1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133openssl_bin=openssl 134AC_ARG_WITH([openssl], 135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 136 [ if test "x$withval" = "xno" ; then 137 openssl=no 138 openssl_bin="" 139 fi 140 ] 141) 142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 143if test "x$openssl" = "xyes" ; then 144 AC_MSG_RESULT([yes]) 145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 146else 147 AC_MSG_RESULT([no]) 148fi 149 150use_stack_protector=1 151use_toolchain_hardening=1 152AC_ARG_WITH([stackprotect], 153 [ --without-stackprotect Don't use compiler's stack protection], [ 154 if test "x$withval" = "xno"; then 155 use_stack_protector=0 156 fi ]) 157AC_ARG_WITH([hardening], 158 [ --without-hardening Don't use toolchain hardening flags], [ 159 if test "x$withval" = "xno"; then 160 use_toolchain_hardening=0 161 fi ]) 162 163# We use -Werror for the tests only so that we catch warnings like "this is 164# on by default" for things like -fPIE. 165AC_MSG_CHECKING([if $CC supports -Werror]) 166saved_CFLAGS="$CFLAGS" 167CFLAGS="$CFLAGS -Werror" 168AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 169 [ AC_MSG_RESULT([yes]) 170 WERROR="-Werror"], 171 [ AC_MSG_RESULT([no]) 172 WERROR="" ] 173) 174CFLAGS="$saved_CFLAGS" 175 176if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 177 AC_MSG_CHECKING([gcc version]) 178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 179 case "$GCC_VER" in 180 1.*) no_attrib_nonnull=1 ;; 181 2.8* | 2.9*) 182 no_attrib_nonnull=1 183 ;; 184 2.*) no_attrib_nonnull=1 ;; 185 *) ;; 186 esac 187 AC_MSG_RESULT([$GCC_VER]) 188 189 AC_MSG_CHECKING([clang version]) 190 CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'` 191 AC_MSG_RESULT([$CLANG_VER]) 192 193 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 195 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 196 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 197 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 198 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 199 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 200 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 201 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 202 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 203 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 204 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 205 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 206 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 209 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 210 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 211 if test "x$use_toolchain_hardening" = "x1"; then 212 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 213 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 214 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 215 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 216 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 217 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 218 # NB. -ftrapv expects certain support functions to be present in 219 # the compiler library (libgcc or similar) to detect integer operations 220 # that can overflow. We must check that the result of enabling it 221 # actually links. The test program compiled/linked includes a number 222 # of integer operations that should exercise this. 223 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 224 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 225 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 226 # https://github.com/llvm/llvm-project/issues/59242 227 case "$CLANG_VER" in 228 15.*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;; 229 *) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;; 230 esac 231 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 232 fi 233 234 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 235 saved_CFLAGS="$CFLAGS" 236 CFLAGS="$CFLAGS -fno-builtin-memset" 237 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 238 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 239 [ AC_MSG_RESULT([yes]) ], 240 [ AC_MSG_RESULT([no]) 241 CFLAGS="$saved_CFLAGS" ] 242 ) 243 244 # -fstack-protector-all doesn't always work for some GCC versions 245 # and/or platforms, so we test if we can. If it's not supported 246 # on a given platform gcc will emit a warning so we use -Werror. 247 if test "x$use_stack_protector" = "x1"; then 248 for t in -fstack-protector-strong -fstack-protector-all \ 249 -fstack-protector; do 250 AC_MSG_CHECKING([if $CC supports $t]) 251 saved_CFLAGS="$CFLAGS" 252 saved_LDFLAGS="$LDFLAGS" 253 CFLAGS="$CFLAGS $t -Werror" 254 LDFLAGS="$LDFLAGS $t -Werror" 255 AC_LINK_IFELSE( 256 [AC_LANG_PROGRAM([[ 257 #include <stdio.h> 258 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 259 ]], 260 [[ 261 char x[256]; 262 snprintf(x, sizeof(x), "XXX%d", func(1)); 263 ]])], 264 [ AC_MSG_RESULT([yes]) 265 CFLAGS="$saved_CFLAGS $t" 266 LDFLAGS="$saved_LDFLAGS $t" 267 AC_MSG_CHECKING([if $t works]) 268 AC_RUN_IFELSE( 269 [AC_LANG_PROGRAM([[ 270 #include <stdio.h> 271 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 272 ]], 273 [[ 274 char x[256]; 275 snprintf(x, sizeof(x), "XXX%d", func(1)); 276 ]])], 277 [ AC_MSG_RESULT([yes]) 278 break ], 279 [ AC_MSG_RESULT([no]) ], 280 [ AC_MSG_WARN([cross compiling: cannot test]) 281 break ] 282 ) 283 ], 284 [ AC_MSG_RESULT([no]) ] 285 ) 286 CFLAGS="$saved_CFLAGS" 287 LDFLAGS="$saved_LDFLAGS" 288 done 289 fi 290 291 if test -z "$have_llong_max"; then 292 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 293 unset ac_cv_have_decl_LLONG_MAX 294 saved_CFLAGS="$CFLAGS" 295 CFLAGS="$CFLAGS -std=gnu99" 296 AC_CHECK_DECL([LLONG_MAX], 297 [have_llong_max=1], 298 [CFLAGS="$saved_CFLAGS"], 299 [#include <limits.h>] 300 ) 301 fi 302fi 303 304AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 305AC_COMPILE_IFELSE( 306 [AC_LANG_PROGRAM([[ 307#include <stdlib.h> 308__attribute__((__unused__)) static void foo(void){return;}]], 309 [[ exit(0); ]])], 310 [ AC_MSG_RESULT([yes]) ], 311 [ AC_MSG_RESULT([no]) 312 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 313 [compiler does not accept __attribute__ on return types]) ] 314) 315 316AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 317AC_COMPILE_IFELSE( 318 [AC_LANG_PROGRAM([[ 319#include <stdlib.h> 320typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 321 [[ exit(0); ]])], 322 [ AC_MSG_RESULT([yes]) ], 323 [ AC_MSG_RESULT([no]) 324 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 325 [compiler does not accept __attribute__ on prototype args]) ] 326) 327 328AC_MSG_CHECKING([if compiler supports variable length arrays]) 329AC_COMPILE_IFELSE( 330 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 331 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 332 [ AC_MSG_RESULT([yes]) 333 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 334 [compiler supports variable length arrays]) ], 335 [ AC_MSG_RESULT([no]) ] 336) 337 338AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 339AC_COMPILE_IFELSE( 340 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 341 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 342 [ AC_MSG_RESULT([yes]) 343 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 344 [compiler variable declarations after code]) ], 345 [ AC_MSG_RESULT([no]) ] 346) 347 348if test "x$no_attrib_nonnull" != "x1" ; then 349 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 350fi 351 352AC_ARG_WITH([rpath], 353 [ --without-rpath Disable auto-added -R linker paths], 354 [ 355 if test "x$withval" = "xno" ; then 356 rpath_opt="" 357 elif test "x$withval" = "xyes" ; then 358 rpath_opt="-R" 359 else 360 rpath_opt="$withval" 361 fi 362 ] 363) 364 365# Allow user to specify flags 366AC_ARG_WITH([cflags], 367 [ --with-cflags Specify additional flags to pass to compiler], 368 [ 369 if test -n "$withval" && test "x$withval" != "xno" && \ 370 test "x${withval}" != "xyes"; then 371 CFLAGS="$CFLAGS $withval" 372 fi 373 ] 374) 375 376AC_ARG_WITH([cflags-after], 377 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 378 [ 379 if test -n "$withval" && test "x$withval" != "xno" && \ 380 test "x${withval}" != "xyes"; then 381 CFLAGS_AFTER="$withval" 382 fi 383 ] 384) 385AC_ARG_WITH([cppflags], 386 [ --with-cppflags Specify additional flags to pass to preprocessor] , 387 [ 388 if test -n "$withval" && test "x$withval" != "xno" && \ 389 test "x${withval}" != "xyes"; then 390 CPPFLAGS="$CPPFLAGS $withval" 391 fi 392 ] 393) 394AC_ARG_WITH([ldflags], 395 [ --with-ldflags Specify additional flags to pass to linker], 396 [ 397 if test -n "$withval" && test "x$withval" != "xno" && \ 398 test "x${withval}" != "xyes"; then 399 LDFLAGS="$LDFLAGS $withval" 400 fi 401 ] 402) 403AC_ARG_WITH([ldflags-after], 404 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 405 [ 406 if test -n "$withval" && test "x$withval" != "xno" && \ 407 test "x${withval}" != "xyes"; then 408 LDFLAGS_AFTER="$withval" 409 fi 410 ] 411) 412AC_ARG_WITH([libs], 413 [ --with-libs Specify additional libraries to link with], 414 [ 415 if test -n "$withval" && test "x$withval" != "xno" && \ 416 test "x${withval}" != "xyes"; then 417 LIBS="$LIBS $withval" 418 fi 419 ] 420) 421AC_ARG_WITH([Werror], 422 [ --with-Werror Build main code with -Werror], 423 [ 424 if test -n "$withval" && test "x$withval" != "xno"; then 425 werror_flags="-Werror" 426 if test "x${withval}" != "xyes"; then 427 werror_flags="$withval" 428 fi 429 fi 430 ] 431) 432 433dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 434dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 435dnl haven't detected it, recheck. 436if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 437 unset ac_cv_header_sys_stat_h 438 AC_CHECK_HEADERS([sys/stat.h]) 439fi 440 441AC_CHECK_HEADERS([ \ 442 blf.h \ 443 bstring.h \ 444 crypt.h \ 445 crypto/sha2.h \ 446 dirent.h \ 447 endian.h \ 448 elf.h \ 449 err.h \ 450 features.h \ 451 fcntl.h \ 452 floatingpoint.h \ 453 fnmatch.h \ 454 getopt.h \ 455 glob.h \ 456 ia.h \ 457 iaf.h \ 458 ifaddrs.h \ 459 inttypes.h \ 460 langinfo.h \ 461 limits.h \ 462 locale.h \ 463 login.h \ 464 maillock.h \ 465 ndir.h \ 466 net/if_tun.h \ 467 netdb.h \ 468 netgroup.h \ 469 pam/pam_appl.h \ 470 paths.h \ 471 poll.h \ 472 pty.h \ 473 readpassphrase.h \ 474 rpc/types.h \ 475 security/pam_appl.h \ 476 sha2.h \ 477 shadow.h \ 478 stddef.h \ 479 stdint.h \ 480 string.h \ 481 strings.h \ 482 sys/bitypes.h \ 483 sys/byteorder.h \ 484 sys/bsdtty.h \ 485 sys/cdefs.h \ 486 sys/dir.h \ 487 sys/file.h \ 488 sys/mman.h \ 489 sys/label.h \ 490 sys/ndir.h \ 491 sys/param.h \ 492 sys/poll.h \ 493 sys/prctl.h \ 494 sys/procctl.h \ 495 sys/pstat.h \ 496 sys/ptrace.h \ 497 sys/random.h \ 498 sys/select.h \ 499 sys/stream.h \ 500 sys/stropts.h \ 501 sys/strtio.h \ 502 sys/statvfs.h \ 503 sys/sysmacros.h \ 504 sys/time.h \ 505 sys/timers.h \ 506 sys/vfs.h \ 507 time.h \ 508 tmpdir.h \ 509 ttyent.h \ 510 ucred.h \ 511 unistd.h \ 512 usersec.h \ 513 util.h \ 514 utime.h \ 515 utmp.h \ 516 utmpx.h \ 517 vis.h \ 518 wchar.h \ 519]) 520 521# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 522# to be included first. 523AC_CHECK_HEADERS([sys/audit.h], [], [], [ 524#ifdef HAVE_SYS_TIME_H 525# include <sys/time.h> 526#endif 527#ifdef HAVE_SYS_TYPES_H 528# include <sys/types.h> 529#endif 530#ifdef HAVE_SYS_LABEL_H 531# include <sys/label.h> 532#endif 533]) 534 535# sys/capsicum.h requires sys/types.h 536AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 537#ifdef HAVE_SYS_TYPES_H 538# include <sys/types.h> 539#endif 540]) 541 542AC_MSG_CHECKING([for caph_cache_tzdata]) 543AC_LINK_IFELSE( 544 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 545 [[caph_cache_tzdata();]])], 546 [ 547 AC_MSG_RESULT([yes]) 548 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 549 [Define if you have caph_cache_tzdata]) 550 ], 551 [ AC_MSG_RESULT([no]) ] 552) 553 554# net/route.h requires sys/socket.h and sys/types.h. 555# sys/sysctl.h also requires sys/param.h 556AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 557#ifdef HAVE_SYS_TYPES_H 558# include <sys/types.h> 559#endif 560#include <sys/param.h> 561#include <sys/socket.h> 562]) 563 564# lastlog.h requires sys/time.h to be included first on Solaris 565AC_CHECK_HEADERS([lastlog.h], [], [], [ 566#ifdef HAVE_SYS_TIME_H 567# include <sys/time.h> 568#endif 569]) 570 571# sys/ptms.h requires sys/stream.h to be included first on Solaris 572AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 573#ifdef HAVE_SYS_STREAM_H 574# include <sys/stream.h> 575#endif 576]) 577 578# login_cap.h requires sys/types.h on NetBSD 579AC_CHECK_HEADERS([login_cap.h], [], [], [ 580#include <sys/types.h> 581]) 582 583# older BSDs need sys/param.h before sys/mount.h 584AC_CHECK_HEADERS([sys/mount.h], [], [], [ 585#include <sys/param.h> 586]) 587 588# Android requires sys/socket.h to be included before sys/un.h 589AC_CHECK_HEADERS([sys/un.h], [], [], [ 590#include <sys/types.h> 591#include <sys/socket.h> 592]) 593 594# Messages for features tested for in target-specific section 595SIA_MSG="no" 596SPC_MSG="no" 597SP_MSG="no" 598SPP_MSG="no" 599 600# Support for Solaris/Illumos privileges (this test is used by both 601# the --with-solaris-privs option and --with-sandbox=solaris). 602SOLARIS_PRIVS="no" 603 604# Check for some target-specific stuff 605case "$host" in 606*-*-aix*) 607 # Some versions of VAC won't allow macro redefinitions at 608 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 609 # particularly with older versions of vac or xlc. 610 # It also throws errors about null macro arguments, but these are 611 # not fatal. 612 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 613 AC_COMPILE_IFELSE( 614 [AC_LANG_PROGRAM([[ 615#define testmacro foo 616#define testmacro bar]], 617 [[ exit(0); ]])], 618 [ AC_MSG_RESULT([yes]) ], 619 [ AC_MSG_RESULT([no]) 620 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 621 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 622 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 623 ] 624 ) 625 626 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 627 if (test -z "$blibpath"); then 628 blibpath="/usr/lib:/lib" 629 fi 630 saved_LDFLAGS="$LDFLAGS" 631 if test "$GCC" = "yes"; then 632 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 633 else 634 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 635 fi 636 for tryflags in $flags ;do 637 if (test -z "$blibflags"); then 638 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 639 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 640 [blibflags=$tryflags], []) 641 fi 642 done 643 if (test -z "$blibflags"); then 644 AC_MSG_RESULT([not found]) 645 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 646 else 647 AC_MSG_RESULT([$blibflags]) 648 fi 649 LDFLAGS="$saved_LDFLAGS" 650 dnl Check for authenticate. Might be in libs.a on older AIXes 651 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 652 [Define if you want to enable AIX4's authenticate function])], 653 [AC_CHECK_LIB([s], [authenticate], 654 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 655 LIBS="$LIBS -ls" 656 ]) 657 ]) 658 dnl Check for various auth function declarations in headers. 659 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 660 passwdexpired, setauthdb], , , [#include <usersec.h>]) 661 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 662 AC_CHECK_DECLS([loginfailed], 663 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 664 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 665 [[ (void)loginfailed("user","host","tty",0); ]])], 666 [AC_MSG_RESULT([yes]) 667 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 668 [Define if your AIX loginfailed() function 669 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 670 ])], 671 [], 672 [#include <usersec.h>] 673 ) 674 AC_CHECK_FUNCS([getgrset setauthdb]) 675 AC_CHECK_DECL([F_CLOSEM], 676 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 677 [], 678 [ #include <limits.h> 679 #include <fcntl.h> ] 680 ) 681 check_for_aix_broken_getaddrinfo=1 682 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 683 [Define if your platform breaks doing a seteuid before a setuid]) 684 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 685 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 686 dnl AIX handles lastlog as part of its login message 687 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 688 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 689 [Some systems need a utmpx entry for /bin/login to work]) 690 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 691 [Define to a Set Process Title type if your system is 692 supported by bsd-setproctitle.c]) 693 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 694 [AIX 5.2 and 5.3 (and presumably newer) require this]) 695 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 696 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 697 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 698 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 699 ;; 700*-*-android*) 701 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 702 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 703 ;; 704*-*-cygwin*) 705 LIBS="$LIBS /usr/lib/textreadmode.o" 706 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 707 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 708 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 709 [Define to disable UID restoration test]) 710 AC_DEFINE([DISABLE_SHADOW], [1], 711 [Define if you want to disable shadow passwords]) 712 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 713 [Define if X11 doesn't support AF_UNIX sockets on that system]) 714 AC_DEFINE([DISABLE_FD_PASSING], [1], 715 [Define if your platform needs to skip post auth 716 file descriptor passing]) 717 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 718 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 719 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 720 # reasons which cause compile warnings, so we disable those warnings. 721 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 722 ;; 723*-*-dgux*) 724 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 725 [Define if your system choked on IP TOS setting]) 726 AC_DEFINE([SETEUID_BREAKS_SETUID]) 727 AC_DEFINE([BROKEN_SETREUID]) 728 AC_DEFINE([BROKEN_SETREGID]) 729 ;; 730*-*-darwin*) 731 use_pie=auto 732 AC_MSG_CHECKING([if we have working getaddrinfo]) 733 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 734#include <mach-o/dyld.h> 735#include <stdlib.h> 736int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 737 exit(0); 738 else 739 exit(1); 740} 741 ]])], 742 [AC_MSG_RESULT([working])], 743 [AC_MSG_RESULT([buggy]) 744 AC_DEFINE([BROKEN_GETADDRINFO], [1], 745 [getaddrinfo is broken (if present)]) 746 ], 747 [AC_MSG_RESULT([assume it is working])]) 748 AC_DEFINE([SETEUID_BREAKS_SETUID]) 749 AC_DEFINE([BROKEN_SETREUID]) 750 AC_DEFINE([BROKEN_SETREGID]) 751 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 752 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 753 [Define if your resolver libs need this for getrrsetbyname]) 754 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 755 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 756 [Use tunnel device compatibility to OpenBSD]) 757 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 758 [Prepend the address family to IP tunnel traffic]) 759 m4_pattern_allow([AU_IPv]) 760 AC_CHECK_DECL([AU_IPv4], [], 761 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 762 [#include <bsm/audit.h>] 763 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 764 [Define if pututxline updates lastlog too]) 765 ) 766 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 767 [Define to a Set Process Title type if your system is 768 supported by bsd-setproctitle.c]) 769 AC_CHECK_FUNCS([sandbox_init]) 770 AC_CHECK_HEADERS([sandbox.h]) 771 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 772 SSHDLIBS="$SSHDLIBS -lsandbox" 773 ]) 774 # proc_pidinfo()-based closefrom() replacement. 775 AC_CHECK_HEADERS([libproc.h]) 776 AC_CHECK_FUNCS([proc_pidinfo]) 777 # poll(2) is broken for character-special devices (at least). 