1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133openssl_bin=openssl 134AC_ARG_WITH([openssl], 135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 136 [ if test "x$withval" = "xno" ; then 137 openssl=no 138 openssl_bin="" 139 fi 140 ] 141) 142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 143if test "x$openssl" = "xyes" ; then 144 AC_MSG_RESULT([yes]) 145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 146else 147 AC_MSG_RESULT([no]) 148fi 149 150use_stack_protector=1 151use_toolchain_hardening=1 152AC_ARG_WITH([stackprotect], 153 [ --without-stackprotect Don't use compiler's stack protection], [ 154 if test "x$withval" = "xno"; then 155 use_stack_protector=0 156 fi ]) 157AC_ARG_WITH([hardening], 158 [ --without-hardening Don't use toolchain hardening flags], [ 159 if test "x$withval" = "xno"; then 160 use_toolchain_hardening=0 161 fi ]) 162 163# We use -Werror for the tests only so that we catch warnings like "this is 164# on by default" for things like -fPIE. 165AC_MSG_CHECKING([if $CC supports -Werror]) 166saved_CFLAGS="$CFLAGS" 167CFLAGS="$CFLAGS -Werror" 168AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 169 [ AC_MSG_RESULT([yes]) 170 WERROR="-Werror"], 171 [ AC_MSG_RESULT([no]) 172 WERROR="" ] 173) 174CFLAGS="$saved_CFLAGS" 175 176if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 177 AC_MSG_CHECKING([gcc version]) 178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 179 case "$GCC_VER" in 180 1.*) no_attrib_nonnull=1 ;; 181 2.8* | 2.9*) 182 no_attrib_nonnull=1 183 ;; 184 2.*) no_attrib_nonnull=1 ;; 185 *) ;; 186 esac 187 AC_MSG_RESULT([$GCC_VER]) 188 189 AC_MSG_CHECKING([clang version]) 190 ver="`$CC -v 2>&1`" 191 if echo "$ver" | grep "Apple" >/dev/null; then 192 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \ 193 $SED 's/.*clang version //g' | $AWK '{print $1}'` 194 else 195 CLANG_VER=`echo "$ver" | grep 'clang version' | \ 196 $SED 's/.*clang version //g' | $AWK '{print $1}'` 197 fi 198 AC_MSG_RESULT([$CLANG_VER]) 199 200 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 201 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 202 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 203 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 204 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 205 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 206 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 209 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 210 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 211 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 212 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 213 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 214 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 215 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 216 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 217 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 218 if test "x$use_toolchain_hardening" = "x1"; then 219 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 220 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 221 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 222 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 223 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 224 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 225 # NB. -ftrapv expects certain support functions to be present in 226 # the compiler library (libgcc or similar) to detect integer operations 227 # that can overflow. We must check that the result of enabling it 228 # actually links. The test program compiled/linked includes a number 229 # of integer operations that should exercise this. 230 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 231 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 232 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 233 # https://github.com/llvm/llvm-project/issues/59242 234 # clang 17 has a different bug that causes an ICE when using this 235 # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) 236 case "$CLANG_VER" in 237 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 238 17*) ;; 239 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 240 esac 241 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 242 fi 243 244 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 245 saved_CFLAGS="$CFLAGS" 246 CFLAGS="$CFLAGS -fno-builtin-memset" 247 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 248 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 249 [ AC_MSG_RESULT([yes]) ], 250 [ AC_MSG_RESULT([no]) 251 CFLAGS="$saved_CFLAGS" ] 252 ) 253 254 # -fstack-protector-all doesn't always work for some GCC versions 255 # and/or platforms, so we test if we can. If it's not supported 256 # on a given platform gcc will emit a warning so we use -Werror. 257 if test "x$use_stack_protector" = "x1"; then 258 for t in -fstack-protector-strong -fstack-protector-all \ 259 -fstack-protector; do 260 AC_MSG_CHECKING([if $CC supports $t]) 261 saved_CFLAGS="$CFLAGS" 262 saved_LDFLAGS="$LDFLAGS" 263 CFLAGS="$CFLAGS $t -Werror" 264 LDFLAGS="$LDFLAGS $t -Werror" 265 AC_LINK_IFELSE( 266 [AC_LANG_PROGRAM([[ 267 #include <stdio.h> 268 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 269 ]], 270 [[ 271 char x[256]; 272 snprintf(x, sizeof(x), "XXX%d", func(1)); 273 ]])], 274 [ AC_MSG_RESULT([yes]) 275 CFLAGS="$saved_CFLAGS $t" 276 LDFLAGS="$saved_LDFLAGS $t" 277 AC_MSG_CHECKING([if $t works]) 278 AC_RUN_IFELSE( 279 [AC_LANG_PROGRAM([[ 280 #include <stdio.h> 281 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 282 ]], 283 [[ 284 char x[256]; 285 snprintf(x, sizeof(x), "XXX%d", func(1)); 286 ]])], 287 [ AC_MSG_RESULT([yes]) 288 break ], 289 [ AC_MSG_RESULT([no]) ], 290 [ AC_MSG_WARN([cross compiling: cannot test]) 291 break ] 292 ) 293 ], 294 [ AC_MSG_RESULT([no]) ] 295 ) 296 CFLAGS="$saved_CFLAGS" 297 LDFLAGS="$saved_LDFLAGS" 298 done 299 fi 300 301 if test -z "$have_llong_max"; then 302 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 303 unset ac_cv_have_decl_LLONG_MAX 304 saved_CFLAGS="$CFLAGS" 305 CFLAGS="$CFLAGS -std=gnu99" 306 AC_CHECK_DECL([LLONG_MAX], 307 [have_llong_max=1], 308 [CFLAGS="$saved_CFLAGS"], 309 [#include <limits.h>] 310 ) 311 fi 312fi 313 314AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 315AC_COMPILE_IFELSE( 316 [AC_LANG_PROGRAM([[ 317#include <stdlib.h> 318__attribute__((__unused__)) static void foo(void){return;}]], 319 [[ exit(0); ]])], 320 [ AC_MSG_RESULT([yes]) ], 321 [ AC_MSG_RESULT([no]) 322 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 323 [compiler does not accept __attribute__ on return types]) ] 324) 325 326AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 327AC_COMPILE_IFELSE( 328 [AC_LANG_PROGRAM([[ 329#include <stdlib.h> 330typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 331 [[ exit(0); ]])], 332 [ AC_MSG_RESULT([yes]) ], 333 [ AC_MSG_RESULT([no]) 334 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 335 [compiler does not accept __attribute__ on prototype args]) ] 336) 337 338AC_MSG_CHECKING([if compiler supports variable length arrays]) 339AC_COMPILE_IFELSE( 340 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 341 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 342 [ AC_MSG_RESULT([yes]) 343 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 344 [compiler supports variable length arrays]) ], 345 [ AC_MSG_RESULT([no]) ] 346) 347 348AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 349AC_COMPILE_IFELSE( 350 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 351 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 352 [ AC_MSG_RESULT([yes]) 353 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 354 [compiler variable declarations after code]) ], 355 [ AC_MSG_RESULT([no]) ] 356) 357 358if test "x$no_attrib_nonnull" != "x1" ; then 359 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 360fi 361 362AC_ARG_WITH([rpath], 363 [ --without-rpath Disable auto-added -R linker paths], 364 [ 365 if test "x$withval" = "xno" ; then 366 rpath_opt="" 367 elif test "x$withval" = "xyes" ; then 368 rpath_opt="-R" 369 else 370 rpath_opt="$withval" 371 fi 372 ] 373) 374 375# Allow user to specify flags 376AC_ARG_WITH([cflags], 377 [ --with-cflags Specify additional flags to pass to compiler], 378 [ 379 if test -n "$withval" && test "x$withval" != "xno" && \ 380 test "x${withval}" != "xyes"; then 381 CFLAGS="$CFLAGS $withval" 382 fi 383 ] 384) 385 386AC_ARG_WITH([cflags-after], 387 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 388 [ 389 if test -n "$withval" && test "x$withval" != "xno" && \ 390 test "x${withval}" != "xyes"; then 391 CFLAGS_AFTER="$withval" 392 fi 393 ] 394) 395AC_ARG_WITH([cppflags], 396 [ --with-cppflags Specify additional flags to pass to preprocessor] , 397 [ 398 if test -n "$withval" && test "x$withval" != "xno" && \ 399 test "x${withval}" != "xyes"; then 400 CPPFLAGS="$CPPFLAGS $withval" 401 fi 402 ] 403) 404AC_ARG_WITH([ldflags], 405 [ --with-ldflags Specify additional flags to pass to linker], 406 [ 407 if test -n "$withval" && test "x$withval" != "xno" && \ 408 test "x${withval}" != "xyes"; then 409 LDFLAGS="$LDFLAGS $withval" 410 fi 411 ] 412) 413AC_ARG_WITH([ldflags-after], 414 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 415 [ 416 if test -n "$withval" && test "x$withval" != "xno" && \ 417 test "x${withval}" != "xyes"; then 418 LDFLAGS_AFTER="$withval" 419 fi 420 ] 421) 422AC_ARG_WITH([libs], 423 [ --with-libs Specify additional libraries to link with], 424 [ 425 if test -n "$withval" && test "x$withval" != "xno" && \ 426 test "x${withval}" != "xyes"; then 427 LIBS="$LIBS $withval" 428 fi 429 ] 430) 431AC_ARG_WITH([Werror], 432 [ --with-Werror Build main code with -Werror], 433 [ 434 if test -n "$withval" && test "x$withval" != "xno"; then 435 werror_flags="-Werror" 436 if test "x${withval}" != "xyes"; then 437 werror_flags="$withval" 438 fi 439 fi 440 ] 441) 442 443dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 444dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 445dnl haven't detected it, recheck. 446if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 447 unset ac_cv_header_sys_stat_h 448 AC_CHECK_HEADERS([sys/stat.h]) 449fi 450 451AC_CHECK_HEADERS([ \ 452 blf.h \ 453 bstring.h \ 454 crypt.h \ 455 crypto/sha2.h \ 456 dirent.h \ 457 endian.h \ 458 elf.h \ 459 err.h \ 460 features.h \ 461 fcntl.h \ 462 floatingpoint.h \ 463 fnmatch.h \ 464 getopt.h \ 465 glob.h \ 466 ia.h \ 467 iaf.h \ 468 ifaddrs.h \ 469 inttypes.h \ 470 langinfo.h \ 471 limits.h \ 472 locale.h \ 473 login.h \ 474 maillock.h \ 475 ndir.h \ 476 net/if_tun.h \ 477 netdb.h \ 478 netgroup.h \ 479 pam/pam_appl.h \ 480 paths.h \ 481 poll.h \ 482 pty.h \ 483 readpassphrase.h \ 484 rpc/types.h \ 485 security/pam_appl.h \ 486 sha2.h \ 487 shadow.h \ 488 stddef.h \ 489 stdint.h \ 490 string.h \ 491 strings.h \ 492 sys/bitypes.h \ 493 sys/byteorder.h \ 494 sys/bsdtty.h \ 495 sys/cdefs.h \ 496 sys/dir.h \ 497 sys/file.h \ 498 sys/mman.h \ 499 sys/label.h \ 500 sys/ndir.h \ 501 sys/param.h \ 502 sys/poll.h \ 503 sys/prctl.h \ 504 sys/procctl.h \ 505 sys/pstat.h \ 506 sys/ptrace.h \ 507 sys/random.h \ 508 sys/select.h \ 509 sys/stream.h \ 510 sys/stropts.h \ 511 sys/strtio.h \ 512 sys/statvfs.h \ 513 sys/sysmacros.h \ 514 sys/time.h \ 515 sys/timers.h \ 516 sys/vfs.h \ 517 time.h \ 518 tmpdir.h \ 519 ttyent.h \ 520 ucred.h \ 521 unistd.h \ 522 usersec.h \ 523 util.h \ 524 utime.h \ 525 utmp.h \ 526 utmpx.h \ 527 vis.h \ 528 wchar.h \ 529]) 530 531# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 532# to be included first. 533AC_CHECK_HEADERS([sys/audit.h], [], [], [ 534#ifdef HAVE_SYS_TIME_H 535# include <sys/time.h> 536#endif 537#ifdef HAVE_SYS_TYPES_H 538# include <sys/types.h> 539#endif 540#ifdef HAVE_SYS_LABEL_H 541# include <sys/label.h> 542#endif 543]) 544 545# sys/capsicum.h requires sys/types.h 546AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 547#ifdef HAVE_SYS_TYPES_H 548# include <sys/types.h> 549#endif 550]) 551 552AC_MSG_CHECKING([for caph_cache_tzdata]) 553AC_LINK_IFELSE( 554 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 555 [[caph_cache_tzdata();]])], 556 [ 557 AC_MSG_RESULT([yes]) 558 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 559 [Define if you have caph_cache_tzdata]) 560 ], 561 [ AC_MSG_RESULT([no]) ] 562) 563 564# net/route.h requires sys/socket.h and sys/types.h. 565# sys/sysctl.h also requires sys/param.h 566AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 567#ifdef HAVE_SYS_TYPES_H 568# include <sys/types.h> 569#endif 570#include <sys/param.h> 571#include <sys/socket.h> 572]) 573 574# lastlog.h requires sys/time.h to be included first on Solaris 575AC_CHECK_HEADERS([lastlog.h], [], [], [ 576#ifdef HAVE_SYS_TIME_H 577# include <sys/time.h> 578#endif 579]) 580 581# sys/ptms.h requires sys/stream.h to be included first on Solaris 582AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 583#ifdef HAVE_SYS_STREAM_H 584# include <sys/stream.h> 585#endif 586]) 587 588# login_cap.h requires sys/types.h on NetBSD 589AC_CHECK_HEADERS([login_cap.h], [], [], [ 590#include <sys/types.h> 591]) 592 593# older BSDs need sys/param.h before sys/mount.h 594AC_CHECK_HEADERS([sys/mount.h], [], [], [ 595#include <sys/param.h> 596]) 597 598# Android requires sys/socket.h to be included before sys/un.h 599AC_CHECK_HEADERS([sys/un.h], [], [], [ 600#include <sys/types.h> 601#include <sys/socket.h> 602]) 603 604# Messages for features tested for in target-specific section 605SIA_MSG="no" 606SPC_MSG="no" 607SP_MSG="no" 608SPP_MSG="no" 609 610# Support for Solaris/Illumos privileges (this test is used by both 611# the --with-solaris-privs option and --with-sandbox=solaris). 612SOLARIS_PRIVS="no" 613 614# Check for some target-specific stuff 615case "$host" in 616*-*-aix*) 617 # Some versions of VAC won't allow macro redefinitions at 618 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 619 # particularly with older versions of vac or xlc. 620 # It also throws errors about null macro arguments, but these are 621 # not fatal. 622 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 623 AC_COMPILE_IFELSE( 624 [AC_LANG_PROGRAM([[ 625#define testmacro foo 626#define testmacro bar]], 627 [[ exit(0); ]])], 628 [ AC_MSG_RESULT([yes]) ], 629 [ AC_MSG_RESULT([no]) 630 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 631 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 632 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 633 ] 634 ) 635 636 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 637 if (test -z "$blibpath"); then 638 blibpath="/usr/lib:/lib" 639 fi 640 saved_LDFLAGS="$LDFLAGS" 641 if test "$GCC" = "yes"; then 642 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 643 else 644 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 645 fi 646 for tryflags in $flags ;do 647 if (test -z "$blibflags"); then 648 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 649 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 650 [blibflags=$tryflags], []) 651 fi 652 done 653 if (test -z "$blibflags"); then 654 AC_MSG_RESULT([not found]) 655 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 656 else 657 AC_MSG_RESULT([$blibflags]) 658 fi 659 LDFLAGS="$saved_LDFLAGS" 660 dnl Check for authenticate. Might be in libs.a on older AIXes 661 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 662 [Define if you want to enable AIX4's authenticate function])], 663 [AC_CHECK_LIB([s], [authenticate], 664 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 665 LIBS="$LIBS -ls" 666 ]) 667 ]) 668 dnl Check for various auth function declarations in headers. 669 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 670 passwdexpired, setauthdb], , , [#include <usersec.h>]) 671 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 672 AC_CHECK_DECLS([loginfailed], 673 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 674 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 675 [[ (void)loginfailed("user","host","tty",0); ]])], 676 [AC_MSG_RESULT([yes]) 677 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 678 [Define if your AIX loginfailed() function 679 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 680 ])], 681 [], 682 [#include <usersec.h>] 683 ) 684 AC_CHECK_FUNCS([getgrset setauthdb]) 685 AC_CHECK_DECL([F_CLOSEM], 686 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 687 [], 688 [ #include <limits.h> 689 #include <fcntl.h> ] 690 ) 691 check_for_aix_broken_getaddrinfo=1 692 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 693 [Define if your platform breaks doing a seteuid before a setuid]) 694 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 695 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 696 dnl AIX handles lastlog as part of its login message 697 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 698 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 699 [Some systems need a utmpx entry for /bin/login to work]) 700 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 701 [Define to a Set Process Title type if your system is 702 supported by bsd-setproctitle.c]) 703 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 704 [AIX 5.2 and 5.3 (and presumably newer) require this]) 705 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 706 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 707 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 708 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 709 ;; 710*-*-android*) 711 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 712 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 713 ;; 714*-*-cygwin*) 715 LIBS="$LIBS /usr/lib/textreadmode.o" 716 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 717 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 718 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 719 [Define to disable UID restoration test]) 720 AC_DEFINE([DISABLE_SHADOW], [1], 721 [Define if you want to disable shadow passwords]) 722 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 723 [Define if X11 doesn't support AF_UNIX sockets on that system]) 724 AC_DEFINE([DISABLE_FD_PASSING], [1], 725 [Define if your platform needs to skip post auth 726 file descriptor passing]) 727 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 728 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 729 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 730 # reasons which cause compile warnings, so we disable those warnings. 731 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 732 ;; 733*-*-dgux*) 734 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 735 [Define if your system choked on IP TOS setting]) 736 AC_DEFINE([SETEUID_BREAKS_SETUID]) 737 AC_DEFINE([BROKEN_SETREUID]) 738 AC_DEFINE([BROKEN_SETREGID]) 739 ;; 740*-*-darwin*) 741 use_pie=auto 742 AC_MSG_CHECKING([if we have working getaddrinfo]) 743 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 744#include <mach-o/dyld.h> 745#include <stdlib.h> 746int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 747 exit(0); 748 else 749 exit(1); 750} 751 ]])], 752 [AC_MSG_RESULT([working])], 753 [AC_MSG_RESULT([buggy]) 754 AC_DEFINE([BROKEN_GETADDRINFO], [1], 755 [getaddrinfo is broken (if present)]) 756 ], 757 [AC_MSG_RESULT([assume it is working])]) 758 AC_DEFINE([SETEUID_BREAKS_SETUID]) 759 AC_DEFINE([BROKEN_SETREUID]) 760 AC_DEFINE([BROKEN_SETREGID]) 761 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 762 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 763 [Define if your resolver libs need this for getrrsetbyname]) 764 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 765 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 766 [Use tunnel device compatibility to OpenBSD]) 767 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 768 [Prepend the address family to IP tunnel traffic]) 769 m4_pattern_allow([AU_IPv]) 770 AC_CHECK_DECL([AU_IPv4], [], 771 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 772 [#include <bsm/audit.h>] 773 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 774 [Define if pututxline updates lastlog too]) 775 ) 776 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 777 [Define to a Set Process Title type if your system is 778 supported by bsd-setproctitle.c]) 779 AC_CHECK_FUNCS([sandbox_init]) 780 AC_CHECK_HEADERS([sandbox.h]) 781 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 782 SSHDLIBS="$SSHDLIBS -lsandbox" 783 ]) 784 # proc_pidinfo()-based closefrom() replacement. 785 AC_CHECK_HEADERS([libproc.h]) 786 AC_CHECK_FUNCS([proc_pidinfo]) 787 # poll(2) is broken for character-special devices (at least). 