 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3203 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3204 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3205 ]) 3206]) 3207if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3208 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3209 have_intxx_t=1 3210fi 3211 3212if (test -z "$have_intxx_t" && \ 3213 test "x$ac_cv_header_stdint_h" = "xyes") 3214then 3215 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3216 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3217 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3218 [ 3219 AC_DEFINE([HAVE_INTXX_T]) 3220 AC_MSG_RESULT([yes]) 3221 ], [ AC_MSG_RESULT([no]) 3222 ]) 3223fi 3224 3225AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3226 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3227#include <sys/types.h> 3228#ifdef HAVE_STDINT_H 3229# include <stdint.h> 3230#endif 3231#include <sys/socket.h> 3232#ifdef HAVE_SYS_BITYPES_H 3233# include <sys/bitypes.h> 3234#endif 3235 ]], [[ 3236int64_t a; a = 1; 3237 ]])], 3238 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3239 ]) 3240]) 3241if test "x$ac_cv_have_int64_t" = "xyes" ; then 3242 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3243fi 3244 3245AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3246 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3247 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3248 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3249 ]) 3250]) 3251if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3252 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3253 have_u_intxx_t=1 3254fi 3255 3256if test -z "$have_u_intxx_t" ; then 3257 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3258 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3259 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3260 [ 3261 AC_DEFINE([HAVE_U_INTXX_T]) 3262 AC_MSG_RESULT([yes]) 3263 ], [ AC_MSG_RESULT([no]) 3264 ]) 3265fi 3266 3267AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3268 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3269 [[ u_int64_t a; a = 1;]])], 3270 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3271 ]) 3272]) 3273if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3274 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3275 have_u_int64_t=1 3276fi 3277 3278if (test -z "$have_u_int64_t" && \ 3279 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3280then 3281 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3282 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3283 [[ u_int64_t a; a = 1]])], 3284 [ 3285 AC_DEFINE([HAVE_U_INT64_T]) 3286 AC_MSG_RESULT([yes]) 3287 ], [ AC_MSG_RESULT([no]) 3288 ]) 3289fi 3290 3291if test -z "$have_u_intxx_t" ; then 3292 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3293 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3294#include <sys/types.h> 3295 ]], [[ 3296 uint8_t a; 3297 uint16_t b; 3298 uint32_t c; 3299 a = b = c = 1; 3300 ]])], 3301 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3302 ]) 3303 ]) 3304 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3305 AC_DEFINE([HAVE_UINTXX_T], [1], 3306 [define if you have uintxx_t data type]) 3307 fi 3308fi 3309 3310if (test -z "$have_uintxx_t" && \ 3311 test "x$ac_cv_header_stdint_h" = "xyes") 3312then 3313 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3314 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3315 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3316 [ 3317 AC_DEFINE([HAVE_UINTXX_T]) 3318 AC_MSG_RESULT([yes]) 3319 ], [ AC_MSG_RESULT([no]) 3320 ]) 3321fi 3322 3323if (test -z "$have_uintxx_t" && \ 3324 test "x$ac_cv_header_inttypes_h" = "xyes") 3325then 3326 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3327 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3328 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3329 [ 3330 AC_DEFINE([HAVE_UINTXX_T]) 3331 AC_MSG_RESULT([yes]) 3332 ], [ AC_MSG_RESULT([no]) 3333 ]) 3334fi 3335 3336if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3337 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3338then 3339 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3340 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3341#include <sys/bitypes.h> 3342 ]], [[ 3343 int8_t a; int16_t b; int32_t c; 3344 u_int8_t e; u_int16_t f; u_int32_t g; 3345 a = b = c = e = f = g = 1; 3346 ]])], 3347 [ 3348 AC_DEFINE([HAVE_U_INTXX_T]) 3349 AC_DEFINE([HAVE_INTXX_T]) 3350 AC_MSG_RESULT([yes]) 3351 ], [AC_MSG_RESULT([no]) 3352 ]) 3353fi 3354 3355 3356AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3357 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3358 [[ u_char foo; foo = 125; ]])], 3359 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3360 ]) 3361]) 3362if test "x$ac_cv_have_u_char" = "xyes" ; then 3363 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3364fi 3365 3366AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3367#include <sys/types.h> 3368#include <stdint.h> 3369]) 3370 3371TYPE_SOCKLEN_T 3372 3373AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3374AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3375#include <sys/types.h> 3376#ifdef HAVE_SYS_BITYPES_H 3377#include <sys/bitypes.h> 3378#endif 3379#ifdef HAVE_SYS_STATFS_H 3380#include <sys/statfs.h> 3381#endif 3382#ifdef HAVE_SYS_STATVFS_H 3383#include <sys/statvfs.h> 3384#endif 3385]) 3386 3387AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3388[#include <sys/types.h> 3389#include <netinet/in.h>]) 3390 3391AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3392 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3393 [[ size_t foo; foo = 1235; ]])], 3394 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3395 ]) 3396]) 3397if test "x$ac_cv_have_size_t" = "xyes" ; then 3398 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3399fi 3400 3401AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3402 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3403 [[ ssize_t foo; foo = 1235; ]])], 3404 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3405 ]) 3406]) 3407if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3408 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3409fi 3410 3411AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3412 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3413 [[ clock_t foo; foo = 1235; ]])], 3414 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3415 ]) 3416]) 3417if test "x$ac_cv_have_clock_t" = "xyes" ; then 3418 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3419fi 