778 # cf. Apple bug 3710161 (not public, but searchable) 779 AC_DEFINE([BROKEN_POLL], [1], 780 [System poll(2) implementation is broken]) 781 ;; 782*-*-dragonfly*) 783 SSHDLIBS="$SSHDLIBS" 784 TEST_MALLOC_OPTIONS="AFGJPRX" 785 ;; 786*-*-haiku*) 787 LIBS="$LIBS -lbsd " 788 CFLAGS="$CFLAGS -D_BSD_SOURCE" 789 AC_CHECK_LIB([network], [socket]) 790 AC_DEFINE([HAVE_U_INT64_T]) 791 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 792 MANTYPE=man 793 ;; 794*-*-hpux*) 795 # first we define all of the options common to all HP-UX releases 796 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 797 IPADDR_IN_DISPLAY=yes 798 AC_DEFINE([USE_PIPES]) 799 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 801 [String used in /etc/passwd to denote locked account]) 802 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 803 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 804 maildir="/var/mail" 805 LIBS="$LIBS -lsec" 806 AC_CHECK_LIB([xnet], [t_error], , 807 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 808 809 # next, we define all of the options specific to major releases 810 case "$host" in 811 *-*-hpux10*) 812 if test -z "$GCC"; then 813 CFLAGS="$CFLAGS -Ae" 814 fi 815 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 816 ;; 817 *-*-hpux11*) 818 AC_DEFINE([PAM_SUN_CODEBASE], [1], 819 [Define if you are using Solaris-derived PAM which 820 passes pam_messages to the conversation function 821 with an extra level of indirection]) 822 AC_DEFINE([DISABLE_UTMP], [1], 823 [Define if you don't want to use utmp]) 824 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 825 check_for_hpux_broken_getaddrinfo=1 826 check_for_conflicting_getspnam=1 827 ;; 828 esac 829 830 # lastly, we define options specific to minor releases 831 case "$host" in 832 *-*-hpux10.26) 833 AC_DEFINE([HAVE_SECUREWARE], [1], 834 [Define if you have SecureWare-based 835 protected password database]) 836 disable_ptmx_check=yes 837 LIBS="$LIBS -lsecpw" 838 ;; 839 esac 840 ;; 841*-*-irix5*) 842 PATH="$PATH:/usr/etc" 843 AC_DEFINE([BROKEN_INET_NTOA], [1], 844 [Define if you system's inet_ntoa is busted 845 (e.g. Irix gcc issue)]) 846 AC_DEFINE([SETEUID_BREAKS_SETUID]) 847 AC_DEFINE([BROKEN_SETREUID]) 848 AC_DEFINE([BROKEN_SETREGID]) 849 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 850 [Define if you shouldn't strip 'tty' from your 851 ttyname in [uw]tmp]) 852 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 853 ;; 854*-*-irix6*) 855 PATH="$PATH:/usr/etc" 856 AC_DEFINE([WITH_IRIX_ARRAY], [1], 857 [Define if you have/want arrays 858 (cluster-wide session management, not C arrays)]) 859 AC_DEFINE([WITH_IRIX_PROJECT], [1], 860 [Define if you want IRIX project management]) 861 AC_DEFINE([WITH_IRIX_AUDIT], [1], 862 [Define if you want IRIX audit trails]) 863 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 864 [Define if you want IRIX kernel jobs])]) 865 AC_DEFINE([BROKEN_INET_NTOA]) 866 AC_DEFINE([SETEUID_BREAKS_SETUID]) 867 AC_DEFINE([BROKEN_SETREUID]) 868 AC_DEFINE([BROKEN_SETREGID]) 869 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 870 AC_DEFINE([WITH_ABBREV_NO_TTY]) 871 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 872 ;; 873*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 874 AC_DEFINE([PAM_TTY_KLUDGE]) 875 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 876 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 877 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 878 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 879 ;; 880*-*-linux*) 881 no_dev_ptmx=1 882 use_pie=auto 883 check_for_openpty_ctty_bug=1 884 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 885 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 886 dnl _GNU_SOURCE is needed for setres*id prototypes. 887 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 888 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 889 AC_DEFINE([PAM_TTY_KLUDGE], [1], 890 [Work around problematic Linux PAM modules handling of PAM_TTY]) 891 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 892 [String used in /etc/passwd to denote locked account]) 893 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 894 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 895 [Define to whatever link() returns for "not supported" 896 if it doesn't return EOPNOTSUPP.]) 897 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 898 AC_DEFINE([USE_BTMP]) 899 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 900 inet6_default_4in6=yes 901 case `uname -r` in 902 1.*|2.0.*) 903 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 904 [Define if cmsg_type is not passed correctly]) 905 ;; 906 esac 907 # tun(4) forwarding compat code 908 AC_CHECK_HEADERS([linux/if_tun.h]) 909 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 910 AC_DEFINE([SSH_TUN_LINUX], [1], 911 [Open tunnel devices the Linux tun/tap way]) 912 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 913 [Use tunnel device compatibility to OpenBSD]) 914 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 915 [Prepend the address family to IP tunnel traffic]) 916 fi 917 AC_CHECK_HEADER([linux/if.h], 918 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 919 [Support routing domains using Linux VRF]), [], [ 920#ifdef HAVE_SYS_TYPES_H 921# include <sys/types.h> 922#endif 923 ]) 924 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 925 [], [#include <linux/types.h>]) 926 # Obtain MIPS ABI 927 case "$host" in 928 mips*) 929 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 930#if _MIPS_SIM != _ABIO32 931#error 932#endif 933 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 934#if _MIPS_SIM != _ABIN32 935#error 936#endif 937 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 938#if _MIPS_SIM != _ABI64 939#error 940#endif 941 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 942 ]) 943 ]) 944 ]) 945 ;; 946 esac 947 AC_MSG_CHECKING([for seccomp architecture]) 948 seccomp_audit_arch= 949 case "$host" in 950 x86_64-*) 951 seccomp_audit_arch=AUDIT_ARCH_X86_64 952 ;; 953 i*86-*) 954 seccomp_audit_arch=AUDIT_ARCH_I386 955 ;; 956 arm*-*) 957 seccomp_audit_arch=AUDIT_ARCH_ARM 958 ;; 959 aarch64*-*) 960 seccomp_audit_arch=AUDIT_ARCH_AARCH64 961 ;; 962 s390x-*) 963 seccomp_audit_arch=AUDIT_ARCH_S390X 964 ;; 965 s390-*) 966 seccomp_audit_arch=AUDIT_ARCH_S390 967 ;; 968 powerpc-*) 969 seccomp_audit_arch=AUDIT_ARCH_PPC 970 ;; 971 powerpc64-*) 972 seccomp_audit_arch=AUDIT_ARCH_PPC64 973 ;; 974 powerpc64le-*) 975 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 976 ;; 977 mips-*) 978 seccomp_audit_arch=AUDIT_ARCH_MIPS 979 ;; 980 mipsel-*) 981 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 982 ;; 983 mips64-*) 984 case "$mips_abi" in 985 "n32") 986 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 987 ;; 988 "n64") 989 seccomp_audit_arch=AUDIT_ARCH_MIPS64 990 ;; 991 esac 992 ;; 993 mips64el-*) 994 case "$mips_abi" in 995 "n32") 996 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 997 ;; 998 "n64") 999 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1000 ;; 1001 esac 1002 ;; 1003 riscv64-*) 1004 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1005 ;; 1006 esac 1007 if test "x$seccomp_audit_arch" != "x" ; then 1008 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1009 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1010 [Specify the system call convention in use]) 1011 else 1012 AC_MSG_RESULT([architecture not supported]) 1013 fi 1014 ;; 1015*-*-minix) 1016 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1017 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1018 AC_DEFINE([BROKEN_POLL], [1], 1019 [System poll(2) implementation is broken]) 1020 ;; 1021mips-sony-bsd|mips-sony-newsos4) 1022 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1023 SONY=1 1024 ;; 1025*-*-netbsd*) 1026 if test "x$withval" != "xno" ; then 1027 rpath_opt="-R" 1028 fi 1029 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1030 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1031 AC_CHECK_HEADER([net/if_tap.h], , 1032 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1033 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1034 [Prepend the address family to IP tunnel traffic]) 1035 TEST_MALLOC_OPTIONS="AJRX" 1036 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1037 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1038 ;; 1039*-*-freebsd*) 1040 SKIP_DISABLE_LASTLOG_DEFINE=yes 1041 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1042 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1043 AC_CHECK_HEADER([net/if_tap.h], , 1044 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1045 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1046 TEST_MALLOC_OPTIONS="AJRX" 1047 # Preauth crypto occasionally uses file descriptors for crypto offload 1048 # and will crash if they cannot be opened. 1049 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1050 [define if setrlimit RLIMIT_NOFILE breaks things]) 1051 case "$host" in 1052 *-*-freebsd9.*|*-*-freebsd10.*) 1053 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1054 disable_capsicum=yes 1055 esac 1056 ;; 1057*-*-bsdi*) 1058 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1059 AC_DEFINE([BROKEN_SETREUID]) 1060 AC_DEFINE([BROKEN_SETREGID]) 1061 ;; 1062*-next-*) 1063 conf_lastlog_location="/usr/adm/lastlog" 1064 conf_utmp_location=/etc/utmp 1065 conf_wtmp_location=/usr/adm/wtmp 1066 maildir=/usr/spool/mail 1067 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1068 AC_DEFINE([USE_PIPES]) 1069 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1070 ;; 1071*-*-openbsd*) 1072 use_pie=auto 1073 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1074 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1075 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1076 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1077 [syslog_r function is safe to use in in a signal handler]) 1078 TEST_MALLOC_OPTIONS="AFGJPRX" 1079 ;; 1080*-*-solaris*) 1081 if test "x$withval" != "xno" ; then 1082 rpath_opt="-R" 1083 fi 1084 AC_DEFINE([PAM_SUN_CODEBASE]) 1085 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1086 AC_DEFINE([PAM_TTY_KLUDGE]) 1087 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1088 [Define if pam_chauthtok wants real uid set 1089 to the unpriv'ed user]) 1090 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1091 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1092 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1093 [Define if sshd somehow reacquires a controlling TTY 1094 after setsid()]) 1095 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1096 in case the name is longer than 8 chars]) 1097 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1098 external_path_file=/etc/default/login 1099 # hardwire lastlog location (can't detect it on some versions) 1100 conf_lastlog_location="/var/adm/lastlog" 1101 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1102 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1103 if test "$sol2ver" -ge 8; then 1104 AC_MSG_RESULT([yes]) 1105 AC_DEFINE([DISABLE_UTMP]) 1106 AC_DEFINE([DISABLE_WTMP], [1], 1107 [Define if you don't want to use wtmp]) 1108 else 1109 AC_MSG_RESULT([no]) 1110 fi 1111 AC_CHECK_FUNCS([setpflags]) 1112 AC_CHECK_FUNCS([setppriv]) 1113 AC_CHECK_FUNCS([priv_basicset]) 1114 AC_CHECK_HEADERS([priv.h]) 1115 AC_ARG_WITH([solaris-contracts], 1116 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1117 [ 1118 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1119 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1120 [Define if you have Solaris process contracts]) 1121 LIBS="$LIBS -lcontract" 1122 SPC_MSG="yes" ], ) 1123 ], 1124 ) 1125 AC_ARG_WITH([solaris-projects], 1126 [ --with-solaris-projects Enable Solaris projects (experimental)], 1127 [ 1128 AC_CHECK_LIB([project], [setproject], 1129 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1130 [Define if you have Solaris projects]) 1131 LIBS="$LIBS -lproject" 1132 SP_MSG="yes" ], ) 1133 ], 1134 ) 1135 AC_ARG_WITH([solaris-privs], 1136 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1137 [ 1138 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1139 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1140 "x$ac_cv_header_priv_h" = "xyes" ; then 1141 SOLARIS_PRIVS=yes 1142 AC_MSG_RESULT([found]) 1143 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1144 [Define to disable UID restoration test]) 1145 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1146 [Define if you have Solaris privileges]) 1147 SPP_MSG="yes" 1148 else 1149 AC_MSG_RESULT([not found]) 1150 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1151 fi 1152 ], 1153 ) 1154 TEST_SHELL=$SHELL # let configure find us a capable shell 1155 ;; 1156*-*-sunos4*) 1157 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1158 AC_CHECK_FUNCS([getpwanam]) 1159 AC_DEFINE([PAM_SUN_CODEBASE]) 1160 conf_utmp_location=/etc/utmp 1161 conf_wtmp_location=/var/adm/wtmp 1162 conf_lastlog_location=/var/adm/lastlog 1163 AC_DEFINE([USE_PIPES]) 1164 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1165 ;; 1166*-ncr-sysv*) 1167 LIBS="$LIBS -lc89" 1168 AC_DEFINE([USE_PIPES]) 1169 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1170 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1171 AC_DEFINE([BROKEN_SETREUID]) 1172 AC_DEFINE([BROKEN_SETREGID]) 1173 ;; 1174*-sni-sysv*) 1175 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1176 AC_CHECK_LIB([dl], [dlsym], ,) 1177 # -lresolv needs to be at the end of LIBS or DNS lookups break 1178 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1179 IPADDR_IN_DISPLAY=yes 1180 AC_DEFINE([USE_PIPES]) 1181 AC_DEFINE([IP_TOS_IS_BROKEN]) 1182 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1183 AC_DEFINE([BROKEN_SETREUID]) 1184 AC_DEFINE([BROKEN_SETREGID]) 1185 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1186 external_path_file=/etc/default/login 1187 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1188 # Attention: always take care to bind libsocket and libnsl before libc, 1189 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1190 ;; 1191# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1192*-*-sysv4.2*) 1193 AC_DEFINE([USE_PIPES]) 1194 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1195 AC_DEFINE([BROKEN_SETREUID]) 1196 AC_DEFINE([BROKEN_SETREGID]) 1197 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1198 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1199 TEST_SHELL=$SHELL # let configure find us a capable shell 1200 ;; 1201# UnixWare 7.x, OpenUNIX 8 1202*-*-sysv5*) 1203 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1204 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1205 AC_DEFINE([USE_PIPES]) 1206 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1207 AC_DEFINE([BROKEN_GETADDRINFO]) 1208 AC_DEFINE([BROKEN_SETREUID]) 1209 AC_DEFINE([BROKEN_SETREGID]) 1210 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1211 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1212 TEST_SHELL=$SHELL # let configure find us a capable shell 1213 case "$host" in 1214 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1215 maildir=/var/spool/mail 1216 AC_DEFINE([BROKEN_UPDWTMPX]) 1217 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1218 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1219 ], , ) 1220 ;; 1221 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1222 ;; 1223 esac 1224 ;; 1225*-*-sysv*) 1226 ;; 1227# SCO UNIX and OEM versions of SCO UNIX 1228*-*-sco3.2v4*) 1229 AC_MSG_ERROR("This Platform is no longer supported.") 1230 ;; 1231# SCO OpenServer 5.x 1232*-*-sco3.2v5*) 1233 if test -z "$GCC"; then 1234 CFLAGS="$CFLAGS -belf" 1235 fi 1236 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1237 no_dev_ptmx=1 1238 AC_DEFINE([USE_PIPES]) 1239 AC_DEFINE([HAVE_SECUREWARE]) 1240 AC_DEFINE([DISABLE_SHADOW]) 1241 AC_DEFINE([DISABLE_FD_PASSING]) 1242 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1243 AC_DEFINE([BROKEN_GETADDRINFO]) 1244 AC_DEFINE([BROKEN_SETREUID]) 1245 AC_DEFINE([BROKEN_SETREGID]) 1246 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1247 AC_DEFINE([BROKEN_UPDWTMPX]) 1248 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1249 AC_CHECK_FUNCS([getluid setluid]) 1250 MANTYPE=man 1251 TEST_SHELL=$SHELL # let configure find us a capable shell 1252 SKIP_DISABLE_LASTLOG_DEFINE=yes 1253 ;; 1254*-dec-osf*) 1255 AC_MSG_CHECKING([for Digital Unix SIA]) 1256 no_osfsia="" 1257 AC_ARG_WITH([osfsia], 1258 [ --with-osfsia Enable Digital Unix SIA], 1259 [ 1260 if test "x$withval" = "xno" ; then 1261 AC_MSG_RESULT([disabled]) 1262 no_osfsia=1 1263 fi 1264 ], 1265 ) 1266 if test -z "$no_osfsia" ; then 1267 if test -f /etc/sia/matrix.conf; then 1268 AC_MSG_RESULT([yes]) 1269 AC_DEFINE([HAVE_OSF_SIA], [1], 1270 [Define if you have Digital Unix Security 1271 Integration Architecture]) 1272 AC_DEFINE([DISABLE_LOGIN], [1], 1273 [Define if you don't want to use your 1274 system's login() call]) 1275 AC_DEFINE([DISABLE_FD_PASSING]) 1276 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1277 SIA_MSG="yes" 1278 else 1279 AC_MSG_RESULT([no]) 1280 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1281 [String used in /etc/passwd to denote locked account]) 1282 fi 1283 fi 1284 AC_DEFINE([BROKEN_GETADDRINFO]) 1285 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1286 AC_DEFINE([BROKEN_SETREUID]) 1287 AC_DEFINE([BROKEN_SETREGID]) 1288 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1289 ;; 1290 1291*-*-nto-qnx*) 1292 AC_DEFINE([USE_PIPES]) 1293 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1294 AC_DEFINE([DISABLE_LASTLOG]) 1295 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1296 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1297 enable_etc_default_login=no # has incompatible /etc/default/login 1298 case "$host" in 1299 *-*-nto-qnx6*) 1300 AC_DEFINE([DISABLE_FD_PASSING]) 1301 ;; 1302 esac 1303 ;; 1304 1305*-*-ultrix*) 1306 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1307 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1308 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1309 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1310 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1311 # don't get a controlling tty. 1312 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1313 # On Ultrix some headers are not protected against multiple includes, 1314 # so we create wrappers and put it where the compiler will find it. 1315 AC_MSG_WARN([creating compat wrappers for headers]) 1316 mkdir -p netinet 1317 for header in netinet/ip.h netdb.h resolv.h; do 1318 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1319 cat >$header <<EOD 1320#ifndef _SSH_COMPAT_${name} 1321#define _SSH_COMPAT_${name} 1322#include "/usr/include/${header}" 1323#endif 1324EOD 1325 done 1326 ;; 1327 1328*-*-lynxos) 1329 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1330 AC_DEFINE([BROKEN_SETVBUF], [1], 1331 [LynxOS has broken setvbuf() implementation]) 1332 ;; 1333esac 1334 1335AC_MSG_CHECKING([compiler and flags for sanity]) 1336AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1337 [ AC_MSG_RESULT([yes]) ], 1338 [ 1339 AC_MSG_RESULT([no]) 1340 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1341 ], 1342 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1343) 1344 1345dnl Checks for header files. 1346# Checks for libraries. 1347AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1348 1349dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1350AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1351 AC_CHECK_LIB([gen], [dirname], [ 1352 AC_CACHE_CHECK([for broken dirname], 1353 ac_cv_have_broken_dirname, [ 1354 save_LIBS="$LIBS" 1355 LIBS="$LIBS -lgen" 1356 AC_RUN_IFELSE( 1357 [AC_LANG_SOURCE([[ 1358#include <libgen.h> 1359#include <string.h> 1360#include <stdlib.h> 1361 1362int main(int argc, char **argv) { 1363 char *s, buf[32]; 1364 1365 strncpy(buf,"/etc", 32); 1366 s = dirname(buf); 1367 if (!s || strncmp(s, "/", 32) != 0) { 1368 exit(1); 1369 } else { 1370 exit(0); 1371 } 1372} 1373 ]])], 1374 [ ac_cv_have_broken_dirname="no" ], 1375 [ ac_cv_have_broken_dirname="yes" ], 1376 [ ac_cv_have_broken_dirname="no" ], 1377 ) 1378 LIBS="$save_LIBS" 1379 ]) 1380 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1381 LIBS="$LIBS -lgen" 1382 AC_DEFINE([HAVE_DIRNAME]) 1383 AC_CHECK_HEADERS([libgen.h]) 1384 fi 1385 ]) 1386]) 1387 1388AC_CHECK_FUNC([getspnam], , 1389 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1390AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1391 [Define if you have the basename function.])]) 