1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133openssl_bin=openssl 134AC_ARG_WITH([openssl], 135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 136 [ if test "x$withval" = "xno" ; then 137 openssl=no 138 openssl_bin="" 139 fi 140 ] 141) 142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 143if test "x$openssl" = "xyes" ; then 144 AC_MSG_RESULT([yes]) 145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 146else 147 AC_MSG_RESULT([no]) 148fi 149 150use_stack_protector=1 151use_toolchain_hardening=1 152AC_ARG_WITH([stackprotect], 153 [ --without-stackprotect Don't use compiler's stack protection], [ 154 if test "x$withval" = "xno"; then 155 use_stack_protector=0 156 fi ]) 157AC_ARG_WITH([hardening], 158 [ --without-hardening Don't use toolchain hardening flags], [ 159 if test "x$withval" = "xno"; then 160 use_toolchain_hardening=0 161 fi ]) 162 163# We use -Werror for the tests only so that we catch warnings like "this is 164# on by default" for things like -fPIE. 165AC_MSG_CHECKING([if $CC supports -Werror]) 166saved_CFLAGS="$CFLAGS" 167CFLAGS="$CFLAGS -Werror" 168AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 169 [ AC_MSG_RESULT([yes]) 170 WERROR="-Werror"], 171 [ AC_MSG_RESULT([no]) 172 WERROR="" ] 173) 174CFLAGS="$saved_CFLAGS" 175 176if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 177 AC_MSG_CHECKING([gcc version]) 178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 179 case "$GCC_VER" in 180 1.*) no_attrib_nonnull=1 ;; 181 2.8* | 2.9*) 182 no_attrib_nonnull=1 183 ;; 184 2.*) no_attrib_nonnull=1 ;; 185 *) ;; 186 esac 187 AC_MSG_RESULT([$GCC_VER]) 188 189 AC_MSG_CHECKING([clang version]) 190 CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'` 191 AC_MSG_RESULT([$CLANG_VER]) 192 193 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 195 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 196 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 197 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 198 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 199 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 200 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 201 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 202 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 203 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 204 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 205 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 206 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 209 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 210 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 211 if test "x$use_toolchain_hardening" = "x1"; then 212 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 213 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 214 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 215 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 216 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 217 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 218 # NB. -ftrapv expects certain support functions to be present in 219 # the compiler library (libgcc or similar) to detect integer operations 220 # that can overflow. We must check that the result of enabling it 221 # actually links. The test program compiled/linked includes a number 222 # of integer operations that should exercise this. 223 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 224 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 225 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 226 # https://github.com/llvm/llvm-project/issues/59242 227 case "$CLANG_VER" in 228 15.*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;; 229 *) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;; 230 esac 231 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 232 fi 233 234 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 235 saved_CFLAGS="$CFLAGS" 236 CFLAGS="$CFLAGS -fno-builtin-memset" 237 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 238 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 239 [ AC_MSG_RESULT([yes]) ], 240 [ AC_MSG_RESULT([no]) 241 CFLAGS="$saved_CFLAGS" ] 242 ) 243 244 # -fstack-protector-all doesn't always work for some GCC versions 245 # and/or platforms, so we test if we can. If it's not supported 246 # on a given platform gcc will emit a warning so we use -Werror. 247 if test "x$use_stack_protector" = "x1"; then 248 for t in -fstack-protector-strong -fstack-protector-all \ 249 -fstack-protector; do 250 AC_MSG_CHECKING([if $CC supports $t]) 251 saved_CFLAGS="$CFLAGS" 252 saved_LDFLAGS="$LDFLAGS" 253 CFLAGS="$CFLAGS $t -Werror" 254 LDFLAGS="$LDFLAGS $t -Werror" 255 AC_LINK_IFELSE( 256 [AC_LANG_PROGRAM([[ 257 #include <stdio.h> 258 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 259 ]], 260 [[ 261 char x[256]; 262 snprintf(x, sizeof(x), "XXX%d", func(1)); 263 ]])], 264 [ AC_MSG_RESULT([yes]) 265 CFLAGS="$saved_CFLAGS $t" 266 LDFLAGS="$saved_LDFLAGS $t" 267 AC_MSG_CHECKING([if $t works]) 268 AC_RUN_IFELSE( 269 [AC_LANG_PROGRAM([[ 270 #include <stdio.h> 271 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 272 ]], 273 [[ 274 char x[256]; 275 snprintf(x, sizeof(x), "XXX%d", func(1)); 276 ]])], 277 [ AC_MSG_RESULT([yes]) 278 break ], 279 [ AC_MSG_RESULT([no]) ], 280 [ AC_MSG_WARN([cross compiling: cannot test]) 281 break ] 282 ) 283 ], 284 [ AC_MSG_RESULT([no]) ] 285 ) 286 CFLAGS="$saved_CFLAGS" 287 LDFLAGS="$saved_LDFLAGS" 288 done 289 fi 290 291 if test -z "$have_llong_max"; then 292 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 293 unset ac_cv_have_decl_LLONG_MAX 294 saved_CFLAGS="$CFLAGS" 295 CFLAGS="$CFLAGS -std=gnu99" 296 AC_CHECK_DECL([LLONG_MAX], 297 [have_llong_max=1], 298 [CFLAGS="$saved_CFLAGS"], 299 [#include <limits.h>] 300 ) 301 fi 302fi 303 304AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 305AC_COMPILE_IFELSE( 306 [AC_LANG_PROGRAM([[ 307#include <stdlib.h> 308__attribute__((__unused__)) static void foo(void){return;}]], 309 [[ exit(0); ]])], 310 [ AC_MSG_RESULT([yes]) ], 311 [ AC_MSG_RESULT([no]) 312 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 313 [compiler does not accept __attribute__ on return types]) ] 314) 315 316AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 317AC_COMPILE_IFELSE( 318 [AC_LANG_PROGRAM([[ 319#include <stdlib.h> 320typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 321 [[ exit(0); ]])], 322 [ AC_MSG_RESULT([yes]) ], 323 [ AC_MSG_RESULT([no]) 324 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 325 [compiler does not accept __attribute__ on prototype args]) ] 326) 327 328AC_MSG_CHECKING([if compiler supports variable length arrays]) 329AC_COMPILE_IFELSE( 330 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 331 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 332 [ AC_MSG_RESULT([yes]) 333 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 334 [compiler supports variable length arrays]) ], 335 [ AC_MSG_RESULT([no]) ] 336) 337 338AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 339AC_COMPILE_IFELSE( 340 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 341 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 342 [ AC_MSG_RESULT([yes]) 343 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 344 [compiler variable declarations after code]) ], 345 [ AC_MSG_RESULT([no]) ] 346) 347 348if test "x$no_attrib_nonnull" != "x1" ; then 349 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 350fi 351 352AC_ARG_WITH([rpath], 353 [ --without-rpath Disable auto-added -R linker paths], 354 [ 355 if test "x$withval" = "xno" ; then 356 rpath_opt="" 357 elif test "x$withval" = "xyes" ; then 358 rpath_opt="-R" 359 else 360 rpath_opt="$withval" 361 fi 362 ] 363) 364 365# Allow user to specify flags 366AC_ARG_WITH([cflags], 367 [ --with-cflags Specify additional flags to pass to compiler], 368 [ 369 if test -n "$withval" && test "x$withval" != "xno" && \ 370 test "x${withval}" != "xyes"; then 371 CFLAGS="$CFLAGS $withval" 372 fi 373 ] 374) 375 376AC_ARG_WITH([cflags-after], 377 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 378 [ 379 if test -n "$withval" && test "x$withval" != "xno" && \ 380 test "x${withval}" != "xyes"; then 381 CFLAGS_AFTER="$withval" 382 fi 383 ] 384) 385AC_ARG_WITH([cppflags], 386 [ --with-cppflags Specify additional flags to pass to preprocessor] , 387 [ 388 if test -n "$withval" && test "x$withval" != "xno" && \ 389 test "x${withval}" != "xyes"; then 390 CPPFLAGS="$CPPFLAGS $withval" 391 fi 392 ] 393) 394AC_ARG_WITH([ldflags], 395 [ --with-ldflags Specify additional flags to pass to linker], 396 [ 397 if test -n "$withval" && test "x$withval" != "xno" && \ 398 test "x${withval}" != "xyes"; then 399 LDFLAGS="$LDFLAGS $withval" 400 fi 401 ] 402) 403AC_ARG_WITH([ldflags-after], 404 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 405 [ 406 if test -n "$withval" && test "x$withval" != "xno" && \ 407 test "x${withval}" != "xyes"; then 408 LDFLAGS_AFTER="$withval" 409 fi 410 ] 411) 412AC_ARG_WITH([libs], 413 [ --with-libs Specify additional libraries to link with], 414 [ 415 if test -n "$withval" && test "x$withval" != "xno" && \ 416 test "x${withval}" != "xyes"; then 417 LIBS="$LIBS $withval" 418 fi 419 ] 420) 421AC_ARG_WITH([Werror], 422 [ --with-Werror Build main code with -Werror], 423 [ 424 if test -n "$withval" && test "x$withval" != "xno"; then 425 werror_flags="-Werror" 426 if test "x${withval}" != "xyes"; then 427 werror_flags="$withval" 428 fi 429 fi 430 ] 431) 432 433dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 434dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 435dnl haven't detected it, recheck. 436if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 437 unset ac_cv_header_sys_stat_h 438 AC_CHECK_HEADERS([sys/stat.h]) 439fi 440 441AC_CHECK_HEADERS([ \ 442 blf.h \ 443 bstring.h \ 444 crypt.h \ 445 crypto/sha2.h \ 446 dirent.h \ 447 endian.h \ 448 elf.h \ 449 err.h \ 450 features.h \ 451 fcntl.h \ 452 floatingpoint.h \ 453 fnmatch.h \ 454 getopt.h \ 455 glob.h \ 456 ia.h \ 457 iaf.h \ 458 ifaddrs.h \ 459 inttypes.h \ 460 langinfo.h \ 461 limits.h \ 462 locale.h \ 463 login.h \ 464 maillock.h \ 465 ndir.h \ 466 net/if_tun.h \ 467 netdb.h \ 468 netgroup.h \ 469 pam/pam_appl.h \ 470 paths.h \ 471 poll.h \ 472 pty.h \ 473 readpassphrase.h \ 474 rpc/types.h \ 475 security/pam_appl.h \ 476 sha2.h \ 477 shadow.h \ 478 stddef.h \ 479 stdint.h \ 480 string.h \ 481 strings.h \ 482 sys/bitypes.h \ 483 sys/byteorder.h \ 484 sys/bsdtty.h \ 485 sys/cdefs.h \ 486 sys/dir.h \ 487 sys/file.h \ 488 sys/mman.h \ 489 sys/label.h \ 490 sys/ndir.h \ 491 sys/param.h \ 492 sys/poll.h \ 493 sys/prctl.h \ 494 sys/procctl.h \ 495 sys/pstat.h \ 496 sys/ptrace.h \ 497 sys/random.h \ 498 sys/select.h \ 499 sys/stream.h \ 500 sys/stropts.h \ 501 sys/strtio.h \ 502 sys/statvfs.h \ 503 sys/sysmacros.h \ 504 sys/time.h \ 505 sys/timers.h \ 506 sys/vfs.h \ 507 time.h \ 508 tmpdir.h \ 509 ttyent.h \ 510 ucred.h \ 511 unistd.h \ 512 usersec.h \ 513 util.h \ 514 utime.h \ 515 utmp.h \ 516 utmpx.h \ 517 vis.h \ 518 wchar.h \ 519]) 520 521# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 522# to be included first. 523AC_CHECK_HEADERS([sys/audit.h], [], [], [ 524#ifdef HAVE_SYS_TIME_H 525# include <sys/time.h> 526#endif 527#ifdef HAVE_SYS_TYPES_H 528# include <sys/types.h> 529#endif 530#ifdef HAVE_SYS_LABEL_H 531# include <sys/label.h> 532#endif 533]) 534 535# sys/capsicum.h requires sys/types.h 536AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 537#ifdef HAVE_SYS_TYPES_H 538# include <sys/types.h> 539#endif 540]) 541 542AC_MSG_CHECKING([for caph_cache_tzdata]) 543AC_LINK_IFELSE( 544 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 545 [[caph_cache_tzdata();]])], 546 [ 547 AC_MSG_RESULT([yes]) 548 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 549 [Define if you have caph_cache_tzdata]) 550 ], 551 [ AC_MSG_RESULT([no]) ] 552) 553 554# net/route.h requires sys/socket.h and sys/types.h. 555# sys/sysctl.h also requires sys/param.h 556AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 557#ifdef HAVE_SYS_TYPES_H 558# include <sys/types.h> 559#endif 560#include <sys/param.h> 561#include <sys/socket.h> 562]) 563 564# lastlog.h requires sys/time.h to be included first on Solaris 565AC_CHECK_HEADERS([lastlog.h], [], [], [ 566#ifdef HAVE_SYS_TIME_H 567# include <sys/time.h> 568#endif 569]) 570 571# sys/ptms.h requires sys/stream.h to be included first on Solaris 572AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 573#ifdef HAVE_SYS_STREAM_H 574# include <sys/stream.h> 575#endif 576]) 577 578# login_cap.h requires sys/types.h on NetBSD 579AC_CHECK_HEADERS([login_cap.h], [], [], [ 580#include <sys/types.h> 581]) 582 583# older BSDs need sys/param.h before sys/mount.h 584AC_CHECK_HEADERS([sys/mount.h], [], [], [ 585#include <sys/param.h> 586]) 587 588# Android requires sys/socket.h to be included before sys/un.h 589AC_CHECK_HEADERS([sys/un.h], [], [], [ 590#include <sys/types.h> 591#include <sys/socket.h> 592]) 593 594# Messages for features tested for in target-specific section 595SIA_MSG="no" 596SPC_MSG="no" 597SP_MSG="no" 598SPP_MSG="no" 599 600# Support for Solaris/Illumos privileges (this test is used by both 601# the --with-solaris-privs option and --with-sandbox=solaris). 602SOLARIS_PRIVS="no" 603 604# Check for some target-specific stuff 605case "$host" in 606*-*-aix*) 607 # Some versions of VAC won't allow macro redefinitions at 608 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 609 # particularly with older versions of vac or xlc. 610 # It also throws errors about null macro arguments, but these are 611 # not fatal. 612 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 613 AC_COMPILE_IFELSE( 614 [AC_LANG_PROGRAM([[ 615#define testmacro foo 616#define testmacro bar]], 617 [[ exit(0); ]])], 618 [ AC_MSG_RESULT([yes]) ], 619 [ AC_MSG_RESULT([no]) 620 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 621 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 622 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 623 ] 624 ) 625 626 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 627 if (test -z "$blibpath"); then 628 blibpath="/usr/lib:/lib" 629 fi 630 saved_LDFLAGS="$LDFLAGS" 631 if test "$GCC" = "yes"; then 632 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 633 else 634 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 635 fi 636 for tryflags in $flags ;do 637 if (test -z "$blibflags"); then 638 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 639 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 640 [blibflags=$tryflags], []) 641 fi 642 done 643 if (test -z "$blibflags"); then 644 AC_MSG_RESULT([not found]) 645 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 646 else 647 AC_MSG_RESULT([$blibflags]) 648 fi 649 LDFLAGS="$saved_LDFLAGS" 650 dnl Check for authenticate. Might be in libs.a on older AIXes 651 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 652 [Define if you want to enable AIX4's authenticate function])], 653 [AC_CHECK_LIB([s], [authenticate], 654 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 655 LIBS="$LIBS -ls" 656 ]) 657 ]) 658 dnl Check for various auth function declarations in headers. 