3420 3421AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3422 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3423#include <sys/types.h> 3424#include <sys/socket.h> 3425 ]], [[ sa_family_t foo; foo = 1235; ]])], 3426 [ ac_cv_have_sa_family_t="yes" ], 3427 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3428#include <sys/types.h> 3429#include <sys/socket.h> 3430#include <netinet/in.h> 3431 ]], [[ sa_family_t foo; foo = 1235; ]])], 3432 [ ac_cv_have_sa_family_t="yes" ], 3433 [ ac_cv_have_sa_family_t="no" ] 3434 ) 3435 ]) 3436]) 3437if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3438 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3439 [define if you have sa_family_t data type]) 3440fi 3441 3442AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3443 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3444 [[ pid_t foo; foo = 1235; ]])], 3445 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3446 ]) 3447]) 3448if test "x$ac_cv_have_pid_t" = "xyes" ; then 3449 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3450fi 3451 3452AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3453 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3454 [[ mode_t foo; foo = 1235; ]])], 3455 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3456 ]) 3457]) 3458if test "x$ac_cv_have_mode_t" = "xyes" ; then 3459 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3460fi 3461 3462 3463AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3464 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3465#include <sys/types.h> 3466#include <sys/socket.h> 3467 ]], [[ struct sockaddr_storage s; ]])], 3468 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3469 [ ac_cv_have_struct_sockaddr_storage="no" 3470 ]) 3471]) 3472if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3473 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3474 [define if you have struct sockaddr_storage data type]) 3475fi 3476 3477AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3479#include <sys/types.h> 3480#include <netinet/in.h> 3481 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3482 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3483 [ ac_cv_have_struct_sockaddr_in6="no" 3484 ]) 3485]) 3486if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3487 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3488 [define if you have struct sockaddr_in6 data type]) 3489fi 3490 3491AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3493#include <sys/types.h> 3494#include <netinet/in.h> 3495 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3496 [ ac_cv_have_struct_in6_addr="yes" ], 3497 [ ac_cv_have_struct_in6_addr="no" 3498 ]) 3499]) 3500if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3501 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3502 [define if you have struct in6_addr data type]) 3503 3504dnl Now check for sin6_scope_id 3505 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3506 [ 3507#ifdef HAVE_SYS_TYPES_H 3508#include <sys/types.h> 3509#endif 3510#include <netinet/in.h> 3511 ]) 3512fi 3513 3514AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3515 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3516#include <sys/types.h> 3517#include <sys/socket.h> 3518#include <netdb.h> 3519 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3520 [ ac_cv_have_struct_addrinfo="yes" ], 3521 [ ac_cv_have_struct_addrinfo="no" 3522 ]) 3523]) 3524if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3525 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3526 [define if you have struct addrinfo data type]) 3527fi 3528 3529AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3530 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3531 [[ struct timeval tv; tv.tv_sec = 1;]])], 3532 [ ac_cv_have_struct_timeval="yes" ], 3533 [ ac_cv_have_struct_timeval="no" 3534 ]) 3535]) 3536if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3537 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3538 have_struct_timeval=1 3539fi 3540 3541AC_CHECK_TYPES([struct timespec]) 3542 3543# We need int64_t or else certian parts of the compile will fail. 3544if test "x$ac_cv_have_int64_t" = "xno" && \ 3545 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3546 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3547 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3548 echo "an alternative compiler (I.E., GCC) before continuing." 3549 echo "" 3550 exit 1; 3551else 3552dnl test snprintf (broken on SCO w/gcc) 3553 AC_RUN_IFELSE( 3554 [AC_LANG_SOURCE([[ 3555#include <stdio.h> 3556#include <string.h> 3557#ifdef HAVE_SNPRINTF 3558main() 3559{ 3560 char buf[50]; 3561 char expected_out[50]; 3562 int mazsize = 50 ; 3563#if (SIZEOF_LONG_INT == 8) 3564 long int num = 0x7fffffffffffffff; 3565#else 3566 long long num = 0x7fffffffffffffffll; 3567#endif 3568 strcpy(expected_out, "9223372036854775807"); 3569 snprintf(buf, mazsize, "%lld", num); 3570 if(strcmp(buf, expected_out) != 0) 3571 exit(1); 3572 exit(0); 3573} 3574#else 3575main() { exit(0); } 3576#endif 3577 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3578 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3579 ) 3580fi 3581 3582dnl Checks for structure members 3583OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3584OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3585OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3586OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3587OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3588OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3589OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3590OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3591OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3592OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3593OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3594OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3595OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3596OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3597OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3598OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3599OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3600 3601AC_CHECK_MEMBERS([struct stat.st_blksize]) 3602AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3603struct passwd.pw_change, struct passwd.pw_expire], 3604[], [], [[ 3605#include <sys/types.h> 3606#include <pwd.h> 3607]]) 3608 3609AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3610 [Define if we don't have struct __res_state in resolv.h])], 