1392 1393dnl zlib defaults to enabled 1394zlib=yes 1395AC_ARG_WITH([zlib], 1396 [ --with-zlib=PATH Use zlib in PATH], 1397 [ if test "x$withval" = "xno" ; then 1398 zlib=no 1399 elif test "x$withval" != "xyes"; then 1400 if test -d "$withval/lib"; then 1401 if test -n "${rpath_opt}"; then 1402 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1403 else 1404 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1405 fi 1406 else 1407 if test -n "${rpath_opt}"; then 1408 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1409 else 1410 LDFLAGS="-L${withval} ${LDFLAGS}" 1411 fi 1412 fi 1413 if test -d "$withval/include"; then 1414 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1415 else 1416 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1417 fi 1418 fi ] 1419) 1420 1421# These libraries are needed for anything that links in the channel code. 1422CHANNELLIBS="" 1423AC_MSG_CHECKING([for zlib]) 1424if test "x${zlib}" = "xno"; then 1425 AC_MSG_RESULT([no]) 1426else 1427 saved_LIBS="$LIBS" 1428 CHANNELLIBS="$CHANNELLIBS -lz" 1429 AC_MSG_RESULT([yes]) 1430 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1431 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1432 AC_CHECK_LIB([z], [deflate], [], 1433 [ 1434 saved_CPPFLAGS="$CPPFLAGS" 1435 saved_LDFLAGS="$LDFLAGS" 1436 dnl Check default zlib install dir 1437 if test -n "${rpath_opt}"; then 1438 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1439 else 1440 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1441 fi 1442 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1443 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1444 [ 1445 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1446 ] 1447 ) 1448 ] 1449 ) 1450 1451 AC_ARG_WITH([zlib-version-check], 1452 [ --without-zlib-version-check Disable zlib version check], 1453 [ if test "x$withval" = "xno" ; then 1454 zlib_check_nonfatal=1 1455 fi 1456 ] 1457 ) 1458 1459 AC_MSG_CHECKING([for possibly buggy zlib]) 1460 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1461#include <stdio.h> 1462#include <stdlib.h> 1463#include <zlib.h> 1464 ]], 1465 [[ 1466 int a=0, b=0, c=0, d=0, n, v; 1467 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1468 if (n != 3 && n != 4) 1469 exit(1); 1470 v = a*1000000 + b*10000 + c*100 + d; 1471 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1472 1473 /* 1.1.4 is OK */ 1474 if (a == 1 && b == 1 && c >= 4) 1475 exit(0); 1476 1477 /* 1.2.3 and up are OK */ 1478 if (v >= 1020300) 1479 exit(0); 1480 1481 exit(2); 1482 ]])], 1483 AC_MSG_RESULT([no]), 1484 [ AC_MSG_RESULT([yes]) 1485 if test -z "$zlib_check_nonfatal" ; then 1486 AC_MSG_ERROR([*** zlib too old - check config.log *** 1487Your reported zlib version has known security problems. It's possible your 1488vendor has fixed these problems without changing the version number. If you 1489are sure this is the case, you can disable the check by running 1490"./configure --without-zlib-version-check". 1491If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1492See http://www.gzip.org/zlib/ for details.]) 1493 else 1494 AC_MSG_WARN([zlib version may have security problems]) 1495 fi 1496 ], 1497 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1498 ) 1499 LIBS="$saved_LIBS" 1500fi 1501 1502dnl UnixWare 2.x 1503AC_CHECK_FUNC([strcasecmp], 1504 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1505) 1506AC_CHECK_FUNCS([utimes], 1507 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1508 LIBS="$LIBS -lc89"]) ] 1509) 1510 1511dnl Checks for libutil functions 1512AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1513AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1514AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1515AC_SEARCH_LIBS([login], [util bsd]) 1516AC_SEARCH_LIBS([logout], [util bsd]) 1517AC_SEARCH_LIBS([logwtmp], [util bsd]) 1518AC_SEARCH_LIBS([openpty], [util bsd]) 1519AC_SEARCH_LIBS([updwtmp], [util bsd]) 1520AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1521 1522# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1523# or libnsl. 1524AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1525AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1526 1527# Some Linux distribtions ship the BSD libc hashing functions in 1528# separate libraries. 1529AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1530 1531# "Particular Function Checks" 1532# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1533AC_FUNC_STRFTIME 1534AC_FUNC_MALLOC 1535AC_FUNC_REALLOC 1536# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1537AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1538AC_RUN_IFELSE( 1539 [AC_LANG_PROGRAM( 1540 [[ #include <stdlib.h> ]], 1541 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1542 )], 1543 [ func_calloc_0_nonnull=yes ], 1544 [ func_calloc_0_nonnull=no ], 1545 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1546 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1547) 1548AC_MSG_RESULT([$func_calloc_0_nonnull]) 1549 1550if test "x$func_calloc_0_nonnull" = "xyes"; then 1551 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1552else 1553 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1554 AC_DEFINE(calloc, rpl_calloc, 1555 [Define to rpl_calloc if the replacement function should be used.]) 1556fi 1557 1558# Check for ALTDIRFUNC glob() extension 1559AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1560AC_EGREP_CPP([FOUNDIT], 1561 [ 1562 #include <glob.h> 1563 #ifdef GLOB_ALTDIRFUNC 1564 FOUNDIT 1565 #endif 1566 ], 1567 [ 1568 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1569 [Define if your system glob() function has 1570 the GLOB_ALTDIRFUNC extension]) 1571 AC_MSG_RESULT([yes]) 1572 ], 1573 [ 1574 AC_MSG_RESULT([no]) 1575 ] 1576) 1577 1578# Check for g.gl_matchc glob() extension 1579AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1580AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1581 [[ glob_t g; g.gl_matchc = 1; ]])], 1582 [ 1583 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1584 [Define if your system glob() function has 1585 gl_matchc options in glob_t]) 1586 AC_MSG_RESULT([yes]) 1587 ], [ 1588 AC_MSG_RESULT([no]) 1589]) 1590 1591# Check for g.gl_statv glob() extension 1592AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1593AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1594#ifndef GLOB_KEEPSTAT 1595#error "glob does not support GLOB_KEEPSTAT extension" 1596#endif 1597glob_t g; 1598g.gl_statv = NULL; 1599]])], 1600 [ 1601 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1602 [Define if your system glob() function has 1603 gl_statv options in glob_t]) 1604 AC_MSG_RESULT([yes]) 1605 ], [ 1606 AC_MSG_RESULT([no]) 1607 1608]) 1609 1610AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1611 1612AC_CHECK_DECL([VIS_ALL], , 1613 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1614 1615AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1616AC_RUN_IFELSE( 1617 [AC_LANG_PROGRAM([[ 1618#include <sys/types.h> 1619#include <dirent.h> 1620#include <stdlib.h> 1621 ]], 1622 [[ 1623 struct dirent d; 1624 exit(sizeof(d.d_name)<=sizeof(char)); 1625 ]])], 1626 [AC_MSG_RESULT([yes])], 1627 [ 1628 AC_MSG_RESULT([no]) 1629 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1630 [Define if your struct dirent expects you to 1631 allocate extra space for d_name]) 1632 ], 1633 [ 1634 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1635 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1636 ] 1637) 1638 1639AC_MSG_CHECKING([for /proc/pid/fd directory]) 1640if test -d "/proc/$$/fd" ; then 1641 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1642 AC_MSG_RESULT([yes]) 1643else 1644 AC_MSG_RESULT([no]) 1645fi 1646 1647# Check whether user wants TCP wrappers support 1648TCPW_MSG="no" 1649AC_ARG_WITH([tcp-wrappers], 1650 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1651 [ 1652 if test "x$withval" != "xno" ; then 1653 saved_LIBS="$LIBS" 1654 saved_LDFLAGS="$LDFLAGS" 1655 saved_CPPFLAGS="$CPPFLAGS" 1656 if test -n "${withval}" && \ 1657 test "x${withval}" != "xyes"; then 1658 if test -d "${withval}/lib"; then 1659 if test -n "${need_dash_r}"; then 1660 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1661 else 1662 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1663 fi 1664 else 1665 if test -n "${need_dash_r}"; then 1666 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1667 else 1668 LDFLAGS="-L${withval} ${LDFLAGS}" 1669 fi 1670 fi 1671 if test -d "${withval}/include"; then 1672 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1673 else 1674 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1675 fi 1676 fi 1677 LIBS="-lwrap $LIBS" 1678 AC_MSG_CHECKING([for libwrap]) 1679 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1680#include <sys/types.h> 1681#include <sys/socket.h> 1682#include <netinet/in.h> 1683#include <tcpd.h> 1684int deny_severity = 0, allow_severity = 0; 1685 ]], [[ 1686 hosts_access(0); 1687 ]])], [ 1688 AC_MSG_RESULT([yes]) 1689 AC_DEFINE([LIBWRAP], [1], 1690 [Define if you want 1691 TCP Wrappers support]) 1692 SSHDLIBS="$SSHDLIBS -lwrap" 1693 TCPW_MSG="yes" 1694 ], [ 1695 AC_MSG_ERROR([*** libwrap missing]) 1696 ]) 1697 LIBS="$saved_LIBS" 1698 fi 1699 ] 1700) 1701 1702# Check whether user wants to use ldns 1703LDNS_MSG="no" 1704AC_ARG_WITH(ldns, 1705 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1706 [ 1707 ldns="" 1708 if test "x$withval" = "xyes" ; then 1709 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1710 if test "x$LDNSCONFIG" = "xno"; then 1711 LIBS="-lldns $LIBS" 1712 ldns=yes 1713 else 1714 LIBS="$LIBS `$LDNSCONFIG --libs`" 1715 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1716 ldns=yes 1717 fi 1718 elif test "x$withval" != "xno" ; then 1719 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1720 LDFLAGS="$LDFLAGS -L${withval}/lib" 1721 LIBS="-lldns $LIBS" 1722 ldns=yes 1723 fi 1724 1725 # Verify that it works. 1726 if test "x$ldns" = "xyes" ; then 1727 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1728 LDNS_MSG="yes" 1729 AC_MSG_CHECKING([for ldns support]) 1730 AC_LINK_IFELSE( 1731 [AC_LANG_SOURCE([[ 1732#include <stdio.h> 1733#include <stdlib.h> 1734#ifdef HAVE_STDINT_H 1735# include <stdint.h> 1736#endif 1737#include <ldns/ldns.h> 1738int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1739 ]]) 1740 ], 1741 [AC_MSG_RESULT(yes)], 1742 [ 1743 AC_MSG_RESULT(no) 1744 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1745 ]) 1746 fi 1747]) 1748 1749# Check whether user wants libedit support 1750LIBEDIT_MSG="no" 1751AC_ARG_WITH([libedit], 1752 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1753 [ if test "x$withval" != "xno" ; then 1754 if test "x$withval" = "xyes" ; then 1755 if test "x$PKGCONFIG" != "xno"; then 1756 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1757 if "$PKGCONFIG" libedit; then 1758 AC_MSG_RESULT([yes]) 1759 use_pkgconfig_for_libedit=yes 1760 else 1761 AC_MSG_RESULT([no]) 1762 fi 1763 fi 1764 else 1765 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1766 if test -n "${rpath_opt}"; then 1767 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1768 else 1769 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1770 fi 1771 fi 1772 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1773 LIBEDIT=`$PKGCONFIG --libs libedit` 1774 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1775 else 1776 LIBEDIT="-ledit -lcurses" 1777 fi 1778 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1779 AC_CHECK_LIB([edit], [el_init], 1780 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1781 LIBEDIT_MSG="yes" 1782 AC_SUBST([LIBEDIT]) 1783 ], 1784 [ AC_MSG_ERROR([libedit not found]) ], 1785 [ $OTHERLIBS ] 1786 ) 1787 AC_MSG_CHECKING([if libedit version is compatible]) 1788 AC_COMPILE_IFELSE( 1789 [AC_LANG_PROGRAM([[ 1790#include <histedit.h> 1791#include <stdlib.h> 1792 ]], 1793 [[ 1794 int i = H_SETSIZE; 1795 el_init("", NULL, NULL, NULL); 1796 exit(0); 1797 ]])], 1798 [ AC_MSG_RESULT([yes]) ], 1799 [ AC_MSG_RESULT([no]) 1800 AC_MSG_ERROR([libedit version is not compatible]) ] 1801 ) 1802 fi ] 1803) 1804 1805AUDIT_MODULE=none 1806AC_ARG_WITH([audit], 1807 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1808 [ 1809 AC_MSG_CHECKING([for supported audit module]) 1810 case "$withval" in 1811 bsm) 1812 AC_MSG_RESULT([bsm]) 1813 AUDIT_MODULE=bsm 1814 dnl Checks for headers, libs and functions 1815 AC_CHECK_HEADERS([bsm/audit.h], [], 1816 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1817 [ 1818#ifdef HAVE_TIME_H 1819# include <time.h> 1820#endif 1821 ] 1822) 1823 AC_CHECK_LIB([bsm], [getaudit], [], 1824 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1825 AC_CHECK_FUNCS([getaudit], [], 1826 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1827 # These are optional 1828 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1829 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1830 if test "$sol2ver" -ge 11; then 1831 SSHDLIBS="$SSHDLIBS -lscf" 1832 AC_DEFINE([BROKEN_BSM_API], [1], 1833 [The system has incomplete BSM API]) 1834 fi 1835 ;; 1836 linux) 1837 AC_MSG_RESULT([linux]) 1838 AUDIT_MODULE=linux 1839 dnl Checks for headers, libs and functions 1840 AC_CHECK_HEADERS([libaudit.h]) 1841 SSHDLIBS="$SSHDLIBS -laudit" 1842 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1843 ;; 1844 debug) 1845 AUDIT_MODULE=debug 1846 AC_MSG_RESULT([debug]) 1847 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1848 ;; 1849 no) 1850 AC_MSG_RESULT([no]) 1851 ;; 1852 *) 1853 AC_MSG_ERROR([Unknown audit module $withval]) 1854 ;; 1855 esac ] 1856) 1857 1858AC_ARG_WITH([pie], 1859 [ --with-pie Build Position Independent Executables if possible], [ 1860 if test "x$withval" = "xno"; then 1861 use_pie=no 1862 fi 1863 if test "x$withval" = "xyes"; then 1864 use_pie=yes 1865 fi 1866 ] 1867) 1868if test "x$use_pie" = "x"; then 1869 use_pie=no 1870fi 1871if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1872 # Turn off automatic PIE when toolchain hardening is off. 1873 use_pie=no 1874fi 1875if test "x$use_pie" = "xauto"; then 1876 # Automatic PIE requires gcc >= 4.x 1877 AC_MSG_CHECKING([for gcc >= 4.x]) 1878 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1879#if !defined(__GNUC__) || __GNUC__ < 4 1880#error gcc is too old 1881#endif 1882]])], 1883 [ AC_MSG_RESULT([yes]) ], 1884 [ AC_MSG_RESULT([no]) 1885 use_pie=no ] 1886) 1887fi 1888if test "x$use_pie" != "xno"; then 1889 SAVED_CFLAGS="$CFLAGS" 1890 SAVED_LDFLAGS="$LDFLAGS" 1891 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1892 OSSH_CHECK_LDFLAG_LINK([-pie]) 1893 # We use both -fPIE and -pie or neither. 1894 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1895 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1896 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1897 AC_MSG_RESULT([yes]) 1898 else 1899 AC_MSG_RESULT([no]) 1900 CFLAGS="$SAVED_CFLAGS" 1901 LDFLAGS="$SAVED_LDFLAGS" 1902 fi 1903fi 1904 1905AC_MSG_CHECKING([whether -fPIC is accepted]) 1906SAVED_CFLAGS="$CFLAGS" 1907CFLAGS="$CFLAGS -fPIC" 1908AC_COMPILE_IFELSE( 1909 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1910 [AC_MSG_RESULT([yes]) 1911 PICFLAG="-fPIC"; ], 1912 [AC_MSG_RESULT([no]) 1913 PICFLAG=""; ]) 1914CFLAGS="$SAVED_CFLAGS" 1915AC_SUBST([PICFLAG]) 1916 1917dnl Checks for library functions. Please keep in alphabetical order 1918AC_CHECK_FUNCS([ \ 1919 auth_hostok \ 1920 auth_timeok \ 1921 Blowfish_initstate \ 1922 Blowfish_expandstate \ 1923 Blowfish_expand0state \ 1924 Blowfish_stream2word \ 1925 SHA256Update \ 1926 SHA384Update \ 1927 SHA512Update \ 1928 asprintf \ 1929 b64_ntop \ 1930 __b64_ntop \ 1931 b64_pton \ 1932 __b64_pton \ 1933 bcopy \ 1934 bcrypt_pbkdf \ 1935 bindresvport_sa \ 1936 blf_enc \ 1937 bzero \ 1938 cap_rights_limit \ 1939 clock \ 1940 closefrom \ 1941 close_range \ 1942 dirfd \ 1943 endgrent \ 1944 err \ 1945 errx \ 1946 explicit_bzero \ 1947 explicit_memset \ 1948 fchmod \ 1949 fchmodat \ 1950 fchown \ 1951 fchownat \ 1952 flock \ 1953 fnmatch \ 1954 freeaddrinfo \ 1955 freezero \ 1956 fstatfs \ 1957 fstatvfs \ 1958 futimes \ 1959 getaddrinfo \ 1960 getcwd \ 1961 getentropy \ 1962 getgrouplist \ 1963 getline \ 1964 getnameinfo \ 1965 getopt \ 1966 getpagesize \ 1967 getpeereid \ 1968 getpeerucred \ 1969 getpgid \ 1970 _getpty \ 1971 getrlimit \ 1972 getrandom \ 1973 getsid \ 1974 getttyent \ 1975 glob \ 1976 group_from_gid \ 1977 inet_aton \ 1978 inet_ntoa \ 1979 inet_ntop \ 1980 innetgr \ 1981 killpg \ 1982 llabs \ 1983 localtime_r \ 1984 login_getcapbool \ 1985 login_getpwclass \ 1986 memmem \ 1987 memmove \ 1988 memset_s \ 1989 mkdtemp \ 1990 ngetaddrinfo \ 1991 nsleep \ 1992 ogetaddrinfo \ 1993 openlog_r \ 1994 pledge \ 1995 poll \ 1996 ppoll \ 1997 prctl \ 1998 procctl \ 1999 pselect \ 2000 pstat \ 2001 raise \ 2002 readpassphrase \ 2003 reallocarray \ 2004 realpath \ 2005 recvmsg \ 2006 recallocarray \ 2007 rresvport_af \ 2008 sendmsg \ 2009 setdtablesize \ 2010 setegid \ 2011 setenv \ 2012 seteuid \ 2013 setgroupent \ 2014 setgroups \ 2015 setlinebuf \ 2016 setlogin \ 2017 setpassent\ 2018 setpcred \ 2019 setproctitle \ 2020 setregid \ 2021 setreuid \ 2022 setrlimit \ 2023 setsid \ 2024 setvbuf \ 2025 sigaction \ 2026 sigvec \ 2027 snprintf \ 2028 socketpair \ 2029 statfs \ 2030 statvfs \ 2031 strcasestr \ 2032 strdup \ 2033 strerror \ 2034 strlcat \ 2035 strlcpy \ 2036 strmode \ 2037 strndup \ 2038 strnlen \ 2039 strnvis \ 2040 strptime \ 2041 strsignal \ 2042 strtonum \ 2043 strtoll \ 2044 strtoul \ 2045 strtoull \ 2046 swap32 \ 2047 sysconf \ 2048 tcgetpgrp \ 2049 timegm \ 2050 timingsafe_bcmp \ 2051 truncate \ 2052 unsetenv \ 2053 updwtmpx \ 2054 utimensat \ 2055 user_from_uid \ 2056 usleep \ 2057 vasprintf \ 2058 vsnprintf \ 2059 waitpid \ 2060 warn \ 2061]) 2062 2063AC_CHECK_DECLS([bzero, memmem]) 2064 2065dnl Wide character support. 2066AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2067 2068TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2069AC_MSG_CHECKING([for utf8 locale support]) 2070AC_RUN_IFELSE( 2071 [AC_LANG_PROGRAM([[ 2072#include <locale.h> 2073#include <stdlib.h> 2074 ]], [[ 2075 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2076 if (loc != NULL) 2077 exit(0); 2078 exit(1); 2079 ]])], 2080 AC_MSG_RESULT(yes), 2081 [AC_MSG_RESULT(no) 2082 TEST_SSH_UTF8=no], 2083 AC_MSG_WARN([cross compiling: assuming yes]) 2084) 2085 2086AC_LINK_IFELSE( 2087 [AC_LANG_PROGRAM( 2088 [[ #include <ctype.h> ]], 2089 [[ return (isblank('a')); ]])], 2090 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2091]) 2092 2093disable_pkcs11= 2094AC_ARG_ENABLE([pkcs11], 2095 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2096 [ 2097 if test "x$enableval" = "xno" ; then 2098 disable_pkcs11=1 2099 fi 2100 ] 2101) 2102 2103disable_sk= 2104AC_ARG_ENABLE([security-key], 2105 [ --disable-security-key disable U2F/FIDO support code [no]], 2106 [ 2107 if test "x$enableval" = "xno" ; then 2108 disable_sk=1 2109 fi 2110 ] 2111) 2112enable_sk_internal= 2113AC_ARG_WITH([security-key-builtin], 2114 [ --with-security-key-builtin include builtin U2F/FIDO support], 2115 [ enable_sk_internal=$withval ] 2116) 2117 2118AC_SEARCH_LIBS([dlopen], [dl]) 2119AC_CHECK_FUNCS([dlopen]) 2120AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2121 2122# IRIX has a const char return value for gai_strerror() 2123AC_CHECK_FUNCS([gai_strerror], [ 2124 AC_DEFINE([HAVE_GAI_STRERROR]) 2125 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2126#include <sys/types.h> 2127#include <sys/socket.h> 2128#include <netdb.h> 2129 2130const char *gai_strerror(int); 2131 ]], [[ 2132 char *str; 2133 str = gai_strerror(0); 2134 ]])], [ 2135 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2136 [Define if gai_strerror() returns const char *])], [])]) 2137 2138AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2139 [Some systems put nanosleep outside of libc])]) 2140 2141AC_SEARCH_LIBS([clock_gettime], [rt], 2142 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2143 2144dnl check if we need -D_REENTRANT for localtime_r declaration. 