659 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 660 passwdexpired, setauthdb], , , [#include <usersec.h>]) 661 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 662 AC_CHECK_DECLS([loginfailed], 663 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 664 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 665 [[ (void)loginfailed("user","host","tty",0); ]])], 666 [AC_MSG_RESULT([yes]) 667 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 668 [Define if your AIX loginfailed() function 669 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 670 ])], 671 [], 672 [#include <usersec.h>] 673 ) 674 AC_CHECK_FUNCS([getgrset setauthdb]) 675 AC_CHECK_DECL([F_CLOSEM], 676 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 677 [], 678 [ #include <limits.h> 679 #include <fcntl.h> ] 680 ) 681 check_for_aix_broken_getaddrinfo=1 682 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 683 [Define if your platform breaks doing a seteuid before a setuid]) 684 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 685 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 686 dnl AIX handles lastlog as part of its login message 687 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 688 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 689 [Some systems need a utmpx entry for /bin/login to work]) 690 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 691 [Define to a Set Process Title type if your system is 692 supported by bsd-setproctitle.c]) 693 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 694 [AIX 5.2 and 5.3 (and presumably newer) require this]) 695 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 696 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 697 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 698 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 699 ;; 700*-*-android*) 701 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 702 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 703 ;; 704*-*-cygwin*) 705 LIBS="$LIBS /usr/lib/textreadmode.o" 706 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 707 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 708 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 709 [Define to disable UID restoration test]) 710 AC_DEFINE([DISABLE_SHADOW], [1], 711 [Define if you want to disable shadow passwords]) 712 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 713 [Define if X11 doesn't support AF_UNIX sockets on that system]) 714 AC_DEFINE([DISABLE_FD_PASSING], [1], 715 [Define if your platform needs to skip post auth 716 file descriptor passing]) 717 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 718 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 719 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 720 # reasons which cause compile warnings, so we disable those warnings. 721 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 722 ;; 723*-*-dgux*) 724 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 725 [Define if your system choked on IP TOS setting]) 726 AC_DEFINE([SETEUID_BREAKS_SETUID]) 727 AC_DEFINE([BROKEN_SETREUID]) 728 AC_DEFINE([BROKEN_SETREGID]) 729 ;; 730*-*-darwin*) 731 use_pie=auto 732 AC_MSG_CHECKING([if we have working getaddrinfo]) 733 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 734#include <mach-o/dyld.h> 735#include <stdlib.h> 736int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 737 exit(0); 738 else 739 exit(1); 740} 741 ]])], 742 [AC_MSG_RESULT([working])], 743 [AC_MSG_RESULT([buggy]) 744 AC_DEFINE([BROKEN_GETADDRINFO], [1], 745 [getaddrinfo is broken (if present)]) 746 ], 747 [AC_MSG_RESULT([assume it is working])]) 748 AC_DEFINE([SETEUID_BREAKS_SETUID]) 749 AC_DEFINE([BROKEN_SETREUID]) 750 AC_DEFINE([BROKEN_SETREGID]) 751 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 752 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 753 [Define if your resolver libs need this for getrrsetbyname]) 754 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 755 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 756 [Use tunnel device compatibility to OpenBSD]) 757 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 758 [Prepend the address family to IP tunnel traffic]) 759 m4_pattern_allow([AU_IPv]) 760 AC_CHECK_DECL([AU_IPv4], [], 761 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 762 [#include <bsm/audit.h>] 763 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 764 [Define if pututxline updates lastlog too]) 765 ) 766 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 767 [Define to a Set Process Title type if your system is 768 supported by bsd-setproctitle.c]) 769 AC_CHECK_FUNCS([sandbox_init]) 770 AC_CHECK_HEADERS([sandbox.h]) 771 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 772 SSHDLIBS="$SSHDLIBS -lsandbox" 773 ]) 774 # proc_pidinfo()-based closefrom() replacement. 775 AC_CHECK_HEADERS([libproc.h]) 776 AC_CHECK_FUNCS([proc_pidinfo]) 777 # poll(2) is broken for character-special devices (at least). 778 # cf. Apple bug 3710161 (not public, but searchable) 779 AC_DEFINE([BROKEN_POLL], [1], 780 [System poll(2) implementation is broken]) 781 ;; 782*-*-dragonfly*) 783 SSHDLIBS="$SSHDLIBS" 784 TEST_MALLOC_OPTIONS="AFGJPRX" 785 ;; 786*-*-haiku*) 787 LIBS="$LIBS -lbsd " 788 CFLAGS="$CFLAGS -D_BSD_SOURCE" 789 AC_CHECK_LIB([network], [socket]) 790 AC_DEFINE([HAVE_U_INT64_T]) 791 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 792 MANTYPE=man 793 ;; 794*-*-hpux*) 795 # first we define all of the options common to all HP-UX releases 796 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 797 IPADDR_IN_DISPLAY=yes 798 AC_DEFINE([USE_PIPES]) 799 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 801 [String used in /etc/passwd to denote locked account]) 802 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 803 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 804 maildir="/var/mail" 805 LIBS="$LIBS -lsec" 806 AC_CHECK_LIB([xnet], [t_error], , 807 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 808 809 # next, we define all of the options specific to major releases 810 case "$host" in 811 *-*-hpux10*) 812 if test -z "$GCC"; then 813 CFLAGS="$CFLAGS -Ae" 814 fi 815 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 816 ;; 817 *-*-hpux11*) 818 AC_DEFINE([PAM_SUN_CODEBASE], [1], 819 [Define if you are using Solaris-derived PAM which 820 passes pam_messages to the conversation function 821 with an extra level of indirection]) 822 AC_DEFINE([DISABLE_UTMP], [1], 823 [Define if you don't want to use utmp]) 824 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 825 