3611[[ 3612#include <stdio.h> 3613#if HAVE_SYS_TYPES_H 3614# include <sys/types.h> 3615#endif 3616#include <netinet/in.h> 3617#include <arpa/nameser.h> 3618#include <resolv.h> 3619]]) 3620 3621AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3622 ac_cv_have_ss_family_in_struct_ss, [ 3623 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3624#include <sys/types.h> 3625#include <sys/socket.h> 3626 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3627 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3628 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3629]) 3630if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3631 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3632fi 3633 3634AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3635 ac_cv_have___ss_family_in_struct_ss, [ 3636 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3637#include <sys/types.h> 3638#include <sys/socket.h> 3639 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3640 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3641 [ ac_cv_have___ss_family_in_struct_ss="no" 3642 ]) 3643]) 3644if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3645 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3646 [Fields in struct sockaddr_storage]) 3647fi 3648 3649dnl make sure we're using the real structure members and not defines 3650AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3651 ac_cv_have_accrights_in_msghdr, [ 3652 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3653#include <sys/types.h> 3654#include <sys/socket.h> 3655#include <sys/uio.h> 3656 ]], [[ 3657#ifdef msg_accrights 3658#error "msg_accrights is a macro" 3659exit(1); 3660#endif 3661struct msghdr m; 3662m.msg_accrights = 0; 3663exit(0); 3664 ]])], 3665 [ ac_cv_have_accrights_in_msghdr="yes" ], 3666 [ ac_cv_have_accrights_in_msghdr="no" ] 3667 ) 3668]) 3669if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3670 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3671 [Define if your system uses access rights style 3672 file descriptor passing]) 3673fi 3674 3675AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3676AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3677#include <sys/param.h> 3678#include <sys/stat.h> 3679#ifdef HAVE_SYS_TIME_H 3680# include <sys/time.h> 3681#endif 3682#ifdef HAVE_SYS_MOUNT_H 3683#include <sys/mount.h> 3684#endif 3685#ifdef HAVE_SYS_STATVFS_H 3686#include <sys/statvfs.h> 3687#endif 3688 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3689 [ AC_MSG_RESULT([yes]) ], 3690 [ AC_MSG_RESULT([no]) 3691 3692 AC_MSG_CHECKING([if fsid_t has member val]) 3693 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3694#include <sys/types.h> 3695#include <sys/statvfs.h> 3696 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3697 [ AC_MSG_RESULT([yes]) 3698 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3699 [ AC_MSG_RESULT([no]) ]) 3700 3701 AC_MSG_CHECKING([if f_fsid has member __val]) 3702 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3703#include <sys/types.h> 3704#include <sys/statvfs.h> 3705 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3706 [ AC_MSG_RESULT([yes]) 3707 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3708 [ AC_MSG_RESULT([no]) ]) 3709]) 3710 3711AC_CACHE_CHECK([for msg_control field in struct msghdr], 3712 ac_cv_have_control_in_msghdr, [ 3713 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3714#include <sys/types.h> 3715#include <sys/socket.h> 3716#include <sys/uio.h> 3717 ]], [[ 3718#ifdef msg_control 3719#error "msg_control is a macro" 3720exit(1); 3721#endif 3722struct msghdr m; 3723m.msg_control = 0; 3724exit(0); 3725 ]])], 3726 [ ac_cv_have_control_in_msghdr="yes" ], 3727 [ ac_cv_have_control_in_msghdr="no" ] 3728 ) 3729]) 3730if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3731 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3732 [Define if your system uses ancillary data style 3733 file descriptor passing]) 3734fi 3735 3736AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3737 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3738 [[ extern char *__progname; printf("%s", __progname); ]])], 3739 [ ac_cv_libc_defines___progname="yes" ], 3740 [ ac_cv_libc_defines___progname="no" 3741 ]) 3742]) 3743if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3744 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3745fi 3746 3747AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3748 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3749 [[ printf("%s", __FUNCTION__); ]])], 3750 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3751 [ ac_cv_cc_implements___FUNCTION__="no" 3752 ]) 3753]) 3754if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 3755 AC_DEFINE([HAVE___FUNCTION__], [1], 3756 [Define if compiler implements __FUNCTION__]) 3757fi 3758 3759AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 3760 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3761 [[ printf("%s", __func__); ]])], 3762 [ ac_cv_cc_implements___func__="yes" ], 3763 [ ac_cv_cc_implements___func__="no" 3764 ]) 3765]) 3766if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 3767 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 3768fi 3769 3770AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 3771 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3772#include <stdarg.h> 3773va_list x,y; 3774 ]], [[ va_copy(x,y); ]])], 3775 [ ac_cv_have_va_copy="yes" ], 3776 [ ac_cv_have_va_copy="no" 3777 ]) 3778]) 3779if test "x$ac_cv_have_va_copy" = "xyes" ; then 3780 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 3781fi 3782 3783AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 3784 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3785#include <stdarg.h> 3786va_list x,y; 3787 ]], [[ __va_copy(x,y); ]])], 3788 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 3789 ]) 3790]) 3791if test "x$ac_cv_have___va_copy" = "xyes" ; then 3792 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 3793fi 3794 3795AC_CACHE_CHECK([whether getopt has optreset support], 3796 ac_cv_have_getopt_optreset, [ 3797 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 3798 [[ extern int optreset; optreset = 0; ]])], 3799 [ ac_cv_have_getopt_optreset="yes" ], 3800 [ ac_cv_have_getopt_optreset="no" 3801 ]) 3802]) 3803if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 3804 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 3805 [Define if your getopt(3) defines and uses optreset]) 3806fi 3807 3808AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 3809 