788 # cf. Apple bug 3710161 (not public, but searchable) 789 AC_DEFINE([BROKEN_POLL], [1], 790 [System poll(2) implementation is broken]) 791 ;; 792*-*-dragonfly*) 793 SSHDLIBS="$SSHDLIBS" 794 TEST_MALLOC_OPTIONS="AFGJPRX" 795 ;; 796*-*-haiku*) 797 LIBS="$LIBS -lbsd " 798 CFLAGS="$CFLAGS -D_BSD_SOURCE" 799 AC_CHECK_LIB([network], [socket]) 800 AC_DEFINE([HAVE_U_INT64_T]) 801 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 802 MANTYPE=man 803 ;; 804*-*-hpux*) 805 # first we define all of the options common to all HP-UX releases 806 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 807 IPADDR_IN_DISPLAY=yes 808 AC_DEFINE([USE_PIPES]) 809 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 810 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 811 [String used in /etc/passwd to denote locked account]) 812 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 813 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 814 maildir="/var/mail" 815 LIBS="$LIBS -lsec" 816 AC_CHECK_LIB([xnet], [t_error], , 817 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 818 819 # next, we define all of the options specific to major releases 820 case "$host" in 821 *-*-hpux10*) 822 if test -z "$GCC"; then 823 CFLAGS="$CFLAGS -Ae" 824 fi 825 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 826 ;; 827 *-*-hpux11*) 828 AC_DEFINE([PAM_SUN_CODEBASE], [1], 829 [Define if you are using Solaris-derived PAM which 830 passes pam_messages to the conversation function 831 with an extra level of indirection]) 832 AC_DEFINE([DISABLE_UTMP], [1], 833 [Define if you don't want to use utmp]) 834 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 835 check_for_hpux_broken_getaddrinfo=1 836 check_for_conflicting_getspnam=1 837 ;; 838 esac 839 840 # lastly, we define options specific to minor releases 841 case "$host" in 842 *-*-hpux10.26) 843 AC_DEFINE([HAVE_SECUREWARE], [1], 844 [Define if you have SecureWare-based 845 protected password database]) 846 disable_ptmx_check=yes 847 LIBS="$LIBS -lsecpw" 848 ;; 849 esac 850 ;; 851*-*-irix5*) 852 PATH="$PATH:/usr/etc" 853 AC_DEFINE([BROKEN_INET_NTOA], [1], 854 [Define if you system's inet_ntoa is busted 855 (e.g. Irix gcc issue)]) 856 AC_DEFINE([SETEUID_BREAKS_SETUID]) 857 AC_DEFINE([BROKEN_SETREUID]) 858 AC_DEFINE([BROKEN_SETREGID]) 859 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 860 [Define if you shouldn't strip 'tty' from your 861 ttyname in [uw]tmp]) 862 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 863 ;; 864*-*-irix6*) 865 PATH="$PATH:/usr/etc" 866 AC_DEFINE([WITH_IRIX_ARRAY], [1], 867 [Define if you have/want arrays 868 (cluster-wide session management, not C arrays)]) 869 AC_DEFINE([WITH_IRIX_PROJECT], [1], 870 [Define if you want IRIX project management]) 871 AC_DEFINE([WITH_IRIX_AUDIT], [1], 872 [Define if you want IRIX audit trails]) 873 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 874 [Define if you want IRIX kernel jobs])]) 875 AC_DEFINE([BROKEN_INET_NTOA]) 876 AC_DEFINE([SETEUID_BREAKS_SETUID]) 877 AC_DEFINE([BROKEN_SETREUID]) 878 AC_DEFINE([BROKEN_SETREGID]) 879 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 880 AC_DEFINE([WITH_ABBREV_NO_TTY]) 881 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 882 ;; 883*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 884 AC_DEFINE([PAM_TTY_KLUDGE]) 885 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 886 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 887 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 888 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 889 ;; 890*-*-linux*) 891 no_dev_ptmx=1 892 use_pie=auto 893 check_for_openpty_ctty_bug=1 894 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 895 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 896 dnl _GNU_SOURCE is needed for setres*id prototypes. 897 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 898 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 899 AC_DEFINE([PAM_TTY_KLUDGE], [1], 900 [Work around problematic Linux PAM modules handling of PAM_TTY]) 901 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 902 [String used in /etc/passwd to denote locked account]) 903 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 904 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 905 [Define to whatever link() returns for "not supported" 906 if it doesn't return EOPNOTSUPP.]) 907 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 908 AC_DEFINE([USE_BTMP]) 909 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 910 inet6_default_4in6=yes 911 case `uname -r` in 912 1.*|2.0.*) 913 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 914 [Define if cmsg_type is not passed correctly]) 915 ;; 916 esac 917 # tun(4) forwarding compat code 918 AC_CHECK_HEADERS([linux/if_tun.h]) 919 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 920 AC_DEFINE([SSH_TUN_LINUX], [1], 921 [Open tunnel devices the Linux tun/tap way]) 922 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 923 [Use tunnel device compatibility to OpenBSD]) 924 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 925 [Prepend the address family to IP tunnel traffic]) 926 fi 927 AC_CHECK_HEADER([linux/if.h], 928 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 929 [Support routing domains using Linux VRF]), [], [ 930#ifdef HAVE_SYS_TYPES_H 931# include <sys/types.h> 932#endif 933 ]) 934 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 935 [], [#include <linux/types.h>]) 936 # Obtain MIPS ABI 937 case "$host" in 938 mips*) 939 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 940#if _MIPS_SIM != _ABIO32 941#error 942#endif 943 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 944#if _MIPS_SIM != _ABIN32 945#error 946#endif 947 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 948#if _MIPS_SIM != _ABI64 949#error 950#endif 951 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 952 ]) 953 ]) 954 ]) 955 ;; 956 esac 957 AC_MSG_CHECKING([for seccomp architecture]) 958 seccomp_audit_arch= 959 case "$host" in 960 x86_64-*) 961 seccomp_audit_arch=AUDIT_ARCH_X86_64 962 ;; 963 i*86-*) 964 seccomp_audit_arch=AUDIT_ARCH_I386 965 ;; 966 arm*-*) 967 seccomp_audit_arch=AUDIT_ARCH_ARM 968 ;; 969 aarch64*-*) 970 seccomp_audit_arch=AUDIT_ARCH_AARCH64 971 ;; 972 s390x-*) 973 seccomp_audit_arch=AUDIT_ARCH_S390X 974 ;; 975 s390-*) 976 seccomp_audit_arch=AUDIT_ARCH_S390 977 ;; 978 powerpc-*) 979 seccomp_audit_arch=AUDIT_ARCH_PPC 980 ;; 981 powerpc64-*) 982 seccomp_audit_arch=AUDIT_ARCH_PPC64 983 ;; 984 powerpc64le-*) 985 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 986 ;; 987 mips-*) 988 seccomp_audit_arch=AUDIT_ARCH_MIPS 989 ;; 990 mipsel-*) 991 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 992 ;; 993 mips64-*) 994 case "$mips_abi" in 995 "n32") 996 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 997 ;; 998 "n64") 999 seccomp_audit_arch=AUDIT_ARCH_MIPS64 1000 ;; 1001 esac 1002 ;; 1003 mips64el-*) 1004 case "$mips_abi" in 1005 "n32") 1006 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 1007 ;; 1008 "n64") 1009 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1010 ;; 1011 esac 1012 ;; 1013 riscv64-*) 1014 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1015 ;; 1016 esac 1017 if test "x$seccomp_audit_arch" != "x" ; then 1018 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1019 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1020 [Specify the system call convention in use]) 1021 else 1022 AC_MSG_RESULT([architecture not supported]) 1023 fi 1024 ;; 1025*-*-minix) 1026 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1027 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1028 AC_DEFINE([BROKEN_POLL], [1], 1029 [System poll(2) implementation is broken]) 1030 ;; 1031mips-sony-bsd|mips-sony-newsos4) 1032 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1033 SONY=1 1034 ;; 1035*-*-netbsd*) 1036 if test "x$withval" != "xno" ; then 1037 rpath_opt="-R" 1038 fi 1039 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1040 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1041 AC_CHECK_HEADER([net/if_tap.h], , 1042 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1043 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1044 [Prepend the address family to IP tunnel traffic]) 1045 TEST_MALLOC_OPTIONS="AJRX" 1046 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1047 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1048 ;; 1049*-*-freebsd*) 1050 SKIP_DISABLE_LASTLOG_DEFINE=yes 1051 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1052 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1053 AC_CHECK_HEADER([net/if_tap.h], , 1054 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1055 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1056 TEST_MALLOC_OPTIONS="AJRX" 1057 # Preauth crypto occasionally uses file descriptors for crypto offload 1058 # and will crash if they cannot be opened. 1059 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1060 [define if setrlimit RLIMIT_NOFILE breaks things]) 1061 case "$host" in 1062 *-*-freebsd9.*|*-*-freebsd10.*) 1063 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1064 disable_capsicum=yes 1065 esac 1066 ;; 1067*-*-bsdi*) 1068 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1069 AC_DEFINE([BROKEN_SETREUID]) 1070 AC_DEFINE([BROKEN_SETREGID]) 1071 ;; 1072*-next-*) 1073 conf_lastlog_location="/usr/adm/lastlog" 1074 conf_utmp_location=/etc/utmp 1075 conf_wtmp_location=/usr/adm/wtmp 1076 maildir=/usr/spool/mail 1077 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1078 AC_DEFINE([USE_PIPES]) 1079 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1080 ;; 1081*-*-openbsd*) 1082 use_pie=auto 1083 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1084 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1085 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1086 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1087 [syslog_r function is safe to use in in a signal handler]) 1088 TEST_MALLOC_OPTIONS="AFGJPRX" 1089 ;; 1090*-*-solaris*) 1091 if test "x$withval" != "xno" ; then 1092 rpath_opt="-R" 1093 fi 1094 AC_DEFINE([PAM_SUN_CODEBASE]) 1095 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1096 AC_DEFINE([PAM_TTY_KLUDGE]) 1097 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1098 [Define if pam_chauthtok wants real uid set 1099 to the unpriv'ed user]) 1100 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1101 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1102 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1103 [Define if sshd somehow reacquires a controlling TTY 1104 after setsid()]) 1105 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1106 in case the name is longer than 8 chars]) 1107 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1108 external_path_file=/etc/default/login 1109 # hardwire lastlog location (can't detect it on some versions) 1110 conf_lastlog_location="/var/adm/lastlog" 1111 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1112 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1113 if test "$sol2ver" -ge 8; then 1114 AC_MSG_RESULT([yes]) 1115 AC_DEFINE([DISABLE_UTMP]) 1116 AC_DEFINE([DISABLE_WTMP], [1], 1117 [Define if you don't want to use wtmp]) 1118 else 1119 AC_MSG_RESULT([no]) 1120 fi 1121 AC_CHECK_FUNCS([setpflags]) 1122 AC_CHECK_FUNCS([setppriv]) 1123 AC_CHECK_FUNCS([priv_basicset]) 1124 AC_CHECK_HEADERS([priv.h]) 1125 AC_ARG_WITH([solaris-contracts], 1126 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1127 [ 1128 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1129 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1130 [Define if you have Solaris process contracts]) 1131 LIBS="$LIBS -lcontract" 1132 SPC_MSG="yes" ], ) 1133 ], 1134 ) 1135 AC_ARG_WITH([solaris-projects], 1136 [ --with-solaris-projects Enable Solaris projects (experimental)], 1137 [ 1138 AC_CHECK_LIB([project], [setproject], 1139 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1140 [Define if you have Solaris projects]) 1141 LIBS="$LIBS -lproject" 1142 SP_MSG="yes" ], ) 1143 ], 1144 ) 1145 AC_ARG_WITH([solaris-privs], 1146 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1147 [ 1148 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1149 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1150 "x$ac_cv_header_priv_h" = "xyes" ; then 1151 SOLARIS_PRIVS=yes 1152 AC_MSG_RESULT([found]) 1153 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1154 [Define to disable UID restoration test]) 1155 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1156 [Define if you have Solaris privileges]) 1157 SPP_MSG="yes" 1158 else 1159 AC_MSG_RESULT([not found]) 1160 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1161 fi 1162 ], 1163 ) 1164 TEST_SHELL=$SHELL # let configure find us a capable shell 1165 ;; 1166*-*-sunos4*) 1167 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1168 AC_CHECK_FUNCS([getpwanam]) 1169 AC_DEFINE([PAM_SUN_CODEBASE]) 1170 conf_utmp_location=/etc/utmp 1171 conf_wtmp_location=/var/adm/wtmp 1172 conf_lastlog_location=/var/adm/lastlog 1173 AC_DEFINE([USE_PIPES]) 1174 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1175 ;; 1176*-ncr-sysv*) 1177 LIBS="$LIBS -lc89" 1178 AC_DEFINE([USE_PIPES]) 1179 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1180 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1181 AC_DEFINE([BROKEN_SETREUID]) 1182 AC_DEFINE([BROKEN_SETREGID]) 1183 ;; 1184*-sni-sysv*) 1185 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1186 AC_CHECK_LIB([dl], [dlsym], ,) 1187 # -lresolv needs to be at the end of LIBS or DNS lookups break 1188 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1189 IPADDR_IN_DISPLAY=yes 1190 AC_DEFINE([USE_PIPES]) 1191 AC_DEFINE([IP_TOS_IS_BROKEN]) 1192 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1193 AC_DEFINE([BROKEN_SETREUID]) 1194 AC_DEFINE([BROKEN_SETREGID]) 1195 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1196 external_path_file=/etc/default/login 1197 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1198 # Attention: always take care to bind libsocket and libnsl before libc, 1199 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1200 ;; 1201# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1202*-*-sysv4.2*) 1203 AC_DEFINE([USE_PIPES]) 1204 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1205 AC_DEFINE([BROKEN_SETREUID]) 1206 AC_DEFINE([BROKEN_SETREGID]) 1207 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1208 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1209 TEST_SHELL=$SHELL # let configure find us a capable shell 1210 ;; 1211# UnixWare 7.x, OpenUNIX 8 1212*-*-sysv5*) 1213 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1214 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1215 AC_DEFINE([USE_PIPES]) 1216 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1217 AC_DEFINE([BROKEN_GETADDRINFO]) 1218 AC_DEFINE([BROKEN_SETREUID]) 1219 AC_DEFINE([BROKEN_SETREGID]) 1220 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1221 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1222 TEST_SHELL=$SHELL # let configure find us a capable shell 1223 case "$host" in 1224 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1225 maildir=/var/spool/mail 1226 AC_DEFINE([BROKEN_UPDWTMPX]) 1227 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1228 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1229 ], , ) 1230 ;; 1231 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1232 ;; 1233 esac 1234 ;; 1235*-*-sysv*) 1236 ;; 1237# SCO UNIX and OEM versions of SCO UNIX 1238*-*-sco3.2v4*) 1239 AC_MSG_ERROR("This Platform is no longer supported.") 1240 ;; 1241# SCO OpenServer 5.x 1242*-*-sco3.2v5*) 1243 if test -z "$GCC"; then 1244 CFLAGS="$CFLAGS -belf" 1245 fi 1246 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1247 no_dev_ptmx=1 1248 AC_DEFINE([USE_PIPES]) 1249 AC_DEFINE([HAVE_SECUREWARE]) 1250 AC_DEFINE([DISABLE_SHADOW]) 1251 AC_DEFINE([DISABLE_FD_PASSING]) 1252 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1253 AC_DEFINE([BROKEN_GETADDRINFO]) 1254 AC_DEFINE([BROKEN_SETREUID]) 1255 AC_DEFINE([BROKEN_SETREGID]) 1256 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1257 AC_DEFINE([BROKEN_UPDWTMPX]) 1258 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1259 AC_CHECK_FUNCS([getluid setluid]) 1260 MANTYPE=man 1261 TEST_SHELL=$SHELL # let configure find us a capable shell 1262 SKIP_DISABLE_LASTLOG_DEFINE=yes 1263 ;; 1264*-dec-osf*) 1265 AC_MSG_CHECKING([for Digital Unix SIA]) 1266 no_osfsia="" 1267 AC_ARG_WITH([osfsia], 1268 [ --with-osfsia Enable Digital Unix SIA], 1269 [ 1270 if test "x$withval" = "xno" ; then 1271 AC_MSG_RESULT([disabled]) 1272 no_osfsia=1 1273 fi 1274 ], 1275 ) 1276 if test -z "$no_osfsia" ; then 1277 if test -f /etc/sia/matrix.conf; then 1278 AC_MSG_RESULT([yes]) 1279 AC_DEFINE([HAVE_OSF_SIA], [1], 1280 [Define if you have Digital Unix Security 1281 Integration Architecture]) 1282 AC_DEFINE([DISABLE_LOGIN], [1], 1283 [Define if you don't want to use your 1284 system's login() call]) 1285 AC_DEFINE([DISABLE_FD_PASSING]) 1286 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1287 SIA_MSG="yes" 1288 else 1289 AC_MSG_RESULT([no]) 1290 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1291 [String used in /etc/passwd to denote locked account]) 1292 fi 1293 fi 1294 AC_DEFINE([BROKEN_GETADDRINFO]) 1295 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1296 AC_DEFINE([BROKEN_SETREUID]) 1297 AC_DEFINE([BROKEN_SETREGID]) 1298 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1299 ;; 1300 1301*-*-nto-qnx*) 1302 AC_DEFINE([USE_PIPES]) 1303 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1304 AC_DEFINE([DISABLE_LASTLOG]) 1305 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1306 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1307 enable_etc_default_login=no # has incompatible /etc/default/login 1308 case "$host" in 1309 *-*-nto-qnx6*) 1310 AC_DEFINE([DISABLE_FD_PASSING]) 1311 ;; 1312 esac 1313 ;; 1314 1315*-*-ultrix*) 1316 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1317 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1318 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1319 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1320 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1321 # don't get a controlling tty. 1322 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1323 # On Ultrix some headers are not protected against multiple includes, 1324 # so we create wrappers and put it where the compiler will find it. 1325 AC_MSG_WARN([creating compat wrappers for headers]) 1326 mkdir -p netinet 1327 for header in netinet/ip.h netdb.h resolv.h; do 1328 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1329 cat >$header <<EOD 1330#ifndef _SSH_COMPAT_${name} 1331#define _SSH_COMPAT_${name} 1332#include "/usr/include/${header}" 1333#endif 1334EOD 1335 done 1336 ;; 1337 1338*-*-lynxos) 1339 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1340 AC_DEFINE([BROKEN_SETVBUF], [1], 1341 [LynxOS has broken setvbuf() implementation]) 1342 ;; 1343esac 1344 1345AC_MSG_CHECKING([compiler and flags for sanity]) 1346AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1347 [ AC_MSG_RESULT([yes]) ], 1348 [ 1349 AC_MSG_RESULT([no]) 1350 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1351 ], 1352 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1353) 1354 1355dnl Checks for header files. 1356# Checks for libraries. 1357AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1358 1359dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1360AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1361 AC_CHECK_LIB([gen], [dirname], [ 1362 AC_CACHE_CHECK([for broken dirname], 1363 ac_cv_have_broken_dirname, [ 1364 save_LIBS="$LIBS" 1365 LIBS="$LIBS -lgen" 1366 AC_RUN_IFELSE( 1367 [AC_LANG_SOURCE([[ 1368#include <libgen.h> 1369#include <string.h> 1370#include <stdlib.h> 1371 1372int main(int argc, char **argv) { 1373 char *s, buf[32]; 1374 1375 strncpy(buf,"/etc", 32); 1376 s = dirname(buf); 1377 if (!s || strncmp(s, "/", 32) != 0) { 1378 exit(1); 1379 } else { 1380 exit(0); 1381 } 1382} 1383 ]])], 1384 [ ac_cv_have_broken_dirname="no" ], 1385 [ ac_cv_have_broken_dirname="yes" ], 1386 [ ac_cv_have_broken_dirname="no" ], 1387 ) 1388 LIBS="$save_LIBS" 1389 ]) 1390 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1391 LIBS="$LIBS -lgen" 1392 AC_DEFINE([HAVE_DIRNAME]) 1393 AC_CHECK_HEADERS([libgen.h]) 1394 fi 1395 ]) 1396]) 1397 1398AC_CHECK_FUNC([getspnam], , 1399 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1400AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1401 [Define if you have the basename function.])]) 