check_for_hpux_broken_getaddrinfo=1 826 check_for_conflicting_getspnam=1 827 ;; 828 esac 829 830 # lastly, we define options specific to minor releases 831 case "$host" in 832 *-*-hpux10.26) 833 AC_DEFINE([HAVE_SECUREWARE], [1], 834 [Define if you have SecureWare-based 835 protected password database]) 836 disable_ptmx_check=yes 837 LIBS="$LIBS -lsecpw" 838 ;; 839 esac 840 ;; 841*-*-irix5*) 842 PATH="$PATH:/usr/etc" 843 AC_DEFINE([BROKEN_INET_NTOA], [1], 844 [Define if you system's inet_ntoa is busted 845 (e.g. Irix gcc issue)]) 846 AC_DEFINE([SETEUID_BREAKS_SETUID]) 847 AC_DEFINE([BROKEN_SETREUID]) 848 AC_DEFINE([BROKEN_SETREGID]) 849 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 850 [Define if you shouldn't strip 'tty' from your 851 ttyname in [uw]tmp]) 852 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 853 ;; 854*-*-irix6*) 855 PATH="$PATH:/usr/etc" 856 AC_DEFINE([WITH_IRIX_ARRAY], [1], 857 [Define if you have/want arrays 858 (cluster-wide session management, not C arrays)]) 859 AC_DEFINE([WITH_IRIX_PROJECT], [1], 860 [Define if you want IRIX project management]) 861 AC_DEFINE([WITH_IRIX_AUDIT], [1], 862 [Define if you want IRIX audit trails]) 863 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 864 [Define if you want IRIX kernel jobs])]) 865 AC_DEFINE([BROKEN_INET_NTOA]) 866 AC_DEFINE([SETEUID_BREAKS_SETUID]) 867 AC_DEFINE([BROKEN_SETREUID]) 868 AC_DEFINE([BROKEN_SETREGID]) 869 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 870 AC_DEFINE([WITH_ABBREV_NO_TTY]) 871 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 872 ;; 873*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 874 AC_DEFINE([PAM_TTY_KLUDGE]) 875 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 876 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 877 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 878 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 879 ;; 880*-*-linux*) 881 no_dev_ptmx=1 882 use_pie=auto 883 check_for_openpty_ctty_bug=1 884 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 885 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 886 dnl _GNU_SOURCE is needed for setres*id prototypes. 887 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 888 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 889 AC_DEFINE([PAM_TTY_KLUDGE], [1], 890 [Work around problematic Linux PAM modules handling of PAM_TTY]) 891 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 892 [String used in /etc/passwd to denote locked account]) 893 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 894 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 895 [Define to whatever link() returns for "not supported" 896 if it doesn't return EOPNOTSUPP.]) 897 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 898 AC_DEFINE([USE_BTMP]) 899 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 900 inet6_default_4in6=yes 901 case `uname -r` in 902 1.*|2.0.*) 903 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 904 [Define if cmsg_type is not passed correctly]) 905 ;; 906 esac 907 # tun(4) forwarding compat code 908 AC_CHECK_HEADERS([linux/if_tun.h]) 909 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 910 AC_DEFINE([SSH_TUN_LINUX], [1], 911 [Open tunnel devices the Linux tun/tap way]) 912 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 913 [Use tunnel device compatibility to OpenBSD]) 914 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 915 [Prepend the address family to IP tunnel traffic]) 916 fi 917 AC_CHECK_HEADER([linux/if.h], 918 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 919 [Support routing domains using Linux VRF]), [], [ 920#ifdef HAVE_SYS_TYPES_H 921# include <sys/types.h> 922#endif 923 ]) 924 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 925 [], [#include <linux/types.h>]) 926 # Obtain MIPS ABI 927 case "$host" in 928 mips*) 929 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 930#if _MIPS_SIM != _ABIO32 931#error 932#endif 933 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 934#if _MIPS_SIM != _ABIN32 935#error 936#endif 937 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 938#if _MIPS_SIM != _ABI64 939#error 940#endif 941 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 942 ]) 943 ]) 944 ]) 945 ;; 946 esac 947 AC_MSG_CHECKING([for seccomp architecture]) 948 seccomp_audit_arch= 949 case "$host" in 950 x86_64-*) 951 seccomp_audit_arch=AUDIT_ARCH_X86_64 952 ;; 953 i*86-*) 954 seccomp_audit_arch=AUDIT_ARCH_I386 955 ;; 956 arm*-*) 957 seccomp_audit_arch=AUDIT_ARCH_ARM 958 ;; 959 aarch64*-*) 960 seccomp_audit_arch=AUDIT_ARCH_AARCH64 961 ;; 962 s390x-*) 963 seccomp_audit_arch=AUDIT_ARCH_S390X 964 ;; 965 s390-*) 966 seccomp_audit_arch=AUDIT_ARCH_S390 967 ;; 968 powerpc-*) 969 seccomp_audit_arch=AUDIT_ARCH_PPC 970 ;; 971 powerpc64-*) 972 seccomp_audit_arch=AUDIT_ARCH_PPC64 973 ;; 974 powerpc64le-*) 975 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 976 ;; 977 mips-*) 978 seccomp_audit_arch=AUDIT_ARCH_MIPS 979 ;; 980 mipsel-*) 981 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 982 ;; 983 mips64-*) 984 case "$mips_abi" in 985 "n32") 986 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 987 ;; 988 "n64") 989 seccomp_audit_arch=AUDIT_ARCH_MIPS64 990 ;; 991 esac 992 ;; 993 mips64el-*) 994 case "$mips_abi" in 995 "n32") 996 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 997 ;; 998 "n64") 999 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1000 ;; 1001 esac 1002 ;; 1003 riscv64-*) 1004 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1005 ;; 1006 esac 1007 if test "x$seccomp_audit_arch" != "x" ; then 1008 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1009 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1010 [Specify the system call convention in use]) 1011 else 1012 AC_MSG_RESULT([architecture not supported]) 1013 fi 1014 ;; 1015*-*-minix) 1016 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1017 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1018 AC_DEFINE([BROKEN_POLL], [1], 1019 [System poll(2) implementation is broken]) 1020 ;; 1021mips-sony-bsd|mips-sony-newsos4) 1022 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1023 SONY=1 1024 ;; 1025*-*-netbsd*) 1026 if test "x$withval" != "xno" ; then 1027 rpath_opt="-R" 1028 fi 1029 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1030 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1031 AC_CHECK_HEADER([net/if_tap.h], , 1032 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1033 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1034 [Prepend the address family to IP tunnel traffic]) 1035 TEST_MALLOC_OPTIONS="AJRX" 1036 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1037 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1038 ;; 1039*-*-freebsd*) 1040 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1041 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1042 AC_CHECK_HEADER([net/if_tap.h], , 1043 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1044 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1045 TEST_MALLOC_OPTIONS="AJRX" 1046 # Preauth crypto occasionally uses file descriptors for crypto offload 1047 # and will crash if they cannot be opened. 