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3810[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 3811 [ ac_cv_libc_defines_sys_errlist="yes" ], 3812 [ ac_cv_libc_defines_sys_errlist="no" 3813 ]) 3814]) 3815if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 3816 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 3817 [Define if your system defines sys_errlist[]]) 3818fi 3819 3820 3821AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 3822 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3823[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 3824 [ ac_cv_libc_defines_sys_nerr="yes" ], 3825 [ ac_cv_libc_defines_sys_nerr="no" 3826 ]) 3827]) 3828if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 3829 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 3830fi 3831 3832# Check libraries needed by DNS fingerprint support 3833AC_SEARCH_LIBS([getrrsetbyname], [resolv], 3834 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 3835 [Define if getrrsetbyname() exists])], 3836 [ 3837 # Needed by our getrrsetbyname() 3838 AC_SEARCH_LIBS([res_query], [resolv]) 3839 AC_SEARCH_LIBS([dn_expand], [resolv]) 3840 AC_MSG_CHECKING([if res_query will link]) 3841 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3842#include <sys/types.h> 3843#include <netinet/in.h> 3844#include <arpa/nameser.h> 3845#include <netdb.h> 3846#include <resolv.h> 3847 ]], [[ 3848 res_query (0, 0, 0, 0, 0); 3849 ]])], 3850 AC_MSG_RESULT([yes]), 3851 [AC_MSG_RESULT([no]) 3852 saved_LIBS="$LIBS" 3853 LIBS="$LIBS -lresolv" 3854 AC_MSG_CHECKING([for res_query in -lresolv]) 3855 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3856#include <sys/types.h> 3857#include <netinet/in.h> 3858#include <arpa/nameser.h> 3859#include <netdb.h> 3860#include <resolv.h> 3861 ]], [[ 3862 res_query (0, 0, 0, 0, 0); 3863 ]])], 3864 [AC_MSG_RESULT([yes])], 3865 [LIBS="$saved_LIBS" 3866 AC_MSG_RESULT([no])]) 3867 ]) 3868 AC_CHECK_FUNCS([_getshort _getlong]) 3869 AC_CHECK_DECLS([_getshort, _getlong], , , 3870 [#include <sys/types.h> 3871 #include <arpa/nameser.h>]) 3872 AC_CHECK_MEMBER([HEADER.ad], 3873 [AC_DEFINE([HAVE_HEADER_AD], [1], 3874 [Define if HEADER.ad exists in arpa/nameser.h])], , 3875 [#include <arpa/nameser.h>]) 3876 ]) 3877 3878AC_MSG_CHECKING([if struct __res_state _res is an extern]) 3879AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3880#include <stdio.h> 3881#if HAVE_SYS_TYPES_H 3882# include <sys/types.h> 3883#endif 3884#include <netinet/in.h> 3885#include <arpa/nameser.h> 3886#include <resolv.h> 3887extern struct __res_state _res; 3888 ]], [[ ]])], 3889 [AC_MSG_RESULT([yes]) 3890 AC_DEFINE([HAVE__RES_EXTERN], [1], 3891 [Define if you have struct __res_state _res as an extern]) 3892 ], 3893 [ AC_MSG_RESULT([no]) ] 3894) 3895 3896# Check whether user wants SELinux support 3897SELINUX_MSG="no" 3898LIBSELINUX="" 3899AC_ARG_WITH([selinux], 3900 [ --with-selinux Enable SELinux support], 3901 [ if test "x$withval" != "xno" ; then 3902 save_LIBS="$LIBS" 3903 AC_DEFINE([WITH_SELINUX], [1], 3904 [Define if you want SELinux support.]) 3905 SELINUX_MSG="yes" 3906 AC_CHECK_HEADER([selinux/selinux.h], , 3907 AC_MSG_ERROR([SELinux support requires selinux.h header])) 3908 AC_CHECK_LIB([selinux], [setexeccon], 3909 [ LIBSELINUX="-lselinux" 3910 LIBS="$LIBS -lselinux" 3911 ], 3912 AC_MSG_ERROR([SELinux support requires libselinux library])) 3913 SSHLIBS="$SSHLIBS $LIBSELINUX" 3914 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 3915 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 3916 LIBS="$save_LIBS" 3917 fi ] 3918) 3919AC_SUBST([SSHLIBS]) 3920AC_SUBST([SSHDLIBS]) 3921 3922# Check whether user wants Kerberos 5 support 3923KRB5_MSG="no" 3924AC_ARG_WITH([kerberos5], 3925 [ --with-kerberos5=PATH Enable Kerberos 5 support], 3926 [ if test "x$withval" != "xno" ; then 3927 if test "x$withval" = "xyes" ; then 3928 KRB5ROOT="/usr/local" 3929 else 3930 KRB5ROOT=${withval} 3931 fi 3932 3933 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 3934 KRB5_MSG="yes" 3935 3936 AC_PATH_PROG([KRB5CONF], [krb5-config], 3937 [$KRB5ROOT/bin/krb5-config], 3938 [$KRB5ROOT/bin:$PATH]) 3939 if test -x $KRB5CONF ; then 3940 K5CFLAGS="`$KRB5CONF --cflags`" 3941 K5LIBS="`$KRB5CONF --libs`" 3942 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 3943 3944 AC_MSG_CHECKING([for gssapi support]) 3945 if $KRB5CONF | grep gssapi >/dev/null ; then 3946 AC_MSG_RESULT([yes]) 3947 AC_DEFINE([GSSAPI], [1], 3948 [Define this if you want GSSAPI 3949 support in the version 2 protocol]) 3950 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 3951 GSSLIBS="`$KRB5CONF --libs gssapi`" 3952 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 3953 else 3954 AC_MSG_RESULT([no]) 3955 fi 3956 AC_MSG_CHECKING([whether we are using Heimdal]) 3957 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 3958 ]], [[ char *tmp = heimdal_version; ]])], 3959 [ AC_MSG_RESULT([yes]) 3960 AC_DEFINE([HEIMDAL], [1], 3961 [Define this if you are using the Heimdal 3962 version of Kerberos V5]) ], 3963 [AC_MSG_RESULT([no]) 3964 ]) 3965 else 3966 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 3967 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 3968 AC_MSG_CHECKING([whether we are using Heimdal]) 3969 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 3970 ]], [[ char *tmp = heimdal_version; ]])], 3971 [ AC_MSG_RESULT([yes]) 3972 AC_DEFINE([HEIMDAL]) 3973 K5LIBS="-lkrb5" 3974 K5LIBS="$K5LIBS -lcom_err -lasn1" 3975 AC_CHECK_LIB([roken], [net_write], 3976 [K5LIBS="$K5LIBS -lroken"]) 3977 AC_CHECK_LIB([des], [des_cbc_encrypt], 3978 [K5LIBS="$K5LIBS -ldes"]) 3979 ], [ AC_MSG_RESULT([no]) 3980 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 3981 3982 ]) 3983 AC_SEARCH_LIBS([dn_expand], [resolv]) 3984 3985 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 3986 [ AC_DEFINE([GSSAPI]) 3987 GSSLIBS="-lgssapi_krb5" ], 3988 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 3989 [ AC_DEFINE([GSSAPI]) 3990 GSSLIBS="-lgssapi" ], 3991 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 3992 [ AC_DEFINE([GSSAPI]) 3993 GSSLIBS="-lgss" ], 3994 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 3995 ]) 3996 ]) 3997 3998 AC_CHECK_HEADER([gssapi.h], , 3999 [ unset ac_cv_header_gssapi_h 4000 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4001 AC_CHECK_HEADERS([gssapi.h], , 4002 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4003 ) 4004 ] 4005 ) 4006 4007 oldCPP="$CPPFLAGS" 4008 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4009 AC_CHECK_HEADER([gssapi_krb5.h], , 4010 [ CPPFLAGS="$oldCPP" ]) 4011 4012 fi 4013 if