1402 1403dnl zlib defaults to enabled 1404zlib=yes 1405AC_ARG_WITH([zlib], 1406 [ --with-zlib=PATH Use zlib in PATH], 1407 [ if test "x$withval" = "xno" ; then 1408 zlib=no 1409 elif test "x$withval" != "xyes"; then 1410 if test -d "$withval/lib"; then 1411 if test -n "${rpath_opt}"; then 1412 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1413 else 1414 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1415 fi 1416 else 1417 if test -n "${rpath_opt}"; then 1418 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1419 else 1420 LDFLAGS="-L${withval} ${LDFLAGS}" 1421 fi 1422 fi 1423 if test -d "$withval/include"; then 1424 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1425 else 1426 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1427 fi 1428 fi ] 1429) 1430 1431# These libraries are needed for anything that links in the channel code. 1432CHANNELLIBS="" 1433AC_MSG_CHECKING([for zlib]) 1434if test "x${zlib}" = "xno"; then 1435 AC_MSG_RESULT([no]) 1436else 1437 saved_LIBS="$LIBS" 1438 CHANNELLIBS="$CHANNELLIBS -lz" 1439 AC_MSG_RESULT([yes]) 1440 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1441 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1442 AC_CHECK_LIB([z], [deflate], [], 1443 [ 1444 saved_CPPFLAGS="$CPPFLAGS" 1445 saved_LDFLAGS="$LDFLAGS" 1446 dnl Check default zlib install dir 1447 if test -n "${rpath_opt}"; then 1448 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1449 else 1450 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1451 fi 1452 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1453 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1454 [ 1455 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1456 ] 1457 ) 1458 ] 1459 ) 1460 1461 AC_ARG_WITH([zlib-version-check], 1462 [ --without-zlib-version-check Disable zlib version check], 1463 [ if test "x$withval" = "xno" ; then 1464 zlib_check_nonfatal=1 1465 fi 1466 ] 1467 ) 1468 1469 AC_MSG_CHECKING([for possibly buggy zlib]) 1470 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1471#include <stdio.h> 1472#include <stdlib.h> 1473#include <zlib.h> 1474 ]], 1475 [[ 1476 int a=0, b=0, c=0, d=0, n, v; 1477 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1478 if (n < 1) 1479 exit(1); 1480 v = a*1000000 + b*10000 + c*100 + d; 1481 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1482 1483 /* 1.1.4 is OK */ 1484 if (a == 1 && b == 1 && c >= 4) 1485 exit(0); 1486 1487 /* 1.2.3 and up are OK */ 1488 if (v >= 1020300) 1489 exit(0); 1490 1491 exit(2); 1492 ]])], 1493 AC_MSG_RESULT([no]), 1494 [ AC_MSG_RESULT([yes]) 1495 if test -z "$zlib_check_nonfatal" ; then 1496 AC_MSG_ERROR([*** zlib too old - check config.log *** 1497Your reported zlib version has known security problems. It's possible your 1498vendor has fixed these problems without changing the version number. If you 1499are sure this is the case, you can disable the check by running 1500"./configure --without-zlib-version-check". 1501If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1502See http://www.gzip.org/zlib/ for details.]) 1503 else 1504 AC_MSG_WARN([zlib version may have security problems]) 1505 fi 1506 ], 1507 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1508 ) 1509 LIBS="$saved_LIBS" 1510fi 1511 1512dnl UnixWare 2.x 1513AC_CHECK_FUNC([strcasecmp], 1514 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1515) 1516AC_CHECK_FUNCS([utimes], 1517 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1518 LIBS="$LIBS -lc89"]) ] 1519) 1520 1521dnl Checks for libutil functions 1522AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1523AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1524AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1525AC_SEARCH_LIBS([login], [util bsd]) 1526AC_SEARCH_LIBS([logout], [util bsd]) 1527AC_SEARCH_LIBS([logwtmp], [util bsd]) 1528AC_SEARCH_LIBS([openpty], [util bsd]) 1529AC_SEARCH_LIBS([updwtmp], [util bsd]) 1530AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1531 1532# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1533# or libnsl. 1534AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1535AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1536 1537# Some Linux distribtions ship the BSD libc hashing functions in 1538# separate libraries. 1539AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1540 1541# "Particular Function Checks" 1542# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1543AC_FUNC_STRFTIME 1544AC_FUNC_MALLOC 1545AC_FUNC_REALLOC 1546# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1547AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1548AC_RUN_IFELSE( 1549 [AC_LANG_PROGRAM( 1550 [[ #include <stdlib.h> ]], 1551 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1552 )], 1553 [ func_calloc_0_nonnull=yes ], 1554 [ func_calloc_0_nonnull=no ], 1555 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1556 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1557) 1558AC_MSG_RESULT([$func_calloc_0_nonnull]) 1559 1560if test "x$func_calloc_0_nonnull" = "xyes"; then 1561 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1562else 1563 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1564 AC_DEFINE(calloc, rpl_calloc, 1565 [Define to rpl_calloc if the replacement function should be used.]) 1566fi 1567 1568# Check for ALTDIRFUNC glob() extension 1569AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1570AC_EGREP_CPP([FOUNDIT], 1571 [ 1572 #include <glob.h> 1573 #ifdef GLOB_ALTDIRFUNC 1574 FOUNDIT 1575 #endif 1576 ], 1577 [ 1578 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1579 [Define if your system glob() function has 1580 the GLOB_ALTDIRFUNC extension]) 1581 AC_MSG_RESULT([yes]) 1582 ], 1583 [ 1584 AC_MSG_RESULT([no]) 1585 ] 1586) 1587 1588# Check for g.gl_matchc glob() extension 1589AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1590AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1591 [[ glob_t g; g.gl_matchc = 1; ]])], 1592 [ 1593 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1594 [Define if your system glob() function has 1595 gl_matchc options in glob_t]) 1596 AC_MSG_RESULT([yes]) 1597 ], [ 1598 AC_MSG_RESULT([no]) 1599]) 1600 1601# Check for g.gl_statv glob() extension 1602AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1603AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1604#ifndef GLOB_KEEPSTAT 1605#error "glob does not support GLOB_KEEPSTAT extension" 1606#endif 1607glob_t g; 1608g.gl_statv = NULL; 1609]])], 1610 [ 1611 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1612 [Define if your system glob() function has 1613 gl_statv options in glob_t]) 1614 AC_MSG_RESULT([yes]) 1615 ], [ 1616 AC_MSG_RESULT([no]) 1617 1618]) 1619 1620AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1621 1622AC_CHECK_DECL([VIS_ALL], , 1623 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1624 1625AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1626AC_RUN_IFELSE( 1627 [AC_LANG_PROGRAM([[ 1628#include <sys/types.h> 1629#include <dirent.h> 1630#include <stdlib.h> 1631 ]], 1632 [[ 1633 struct dirent d; 1634 exit(sizeof(d.d_name)<=sizeof(char)); 1635 ]])], 1636 [AC_MSG_RESULT([yes])], 1637 [ 1638 AC_MSG_RESULT([no]) 1639 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1640 [Define if your struct dirent expects you to 1641 allocate extra space for d_name]) 1642 ], 1643 [ 1644 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1645 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1646 ] 1647) 1648 1649AC_MSG_CHECKING([for /proc/pid/fd directory]) 1650if test -d "/proc/$$/fd" ; then 1651 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1652 AC_MSG_RESULT([yes]) 1653else 1654 AC_MSG_RESULT([no]) 1655fi 1656 1657# Check whether user wants TCP wrappers support 1658TCPW_MSG="no" 1659AC_ARG_WITH([tcp-wrappers], 1660 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1661 [ 1662 if test "x$withval" != "xno" ; then 1663 saved_LIBS="$LIBS" 1664 saved_LDFLAGS="$LDFLAGS" 1665 saved_CPPFLAGS="$CPPFLAGS" 1666 if test -n "${withval}" && \ 1667 test "x${withval}" != "xyes"; then 1668 if test -d "${withval}/lib"; then 1669 if test -n "${need_dash_r}"; then 1670 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1671 else 1672 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1673 fi 1674 else 1675 if test -n "${need_dash_r}"; then 1676 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1677 else 1678 LDFLAGS="-L${withval} ${LDFLAGS}" 1679 fi 1680 fi 1681 if test -d "${withval}/include"; then 1682 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1683 else 1684 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1685 fi 1686 fi 1687 LIBS="-lwrap $LIBS" 1688 AC_MSG_CHECKING([for libwrap]) 1689 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1690#include <sys/types.h> 1691#include <sys/socket.h> 1692#include <netinet/in.h> 1693#include <tcpd.h> 1694int deny_severity = 0, allow_severity = 0; 1695 ]], [[ 1696 hosts_access(0); 1697 ]])], [ 1698 AC_MSG_RESULT([yes]) 1699 AC_DEFINE([LIBWRAP], [1], 1700 [Define if you want 1701 TCP Wrappers support]) 1702 SSHDLIBS="$SSHDLIBS -lwrap" 1703 TCPW_MSG="yes" 1704 ], [ 1705 AC_MSG_ERROR([*** libwrap missing]) 1706 ]) 1707 LIBS="$saved_LIBS" 1708 fi 1709 ] 1710) 1711 1712# Check whether user wants to use ldns 1713LDNS_MSG="no" 1714AC_ARG_WITH(ldns, 1715 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1716 [ 1717 ldns="" 1718 if test "x$withval" = "xyes" ; then 1719 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1720 if test "x$LDNSCONFIG" = "xno"; then 1721 LIBS="-lldns $LIBS" 1722 ldns=yes 1723 else 1724 LIBS="$LIBS `$LDNSCONFIG --libs`" 1725 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1726 ldns=yes 1727 fi 1728 elif test "x$withval" != "xno" ; then 1729 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1730 LDFLAGS="$LDFLAGS -L${withval}/lib" 1731 LIBS="-lldns $LIBS" 1732 ldns=yes 1733 fi 1734 1735 # Verify that it works. 1736 if test "x$ldns" = "xyes" ; then 1737 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1738 LDNS_MSG="yes" 1739 AC_MSG_CHECKING([for ldns support]) 1740 AC_LINK_IFELSE( 1741 [AC_LANG_SOURCE([[ 1742#include <stdio.h> 1743#include <stdlib.h> 1744#ifdef HAVE_STDINT_H 1745# include <stdint.h> 1746#endif 1747#include <ldns/ldns.h> 1748int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1749 ]]) 1750 ], 1751 [AC_MSG_RESULT(yes)], 1752 [ 1753 AC_MSG_RESULT(no) 1754 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1755 ]) 1756 fi 1757]) 1758 1759# Check whether user wants libedit support 1760LIBEDIT_MSG="no" 1761AC_ARG_WITH([libedit], 1762 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1763 [ if test "x$withval" != "xno" ; then 1764 if test "x$withval" = "xyes" ; then 1765 if test "x$PKGCONFIG" != "xno"; then 1766 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1767 if "$PKGCONFIG" libedit; then 1768 AC_MSG_RESULT([yes]) 1769 use_pkgconfig_for_libedit=yes 1770 else 1771 AC_MSG_RESULT([no]) 1772 fi 1773 fi 1774 else 1775 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1776 if test -n "${rpath_opt}"; then 1777 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1778 else 1779 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1780 fi 1781 fi 1782 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1783 LIBEDIT=`$PKGCONFIG --libs libedit` 1784 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1785 else 1786 LIBEDIT="-ledit -lcurses" 1787 fi 1788 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1789 AC_CHECK_LIB([edit], [el_init], 1790 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1791 LIBEDIT_MSG="yes" 1792 AC_SUBST([LIBEDIT]) 1793 ], 1794 [ AC_MSG_ERROR([libedit not found]) ], 1795 [ $OTHERLIBS ] 1796 ) 1797 AC_MSG_CHECKING([if libedit version is compatible]) 1798 AC_COMPILE_IFELSE( 1799 [AC_LANG_PROGRAM([[ 1800#include <histedit.h> 1801#include <stdlib.h> 1802 ]], 1803 [[ 1804 int i = H_SETSIZE; 1805 el_init("", NULL, NULL, NULL); 1806 exit(0); 1807 ]])], 1808 [ AC_MSG_RESULT([yes]) ], 1809 [ AC_MSG_RESULT([no]) 1810 AC_MSG_ERROR([libedit version is not compatible]) ] 1811 ) 1812 fi ] 1813) 1814 1815AUDIT_MODULE=none 1816AC_ARG_WITH([audit], 1817 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1818 [ 1819 AC_MSG_CHECKING([for supported audit module]) 1820 case "$withval" in 1821 bsm) 1822 AC_MSG_RESULT([bsm]) 1823 AUDIT_MODULE=bsm 1824 dnl Checks for headers, libs and functions 1825 AC_CHECK_HEADERS([bsm/audit.h], [], 1826 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1827 [ 1828#ifdef HAVE_TIME_H 1829# include <time.h> 1830#endif 1831 ] 1832) 1833 AC_CHECK_LIB([bsm], [getaudit], [], 1834 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1835 AC_CHECK_FUNCS([getaudit], [], 1836 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1837 # These are optional 1838 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1839 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1840 if test "$sol2ver" -ge 11; then 1841 SSHDLIBS="$SSHDLIBS -lscf" 1842 AC_DEFINE([BROKEN_BSM_API], [1], 1843 [The system has incomplete BSM API]) 1844 fi 1845 ;; 1846 linux) 1847 AC_MSG_RESULT([linux]) 1848 AUDIT_MODULE=linux 1849 dnl Checks for headers, libs and functions 1850 AC_CHECK_HEADERS([libaudit.h]) 1851 SSHDLIBS="$SSHDLIBS -laudit" 1852 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1853 ;; 1854 debug) 1855 AUDIT_MODULE=debug 1856 AC_MSG_RESULT([debug]) 1857 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1858 ;; 1859 no) 1860 AC_MSG_RESULT([no]) 1861 ;; 1862 *) 1863 AC_MSG_ERROR([Unknown audit module $withval]) 1864 ;; 1865 esac ] 1866) 1867 1868AC_ARG_WITH([pie], 1869 [ --with-pie Build Position Independent Executables if possible], [ 1870 if test "x$withval" = "xno"; then 1871 use_pie=no 1872 fi 1873 if test "x$withval" = "xyes"; then 1874 use_pie=yes 1875 fi 1876 ] 1877) 1878if test "x$use_pie" = "x"; then 1879 use_pie=no 1880fi 1881if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1882 # Turn off automatic PIE when toolchain hardening is off. 1883 use_pie=no 1884fi 1885if test "x$use_pie" = "xauto"; then 1886 # Automatic PIE requires gcc >= 4.x 1887 AC_MSG_CHECKING([for gcc >= 4.x]) 1888 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1889#if !defined(__GNUC__) || __GNUC__ < 4 1890#error gcc is too old 1891#endif 1892]])], 1893 [ AC_MSG_RESULT([yes]) ], 1894 [ AC_MSG_RESULT([no]) 1895 use_pie=no ] 1896) 1897fi 1898if test "x$use_pie" != "xno"; then 1899 SAVED_CFLAGS="$CFLAGS" 1900 SAVED_LDFLAGS="$LDFLAGS" 1901 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1902 OSSH_CHECK_LDFLAG_LINK([-pie]) 1903 # We use both -fPIE and -pie or neither. 1904 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1905 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1906 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1907 AC_MSG_RESULT([yes]) 1908 else 1909 AC_MSG_RESULT([no]) 1910 CFLAGS="$SAVED_CFLAGS" 1911 LDFLAGS="$SAVED_LDFLAGS" 1912 fi 1913fi 1914 1915AC_MSG_CHECKING([whether -fPIC is accepted]) 1916SAVED_CFLAGS="$CFLAGS" 1917CFLAGS="$CFLAGS -fPIC" 1918AC_COMPILE_IFELSE( 1919 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1920 [AC_MSG_RESULT([yes]) 1921 PICFLAG="-fPIC"; ], 1922 [AC_MSG_RESULT([no]) 1923 PICFLAG=""; ]) 1924CFLAGS="$SAVED_CFLAGS" 1925AC_SUBST([PICFLAG]) 1926 1927dnl Checks for library functions. Please keep in alphabetical order 1928AC_CHECK_FUNCS([ \ 1929 auth_hostok \ 1930 auth_timeok \ 1931 Blowfish_initstate \ 1932 Blowfish_expandstate \ 1933 Blowfish_expand0state \ 1934 Blowfish_stream2word \ 1935 SHA256Update \ 1936 SHA384Update \ 1937 SHA512Update \ 1938 asprintf \ 1939 b64_ntop \ 1940 __b64_ntop \ 1941 b64_pton \ 1942 __b64_pton \ 1943 bcopy \ 1944 bcrypt_pbkdf \ 1945 bindresvport_sa \ 1946 blf_enc \ 1947 bzero \ 1948 cap_rights_limit \ 1949 clock \ 1950 closefrom \ 1951 close_range \ 1952 dirfd \ 1953 endgrent \ 1954 err \ 1955 errx \ 1956 explicit_bzero \ 1957 explicit_memset \ 1958 fchmod \ 1959 fchmodat \ 1960 fchown \ 1961 fchownat \ 1962 flock \ 1963 fnmatch \ 1964 freeaddrinfo \ 1965 freezero \ 1966 fstatfs \ 1967 fstatvfs \ 1968 futimes \ 1969 getaddrinfo \ 1970 getcwd \ 1971 getentropy \ 1972 getgrouplist \ 1973 getline \ 1974 getnameinfo \ 1975 getopt \ 1976 getpagesize \ 1977 getpeereid \ 1978 getpeerucred \ 1979 getpgid \ 1980 _getpty \ 1981 getrlimit \ 1982 getrandom \ 1983 getsid \ 1984 getttyent \ 1985 glob \ 1986 group_from_gid \ 1987 inet_aton \ 1988 inet_ntoa \ 1989 inet_ntop \ 1990 innetgr \ 1991 killpg \ 1992 llabs \ 1993 localtime_r \ 1994 login_getcapbool \ 1995 login_getpwclass \ 1996 memmem \ 1997 memmove \ 1998 memset_s \ 1999 mkdtemp \ 2000 ngetaddrinfo \ 2001 nsleep \ 2002 ogetaddrinfo \ 2003 openlog_r \ 2004 pledge \ 2005 poll \ 2006 ppoll \ 2007 prctl \ 2008 procctl \ 2009 pselect \ 2010 pstat \ 2011 raise \ 2012 readpassphrase \ 2013 reallocarray \ 2014 realpath \ 2015 recvmsg \ 2016 recallocarray \ 2017 rresvport_af \ 2018 sendmsg \ 2019 setdtablesize \ 2020 setegid \ 2021 setenv \ 2022 seteuid \ 2023 setgroupent \ 2024 setgroups \ 2025 setlinebuf \ 2026 setlogin \ 2027 setpassent\ 2028 setpcred \ 2029 setproctitle \ 2030 setregid \ 2031 setreuid \ 2032 setrlimit \ 2033 setsid \ 2034 setvbuf \ 2035 sigaction \ 2036 sigvec \ 2037 snprintf \ 2038 socketpair \ 2039 statfs \ 2040 statvfs \ 2041 strcasestr \ 2042 strdup \ 2043 strerror \ 2044 strlcat \ 2045 strlcpy \ 2046 strmode \ 2047 strndup \ 2048 strnlen \ 2049 strnvis \ 2050 strptime \ 2051 strsignal \ 2052 strtonum \ 2053 strtoll \ 2054 strtoul \ 2055 strtoull \ 2056 swap32 \ 2057 sysconf \ 2058 tcgetpgrp \ 2059 timegm \ 2060 timingsafe_bcmp \ 2061 truncate \ 2062 unsetenv \ 2063 updwtmpx \ 2064 utimensat \ 2065 user_from_uid \ 2066 usleep \ 2067 vasprintf \ 2068 vsnprintf \ 2069 waitpid \ 2070 warn \ 2071]) 2072 2073AC_CHECK_DECLS([bzero, memmem]) 2074 2075dnl Wide character support. 2076AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2077 2078TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2079AC_MSG_CHECKING([for utf8 locale support]) 2080AC_RUN_IFELSE( 2081 [AC_LANG_PROGRAM([[ 2082#include <locale.h> 2083#include <stdlib.h> 2084 ]], [[ 2085 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2086 if (loc != NULL) 2087 exit(0); 2088 exit(1); 2089 ]])], 2090 AC_MSG_RESULT(yes), 2091 [AC_MSG_RESULT(no) 2092 TEST_SSH_UTF8=no], 2093 AC_MSG_WARN([cross compiling: assuming yes]) 2094) 2095 2096AC_LINK_IFELSE( 2097 [AC_LANG_PROGRAM( 2098 [[ #include <ctype.h> ]], 2099 [[ return (isblank('a')); ]])], 2100 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2101]) 2102 2103disable_pkcs11= 2104AC_ARG_ENABLE([pkcs11], 2105 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2106 [ 2107 if test "x$enableval" = "xno" ; then 2108 disable_pkcs11=1 2109 fi 2110 ] 2111) 2112 2113disable_sk= 2114AC_ARG_ENABLE([security-key], 2115 [ --disable-security-key disable U2F/FIDO support code [no]], 2116 [ 2117 if test "x$enableval" = "xno" ; then 2118 disable_sk=1 2119 fi 2120 ] 2121) 2122enable_sk_internal= 2123AC_ARG_WITH([security-key-builtin], 2124 [ --with-security-key-builtin include builtin U2F/FIDO support], 2125 [ enable_sk_internal=$withval ] 2126) 2127 2128AC_SEARCH_LIBS([dlopen], [dl]) 2129AC_CHECK_FUNCS([dlopen]) 2130AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2131 2132# IRIX has a const char return value for gai_strerror() 2133AC_CHECK_FUNCS([gai_strerror], [ 2134 AC_DEFINE([HAVE_GAI_STRERROR]) 2135 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2136#include <sys/types.h> 2137#include <sys/socket.h> 2138#include <netdb.h> 2139 2140const char *gai_strerror(int); 2141 ]], [[ 2142 char *str; 2143 str = gai_strerror(0); 2144 ]])], [ 2145 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2146 [Define if gai_strerror() returns const char *])], [])]) 2147 2148AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2149 [Some systems put nanosleep outside of libc])]) 2150 2151AC_SEARCH_LIBS([clock_gettime], [rt], 2152 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2153 2154dnl check if we need -D_REENTRANT for localtime_r declaration. 