1048 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1049 [define if setrlimit RLIMIT_NOFILE breaks things]) 1050 case "$host" in 1051 *-*-freebsd9.*|*-*-freebsd10.*) 1052 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1053 disable_capsicum=yes 1054 esac 1055 ;; 1056*-*-bsdi*) 1057 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1058 AC_DEFINE([BROKEN_SETREUID]) 1059 AC_DEFINE([BROKEN_SETREGID]) 1060 ;; 1061*-next-*) 1062 conf_lastlog_location="/usr/adm/lastlog" 1063 conf_utmp_location=/etc/utmp 1064 conf_wtmp_location=/usr/adm/wtmp 1065 maildir=/usr/spool/mail 1066 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1067 AC_DEFINE([USE_PIPES]) 1068 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1069 ;; 1070*-*-openbsd*) 1071 use_pie=auto 1072 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1073 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1074 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1075 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1076 [syslog_r function is safe to use in in a signal handler]) 1077 TEST_MALLOC_OPTIONS="AFGJPRX" 1078 ;; 1079*-*-solaris*) 1080 if test "x$withval" != "xno" ; then 1081 rpath_opt="-R" 1082 fi 1083 AC_DEFINE([PAM_SUN_CODEBASE]) 1084 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1085 AC_DEFINE([PAM_TTY_KLUDGE]) 1086 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1087 [Define if pam_chauthtok wants real uid set 1088 to the unpriv'ed user]) 1089 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1090 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1091 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1092 [Define if sshd somehow reacquires a controlling TTY 1093 after setsid()]) 1094 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1095 in case the name is longer than 8 chars]) 1096 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1097 external_path_file=/etc/default/login 1098 # hardwire lastlog location (can't detect it on some versions) 1099 conf_lastlog_location="/var/adm/lastlog" 1100 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1101 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1102 if test "$sol2ver" -ge 8; then 1103 AC_MSG_RESULT([yes]) 1104 AC_DEFINE([DISABLE_UTMP]) 1105 AC_DEFINE([DISABLE_WTMP], [1], 1106 [Define if you don't want to use wtmp]) 1107 else 1108 AC_MSG_RESULT([no]) 1109 fi 1110 AC_CHECK_FUNCS([setpflags]) 1111 AC_CHECK_FUNCS([setppriv]) 1112 AC_CHECK_FUNCS([priv_basicset]) 1113 AC_CHECK_HEADERS([priv.h]) 1114 AC_ARG_WITH([solaris-contracts], 1115 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1116 [ 1117 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1118 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1119 [Define if you have Solaris process contracts]) 1120 LIBS="$LIBS -lcontract" 1121 SPC_MSG="yes" ], ) 1122 ], 1123 ) 1124 AC_ARG_WITH([solaris-projects], 1125 [ --with-solaris-projects Enable Solaris projects (experimental)], 1126 [ 1127 AC_CHECK_LIB([project], [setproject], 1128 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1129 [Define if you have Solaris projects]) 1130 LIBS="$LIBS -lproject" 1131 SP_MSG="yes" ], ) 1132 ], 1133 ) 1134 AC_ARG_WITH([solaris-privs], 1135 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1136 [ 1137 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1138 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1139 "x$ac_cv_header_priv_h" = "xyes" ; then 1140 SOLARIS_PRIVS=yes 1141 AC_MSG_RESULT([found]) 1142 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1143 [Define to disable UID restoration test]) 1144 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1145 [Define if you have Solaris privileges]) 1146 SPP_MSG="yes" 1147 else 1148 AC_MSG_RESULT([not found]) 1149 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1150 fi 1151 ], 1152 ) 1153 TEST_SHELL=$SHELL # let configure find us a capable shell 1154 ;; 1155*-*-sunos4*) 1156 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1157 AC_CHECK_FUNCS([getpwanam]) 1158 AC_DEFINE([PAM_SUN_CODEBASE]) 1159 conf_utmp_location=/etc/utmp 1160 conf_wtmp_location=/var/adm/wtmp 1161 conf_lastlog_location=/var/adm/lastlog 1162 AC_DEFINE([USE_PIPES]) 1163 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1164 ;; 1165*-ncr-sysv*) 1166 LIBS="$LIBS -lc89" 1167 AC_DEFINE([USE_PIPES]) 1168 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1169 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1170 AC_DEFINE([BROKEN_SETREUID]) 1171 AC_DEFINE([BROKEN_SETREGID]) 1172 ;; 1173*-sni-sysv*) 1174 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1175 AC_CHECK_LIB([dl], [dlsym], ,) 1176 # -lresolv needs to be at the end of LIBS or DNS lookups break 1177 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1178 IPADDR_IN_DISPLAY=yes 1179 AC_DEFINE([USE_PIPES]) 1180 AC_DEFINE([IP_TOS_IS_BROKEN]) 1181 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1182 AC_DEFINE([BROKEN_SETREUID]) 1183 AC_DEFINE([BROKEN_SETREGID]) 1184 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1185 external_path_file=/etc/default/login 1186 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1187 # Attention: always take care to bind libsocket and libnsl before libc, 1188 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1189 ;; 1190# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1191*-*-sysv4.2*) 1192 AC_DEFINE([USE_PIPES]) 1193 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1194 AC_DEFINE([BROKEN_SETREUID]) 1195 AC_DEFINE([BROKEN_SETREGID]) 1196 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1197 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1198 TEST_SHELL=$SHELL # let configure find us a capable shell 1199 ;; 1200# UnixWare 7.x, OpenUNIX 8 1201*-*-sysv5*) 1202 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1203 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1204 AC_DEFINE([USE_PIPES]) 1205 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1206 AC_DEFINE([BROKEN_GETADDRINFO]) 1207 AC_DEFINE([BROKEN_SETREUID]) 1208 AC_DEFINE([BROKEN_SETREGID]) 1209 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1210 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1211 TEST_SHELL=$SHELL # let configure find us a capable shell 1212 case "$host" in 1213 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1214 maildir=/var/spool/mail 1215 AC_DEFINE([BROKEN_UPDWTMPX]) 1216 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1217 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1218 ], , ) 1219 ;; 1220 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1221 ;; 1222 esac 1223 ;; 1224*-*-sysv*) 1225 ;; 1226# SCO UNIX and OEM versions of SCO UNIX 1227*-*-sco3.2v4*) 1228 AC_MSG_ERROR("This Platform is no longer supported.") 