test ! -z "$need_dash_r" ; then 4014 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4015 fi 4016 if test ! -z "$blibpath" ; then 4017 blibpath="$blibpath:${KRB5ROOT}/lib" 4018 fi 4019 4020 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4021 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4022 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4023 4024 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4025 [Define this if you want to use libkafs' AFS support])]) 4026 4027 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4028#ifdef HAVE_GSSAPI_H 4029# include <gssapi.h> 4030#elif defined(HAVE_GSSAPI_GSSAPI_H) 4031# include <gssapi/gssapi.h> 4032#endif 4033 4034#ifdef HAVE_GSSAPI_GENERIC_H 4035# include <gssapi_generic.h> 4036#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4037# include <gssapi/gssapi_generic.h> 4038#endif 4039 ]]) 4040 saved_LIBS="$LIBS" 4041 LIBS="$LIBS $K5LIBS" 4042 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4043 LIBS="$saved_LIBS" 4044 4045 fi 4046 ] 4047) 4048AC_SUBST([GSSLIBS]) 4049AC_SUBST([K5LIBS]) 4050 4051# Looking for programs, paths and files 4052 4053PRIVSEP_PATH=/var/empty 4054AC_ARG_WITH([privsep-path], 4055 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4056 [ 4057 if test -n "$withval" && test "x$withval" != "xno" && \ 4058 test "x${withval}" != "xyes"; then 4059 PRIVSEP_PATH=$withval 4060 fi 4061 ] 4062) 4063AC_SUBST([PRIVSEP_PATH]) 4064 4065AC_ARG_WITH([xauth], 4066 [ --with-xauth=PATH Specify path to xauth program ], 4067 [ 4068 if test -n "$withval" && test "x$withval" != "xno" && \ 4069 test "x${withval}" != "xyes"; then 4070 xauth_path=$withval 4071 fi 4072 ], 4073 [ 4074 TestPath="$PATH" 4075 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4076 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4077 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4078 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4079 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4080 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4081 xauth_path="/usr/openwin/bin/xauth" 4082 fi 4083 ] 4084) 4085 4086STRIP_OPT=-s 4087AC_ARG_ENABLE([strip], 4088 [ --disable-strip Disable calling strip(1) on install], 4089 [ 4090 if test "x$enableval" = "xno" ; then 4091 STRIP_OPT= 4092 fi 4093 ] 4094) 4095AC_SUBST([STRIP_OPT]) 4096 4097if test -z "$xauth_path" ; then 4098 XAUTH_PATH="undefined" 4099 AC_SUBST([XAUTH_PATH]) 4100else 4101 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4102 [Define if xauth is found in your path]) 4103 XAUTH_PATH=$xauth_path 4104 AC_SUBST([XAUTH_PATH]) 4105fi 4106 4107dnl # --with-maildir=/path/to/mail gets top priority. 4108dnl # if maildir is set in the platform case statement above we use that. 4109dnl # Otherwise we run a program to get the dir from system headers. 4110dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4111dnl # If we find _PATH_MAILDIR we do nothing because that is what 4112dnl # session.c expects anyway. Otherwise we set to the value found 4113dnl # stripping any trailing slash. If for some strage reason our program 4114dnl # does not find what it needs, we default to /var/spool/mail. 4115# Check for mail directory 4116AC_ARG_WITH([maildir], 4117 [ --with-maildir=/path/to/mail Specify your system mail directory], 4118 [ 4119 if test "X$withval" != X && test "x$withval" != xno && \ 4120 test "x${withval}" != xyes; then 4121 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4122 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4123 fi 4124 ],[ 4125 if test "X$maildir" != "X"; then 4126 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4127 else 4128 AC_MSG_CHECKING([Discovering system mail directory]) 4129 AC_RUN_IFELSE( 4130 [AC_LANG_PROGRAM([[ 4131#include <stdio.h> 4132#include <string.h> 4133#ifdef HAVE_PATHS_H 4134#include <paths.h> 4135#endif 4136#ifdef HAVE_MAILLOCK_H 4137#include <maillock.h> 4138#endif 4139#define DATA "conftest.maildir" 4140 ]], [[ 4141 FILE *fd; 4142 int rc; 4143 4144 fd = fopen(DATA,"w"); 4145 if(fd == NULL) 4146 exit(1); 4147 4148#if defined (_PATH_MAILDIR) 4149 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4150 exit(1); 4151#elif defined (MAILDIR) 4152 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4153 exit(1); 4154#elif defined (_PATH_MAIL) 4155 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4156 exit(1); 4157#else 4158 exit (2); 4159#endif 4160 4161 exit(0); 4162 ]])], 4163 [ 4164 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4165 maildir=`awk -F: '{print $2}' conftest.maildir \ 4166 | sed 's|/$||'` 4167 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4168 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4169 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4170 fi 4171 ], 4172 [ 4173 if test "X$ac_status" = "X2";then 4174# our test program didn't find it. Default to /var/spool/mail 4175 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4176 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4177 else 4178 AC_MSG_RESULT([*** not found ***]) 4179 fi 4180 ], 4181 [ 4182 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4183 ] 4184 ) 4185 fi 4186 ] 4187) # maildir 4188 4189if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4190 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4191 disable_ptmx_check=yes 4192fi 4193if test -z "$no_dev_ptmx" ; then 4194 if test "x$disable_ptmx_check" != "xyes" ; then 4195 AC_CHECK_FILE(["/dev/ptmx"], 4196 [ 4197 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4198 [Define if you have /dev/ptmx]) 4199 have_dev_ptmx=1 4200 ] 4201 ) 4202 fi 4203fi 4204 4205if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4206 AC_CHECK_FILE(["/dev/ptc"], 4207 [ 4208 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4209 [Define if you have /dev/ptc]) 4210 have_dev_ptc=1 4211 ] 4212 ) 4213else 4214 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4215fi 4216 4217# Options from here on. Some of these are preset by platform above 4218AC_ARG_WITH([mantype], 4219 [ --with-mantype=man|cat|doc Set man page type], 4220 [ 4221 case "$withval" in 4222 man|cat|doc) 4223 MANTYPE=$withval 4224 ;; 4225 *) 4226 AC_MSG_ERROR([invalid man type: $withval]) 4227 ;; 4228 esac 4229 ] 4230) 4231if test -z "$MANTYPE"; then 4232 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4233 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4234 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4235 MANTYPE=doc 4236 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4237 MANTYPE=man 4238 else 4239 MANTYPE=cat 4240 fi 4241fi 