2155AC_CHECK_DECL([localtime_r], [], 2156 [ saved_CPPFLAGS="$CPPFLAGS" 2157 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2158 unset ac_cv_have_decl_localtime_r 2159 AC_CHECK_DECL([localtime_r], [], 2160 [ CPPFLAGS="$saved_CPPFLAGS" ], 2161 [ #include <time.h> ] 2162 ) 2163 ], 2164 [ #include <time.h> ] 2165) 2166 2167dnl Make sure prototypes are defined for these before using them. 2168AC_CHECK_DECL([strsep], 2169 [AC_CHECK_FUNCS([strsep])], 2170 [], 2171 [ 2172#ifdef HAVE_STRING_H 2173# include <string.h> 2174#endif 2175 ]) 2176 2177dnl tcsendbreak might be a macro 2178AC_CHECK_DECL([tcsendbreak], 2179 [AC_DEFINE([HAVE_TCSENDBREAK])], 2180 [AC_CHECK_FUNCS([tcsendbreak])], 2181 [#include <termios.h>] 2182) 2183 2184AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2185 2186AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2187 [ 2188#include <sys/types.h> 2189#include <sys/socket.h> 2190#include <unistd.h> 2191 ]) 2192 2193AC_CHECK_DECLS([O_NONBLOCK], , , 2194 [ 2195#include <sys/types.h> 2196#ifdef HAVE_SYS_STAT_H 2197# include <sys/stat.h> 2198#endif 2199#ifdef HAVE_FCNTL_H 2200# include <fcntl.h> 2201#endif 2202 ]) 2203 2204AC_CHECK_DECLS([ftruncate, getentropy], , , 2205 [ 2206#include <sys/types.h> 2207#include <unistd.h> 2208 ]) 2209 2210AC_CHECK_DECLS([readv, writev], , , [ 2211#include <sys/types.h> 2212#include <sys/uio.h> 2213#include <unistd.h> 2214 ]) 2215 2216AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2217#include <sys/param.h> 2218 ]) 2219 2220AC_CHECK_DECLS([offsetof], , , [ 2221#include <stddef.h> 2222 ]) 2223 2224# extra bits for select(2) 2225AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2226#include <sys/param.h> 2227#include <sys/types.h> 2228#ifdef HAVE_SYS_SYSMACROS_H 2229#include <sys/sysmacros.h> 2230#endif 2231#ifdef HAVE_SYS_SELECT_H 2232#include <sys/select.h> 2233#endif 2234#ifdef HAVE_SYS_TIME_H 2235#include <sys/time.h> 2236#endif 2237#ifdef HAVE_UNISTD_H 2238#include <unistd.h> 2239#endif 2240 ]]) 2241AC_CHECK_TYPES([fd_mask], [], [], [[ 2242#include <sys/param.h> 2243#include <sys/types.h> 2244#ifdef HAVE_SYS_SELECT_H 2245#include <sys/select.h> 2246#endif 2247#ifdef HAVE_SYS_TIME_H 2248#include <sys/time.h> 2249#endif 2250#ifdef HAVE_UNISTD_H 2251#include <unistd.h> 2252#endif 2253 ]]) 2254 2255AC_CHECK_FUNCS([setresuid], [ 2256 dnl Some platorms have setresuid that isn't implemented, test for this 2257 AC_MSG_CHECKING([if setresuid seems to work]) 2258 AC_RUN_IFELSE( 2259 [AC_LANG_PROGRAM([[ 2260#include <errno.h> 2261#include <stdlib.h> 2262#include <unistd.h> 2263 ]], [[ 2264 errno=0; 2265 setresuid(0,0,0); 2266 if (errno==ENOSYS) 2267 exit(1); 2268 else 2269 exit(0); 2270 ]])], 2271 [AC_MSG_RESULT([yes])], 2272 [AC_DEFINE([BROKEN_SETRESUID], [1], 2273 [Define if your setresuid() is broken]) 2274 AC_MSG_RESULT([not implemented])], 2275 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2276 ) 2277]) 2278 2279AC_CHECK_FUNCS([setresgid], [ 2280 dnl Some platorms have setresgid that isn't implemented, test for this 2281 AC_MSG_CHECKING([if setresgid seems to work]) 2282 AC_RUN_IFELSE( 2283 [AC_LANG_PROGRAM([[ 2284#include <errno.h> 2285#include <stdlib.h> 2286#include <unistd.h> 2287 ]], [[ 2288 errno=0; 2289 setresgid(0,0,0); 2290 if (errno==ENOSYS) 2291 exit(1); 2292 else 2293 exit(0); 2294 ]])], 2295 [AC_MSG_RESULT([yes])], 2296 [AC_DEFINE([BROKEN_SETRESGID], [1], 2297 [Define if your setresgid() is broken]) 2298 AC_MSG_RESULT([not implemented])], 2299 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2300 ) 2301]) 2302 2303AC_MSG_CHECKING([for working fflush(NULL)]) 2304AC_RUN_IFELSE( 2305 [AC_LANG_PROGRAM([[ 2306#include <stdio.h> 2307#include <stdlib.h> 2308 ]], 2309 [[fflush(NULL); exit(0);]])], 2310 AC_MSG_RESULT([yes]), 2311 [AC_MSG_RESULT([no]) 2312 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2313 [define if fflush(NULL) does not work])], 2314 AC_MSG_WARN([cross compiling: assuming working]) 2315) 2316 2317dnl Checks for time functions 2318AC_CHECK_FUNCS([gettimeofday time]) 2319dnl Checks for utmp functions 2320AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2321AC_CHECK_FUNCS([utmpname]) 2322dnl Checks for utmpx functions 2323AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2324AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2325dnl Checks for lastlog functions 2326AC_CHECK_FUNCS([getlastlogxbyname]) 2327 2328AC_CHECK_FUNC([daemon], 2329 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2330 [AC_CHECK_LIB([bsd], [daemon], 2331 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2332) 2333 2334AC_CHECK_FUNC([getpagesize], 2335 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2336 [Define if your libraries define getpagesize()])], 2337 [AC_CHECK_LIB([ucb], [getpagesize], 2338 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2339) 2340 2341# Check for broken snprintf 2342if test "x$ac_cv_func_snprintf" = "xyes" ; then 2343 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2344 AC_RUN_IFELSE( 2345 [AC_LANG_PROGRAM([[ 2346#include <stdio.h> 2347#include <stdlib.h> 2348 ]], 2349 [[ 2350 char b[5]; 2351 snprintf(b,5,"123456789"); 2352 exit(b[4]!='\0'); 2353 ]])], 2354 [AC_MSG_RESULT([yes])], 2355 [ 2356 AC_MSG_RESULT([no]) 2357 AC_DEFINE([BROKEN_SNPRINTF], [1], 2358 [Define if your snprintf is busted]) 2359 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2360 ], 2361 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2362 ) 2363fi 2364 2365if test "x$ac_cv_func_snprintf" = "xyes" ; then 2366 AC_MSG_CHECKING([whether snprintf understands %zu]) 2367 AC_RUN_IFELSE( 2368 [AC_LANG_PROGRAM([[ 2369#include <sys/types.h> 2370#include <stdio.h> 2371#include <stdlib.h> 2372#include <string.h> 2373 ]], 2374 [[ 2375 size_t a = 1, b = 2; 2376 char z[128]; 2377 snprintf(z, sizeof z, "%zu%zu", a, b); 2378 exit(strcmp(z, "12")); 2379 ]])], 2380 [AC_MSG_RESULT([yes])], 2381 [ 2382 AC_MSG_RESULT([no]) 2383 AC_DEFINE([BROKEN_SNPRINTF], [1], 2384 [snprintf does not understand %zu]) 2385 ], 2386 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2387 ) 2388fi 2389 2390# We depend on vsnprintf returning the right thing on overflow: the 2391# number of characters it tried to create (as per SUSv3) 2392if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2393 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2394 AC_RUN_IFELSE( 2395 [AC_LANG_PROGRAM([[ 2396#include <sys/types.h> 2397#include <stdio.h> 2398#include <stdarg.h> 2399 2400int x_snprintf(char *str, size_t count, const char *fmt, ...) 2401{ 2402 size_t ret; 2403 va_list ap; 2404 2405 va_start(ap, fmt); 2406 ret = vsnprintf(str, count, fmt, ap); 2407 va_end(ap); 2408 return ret; 2409} 2410 ]], [[ 2411char x[1]; 2412if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2413 return 1; 2414if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2415 return 1; 2416return 0; 2417 ]])], 2418 [AC_MSG_RESULT([yes])], 2419 [ 2420 AC_MSG_RESULT([no]) 2421 AC_DEFINE([BROKEN_SNPRINTF], [1], 2422 [Define if your snprintf is busted]) 2423 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2424 ], 2425 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2426 ) 2427fi 2428 2429# On systems where [v]snprintf is broken, but is declared in stdio, 2430# check that the fmt argument is const char * or just char *. 2431# This is only useful for when BROKEN_SNPRINTF 2432AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2433AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2434#include <stdio.h> 2435int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2436 ]], [[ 2437 snprintf(0, 0, 0); 2438 ]])], 2439 [AC_MSG_RESULT([yes]) 2440 AC_DEFINE([SNPRINTF_CONST], [const], 2441 [Define as const if snprintf() can declare const char *fmt])], 2442 [AC_MSG_RESULT([no]) 2443 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2444 2445# Check for missing getpeereid (or equiv) support 2446NO_PEERCHECK="" 2447if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2448 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2449 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2450#include <sys/types.h> 2451#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2452 [ AC_MSG_RESULT([yes]) 2453 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2454 ], [AC_MSG_RESULT([no]) 2455 NO_PEERCHECK=1 2456 ]) 2457fi 2458 2459dnl make sure that openpty does not reacquire controlling terminal 2460if test ! -z "$check_for_openpty_ctty_bug"; then 2461 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2462 AC_RUN_IFELSE( 2463 [AC_LANG_PROGRAM([[ 2464#include <stdio.h> 2465#include <stdlib.h> 2466#include <unistd.h> 2467#ifdef HAVE_PTY_H 2468# include <pty.h> 2469#endif 2470#include <sys/fcntl.h> 2471#include <sys/types.h> 2472#include <sys/wait.h> 2473 ]], [[ 2474 pid_t pid; 2475 int fd, ptyfd, ttyfd, status; 2476 2477 pid = fork(); 2478 if (pid < 0) { /* failed */ 2479 exit(1); 2480 } else if (pid > 0) { /* parent */ 2481 waitpid(pid, &status, 0); 2482 if (WIFEXITED(status)) 2483 exit(WEXITSTATUS(status)); 2484 else 2485 exit(2); 2486 } else { /* child */ 2487 close(0); close(1); close(2); 2488 setsid(); 2489 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2490 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2491 if (fd >= 0) 2492 exit(3); /* Acquired ctty: broken */ 2493 else 2494 exit(0); /* Did not acquire ctty: OK */ 2495 } 2496 ]])], 2497 [ 2498 AC_MSG_RESULT([yes]) 2499 ], 2500 [ 2501 AC_MSG_RESULT([no]) 2502 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2503 ], 2504 [ 2505 AC_MSG_RESULT([cross-compiling, assuming yes]) 2506 ] 2507 ) 2508fi 2509 2510if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2511 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2512 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2513 AC_RUN_IFELSE( 2514 [AC_LANG_PROGRAM([[ 2515#include <stdio.h> 2516#include <stdlib.h> 2517#include <sys/socket.h> 2518#include <netdb.h> 2519#include <errno.h> 2520#include <netinet/in.h> 2521 2522#define TEST_PORT "2222" 2523 ]], [[ 2524 int err, sock; 2525 struct addrinfo *gai_ai, *ai, hints; 2526 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2527 2528 memset(&hints, 0, sizeof(hints)); 2529 hints.ai_family = PF_UNSPEC; 2530 hints.ai_socktype = SOCK_STREAM; 2531 hints.ai_flags = AI_PASSIVE; 2532 2533 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2534 if (err != 0) { 2535 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2536 exit(1); 2537 } 2538 2539 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2540 if (ai->ai_family != AF_INET6) 2541 continue; 2542 2543 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2544 sizeof(ntop), strport, sizeof(strport), 2545 NI_NUMERICHOST|NI_NUMERICSERV); 2546 2547 if (err != 0) { 2548 if (err == EAI_SYSTEM) 2549 perror("getnameinfo EAI_SYSTEM"); 2550 else 2551 fprintf(stderr, "getnameinfo failed: %s\n", 2552 gai_strerror(err)); 2553 exit(2); 2554 } 2555 2556 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2557 if (sock < 0) 2558 perror("socket"); 2559 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2560 if (errno == EBADF) 2561 exit(3); 2562 } 2563 } 2564 exit(0); 2565 ]])], 2566 [ 2567 AC_MSG_RESULT([yes]) 2568 ], 2569 [ 2570 AC_MSG_RESULT([no]) 2571 AC_DEFINE([BROKEN_GETADDRINFO]) 2572 ], 2573 [ 2574 AC_MSG_RESULT([cross-compiling, assuming yes]) 2575 ] 2576 ) 2577fi 2578 2579if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2580 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2581 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2582 AC_RUN_IFELSE( 2583 [AC_LANG_PROGRAM([[ 2584#include <stdio.h> 2585#include <stdlib.h> 2586#include <sys/socket.h> 2587#include <netdb.h> 2588#include <errno.h> 2589#include <netinet/in.h> 2590 2591#define TEST_PORT "2222" 2592 ]], [[ 2593 int err, sock; 2594 struct addrinfo *gai_ai, *ai, hints; 2595 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2596 2597 memset(&hints, 0, sizeof(hints)); 2598 hints.ai_family = PF_UNSPEC; 2599 hints.ai_socktype = SOCK_STREAM; 2600 hints.ai_flags = AI_PASSIVE; 2601 2602 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2603 if (err != 0) { 2604 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2605 exit(1); 2606 } 2607 2608 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2609 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2610 continue; 2611 2612 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2613 sizeof(ntop), strport, sizeof(strport), 2614 NI_NUMERICHOST|NI_NUMERICSERV); 2615 2616 if (ai->ai_family == AF_INET && err != 0) { 2617 perror("getnameinfo"); 2618 exit(2); 2619 } 2620 } 2621 exit(0); 2622 ]])], 2623 [ 2624 AC_MSG_RESULT([yes]) 2625 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2626 [Define if you have a getaddrinfo that fails 2627 for the all-zeros IPv6 address]) 2628 ], 2629 [ 2630 AC_MSG_RESULT([no]) 2631 AC_DEFINE([BROKEN_GETADDRINFO]) 2632 ], 2633 [ 2634 AC_MSG_RESULT([cross-compiling, assuming no]) 2635 ] 2636 ) 2637fi 2638 2639if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2640 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2641 [#include <sys/types.h> 2642 #include <sys/socket.h> 2643 #include <netdb.h>]) 2644fi 2645 2646if test "x$check_for_conflicting_getspnam" = "x1"; then 2647 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2649#include <shadow.h> 2650#include <stdlib.h> 2651 ]], 2652 [[ exit(0); ]])], 2653 [ 2654 AC_MSG_RESULT([no]) 2655 ], 2656 [ 2657 AC_MSG_RESULT([yes]) 2658 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2659 [Conflicting defs for getspnam]) 2660 ] 2661 ) 2662fi 2663 2664dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2665dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2666dnl for over ten years). Despite this incompatibility being reported during 2667dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2668dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2669dnl implementation. Try to detect this mess, and assume the only safe option 2670dnl if we're cross compiling. 2671dnl 2672dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2673dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2674if test "x$ac_cv_func_strnvis" = "xyes"; then 2675 AC_MSG_CHECKING([for working strnvis]) 2676 AC_RUN_IFELSE( 2677 [AC_LANG_PROGRAM([[ 2678#include <signal.h> 2679#include <stdlib.h> 2680#include <string.h> 2681#include <unistd.h> 2682#include <vis.h> 2683static void sighandler(int sig) { _exit(1); } 2684 ]], [[ 2685 char dst[16]; 2686 2687 signal(SIGSEGV, sighandler); 2688 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2689 exit(0); 2690 exit(1) 2691 ]])], 2692 [AC_MSG_RESULT([yes])], 2693 [AC_MSG_RESULT([no]) 2694 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2695 [AC_MSG_WARN([cross compiling: assuming broken]) 2696 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2697 ) 2698fi 2699 2700AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2701AC_RUN_IFELSE( 2702 [AC_LANG_PROGRAM([[ 2703#ifdef HAVE_SYS_SELECT 2704# include <sys/select.h> 2705#endif 2706#include <sys/types.h> 2707#include <sys/time.h> 2708#include <stdlib.h> 2709#include <signal.h> 2710#include <unistd.h> 2711static void sighandler(int sig) { } 2712 ]], [[ 2713 int r; 2714 pid_t pid; 2715 struct sigaction sa; 2716 2717 sa.sa_handler = sighandler; 2718 sa.sa_flags = SA_RESTART; 2719 (void)sigaction(SIGTERM, &sa, NULL); 2720 if ((pid = fork()) == 0) { /* child */ 2721 pid = getppid(); 2722 sleep(1); 2723 kill(pid, SIGTERM); 2724 sleep(1); 2725 if (getppid() == pid) /* if parent did not exit, shoot it */ 2726 kill(pid, SIGKILL); 2727 exit(0); 2728 } else { /* parent */ 2729 r = select(0, NULL, NULL, NULL, NULL); 2730 } 2731 exit(r == -1 ? 0 : 1); 2732 ]])], 2733 [AC_MSG_RESULT([yes])], 2734 [AC_MSG_RESULT([no]) 2735 AC_DEFINE([NO_SA_RESTART], [1], 2736 [SA_RESTARTed signals do no interrupt select])], 2737 [AC_MSG_WARN([cross compiling: assuming yes])] 2738) 2739 2740AC_CHECK_FUNCS([getpgrp],[ 2741 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2742 AC_COMPILE_IFELSE( 2743 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2744 [ AC_MSG_RESULT([yes]) 2745 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2746 [ AC_MSG_RESULT([no]) 2747 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2748 ) 2749]) 2750 2751# Search for OpenSSL 2752saved_CPPFLAGS="$CPPFLAGS" 2753saved_LDFLAGS="$LDFLAGS" 2754openssl_bin_PATH="$PATH" 2755AC_ARG_WITH([ssl-dir], 2756 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2757 [ 2758 if test "x$openssl" = "xno" ; then 2759 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2760 fi 2761 if test "x$withval" != "xno" ; then 2762 case "$withval" in 2763 # Relative paths 2764 ./*|../*) withval="`pwd`/$withval" 2765 esac 2766 if test -d "$withval/lib"; then 2767 libcrypto_path="${withval}/lib" 2768 elif test -d "$withval/lib64"; then 2769 libcrypto_path="$withval/lib64" 2770 else 2771 # Built but not installed 2772 libcrypto_path="${withval}" 2773 fi 2774 if test -n "${rpath_opt}"; then 2775 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2776 else 2777 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2778 fi 2779 if test -d "$withval/include"; then 2780 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2781 else 2782 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2783 fi 2784 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" 2785 fi 2786 ] 2787) 2788AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2789AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2790 2791AC_ARG_WITH([openssl-header-check], 2792 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2793 [ 2794 if test "x$withval" = "xno" ; then 2795 openssl_check_nonfatal=1 2796 fi 2797 ] 2798) 2799 2800openssl_engine=no 2801AC_ARG_WITH([ssl-engine], 2802 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2803 [ 2804 if test "x$withval" != "xno" ; then 2805 if test "x$openssl" = "xno" ; then 2806 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2807 fi 2808 openssl_engine=yes 2809 fi 2810 ] 2811) 2812 2813nocrypto_saved_LIBS="$LIBS" 2814if test "x$openssl" = "xyes" ; then 2815 LIBS="-lcrypto $LIBS" 2816 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2817 AC_TRY_LINK_FUNC([RAND_add], , 2818 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2819 AC_CHECK_HEADER([openssl/opensslv.h], , 2820 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2821 2822 # Determine OpenSSL header version 2823 AC_MSG_CHECKING([OpenSSL header version]) 2824 AC_RUN_IFELSE( 2825 [AC_LANG_PROGRAM([[ 2826 #include <stdlib.h> 2827 #include <stdio.h> 2828 #include <string.h> 2829 #include <openssl/opensslv.h> 2830 #define DATA "conftest.sslincver" 2831 ]], [[ 2832 FILE *fd; 2833 int rc; 2834 2835 fd = fopen(DATA,"w"); 2836 if(fd == NULL) 2837 exit(1); 2838 2839 if ((rc = fprintf(fd, "%08lx (%s)\n", 2840 (unsigned long)OPENSSL_VERSION_NUMBER, 2841 OPENSSL_VERSION_TEXT)) < 0) 2842 exit(1); 2843 2844 exit(0); 2845 ]])], 2846 [ 2847 ssl_header_ver=`cat conftest.sslincver` 2848 AC_MSG_RESULT([$ssl_header_ver]) 2849 ], 2850 [ 2851 AC_MSG_RESULT([not found]) 2852 AC_MSG_ERROR([OpenSSL version header not found.]) 2853 ], 2854 [ 2855 AC_MSG_WARN([cross compiling: not checking]) 2856 ] 2857 ) 2858 2859 # Determining OpenSSL library version is version dependent. 2860 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2861 2862 # Determine OpenSSL library version 2863 AC_MSG_CHECKING([OpenSSL library version]) 2864 AC_RUN_IFELSE( 2865 [AC_LANG_PROGRAM([[ 2866 #include <stdio.h> 2867 #include <stdlib.h> 2868 #include <string.h> 2869 #include <openssl/opensslv.h> 2870 #include <openssl/crypto.h> 2871 #define DATA "conftest.ssllibver" 2872 ]], [[ 2873 FILE *f; 2874 /* We need these legacy bits to warn for old libcrypto */ 2875 #ifndef OPENSSL_VERSION 2876 # define OPENSSL_VERSION SSLEAY_VERSION 2877 #endif 2878 #ifndef HAVE_OPENSSL_VERSION 2879 # define OpenSSL_version SSLeay_version 2880 #endif 2881 #ifndef HAVE_OPENSSL_VERSION_NUM 2882 # define OpenSSL_version_num SSLeay 2883 #endif 2884 if ((f = fopen(DATA, "w")) == NULL) 2885 exit(1); 2886 if (fprintf(f, "%08lx (%s)", 2887 (unsigned long)OpenSSL_version_num(), 2888 OpenSSL_version(OPENSSL_VERSION)) < 0) 2889 exit(1); 2890#ifdef LIBRESSL_VERSION_NUMBER 2891 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) 2892 exit(1); 2893#endif 2894 if (fputc('\n', f) == EOF || fclose(f) == EOF) 2895 exit(1); 2896 exit(0); 2897 ]])], 2898 [ 2899 sslver=`cat conftest.ssllibver` 2900 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` 2901 # Check version is supported. 2902 case "$sslver" in 2903 100*|10100*) # 1.0.x, 1.1.0x 2904 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) 2905 ;; 2906 101*) ;; # 1.1.x 2907 200*) # LibreSSL 2908 lver=`echo "$sslver" | sed 's/.*libressl-//'` 2909 case "$lver" in 2910 2*|300*) # 2.x, 3.0.0 2911 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) 2912 ;; 2913 *) ;; # Assume all other versions are good. 2914 esac 2915 ;; 2916 300*) 2917 # OpenSSL 3; we use the 1.1x API 2918 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2919 ;; 2920 301*|302*|303*) 2921 # OpenSSL development branch; request 1.1x API 2922 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2923 ;; 2924 *) 2925 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) 2926 ;; 2927 esac 2928 AC_MSG_RESULT([$ssl_showver]) 2929 ], 2930 [ 2931 AC_MSG_RESULT([not found]) 2932 AC_MSG_ERROR([OpenSSL library not found.]) 2933 ], 2934 [ 2935 AC_MSG_WARN([cross compiling: not checking]) 2936 ] 2937 ) 2938 2939 case "$host" in 2940 x86_64-*) 2941 case "$sslver" in 2942 3000004*) 2943 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2944 ;; 2945 esac 2946 esac 2947 2948 # Sanity check OpenSSL headers 2949 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2950 AC_RUN_IFELSE( 2951 [AC_LANG_PROGRAM([[ 2952 #include <stdlib.h> 2953 #include <string.h> 2954 #include <openssl/opensslv.h> 2955 #include <openssl/crypto.h> 2956 ]], [[ 2957 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2958 ]])], 2959 [ 2960 AC_MSG_RESULT([yes]) 2961 ], 2962 [ 2963 AC_MSG_RESULT([no]) 2964 if test "x$openssl_check_nonfatal" = "x"; then 2965 AC_MSG_ERROR([Your OpenSSL headers do not match your 2966 library. Check config.log for details. 2967 If you are sure your installation is consistent, you can disable the check 2968 by running "./configure --without-openssl-header-check". 2969 Also see contrib/findssl.sh for help identifying header/library mismatches. 2970 ]) 2971 else 2972 AC_MSG_WARN([Your OpenSSL headers do not match your 2973 library. Check config.log for details. 2974 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2975 fi 2976 ], 2977 [ 2978 AC_MSG_WARN([cross compiling: not checking]) 2979 ] 2980 ) 2981 2982 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2983 AC_LINK_IFELSE( 2984 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2985 [[ ERR_load_crypto_strings(); ]])], 2986 [ 2987 AC_MSG_RESULT([yes]) 2988 ], 2989 [ 2990 AC_MSG_RESULT([no]) 2991 LIBS="$LIBS -ldl" 2992 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2993 AC_LINK_IFELSE( 2994 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2995 [[ ERR_load_crypto_strings(); ]])], 2996 [ 2997 AC_MSG_RESULT([yes]) 2998 CHANNELLIBS="$CHANNELLIBS -ldl" 2999 ], 3000 [ 3001 AC_MSG_RESULT([no]) 3002 ] 3003 ) 3004 ] 3005 ) 3006 3007 AC_CHECK_FUNCS([ \ 3008 BN_is_prime_ex \ 3009 DES_crypt \ 3010 DSA_generate_parameters_ex \ 3011 EVP_DigestFinal_ex \ 3012 EVP_DigestInit_ex \ 3013 EVP_MD_CTX_cleanup \ 3014 EVP_MD_CTX_copy_ex \ 3015 EVP_MD_CTX_init \ 3016 HMAC_CTX_init \ 3017 RSA_generate_key_ex \ 3018 RSA_get_default_method \ 3019 ]) 3020 3021 # OpenSSL_add_all_algorithms may be a macro. 