2145AC_CHECK_DECL([localtime_r], [], 2146 [ saved_CPPFLAGS="$CPPFLAGS" 2147 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2148 unset ac_cv_have_decl_localtime_r 2149 AC_CHECK_DECL([localtime_r], [], 2150 [ CPPFLAGS="$saved_CPPFLAGS" ], 2151 [ #include <time.h> ] 2152 ) 2153 ], 2154 [ #include <time.h> ] 2155) 2156 2157dnl Make sure prototypes are defined for these before using them. 2158AC_CHECK_DECL([strsep], 2159 [AC_CHECK_FUNCS([strsep])], 2160 [], 2161 [ 2162#ifdef HAVE_STRING_H 2163# include <string.h> 2164#endif 2165 ]) 2166 2167dnl tcsendbreak might be a macro 2168AC_CHECK_DECL([tcsendbreak], 2169 [AC_DEFINE([HAVE_TCSENDBREAK])], 2170 [AC_CHECK_FUNCS([tcsendbreak])], 2171 [#include <termios.h>] 2172) 2173 2174AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2175 2176AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2177 [ 2178#include <sys/types.h> 2179#include <sys/socket.h> 2180#include <unistd.h> 2181 ]) 2182 2183AC_CHECK_DECLS([O_NONBLOCK], , , 2184 [ 2185#include <sys/types.h> 2186#ifdef HAVE_SYS_STAT_H 2187# include <sys/stat.h> 2188#endif 2189#ifdef HAVE_FCNTL_H 2190# include <fcntl.h> 2191#endif 2192 ]) 2193 2194AC_CHECK_DECLS([ftruncate, getentropy], , , 2195 [ 2196#include <sys/types.h> 2197#include <unistd.h> 2198 ]) 2199 2200AC_CHECK_DECLS([readv, writev], , , [ 2201#include <sys/types.h> 2202#include <sys/uio.h> 2203#include <unistd.h> 2204 ]) 2205 2206AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2207#include <sys/param.h> 2208 ]) 2209 2210AC_CHECK_DECLS([offsetof], , , [ 2211#include <stddef.h> 2212 ]) 2213 2214# extra bits for select(2) 2215AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2216#include <sys/param.h> 2217#include <sys/types.h> 2218#ifdef HAVE_SYS_SYSMACROS_H 2219#include <sys/sysmacros.h> 2220#endif 2221#ifdef HAVE_SYS_SELECT_H 2222#include <sys/select.h> 2223#endif 2224#ifdef HAVE_SYS_TIME_H 2225#include <sys/time.h> 2226#endif 2227#ifdef HAVE_UNISTD_H 2228#include <unistd.h> 2229#endif 2230 ]]) 2231AC_CHECK_TYPES([fd_mask], [], [], [[ 2232#include <sys/param.h> 2233#include <sys/types.h> 2234#ifdef HAVE_SYS_SELECT_H 2235#include <sys/select.h> 2236#endif 2237#ifdef HAVE_SYS_TIME_H 2238#include <sys/time.h> 2239#endif 2240#ifdef HAVE_UNISTD_H 2241#include <unistd.h> 2242#endif 2243 ]]) 2244 2245AC_CHECK_FUNCS([setresuid], [ 2246 dnl Some platorms have setresuid that isn't implemented, test for this 2247 AC_MSG_CHECKING([if setresuid seems to work]) 2248 AC_RUN_IFELSE( 2249 [AC_LANG_PROGRAM([[ 2250#include <errno.h> 2251#include <stdlib.h> 2252#include <unistd.h> 2253 ]], [[ 2254 errno=0; 2255 setresuid(0,0,0); 2256 if (errno==ENOSYS) 2257 exit(1); 2258 else 2259 exit(0); 2260 ]])], 2261 [AC_MSG_RESULT([yes])], 2262 [AC_DEFINE([BROKEN_SETRESUID], [1], 2263 [Define if your setresuid() is broken]) 2264 AC_MSG_RESULT([not implemented])], 2265 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2266 ) 2267]) 2268 2269AC_CHECK_FUNCS([setresgid], [ 2270 dnl Some platorms have setresgid that isn't implemented, test for this 2271 AC_MSG_CHECKING([if setresgid seems to work]) 2272 AC_RUN_IFELSE( 2273 [AC_LANG_PROGRAM([[ 2274#include <errno.h> 2275#include <stdlib.h> 2276#include <unistd.h> 2277 ]], [[ 2278 errno=0; 2279 setresgid(0,0,0); 2280 if (errno==ENOSYS) 2281 exit(1); 2282 else 2283 exit(0); 2284 ]])], 2285 [AC_MSG_RESULT([yes])], 2286 [AC_DEFINE([BROKEN_SETRESGID], [1], 2287 [Define if your setresgid() is broken]) 2288 AC_MSG_RESULT([not implemented])], 2289 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2290 ) 2291]) 2292 2293AC_MSG_CHECKING([for working fflush(NULL)]) 2294AC_RUN_IFELSE( 2295 [AC_LANG_PROGRAM([[ 2296#include <stdio.h> 2297#include <stdlib.h> 2298 ]], 2299 [[fflush(NULL); exit(0);]])], 2300 AC_MSG_RESULT([yes]), 2301 [AC_MSG_RESULT([no]) 2302 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2303 [define if fflush(NULL) does not work])], 2304 AC_MSG_WARN([cross compiling: assuming working]) 2305) 2306 2307dnl Checks for time functions 2308AC_CHECK_FUNCS([gettimeofday time]) 2309dnl Checks for utmp functions 2310AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2311AC_CHECK_FUNCS([utmpname]) 2312dnl Checks for utmpx functions 2313AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2314AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2315dnl Checks for lastlog functions 2316AC_CHECK_FUNCS([getlastlogxbyname]) 2317 2318AC_CHECK_FUNC([daemon], 2319 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2320 [AC_CHECK_LIB([bsd], [daemon], 2321 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2322) 2323 2324AC_CHECK_FUNC([getpagesize], 2325 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2326 [Define if your libraries define getpagesize()])], 2327 [AC_CHECK_LIB([ucb], [getpagesize], 2328 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2329) 2330 2331# Check for broken snprintf 2332if test "x$ac_cv_func_snprintf" = "xyes" ; then 2333 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2334 AC_RUN_IFELSE( 2335 [AC_LANG_PROGRAM([[ 2336#include <stdio.h> 2337#include <stdlib.h> 2338 ]], 2339 [[ 2340 char b[5]; 2341 snprintf(b,5,"123456789"); 2342 exit(b[4]!='\0'); 2343 ]])], 2344 [AC_MSG_RESULT([yes])], 2345 [ 2346 AC_MSG_RESULT([no]) 2347 AC_DEFINE([BROKEN_SNPRINTF], [1], 2348 [Define if your snprintf is busted]) 2349 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2350 ], 2351 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2352 ) 2353fi 2354 2355if test "x$ac_cv_func_snprintf" = "xyes" ; then 2356 AC_MSG_CHECKING([whether snprintf understands %zu]) 2357 AC_RUN_IFELSE( 2358 [AC_LANG_PROGRAM([[ 2359#include <sys/types.h> 2360#include <stdio.h> 2361#include <stdlib.h> 2362#include <string.h> 2363 ]], 2364 [[ 2365 size_t a = 1, b = 2; 2366 char z[128]; 2367 snprintf(z, sizeof z, "%zu%zu", a, b); 2368 exit(strcmp(z, "12")); 2369 ]])], 2370 [AC_MSG_RESULT([yes])], 2371 [ 2372 AC_MSG_RESULT([no]) 2373 AC_DEFINE([BROKEN_SNPRINTF], [1], 2374 [snprintf does not understand %zu]) 2375 ], 2376 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2377 ) 2378fi 2379 2380# We depend on vsnprintf returning the right thing on overflow: the 2381# number of characters it tried to create (as per SUSv3) 2382if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2383 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2384 AC_RUN_IFELSE( 2385 [AC_LANG_PROGRAM([[ 2386#include <sys/types.h> 2387#include <stdio.h> 2388#include <stdarg.h> 2389 2390int x_snprintf(char *str, size_t count, const char *fmt, ...) 2391{ 2392 size_t ret; 2393 va_list ap; 2394 2395 va_start(ap, fmt); 2396 ret = vsnprintf(str, count, fmt, ap); 2397 va_end(ap); 2398 return ret; 2399} 2400 ]], [[ 2401char x[1]; 2402if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2403 return 1; 2404if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2405 return 1; 2406return 0; 2407 ]])], 2408 [AC_MSG_RESULT([yes])], 2409 [ 2410 AC_MSG_RESULT([no]) 2411 AC_DEFINE([BROKEN_SNPRINTF], [1], 2412 [Define if your snprintf is busted]) 2413 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2414 ], 2415 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2416 ) 2417fi 2418 2419# On systems where [v]snprintf is broken, but is declared in stdio, 2420# check that the fmt argument is const char * or just char *. 2421# This is only useful for when BROKEN_SNPRINTF 2422AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2423AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2424#include <stdio.h> 2425int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2426 ]], [[ 2427 snprintf(0, 0, 0); 2428 ]])], 2429 [AC_MSG_RESULT([yes]) 2430 AC_DEFINE([SNPRINTF_CONST], [const], 2431 [Define as const if snprintf() can declare const char *fmt])], 2432 [AC_MSG_RESULT([no]) 2433 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2434 2435# Check for missing getpeereid (or equiv) support 2436NO_PEERCHECK="" 2437if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2438 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2439 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2440#include <sys/types.h> 2441#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2442 [ AC_MSG_RESULT([yes]) 2443 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2444 ], [AC_MSG_RESULT([no]) 2445 NO_PEERCHECK=1 2446 ]) 2447fi 2448 2449dnl make sure that openpty does not reacquire controlling terminal 2450if test ! -z "$check_for_openpty_ctty_bug"; then 2451 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2452 AC_RUN_IFELSE( 2453 [AC_LANG_PROGRAM([[ 2454#include <stdio.h> 2455#include <stdlib.h> 2456#include <unistd.h> 2457#ifdef HAVE_PTY_H 2458# include <pty.h> 2459#endif 2460#include <sys/fcntl.h> 2461#include <sys/types.h> 2462#include <sys/wait.h> 2463 ]], [[ 2464 pid_t pid; 2465 int fd, ptyfd, ttyfd, status; 2466 2467 pid = fork(); 2468 if (pid < 0) { /* failed */ 2469 exit(1); 2470 } else if (pid > 0) { /* parent */ 2471 waitpid(pid, &status, 0); 2472 if (WIFEXITED(status)) 2473 exit(WEXITSTATUS(status)); 2474 else 2475 exit(2); 2476 } else { /* child */ 2477 close(0); close(1); close(2); 2478 setsid(); 2479 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2480 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2481 if (fd >= 0) 2482 exit(3); /* Acquired ctty: broken */ 2483 else 2484 exit(0); /* Did not acquire ctty: OK */ 2485 } 2486 ]])], 2487 [ 2488 AC_MSG_RESULT([yes]) 2489 ], 2490 [ 2491 AC_MSG_RESULT([no]) 2492 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2493 ], 2494 [ 2495 AC_MSG_RESULT([cross-compiling, assuming yes]) 2496 ] 2497 ) 2498fi 2499 2500if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2501 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2502 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2503 AC_RUN_IFELSE( 2504 [AC_LANG_PROGRAM([[ 2505#include <stdio.h> 2506#include <stdlib.h> 2507#include <sys/socket.h> 2508#include <netdb.h> 2509#include <errno.h> 2510#include <netinet/in.h> 2511 2512#define TEST_PORT "2222" 2513 ]], [[ 2514 int err, sock; 2515 struct addrinfo *gai_ai, *ai, hints; 2516 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2517 2518 memset(&hints, 0, sizeof(hints)); 2519 hints.ai_family = PF_UNSPEC; 2520 hints.ai_socktype = SOCK_STREAM; 2521 hints.ai_flags = AI_PASSIVE; 2522 2523 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2524 if (err != 0) { 2525 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2526 exit(1); 2527 } 2528 2529 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2530 if (ai->ai_family != AF_INET6) 2531 continue; 2532 2533 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2534 sizeof(ntop), strport, sizeof(strport), 2535 NI_NUMERICHOST|NI_NUMERICSERV); 2536 2537 if (err != 0) { 2538 if (err == EAI_SYSTEM) 2539 perror("getnameinfo EAI_SYSTEM"); 2540 else 2541 fprintf(stderr, "getnameinfo failed: %s\n", 2542 gai_strerror(err)); 2543 exit(2); 2544 } 2545 2546 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2547 if (sock < 0) 2548 perror("socket"); 2549 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2550 if (errno == EBADF) 2551 exit(3); 2552 } 2553 } 2554 exit(0); 2555 ]])], 2556 [ 2557 AC_MSG_RESULT([yes]) 2558 ], 2559 [ 2560 AC_MSG_RESULT([no]) 2561 AC_DEFINE([BROKEN_GETADDRINFO]) 2562 ], 2563 [ 2564 AC_MSG_RESULT([cross-compiling, assuming yes]) 2565 ] 2566 ) 2567fi 2568 2569if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2570 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2571 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2572 AC_RUN_IFELSE( 2573 [AC_LANG_PROGRAM([[ 2574#include <stdio.h> 2575#include <stdlib.h> 2576#include <sys/socket.h> 2577#include <netdb.h> 2578#include <errno.h> 2579#include <netinet/in.h> 2580 2581#define TEST_PORT "2222" 2582 ]], [[ 2583 int err, sock; 2584 struct addrinfo *gai_ai, *ai, hints; 2585 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2586 2587 memset(&hints, 0, sizeof(hints)); 2588 hints.ai_family = PF_UNSPEC; 2589 hints.ai_socktype = SOCK_STREAM; 2590 hints.ai_flags = AI_PASSIVE; 2591 2592 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2593 if (err != 0) { 2594 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2595 exit(1); 2596 } 2597 2598 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2599 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2600 continue; 2601 2602 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2603 sizeof(ntop), strport, sizeof(strport), 2604 NI_NUMERICHOST|NI_NUMERICSERV); 2605 2606 if (ai->ai_family == AF_INET && err != 0) { 2607 perror("getnameinfo"); 2608 exit(2); 2609 } 2610 } 2611 exit(0); 2612 ]])], 2613 [ 2614 AC_MSG_RESULT([yes]) 2615 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2616 [Define if you have a getaddrinfo that fails 2617 for the all-zeros IPv6 address]) 2618 ], 2619 [ 2620 AC_MSG_RESULT([no]) 2621 AC_DEFINE([BROKEN_GETADDRINFO]) 2622 ], 2623 [ 2624 AC_MSG_RESULT([cross-compiling, assuming no]) 2625 ] 2626 ) 2627fi 2628 2629if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2630 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2631 [#include <sys/types.h> 2632 #include <sys/socket.h> 2633 #include <netdb.h>]) 2634fi 2635 2636if test "x$check_for_conflicting_getspnam" = "x1"; then 2637 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2638 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2639#include <shadow.h> 2640#include <stdlib.h> 2641 ]], 2642 [[ exit(0); ]])], 2643 [ 2644 AC_MSG_RESULT([no]) 2645 ], 2646 [ 2647 AC_MSG_RESULT([yes]) 2648 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2649 [Conflicting defs for getspnam]) 2650 ] 2651 ) 2652fi 2653 2654dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2655dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2656dnl for over ten years). Despite this incompatibility being reported during 2657dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2658dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2659dnl implementation. Try to detect this mess, and assume the only safe option 2660dnl if we're cross compiling. 2661dnl 2662dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2663dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2664if test "x$ac_cv_func_strnvis" = "xyes"; then 2665 AC_MSG_CHECKING([for working strnvis]) 2666 AC_RUN_IFELSE( 2667 [AC_LANG_PROGRAM([[ 2668#include <signal.h> 2669#include <stdlib.h> 2670#include <string.h> 2671#include <unistd.h> 2672#include <vis.h> 2673static void sighandler(int sig) { _exit(1); } 2674 ]], [[ 2675 char dst[16]; 2676 2677 signal(SIGSEGV, sighandler); 2678 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2679 exit(0); 2680 exit(1) 2681 ]])], 2682 [AC_MSG_RESULT([yes])], 2683 [AC_MSG_RESULT([no]) 2684 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2685 [AC_MSG_WARN([cross compiling: assuming broken]) 2686 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2687 ) 2688fi 2689 2690AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2691AC_RUN_IFELSE( 2692 [AC_LANG_PROGRAM([[ 2693#ifdef HAVE_SYS_SELECT 2694# include <sys/select.h> 2695#endif 2696#include <sys/types.h> 2697#include <sys/time.h> 2698#include <stdlib.h> 2699#include <signal.h> 2700#include <unistd.h> 2701static void sighandler(int sig) { } 2702 ]], [[ 2703 int r; 2704 pid_t pid; 2705 struct sigaction sa; 2706 2707 sa.sa_handler = sighandler; 2708 sa.sa_flags = SA_RESTART; 2709 (void)sigaction(SIGTERM, &sa, NULL); 2710 if ((pid = fork()) == 0) { /* child */ 2711 pid = getppid(); 2712 sleep(1); 2713 kill(pid, SIGTERM); 2714 sleep(1); 2715 if (getppid() == pid) /* if parent did not exit, shoot it */ 2716 kill(pid, SIGKILL); 2717 exit(0); 2718 } else { /* parent */ 2719 r = select(0, NULL, NULL, NULL, NULL); 2720 } 2721 exit(r == -1 ? 0 : 1); 2722 ]])], 2723 [AC_MSG_RESULT([yes])], 2724 [AC_MSG_RESULT([no]) 2725 AC_DEFINE([NO_SA_RESTART], [1], 2726 [SA_RESTARTed signals do no interrupt select])], 2727 [AC_MSG_WARN([cross compiling: assuming yes])] 2728) 2729 2730AC_CHECK_FUNCS([getpgrp],[ 2731 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2732 AC_COMPILE_IFELSE( 2733 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2734 [ AC_MSG_RESULT([yes]) 2735 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2736 [ AC_MSG_RESULT([no]) 2737 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2738 ) 2739]) 2740 2741# Search for OpenSSL 2742saved_CPPFLAGS="$CPPFLAGS" 2743saved_LDFLAGS="$LDFLAGS" 2744openssl_bin_PATH="$PATH" 2745AC_ARG_WITH([ssl-dir], 2746 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2747 [ 2748 if test "x$openssl" = "xno" ; then 2749 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2750 fi 2751 if test "x$withval" != "xno" ; then 2752 case "$withval" in 2753 # Relative paths 2754 ./*|../*) withval="`pwd`/$withval" 2755 esac 2756 if test -d "$withval/lib"; then 2757 libcrypto_path="${withval}/lib" 2758 elif test -d "$withval/lib64"; then 2759 libcrypto_path="$withval/lib64" 2760 else 2761 # Built but not installed 2762 libcrypto_path="${withval}" 2763 fi 2764 if test -n "${rpath_opt}"; then 2765 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2766 else 2767 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2768 fi 2769 if test -d "$withval/include"; then 2770 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2771 else 2772 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2773 fi 2774 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" 2775 fi 2776 ] 2777) 2778AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2779AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2780 2781AC_ARG_WITH([openssl-header-check], 2782 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2783 [ 2784 if test "x$withval" = "xno" ; then 2785 openssl_check_nonfatal=1 2786 fi 2787 ] 2788) 2789 2790openssl_engine=no 2791AC_ARG_WITH([ssl-engine], 2792 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2793 [ 2794 if test "x$withval" != "xno" ; then 2795 if test "x$openssl" = "xno" ; then 2796 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2797 fi 2798 openssl_engine=yes 2799 fi 2800 ] 2801) 2802 2803nocrypto_saved_LIBS="$LIBS" 2804if test "x$openssl" = "xyes" ; then 2805 LIBS="-lcrypto $LIBS" 2806 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2807 AC_TRY_LINK_FUNC([RAND_add], , 2808 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2809 AC_CHECK_HEADER([openssl/opensslv.h], , 2810 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2811 2812 # Determine OpenSSL header version 2813 AC_MSG_CHECKING([OpenSSL header version]) 2814 AC_RUN_IFELSE( 2815 [AC_LANG_PROGRAM([[ 2816 #include <stdlib.h> 2817 #include <stdio.h> 2818 #include <string.h> 2819 #include <openssl/opensslv.h> 2820 #define DATA "conftest.sslincver" 2821 ]], [[ 2822 FILE *fd; 2823 int rc; 2824 2825 fd = fopen(DATA,"w"); 2826 if(fd == NULL) 2827 exit(1); 2828 2829 if ((rc = fprintf(fd, "%08lx (%s)\n", 2830 (unsigned long)OPENSSL_VERSION_NUMBER, 2831 OPENSSL_VERSION_TEXT)) < 0) 2832 exit(1); 2833 2834 exit(0); 2835 ]])], 2836 [ 2837 ssl_header_ver=`cat conftest.sslincver` 2838 AC_MSG_RESULT([$ssl_header_ver]) 2839 ], 2840 [ 2841 AC_MSG_RESULT([not found]) 2842 AC_MSG_ERROR([OpenSSL version header not found.]) 2843 ], 2844 [ 2845 AC_MSG_WARN([cross compiling: not checking]) 2846 ] 2847 ) 2848 2849 # Determining OpenSSL library version is version dependent. 2850 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2851 2852 # Determine OpenSSL library version 2853 AC_MSG_CHECKING([OpenSSL library version]) 2854 AC_RUN_IFELSE( 2855 [AC_LANG_PROGRAM([[ 2856 #include <stdio.h> 2857 #include <stdlib.h> 2858 #include <string.h> 2859 #include <openssl/opensslv.h> 2860 #include <openssl/crypto.h> 2861 #define DATA "conftest.ssllibver" 2862 ]], [[ 2863 FILE *fd; 2864 int rc; 2865 2866 fd = fopen(DATA,"w"); 2867 if(fd == NULL) 2868 exit(1); 2869#ifndef OPENSSL_VERSION 2870# define OPENSSL_VERSION SSLEAY_VERSION 2871#endif 2872#ifndef HAVE_OPENSSL_VERSION 2873# define OpenSSL_version SSLeay_version 2874#endif 2875#ifndef HAVE_OPENSSL_VERSION_NUM 2876# define OpenSSL_version_num SSLeay 2877#endif 2878 if ((rc = fprintf(fd, "%08lx (%s)\n", 2879 (unsigned long)OpenSSL_version_num(), 2880 OpenSSL_version(OPENSSL_VERSION))) < 0) 2881 exit(1); 2882 2883 exit(0); 2884 ]])], 2885 [ 2886 ssl_library_ver=`cat conftest.ssllibver` 2887 # Check version is supported. 2888 case "$ssl_library_ver" in 2889 10000*|0*) 2890 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2891 ;; 2892 100*) ;; # 1.0.x 2893 101000[[0123456]]*) 2894 # https://github.com/openssl/openssl/pull/4613 2895 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2896 ;; 2897 101*) ;; # 1.1.x 2898 200*) ;; # LibreSSL 2899 300*) 2900 # OpenSSL 3; we use the 1.1x API 2901 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2902 ;; 2903 301*|302*) 2904 # OpenSSL development branch; request 1.1x API 2905 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2906 ;; 2907 *) 2908 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2909 ;; 2910 esac 2911 AC_MSG_RESULT([$ssl_library_ver]) 2912 ], 2913 [ 2914 AC_MSG_RESULT([not found]) 2915 AC_MSG_ERROR([OpenSSL library not found.]) 2916 ], 2917 [ 2918 AC_MSG_WARN([cross compiling: not checking]) 2919 ] 2920 ) 2921 2922 case "$host" in 2923 x86_64-*) 2924 case "$ssl_library_ver" in 2925 3000004*) 2926 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2927 ;; 2928 esac 2929 esac 2930 2931 # Sanity check OpenSSL headers 2932 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2933 AC_RUN_IFELSE( 2934 [AC_LANG_PROGRAM([[ 2935 #include <stdlib.h> 2936 #include <string.h> 2937 #include <openssl/opensslv.h> 2938 #include <openssl/crypto.h> 2939 ]], [[ 2940#ifndef HAVE_OPENSSL_VERSION_NUM 2941# define OpenSSL_version_num SSLeay 2942#endif 2943 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2944 ]])], 2945 [ 2946 AC_MSG_RESULT([yes]) 2947 ], 2948 [ 2949 AC_MSG_RESULT([no]) 2950 if test "x$openssl_check_nonfatal" = "x"; then 2951 AC_MSG_ERROR([Your OpenSSL headers do not match your 2952 library. Check config.log for details. 2953 If you are sure your installation is consistent, you can disable the check 2954 by running "./configure --without-openssl-header-check". 2955 Also see contrib/findssl.sh for help identifying header/library mismatches. 2956 ]) 2957 else 2958 AC_MSG_WARN([Your OpenSSL headers do not match your 2959 library. Check config.log for details. 2960 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2961 fi 2962 ], 2963 [ 2964 AC_MSG_WARN([cross compiling: not checking]) 2965 ] 2966 ) 2967 2968 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2969 AC_LINK_IFELSE( 2970 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2971 [[ ERR_load_crypto_strings(); ]])], 2972 [ 2973 AC_MSG_RESULT([yes]) 2974 ], 2975 [ 2976 AC_MSG_RESULT([no]) 2977 LIBS="$LIBS -ldl" 2978 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2979 AC_LINK_IFELSE( 2980 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2981 [[ ERR_load_crypto_strings(); ]])], 2982 [ 2983 AC_MSG_RESULT([yes]) 2984 CHANNELLIBS="$CHANNELLIBS -ldl" 2985 ], 2986 [ 2987 AC_MSG_RESULT([no]) 2988 ] 2989 ) 2990 ] 2991 ) 2992 2993 AC_CHECK_FUNCS([ \ 2994 BN_is_prime_ex \ 2995 DES_crypt \ 2996 DSA_generate_parameters_ex \ 2997 EVP_DigestFinal_ex \ 2998 EVP_DigestInit_ex \ 2999 EVP_MD_CTX_cleanup \ 3000 EVP_MD_CTX_copy_ex \ 3001 EVP_MD_CTX_init \ 3002 HMAC_CTX_init \ 3003 RSA_generate_key_ex \ 3004 RSA_get_default_method \ 3005 ]) 3006 3007 # OpenSSL_add_all_algorithms may be a macro. 