4242AC_SUBST([MANTYPE]) 4243if test "$MANTYPE" = "doc"; then 4244 mansubdir=man; 4245else 4246 mansubdir=$MANTYPE; 4247fi 4248AC_SUBST([mansubdir]) 4249 4250# Check whether to enable MD5 passwords 4251MD5_MSG="no" 4252AC_ARG_WITH([md5-passwords], 4253 [ --with-md5-passwords Enable use of MD5 passwords], 4254 [ 4255 if test "x$withval" != "xno" ; then 4256 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4257 [Define if you want to allow MD5 passwords]) 4258 MD5_MSG="yes" 4259 fi 4260 ] 4261) 4262 4263# Whether to disable shadow password support 4264AC_ARG_WITH([shadow], 4265 [ --without-shadow Disable shadow password support], 4266 [ 4267 if test "x$withval" = "xno" ; then 4268 AC_DEFINE([DISABLE_SHADOW]) 4269 disable_shadow=yes 4270 fi 4271 ] 4272) 4273 4274if test -z "$disable_shadow" ; then 4275 AC_MSG_CHECKING([if the systems has expire shadow information]) 4276 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4277#include <sys/types.h> 4278#include <shadow.h> 4279struct spwd sp; 4280 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4281 [ sp_expire_available=yes ], [ 4282 ]) 4283 4284 if test "x$sp_expire_available" = "xyes" ; then 4285 AC_MSG_RESULT([yes]) 4286 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4287 [Define if you want to use shadow password expire field]) 4288 else 4289 AC_MSG_RESULT([no]) 4290 fi 4291fi 4292 4293# Use ip address instead of hostname in $DISPLAY 4294if test ! -z "$IPADDR_IN_DISPLAY" ; then 4295 DISPLAY_HACK_MSG="yes" 4296 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4297 [Define if you need to use IP address 4298 instead of hostname in $DISPLAY]) 4299else 4300 DISPLAY_HACK_MSG="no" 4301 AC_ARG_WITH([ipaddr-display], 4302 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], 4303 [ 4304 if test "x$withval" != "xno" ; then 4305 AC_DEFINE([IPADDR_IN_DISPLAY]) 4306 DISPLAY_HACK_MSG="yes" 4307 fi 4308 ] 4309 ) 4310fi 4311 4312# check for /etc/default/login and use it if present. 4313AC_ARG_ENABLE([etc-default-login], 4314 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4315 [ if test "x$enableval" = "xno"; then 4316 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4317 etc_default_login=no 4318 else 4319 etc_default_login=yes 4320 fi ], 4321 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4322 then 4323 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4324 etc_default_login=no 4325 else 4326 etc_default_login=yes 4327 fi ] 4328) 4329 4330if test "x$etc_default_login" != "xno"; then 4331 AC_CHECK_FILE(["/etc/default/login"], 4332 [ external_path_file=/etc/default/login ]) 4333 if test "x$external_path_file" = "x/etc/default/login"; then 4334 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4335 [Define if your system has /etc/default/login]) 4336 fi 4337fi 4338 4339dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4340if test $ac_cv_func_login_getcapbool = "yes" && \ 4341 test $ac_cv_header_login_cap_h = "yes" ; then 4342 external_path_file=/etc/login.conf 4343fi 4344 4345# Whether to mess with the default path 4346SERVER_PATH_MSG="(default)" 4347AC_ARG_WITH([default-path], 4348 [ --with-default-path= Specify default \$PATH environment for server], 4349 [ 4350 if test "x$external_path_file" = "x/etc/login.conf" ; then 4351 AC_MSG_WARN([ 4352--with-default-path=PATH has no effect on this system. 4353Edit /etc/login.conf instead.]) 4354 elif test "x$withval" != "xno" ; then 4355 if test ! -z "$external_path_file" ; then 4356 AC_MSG_WARN([ 4357--with-default-path=PATH will only be used if PATH is not defined in 4358$external_path_file .]) 4359 fi 4360 user_path="$withval" 4361 SERVER_PATH_MSG="$withval" 4362 fi 4363 ], 4364 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4365 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4366 else 4367 if test ! -z "$external_path_file" ; then 4368 AC_MSG_WARN([ 4369If PATH is defined in $external_path_file, ensure the path to scp is included, 4370otherwise scp will not work.]) 4371 fi 4372 AC_RUN_IFELSE( 4373 [AC_LANG_PROGRAM([[ 4374/* find out what STDPATH is */ 4375#include <stdio.h> 4376#ifdef HAVE_PATHS_H 4377# include <paths.h> 4378#endif 4379#ifndef _PATH_STDPATH 4380# ifdef _PATH_USERPATH /* Irix */ 4381# define _PATH_STDPATH _PATH_USERPATH 4382# else 4383# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4384# endif 4385#endif 4386#include <sys/types.h> 4387#include <sys/stat.h> 4388#include <fcntl.h> 4389#define DATA "conftest.stdpath" 4390 ]], [[ 4391 FILE *fd; 4392 int rc; 4393 4394 fd = fopen(DATA,"w"); 4395 if(fd == NULL) 4396 exit(1); 4397 4398 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4399 exit(1); 4400 4401 exit(0); 4402 ]])], 4403 [ user_path=`cat conftest.stdpath` ], 4404 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4405 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4406 ) 4407# make sure $bindir is in USER_PATH so scp will work 4408 t_bindir="${bindir}" 4409 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4410 t_bindir=`eval echo ${t_bindir}` 4411 case $t_bindir in 4412 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4413 esac 4414 case $t_bindir in 4415 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4416 esac 4417 done 4418 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4419 if test $? -ne 0 ; then 4420 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4421 if test $? -ne 0 ; then 4422 user_path=$user_path:$t_bindir 4423 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4424 fi 4425 fi 4426 fi ] 4427) 4428if test "x$external_path_file" != "x/etc/login.conf" ; then 4429 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4430 AC_SUBST([user_path]) 4431fi 4432 4433# Set superuser path separately to user path 4434AC_ARG_WITH([superuser-path], 4435 [ --with-superuser-path= Specify different path for super-user], 4436 [ 4437 if test -n "$withval" && test "x$withval" != "xno" && \ 4438 test "x${withval}" != "xyes"; then 4439 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4440 [Define if you want a different $PATH 4441 for the superuser]) 4442 superuser_path=$withval 4443 fi 4444 ] 4445) 4446 4447 4448AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4449IPV4_IN6_HACK_MSG="no" 4450AC_ARG_WITH(4in6, 4451 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4452 [ 4453 if test "x$withval" != "xno" ; then 4454 AC_MSG_RESULT([yes]) 4455 AC_DEFINE([IPV4_IN_IPV6], [1], 4456 [Detect IPv4 in IPv6 mapped addresses 4457 and treat as IPv4]) 4458 IPV4_IN6_HACK_MSG="yes" 4459 else 4460 AC_MSG_RESULT([no]) 4461 fi 4462 ], [ 4463 if test "x$inet6_default_4in6" = "xyes"; then 