1229 ;; 1230# SCO OpenServer 5.x 1231*-*-sco3.2v5*) 1232 if test -z "$GCC"; then 1233 CFLAGS="$CFLAGS -belf" 1234 fi 1235 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1236 no_dev_ptmx=1 1237 AC_DEFINE([USE_PIPES]) 1238 AC_DEFINE([HAVE_SECUREWARE]) 1239 AC_DEFINE([DISABLE_SHADOW]) 1240 AC_DEFINE([DISABLE_FD_PASSING]) 1241 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1242 AC_DEFINE([BROKEN_GETADDRINFO]) 1243 AC_DEFINE([BROKEN_SETREUID]) 1244 AC_DEFINE([BROKEN_SETREGID]) 1245 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1246 AC_DEFINE([BROKEN_UPDWTMPX]) 1247 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1248 AC_CHECK_FUNCS([getluid setluid]) 1249 MANTYPE=man 1250 TEST_SHELL=$SHELL # let configure find us a capable shell 1251 SKIP_DISABLE_LASTLOG_DEFINE=yes 1252 ;; 1253*-dec-osf*) 1254 AC_MSG_CHECKING([for Digital Unix SIA]) 1255 no_osfsia="" 1256 AC_ARG_WITH([osfsia], 1257 [ --with-osfsia Enable Digital Unix SIA], 1258 [ 1259 if test "x$withval" = "xno" ; then 1260 AC_MSG_RESULT([disabled]) 1261 no_osfsia=1 1262 fi 1263 ], 1264 ) 1265 if test -z "$no_osfsia" ; then 1266 if test -f /etc/sia/matrix.conf; then 1267 AC_MSG_RESULT([yes]) 1268 AC_DEFINE([HAVE_OSF_SIA], [1], 1269 [Define if you have Digital Unix Security 1270 Integration Architecture]) 1271 AC_DEFINE([DISABLE_LOGIN], [1], 1272 [Define if you don't want to use your 1273 system's login() call]) 1274 AC_DEFINE([DISABLE_FD_PASSING]) 1275 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1276 SIA_MSG="yes" 1277 else 1278 AC_MSG_RESULT([no]) 1279 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1280 [String used in /etc/passwd to denote locked account]) 1281 fi 1282 fi 1283 AC_DEFINE([BROKEN_GETADDRINFO]) 1284 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1285 AC_DEFINE([BROKEN_SETREUID]) 1286 AC_DEFINE([BROKEN_SETREGID]) 1287 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1288 ;; 1289 1290*-*-nto-qnx*) 1291 AC_DEFINE([USE_PIPES]) 1292 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1293 AC_DEFINE([DISABLE_LASTLOG]) 1294 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1295 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1296 enable_etc_default_login=no # has incompatible /etc/default/login 1297 case "$host" in 1298 *-*-nto-qnx6*) 1299 AC_DEFINE([DISABLE_FD_PASSING]) 1300 ;; 1301 esac 1302 ;; 1303 1304*-*-ultrix*) 1305 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1306 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1307 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1308 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1309 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1310 # don't get a controlling tty. 1311 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1312 # On Ultrix some headers are not protected against multiple includes, 1313 # so we create wrappers and put it where the compiler will find it. 1314 AC_MSG_WARN([creating compat wrappers for headers]) 1315 mkdir -p netinet 1316 for header in netinet/ip.h netdb.h resolv.h; do 1317 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1318 cat >$header <<EOD 1319#ifndef _SSH_COMPAT_${name} 1320#define _SSH_COMPAT_${name} 1321#include "/usr/include/${header}" 1322#endif 1323EOD 1324 done 1325 ;; 1326 1327*-*-lynxos) 1328 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1329 AC_DEFINE([BROKEN_SETVBUF], [1], 1330 [LynxOS has broken setvbuf() implementation]) 1331 ;; 1332esac 1333 1334AC_MSG_CHECKING([compiler and flags for sanity]) 1335AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1336 [ AC_MSG_RESULT([yes]) ], 1337 [ 1338 AC_MSG_RESULT([no]) 1339 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1340 ], 1341 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1342) 1343 1344dnl Checks for header files. 1345# Checks for libraries. 1346AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1347 1348dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1349AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1350 AC_CHECK_LIB([gen], [dirname], [ 1351 AC_CACHE_CHECK([for broken dirname], 1352 ac_cv_have_broken_dirname, [ 1353 save_LIBS="$LIBS" 1354 LIBS="$LIBS -lgen" 1355 AC_RUN_IFELSE( 1356 [AC_LANG_SOURCE([[ 1357#include <libgen.h> 1358#include <string.h> 1359#include <stdlib.h> 1360 1361int main(int argc, char **argv) { 1362 char *s, buf[32]; 1363 1364 strncpy(buf,"/etc", 32); 1365 s = dirname(buf); 1366 if (!s || strncmp(s, "/", 32) != 0) { 1367 exit(1); 1368 } else { 1369 exit(0); 1370 } 1371} 1372 ]])], 1373 [ ac_cv_have_broken_dirname="no" ], 1374 [ ac_cv_have_broken_dirname="yes" ], 1375 [ ac_cv_have_broken_dirname="no" ], 1376 ) 1377 LIBS="$save_LIBS" 1378 ]) 1379 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1380 LIBS="$LIBS -lgen" 1381 AC_DEFINE([HAVE_DIRNAME]) 1382 AC_CHECK_HEADERS([libgen.h]) 1383 fi 1384 ]) 1385]) 1386 1387AC_CHECK_FUNC([getspnam], , 1388 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1389AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1390 [Define if you have the basename function.])]) 1391 1392dnl zlib defaults to enabled 1393zlib=yes 1394AC_ARG_WITH([zlib], 1395 [ --with-zlib=PATH Use zlib in PATH], 1396 [ if test "x$withval" = "xno" ; then 1397 zlib=no 1398 elif test "x$withval" != "xyes"; then 1399 if test -d "$withval/lib"; then 1400 if test -n "${rpath_opt}"; then 1401 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1402 else 1403 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1404 fi 1405 else 1406 if test -n "${rpath_opt}"; then 1407 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1408 else 1409 LDFLAGS="-L${withval} ${LDFLAGS}" 1410 fi 1411 fi 1412 if test -d "$withval/include"; then 1413 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1414 else 1415 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1416 fi 1417 fi ] 1418) 1419 1420# These libraries are needed for anything that links in the channel code. 1421CHANNELLIBS="" 1422AC_MSG_CHECKING([for zlib]) 1423if test "x${zlib}" = "xno"; then 1424 AC_MSG_RESULT([no]) 1425else 1426 saved_LIBS="$LIBS" 1427 CHANNELLIBS="$CHANNELLIBS -lz" 1428 AC_MSG_RESULT([yes]) 1429 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1430 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1431 AC_CHECK_LIB([z], [deflate], [], 1432 [ 1433 saved_CPPFLAGS="$CPPFLAGS" 1434 saved_LDFLAGS="$LDFLAGS" 1435 dnl Check default zlib install dir 1436 if test -n "${rpath_opt}"; then 1437 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1438 else 1439 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1440 fi 1441 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1442 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1443 [ 1444 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1445 ] 1446 ) 1447 ] 1448 ) 1449 1450 AC_ARG_WITH([zlib-version-check], 1451 [ --without-zlib-version-check Disable zlib version check], 1452 [ if test "x$withval" = "xno" ; then 1453 zlib_check_nonfatal=1 1454 fi 1455 ] 1456 ) 1457 1458 AC_MSG_CHECKING([for possibly buggy zlib]) 1459 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1460#include <stdio.h> 1461#include <stdlib.h> 1462#include <zlib.h> 1463 ]], 1464 [[ 1465 int a=0, b=0, c=0, d=0, n, v; 1466 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1467 if (n != 3 && n != 4) 1468 exit(1); 1469 v = a*1000000 + b*10000 + c*100 + d; 1470 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1471 1472 /* 1.1.4 is OK */ 1473 if (a == 1 && b == 1 && c >= 4) 1474 exit(0); 1475 1476 /* 1.2.3 and up are OK */ 1477 if (v >= 1020300) 1478 exit(0); 1479 1480 exit(2); 1481 ]])], 1482 AC_MSG_RESULT([no]), 1483 [ AC_MSG_RESULT([yes]) 1484 if test -z "$zlib_check_nonfatal" ; then 1485 AC_MSG_ERROR([*** zlib too old - check config.log *** 1486Your reported zlib version has known security problems. It's possible your 1487vendor has fixed these problems without changing the version number. If you 1488are sure this is the case, you can disable the check by running 1489"./configure --without-zlib-version-check". 