3008 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 3009 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 3010 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 3011 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 3012 [[#include <openssl/evp.h>]] 3013 ) 3014 ) 3015 3016 # LibreSSL/OpenSSL 1.1x API 3017 AC_CHECK_FUNCS([ \ 3018 OPENSSL_init_crypto \ 3019 DH_get0_key \ 3020 DH_get0_pqg \ 3021 DH_set0_key \ 3022 DH_set_length \ 3023 DH_set0_pqg \ 3024 DSA_get0_key \ 3025 DSA_get0_pqg \ 3026 DSA_set0_key \ 3027 DSA_set0_pqg \ 3028 DSA_SIG_get0 \ 3029 DSA_SIG_set0 \ 3030 ECDSA_SIG_get0 \ 3031 ECDSA_SIG_set0 \ 3032 EVP_CIPHER_CTX_iv \ 3033 EVP_CIPHER_CTX_iv_noconst \ 3034 EVP_CIPHER_CTX_get_iv \ 3035 EVP_CIPHER_CTX_get_updated_iv \ 3036 EVP_CIPHER_CTX_set_iv \ 3037 RSA_get0_crt_params \ 3038 RSA_get0_factors \ 3039 RSA_get0_key \ 3040 RSA_set0_crt_params \ 3041 RSA_set0_factors \ 3042 RSA_set0_key \ 3043 RSA_meth_free \ 3044 RSA_meth_dup \ 3045 RSA_meth_set1_name \ 3046 RSA_meth_get_finish \ 3047 RSA_meth_set_priv_enc \ 3048 RSA_meth_set_priv_dec \ 3049 RSA_meth_set_finish \ 3050 EVP_PKEY_get0_RSA \ 3051 EVP_MD_CTX_new \ 3052 EVP_MD_CTX_free \ 3053 EVP_chacha20 \ 3054 ]) 3055 3056 if test "x$openssl_engine" = "xyes" ; then 3057 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3058 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3059 #include <openssl/engine.h> 3060 ]], [[ 3061 ENGINE_load_builtin_engines(); 3062 ENGINE_register_all_complete(); 3063 ]])], 3064 [ AC_MSG_RESULT([yes]) 3065 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3066 [Enable OpenSSL engine support]) 3067 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3068 ]) 3069 fi 3070 3071 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3072 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 3073 AC_LINK_IFELSE( 3074 [AC_LANG_PROGRAM([[ 3075 #include <stdlib.h> 3076 #include <string.h> 3077 #include <openssl/evp.h> 3078 ]], [[ 3079 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3080 ]])], 3081 [ 3082 AC_MSG_RESULT([no]) 3083 ], 3084 [ 3085 AC_MSG_RESULT([yes]) 3086 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3087 [libcrypto is missing AES 192 and 256 bit functions]) 3088 ] 3089 ) 3090 3091 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3092 AC_LINK_IFELSE( 3093 [AC_LANG_PROGRAM([[ 3094 #include <stdlib.h> 3095 #include <string.h> 3096 #include <openssl/evp.h> 3097 ]], [[ 3098 if(EVP_DigestUpdate(NULL, NULL,0)) 3099 exit(0); 3100 ]])], 3101 [ 3102 AC_MSG_RESULT([yes]) 3103 ], 3104 [ 3105 AC_MSG_RESULT([no]) 3106 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3107 [Define if EVP_DigestUpdate returns void]) 3108 ] 3109 ) 3110 3111 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3112 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3113 3114 # Check complete ECC support in OpenSSL 3115 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3116 AC_LINK_IFELSE( 3117 [AC_LANG_PROGRAM([[ 3118 #include <openssl/ec.h> 3119 #include <openssl/ecdh.h> 3120 #include <openssl/ecdsa.h> 3121 #include <openssl/evp.h> 3122 #include <openssl/objects.h> 3123 #include <openssl/opensslv.h> 3124 ]], [[ 3125 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3126 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3127 ]])], 3128 [ AC_MSG_RESULT([yes]) 3129 enable_nistp256=1 ], 3130 [ AC_MSG_RESULT([no]) ] 3131 ) 3132 3133 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3134 AC_LINK_IFELSE( 3135 [AC_LANG_PROGRAM([[ 3136 #include <openssl/ec.h> 3137 #include <openssl/ecdh.h> 3138 #include <openssl/ecdsa.h> 3139 #include <openssl/evp.h> 3140 #include <openssl/objects.h> 3141 #include <openssl/opensslv.h> 3142 ]], [[ 3143 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3144 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3145 ]])], 3146 [ AC_MSG_RESULT([yes]) 3147 enable_nistp384=1 ], 3148 [ AC_MSG_RESULT([no]) ] 3149 ) 3150 3151 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3152 AC_LINK_IFELSE( 3153 [AC_LANG_PROGRAM([[ 3154 #include <openssl/ec.h> 3155 #include <openssl/ecdh.h> 3156 #include <openssl/ecdsa.h> 3157 #include <openssl/evp.h> 3158 #include <openssl/objects.h> 3159 #include <openssl/opensslv.h> 3160 ]], [[ 3161 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3162 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3163 ]])], 3164 [ AC_MSG_RESULT([yes]) 3165 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3166 AC_RUN_IFELSE( 3167 [AC_LANG_PROGRAM([[ 3168 #include <stdlib.h> 3169 #include <openssl/ec.h> 3170 #include <openssl/ecdh.h> 3171 #include <openssl/ecdsa.h> 3172 #include <openssl/evp.h> 3173 #include <openssl/objects.h> 3174 #include <openssl/opensslv.h> 3175 ]],[[ 3176 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3177 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3178 exit(e == NULL || m == NULL); 3179 ]])], 3180 [ AC_MSG_RESULT([yes]) 3181 enable_nistp521=1 ], 3182 [ AC_MSG_RESULT([no]) ], 3183 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3184 enable_nistp521=1 ] 3185 )], 3186 AC_MSG_RESULT([no]) 3187 ) 3188 3189 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3190 test x$enable_nistp521 = x1; then 3191 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3192 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3193 openssl_ecc=yes 3194 else 3195 openssl_ecc=no 3196 fi 3197 if test x$enable_nistp256 = x1; then 3198 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3199 [libcrypto has NID_X9_62_prime256v1]) 3200 else 3201 unsupported_algorithms="$unsupported_algorithms \ 3202 ecdsa-sha2-nistp256 \ 3203 ecdh-sha2-nistp256 \ 3204 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3205 fi 3206 if test x$enable_nistp384 = x1; then 3207 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3208 else 3209 unsupported_algorithms="$unsupported_algorithms \ 3210 ecdsa-sha2-nistp384 \ 3211 ecdh-sha2-nistp384 \ 3212 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3213 fi 3214 if test x$enable_nistp521 = x1; then 3215 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3216 else 3217 unsupported_algorithms="$unsupported_algorithms \ 3218 ecdh-sha2-nistp521 \ 3219 ecdsa-sha2-nistp521 \ 3220 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3221 fi 3222fi 3223 3224# PKCS11/U2F depend on OpenSSL and dlopen(). 3225enable_pkcs11=yes 3226enable_sk=yes 3227if test "x$openssl" != "xyes" ; then 3228 enable_pkcs11="disabled; missing libcrypto" 3229fi 3230if test "x$ac_cv_func_dlopen" != "xyes" ; then 3231 enable_pkcs11="disabled; missing dlopen(3)" 3232 enable_sk="disabled; missing dlopen(3)" 3233fi 3234if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3235 enable_pkcs11="disabled; missing RTLD_NOW" 3236 enable_sk="disabled; missing RTLD_NOW" 3237fi 3238if test ! -z "$disable_pkcs11" ; then 3239 enable_pkcs11="disabled by user" 3240fi 3241if test ! -z "$disable_sk" ; then 3242 enable_sk="disabled by user" 3243fi 3244 3245AC_MSG_CHECKING([whether to enable PKCS11]) 3246if test "x$enable_pkcs11" = "xyes" ; then 3247 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3248fi 3249AC_MSG_RESULT([$enable_pkcs11]) 3250 3251AC_MSG_CHECKING([whether to enable U2F]) 3252if test "x$enable_sk" = "xyes" ; then 3253 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3254 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3255else 3256 # Do not try to build sk-dummy library. 3257 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3258fi 3259AC_MSG_RESULT([$enable_sk]) 3260 3261# Now check for built-in security key support. 3262if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3263 use_pkgconfig_for_libfido2= 3264 if test "x$PKGCONFIG" != "xno"; then 3265 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3266 if "$PKGCONFIG" libfido2; then 3267 AC_MSG_RESULT([yes]) 3268 use_pkgconfig_for_libfido2=yes 3269 else 3270 AC_MSG_RESULT([no]) 3271 fi 3272 fi 3273 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3274 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3275 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3276 else 3277 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3278 fi 3279 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3280 fido2_error= 3281 AC_CHECK_LIB([privatefido2], [fido_init], 3282 [ ], 3283 [ fido2_error="missing/unusable libfido2" ], 3284 [ $OTHERLIBS ] 3285 ) 3286 AC_CHECK_HEADER([fido.h], [], 3287 [ fido2_error="missing fido.h from libfido2" ]) 3288 AC_CHECK_HEADER([fido/credman.h], [], 3289 [ fido2_error="missing fido/credman.h from libfido2" ], 3290 [ #include <fido.h> ] 3291 ) 3292 AC_MSG_CHECKING([for usable libfido2 installation]) 3293 if test ! -z "$fido2_error" ; then 3294 AC_MSG_RESULT([$fido2_error]) 3295 if test "x$enable_sk_internal" = "xyes" ; then 3296 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3297 fi 3298 LIBFIDO2="" 3299 else 3300 AC_MSG_RESULT([yes]) 3301 AC_SUBST([LIBFIDO2]) 3302 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3303 [Enable for built-in U2F/FIDO support]) 3304 enable_sk="built-in" 3305 saved_LIBS="$LIBS" 3306 LIBS="$LIBFIDO2 $LIBS" 3307 AC_CHECK_FUNCS([ \ 3308 fido_assert_set_clientdata \ 3309 fido_cred_prot \ 3310 fido_cred_set_prot \ 3311 fido_cred_set_clientdata \ 3312 fido_dev_get_touch_begin \ 3313 fido_dev_get_touch_status \ 3314 fido_dev_supports_cred_prot \ 3315 fido_dev_is_winhello \ 3316 ]) 3317 LIBS="$saved_LIBS" 3318 fi 3319fi 3320 3321AC_CHECK_FUNCS([ \ 3322 arc4random \ 3323 arc4random_buf \ 3324 arc4random_stir \ 3325 arc4random_uniform \ 3326]) 3327### Configure cryptographic random number support 3328 3329# Check whether OpenSSL seeds itself 3330if test "x$openssl" = "xyes" ; then 3331 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3332 AC_RUN_IFELSE( 3333 [AC_LANG_PROGRAM([[ 3334 #include <stdlib.h> 3335 #include <string.h> 3336 #include <openssl/rand.h> 3337 ]], [[ 3338 exit(RAND_status() == 1 ? 0 : 1); 3339 ]])], 3340 [ 3341 OPENSSL_SEEDS_ITSELF=yes 3342 AC_MSG_RESULT([yes]) 3343 ], 3344 [ 3345 AC_MSG_RESULT([no]) 3346 ], 3347 [ 3348 AC_MSG_WARN([cross compiling: assuming yes]) 3349 # This is safe, since we will fatal() at runtime if 3350 # OpenSSL is not seeded correctly. 3351 OPENSSL_SEEDS_ITSELF=yes 3352 ] 3353 ) 3354fi 3355 3356# PRNGD TCP socket 3357AC_ARG_WITH([prngd-port], 3358 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3359 [ 3360 case "$withval" in 3361 no) 3362 withval="" 3363 ;; 3364 [[0-9]]*) 3365 ;; 3366 *) 3367 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3368 ;; 3369 esac 3370 if test ! -z "$withval" ; then 3371 PRNGD_PORT="$withval" 3372 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3373 [Port number of PRNGD/EGD random number socket]) 3374 fi 3375 ] 3376) 3377 3378# PRNGD Unix domain socket 3379AC_ARG_WITH([prngd-socket], 3380 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3381 [ 3382 case "$withval" in 3383 yes) 3384 withval="/var/run/egd-pool" 3385 ;; 3386 no) 3387 withval="" 3388 ;; 3389 /*) 3390 ;; 3391 *) 3392 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3393 ;; 3394 esac 3395 3396 if test ! -z "$withval" ; then 3397 if test ! -z "$PRNGD_PORT" ; then 3398 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3399 fi 3400 if test ! -r "$withval" ; then 3401 AC_MSG_WARN([Entropy socket is not readable]) 3402 fi 3403 PRNGD_SOCKET="$withval" 3404 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3405 [Location of PRNGD/EGD random number socket]) 3406 fi 3407 ], 3408 [ 3409 # Check for existing socket only if we don't have a random device already 3410 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3411 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3412 # Insert other locations here 3413 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3414 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3415 PRNGD_SOCKET="$sock" 3416 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3417 break; 3418 fi 3419 done 3420 if test ! -z "$PRNGD_SOCKET" ; then 3421 AC_MSG_RESULT([$PRNGD_SOCKET]) 3422 else 3423 AC_MSG_RESULT([not found]) 3424 fi 3425 fi 3426 ] 3427) 3428 3429# Which randomness source do we use? 3430if test ! -z "$PRNGD_PORT" ; then 3431 RAND_MSG="PRNGd port $PRNGD_PORT" 3432elif test ! -z "$PRNGD_SOCKET" ; then 3433 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3434elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3435 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3436 [Define if you want the OpenSSL internally seeded PRNG only]) 3437 RAND_MSG="OpenSSL internal ONLY" 3438elif test "x$openssl" = "xno" ; then 3439 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3440else 3441 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3442fi 3443LIBS="$nocrypto_saved_LIBS" 3444 3445saved_LIBS="$LIBS" 3446AC_CHECK_LIB([iaf], [ia_openinfo], [ 3447 LIBS="$LIBS -liaf" 3448 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3449 AC_DEFINE([HAVE_LIBIAF], [1], 3450 [Define if system has libiaf that supports set_id]) 3451 ]) 3452]) 3453LIBS="$saved_LIBS" 3454 3455# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3456saved_LIBS="$LIBS" 3457AC_CHECK_LIB([crypt], [crypt], [ 3458 LIBS="-lcrypt $LIBS" 3459 SSHDLIBS="-lcrypt $SSHDLIBS" 3460]) 3461AC_CHECK_FUNCS([crypt]) 3462LIBS="$saved_LIBS" 3463 3464# Check for PAM libs 3465PAM_MSG="no" 3466AC_ARG_WITH([pam], 3467 [ --with-pam Enable PAM support ], 3468 [ 3469 if test "x$withval" != "xno" ; then 3470 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3471 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3472 AC_MSG_ERROR([PAM headers not found]) 3473 fi 3474 3475 saved_LIBS="$LIBS" 3476 AC_CHECK_LIB([dl], [dlopen], , ) 3477 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3478 AC_CHECK_FUNCS([pam_getenvlist]) 3479 AC_CHECK_FUNCS([pam_putenv]) 3480 LIBS="$saved_LIBS" 3481 3482 PAM_MSG="yes" 3483 3484 SSHDLIBS="$SSHDLIBS -lpam" 3485 AC_DEFINE([USE_PAM], [1], 3486 [Define if you want to enable PAM support]) 3487 3488 if test $ac_cv_lib_dl_dlopen = yes; then 3489 case "$LIBS" in 3490 *-ldl*) 3491 # libdl already in LIBS 3492 ;; 3493 *) 3494 SSHDLIBS="$SSHDLIBS -ldl" 3495 ;; 3496 esac 3497 fi 3498 fi 3499 ] 3500) 3501 3502AC_ARG_WITH([pam-service], 3503 [ --with-pam-service=name Specify PAM service name ], 3504 [ 3505 if test "x$withval" != "xno" && \ 3506 test "x$withval" != "xyes" ; then 3507 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3508 ["$withval"], [sshd PAM service name]) 3509 fi 3510 ] 3511) 3512 3513# Check for older PAM 3514if test "x$PAM_MSG" = "xyes" ; then 3515 # Check PAM strerror arguments (old PAM) 3516 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3517 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3518#include <stdlib.h> 3519#if defined(HAVE_SECURITY_PAM_APPL_H) 3520#include <security/pam_appl.h> 3521#elif defined (HAVE_PAM_PAM_APPL_H) 3522#include <pam/pam_appl.h> 3523#endif 3524 ]], [[ 3525(void)pam_strerror((pam_handle_t *)NULL, -1); 3526 ]])], [AC_MSG_RESULT([no])], [ 3527 AC_DEFINE([HAVE_OLD_PAM], [1], 3528 [Define if you have an old version of PAM 3529 which takes only one argument to pam_strerror]) 3530 AC_MSG_RESULT([yes]) 3531 PAM_MSG="yes (old library)" 3532 3533 ]) 3534fi 3535 3536case "$host" in 3537*-*-cygwin*) 3538 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3539 ;; 3540*) 3541 SSH_PRIVSEP_USER=sshd 3542 ;; 3543esac 3544AC_ARG_WITH([privsep-user], 3545 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3546 [ 3547 if test -n "$withval" && test "x$withval" != "xno" && \ 3548 test "x${withval}" != "xyes"; then 3549 SSH_PRIVSEP_USER=$withval 3550 fi 3551 ] 3552) 3553if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3554 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3555 [Cygwin function to fetch non-privileged user for privilege separation]) 3556else 3557 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3558 [non-privileged user for privilege separation]) 3559fi 3560AC_SUBST([SSH_PRIVSEP_USER]) 3561 3562if test "x$have_linux_no_new_privs" = "x1" ; then 3563AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3564 #include <sys/types.h> 3565 #include <linux/seccomp.h> 3566]) 3567fi 3568if test "x$have_seccomp_filter" = "x1" ; then 3569AC_MSG_CHECKING([kernel for seccomp_filter support]) 3570AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3571 #include <errno.h> 3572 #include <elf.h> 3573 #include <linux/audit.h> 3574 #include <linux/seccomp.h> 3575 #include <stdlib.h> 3576 #include <sys/prctl.h> 3577 ]], 3578 [[ int i = $seccomp_audit_arch; 3579 errno = 0; 3580 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3581 exit(errno == EFAULT ? 0 : 1); ]])], 3582 [ AC_MSG_RESULT([yes]) ], [ 3583 AC_MSG_RESULT([no]) 3584 # Disable seccomp filter as a target 3585 have_seccomp_filter=0 3586 ] 3587) 3588fi 3589 3590AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3591#include <sys/types.h> 3592#ifdef HAVE_POLL_H 3593#include <poll.h> 3594#endif 3595#ifdef HAVE_SYS_POLL_H 3596#include <sys/poll.h> 3597#endif 3598]]) 3599 3600AC_CHECK_TYPES([nfds_t], , , [ 3601#include <sys/types.h> 3602#ifdef HAVE_POLL_H 3603#include <poll.h> 3604#endif 3605#ifdef HAVE_SYS_POLL_H 3606#include <sys/poll.h> 3607#endif 3608]) 3609 3610# Decide which sandbox style to use 3611sandbox_arg="" 3612AC_ARG_WITH([sandbox], 3613 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3614 [ 3615 if test "x$withval" = "xyes" ; then 3616 sandbox_arg="" 3617 else 3618 sandbox_arg="$withval" 3619 fi 3620 ] 3621) 3622 3623if test "x$sandbox_arg" != "xno"; then 3624# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3625# is greater than OPEN_MAX". On some platforms that includes implementions 3626# of select in userspace on top of poll() so check both work with rlimit 3627# NOFILES so check that both work before enabling the rlimit sandbox. 3628 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3629 AC_RUN_IFELSE( 3630 [AC_LANG_PROGRAM([[ 3631#include <sys/types.h> 3632#ifdef HAVE_SYS_TIME_H 3633# include <sys/time.h> 3634#endif 3635#include <sys/resource.h> 3636#ifdef HAVE_SYS_SELECT_H 3637# include <sys/select.h> 3638#endif 3639#ifdef HAVE_POLL_H 3640# include <poll.h> 3641#elif HAVE_SYS_POLL_H 3642# include <sys/poll.h> 3643#endif 3644#include <errno.h> 3645#include <fcntl.h> 3646#include <stdlib.h> 3647 ]],[[ 3648 struct rlimit rl_zero; 3649 int fd, r; 3650 fd_set fds; 3651 struct timeval tv; 3652#ifdef HAVE_POLL 3653 struct pollfd pfd; 3654#endif 3655 3656 fd = open("/dev/null", O_RDONLY); 3657 FD_ZERO(&fds); 3658 FD_SET(fd, &fds); 3659 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3660 setrlimit(RLIMIT_FSIZE, &rl_zero); 3661 setrlimit(RLIMIT_NOFILE, &rl_zero); 3662 tv.tv_sec = 1; 3663 tv.tv_usec = 0; 3664 r = select(fd+1, &fds, NULL, NULL, &tv); 3665 if (r == -1) 3666 exit(1); 3667#ifdef HAVE_POLL 3668 pfd.fd = fd; 3669 pfd.events = POLLIN; 3670 r = poll(&pfd, 1, 1); 3671 if (r == -1) 3672 exit(2); 3673#endif 3674 exit(0); 3675 ]])], 3676 [AC_MSG_RESULT([yes]) 3677 select_works_with_rlimit=yes], 3678 [AC_MSG_RESULT([no]) 3679 select_works_with_rlimit=no], 3680 [AC_MSG_WARN([cross compiling: assuming no]) 3681 select_works_with_rlimit=no] 3682 ) 3683 3684 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3685 AC_RUN_IFELSE( 3686 [AC_LANG_PROGRAM([[ 3687#include <sys/types.h> 3688#ifdef HAVE_SYS_TIME_H 3689# include <sys/time.h> 3690#endif 3691#include <sys/resource.h> 3692#include <errno.h> 3693#include <stdlib.h> 3694 ]],[[ 3695 struct rlimit rl_zero; 3696 int r; 3697 3698 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3699 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3700 exit (r == -1 ? 