3022 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 3023 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 3024 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 3025 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 3026 [[#include <openssl/evp.h>]] 3027 ) 3028 ) 3029 3030 # LibreSSL/OpenSSL API differences 3031 AC_CHECK_FUNCS([ \ 3032 EVP_CIPHER_CTX_iv \ 3033 EVP_CIPHER_CTX_iv_noconst \ 3034 EVP_CIPHER_CTX_get_iv \ 3035 EVP_CIPHER_CTX_get_updated_iv \ 3036 EVP_CIPHER_CTX_set_iv \ 3037 ]) 3038 3039 if test "x$openssl_engine" = "xyes" ; then 3040 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3041 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3042 #include <openssl/engine.h> 3043 ]], [[ 3044 ENGINE_load_builtin_engines(); 3045 ENGINE_register_all_complete(); 3046 ]])], 3047 [ AC_MSG_RESULT([yes]) 3048 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3049 [Enable OpenSSL engine support]) 3050 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3051 ]) 3052 fi 3053 3054 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3055 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 3056 AC_LINK_IFELSE( 3057 [AC_LANG_PROGRAM([[ 3058 #include <stdlib.h> 3059 #include <string.h> 3060 #include <openssl/evp.h> 3061 ]], [[ 3062 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3063 ]])], 3064 [ 3065 AC_MSG_RESULT([no]) 3066 ], 3067 [ 3068 AC_MSG_RESULT([yes]) 3069 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3070 [libcrypto is missing AES 192 and 256 bit functions]) 3071 ] 3072 ) 3073 3074 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3075 AC_LINK_IFELSE( 3076 [AC_LANG_PROGRAM([[ 3077 #include <stdlib.h> 3078 #include <string.h> 3079 #include <openssl/evp.h> 3080 ]], [[ 3081 if(EVP_DigestUpdate(NULL, NULL,0)) 3082 exit(0); 3083 ]])], 3084 [ 3085 AC_MSG_RESULT([yes]) 3086 ], 3087 [ 3088 AC_MSG_RESULT([no]) 3089 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3090 [Define if EVP_DigestUpdate returns void]) 3091 ] 3092 ) 3093 3094 # Check for various EVP support in OpenSSL 3095 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) 3096 3097 # Check complete ECC support in OpenSSL 3098 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3099 AC_LINK_IFELSE( 3100 [AC_LANG_PROGRAM([[ 3101 #include <openssl/ec.h> 3102 #include <openssl/ecdh.h> 3103 #include <openssl/ecdsa.h> 3104 #include <openssl/evp.h> 3105 #include <openssl/objects.h> 3106 #include <openssl/opensslv.h> 3107 ]], [[ 3108 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3109 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3110 ]])], 3111 [ AC_MSG_RESULT([yes]) 3112 enable_nistp256=1 ], 3113 [ AC_MSG_RESULT([no]) ] 3114 ) 3115 3116 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3117 AC_LINK_IFELSE( 3118 [AC_LANG_PROGRAM([[ 3119 #include <openssl/ec.h> 3120 #include <openssl/ecdh.h> 3121 #include <openssl/ecdsa.h> 3122 #include <openssl/evp.h> 3123 #include <openssl/objects.h> 3124 #include <openssl/opensslv.h> 3125 ]], [[ 3126 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3127 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3128 ]])], 3129 [ AC_MSG_RESULT([yes]) 3130 enable_nistp384=1 ], 3131 [ AC_MSG_RESULT([no]) ] 3132 ) 3133 3134 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3135 AC_LINK_IFELSE( 3136 [AC_LANG_PROGRAM([[ 3137 #include <openssl/ec.h> 3138 #include <openssl/ecdh.h> 3139 #include <openssl/ecdsa.h> 3140 #include <openssl/evp.h> 3141 #include <openssl/objects.h> 3142 #include <openssl/opensslv.h> 3143 ]], [[ 3144 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3145 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3146 ]])], 3147 [ AC_MSG_RESULT([yes]) 3148 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3149 AC_RUN_IFELSE( 3150 [AC_LANG_PROGRAM([[ 3151 #include <stdlib.h> 3152 #include <openssl/ec.h> 3153 #include <openssl/ecdh.h> 3154 #include <openssl/ecdsa.h> 3155 #include <openssl/evp.h> 3156 #include <openssl/objects.h> 3157 #include <openssl/opensslv.h> 3158 ]],[[ 3159 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3160 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3161 exit(e == NULL || m == NULL); 3162 ]])], 3163 [ AC_MSG_RESULT([yes]) 3164 enable_nistp521=1 ], 3165 [ AC_MSG_RESULT([no]) ], 3166 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3167 enable_nistp521=1 ] 3168 )], 3169 AC_MSG_RESULT([no]) 3170 ) 3171 3172 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3173 test x$enable_nistp521 = x1; then 3174 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3175 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3176 openssl_ecc=yes 3177 else 3178 openssl_ecc=no 3179 fi 3180 if test x$enable_nistp256 = x1; then 3181 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3182 [libcrypto has NID_X9_62_prime256v1]) 3183 else 3184 unsupported_algorithms="$unsupported_algorithms \ 3185 ecdsa-sha2-nistp256 \ 3186 ecdh-sha2-nistp256 \ 3187 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3188 fi 3189 if test x$enable_nistp384 = x1; then 3190 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3191 else 3192 unsupported_algorithms="$unsupported_algorithms \ 3193 ecdsa-sha2-nistp384 \ 3194 ecdh-sha2-nistp384 \ 3195 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3196 fi 3197 if test x$enable_nistp521 = x1; then 3198 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3199 else 3200 unsupported_algorithms="$unsupported_algorithms \ 3201 ecdh-sha2-nistp521 \ 3202 ecdsa-sha2-nistp521 \ 3203 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3204 fi 3205 3206 # Check libcrypto ED25519 support 3207 AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key]) 3208 AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key]) 3209 AC_MSG_CHECKING([whether OpenSSL has ED25519 support]) 3210 AC_LINK_IFELSE( 3211 [AC_LANG_PROGRAM([[ 3212 #include <string.h> 3213 #include <openssl/evp.h> 3214 ]], [[ 3215 unsigned char buf[64]; 3216 memset(buf, 0, sizeof(buf)); 3217 exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, 3218 buf, sizeof(buf)) == NULL); 3219 ]])], 3220 [ 3221 AC_MSG_RESULT([yes]) 3222 AC_DEFINE([OPENSSL_HAS_ED25519], [1], 3223 [libcrypto has ed25519 support]) 3224 ], 3225 [ 3226 AC_MSG_RESULT([no]) 3227 ] 3228 ) 3229fi 3230 3231# PKCS11/U2F depend on OpenSSL and dlopen(). 3232enable_pkcs11=yes 3233enable_sk=yes 3234if test "x$openssl" != "xyes" ; then 3235 enable_pkcs11="disabled; missing libcrypto" 3236fi 3237if test "x$ac_cv_func_dlopen" != "xyes" ; then 3238 enable_pkcs11="disabled; missing dlopen(3)" 3239 enable_sk="disabled; missing dlopen(3)" 3240fi 3241if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3242 enable_pkcs11="disabled; missing RTLD_NOW" 3243 enable_sk="disabled; missing RTLD_NOW" 3244fi 3245if test ! -z "$disable_pkcs11" ; then 3246 enable_pkcs11="disabled by user" 3247fi 3248if test ! -z "$disable_sk" ; then 3249 enable_sk="disabled by user" 3250fi 3251 3252AC_MSG_CHECKING([whether to enable PKCS11]) 3253if test "x$enable_pkcs11" = "xyes" ; then 3254 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3255fi 3256AC_MSG_RESULT([$enable_pkcs11]) 3257 3258AC_MSG_CHECKING([whether to enable U2F]) 3259if test "x$enable_sk" = "xyes" ; then 3260 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3261 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3262else 3263 # Do not try to build sk-dummy library. 3264 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3265fi 3266AC_MSG_RESULT([$enable_sk]) 3267 3268# Now check for built-in security key support. 3269if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3270 use_pkgconfig_for_libfido2= 3271 if test "x$PKGCONFIG" != "xno"; then 3272 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3273 if "$PKGCONFIG" libfido2; then 3274 AC_MSG_RESULT([yes]) 3275 use_pkgconfig_for_libfido2=yes 3276 else 3277 AC_MSG_RESULT([no]) 3278 fi 3279 fi 3280 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3281 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3282 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3283 else 3284 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3285 fi 3286 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3287 fido2_error= 3288 AC_CHECK_LIB([privatefido2], [fido_init], 3289 [ ], 3290 [ fido2_error="missing/unusable libfido2" ], 3291 [ $OTHERLIBS ] 3292 ) 3293 AC_CHECK_HEADER([fido.h], [], 3294 [ fido2_error="missing fido.h from libfido2" ]) 3295 AC_CHECK_HEADER([fido/credman.h], [], 3296 [ fido2_error="missing fido/credman.h from libfido2" ], 3297 [ #include <fido.h> ] 3298 ) 3299 AC_MSG_CHECKING([for usable libfido2 installation]) 3300 if test ! -z "$fido2_error" ; then 3301 AC_MSG_RESULT([$fido2_error]) 3302 if test "x$enable_sk_internal" = "xyes" ; then 3303 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3304 fi 3305 LIBFIDO2="" 3306 else 3307 AC_MSG_RESULT([yes]) 3308 AC_SUBST([LIBFIDO2]) 3309 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3310 [Enable for built-in U2F/FIDO support]) 3311 enable_sk="built-in" 3312 saved_LIBS="$LIBS" 3313 LIBS="$LIBFIDO2 $LIBS" 3314 AC_CHECK_FUNCS([ \ 3315 fido_assert_set_clientdata \ 3316 fido_cred_prot \ 3317 fido_cred_set_prot \ 3318 fido_cred_set_clientdata \ 3319 fido_dev_get_touch_begin \ 3320 fido_dev_get_touch_status \ 3321 fido_dev_supports_cred_prot \ 3322 fido_dev_is_winhello \ 3323 ]) 3324 LIBS="$saved_LIBS" 3325 fi 3326fi 3327 3328AC_CHECK_FUNCS([ \ 3329 arc4random \ 3330 arc4random_buf \ 3331 arc4random_stir \ 3332 arc4random_uniform \ 3333]) 3334### Configure cryptographic random number support 3335 3336# Check whether OpenSSL seeds itself 3337if test "x$openssl" = "xyes" ; then 3338 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3339 AC_RUN_IFELSE( 3340 [AC_LANG_PROGRAM([[ 3341 #include <stdlib.h> 3342 #include <string.h> 3343 #include <openssl/rand.h> 3344 ]], [[ 3345 exit(RAND_status() == 1 ? 0 : 1); 3346 ]])], 3347 [ 3348 OPENSSL_SEEDS_ITSELF=yes 3349 AC_MSG_RESULT([yes]) 3350 ], 3351 [ 3352 AC_MSG_RESULT([no]) 3353 ], 3354 [ 3355 AC_MSG_WARN([cross compiling: assuming yes]) 3356 # This is safe, since we will fatal() at runtime if 3357 # OpenSSL is not seeded correctly. 3358 OPENSSL_SEEDS_ITSELF=yes 3359 ] 3360 ) 3361fi 3362 3363# PRNGD TCP socket 3364AC_ARG_WITH([prngd-port], 3365 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3366 [ 3367 case "$withval" in 3368 no) 3369 withval="" 3370 ;; 3371 [[0-9]]*) 3372 ;; 3373 *) 3374 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3375 ;; 3376 esac 3377 if test ! -z "$withval" ; then 3378 PRNGD_PORT="$withval" 3379 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3380 [Port number of PRNGD/EGD random number socket]) 3381 fi 3382 ] 3383) 3384 3385# PRNGD Unix domain socket 3386AC_ARG_WITH([prngd-socket], 3387 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3388 [ 3389 case "$withval" in 3390 yes) 3391 withval="/var/run/egd-pool" 3392 ;; 3393 no) 3394 withval="" 3395 ;; 3396 /*) 3397 ;; 3398 *) 3399 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3400 ;; 3401 esac 3402 3403 if test ! -z "$withval" ; then 3404 if test ! -z "$PRNGD_PORT" ; then 3405 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3406 fi 3407 if test ! -r "$withval" ; then 3408 AC_MSG_WARN([Entropy socket is not readable]) 3409 fi 3410 PRNGD_SOCKET="$withval" 3411 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3412 [Location of PRNGD/EGD random number socket]) 3413 fi 3414 ], 3415 [ 3416 # Check for existing socket only if we don't have a random device already 3417 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3418 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3419 # Insert other locations here 3420 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3421 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3422 PRNGD_SOCKET="$sock" 3423 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3424 break; 3425 fi 3426 done 3427 if test ! -z "$PRNGD_SOCKET" ; then 3428 AC_MSG_RESULT([$PRNGD_SOCKET]) 3429 else 3430 AC_MSG_RESULT([not found]) 3431 fi 3432 fi 3433 ] 3434) 3435 3436# Which randomness source do we use? 3437if test ! -z "$PRNGD_PORT" ; then 3438 RAND_MSG="PRNGd port $PRNGD_PORT" 3439elif test ! -z "$PRNGD_SOCKET" ; then 3440 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3441elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3442 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3443 [Define if you want the OpenSSL internally seeded PRNG only]) 3444 RAND_MSG="OpenSSL internal ONLY" 3445elif test "x$openssl" = "xno" ; then 3446 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3447else 3448 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3449fi 3450LIBS="$nocrypto_saved_LIBS" 3451 3452saved_LIBS="$LIBS" 3453AC_CHECK_LIB([iaf], [ia_openinfo], [ 3454 LIBS="$LIBS -liaf" 3455 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3456 AC_DEFINE([HAVE_LIBIAF], [1], 3457 [Define if system has libiaf that supports set_id]) 3458 ]) 3459]) 3460LIBS="$saved_LIBS" 3461 3462# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3463saved_LIBS="$LIBS" 3464AC_CHECK_LIB([crypt], [crypt], [ 3465 LIBS="-lcrypt $LIBS" 3466 SSHDLIBS="-lcrypt $SSHDLIBS" 3467]) 3468AC_CHECK_FUNCS([crypt]) 3469LIBS="$saved_LIBS" 3470 3471# Check for PAM libs 3472PAM_MSG="no" 3473AC_ARG_WITH([pam], 3474 [ --with-pam Enable PAM support ], 3475 [ 3476 if test "x$withval" != "xno" ; then 3477 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3478 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3479 AC_MSG_ERROR([PAM headers not found]) 3480 fi 3481 3482 saved_LIBS="$LIBS" 3483 AC_CHECK_LIB([dl], [dlopen], , ) 3484 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3485 AC_CHECK_FUNCS([pam_getenvlist]) 3486 AC_CHECK_FUNCS([pam_putenv]) 3487 LIBS="$saved_LIBS" 3488 3489 PAM_MSG="yes" 3490 3491 SSHDLIBS="$SSHDLIBS -lpam" 3492 AC_DEFINE([USE_PAM], [1], 3493 [Define if you want to enable PAM support]) 3494 3495 if test $ac_cv_lib_dl_dlopen = yes; then 3496 case "$LIBS" in 3497 *-ldl*) 3498 # libdl already in LIBS 3499 ;; 3500 *) 3501 SSHDLIBS="$SSHDLIBS -ldl" 3502 ;; 3503 esac 3504 fi 3505 fi 3506 ] 3507) 3508 3509AC_ARG_WITH([pam-service], 3510 [ --with-pam-service=name Specify PAM service name ], 3511 [ 3512 if test "x$withval" != "xno" && \ 3513 test "x$withval" != "xyes" ; then 3514 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3515 ["$withval"], [sshd PAM service name]) 3516 fi 3517 ] 3518) 3519 3520# Check for older PAM 3521if test "x$PAM_MSG" = "xyes" ; then 3522 # Check PAM strerror arguments (old PAM) 3523 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3524 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3525#include <stdlib.h> 3526#if defined(HAVE_SECURITY_PAM_APPL_H) 3527#include <security/pam_appl.h> 3528#elif defined (HAVE_PAM_PAM_APPL_H) 3529#include <pam/pam_appl.h> 3530#endif 3531 ]], [[ 3532(void)pam_strerror((pam_handle_t *)NULL, -1); 3533 ]])], [AC_MSG_RESULT([no])], [ 3534 AC_DEFINE([HAVE_OLD_PAM], [1], 3535 [Define if you have an old version of PAM 3536 which takes only one argument to pam_strerror]) 3537 AC_MSG_RESULT([yes]) 3538 PAM_MSG="yes (old library)" 3539 3540 ]) 3541fi 3542 3543case "$host" in 3544*-*-cygwin*) 3545 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3546 ;; 3547*) 3548 SSH_PRIVSEP_USER=sshd 3549 ;; 3550esac 3551AC_ARG_WITH([privsep-user], 3552 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3553 [ 3554 if test -n "$withval" && test "x$withval" != "xno" && \ 3555 test "x${withval}" != "xyes"; then 3556 SSH_PRIVSEP_USER=$withval 3557 fi 3558 ] 3559) 3560if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3561 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3562 [Cygwin function to fetch non-privileged user for privilege separation]) 3563else 3564 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3565 [non-privileged user for privilege separation]) 3566fi 3567AC_SUBST([SSH_PRIVSEP_USER]) 3568 3569if test "x$have_linux_no_new_privs" = "x1" ; then 3570AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3571 #include <sys/types.h> 3572 #include <linux/seccomp.h> 3573]) 3574fi 3575if test "x$have_seccomp_filter" = "x1" ; then 3576AC_MSG_CHECKING([kernel for seccomp_filter support]) 3577AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3578 #include <errno.h> 3579 #include <elf.h> 3580 #include <linux/audit.h> 3581 #include <linux/seccomp.h> 3582 #include <stdlib.h> 3583 #include <sys/prctl.h> 3584 ]], 3585 [[ int i = $seccomp_audit_arch; 3586 errno = 0; 3587 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3588 exit(errno == EFAULT ? 0 : 1); ]])], 3589 [ AC_MSG_RESULT([yes]) ], [ 3590 AC_MSG_RESULT([no]) 3591 # Disable seccomp filter as a target 3592 have_seccomp_filter=0 3593 ] 3594) 3595fi 3596 3597AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3598#include <sys/types.h> 3599#ifdef HAVE_POLL_H 3600#include <poll.h> 3601#endif 3602#ifdef HAVE_SYS_POLL_H 3603#include <sys/poll.h> 3604#endif 3605]]) 3606 3607AC_CHECK_TYPES([nfds_t], , , [ 3608#include <sys/types.h> 3609#ifdef HAVE_POLL_H 3610#include <poll.h> 3611#endif 3612#ifdef HAVE_SYS_POLL_H 3613#include <sys/poll.h> 3614#endif 3615]) 3616 3617# Decide which sandbox style to use 3618sandbox_arg="" 3619AC_ARG_WITH([sandbox], 3620 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3621 [ 3622 if test "x$withval" = "xyes" ; then 3623 sandbox_arg="" 3624 else 3625 sandbox_arg="$withval" 3626 fi 3627 ] 3628) 3629 3630if test "x$sandbox_arg" != "xno"; then 3631# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3632# is greater than OPEN_MAX". On some platforms that includes implementions 3633# of select in userspace on top of poll() so check both work with rlimit 3634# NOFILES so check that both work before enabling the rlimit sandbox. 3635 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3636 AC_RUN_IFELSE( 3637 [AC_LANG_PROGRAM([[ 3638#include <sys/types.h> 3639#ifdef HAVE_SYS_TIME_H 3640# include <sys/time.h> 3641#endif 3642#include <sys/resource.h> 3643#ifdef HAVE_SYS_SELECT_H 3644# include <sys/select.h> 3645#endif 3646#ifdef HAVE_POLL_H 3647# include <poll.h> 3648#elif HAVE_SYS_POLL_H 3649# include <sys/poll.h> 3650#endif 3651#include <errno.h> 3652#include <fcntl.h> 3653#include <stdlib.h> 3654 ]],[[ 3655 struct rlimit rl_zero; 3656 int fd, r; 3657 fd_set fds; 3658 struct timeval tv; 3659#ifdef HAVE_POLL 3660 struct pollfd pfd; 3661#endif 3662 3663 fd = open("/dev/null", O_RDONLY); 3664 FD_ZERO(&fds); 3665 FD_SET(fd, &fds); 3666 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3667 setrlimit(RLIMIT_FSIZE, &rl_zero); 3668 setrlimit(RLIMIT_NOFILE, &rl_zero); 3669 tv.tv_sec = 1; 3670 tv.tv_usec = 0; 3671 r = select(fd+1, &fds, NULL, NULL, &tv); 3672 if (r == -1) 3673 exit(1); 3674#ifdef HAVE_POLL 3675 pfd.fd = fd; 3676 pfd.events = POLLIN; 3677 r = poll(&pfd, 1, 1); 3678 if (r == -1) 3679 exit(2); 3680#endif 3681 exit(0); 3682 ]])], 3683 [AC_MSG_RESULT([yes]) 3684 select_works_with_rlimit=yes], 3685 [AC_MSG_RESULT([no]) 3686 select_works_with_rlimit=no], 3687 [AC_MSG_WARN([cross compiling: assuming no]) 3688 select_works_with_rlimit=no] 3689 ) 3690 3691 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3692 AC_RUN_IFELSE( 3693 [AC_LANG_PROGRAM([[ 3694#include <sys/types.h> 3695#ifdef HAVE_SYS_TIME_H 3696# include <sys/time.h> 3697#endif 3698#include <sys/resource.h> 3699#include <errno.h> 3700#include <stdlib.h> 3701 ]],[[ 3702 struct rlimit rl_zero; 3703 int r; 3704 3705 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3706 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3707 exit (r == -1 ? 