1490If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1491See http://www.gzip.org/zlib/ for details.]) 1492 else 1493 AC_MSG_WARN([zlib version may have security problems]) 1494 fi 1495 ], 1496 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1497 ) 1498 LIBS="$saved_LIBS" 1499fi 1500 1501dnl UnixWare 2.x 1502AC_CHECK_FUNC([strcasecmp], 1503 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1504) 1505AC_CHECK_FUNCS([utimes], 1506 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1507 LIBS="$LIBS -lc89"]) ] 1508) 1509 1510dnl Checks for libutil functions 1511AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1512AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1513AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1514AC_SEARCH_LIBS([login], [util bsd]) 1515AC_SEARCH_LIBS([logout], [util bsd]) 1516AC_SEARCH_LIBS([logwtmp], [util bsd]) 1517AC_SEARCH_LIBS([openpty], [util bsd]) 1518AC_SEARCH_LIBS([updwtmp], [util bsd]) 1519AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1520 1521# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1522# or libnsl. 1523AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1524AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1525 1526# Some Linux distribtions ship the BSD libc hashing functions in 1527# separate libraries. 1528AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1529 1530# "Particular Function Checks" 1531# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1532AC_FUNC_STRFTIME 1533AC_FUNC_MALLOC 1534AC_FUNC_REALLOC 1535# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1536AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1537AC_RUN_IFELSE( 1538 [AC_LANG_PROGRAM( 1539 [[ #include <stdlib.h> ]], 1540 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1541 )], 1542 [ func_calloc_0_nonnull=yes ], 1543 [ func_calloc_0_nonnull=no ], 1544 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1545 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1546) 1547AC_MSG_RESULT([$func_calloc_0_nonnull]) 1548 1549if test "x$func_calloc_0_nonnull" = "xyes"; then 1550 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1551else 1552 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1553 AC_DEFINE(calloc, rpl_calloc, 1554 [Define to rpl_calloc if the replacement function should be used.]) 1555fi 1556 1557# Check for ALTDIRFUNC glob() extension 1558AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1559AC_EGREP_CPP([FOUNDIT], 1560 [ 1561 #include <glob.h> 1562 #ifdef GLOB_ALTDIRFUNC 1563 FOUNDIT 1564 #endif 1565 ], 1566 [ 1567 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1568 [Define if your system glob() function has 1569 the GLOB_ALTDIRFUNC extension]) 1570 AC_MSG_RESULT([yes]) 1571 ], 1572 [ 1573 AC_MSG_RESULT([no]) 1574 ] 1575) 1576 1577# Check for g.gl_matchc glob() extension 1578AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1579AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1580 [[ glob_t g; g.gl_matchc = 1; ]])], 1581 [ 1582 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1583 [Define if your system glob() function has 1584 gl_matchc options in glob_t]) 1585 AC_MSG_RESULT([yes]) 1586 ], [ 1587 AC_MSG_RESULT([no]) 1588]) 1589 1590# Check for g.gl_statv glob() extension 1591AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1592AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1593#ifndef GLOB_KEEPSTAT 1594#error "glob does not support GLOB_KEEPSTAT extension" 1595#endif 1596glob_t g; 1597g.gl_statv = NULL; 1598]])], 1599 [ 1600 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1601 [Define if your system glob() function has 1602 gl_statv options in glob_t]) 1603 AC_MSG_RESULT([yes]) 1604 ], [ 1605 AC_MSG_RESULT([no]) 1606 1607]) 1608 1609AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1610 1611AC_CHECK_DECL([VIS_ALL], , 1612 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1613 1614AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1615AC_RUN_IFELSE( 1616 [AC_LANG_PROGRAM([[ 1617#include <sys/types.h> 1618#include <dirent.h> 1619#include <stdlib.h> 1620 ]], 1621 [[ 1622 struct dirent d; 1623 exit(sizeof(d.d_name)<=sizeof(char)); 1624 ]])], 1625 [AC_MSG_RESULT([yes])], 1626 [ 1627 AC_MSG_RESULT([no]) 1628 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1629 [Define if your struct dirent expects you to 1630 allocate extra space for d_name]) 1631 ], 1632 [ 1633 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1634 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1635 ] 1636) 1637 1638AC_MSG_CHECKING([for /proc/pid/fd directory]) 1639if test -d "/proc/$$/fd" ; then 1640 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1641 AC_MSG_RESULT([yes]) 1642else 1643 AC_MSG_RESULT([no]) 1644fi 1645 1646# Check whether user wants TCP wrappers support 1647TCPW_MSG="no" 1648AC_ARG_WITH([tcp-wrappers], 1649 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1650 [ 1651 if test "x$withval" != "xno" ; then 1652 saved_LIBS="$LIBS" 1653 saved_LDFLAGS="$LDFLAGS" 1654 saved_CPPFLAGS="$CPPFLAGS" 1655 if test -n "${withval}" && \ 1656 test "x${withval}" != "xyes"; then 1657 if test -d "${withval}/lib"; then 1658 if test -n "${need_dash_r}"; then 1659 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1660 else 1661 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1662 fi 1663 else 1664 if test -n "${need_dash_r}"; then 1665 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1666 else 1667 LDFLAGS="-L${withval} ${LDFLAGS}" 1668 fi 1669 fi 1670 if test -d "${withval}/include"; then 1671 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1672 else 1673 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1674 fi 1675 fi 1676 LIBS="-lwrap $LIBS" 1677 AC_MSG_CHECKING([for libwrap]) 1678 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1679#include <sys/types.h> 1680#include <sys/socket.h> 1681#include <netinet/in.h> 1682#include <tcpd.h> 1683int deny_severity = 0, allow_severity = 0; 1684 ]], [[ 1685 hosts_access(0); 1686 ]])], [ 1687 AC_MSG_RESULT([yes]) 1688 AC_DEFINE([LIBWRAP], [1], 1689 [Define if you want 1690 TCP Wrappers support]) 1691 SSHDLIBS="$SSHDLIBS -lwrap" 1692 TCPW_MSG="yes" 1693 ], [ 1694 AC_MSG_ERROR([*** libwrap missing]) 1695 ]) 1696 LIBS="$saved_LIBS" 1697 fi 1698 ] 1699) 1700 1701# Check whether user wants to use ldns 1702LDNS_MSG="no" 1703AC_ARG_WITH(ldns, 1704 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1705 [ 1706 ldns="" 1707 if test "x$withval" = "xyes" ; then 1708 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1709 if test "x$LDNSCONFIG" = "xno"; then 1710 LIBS="-lldns $LIBS" 1711 ldns=yes 1712 else 1713 LIBS="$LIBS `$LDNSCONFIG --libs`" 1714 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1715 ldns=yes 1716 fi 1717 elif test "x$withval" != "xno" ; then 1718 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1719 LDFLAGS="$LDFLAGS -L${withval}/lib" 1720 LIBS="-lldns $LIBS" 1721 ldns=yes 1722 fi 1723 1724 # Verify that it works. 