1 : 0); 3701 ]])], 3702 [AC_MSG_RESULT([yes]) 3703 rlimit_nofile_zero_works=yes], 3704 [AC_MSG_RESULT([no]) 3705 rlimit_nofile_zero_works=no], 3706 [AC_MSG_WARN([cross compiling: assuming yes]) 3707 rlimit_nofile_zero_works=yes] 3708 ) 3709 3710 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3711 AC_RUN_IFELSE( 3712 [AC_LANG_PROGRAM([[ 3713#include <sys/types.h> 3714#include <sys/resource.h> 3715#include <stdlib.h> 3716 ]],[[ 3717 struct rlimit rl_zero; 3718 3719 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3720 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3721 ]])], 3722 [AC_MSG_RESULT([yes])], 3723 [AC_MSG_RESULT([no]) 3724 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3725 [setrlimit RLIMIT_FSIZE works])], 3726 [AC_MSG_WARN([cross compiling: assuming yes])] 3727 ) 3728fi 3729 3730if test "x$sandbox_arg" = "xpledge" || \ 3731 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3732 test "x$ac_cv_func_pledge" != "xyes" && \ 3733 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3734 SANDBOX_STYLE="pledge" 3735 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3736elif test "x$sandbox_arg" = "xsystrace" || \ 3737 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3738 test "x$have_systr_policy_kill" != "x1" && \ 3739 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3740 SANDBOX_STYLE="systrace" 3741 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3742elif test "x$sandbox_arg" = "xdarwin" || \ 3743 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3744 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3745 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3746 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3747 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3748 SANDBOX_STYLE="darwin" 3749 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3750elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3751 ( test -z "$sandbox_arg" && \ 3752 test "x$have_seccomp_filter" = "x1" && \ 3753 test "x$ac_cv_header_elf_h" = "xyes" && \ 3754 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3755 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3756 test "x$seccomp_audit_arch" != "x" && \ 3757 test "x$have_linux_no_new_privs" = "x1" && \ 3758 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3759 test "x$seccomp_audit_arch" = "x" && \ 3760 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3761 test "x$have_linux_no_new_privs" != "x1" && \ 3762 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3763 test "x$have_seccomp_filter" != "x1" && \ 3764 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3765 test "x$ac_cv_func_prctl" != "xyes" && \ 3766 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3767 SANDBOX_STYLE="seccomp_filter" 3768 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3769elif test "x$sandbox_arg" = "xcapsicum" || \ 3770 ( test -z "$sandbox_arg" && \ 3771 test "x$disable_capsicum" != "xyes" && \ 3772 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3773 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3774 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3775 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3776 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3777 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3778 SANDBOX_STYLE="capsicum" 3779 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3780elif test "x$sandbox_arg" = "xrlimit" || \ 3781 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3782 test "x$select_works_with_rlimit" = "xyes" && \ 3783 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3784 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3785 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3786 test "x$select_works_with_rlimit" != "xyes" && \ 3787 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3788 SANDBOX_STYLE="rlimit" 3789 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3790elif test "x$sandbox_arg" = "xsolaris" || \ 3791 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3792 SANDBOX_STYLE="solaris" 3793 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3794elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3795 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3796 SANDBOX_STYLE="none" 3797 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3798else 3799 AC_MSG_ERROR([unsupported --with-sandbox]) 3800fi 3801 3802# Cheap hack to ensure NEWS-OS libraries are arranged right. 3803if test ! -z "$SONY" ; then 3804 LIBS="$LIBS -liberty"; 3805fi 3806 3807# Check for long long datatypes 3808AC_CHECK_TYPES([long long, unsigned long long, long double]) 3809 3810# Check datatype sizes 3811AC_CHECK_SIZEOF([short int]) 3812AC_CHECK_SIZEOF([int]) 3813AC_CHECK_SIZEOF([long int]) 3814AC_CHECK_SIZEOF([long long int]) 3815AC_CHECK_SIZEOF([time_t], [], [[ 3816 #include <sys/types.h> 3817 #ifdef HAVE_SYS_TIME_H 3818 # include <sys/time.h> 3819 #endif 3820 #ifdef HAVE_TIME_H 3821 # include <time.h> 3822 #endif 3823 ]] 3824) 3825 3826# Sanity check long long for some platforms (AIX) 3827if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3828 ac_cv_sizeof_long_long_int=0 3829fi 3830 3831# compute LLONG_MIN and LLONG_MAX if we don't know them. 3832if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3833 AC_MSG_CHECKING([for max value of long long]) 3834 AC_RUN_IFELSE( 3835 [AC_LANG_PROGRAM([[ 3836#include <stdio.h> 3837#include <stdlib.h> 3838/* Why is this so damn hard? */ 3839#ifdef __GNUC__ 3840# undef __GNUC__ 3841#endif 3842#define __USE_ISOC99 3843#include <limits.h> 3844#define DATA "conftest.llminmax" 3845#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3846 3847/* 3848 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3849 * we do this the hard way. 3850 */ 3851static int 3852fprint_ll(FILE *f, long long n) 3853{ 3854 unsigned int i; 3855 int l[sizeof(long long) * 8]; 3856 3857 if (n < 0) 3858 if (fprintf(f, "-") < 0) 3859 return -1; 3860 for (i = 0; n != 0; i++) { 3861 l[i] = my_abs(n % 10); 3862 n /= 10; 3863 } 3864 do { 3865 if (fprintf(f, "%d", l[--i]) < 0) 3866 return -1; 3867 } while (i != 0); 3868 if (fprintf(f, " ") < 0) 3869 return -1; 3870 return 0; 3871} 3872 ]], [[ 3873 FILE *f; 3874 long long i, llmin, llmax = 0; 3875 3876 if((f = fopen(DATA,"w")) == NULL) 3877 exit(1); 3878 3879#if defined(LLONG_MIN) && defined(LLONG_MAX) 3880 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3881 llmin = LLONG_MIN; 3882 llmax = LLONG_MAX; 3883#else 3884 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3885 /* This will work on one's complement and two's complement */ 3886 for (i = 1; i > llmax; i <<= 1, i++) 3887 llmax = i; 3888 llmin = llmax + 1LL; /* wrap */ 3889#endif 3890 3891 /* Sanity check */ 3892 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3893 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3894 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3895 fprintf(f, "unknown unknown\n"); 3896 exit(2); 3897 } 3898 3899 if (fprint_ll(f, llmin) < 0) 3900 exit(3); 3901 if (fprint_ll(f, llmax) < 0) 3902 exit(4); 3903 if (fclose(f) < 0) 3904 exit(5); 3905 exit(0); 3906 ]])], 3907 [ 3908 llong_min=`$AWK '{print $1}' conftest.llminmax` 3909 llong_max=`$AWK '{print $2}' conftest.llminmax` 3910 3911 AC_MSG_RESULT([$llong_max]) 3912 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3913 [max value of long long calculated by configure]) 3914 AC_MSG_CHECKING([for min value of long long]) 3915 AC_MSG_RESULT([$llong_min]) 3916 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3917 [min value of long long calculated by configure]) 3918 ], 3919 [ 3920 AC_MSG_RESULT([not found]) 3921 ], 3922 [ 3923 AC_MSG_WARN([cross compiling: not checking]) 3924 ] 3925 ) 3926fi 3927 3928AC_CHECK_DECLS([UINT32_MAX], , , [[ 3929#ifdef HAVE_SYS_LIMITS_H 3930# include <sys/limits.h> 3931#endif 3932#ifdef HAVE_LIMITS_H 3933# include <limits.h> 3934#endif 3935#ifdef HAVE_STDINT_H 3936# include <stdint.h> 3937#endif 3938]]) 3939 3940# More checks for data types 3941AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3942 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3943 [[ u_int a; a = 1;]])], 3944 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3945 ]) 3946]) 3947if test "x$ac_cv_have_u_int" = "xyes" ; then 3948 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3949 have_u_int=1 3950fi 3951 3952AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3953 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3954 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3955 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3956 ]) 3957]) 3958if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3959 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3960 have_intxx_t=1 3961fi 3962 3963if (test -z "$have_intxx_t" && \ 3964 test "x$ac_cv_header_stdint_h" = "xyes") 3965then 3966 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3967 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3968 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3969 [ 3970 AC_DEFINE([HAVE_INTXX_T]) 3971 AC_MSG_RESULT([yes]) 3972 ], [ AC_MSG_RESULT([no]) 3973 ]) 3974fi 3975 3976AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3977 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3978#include <sys/types.h> 3979#ifdef HAVE_STDINT_H 3980# include <stdint.h> 3981#endif 3982#include <sys/socket.h> 3983#ifdef HAVE_SYS_BITYPES_H 3984# include <sys/bitypes.h> 3985#endif 3986 ]], [[ 3987int64_t a; a = 1; 3988 ]])], 3989 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3990 ]) 3991]) 3992if test "x$ac_cv_have_int64_t" = "xyes" ; then 3993 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3994fi 3995 3996AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3997 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3998 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3999 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 4000 ]) 4001]) 4002if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 4003 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 4004 have_u_intxx_t=1 4005fi 4006 4007if test -z "$have_u_intxx_t" ; then 4008 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 4009 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 4010 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4011 [ 4012 AC_DEFINE([HAVE_U_INTXX_T]) 4013 AC_MSG_RESULT([yes]) 4014 ], [ AC_MSG_RESULT([no]) 4015 ]) 4016fi 4017 4018AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4019 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4020 [[ u_int64_t a; a = 1;]])], 4021 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4022 ]) 4023]) 4024if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4025 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4026 have_u_int64_t=1 4027fi 4028 4029if (test -z "$have_u_int64_t" && \ 4030 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4031then 4032 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4033 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4034 [[ u_int64_t a; a = 1]])], 4035 [ 4036 AC_DEFINE([HAVE_U_INT64_T]) 4037 AC_MSG_RESULT([yes]) 4038 ], [ AC_MSG_RESULT([no]) 4039 ]) 4040fi 4041 4042if test -z "$have_u_intxx_t" ; then 4043 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4045#include <sys/types.h> 4046 ]], [[ 4047 uint8_t a; 4048 uint16_t b; 4049 uint32_t c; 4050 a = b = c = 1; 4051 ]])], 4052 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4053 ]) 4054 ]) 4055 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4056 AC_DEFINE([HAVE_UINTXX_T], [1], 4057 [define if you have uintxx_t data type]) 4058 fi 4059fi 4060 4061if (test -z "$have_uintxx_t" && \ 4062 test "x$ac_cv_header_stdint_h" = "xyes") 4063then 4064 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4065 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4066 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4067 [ 4068 AC_DEFINE([HAVE_UINTXX_T]) 4069 AC_MSG_RESULT([yes]) 4070 ], [ AC_MSG_RESULT([no]) 4071 ]) 4072fi 4073 4074if (test -z "$have_uintxx_t" && \ 4075 test "x$ac_cv_header_inttypes_h" = "xyes") 4076then 4077 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4078 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4079 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4080 [ 4081 AC_DEFINE([HAVE_UINTXX_T]) 4082 AC_MSG_RESULT([yes]) 4083 ], [ AC_MSG_RESULT([no]) 4084 ]) 4085fi 4086 4087if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4088 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4089then 4090 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4091 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4092#include <sys/bitypes.h> 4093 ]], [[ 4094 int8_t a; int16_t b; int32_t c; 4095 u_int8_t e; u_int16_t f; u_int32_t g; 4096 a = b = c = e = f = g = 1; 4097 ]])], 4098 [ 4099 AC_DEFINE([HAVE_U_INTXX_T]) 4100 AC_DEFINE([HAVE_INTXX_T]) 4101 AC_MSG_RESULT([yes]) 4102 ], [AC_MSG_RESULT([no]) 4103 ]) 4104fi 4105 4106 4107AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4108 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4109 [[ u_char foo; foo = 125; ]])], 4110 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4111 ]) 4112]) 4113if test "x$ac_cv_have_u_char" = "xyes" ; then 4114 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4115fi 4116 4117AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4118#include <sys/types.h> 4119#ifdef HAVE_STDINT_H 4120# include <stdint.h> 4121#endif 4122]) 4123 4124TYPE_SOCKLEN_T 4125 4126AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4127AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4128#include <sys/types.h> 4129#ifdef HAVE_SYS_BITYPES_H 4130#include <sys/bitypes.h> 4131#endif 4132#ifdef HAVE_SYS_STATFS_H 4133#include <sys/statfs.h> 4134#endif 4135#ifdef HAVE_SYS_STATVFS_H 4136#include <sys/statvfs.h> 4137#endif 4138]) 4139 4140AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4141#include <sys/param.h> 4142#include <sys/types.h> 4143#ifdef HAVE_SYS_BITYPES_H 4144#include <sys/bitypes.h> 4145#endif 4146#ifdef HAVE_SYS_STATFS_H 4147#include <sys/statfs.h> 4148#endif 4149#ifdef HAVE_SYS_STATVFS_H 4150#include <sys/statvfs.h> 4151#endif 4152#ifdef HAVE_SYS_VFS_H 4153#include <sys/vfs.h> 4154#endif 4155#ifdef HAVE_SYS_MOUNT_H 4156#include <sys/mount.h> 4157#endif 4158]]) 4159 4160 4161AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4162[#include <sys/types.h> 4163#include <netinet/in.h>]) 4164 4165AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4166 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4167 [[ size_t foo; foo = 1235; ]])], 4168 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4169 ]) 4170]) 4171if test "x$ac_cv_have_size_t" = "xyes" ; then 4172 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4173fi 4174 4175AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4176 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4177 [[ ssize_t foo; foo = 1235; ]])], 4178 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4179 ]) 4180]) 4181if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4182 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4183fi 4184 4185AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4186 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4187 [[ clock_t foo; foo = 1235; ]])], 4188 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4189 ]) 4190]) 4191if test "x$ac_cv_have_clock_t" = "xyes" ; then 4192 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4193fi 4194 4195AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4196 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4197#include <sys/types.h> 4198#include <sys/socket.h> 4199 ]], [[ sa_family_t foo; foo = 1235; ]])], 4200 [ ac_cv_have_sa_family_t="yes" ], 4201 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4202#include <sys/types.h> 4203#include <sys/socket.h> 4204#include <netinet/in.h> 4205 ]], [[ sa_family_t foo; foo = 1235; ]])], 4206 [ ac_cv_have_sa_family_t="yes" ], 4207 [ ac_cv_have_sa_family_t="no" ] 4208 ) 4209 ]) 4210]) 4211if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4212 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4213 [define if you have sa_family_t data type]) 4214fi 4215 4216AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4217 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4218 [[ pid_t foo; foo = 1235; ]])], 4219 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4220 ]) 4221]) 4222if test "x$ac_cv_have_pid_t" = "xyes" ; then 4223 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4224fi 4225 4226AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4227 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4228 [[ mode_t foo; foo = 1235; ]])], 4229 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4230 ]) 4231]) 4232if test "x$ac_cv_have_mode_t" = "xyes" ; then 4233 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4234fi 4235 4236 4237AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4238 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4239#include <sys/types.h> 4240#include <sys/socket.h> 4241 ]], [[ struct sockaddr_storage s; ]])], 4242 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4243 [ ac_cv_have_struct_sockaddr_storage="no" 4244 ]) 4245]) 4246if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4247 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4248 [define if you have struct sockaddr_storage data type]) 4249fi 4250 4251AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4252 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4253#include <sys/types.h> 4254#include <netinet/in.h> 4255 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4256 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4257 [ ac_cv_have_struct_sockaddr_in6="no" 4258 ]) 4259]) 4260if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4261 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4262 [define if you have struct sockaddr_in6 data type]) 4263fi 4264 4265AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4266 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4267#include <sys/types.h> 4268#include <netinet/in.h> 4269 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4270 [ ac_cv_have_struct_in6_addr="yes" ], 4271 [ ac_cv_have_struct_in6_addr="no" 4272 ]) 4273]) 4274if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4275 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4276 [define if you have struct in6_addr data type]) 4277 4278dnl Now check for sin6_scope_id 4279 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4280 [ 4281#ifdef HAVE_SYS_TYPES_H 4282#include <sys/types.h> 4283#endif 4284#include <netinet/in.h> 4285 ]) 4286fi 4287 4288AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4289 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4290#include <sys/types.h> 4291#include <sys/socket.h> 4292#include <netdb.h> 4293 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4294 [ ac_cv_have_struct_addrinfo="yes" ], 4295 [ ac_cv_have_struct_addrinfo="no" 4296 ]) 4297]) 4298if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4299 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4300 [define if you have struct addrinfo data type]) 4301fi 4302 4303AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4304 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4305 [[ struct timeval tv; tv.tv_sec = 1;]])], 4306 [ ac_cv_have_struct_timeval="yes" ], 4307 [ ac_cv_have_struct_timeval="no" 4308 ]) 4309]) 4310if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4311 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4312 have_struct_timeval=1 4313fi 4314 4315AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4316 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4317 #ifdef HAVE_SYS_TIME_H 4318 # include <sys/time.h> 4319 #endif 4320 #ifdef HAVE_TIME_H 4321 # include <time.h> 4322 #endif 4323 ]], 4324 [[ struct timespec ts; ts.tv_sec = 1;]])], 4325 [ ac_cv_have_struct_timespec="yes" ], 4326 [ ac_cv_have_struct_timespec="no" 4327 ]) 4328]) 4329if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4330 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4331 have_struct_timespec=1 4332fi 4333 4334# We need int64_t or else certain parts of the compile will fail. 4335if test "x$ac_cv_have_int64_t" = "xno" && \ 4336 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4337 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4338 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4339 echo "an alternative compiler (I.E., GCC) before continuing." 