1 : 0); 3708 ]])], 3709 [AC_MSG_RESULT([yes]) 3710 rlimit_nofile_zero_works=yes], 3711 [AC_MSG_RESULT([no]) 3712 rlimit_nofile_zero_works=no], 3713 [AC_MSG_WARN([cross compiling: assuming yes]) 3714 rlimit_nofile_zero_works=yes] 3715 ) 3716 3717 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3718 AC_RUN_IFELSE( 3719 [AC_LANG_PROGRAM([[ 3720#include <sys/types.h> 3721#include <sys/resource.h> 3722#include <stdlib.h> 3723 ]],[[ 3724 struct rlimit rl_zero; 3725 3726 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3727 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3728 ]])], 3729 [AC_MSG_RESULT([yes])], 3730 [AC_MSG_RESULT([no]) 3731 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3732 [setrlimit RLIMIT_FSIZE works])], 3733 [AC_MSG_WARN([cross compiling: assuming yes])] 3734 ) 3735fi 3736 3737if test "x$sandbox_arg" = "xpledge" || \ 3738 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3739 test "x$ac_cv_func_pledge" != "xyes" && \ 3740 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3741 SANDBOX_STYLE="pledge" 3742 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3743elif test "x$sandbox_arg" = "xsystrace" || \ 3744 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3745 test "x$have_systr_policy_kill" != "x1" && \ 3746 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3747 SANDBOX_STYLE="systrace" 3748 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3749elif test "x$sandbox_arg" = "xdarwin" || \ 3750 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3751 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3752 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3753 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3754 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3755 SANDBOX_STYLE="darwin" 3756 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3757elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3758 ( test -z "$sandbox_arg" && \ 3759 test "x$have_seccomp_filter" = "x1" && \ 3760 test "x$ac_cv_header_elf_h" = "xyes" && \ 3761 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3762 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3763 test "x$seccomp_audit_arch" != "x" && \ 3764 test "x$have_linux_no_new_privs" = "x1" && \ 3765 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3766 test "x$seccomp_audit_arch" = "x" && \ 3767 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3768 test "x$have_linux_no_new_privs" != "x1" && \ 3769 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3770 test "x$have_seccomp_filter" != "x1" && \ 3771 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3772 test "x$ac_cv_func_prctl" != "xyes" && \ 3773 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3774 SANDBOX_STYLE="seccomp_filter" 3775 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3776elif test "x$sandbox_arg" = "xcapsicum" || \ 3777 ( test -z "$sandbox_arg" && \ 3778 test "x$disable_capsicum" != "xyes" && \ 3779 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3780 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3781 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3782 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3783 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3784 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3785 SANDBOX_STYLE="capsicum" 3786 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3787elif test "x$sandbox_arg" = "xrlimit" || \ 3788 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3789 test "x$select_works_with_rlimit" = "xyes" && \ 3790 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3791 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3792 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3793 test "x$select_works_with_rlimit" != "xyes" && \ 3794 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3795 SANDBOX_STYLE="rlimit" 3796 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3797elif test "x$sandbox_arg" = "xsolaris" || \ 3798 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3799 SANDBOX_STYLE="solaris" 3800 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3801elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3802 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3803 SANDBOX_STYLE="none" 3804 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3805else 3806 AC_MSG_ERROR([unsupported --with-sandbox]) 3807fi 3808 3809# Cheap hack to ensure NEWS-OS libraries are arranged right. 3810if test ! -z "$SONY" ; then 3811 LIBS="$LIBS -liberty"; 3812fi 3813 3814# Check for long long datatypes 3815AC_CHECK_TYPES([long long, unsigned long long, long double]) 3816 3817# Check datatype sizes 3818AC_CHECK_SIZEOF([short int]) 3819AC_CHECK_SIZEOF([int]) 3820AC_CHECK_SIZEOF([long int]) 3821AC_CHECK_SIZEOF([long long int]) 3822AC_CHECK_SIZEOF([time_t], [], [[ 3823 #include <sys/types.h> 3824 #ifdef HAVE_SYS_TIME_H 3825 # include <sys/time.h> 3826 #endif 3827 #ifdef HAVE_TIME_H 3828 # include <time.h> 3829 #endif 3830 ]] 3831) 3832 3833# Sanity check long long for some platforms (AIX) 3834if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3835 ac_cv_sizeof_long_long_int=0 3836fi 3837 3838# compute LLONG_MIN and LLONG_MAX if we don't know them. 3839if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3840 AC_MSG_CHECKING([for max value of long long]) 3841 AC_RUN_IFELSE( 3842 [AC_LANG_PROGRAM([[ 3843#include <stdio.h> 3844#include <stdlib.h> 3845/* Why is this so damn hard? */ 3846#ifdef __GNUC__ 3847# undef __GNUC__ 3848#endif 3849#define __USE_ISOC99 3850#include <limits.h> 3851#define DATA "conftest.llminmax" 3852#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3853 3854/* 3855 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3856 * we do this the hard way. 3857 */ 3858static int 3859fprint_ll(FILE *f, long long n) 3860{ 3861 unsigned int i; 3862 int l[sizeof(long long) * 8]; 3863 3864 if (n < 0) 3865 if (fprintf(f, "-") < 0) 3866 return -1; 3867 for (i = 0; n != 0; i++) { 3868 l[i] = my_abs(n % 10); 3869 n /= 10; 3870 } 3871 do { 3872 if (fprintf(f, "%d", l[--i]) < 0) 3873 return -1; 3874 } while (i != 0); 3875 if (fprintf(f, " ") < 0) 3876 return -1; 3877 return 0; 3878} 3879 ]], [[ 3880 FILE *f; 3881 long long i, llmin, llmax = 0; 3882 3883 if((f = fopen(DATA,"w")) == NULL) 3884 exit(1); 3885 3886#if defined(LLONG_MIN) && defined(LLONG_MAX) 3887 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3888 llmin = LLONG_MIN; 3889 llmax = LLONG_MAX; 3890#else 3891 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3892 /* This will work on one's complement and two's complement */ 3893 for (i = 1; i > llmax; i <<= 1, i++) 3894 llmax = i; 3895 llmin = llmax + 1LL; /* wrap */ 3896#endif 3897 3898 /* Sanity check */ 3899 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3900 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3901 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3902 fprintf(f, "unknown unknown\n"); 3903 exit(2); 3904 } 3905 3906 if (fprint_ll(f, llmin) < 0) 3907 exit(3); 3908 if (fprint_ll(f, llmax) < 0) 3909 exit(4); 3910 if (fclose(f) < 0) 3911 exit(5); 3912 exit(0); 3913 ]])], 3914 [ 3915 llong_min=`$AWK '{print $1}' conftest.llminmax` 3916 llong_max=`$AWK '{print $2}' conftest.llminmax` 3917 3918 AC_MSG_RESULT([$llong_max]) 3919 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3920 [max value of long long calculated by configure]) 3921 AC_MSG_CHECKING([for min value of long long]) 3922 AC_MSG_RESULT([$llong_min]) 3923 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3924 [min value of long long calculated by configure]) 3925 ], 3926 [ 3927 AC_MSG_RESULT([not found]) 3928 ], 3929 [ 3930 AC_MSG_WARN([cross compiling: not checking]) 3931 ] 3932 ) 3933fi 3934 3935AC_CHECK_DECLS([UINT32_MAX], , , [[ 3936#ifdef HAVE_SYS_LIMITS_H 3937# include <sys/limits.h> 3938#endif 3939#ifdef HAVE_LIMITS_H 3940# include <limits.h> 3941#endif 3942#ifdef HAVE_STDINT_H 3943# include <stdint.h> 3944#endif 3945]]) 3946 3947# More checks for data types 3948AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3949 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3950 [[ u_int a; a = 1;]])], 3951 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3952 ]) 3953]) 3954if test "x$ac_cv_have_u_int" = "xyes" ; then 3955 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3956 have_u_int=1 3957fi 3958 3959AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3960 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3961 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3962 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3963 ]) 3964]) 3965if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3966 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3967 have_intxx_t=1 3968fi 3969 3970if (test -z "$have_intxx_t" && \ 3971 test "x$ac_cv_header_stdint_h" = "xyes") 3972then 3973 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3974 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3975 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3976 [ 3977 AC_DEFINE([HAVE_INTXX_T]) 3978 AC_MSG_RESULT([yes]) 3979 ], [ AC_MSG_RESULT([no]) 3980 ]) 3981fi 3982 3983AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3984 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3985#include <sys/types.h> 3986#ifdef HAVE_STDINT_H 3987# include <stdint.h> 3988#endif 3989#include <sys/socket.h> 3990#ifdef HAVE_SYS_BITYPES_H 3991# include <sys/bitypes.h> 3992#endif 3993 ]], [[ 3994int64_t a; a = 1; 3995 ]])], 3996 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3997 ]) 3998]) 3999if test "x$ac_cv_have_int64_t" = "xyes" ; then 4000 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 4001fi 4002 4003AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 4004 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4005 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4006 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 4007 ]) 4008]) 4009if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 4010 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 4011 have_u_intxx_t=1 4012fi 4013 4014if test -z "$have_u_intxx_t" ; then 4015 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 4016 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 4017 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4018 [ 4019 AC_DEFINE([HAVE_U_INTXX_T]) 4020 AC_MSG_RESULT([yes]) 4021 ], [ AC_MSG_RESULT([no]) 4022 ]) 4023fi 4024 4025AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4026 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4027 [[ u_int64_t a; a = 1;]])], 4028 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4029 ]) 4030]) 4031if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4032 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4033 have_u_int64_t=1 4034fi 4035 4036if (test -z "$have_u_int64_t" && \ 4037 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4038then 4039 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4040 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4041 [[ u_int64_t a; a = 1]])], 4042 [ 4043 AC_DEFINE([HAVE_U_INT64_T]) 4044 AC_MSG_RESULT([yes]) 4045 ], [ AC_MSG_RESULT([no]) 4046 ]) 4047fi 4048 4049if test -z "$have_u_intxx_t" ; then 4050 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4052#include <sys/types.h> 4053 ]], [[ 4054 uint8_t a; 4055 uint16_t b; 4056 uint32_t c; 4057 a = b = c = 1; 4058 ]])], 4059 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4060 ]) 4061 ]) 4062 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4063 AC_DEFINE([HAVE_UINTXX_T], [1], 4064 [define if you have uintxx_t data type]) 4065 fi 4066fi 4067 4068if (test -z "$have_uintxx_t" && \ 4069 test "x$ac_cv_header_stdint_h" = "xyes") 4070then 4071 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4072 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4073 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4074 [ 4075 AC_DEFINE([HAVE_UINTXX_T]) 4076 AC_MSG_RESULT([yes]) 4077 ], [ AC_MSG_RESULT([no]) 4078 ]) 4079fi 4080 4081if (test -z "$have_uintxx_t" && \ 4082 test "x$ac_cv_header_inttypes_h" = "xyes") 4083then 4084 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4085 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4086 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4087 [ 4088 AC_DEFINE([HAVE_UINTXX_T]) 4089 AC_MSG_RESULT([yes]) 4090 ], [ AC_MSG_RESULT([no]) 4091 ]) 4092fi 4093 4094if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4095 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4096then 4097 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4098 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4099#include <sys/bitypes.h> 4100 ]], [[ 4101 int8_t a; int16_t b; int32_t c; 4102 u_int8_t e; u_int16_t f; u_int32_t g; 4103 a = b = c = e = f = g = 1; 4104 ]])], 4105 [ 4106 AC_DEFINE([HAVE_U_INTXX_T]) 4107 AC_DEFINE([HAVE_INTXX_T]) 4108 AC_MSG_RESULT([yes]) 4109 ], [AC_MSG_RESULT([no]) 4110 ]) 4111fi 4112 4113 4114AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4115 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4116 [[ u_char foo; foo = 125; ]])], 4117 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4118 ]) 4119]) 4120if test "x$ac_cv_have_u_char" = "xyes" ; then 4121 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4122fi 4123 4124AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4125#include <sys/types.h> 4126#ifdef HAVE_STDINT_H 4127# include <stdint.h> 4128#endif 4129]) 4130 4131TYPE_SOCKLEN_T 4132 4133AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4134AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4135#include <sys/types.h> 4136#ifdef HAVE_SYS_BITYPES_H 4137#include <sys/bitypes.h> 4138#endif 4139#ifdef HAVE_SYS_STATFS_H 4140#include <sys/statfs.h> 4141#endif 4142#ifdef HAVE_SYS_STATVFS_H 4143#include <sys/statvfs.h> 4144#endif 4145]) 4146 4147AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4148#include <sys/param.h> 4149#include <sys/types.h> 4150#ifdef HAVE_SYS_BITYPES_H 4151#include <sys/bitypes.h> 4152#endif 4153#ifdef HAVE_SYS_STATFS_H 4154#include <sys/statfs.h> 4155#endif 4156#ifdef HAVE_SYS_STATVFS_H 4157#include <sys/statvfs.h> 4158#endif 4159#ifdef HAVE_SYS_VFS_H 4160#include <sys/vfs.h> 4161#endif 4162#ifdef HAVE_SYS_MOUNT_H 4163#include <sys/mount.h> 4164#endif 4165]]) 4166 4167 4168AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4169[#include <sys/types.h> 4170#include <netinet/in.h>]) 4171 4172AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4173 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4174 [[ size_t foo; foo = 1235; ]])], 4175 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4176 ]) 4177]) 4178if test "x$ac_cv_have_size_t" = "xyes" ; then 4179 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4180fi 4181 4182AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4183 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4184 [[ ssize_t foo; foo = 1235; ]])], 4185 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4186 ]) 4187]) 4188if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4189 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4190fi 4191 4192AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4193 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4194 [[ clock_t foo; foo = 1235; ]])], 4195 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4196 ]) 4197]) 4198if test "x$ac_cv_have_clock_t" = "xyes" ; then 4199 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4200fi 4201 4202AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4203 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4204#include <sys/types.h> 4205#include <sys/socket.h> 4206 ]], [[ sa_family_t foo; foo = 1235; ]])], 4207 [ ac_cv_have_sa_family_t="yes" ], 4208 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4209#include <sys/types.h> 4210#include <sys/socket.h> 4211#include <netinet/in.h> 4212 ]], [[ sa_family_t foo; foo = 1235; ]])], 4213 [ ac_cv_have_sa_family_t="yes" ], 4214 [ ac_cv_have_sa_family_t="no" ] 4215 ) 4216 ]) 4217]) 4218if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4219 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4220 [define if you have sa_family_t data type]) 4221fi 4222 4223AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4224 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4225 [[ pid_t foo; foo = 1235; ]])], 4226 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4227 ]) 4228]) 4229if test "x$ac_cv_have_pid_t" = "xyes" ; then 4230 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4231fi 4232 4233AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4234 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4235 [[ mode_t foo; foo = 1235; ]])], 4236 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4237 ]) 4238]) 4239if test "x$ac_cv_have_mode_t" = "xyes" ; then 4240 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4241fi 4242 4243 4244AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4245 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4246#include <sys/types.h> 4247#include <sys/socket.h> 4248 ]], [[ struct sockaddr_storage s; ]])], 4249 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4250 [ ac_cv_have_struct_sockaddr_storage="no" 4251 ]) 4252]) 4253if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4254 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4255 [define if you have struct sockaddr_storage data type]) 4256fi 4257 4258AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4259 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4260#include <sys/types.h> 4261#include <netinet/in.h> 4262 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4263 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4264 [ ac_cv_have_struct_sockaddr_in6="no" 4265 ]) 4266]) 4267if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4268 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4269 [define if you have struct sockaddr_in6 data type]) 4270fi 4271 4272AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4273 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4274#include <sys/types.h> 4275#include <netinet/in.h> 4276 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4277 [ ac_cv_have_struct_in6_addr="yes" ], 4278 [ ac_cv_have_struct_in6_addr="no" 4279 ]) 4280]) 4281if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4282 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4283 [define if you have struct in6_addr data type]) 4284 4285dnl Now check for sin6_scope_id 4286 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4287 [ 4288#ifdef HAVE_SYS_TYPES_H 4289#include <sys/types.h> 4290#endif 4291#include <netinet/in.h> 4292 ]) 4293fi 4294 4295AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4296 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4297#include <sys/types.h> 4298#include <sys/socket.h> 4299#include <netdb.h> 4300 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4301 [ ac_cv_have_struct_addrinfo="yes" ], 4302 [ ac_cv_have_struct_addrinfo="no" 4303 ]) 4304]) 4305if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4306 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4307 [define if you have struct addrinfo data type]) 4308fi 4309 4310AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4311 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4312 [[ struct timeval tv; tv.tv_sec = 1;]])], 4313 [ ac_cv_have_struct_timeval="yes" ], 4314 [ ac_cv_have_struct_timeval="no" 4315 ]) 4316]) 4317if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4318 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4319 have_struct_timeval=1 4320fi 4321 4322AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4323 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4324 #ifdef HAVE_SYS_TIME_H 4325 # include <sys/time.h> 4326 #endif 4327 #ifdef HAVE_TIME_H 4328 # include <time.h> 4329 #endif 4330 ]], 4331 [[ struct timespec ts; ts.tv_sec = 1;]])], 4332 [ ac_cv_have_struct_timespec="yes" ], 4333 [ ac_cv_have_struct_timespec="no" 4334 ]) 4335]) 4336if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4337 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4338 have_struct_timespec=1 4339fi 4340 4341# We need int64_t or else certain parts of the compile will fail. 4342if test "x$ac_cv_have_int64_t" = "xno" && \ 4343 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4344 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4345 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4346 echo "an alternative compiler (I.E., GCC) before continuing." 