4464 AC_MSG_RESULT([yes (default)]) 4465 AC_DEFINE([IPV4_IN_IPV6]) 4466 IPV4_IN6_HACK_MSG="yes" 4467 else 4468 AC_MSG_RESULT([no (default)]) 4469 fi 4470 ] 4471) 4472 4473# Whether to enable BSD auth support 4474BSD_AUTH_MSG=no 4475AC_ARG_WITH([bsd-auth], 4476 [ --with-bsd-auth Enable BSD auth support], 4477 [ 4478 if test "x$withval" != "xno" ; then 4479 AC_DEFINE([BSD_AUTH], [1], 4480 [Define if you have BSD auth support]) 4481 BSD_AUTH_MSG=yes 4482 fi 4483 ] 4484) 4485 4486# Where to place sshd.pid 4487piddir=/var/run 4488# make sure the directory exists 4489if test ! -d $piddir ; then 4490 piddir=`eval echo ${sysconfdir}` 4491 case $piddir in 4492 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4493 esac 4494fi 4495 4496AC_ARG_WITH([pid-dir], 4497 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4498 [ 4499 if test -n "$withval" && test "x$withval" != "xno" && \ 4500 test "x${withval}" != "xyes"; then 4501 piddir=$withval 4502 if test ! -d $piddir ; then 4503 AC_MSG_WARN([** no $piddir directory on this system **]) 4504 fi 4505 fi 4506 ] 4507) 4508 4509AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4510 [Specify location of ssh.pid]) 4511AC_SUBST([piddir]) 4512 4513dnl allow user to disable some login recording features 4514AC_ARG_ENABLE([lastlog], 4515 [ --disable-lastlog disable use of lastlog even if detected [no]], 4516 [ 4517 if test "x$enableval" = "xno" ; then 4518 AC_DEFINE([DISABLE_LASTLOG]) 4519 fi 4520 ] 4521) 4522AC_ARG_ENABLE([utmp], 4523 [ --disable-utmp disable use of utmp even if detected [no]], 4524 [ 4525 if test "x$enableval" = "xno" ; then 4526 AC_DEFINE([DISABLE_UTMP]) 4527 fi 4528 ] 4529) 4530AC_ARG_ENABLE([utmpx], 4531 [ --disable-utmpx disable use of utmpx even if detected [no]], 4532 [ 4533 if test "x$enableval" = "xno" ; then 4534 AC_DEFINE([DISABLE_UTMPX], [1], 4535 [Define if you don't want to use utmpx]) 4536 fi 4537 ] 4538) 4539AC_ARG_ENABLE([wtmp], 4540 [ --disable-wtmp disable use of wtmp even if detected [no]], 4541 [ 4542 if test "x$enableval" = "xno" ; then 4543 AC_DEFINE([DISABLE_WTMP]) 4544 fi 4545 ] 4546) 4547AC_ARG_ENABLE([wtmpx], 4548 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4549 [ 4550 if test "x$enableval" = "xno" ; then 4551 AC_DEFINE([DISABLE_WTMPX], [1], 4552 [Define if you don't want to use wtmpx]) 4553 fi 4554 ] 4555) 4556AC_ARG_ENABLE([libutil], 4557 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4558 [ 4559 if test "x$enableval" = "xno" ; then 4560 AC_DEFINE([DISABLE_LOGIN]) 4561 fi 4562 ] 4563) 4564AC_ARG_ENABLE([pututline], 4565 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4566 [ 4567 if test "x$enableval" = "xno" ; then 4568 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4569 [Define if you don't want to use pututline() 4570 etc. to write [uw]tmp]) 4571 fi 4572 ] 4573) 4574AC_ARG_ENABLE([pututxline], 4575 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4576 [ 4577 if test "x$enableval" = "xno" ; then 4578 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4579 [Define if you don't want to use pututxline() 4580 etc. to write [uw]tmpx]) 4581 fi 4582 ] 4583) 4584AC_ARG_WITH([lastlog], 4585 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4586 [ 4587 if test "x$withval" = "xno" ; then 4588 AC_DEFINE([DISABLE_LASTLOG]) 4589 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4590 conf_lastlog_location=$withval 4591 fi 4592 ] 4593) 4594 4595dnl lastlog, [uw]tmpx? detection 4596dnl NOTE: set the paths in the platform section to avoid the 4597dnl need for command-line parameters 4598dnl lastlog and [uw]tmp are subject to a file search if all else fails 4599 4600dnl lastlog detection 4601dnl NOTE: the code itself will detect if lastlog is a directory 4602AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4603AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4604#include <sys/types.h> 4605#include <utmp.h> 4606#ifdef HAVE_LASTLOG_H 4607# include <lastlog.h> 4608#endif 4609#ifdef HAVE_PATHS_H 4610# include <paths.h> 4611#endif 4612#ifdef HAVE_LOGIN_H 4613# include <login.h> 4614#endif 4615 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4616 [ AC_MSG_RESULT([yes]) ], 4617 [ 4618 AC_MSG_RESULT([no]) 4619 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4620 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4621#include <sys/types.h> 4622#include <utmp.h> 4623#ifdef HAVE_LASTLOG_H 4624# include <lastlog.h> 4625#endif 4626#ifdef HAVE_PATHS_H 4627# include <paths.h> 4628#endif 4629 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4630 [ AC_MSG_RESULT([yes]) ], 4631 [ 4632 AC_MSG_RESULT([no]) 4633 system_lastlog_path=no 4634 ]) 4635]) 4636 4637if test -z "$conf_lastlog_location"; then 4638 if test x"$system_lastlog_path" = x"no" ; then 4639 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4640 if (test -d "$f" || test -f "$f") ; then 4641 conf_lastlog_location=$f 4642 fi 4643 done 4644 if test -z "$conf_lastlog_location"; then 4645 AC_MSG_WARN([** Cannot find lastlog **]) 4646 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4647 fi 4648 fi 4649fi 4650 4651if test -n "$conf_lastlog_location"; then 4652 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4653 [Define if you want to specify the path to your lastlog file]) 4654fi 4655 4656dnl utmp detection 4657AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4658AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4659#include <sys/types.h> 4660#include <utmp.h> 4661#ifdef HAVE_PATHS_H 4662# include <paths.h> 4663#endif 4664 ]], [[ char *utmp = UTMP_FILE; ]])], 4665 [ AC_MSG_RESULT([yes]) ], 4666 [ AC_MSG_RESULT([no]) 4667 system_utmp_path=no 4668]) 4669if test -z "$conf_utmp_location"; then 4670 if test x"$system_utmp_path" = x"no" ; then 4671 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4672 if test -f $f ; then 4673 conf_utmp_location=$f 4674 fi 4675 done 4676 if test -z "$conf_utmp_location"; then 4677 AC_DEFINE([DISABLE_UTMP]) 4678 fi 4679 fi 4680fi 4681if test -n "$conf_utmp_location"; then 4682 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4683 [Define if you want to specify the path to your utmp file]) 4684fi 4685 4686dnl wtmp detection 4687AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4688AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4689#include <sys/types.h> 4690#include <utmp.h> 4691#ifdef HAVE_PATHS_H 4692# include <paths.h> 4693#endif 4694 ]], [[ char *wtmp = WTMP_FILE; ]])], 4695 [ AC_MSG_RESULT([yes]) ], 4696 [ AC_MSG_RESULT([no]) 4697 system_wtmp_path=no 4698]) 4699if test -z "$conf_wtmp_location"; then 4700 if test