4340 echo "" 4341 exit 1; 4342else 4343dnl test snprintf (broken on SCO w/gcc) 4344 AC_RUN_IFELSE( 4345 [AC_LANG_SOURCE([[ 4346#include <stdio.h> 4347#include <stdlib.h> 4348#include <string.h> 4349#ifdef HAVE_SNPRINTF 4350int main(void) 4351{ 4352 char buf[50]; 4353 char expected_out[50]; 4354 int mazsize = 50 ; 4355#if (SIZEOF_LONG_INT == 8) 4356 long int num = 0x7fffffffffffffff; 4357#else 4358 long long num = 0x7fffffffffffffffll; 4359#endif 4360 strcpy(expected_out, "9223372036854775807"); 4361 snprintf(buf, mazsize, "%lld", num); 4362 if(strcmp(buf, expected_out) != 0) 4363 exit(1); 4364 exit(0); 4365} 4366#else 4367int main(void) { exit(0); } 4368#endif 4369 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4370 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4371 ) 4372fi 4373 4374dnl Checks for structure members 4375OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4376OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4377OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4378OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4379OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4380OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4381OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4382OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4383OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4384OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4385OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4386OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4387OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4388OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4389OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4390OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4391OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4392OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4393 4394AC_CHECK_MEMBERS([struct stat.st_blksize]) 4395AC_CHECK_MEMBERS([struct stat.st_mtim]) 4396AC_CHECK_MEMBERS([struct stat.st_mtime]) 4397AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4398struct passwd.pw_change, struct passwd.pw_expire], 4399[], [], [[ 4400#include <sys/types.h> 4401#include <pwd.h> 4402]]) 4403 4404AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4405 [Define if we don't have struct __res_state in resolv.h])], 4406[[ 4407#include <stdio.h> 4408#if HAVE_SYS_TYPES_H 4409# include <sys/types.h> 4410#endif 4411#include <netinet/in.h> 4412#include <arpa/nameser.h> 4413#include <resolv.h> 4414]]) 4415 4416AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4417 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4418 [], 4419 [AC_LANG_SOURCE([[ 4420#include <sys/types.h> 4421#include <sys/socket.h> 4422#include <netinet/in.h> 4423 ]])] 4424) 4425 4426AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4427 ac_cv_have_ss_family_in_struct_ss, [ 4428 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4429#include <sys/types.h> 4430#include <sys/socket.h> 4431 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4432 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4433 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4434]) 4435if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4436 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4437fi 4438 4439AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4440 ac_cv_have___ss_family_in_struct_ss, [ 4441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4442#include <sys/types.h> 4443#include <sys/socket.h> 4444 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4445 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4446 [ ac_cv_have___ss_family_in_struct_ss="no" 4447 ]) 4448]) 4449if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4450 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4451 [Fields in struct sockaddr_storage]) 4452fi 4453 4454dnl make sure we're using the real structure members and not defines 4455AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4456 ac_cv_have_accrights_in_msghdr, [ 4457 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4458#include <sys/types.h> 4459#include <sys/socket.h> 4460#include <sys/uio.h> 4461#include <stdlib.h> 4462 ]], [[ 4463#ifdef msg_accrights 4464#error "msg_accrights is a macro" 4465exit(1); 4466#endif 4467struct msghdr m; 4468m.msg_accrights = 0; 4469exit(0); 4470 ]])], 4471 [ ac_cv_have_accrights_in_msghdr="yes" ], 4472 [ ac_cv_have_accrights_in_msghdr="no" ] 4473 ) 4474]) 4475if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4476 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4477 [Define if your system uses access rights style 4478 file descriptor passing]) 4479fi 4480 4481AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4482AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4483#include <sys/param.h> 4484#include <sys/stat.h> 4485#ifdef HAVE_SYS_TIME_H 4486# include <sys/time.h> 4487#endif 4488#ifdef HAVE_SYS_MOUNT_H 4489#include <sys/mount.h> 4490#endif 4491#ifdef HAVE_SYS_STATVFS_H 4492#include <sys/statvfs.h> 4493#endif 4494 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4495 [ AC_MSG_RESULT([yes]) ], 4496 [ AC_MSG_RESULT([no]) 4497 4498 AC_MSG_CHECKING([if fsid_t has member val]) 4499 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4500#include <sys/types.h> 4501#include <sys/statvfs.h> 4502 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4503 [ AC_MSG_RESULT([yes]) 4504 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4505 [ AC_MSG_RESULT([no]) ]) 4506 4507 AC_MSG_CHECKING([if f_fsid has member __val]) 4508 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4509#include <sys/types.h> 4510#include <sys/statvfs.h> 4511 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4512 [ AC_MSG_RESULT([yes]) 4513 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4514 [ AC_MSG_RESULT([no]) ]) 4515]) 4516 4517AC_CACHE_CHECK([for msg_control field in struct msghdr], 4518 ac_cv_have_control_in_msghdr, [ 4519 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4520#include <sys/types.h> 4521#include <sys/socket.h> 4522#include <sys/uio.h> 4523#include <stdlib.h> 4524 ]], [[ 4525#ifdef msg_control 4526#error "msg_control is a macro" 4527exit(1); 4528#endif 4529struct msghdr m; 4530m.msg_control = 0; 4531exit(0); 4532 ]])], 4533 [ ac_cv_have_control_in_msghdr="yes" ], 4534 [ ac_cv_have_control_in_msghdr="no" ] 4535 ) 4536]) 4537if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4538 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4539 [Define if your system uses ancillary data style 4540 file descriptor passing]) 4541fi 4542 4543AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4544 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4545 [[ extern char *__progname; printf("%s", __progname); ]])], 4546 [ ac_cv_libc_defines___progname="yes" ], 4547 [ ac_cv_libc_defines___progname="no" 4548 ]) 4549]) 4550if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4551 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4552fi 4553 4554AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4555 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4556 [[ printf("%s", __FUNCTION__); ]])], 4557 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4558 [ ac_cv_cc_implements___FUNCTION__="no" 4559 ]) 4560]) 4561if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4562 AC_DEFINE([HAVE___FUNCTION__], [1], 4563 [Define if compiler implements __FUNCTION__]) 4564fi 4565 4566AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4567 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4568 [[ printf("%s", __func__); ]])], 4569 [ ac_cv_cc_implements___func__="yes" ], 4570 [ ac_cv_cc_implements___func__="no" 4571 ]) 4572]) 4573if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4574 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4575fi 4576 4577AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4578 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4579#include <stdarg.h> 4580va_list x,y; 4581 ]], [[ va_copy(x,y); ]])], 4582 [ ac_cv_have_va_copy="yes" ], 4583 [ ac_cv_have_va_copy="no" 4584 ]) 4585]) 4586if test "x$ac_cv_have_va_copy" = "xyes" ; then 4587 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4588fi 4589 4590AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4591 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4592#include <stdarg.h> 4593va_list x,y; 4594 ]], [[ __va_copy(x,y); ]])], 4595 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4596 ]) 4597]) 4598if test "x$ac_cv_have___va_copy" = "xyes" ; then 4599 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4600fi 4601 4602AC_CACHE_CHECK([whether getopt has optreset support], 4603 ac_cv_have_getopt_optreset, [ 4604 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4605 [[ extern int optreset; optreset = 0; ]])], 4606 [ ac_cv_have_getopt_optreset="yes" ], 4607 [ ac_cv_have_getopt_optreset="no" 4608 ]) 4609]) 4610if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4611 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4612 [Define if your getopt(3) defines and uses optreset]) 4613fi 4614 4615AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4616 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4617[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4618 [ ac_cv_libc_defines_sys_errlist="yes" ], 4619 [ ac_cv_libc_defines_sys_errlist="no" 4620 ]) 4621]) 4622if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4623 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4624 [Define if your system defines sys_errlist[]]) 4625fi 4626 4627 4628AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4629 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4630[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4631 [ ac_cv_libc_defines_sys_nerr="yes" ], 4632 [ ac_cv_libc_defines_sys_nerr="no" 4633 ]) 4634]) 4635if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4636 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4637fi 4638 4639# Check libraries needed by DNS fingerprint support 4640AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4641 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4642 [Define if getrrsetbyname() exists])], 4643 [ 4644 # Needed by our getrrsetbyname() 4645 AC_SEARCH_LIBS([res_query], [resolv]) 4646 AC_SEARCH_LIBS([dn_expand], [resolv]) 4647 AC_MSG_CHECKING([if res_query will link]) 4648 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4649#include <sys/types.h> 4650#include <netinet/in.h> 4651#include <arpa/nameser.h> 4652#include <netdb.h> 4653#include <resolv.h> 4654 ]], [[ 4655 res_query (0, 0, 0, 0, 0); 4656 ]])], 4657 AC_MSG_RESULT([yes]), 4658 [AC_MSG_RESULT([no]) 4659 saved_LIBS="$LIBS" 4660 LIBS="$LIBS -lresolv" 4661 AC_MSG_CHECKING([for res_query in -lresolv]) 4662 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4663#include <sys/types.h> 4664#include <netinet/in.h> 4665#include <arpa/nameser.h> 4666#include <netdb.h> 4667#include <resolv.h> 4668 ]], [[ 4669 res_query (0, 0, 0, 0, 0); 4670 ]])], 4671 [AC_MSG_RESULT([yes])], 4672 [LIBS="$saved_LIBS" 4673 AC_MSG_RESULT([no])]) 4674 ]) 4675 AC_CHECK_FUNCS([_getshort _getlong]) 4676 AC_CHECK_DECLS([_getshort, _getlong], , , 4677 [#include <sys/types.h> 4678 #include <arpa/nameser.h>]) 4679 AC_CHECK_MEMBER([HEADER.ad], 4680 [AC_DEFINE([HAVE_HEADER_AD], [1], 4681 [Define if HEADER.ad exists in arpa/nameser.h])], , 4682 [#include <arpa/nameser.h>]) 4683 ]) 4684 4685AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4686AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4687#include <stdio.h> 4688#if HAVE_SYS_TYPES_H 4689# include <sys/types.h> 4690#endif 4691#include <netinet/in.h> 4692#include <arpa/nameser.h> 4693#include <resolv.h> 4694extern struct __res_state _res; 4695 ]], [[ 4696struct __res_state *volatile p = &_res; /* force resolution of _res */ 4697return 0; 4698 ]],)], 4699 [AC_MSG_RESULT([yes]) 4700 AC_DEFINE([HAVE__RES_EXTERN], [1], 4701 [Define if you have struct __res_state _res as an extern]) 4702 ], 4703 [ AC_MSG_RESULT([no]) ] 4704) 4705 4706# Check whether user wants SELinux support 4707SELINUX_MSG="no" 4708LIBSELINUX="" 4709AC_ARG_WITH([selinux], 4710 [ --with-selinux Enable SELinux support], 4711 [ if test "x$withval" != "xno" ; then 4712 save_LIBS="$LIBS" 4713 AC_DEFINE([WITH_SELINUX], [1], 4714 [Define if you want SELinux support.]) 4715 SELINUX_MSG="yes" 4716 AC_CHECK_HEADER([selinux/selinux.h], , 4717 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4718 AC_CHECK_LIB([selinux], [setexeccon], 4719 [ LIBSELINUX="-lselinux" 4720 LIBS="$LIBS -lselinux" 4721 ], 4722 AC_MSG_ERROR([SELinux support requires libselinux library])) 4723 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4724 LIBS="$save_LIBS $LIBSELINUX" 4725 fi ] 4726) 4727AC_SUBST([SSHDLIBS]) 4728 4729# Check whether user wants Kerberos 5 support 4730KRB5_MSG="no" 4731AC_ARG_WITH([kerberos5], 4732 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4733 [ if test "x$withval" != "xno" ; then 4734 if test "x$withval" = "xyes" ; then 4735 KRB5ROOT="/usr/local" 4736 else 4737 KRB5ROOT=${withval} 4738 fi 4739 4740 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4741 KRB5_MSG="yes" 4742 4743 use_pkgconfig_for_krb5= 4744 if test "x$PKGCONFIG" != "xno"; then 4745 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4746 if "$PKGCONFIG" krb5; then 4747 AC_MSG_RESULT([yes]) 4748 use_pkgconfig_for_krb5=yes 4749 else 4750 AC_MSG_RESULT([no]) 4751 fi 4752 fi 4753 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4754 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4755 K5LIBS=`$PKGCONFIG --libs krb5` 4756 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4757 4758 AC_MSG_CHECKING([for gssapi support]) 4759 if "$PKGCONFIG" krb5-gssapi; then 4760 AC_MSG_RESULT([yes]) 4761 AC_DEFINE([GSSAPI], [1], 4762 [Define this if you want GSSAPI 4763 support in the version 2 protocol]) 4764 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4765 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4766 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4767 else 4768 AC_MSG_RESULT([no]) 4769 fi 4770 AC_MSG_CHECKING([whether we are using Heimdal]) 4771 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4772 ]], [[ char *tmp = heimdal_version; ]])], 4773 [ AC_MSG_RESULT([yes]) 4774 AC_DEFINE([HEIMDAL], [1], 4775 [Define this if you are using the Heimdal 4776 version of Kerberos V5]) ], 4777 [AC_MSG_RESULT([no]) 4778 ]) 4779 else 4780 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4781 [$KRB5ROOT/bin/krb5-config], 4782 [$KRB5ROOT/bin:$PATH]) 4783 if test -x $KRB5CONF ; then 4784 K5CFLAGS="`$KRB5CONF --cflags`" 4785 K5LIBS="`$KRB5CONF --libs`" 4786 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4787 4788 AC_MSG_CHECKING([for gssapi support]) 4789 if $KRB5CONF | grep gssapi >/dev/null ; then 4790 AC_MSG_RESULT([yes]) 4791 AC_DEFINE([GSSAPI], [1], 4792 [Define this if you want GSSAPI 4793 support in the version 2 protocol]) 4794 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4795 GSSLIBS="`$KRB5CONF --libs gssapi`" 4796 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4797 else 4798 AC_MSG_RESULT([no]) 4799 fi 4800 AC_MSG_CHECKING([whether we are using Heimdal]) 4801 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4802 ]], [[ char *tmp = heimdal_version; ]])], 4803 [ AC_MSG_RESULT([yes]) 4804 AC_DEFINE([HEIMDAL], [1], 4805 [Define this if you are using the Heimdal 4806 version of Kerberos V5]) ], 4807 [AC_MSG_RESULT([no]) 4808 ]) 4809 else 4810 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4811 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4812 AC_MSG_CHECKING([whether we are using Heimdal]) 4813 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4814 ]], [[ char *tmp = heimdal_version; ]])], 4815 [ AC_MSG_RESULT([yes]) 4816 AC_DEFINE([HEIMDAL]) 4817 K5LIBS="-lkrb5" 4818 K5LIBS="$K5LIBS -lcom_err -lasn1" 4819 AC_CHECK_LIB([roken], [net_write], 4820 [K5LIBS="$K5LIBS -lroken"]) 4821 AC_CHECK_LIB([des], [des_cbc_encrypt], 4822 [K5LIBS="$K5LIBS -ldes"]) 4823 ], [ AC_MSG_RESULT([no]) 4824 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4825 ]) 4826 AC_SEARCH_LIBS([dn_expand], [resolv]) 4827 4828 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4829 [ AC_DEFINE([GSSAPI]) 4830 GSSLIBS="-lgssapi_krb5" ], 4831 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4832 [ AC_DEFINE([GSSAPI]) 4833 GSSLIBS="-lgssapi" ], 4834 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4835 [ AC_DEFINE([GSSAPI]) 4836 GSSLIBS="-lgss" ], 4837 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4838 ]) 4839 ]) 4840 4841 AC_CHECK_HEADER([gssapi.h], , 4842 [ unset ac_cv_header_gssapi_h 4843 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4844 AC_CHECK_HEADERS([gssapi.h], , 4845 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4846 ) 4847 ] 4848 ) 4849 4850 oldCPP="$CPPFLAGS" 4851 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4852 AC_CHECK_HEADER([gssapi_krb5.h], , 4853 [ CPPFLAGS="$oldCPP" ]) 4854 4855 fi 4856 fi 4857 if test -n "${rpath_opt}" ; then 4858 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4859 fi 4860 if test ! -z "$blibpath" ; then 4861 blibpath="$blibpath:${KRB5ROOT}/lib" 4862 fi 4863 4864 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4865 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4866 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4867 4868 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4869 [Define this if you want to use libkafs' AFS support])]) 4870 4871 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4872#ifdef HAVE_GSSAPI_H 4873# include <gssapi.h> 4874#elif defined(HAVE_GSSAPI_GSSAPI_H) 4875# include <gssapi/gssapi.h> 4876#endif 4877 4878#ifdef HAVE_GSSAPI_GENERIC_H 4879# include <gssapi_generic.h> 4880#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4881# include <gssapi/gssapi_generic.h> 4882#endif 4883 ]]) 4884 saved_LIBS="$LIBS" 4885 LIBS="$LIBS $K5LIBS" 4886 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4887 LIBS="$saved_LIBS" 4888 4889 fi 4890 ] 4891) 4892AC_SUBST([GSSLIBS]) 4893AC_SUBST([K5LIBS]) 4894AC_SUBST([CHANNELLIBS]) 4895 4896# Looking for programs, paths and files 4897 4898PRIVSEP_PATH=/var/empty 4899AC_ARG_WITH([privsep-path], 4900 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4901 [ 4902 if test -n "$withval" && test "x$withval" != "xno" && \ 4903 test "x${withval}" != "xyes"; then 4904 PRIVSEP_PATH=$withval 4905 fi 4906 ] 4907) 4908AC_SUBST([PRIVSEP_PATH]) 4909 4910AC_ARG_WITH([xauth], 4911 [ --with-xauth=PATH Specify path to xauth program ], 4912 [ 4913 if test -n "$withval" && test "x$withval" != "xno" && \ 4914 test "x${withval}" != "xyes"; then 4915 xauth_path=$withval 4916 fi 4917 ], 4918 [ 4919 TestPath="$PATH" 4920 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4921 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4922 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4923 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4924 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4925 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4926 xauth_path="/usr/openwin/bin/xauth" 4927 fi 4928 ] 4929) 4930 4931STRIP_OPT=-s 4932AC_ARG_ENABLE([strip], 4933 [ --disable-strip Disable calling strip(1) on install], 4934 [ 4935 if test "x$enableval" = "xno" ; then 4936 STRIP_OPT= 4937 fi 4938 ] 4939) 4940AC_SUBST([STRIP_OPT]) 4941 4942if test -z "$xauth_path" ; then 4943 XAUTH_PATH="undefined" 4944 AC_SUBST([XAUTH_PATH]) 4945else 4946 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4947 [Define if xauth is found in your path]) 4948 XAUTH_PATH=$xauth_path 4949 AC_SUBST([XAUTH_PATH]) 4950fi 4951 4952dnl # --with-maildir=/path/to/mail gets top priority. 4953dnl # if maildir is set in the platform case statement above we use that. 4954dnl # Otherwise we run a program to get the dir from system headers. 4955dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4956dnl # If we find _PATH_MAILDIR we do nothing because that is what 4957dnl # session.c expects anyway. Otherwise we set to the value found 4958dnl # stripping any trailing slash. If for some strage reason our program 4959dnl # does not find what it needs, we default to /var/spool/mail. 4960# Check for mail directory 4961AC_ARG_WITH([maildir], 4962 [ --with-maildir=/path/to/mail Specify your system mail directory], 4963 [ 4964 if test "X$withval" != X && test "x$withval" != xno && \ 4965 test "x${withval}" != xyes; then 4966 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4967 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4968 fi 4969 ],[ 4970 if test "X$maildir" != "X"; then 4971 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4972 else 4973 AC_MSG_CHECKING([Discovering system mail directory]) 4974 AC_RUN_IFELSE( 4975 [AC_LANG_PROGRAM([[ 4976#include <stdio.h> 4977#include <stdlib.h> 4978#include <string.h> 4979#ifdef HAVE_PATHS_H 4980#include <paths.h> 4981#endif 4982#ifdef HAVE_MAILLOCK_H 4983#include <maillock.h> 4984#endif 4985#define DATA "conftest.maildir" 4986 ]], [[ 4987 FILE *fd; 4988 int rc; 4989 4990 fd = fopen(DATA,"w"); 4991 if(fd == NULL) 4992 exit(1); 4993 4994#if defined (_PATH_MAILDIR) 4995 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4996 exit(1); 4997#elif defined (MAILDIR) 4998 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4999 exit(1); 5000#elif defined (_PATH_MAIL) 5001 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 5002 exit(1); 5003#else 5004 exit (2); 5005#endif 5006 5007 exit(0); 5008 ]])], 5009 [ 5010 maildir_what=`awk -F: '{print $1}' conftest.maildir` 5011 maildir=`awk -F: '{print $2}' conftest.maildir \ 5012 | sed 's|/$||'` 5013 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 5014 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 5015 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5016 fi 5017 ], 5018 [ 5019 if test "X$ac_status" = "X2";then 5020# our test program didn't find it. Default to /var/spool/mail 5021 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5022 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5023 else 5024 AC_MSG_RESULT([*** not found ***]) 5025 fi 5026 ], 5027 [ 5028 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5029 ] 5030 ) 5031 fi 5032 ] 5033) # maildir 5034 5035if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5036 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5037 disable_ptmx_check=yes 5038fi 5039if test -z "$no_dev_ptmx" ; then 5040 if test "x$disable_ptmx_check" != "xyes" ; then 5041 AC_CHECK_FILE(["/dev/ptmx"], 5042 [ 5043 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5044 [Define if you have /dev/ptmx]) 5045 have_dev_ptmx=1 5046 ] 5047 ) 5048 fi 5049fi 5050 5051if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5052 AC_CHECK_FILE(["/dev/ptc"], 5053 [ 5054 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5055 [Define if you have /dev/ptc]) 5056 have_dev_ptc=1 5057 ] 5058 ) 5059else 5060 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5061fi 5062 5063# Options from here on. Some of these are preset by platform above 5064AC_ARG_WITH([mantype], 5065 [ --with-mantype=man|cat|doc Set man page type], 5066 [ 5067 case "$withval" in 5068 man|cat|doc) 5069 MANTYPE=$withval 5070 ;; 5071 *) 5072 AC_MSG_ERROR([invalid man type: $withval]) 5073 ;; 5074 esac 5075 ] 5076) 5077if test -z "$MANTYPE"; then 5078 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5079 MANTYPE=doc 5080 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5081 MANTYPE=doc 5082 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5083 MANTYPE=man 5084 else 5085 MANTYPE=cat 5086 fi 5087fi 5088AC_SUBST([MANTYPE]) 5089if test "$MANTYPE" = "doc"; then 5090 mansubdir=man; 5091else 5092 mansubdir=$MANTYPE; 5093fi 5094AC_SUBST([mansubdir]) 5095 5096# Whether to disable shadow password support 5097AC_ARG_WITH([shadow], 5098 [ --without-shadow Disable shadow password support], 5099 [ 5100 if test "x$withval" = "xno" ; then 5101 AC_DEFINE([DISABLE_SHADOW]) 5102 disable_shadow=yes 5103 fi 5104 ] 5105) 5106 5107if test -z "$disable_shadow" ; then 5108 AC_MSG_CHECKING([if the systems has expire shadow information]) 5109 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5110#include <sys/types.h> 5111#include <shadow.h> 5112struct spwd sp; 5113 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5114 [ sp_expire_available=yes ], [ 5115 ]) 5116 5117 if test "x$sp_expire_available" = "xyes" ; then 5118 AC_MSG_RESULT([yes]) 5119 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5120 [Define if you want to use shadow password expire field]) 5121 else 5122 AC_MSG_RESULT([no]) 5123 fi 5124fi 5125 5126# Use ip address instead of hostname in $DISPLAY 5127if test ! -z "$IPADDR_IN_DISPLAY" ; then 5128 DISPLAY_HACK_MSG="yes" 5129 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5130 [Define if you need to use IP address 5131 instead of hostname in $DISPLAY]) 5132else 5133 DISPLAY_HACK_MSG="no" 5134 AC_ARG_WITH([ipaddr-display], 5135 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5136 [ 5137 if test "x$withval" != "xno" ; then 5138 AC_DEFINE([IPADDR_IN_DISPLAY]) 5139 DISPLAY_HACK_MSG="yes" 5140 fi 5141 ] 5142 ) 5143fi 5144 5145# check for /etc/default/login and use it if present. 