4347 echo "" 4348 exit 1; 4349else 4350dnl test snprintf (broken on SCO w/gcc) 4351 AC_RUN_IFELSE( 4352 [AC_LANG_SOURCE([[ 4353#include <stdio.h> 4354#include <stdlib.h> 4355#include <string.h> 4356#ifdef HAVE_SNPRINTF 4357int main(void) 4358{ 4359 char buf[50]; 4360 char expected_out[50]; 4361 int mazsize = 50 ; 4362#if (SIZEOF_LONG_INT == 8) 4363 long int num = 0x7fffffffffffffff; 4364#else 4365 long long num = 0x7fffffffffffffffll; 4366#endif 4367 strcpy(expected_out, "9223372036854775807"); 4368 snprintf(buf, mazsize, "%lld", num); 4369 if(strcmp(buf, expected_out) != 0) 4370 exit(1); 4371 exit(0); 4372} 4373#else 4374int main(void) { exit(0); } 4375#endif 4376 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4377 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4378 ) 4379fi 4380 4381dnl Checks for structure members 4382OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4383OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4384OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4385OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4386OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4387OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4388OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4389OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4390OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4391OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4392OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4393OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4394OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4395OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4396OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4397OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4398OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4399OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4400 4401AC_CHECK_MEMBERS([struct stat.st_blksize]) 4402AC_CHECK_MEMBERS([struct stat.st_mtim]) 4403AC_CHECK_MEMBERS([struct stat.st_mtime]) 4404AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4405struct passwd.pw_change, struct passwd.pw_expire], 4406[], [], [[ 4407#include <sys/types.h> 4408#include <pwd.h> 4409]]) 4410 4411AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4412 [Define if we don't have struct __res_state in resolv.h])], 4413[[ 4414#include <stdio.h> 4415#if HAVE_SYS_TYPES_H 4416# include <sys/types.h> 4417#endif 4418#include <netinet/in.h> 4419#include <arpa/nameser.h> 4420#include <resolv.h> 4421]]) 4422 4423AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4424 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4425 [], 4426 [AC_LANG_SOURCE([[ 4427#include <sys/types.h> 4428#include <sys/socket.h> 4429#include <netinet/in.h> 4430 ]])] 4431) 4432 4433AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4434 ac_cv_have_ss_family_in_struct_ss, [ 4435 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4436#include <sys/types.h> 4437#include <sys/socket.h> 4438 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4439 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4440 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4441]) 4442if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4443 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4444fi 4445 4446AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4447 ac_cv_have___ss_family_in_struct_ss, [ 4448 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4449#include <sys/types.h> 4450#include <sys/socket.h> 4451 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4452 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4453 [ ac_cv_have___ss_family_in_struct_ss="no" 4454 ]) 4455]) 4456if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4457 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4458 [Fields in struct sockaddr_storage]) 4459fi 4460 4461dnl make sure we're using the real structure members and not defines 4462AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4463 ac_cv_have_accrights_in_msghdr, [ 4464 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4465#include <sys/types.h> 4466#include <sys/socket.h> 4467#include <sys/uio.h> 4468#include <stdlib.h> 4469 ]], [[ 4470#ifdef msg_accrights 4471#error "msg_accrights is a macro" 4472exit(1); 4473#endif 4474struct msghdr m; 4475m.msg_accrights = 0; 4476exit(0); 4477 ]])], 4478 [ ac_cv_have_accrights_in_msghdr="yes" ], 4479 [ ac_cv_have_accrights_in_msghdr="no" ] 4480 ) 4481]) 4482if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4483 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4484 [Define if your system uses access rights style 4485 file descriptor passing]) 4486fi 4487 4488AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4489AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4490#include <sys/param.h> 4491#include <sys/stat.h> 4492#ifdef HAVE_SYS_TIME_H 4493# include <sys/time.h> 4494#endif 4495#ifdef HAVE_SYS_MOUNT_H 4496#include <sys/mount.h> 4497#endif 4498#ifdef HAVE_SYS_STATVFS_H 4499#include <sys/statvfs.h> 4500#endif 4501 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4502 [ AC_MSG_RESULT([yes]) ], 4503 [ AC_MSG_RESULT([no]) 4504 4505 AC_MSG_CHECKING([if fsid_t has member val]) 4506 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4507#include <sys/types.h> 4508#include <sys/statvfs.h> 4509 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4510 [ AC_MSG_RESULT([yes]) 4511 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4512 [ AC_MSG_RESULT([no]) ]) 4513 4514 AC_MSG_CHECKING([if f_fsid has member __val]) 4515 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4516#include <sys/types.h> 4517#include <sys/statvfs.h> 4518 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4519 [ AC_MSG_RESULT([yes]) 4520 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4521 [ AC_MSG_RESULT([no]) ]) 4522]) 4523 4524AC_CACHE_CHECK([for msg_control field in struct msghdr], 4525 ac_cv_have_control_in_msghdr, [ 4526 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4527#include <sys/types.h> 4528#include <sys/socket.h> 4529#include <sys/uio.h> 4530#include <stdlib.h> 4531 ]], [[ 4532#ifdef msg_control 4533#error "msg_control is a macro" 4534exit(1); 4535#endif 4536struct msghdr m; 4537m.msg_control = 0; 4538exit(0); 4539 ]])], 4540 [ ac_cv_have_control_in_msghdr="yes" ], 4541 [ ac_cv_have_control_in_msghdr="no" ] 4542 ) 4543]) 4544if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4545 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4546 [Define if your system uses ancillary data style 4547 file descriptor passing]) 4548fi 4549 4550AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4551 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4552 [[ extern char *__progname; printf("%s", __progname); ]])], 4553 [ ac_cv_libc_defines___progname="yes" ], 4554 [ ac_cv_libc_defines___progname="no" 4555 ]) 4556]) 4557if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4558 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4559fi 4560 4561AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4562 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4563 [[ printf("%s", __FUNCTION__); ]])], 4564 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4565 [ ac_cv_cc_implements___FUNCTION__="no" 4566 ]) 4567]) 4568if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4569 AC_DEFINE([HAVE___FUNCTION__], [1], 4570 [Define if compiler implements __FUNCTION__]) 4571fi 4572 4573AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4574 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4575 [[ printf("%s", __func__); ]])], 4576 [ ac_cv_cc_implements___func__="yes" ], 4577 [ ac_cv_cc_implements___func__="no" 4578 ]) 4579]) 4580if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4581 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4582fi 4583 4584AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4585 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4586#include <stdarg.h> 4587va_list x,y; 4588 ]], [[ va_copy(x,y); ]])], 4589 [ ac_cv_have_va_copy="yes" ], 4590 [ ac_cv_have_va_copy="no" 4591 ]) 4592]) 4593if test "x$ac_cv_have_va_copy" = "xyes" ; then 4594 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4595fi 4596 4597AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4598 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4599#include <stdarg.h> 4600va_list x,y; 4601 ]], [[ __va_copy(x,y); ]])], 4602 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4603 ]) 4604]) 4605if test "x$ac_cv_have___va_copy" = "xyes" ; then 4606 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4607fi 4608 4609AC_CACHE_CHECK([whether getopt has optreset support], 4610 ac_cv_have_getopt_optreset, [ 4611 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4612 [[ extern int optreset; optreset = 0; ]])], 4613 [ ac_cv_have_getopt_optreset="yes" ], 4614 [ ac_cv_have_getopt_optreset="no" 4615 ]) 4616]) 4617if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4618 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4619 [Define if your getopt(3) defines and uses optreset]) 4620fi 4621 4622AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4623 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4624[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4625 [ ac_cv_libc_defines_sys_errlist="yes" ], 4626 [ ac_cv_libc_defines_sys_errlist="no" 4627 ]) 4628]) 4629if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4630 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4631 [Define if your system defines sys_errlist[]]) 4632fi 4633 4634 4635AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4636 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4637[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4638 [ ac_cv_libc_defines_sys_nerr="yes" ], 4639 [ ac_cv_libc_defines_sys_nerr="no" 4640 ]) 4641]) 4642if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4643 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4644fi 4645 4646# Check libraries needed by DNS fingerprint support 4647AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4648 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4649 [Define if getrrsetbyname() exists])], 4650 [ 4651 # Needed by our getrrsetbyname() 4652 AC_SEARCH_LIBS([res_query], [resolv]) 4653 AC_SEARCH_LIBS([dn_expand], [resolv]) 4654 AC_MSG_CHECKING([if res_query will link]) 4655 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4656#include <sys/types.h> 4657#include <netinet/in.h> 4658#include <arpa/nameser.h> 4659#include <netdb.h> 4660#include <resolv.h> 4661 ]], [[ 4662 res_query (0, 0, 0, 0, 0); 4663 ]])], 4664 AC_MSG_RESULT([yes]), 4665 [AC_MSG_RESULT([no]) 4666 saved_LIBS="$LIBS" 4667 LIBS="$LIBS -lresolv" 4668 AC_MSG_CHECKING([for res_query in -lresolv]) 4669 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4670#include <sys/types.h> 4671#include <netinet/in.h> 4672#include <arpa/nameser.h> 4673#include <netdb.h> 4674#include <resolv.h> 4675 ]], [[ 4676 res_query (0, 0, 0, 0, 0); 4677 ]])], 4678 [AC_MSG_RESULT([yes])], 4679 [LIBS="$saved_LIBS" 4680 AC_MSG_RESULT([no])]) 4681 ]) 4682 AC_CHECK_FUNCS([_getshort _getlong]) 4683 AC_CHECK_DECLS([_getshort, _getlong], , , 4684 [#include <sys/types.h> 4685 #include <arpa/nameser.h>]) 4686 AC_CHECK_MEMBER([HEADER.ad], 4687 [AC_DEFINE([HAVE_HEADER_AD], [1], 4688 [Define if HEADER.ad exists in arpa/nameser.h])], , 4689 [#include <arpa/nameser.h>]) 4690 ]) 4691 4692AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4693AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4694#include <stdio.h> 4695#if HAVE_SYS_TYPES_H 4696# include <sys/types.h> 4697#endif 4698#include <netinet/in.h> 4699#include <arpa/nameser.h> 4700#include <resolv.h> 4701extern struct __res_state _res; 4702 ]], [[ 4703struct __res_state *volatile p = &_res; /* force resolution of _res */ 4704return 0; 4705 ]],)], 4706 [AC_MSG_RESULT([yes]) 4707 AC_DEFINE([HAVE__RES_EXTERN], [1], 4708 [Define if you have struct __res_state _res as an extern]) 4709 ], 4710 [ AC_MSG_RESULT([no]) ] 4711) 4712 4713# Check whether user wants SELinux support 4714SELINUX_MSG="no" 4715LIBSELINUX="" 4716AC_ARG_WITH([selinux], 4717 [ --with-selinux Enable SELinux support], 4718 [ if test "x$withval" != "xno" ; then 4719 save_LIBS="$LIBS" 4720 AC_DEFINE([WITH_SELINUX], [1], 4721 [Define if you want SELinux support.]) 4722 SELINUX_MSG="yes" 4723 AC_CHECK_HEADER([selinux/selinux.h], , 4724 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4725 AC_CHECK_LIB([selinux], [setexeccon], 4726 [ LIBSELINUX="-lselinux" 4727 LIBS="$LIBS -lselinux" 4728 ], 4729 AC_MSG_ERROR([SELinux support requires libselinux library])) 4730 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4731 LIBS="$save_LIBS $LIBSELINUX" 4732 fi ] 4733) 4734AC_SUBST([SSHDLIBS]) 4735 4736# Check whether user wants Kerberos 5 support 4737KRB5_MSG="no" 4738AC_ARG_WITH([kerberos5], 4739 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4740 [ if test "x$withval" != "xno" ; then 4741 if test "x$withval" = "xyes" ; then 4742 KRB5ROOT="/usr/local" 4743 else 4744 KRB5ROOT=${withval} 4745 fi 4746 4747 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4748 KRB5_MSG="yes" 4749 4750 use_pkgconfig_for_krb5= 4751 if test "x$PKGCONFIG" != "xno"; then 4752 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4753 if "$PKGCONFIG" krb5; then 4754 AC_MSG_RESULT([yes]) 4755 use_pkgconfig_for_krb5=yes 4756 else 4757 AC_MSG_RESULT([no]) 4758 fi 4759 fi 4760 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4761 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4762 K5LIBS=`$PKGCONFIG --libs krb5` 4763 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4764 4765 AC_MSG_CHECKING([for gssapi support]) 4766 if "$PKGCONFIG" krb5-gssapi; then 4767 AC_MSG_RESULT([yes]) 4768 AC_DEFINE([GSSAPI], [1], 4769 [Define this if you want GSSAPI 4770 support in the version 2 protocol]) 4771 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4772 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4773 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4774 else 4775 AC_MSG_RESULT([no]) 4776 fi 4777 AC_MSG_CHECKING([whether we are using Heimdal]) 4778 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4779 ]], [[ char *tmp = heimdal_version; ]])], 4780 [ AC_MSG_RESULT([yes]) 4781 AC_DEFINE([HEIMDAL], [1], 4782 [Define this if you are using the Heimdal 4783 version of Kerberos V5]) ], 4784 [AC_MSG_RESULT([no]) 4785 ]) 4786 else 4787 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4788 [$KRB5ROOT/bin/krb5-config], 4789 [$KRB5ROOT/bin:$PATH]) 4790 if test -x $KRB5CONF ; then 4791 K5CFLAGS="`$KRB5CONF --cflags`" 4792 K5LIBS="`$KRB5CONF --libs`" 4793 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4794 4795 AC_MSG_CHECKING([for gssapi support]) 4796 if $KRB5CONF | grep gssapi >/dev/null ; then 4797 AC_MSG_RESULT([yes]) 4798 AC_DEFINE([GSSAPI], [1], 4799 [Define this if you want GSSAPI 4800 support in the version 2 protocol]) 4801 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4802 GSSLIBS="`$KRB5CONF --libs gssapi`" 4803 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4804 else 4805 AC_MSG_RESULT([no]) 4806 fi 4807 AC_MSG_CHECKING([whether we are using Heimdal]) 4808 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4809 ]], [[ char *tmp = heimdal_version; ]])], 4810 [ AC_MSG_RESULT([yes]) 4811 AC_DEFINE([HEIMDAL], [1], 4812 [Define this if you are using the Heimdal 4813 version of Kerberos V5]) ], 4814 [AC_MSG_RESULT([no]) 4815 ]) 4816 else 4817 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4818 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4819 AC_MSG_CHECKING([whether we are using Heimdal]) 4820 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4821 ]], [[ char *tmp = heimdal_version; ]])], 4822 [ AC_MSG_RESULT([yes]) 4823 AC_DEFINE([HEIMDAL]) 4824 K5LIBS="-lkrb5" 4825 K5LIBS="$K5LIBS -lcom_err -lasn1" 4826 AC_CHECK_LIB([roken], [net_write], 4827 [K5LIBS="$K5LIBS -lroken"]) 4828 AC_CHECK_LIB([des], [des_cbc_encrypt], 4829 [K5LIBS="$K5LIBS -ldes"]) 4830 ], [ AC_MSG_RESULT([no]) 4831 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4832 ]) 4833 AC_SEARCH_LIBS([dn_expand], [resolv]) 4834 4835 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4836 [ AC_DEFINE([GSSAPI]) 4837 GSSLIBS="-lgssapi_krb5" ], 4838 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4839 [ AC_DEFINE([GSSAPI]) 4840 GSSLIBS="-lgssapi" ], 4841 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4842 [ AC_DEFINE([GSSAPI]) 4843 GSSLIBS="-lgss" ], 4844 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4845 ]) 4846 ]) 4847 4848 AC_CHECK_HEADER([gssapi.h], , 4849 [ unset ac_cv_header_gssapi_h 4850 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4851 AC_CHECK_HEADERS([gssapi.h], , 4852 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4853 ) 4854 ] 4855 ) 4856 4857 oldCPP="$CPPFLAGS" 4858 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4859 AC_CHECK_HEADER([gssapi_krb5.h], , 4860 [ CPPFLAGS="$oldCPP" ]) 4861 4862 fi 4863 fi 4864 if test -n "${rpath_opt}" ; then 4865 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4866 fi 4867 if test ! -z "$blibpath" ; then 4868 blibpath="$blibpath:${KRB5ROOT}/lib" 4869 fi 4870 4871 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4872 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4873 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4874 4875 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4876 [Define this if you want to use libkafs' AFS support])]) 4877 4878 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4879#ifdef HAVE_GSSAPI_H 4880# include <gssapi.h> 4881#elif defined(HAVE_GSSAPI_GSSAPI_H) 4882# include <gssapi/gssapi.h> 4883#endif 4884 4885#ifdef HAVE_GSSAPI_GENERIC_H 4886# include <gssapi_generic.h> 4887#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4888# include <gssapi/gssapi_generic.h> 4889#endif 4890 ]]) 4891 saved_LIBS="$LIBS" 4892 LIBS="$LIBS $K5LIBS" 4893 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4894 LIBS="$saved_LIBS" 4895 4896 fi 4897 ] 4898) 4899AC_SUBST([GSSLIBS]) 4900AC_SUBST([K5LIBS]) 4901AC_SUBST([CHANNELLIBS]) 4902 4903# Looking for programs, paths and files 4904 4905PRIVSEP_PATH=/var/empty 4906AC_ARG_WITH([privsep-path], 4907 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4908 [ 4909 if test -n "$withval" && test "x$withval" != "xno" && \ 4910 test "x${withval}" != "xyes"; then 4911 PRIVSEP_PATH=$withval 4912 fi 4913 ] 4914) 4915AC_SUBST([PRIVSEP_PATH]) 4916 4917AC_ARG_WITH([xauth], 4918 [ --with-xauth=PATH Specify path to xauth program ], 4919 [ 4920 if test -n "$withval" && test "x$withval" != "xno" && \ 4921 test "x${withval}" != "xyes"; then 4922 xauth_path=$withval 4923 fi 4924 ], 4925 [ 4926 TestPath="$PATH" 4927 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4928 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4929 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4930 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4931 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4932 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4933 xauth_path="/usr/openwin/bin/xauth" 4934 fi 4935 ] 4936) 4937 4938STRIP_OPT=-s 4939AC_ARG_ENABLE([strip], 4940 [ --disable-strip Disable calling strip(1) on install], 4941 [ 4942 if test "x$enableval" = "xno" ; then 4943 STRIP_OPT= 4944 fi 4945 ] 4946) 4947AC_SUBST([STRIP_OPT]) 4948 4949if test -z "$xauth_path" ; then 4950 XAUTH_PATH="undefined" 4951 AC_SUBST([XAUTH_PATH]) 4952else 4953 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4954 [Define if xauth is found in your path]) 4955 XAUTH_PATH=$xauth_path 4956 AC_SUBST([XAUTH_PATH]) 4957fi 4958 4959dnl # --with-maildir=/path/to/mail gets top priority. 4960dnl # if maildir is set in the platform case statement above we use that. 4961dnl # Otherwise we run a program to get the dir from system headers. 4962dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4963dnl # If we find _PATH_MAILDIR we do nothing because that is what 4964dnl # session.c expects anyway. Otherwise we set to the value found 4965dnl # stripping any trailing slash. If for some strage reason our program 4966dnl # does not find what it needs, we default to /var/spool/mail. 4967# Check for mail directory 4968AC_ARG_WITH([maildir], 4969 [ --with-maildir=/path/to/mail Specify your system mail directory], 4970 [ 4971 if test "X$withval" != X && test "x$withval" != xno && \ 4972 test "x${withval}" != xyes; then 4973 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4974 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4975 fi 4976 ],[ 4977 if test "X$maildir" != "X"; then 4978 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4979 else 4980 AC_MSG_CHECKING([Discovering system mail directory]) 4981 AC_RUN_IFELSE( 4982 [AC_LANG_PROGRAM([[ 4983#include <stdio.h> 4984#include <stdlib.h> 4985#include <string.h> 4986#ifdef HAVE_PATHS_H 4987#include <paths.h> 4988#endif 4989#ifdef HAVE_MAILLOCK_H 4990#include <maillock.h> 4991#endif 4992#define DATA "conftest.maildir" 4993 ]], [[ 4994 FILE *fd; 4995 int rc; 4996 4997 fd = fopen(DATA,"w"); 4998 if(fd == NULL) 4999 exit(1); 5000 5001#if defined (_PATH_MAILDIR) 5002 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 5003 exit(1); 5004#elif defined (MAILDIR) 5005 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 5006 exit(1); 5007#elif defined (_PATH_MAIL) 5008 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 5009 exit(1); 5010#else 5011 exit (2); 5012#endif 5013 5014 exit(0); 5015 ]])], 5016 [ 5017 maildir_what=`awk -F: '{print $1}' conftest.maildir` 5018 maildir=`awk -F: '{print $2}' conftest.maildir \ 5019 | sed 's|/$||'` 5020 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 5021 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 5022 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5023 fi 5024 ], 5025 [ 5026 if test "X$ac_status" = "X2";then 5027# our test program didn't find it. Default to /var/spool/mail 5028 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5029 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5030 else 5031 AC_MSG_RESULT([*** not found ***]) 5032 fi 5033 ], 5034 [ 5035 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5036 ] 5037 ) 5038 fi 5039 ] 5040) # maildir 5041 5042if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5043 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5044 disable_ptmx_check=yes 5045fi 5046if test -z "$no_dev_ptmx" ; then 5047 if test "x$disable_ptmx_check" != "xyes" ; then 5048 AC_CHECK_FILE(["/dev/ptmx"], 5049 [ 5050 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5051 [Define if you have /dev/ptmx]) 5052 have_dev_ptmx=1 5053 ] 5054 ) 5055 fi 5056fi 5057 5058if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5059 AC_CHECK_FILE(["/dev/ptc"], 5060 [ 5061 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5062 [Define if you have /dev/ptc]) 5063 have_dev_ptc=1 5064 ] 5065 ) 5066else 5067 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5068fi 5069 5070# Options from here on. Some of these are preset by platform above 5071AC_ARG_WITH([mantype], 5072 [ --with-mantype=man|cat|doc Set man page type], 5073 [ 5074 case "$withval" in 5075 man|cat|doc) 5076 MANTYPE=$withval 5077 ;; 5078 *) 5079 AC_MSG_ERROR([invalid man type: $withval]) 5080 ;; 5081 esac 5082 ] 5083) 5084if test -z "$MANTYPE"; then 5085 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5086 MANTYPE=doc 5087 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5088 MANTYPE=doc 5089 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5090 MANTYPE=man 5091 else 5092 MANTYPE=cat 5093 fi 5094fi 5095AC_SUBST([MANTYPE]) 5096if test "$MANTYPE" = "doc"; then 5097 mansubdir=man; 5098else 5099 mansubdir=$MANTYPE; 5100fi 5101AC_SUBST([mansubdir]) 5102 5103# Whether to disable shadow password support 5104AC_ARG_WITH([shadow], 5105 [ --without-shadow Disable shadow password support], 5106 [ 5107 if test "x$withval" = "xno" ; then 5108 AC_DEFINE([DISABLE_SHADOW]) 5109 disable_shadow=yes 5110 fi 5111 ] 5112) 5113 5114if test -z "$disable_shadow" ; then 5115 AC_MSG_CHECKING([if the systems has expire shadow information]) 5116 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5117#include <sys/types.h> 5118#include <shadow.h> 5119struct spwd sp; 5120 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5121 [ sp_expire_available=yes ], [ 5122 ]) 5123 5124 if test "x$sp_expire_available" = "xyes" ; then 5125 AC_MSG_RESULT([yes]) 5126 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5127 [Define if you want to use shadow password expire field]) 5128 else 5129 AC_MSG_RESULT([no]) 5130 fi 5131fi 5132 5133# Use ip address instead of hostname in $DISPLAY 5134if test ! -z "$IPADDR_IN_DISPLAY" ; then 5135 DISPLAY_HACK_MSG="yes" 5136 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5137 [Define if you need to use IP address 5138 instead of hostname in $DISPLAY]) 5139else 5140 DISPLAY_HACK_MSG="no" 5141 AC_ARG_WITH([ipaddr-display], 5142 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5143 [ 5144 if test "x$withval" != "xno" ; then 5145 AC_DEFINE([IPADDR_IN_DISPLAY]) 5146 DISPLAY_HACK_MSG="yes" 5147 fi 5148 ] 5149 ) 5150fi 5151 5152# check for /etc/default/login and use it if present. 