x"$system_wtmp_path" = x"no" ; then 4701 for f in /usr/adm/wtmp /var/log/wtmp; do 4702 if test -f $f ; then 4703 conf_wtmp_location=$f 4704 fi 4705 done 4706 if test -z "$conf_wtmp_location"; then 4707 AC_DEFINE([DISABLE_WTMP]) 4708 fi 4709 fi 4710fi 4711if test -n "$conf_wtmp_location"; then 4712 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4713 [Define if you want to specify the path to your wtmp file]) 4714fi 4715 4716dnl wtmpx detection 4717AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4718AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4719#include <sys/types.h> 4720#include <utmp.h> 4721#ifdef HAVE_UTMPX_H 4722#include <utmpx.h> 4723#endif 4724#ifdef HAVE_PATHS_H 4725# include <paths.h> 4726#endif 4727 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4728 [ AC_MSG_RESULT([yes]) ], 4729 [ AC_MSG_RESULT([no]) 4730 system_wtmpx_path=no 4731]) 4732if test -z "$conf_wtmpx_location"; then 4733 if test x"$system_wtmpx_path" = x"no" ; then 4734 AC_DEFINE([DISABLE_WTMPX]) 4735 fi 4736else 4737 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4738 [Define if you want to specify the path to your wtmpx file]) 4739fi 4740 4741 4742if test ! -z "$blibpath" ; then 4743 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4744 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4745fi 4746 4747AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4748 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4749 AC_DEFINE([DISABLE_LASTLOG]) 4750 fi 4751 ], [ 4752#ifdef HAVE_SYS_TYPES_H 4753#include <sys/types.h> 4754#endif 4755#ifdef HAVE_UTMP_H 4756#include <utmp.h> 4757#endif 4758#ifdef HAVE_UTMPX_H 4759#include <utmpx.h> 4760#endif 4761#ifdef HAVE_LASTLOG_H 4762#include <lastlog.h> 4763#endif 4764 ]) 4765 4766AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 4767 AC_DEFINE([DISABLE_UTMP]) 4768 AC_DEFINE([DISABLE_WTMP]) 4769 ], [ 4770#ifdef HAVE_SYS_TYPES_H 4771#include <sys/types.h> 4772#endif 4773#ifdef HAVE_UTMP_H 4774#include <utmp.h> 4775#endif 4776#ifdef HAVE_UTMPX_H 4777#include <utmpx.h> 4778#endif 4779#ifdef HAVE_LASTLOG_H 4780#include <lastlog.h> 4781#endif 4782 ]) 4783 4784dnl Adding -Werror to CFLAGS early prevents configure tests from running. 4785dnl Add now. 4786CFLAGS="$CFLAGS $werror_flags" 4787 4788if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 4789 TEST_SSH_IPV6=no 4790else 4791 TEST_SSH_IPV6=yes 4792fi 4793AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 4794AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 4795AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 4796AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 4797 4798AC_EXEEXT 4799AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 4800 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 4801 survey.sh]) 4802AC_OUTPUT 4803 4804# Print summary of options 4805 4806# Someone please show me a better way :) 4807A=`eval echo ${prefix}` ; A=`eval echo ${A}` 4808B=`eval echo ${bindir}` ; B=`eval echo ${B}` 4809C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 4810D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 4811E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 4812F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 4813G=`eval echo ${piddir}` ; G=`eval echo ${G}` 4814H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 4815I=`eval echo ${user_path}` ; I=`eval echo ${I}` 4816J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 4817 4818echo "" 4819echo "OpenSSH has been configured with the following options:" 4820echo " User binaries: $B" 4821echo " System binaries: $C" 4822echo " Configuration files: $D" 4823echo " Askpass program: $E" 4824echo " Manual pages: $F" 4825echo " PID file: $G" 4826echo " Privilege separation chroot path: $H" 4827if test "x$external_path_file" = "x/etc/login.conf" ; then 4828echo " At runtime, sshd will use the path defined in $external_path_file" 4829echo " Make sure the path to scp is present, otherwise scp will not work" 4830else 4831echo " sshd default user PATH: $I" 4832 if test ! -z "$external_path_file"; then 4833echo " (If PATH is set in $external_path_file it will be used instead. If" 4834echo " used, ensure the path to scp is present, otherwise scp will not work.)" 4835 fi 4836fi 4837if test ! -z "$superuser_path" ; then 4838echo " sshd superuser user PATH: $J" 4839fi 4840echo " Manpage format: $MANTYPE" 4841echo " PAM support: $PAM_MSG" 4842echo " OSF SIA support: $SIA_MSG" 4843echo " KerberosV support: $KRB5_MSG" 4844echo " SELinux support: $SELINUX_MSG" 4845echo " Smartcard support: $SCARD_MSG" 4846echo " S/KEY support: $SKEY_MSG" 4847echo " TCP Wrappers support: $TCPW_MSG" 4848echo " MD5 password support: $MD5_MSG" 4849echo " libedit support: $LIBEDIT_MSG" 4850echo " Solaris process contract support: $SPC_MSG" 4851echo " Solaris project support: $SP_MSG" 4852echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 4853echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 4854echo " BSD Auth support: $BSD_AUTH_MSG" 4855echo " Random number source: $RAND_MSG" 4856echo " Privsep sandbox style: $SANDBOX_STYLE" 4857 4858echo "" 4859 4860echo " Host: ${host}" 4861echo " Compiler: ${CC}" 4862echo " Compiler flags: ${CFLAGS}" 4863echo "Preprocessor flags: ${CPPFLAGS}" 4864echo " Linker flags: ${LDFLAGS}" 4865echo " Libraries: ${LIBS}" 4866if test ! -z "${SSHDLIBS}"; then 4867echo " +for sshd: ${SSHDLIBS}" 4868fi 4869if test ! -z "${SSHLIBS}"; then 4870echo " +for ssh: ${SSHLIBS}" 4871fi 4872 4873echo "" 4874 4875if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 4876 echo "SVR4 style packages are supported with \"make package\"" 4877 echo "" 4878fi 4879 4880if test "x$PAM_MSG" = "xyes" ; then 4881 echo "PAM is enabled. You may need to install a PAM control file " 4882 echo "for sshd, otherwise password authentication may fail. " 4883 echo "Example PAM control files can be found in the contrib/ " 4884 echo "subdirectory" 4885 echo "" 4886fi 4887 4888if test ! -z "$NO_PEERCHECK" ; then 4889 echo "WARNING: the operating system that you are using does not" 4890 echo "appear to support getpeereid(), getpeerucred() or the" 4891 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 4892 echo "enforce security checks to prevent unauthorised connections to" 4893 echo "ssh-agent. Their absence increases the risk that a malicious" 4894 echo "user can connect to your agent." 4895 echo "" 4896fi 4897 4898if test "$AUDIT_MODULE" = "bsm" ; then 4899 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 4900 echo "See the Solaris section in README.platform for details." 4901fi 4902