5146AC_ARG_ENABLE([etc-default-login], 5147 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5148 [ if test "x$enableval" = "xno"; then 5149 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5150 etc_default_login=no 5151 else 5152 etc_default_login=yes 5153 fi ], 5154 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5155 then 5156 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5157 etc_default_login=no 5158 else 5159 etc_default_login=yes 5160 fi ] 5161) 5162 5163if test "x$etc_default_login" != "xno"; then 5164 AC_CHECK_FILE(["/etc/default/login"], 5165 [ external_path_file=/etc/default/login ]) 5166 if test "x$external_path_file" = "x/etc/default/login"; then 5167 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5168 [Define if your system has /etc/default/login]) 5169 fi 5170fi 5171 5172dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5173if test $ac_cv_func_login_getcapbool = "yes" && \ 5174 test $ac_cv_header_login_cap_h = "yes" ; then 5175 external_path_file=/etc/login.conf 5176fi 5177 5178# Whether to mess with the default path 5179SERVER_PATH_MSG="(default)" 5180AC_ARG_WITH([default-path], 5181 [ --with-default-path= Specify default $PATH environment for server], 5182 [ 5183 if test "x$external_path_file" = "x/etc/login.conf" ; then 5184 AC_MSG_WARN([ 5185--with-default-path=PATH has no effect on this system. 5186Edit /etc/login.conf instead.]) 5187 elif test "x$withval" != "xno" ; then 5188 if test ! -z "$external_path_file" ; then 5189 AC_MSG_WARN([ 5190--with-default-path=PATH will only be used if PATH is not defined in 5191$external_path_file .]) 5192 fi 5193 user_path="$withval" 5194 SERVER_PATH_MSG="$withval" 5195 fi 5196 ], 5197 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5198 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5199 else 5200 if test ! -z "$external_path_file" ; then 5201 AC_MSG_WARN([ 5202If PATH is defined in $external_path_file, ensure the path to scp is included, 5203otherwise scp will not work.]) 5204 fi 5205 AC_RUN_IFELSE( 5206 [AC_LANG_PROGRAM([[ 5207/* find out what STDPATH is */ 5208#include <stdio.h> 5209#include <stdlib.h> 5210#ifdef HAVE_PATHS_H 5211# include <paths.h> 5212#endif 5213#ifndef _PATH_STDPATH 5214# ifdef _PATH_USERPATH /* Irix */ 5215# define _PATH_STDPATH _PATH_USERPATH 5216# else 5217# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5218# endif 5219#endif 5220#include <sys/types.h> 5221#include <sys/stat.h> 5222#include <fcntl.h> 5223#define DATA "conftest.stdpath" 5224 ]], [[ 5225 FILE *fd; 5226 int rc; 5227 5228 fd = fopen(DATA,"w"); 5229 if(fd == NULL) 5230 exit(1); 5231 5232 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5233 exit(1); 5234 5235 exit(0); 5236 ]])], 5237 [ user_path=`cat conftest.stdpath` ], 5238 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5239 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5240 ) 5241# make sure $bindir is in USER_PATH so scp will work 5242 t_bindir="${bindir}" 5243 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5244 t_bindir=`eval echo ${t_bindir}` 5245 case $t_bindir in 5246 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5247 esac 5248 case $t_bindir in 5249 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5250 esac 5251 done 5252 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5253 if test $? -ne 0 ; then 5254 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5255 if test $? -ne 0 ; then 5256 user_path=$user_path:$t_bindir 5257 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5258 fi 5259 fi 5260 fi ] 5261) 5262if test "x$external_path_file" != "x/etc/login.conf" ; then 5263 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5264 AC_SUBST([user_path]) 5265fi 5266 5267# Set superuser path separately to user path 5268AC_ARG_WITH([superuser-path], 5269 [ --with-superuser-path= Specify different path for super-user], 5270 [ 5271 if test -n "$withval" && test "x$withval" != "xno" && \ 5272 test "x${withval}" != "xyes"; then 5273 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5274 [Define if you want a different $PATH 5275 for the superuser]) 5276 superuser_path=$withval 5277 fi 5278 ] 5279) 5280 5281 5282AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5283IPV4_IN6_HACK_MSG="no" 5284AC_ARG_WITH(4in6, 5285 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5286 [ 5287 if test "x$withval" != "xno" ; then 5288 AC_MSG_RESULT([yes]) 5289 AC_DEFINE([IPV4_IN_IPV6], [1], 5290 [Detect IPv4 in IPv6 mapped addresses 5291 and treat as IPv4]) 5292 IPV4_IN6_HACK_MSG="yes" 5293 else 5294 AC_MSG_RESULT([no]) 5295 fi 5296 ], [ 5297 if test "x$inet6_default_4in6" = "xyes"; then 5298 AC_MSG_RESULT([yes (default)]) 5299 AC_DEFINE([IPV4_IN_IPV6]) 5300 IPV4_IN6_HACK_MSG="yes" 5301 else 5302 AC_MSG_RESULT([no (default)]) 5303 fi 5304 ] 5305) 5306 5307# Whether to enable BSD auth support 5308BSD_AUTH_MSG=no 5309AC_ARG_WITH([bsd-auth], 5310 [ --with-bsd-auth Enable BSD auth support], 5311 [ 5312 if test "x$withval" != "xno" ; then 5313 AC_DEFINE([BSD_AUTH], [1], 5314 [Define if you have BSD auth support]) 5315 BSD_AUTH_MSG=yes 5316 fi 5317 ] 5318) 5319 5320# Where to place sshd.pid 5321piddir=/var/run 5322# make sure the directory exists 5323if test ! -d $piddir ; then 5324 piddir=`eval echo ${sysconfdir}` 5325 case $piddir in 5326 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5327 esac 5328fi 5329 5330AC_ARG_WITH([pid-dir], 5331 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5332 [ 5333 if test -n "$withval" && test "x$withval" != "xno" && \ 5334 test "x${withval}" != "xyes"; then 5335 piddir=$withval 5336 if test ! -d $piddir ; then 5337 AC_MSG_WARN([** no $piddir directory on this system **]) 5338 fi 5339 fi 5340 ] 5341) 5342 5343AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5344 [Specify location of ssh.pid]) 5345AC_SUBST([piddir]) 5346 5347dnl allow user to disable some login recording features 5348AC_ARG_ENABLE([lastlog], 5349 [ --disable-lastlog disable use of lastlog even if detected [no]], 5350 [ 5351 if test "x$enableval" = "xno" ; then 5352 AC_DEFINE([DISABLE_LASTLOG]) 5353 fi 5354 ] 5355) 5356AC_ARG_ENABLE([utmp], 5357 [ --disable-utmp disable use of utmp even if detected [no]], 5358 [ 5359 if test "x$enableval" = "xno" ; then 5360 AC_DEFINE([DISABLE_UTMP]) 5361 fi 5362 ] 5363) 5364AC_ARG_ENABLE([utmpx], 5365 [ --disable-utmpx disable use of utmpx even if detected [no]], 5366 [ 5367 if test "x$enableval" = "xno" ; then 5368 AC_DEFINE([DISABLE_UTMPX], [1], 5369 [Define if you don't want to use utmpx]) 5370 fi 5371 ] 5372) 5373AC_ARG_ENABLE([wtmp], 5374 [ --disable-wtmp disable use of wtmp even if detected [no]], 5375 [ 5376 if test "x$enableval" = "xno" ; then 5377 AC_DEFINE([DISABLE_WTMP]) 5378 fi 5379 ] 5380) 5381AC_ARG_ENABLE([wtmpx], 5382 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5383 [ 5384 if test "x$enableval" = "xno" ; then 5385 AC_DEFINE([DISABLE_WTMPX], [1], 5386 [Define if you don't want to use wtmpx]) 5387 fi 5388 ] 5389) 5390AC_ARG_ENABLE([libutil], 5391 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5392 [ 5393 if test "x$enableval" = "xno" ; then 5394 AC_DEFINE([DISABLE_LOGIN]) 5395 fi 5396 ] 5397) 5398AC_ARG_ENABLE([pututline], 5399 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5400 [ 5401 if test "x$enableval" = "xno" ; then 5402 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5403 [Define if you don't want to use pututline() 5404 etc. to write [uw]tmp]) 5405 fi 5406 ] 5407) 5408AC_ARG_ENABLE([pututxline], 5409 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5410 [ 5411 if test "x$enableval" = "xno" ; then 5412 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5413 [Define if you don't want to use pututxline() 5414 etc. to write [uw]tmpx]) 5415 fi 5416 ] 5417) 5418AC_ARG_WITH([lastlog], 5419 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5420 [ 5421 if test "x$withval" = "xno" ; then 5422 AC_DEFINE([DISABLE_LASTLOG]) 5423 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5424 conf_lastlog_location=$withval 5425 fi 5426 ] 5427) 5428 5429dnl lastlog, [uw]tmpx? detection 5430dnl NOTE: set the paths in the platform section to avoid the 5431dnl need for command-line parameters 5432dnl lastlog and [uw]tmp are subject to a file search if all else fails 5433 5434dnl lastlog detection 5435dnl NOTE: the code itself will detect if lastlog is a directory 5436AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5437AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5438#include <sys/types.h> 5439#include <utmp.h> 5440#ifdef HAVE_LASTLOG_H 5441# include <lastlog.h> 5442#endif 5443#ifdef HAVE_PATHS_H 5444# include <paths.h> 5445#endif 5446#ifdef HAVE_LOGIN_H 5447# include <login.h> 5448#endif 5449 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5450 [ AC_MSG_RESULT([yes]) ], 5451 [ 5452 AC_MSG_RESULT([no]) 5453 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5454 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5455#include <sys/types.h> 5456#include <utmp.h> 5457#ifdef HAVE_LASTLOG_H 5458# include <lastlog.h> 5459#endif 5460#ifdef HAVE_PATHS_H 5461# include <paths.h> 5462#endif 5463 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5464 [ AC_MSG_RESULT([yes]) ], 5465 [ 5466 AC_MSG_RESULT([no]) 5467 system_lastlog_path=no 5468 ]) 5469]) 5470 5471if test -z "$conf_lastlog_location"; then 5472 if test x"$system_lastlog_path" = x"no" ; then 5473 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5474 if (test -d "$f" || test -f "$f") ; then 5475 conf_lastlog_location=$f 5476 fi 5477 done 5478 if test -z "$conf_lastlog_location"; then 5479 AC_MSG_WARN([** Cannot find lastlog **]) 5480 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5481 fi 5482 fi 5483fi 5484 5485if test -n "$conf_lastlog_location"; then 5486 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5487 [Define if you want to specify the path to your lastlog file]) 5488fi 5489 5490dnl utmp detection 5491AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5492AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5493#include <sys/types.h> 5494#include <utmp.h> 5495#ifdef HAVE_PATHS_H 5496# include <paths.h> 5497#endif 5498 ]], [[ char *utmp = UTMP_FILE; ]])], 5499 [ AC_MSG_RESULT([yes]) ], 5500 [ AC_MSG_RESULT([no]) 5501 system_utmp_path=no 5502]) 5503if test -z "$conf_utmp_location"; then 5504 if test x"$system_utmp_path" = x"no" ; then 5505 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5506 if test -f $f ; then 5507 conf_utmp_location=$f 5508 fi 5509 done 5510 if test -z "$conf_utmp_location"; then 5511 AC_DEFINE([DISABLE_UTMP]) 5512 fi 5513 fi 5514fi 5515if test -n "$conf_utmp_location"; then 5516 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5517 [Define if you want to specify the path to your utmp file]) 5518fi 5519 5520dnl wtmp detection 5521AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5522AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5523#include <sys/types.h> 5524#include <utmp.h> 5525#ifdef HAVE_PATHS_H 5526# include <paths.h> 5527#endif 5528 ]], [[ char *wtmp = WTMP_FILE; ]])], 5529 [ AC_MSG_RESULT([yes]) ], 5530 [ AC_MSG_RESULT([no]) 5531 system_wtmp_path=no 5532]) 5533if test -z "$conf_wtmp_location"; then 5534 if test x"$system_wtmp_path" = x"no" ; then 5535 for f in /usr/adm/wtmp /var/log/wtmp; do 5536 if test -f $f ; then 5537 conf_wtmp_location=$f 5538 fi 5539 done 5540 if test -z "$conf_wtmp_location"; then 5541 AC_DEFINE([DISABLE_WTMP]) 5542 fi 5543 fi 5544fi 5545if test -n "$conf_wtmp_location"; then 5546 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5547 [Define if you want to specify the path to your wtmp file]) 5548fi 5549 5550dnl wtmpx detection 5551AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5552AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5553#include <sys/types.h> 5554#include <utmp.h> 5555#ifdef HAVE_UTMPX_H 5556#include <utmpx.h> 5557#endif 5558#ifdef HAVE_PATHS_H 5559# include <paths.h> 5560#endif 5561 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5562 [ AC_MSG_RESULT([yes]) ], 5563 [ AC_MSG_RESULT([no]) 5564 system_wtmpx_path=no 5565]) 5566if test -z "$conf_wtmpx_location"; then 5567 if test x"$system_wtmpx_path" = x"no" ; then 5568 AC_DEFINE([DISABLE_WTMPX]) 5569 fi 5570else 5571 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5572 [Define if you want to specify the path to your wtmpx file]) 5573fi 5574 5575 5576if test ! -z "$blibpath" ; then 5577 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5578 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5579fi 5580 5581AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5582 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5583 AC_DEFINE([DISABLE_LASTLOG]) 5584 fi 5585 ], [ 5586#ifdef HAVE_SYS_TYPES_H 5587#include <sys/types.h> 5588#endif 5589#ifdef HAVE_UTMP_H 5590#include <utmp.h> 5591#endif 5592#ifdef HAVE_UTMPX_H 5593#include <utmpx.h> 5594#endif 5595#ifdef HAVE_LASTLOG_H 5596#include <lastlog.h> 5597#endif 5598 ]) 5599 5600AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5601 AC_DEFINE([DISABLE_UTMP]) 5602 AC_DEFINE([DISABLE_WTMP]) 5603 ], [ 5604#ifdef HAVE_SYS_TYPES_H 5605#include <sys/types.h> 5606#endif 5607#ifdef HAVE_UTMP_H 5608#include <utmp.h> 5609#endif 5610#ifdef HAVE_UTMPX_H 5611#include <utmpx.h> 5612#endif 5613#ifdef HAVE_LASTLOG_H 5614#include <lastlog.h> 5615#endif 5616 ]) 5617 5618dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5619dnl Add now. 5620CFLAGS="$CFLAGS $werror_flags" 5621 5622if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5623 TEST_SSH_IPV6=no 5624else 5625 TEST_SSH_IPV6=yes 5626fi 5627AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5628AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5629AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5630AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5631AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5632AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5633 5634CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5635LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5636 5637# Make a copy of CFLAGS/LDFLAGS without PIE options. 5638LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5639CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5640AC_SUBST([LDFLAGS_NOPIE]) 5641AC_SUBST([CFLAGS_NOPIE]) 5642 5643AC_EXEEXT 5644AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5645 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5646 survey.sh]) 5647AC_OUTPUT 5648 5649# Print summary of options 5650 5651# Someone please show me a better way :) 5652A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5653B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5654C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5655D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5656E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5657F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5658G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5659H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5660I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5661J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5662 5663echo "" 5664echo "OpenSSH has been configured with the following options:" 5665echo " User binaries: $B" 5666echo " System binaries: $C" 5667echo " Configuration files: $D" 5668echo " Askpass program: $E" 5669echo " Manual pages: $F" 5670echo " PID file: $G" 5671echo " Privilege separation chroot path: $H" 5672if test "x$external_path_file" = "x/etc/login.conf" ; then 5673echo " At runtime, sshd will use the path defined in $external_path_file" 5674echo " Make sure the path to scp is present, otherwise scp will not work" 5675else 5676echo " sshd default user PATH: $I" 5677 if test ! -z "$external_path_file"; then 5678echo " (If PATH is set in $external_path_file it will be used instead. If" 5679echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5680 fi 5681fi 5682if test ! -z "$superuser_path" ; then 5683echo " sshd superuser user PATH: $J" 5684fi 5685echo " Manpage format: $MANTYPE" 5686echo " PAM support: $PAM_MSG" 5687echo " OSF SIA support: $SIA_MSG" 5688echo " KerberosV support: $KRB5_MSG" 5689echo " SELinux support: $SELINUX_MSG" 5690echo " TCP Wrappers support: $TCPW_MSG" 5691echo " libedit support: $LIBEDIT_MSG" 5692echo " libldns support: $LDNS_MSG" 5693echo " Solaris process contract support: $SPC_MSG" 5694echo " Solaris project support: $SP_MSG" 5695echo " Solaris privilege support: $SPP_MSG" 5696echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5697echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5698echo " BSD Auth support: $BSD_AUTH_MSG" 5699echo " Random number source: $RAND_MSG" 5700echo " Privsep sandbox style: $SANDBOX_STYLE" 5701echo " PKCS#11 support: $enable_pkcs11" 5702echo " U2F/FIDO support: $enable_sk" 5703 5704echo "" 5705 5706echo " Host: ${host}" 5707echo " Compiler: ${CC}" 5708echo " Compiler flags: ${CFLAGS}" 5709echo "Preprocessor flags: ${CPPFLAGS}" 5710echo " Linker flags: ${LDFLAGS}" 5711echo " Libraries: ${LIBS}" 5712if test ! -z "${CHANNELLIBS}"; then 5713echo " +for channels: ${CHANNELLIBS}" 5714fi 5715if test ! -z "${LIBFIDO2}"; then 5716echo " +for FIDO2: ${LIBFIDO2}" 5717fi 5718if test ! -z "${SSHDLIBS}"; then 5719echo " +for sshd: ${SSHDLIBS}" 5720fi 5721 5722echo "" 5723 5724if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5725 echo "SVR4 style packages are supported with \"make package\"" 5726 echo "" 5727fi 5728 5729if test "x$PAM_MSG" = "xyes" ; then 5730 echo "PAM is enabled. You may need to install a PAM control file " 5731 echo "for sshd, otherwise password authentication may fail. " 5732 echo "Example PAM control files can be found in the contrib/ " 5733 echo "subdirectory" 5734 echo "" 5735fi 5736 5737if test ! -z "$NO_PEERCHECK" ; then 5738 echo "WARNING: the operating system that you are using does not" 5739 echo "appear to support getpeereid(), getpeerucred() or the" 5740 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5741 echo "enforce security checks to prevent unauthorised connections to" 5742 echo "ssh-agent. Their absence increases the risk that a malicious" 5743 echo "user can connect to your agent." 5744 echo "" 5745fi 5746 5747if test "$AUDIT_MODULE" = "bsm" ; then 5748 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5749 echo "See the Solaris section in README.platform for details." 5750fi 5751