5153AC_ARG_ENABLE([etc-default-login], 5154 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5155 [ if test "x$enableval" = "xno"; then 5156 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5157 etc_default_login=no 5158 else 5159 etc_default_login=yes 5160 fi ], 5161 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5162 then 5163 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5164 etc_default_login=no 5165 else 5166 etc_default_login=yes 5167 fi ] 5168) 5169 5170if test "x$etc_default_login" != "xno"; then 5171 AC_CHECK_FILE(["/etc/default/login"], 5172 [ external_path_file=/etc/default/login ]) 5173 if test "x$external_path_file" = "x/etc/default/login"; then 5174 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5175 [Define if your system has /etc/default/login]) 5176 fi 5177fi 5178 5179dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5180if test $ac_cv_func_login_getcapbool = "yes" && \ 5181 test $ac_cv_header_login_cap_h = "yes" ; then 5182 external_path_file=/etc/login.conf 5183fi 5184 5185# Whether to mess with the default path 5186SERVER_PATH_MSG="(default)" 5187AC_ARG_WITH([default-path], 5188 [ --with-default-path= Specify default $PATH environment for server], 5189 [ 5190 if test "x$external_path_file" = "x/etc/login.conf" ; then 5191 AC_MSG_WARN([ 5192--with-default-path=PATH has no effect on this system. 5193Edit /etc/login.conf instead.]) 5194 elif test "x$withval" != "xno" ; then 5195 if test ! -z "$external_path_file" ; then 5196 AC_MSG_WARN([ 5197--with-default-path=PATH will only be used if PATH is not defined in 5198$external_path_file .]) 5199 fi 5200 user_path="$withval" 5201 SERVER_PATH_MSG="$withval" 5202 fi 5203 ], 5204 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5205 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5206 else 5207 if test ! -z "$external_path_file" ; then 5208 AC_MSG_WARN([ 5209If PATH is defined in $external_path_file, ensure the path to scp is included, 5210otherwise scp will not work.]) 5211 fi 5212 AC_RUN_IFELSE( 5213 [AC_LANG_PROGRAM([[ 5214/* find out what STDPATH is */ 5215#include <stdio.h> 5216#include <stdlib.h> 5217#ifdef HAVE_PATHS_H 5218# include <paths.h> 5219#endif 5220#ifndef _PATH_STDPATH 5221# ifdef _PATH_USERPATH /* Irix */ 5222# define _PATH_STDPATH _PATH_USERPATH 5223# else 5224# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5225# endif 5226#endif 5227#include <sys/types.h> 5228#include <sys/stat.h> 5229#include <fcntl.h> 5230#define DATA "conftest.stdpath" 5231 ]], [[ 5232 FILE *fd; 5233 int rc; 5234 5235 fd = fopen(DATA,"w"); 5236 if(fd == NULL) 5237 exit(1); 5238 5239 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5240 exit(1); 5241 5242 exit(0); 5243 ]])], 5244 [ user_path=`cat conftest.stdpath` ], 5245 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5246 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5247 ) 5248# make sure $bindir is in USER_PATH so scp will work 5249 t_bindir="${bindir}" 5250 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5251 t_bindir=`eval echo ${t_bindir}` 5252 case $t_bindir in 5253 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5254 esac 5255 case $t_bindir in 5256 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5257 esac 5258 done 5259 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5260 if test $? -ne 0 ; then 5261 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5262 if test $? -ne 0 ; then 5263 user_path=$user_path:$t_bindir 5264 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5265 fi 5266 fi 5267 fi ] 5268) 5269if test "x$external_path_file" != "x/etc/login.conf" ; then 5270 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5271 AC_SUBST([user_path]) 5272fi 5273 5274# Set superuser path separately to user path 5275AC_ARG_WITH([superuser-path], 5276 [ --with-superuser-path= Specify different path for super-user], 5277 [ 5278 if test -n "$withval" && test "x$withval" != "xno" && \ 5279 test "x${withval}" != "xyes"; then 5280 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5281 [Define if you want a different $PATH 5282 for the superuser]) 5283 superuser_path=$withval 5284 fi 5285 ] 5286) 5287 5288 5289AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5290IPV4_IN6_HACK_MSG="no" 5291AC_ARG_WITH(4in6, 5292 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5293 [ 5294 if test "x$withval" != "xno" ; then 5295 AC_MSG_RESULT([yes]) 5296 AC_DEFINE([IPV4_IN_IPV6], [1], 5297 [Detect IPv4 in IPv6 mapped addresses 5298 and treat as IPv4]) 5299 IPV4_IN6_HACK_MSG="yes" 5300 else 5301 AC_MSG_RESULT([no]) 5302 fi 5303 ], [ 5304 if test "x$inet6_default_4in6" = "xyes"; then 5305 AC_MSG_RESULT([yes (default)]) 5306 AC_DEFINE([IPV4_IN_IPV6]) 5307 IPV4_IN6_HACK_MSG="yes" 5308 else 5309 AC_MSG_RESULT([no (default)]) 5310 fi 5311 ] 5312) 5313 5314# Whether to enable BSD auth support 5315BSD_AUTH_MSG=no 5316AC_ARG_WITH([bsd-auth], 5317 [ --with-bsd-auth Enable BSD auth support], 5318 [ 5319 if test "x$withval" != "xno" ; then 5320 AC_DEFINE([BSD_AUTH], [1], 5321 [Define if you have BSD auth support]) 5322 BSD_AUTH_MSG=yes 5323 fi 5324 ] 5325) 5326 5327# Where to place sshd.pid 5328piddir=/var/run 5329# make sure the directory exists 5330if test ! -d $piddir ; then 5331 piddir=`eval echo ${sysconfdir}` 5332 case $piddir in 5333 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5334 esac 5335fi 5336 5337AC_ARG_WITH([pid-dir], 5338 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5339 [ 5340 if test -n "$withval" && test "x$withval" != "xno" && \ 5341 test "x${withval}" != "xyes"; then 5342 piddir=$withval 5343 if test ! -d $piddir ; then 5344 AC_MSG_WARN([** no $piddir directory on this system **]) 5345 fi 5346 fi 5347 ] 5348) 5349 5350AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5351 [Specify location of ssh.pid]) 5352AC_SUBST([piddir]) 5353 5354dnl allow user to disable some login recording features 5355AC_ARG_ENABLE([lastlog], 5356 [ --disable-lastlog disable use of lastlog even if detected [no]], 5357 [ 5358 if test "x$enableval" = "xno" ; then 5359 AC_DEFINE([DISABLE_LASTLOG]) 5360 fi 5361 ] 5362) 5363AC_ARG_ENABLE([utmp], 5364 [ --disable-utmp disable use of utmp even if detected [no]], 5365 [ 5366 if test "x$enableval" = "xno" ; then 5367 AC_DEFINE([DISABLE_UTMP]) 5368 fi 5369 ] 5370) 5371AC_ARG_ENABLE([utmpx], 5372 [ --disable-utmpx disable use of utmpx even if detected [no]], 5373 [ 5374 if test "x$enableval" = "xno" ; then 5375 AC_DEFINE([DISABLE_UTMPX], [1], 5376 [Define if you don't want to use utmpx]) 5377 fi 5378 ] 5379) 5380AC_ARG_ENABLE([wtmp], 5381 [ --disable-wtmp disable use of wtmp even if detected [no]], 5382 [ 5383 if test "x$enableval" = "xno" ; then 5384 AC_DEFINE([DISABLE_WTMP]) 5385 fi 5386 ] 5387) 5388AC_ARG_ENABLE([wtmpx], 5389 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5390 [ 5391 if test "x$enableval" = "xno" ; then 5392 AC_DEFINE([DISABLE_WTMPX], [1], 5393 [Define if you don't want to use wtmpx]) 5394 fi 5395 ] 5396) 5397AC_ARG_ENABLE([libutil], 5398 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5399 [ 5400 if test "x$enableval" = "xno" ; then 5401 AC_DEFINE([DISABLE_LOGIN]) 5402 fi 5403 ] 5404) 5405AC_ARG_ENABLE([pututline], 5406 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5407 [ 5408 if test "x$enableval" = "xno" ; then 5409 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5410 [Define if you don't want to use pututline() 5411 etc. to write [uw]tmp]) 5412 fi 5413 ] 5414) 5415AC_ARG_ENABLE([pututxline], 5416 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5417 [ 5418 if test "x$enableval" = "xno" ; then 5419 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5420 [Define if you don't want to use pututxline() 5421 etc. to write [uw]tmpx]) 5422 fi 5423 ] 5424) 5425AC_ARG_WITH([lastlog], 5426 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5427 [ 5428 if test "x$withval" = "xno" ; then 5429 AC_DEFINE([DISABLE_LASTLOG]) 5430 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5431 conf_lastlog_location=$withval 5432 fi 5433 ] 5434) 5435 5436dnl lastlog, [uw]tmpx? detection 5437dnl NOTE: set the paths in the platform section to avoid the 5438dnl need for command-line parameters 5439dnl lastlog and [uw]tmp are subject to a file search if all else fails 5440 5441dnl lastlog detection 5442dnl NOTE: the code itself will detect if lastlog is a directory 5443AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5444AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5445#include <sys/types.h> 5446#include <utmp.h> 5447#ifdef HAVE_LASTLOG_H 5448# include <lastlog.h> 5449#endif 5450#ifdef HAVE_PATHS_H 5451# include <paths.h> 5452#endif 5453#ifdef HAVE_LOGIN_H 5454# include <login.h> 5455#endif 5456 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5457 [ AC_MSG_RESULT([yes]) ], 5458 [ 5459 AC_MSG_RESULT([no]) 5460 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5461 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5462#include <sys/types.h> 5463#include <utmp.h> 5464#ifdef HAVE_LASTLOG_H 5465# include <lastlog.h> 5466#endif 5467#ifdef HAVE_PATHS_H 5468# include <paths.h> 5469#endif 5470 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5471 [ AC_MSG_RESULT([yes]) ], 5472 [ 5473 AC_MSG_RESULT([no]) 5474 system_lastlog_path=no 5475 ]) 5476]) 5477 5478if test -z "$conf_lastlog_location"; then 5479 if test x"$system_lastlog_path" = x"no" ; then 5480 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5481 if (test -d "$f" || test -f "$f") ; then 5482 conf_lastlog_location=$f 5483 fi 5484 done 5485 if test -z "$conf_lastlog_location"; then 5486 AC_MSG_WARN([** Cannot find lastlog **]) 5487 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5488 fi 5489 fi 5490fi 5491 5492if test -n "$conf_lastlog_location"; then 5493 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5494 [Define if you want to specify the path to your lastlog file]) 5495fi 5496 5497dnl utmp detection 5498AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5499AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5500#include <sys/types.h> 5501#include <utmp.h> 5502#ifdef HAVE_PATHS_H 5503# include <paths.h> 5504#endif 5505 ]], [[ char *utmp = UTMP_FILE; ]])], 5506 [ AC_MSG_RESULT([yes]) ], 5507 [ AC_MSG_RESULT([no]) 5508 system_utmp_path=no 5509]) 5510if test -z "$conf_utmp_location"; then 5511 if test x"$system_utmp_path" = x"no" ; then 5512 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5513 if test -f $f ; then 5514 conf_utmp_location=$f 5515 fi 5516 done 5517 if test -z "$conf_utmp_location"; then 5518 AC_DEFINE([DISABLE_UTMP]) 5519 fi 5520 fi 5521fi 5522if test -n "$conf_utmp_location"; then 5523 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5524 [Define if you want to specify the path to your utmp file]) 5525fi 5526 5527dnl wtmp detection 5528AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5529AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5530#include <sys/types.h> 5531#include <utmp.h> 5532#ifdef HAVE_PATHS_H 5533# include <paths.h> 5534#endif 5535 ]], [[ char *wtmp = WTMP_FILE; ]])], 5536 [ AC_MSG_RESULT([yes]) ], 5537 [ AC_MSG_RESULT([no]) 5538 system_wtmp_path=no 5539]) 5540if test -z "$conf_wtmp_location"; then 5541 if test x"$system_wtmp_path" = x"no" ; then 5542 for f in /usr/adm/wtmp /var/log/wtmp; do 5543 if test -f $f ; then 5544 conf_wtmp_location=$f 5545 fi 5546 done 5547 if test -z "$conf_wtmp_location"; then 5548 AC_DEFINE([DISABLE_WTMP]) 5549 fi 5550 fi 5551fi 5552if test -n "$conf_wtmp_location"; then 5553 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5554 [Define if you want to specify the path to your wtmp file]) 5555fi 5556 5557dnl wtmpx detection 5558AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5559AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5560#include <sys/types.h> 5561#include <utmp.h> 5562#ifdef HAVE_UTMPX_H 5563#include <utmpx.h> 5564#endif 5565#ifdef HAVE_PATHS_H 5566# include <paths.h> 5567#endif 5568 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5569 [ AC_MSG_RESULT([yes]) ], 5570 [ AC_MSG_RESULT([no]) 5571 system_wtmpx_path=no 5572]) 5573if test -z "$conf_wtmpx_location"; then 5574 if test x"$system_wtmpx_path" = x"no" ; then 5575 AC_DEFINE([DISABLE_WTMPX]) 5576 fi 5577else 5578 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5579 [Define if you want to specify the path to your wtmpx file]) 5580fi 5581 5582 5583if test ! -z "$blibpath" ; then 5584 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5585 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5586fi 5587 5588AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5589 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5590 AC_DEFINE([DISABLE_LASTLOG]) 5591 fi 5592 ], [ 5593#ifdef HAVE_SYS_TYPES_H 5594#include <sys/types.h> 5595#endif 5596#ifdef HAVE_UTMP_H 5597#include <utmp.h> 5598#endif 5599#ifdef HAVE_UTMPX_H 5600#include <utmpx.h> 5601#endif 5602#ifdef HAVE_LASTLOG_H 5603#include <lastlog.h> 5604#endif 5605 ]) 5606 5607AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5608 AC_DEFINE([DISABLE_UTMP]) 5609 AC_DEFINE([DISABLE_WTMP]) 5610 ], [ 5611#ifdef HAVE_SYS_TYPES_H 5612#include <sys/types.h> 5613#endif 5614#ifdef HAVE_UTMP_H 5615#include <utmp.h> 5616#endif 5617#ifdef HAVE_UTMPX_H 5618#include <utmpx.h> 5619#endif 5620#ifdef HAVE_LASTLOG_H 5621#include <lastlog.h> 5622#endif 5623 ]) 5624 5625dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5626dnl Add now. 5627CFLAGS="$CFLAGS $werror_flags" 5628 5629if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5630 TEST_SSH_IPV6=no 5631else 5632 TEST_SSH_IPV6=yes 5633fi 5634AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5635AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5636AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5637AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5638AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5639AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5640 5641# Binaries for interop tests. 5642AC_PATH_PROG([PLINK], [plink]) 5643AC_PATH_PROG([PUTTYGEN], [puttygen]) 5644AC_PATH_PROG([CONCH], [conch]) 5645AC_PATH_PROG([DROPBEAR], [dropbear]) 5646AC_PATH_PROG([DBCLIENT], [dbclient]) 5647AC_PATH_PROG([DROPBEARKEY], [dropbearkey]) 5648AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert]) 5649 5650CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5651LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5652 5653# Make a copy of CFLAGS/LDFLAGS without PIE options. 5654LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5655CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5656AC_SUBST([LDFLAGS_NOPIE]) 5657AC_SUBST([CFLAGS_NOPIE]) 5658 5659AC_EXEEXT 5660AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5661 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5662 survey.sh]) 5663AC_OUTPUT 5664 5665# Print summary of options 5666 5667# Someone please show me a better way :) 5668A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5669B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5670C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5671D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5672E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5673F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5674G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5675H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5676I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5677J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5678 5679echo "" 5680echo "OpenSSH has been configured with the following options:" 5681echo " User binaries: $B" 5682echo " System binaries: $C" 5683echo " Configuration files: $D" 5684echo " Askpass program: $E" 5685echo " Manual pages: $F" 5686echo " PID file: $G" 5687echo " Privilege separation chroot path: $H" 5688if test "x$external_path_file" = "x/etc/login.conf" ; then 5689echo " At runtime, sshd will use the path defined in $external_path_file" 5690echo " Make sure the path to scp is present, otherwise scp will not work" 5691else 5692echo " sshd default user PATH: $I" 5693 if test ! -z "$external_path_file"; then 5694echo " (If PATH is set in $external_path_file it will be used instead. If" 5695echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5696 fi 5697fi 5698if test ! -z "$superuser_path" ; then 5699echo " sshd superuser user PATH: $J" 5700fi 5701echo " Manpage format: $MANTYPE" 5702echo " PAM support: $PAM_MSG" 5703echo " OSF SIA support: $SIA_MSG" 5704echo " KerberosV support: $KRB5_MSG" 5705echo " SELinux support: $SELINUX_MSG" 5706echo " TCP Wrappers support: $TCPW_MSG" 5707echo " libedit support: $LIBEDIT_MSG" 5708echo " libldns support: $LDNS_MSG" 5709echo " Solaris process contract support: $SPC_MSG" 5710echo " Solaris project support: $SP_MSG" 5711echo " Solaris privilege support: $SPP_MSG" 5712echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5713echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5714echo " BSD Auth support: $BSD_AUTH_MSG" 5715echo " Random number source: $RAND_MSG" 5716echo " Privsep sandbox style: $SANDBOX_STYLE" 5717echo " PKCS#11 support: $enable_pkcs11" 5718echo " U2F/FIDO support: $enable_sk" 5719 5720echo "" 5721 5722echo " Host: ${host}" 5723echo " Compiler: ${CC}" 5724echo " Compiler flags: ${CFLAGS}" 5725echo "Preprocessor flags: ${CPPFLAGS}" 5726echo " Linker flags: ${LDFLAGS}" 5727echo " Libraries: ${LIBS}" 5728if test ! -z "${CHANNELLIBS}"; then 5729echo " +for channels: ${CHANNELLIBS}" 5730fi 5731if test ! -z "${LIBFIDO2}"; then 5732echo " +for FIDO2: ${LIBFIDO2}" 5733fi 5734if test ! -z "${SSHDLIBS}"; then 5735echo " +for sshd: ${SSHDLIBS}" 5736fi 5737 5738echo "" 5739 5740if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5741 echo "SVR4 style packages are supported with \"make package\"" 5742 echo "" 5743fi 5744 5745if test "x$PAM_MSG" = "xyes" ; then 5746 echo "PAM is enabled. You may need to install a PAM control file " 5747 echo "for sshd, otherwise password authentication may fail. " 5748 echo "Example PAM control files can be found in the contrib/ " 5749 echo "subdirectory" 5750 echo "" 5751fi 5752 5753if test ! -z "$NO_PEERCHECK" ; then 5754 echo "WARNING: the operating system that you are using does not" 5755 echo "appear to support getpeereid(), getpeerucred() or the" 5756 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5757 echo "enforce security checks to prevent unauthorised connections to" 5758 echo "ssh-agent. Their absence increases the risk that a malicious" 5759 echo "user can connect to your agent." 5760 echo "" 5761fi 5762 5763if test "$AUDIT_MODULE" = "bsm" ; then 5764 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5765 echo "See the Solaris section in README.platform for details." 5766fi 5767