1725 if test "x$ldns" = "xyes" ; then 1726 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1727 LDNS_MSG="yes" 1728 AC_MSG_CHECKING([for ldns support]) 1729 AC_LINK_IFELSE( 1730 [AC_LANG_SOURCE([[ 1731#include <stdio.h> 1732#include <stdlib.h> 1733#ifdef HAVE_STDINT_H 1734# include <stdint.h> 1735#endif 1736#include <ldns/ldns.h> 1737int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1738 ]]) 1739 ], 1740 [AC_MSG_RESULT(yes)], 1741 [ 1742 AC_MSG_RESULT(no) 1743 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1744 ]) 1745 fi 1746]) 1747 1748# Check whether user wants libedit support 1749LIBEDIT_MSG="no" 1750AC_ARG_WITH([libedit], 1751 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1752 [ if test "x$withval" != "xno" ; then 1753 if test "x$withval" = "xyes" ; then 1754 if test "x$PKGCONFIG" != "xno"; then 1755 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1756 if "$PKGCONFIG" libedit; then 1757 AC_MSG_RESULT([yes]) 1758 use_pkgconfig_for_libedit=yes 1759 else 1760 AC_MSG_RESULT([no]) 1761 fi 1762 fi 1763 else 1764 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1765 if test -n "${rpath_opt}"; then 1766 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1767 else 1768 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1769 fi 1770 fi 1771 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1772 LIBEDIT=`$PKGCONFIG --libs libedit` 1773 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1774 else 1775 LIBEDIT="-ledit -lcurses" 1776 fi 1777 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1778 AC_CHECK_LIB([edit], [el_init], 1779 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1780 LIBEDIT_MSG="yes" 1781 AC_SUBST([LIBEDIT]) 1782 ], 1783 [ AC_MSG_ERROR([libedit not found]) ], 1784 [ $OTHERLIBS ] 1785 ) 1786 AC_MSG_CHECKING([if libedit version is compatible]) 1787 AC_COMPILE_IFELSE( 1788 [AC_LANG_PROGRAM([[ 1789#include <histedit.h> 1790#include <stdlib.h> 1791 ]], 1792 [[ 1793 int i = H_SETSIZE; 1794 el_init("", NULL, NULL, NULL); 1795 exit(0); 1796 ]])], 1797 [ AC_MSG_RESULT([yes]) ], 1798 [ AC_MSG_RESULT([no]) 1799 AC_MSG_ERROR([libedit version is not compatible]) ] 1800 ) 1801 fi ] 1802) 1803 1804AUDIT_MODULE=none 1805AC_ARG_WITH([audit], 1806 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1807 [ 1808 AC_MSG_CHECKING([for supported audit module]) 1809 case "$withval" in 1810 bsm) 1811 AC_MSG_RESULT([bsm]) 1812 AUDIT_MODULE=bsm 1813 dnl Checks for headers, libs and functions 1814 AC_CHECK_HEADERS([bsm/audit.h], [], 1815 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1816 [ 1817#ifdef HAVE_TIME_H 1818# include <time.h> 1819#endif 1820 ] 1821) 1822 AC_CHECK_LIB([bsm], [getaudit], [], 1823 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1824 AC_CHECK_FUNCS([getaudit], [], 1825 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1826 # These are optional 1827 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1828 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1829 if test "$sol2ver" -ge 11; then 1830 SSHDLIBS="$SSHDLIBS -lscf" 1831 AC_DEFINE([BROKEN_BSM_API], [1], 1832 [The system has incomplete BSM API]) 1833 fi 1834 ;; 1835 linux) 1836 AC_MSG_RESULT([linux]) 1837 AUDIT_MODULE=linux 1838 dnl Checks for headers, libs and functions 1839 AC_CHECK_HEADERS([libaudit.h]) 1840 SSHDLIBS="$SSHDLIBS -laudit" 1841 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1842 ;; 1843 debug) 1844 AUDIT_MODULE=debug 1845 AC_MSG_RESULT([debug]) 1846 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1847 ;; 1848 no) 1849 AC_MSG_RESULT([no]) 1850 ;; 1851 *) 1852 AC_MSG_ERROR([Unknown audit module $withval]) 1853 ;; 1854 esac ] 1855) 1856 1857AC_ARG_WITH([pie], 1858 [ --with-pie Build Position Independent Executables if possible], [ 1859 if test "x$withval" = "xno"; then 1860 use_pie=no 1861 fi 1862 if test "x$withval" = "xyes"; then 1863 use_pie=yes 1864 fi 1865 ] 1866) 1867if test "x$use_pie" = "x"; then 1868 use_pie=no 1869fi 1870if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1871 # Turn off automatic PIE when toolchain hardening is off. 1872 use_pie=no 1873fi 1874if test "x$use_pie" = "xauto"; then 1875 # Automatic PIE requires gcc >= 4.x 1876 AC_MSG_CHECKING([for gcc >= 4.x]) 1877 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1878#if !defined(__GNUC__) || __GNUC__ < 4 1879#error gcc is too old 1880#endif 1881]])], 1882 [ AC_MSG_RESULT([yes]) ], 1883 [ AC_MSG_RESULT([no]) 1884 use_pie=no ] 1885) 1886fi 1887if test "x$use_pie" != "xno"; then 1888 SAVED_CFLAGS="$CFLAGS" 1889 SAVED_LDFLAGS="$LDFLAGS" 1890 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1891 OSSH_CHECK_LDFLAG_LINK([-pie]) 1892 # We use both -fPIE and -pie or neither. 1893 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1894 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1895 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1896 AC_MSG_RESULT([yes]) 1897 else 1898 AC_MSG_RESULT([no]) 1899 CFLAGS="$SAVED_CFLAGS" 1900 LDFLAGS="$SAVED_LDFLAGS" 1901 fi 1902fi 1903 1904AC_MSG_CHECKING([whether -fPIC is accepted]) 1905SAVED_CFLAGS="$CFLAGS" 1906CFLAGS="$CFLAGS -fPIC" 1907AC_COMPILE_IFELSE( 1908 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1909 [AC_MSG_RESULT([yes]) 1910 PICFLAG="-fPIC"; ], 1911 [AC_MSG_RESULT([no]) 1912 PICFLAG=""; ]) 1913CFLAGS="$SAVED_CFLAGS" 1914AC_SUBST([PICFLAG]) 1915 1916dnl Checks for library functions. Please keep in alphabetical order 1917AC_CHECK_FUNCS([ \ 1918 auth_hostok \ 1919 auth_timeok \ 1920 Blowfish_initstate \ 1921 Blowfish_expandstate \ 1922 Blowfish_expand0state \ 1923 Blowfish_stream2word \ 1924 SHA256Update \ 1925 SHA384Update \ 1926 SHA512Update \ 1927 asprintf \ 1928 b64_ntop \ 1929 __b64_ntop \ 1930 b64_pton \ 1931 __b64_pton \ 1932 bcopy \ 1933 bcrypt_pbkdf \ 1934 bindresvport_sa \ 1935 blf_enc \ 1936 bzero \ 1937 cap_rights_limit \ 1938 clock \ 1939 closefrom \ 1940 close_range \ 1941 dirfd \ 1942 endgrent \ 1943 err \ 1944 errx \ 1945 explicit_bzero \ 1946 explicit_memset \ 1947 fchmod \ 1948 fchmodat \ 1949 fchown \ 1950 fchownat \ 1951 flock \ 1952 fnmatch \ 1953 freeaddrinfo \ 1954 freezero \ 1955 fstatfs \ 1956 fstatvfs \ 1957 futimes \ 1958 getaddrinfo \ 1959 getcwd \ 1960 getentropy \ 1961 getgrouplist \ 1962 getline \ 1963 getnameinfo \ 1964 getopt \ 1965 getpagesize \ 1966 getpeereid \ 1967 getpeerucred \ 1968 getpgid \ 1969 _getpty \ 1970 getrlimit \ 1971 getrandom \ 1972 getsid \ 1973 getttyent \ 1974 glob \ 1975 group_from_gid \ 1976 inet_aton \ 1977 inet_ntoa \ 1978 inet_ntop \ 1979 innetgr \ 1980 killpg \ 1981 llabs \ 1982 localtime_r \ 1983 login_getcapbool \ 1984 login_getpwclass \ 1985 memmem \ 1986 memmove \ 1987 memset_s \ 1988 mkdtemp \ 1989 ngetaddrinfo \ 1990 nsleep \ 1991 ogetaddrinfo \ 1992 openlog_r \ 1993 pledge \ 1994 poll \ 1995 ppoll \ 1996 prctl \ 1997 procctl \ 1998 pselect \ 1999 pstat \ 2000 raise \ 2001 readpassphrase \ 2002 reallocarray \ 2003 realpath \ 2004 recvmsg \ 2005 recallocarray \ 2006 rresvport_af \ 2007 sendmsg \ 2008 setdtablesize \ 2009 setegid \ 2010 setenv \ 2011 seteuid \ 2012 setgroupent \ 2013 setgroups \ 2014 setlinebuf \ 2015 setlogin \ 2016 setpassent\ 2017 setpcred \ 2018 setproctitle \ 2019 setregid \ 2020 setreuid \ 2021 setrlimit \ 2022 setsid \ 2023 setvbuf \ 2024 sigaction \ 2025 sigvec \ 2026 snprintf \ 2027 socketpair \ 2028 statfs \ 2029 statvfs \ 2030 strcasestr \ 2031 strdup \ 2032 strerror \ 2033 strlcat \ 2034 strlcpy \ 2035 strmode \ 2036 strndup \ 2037 strnlen \ 2038 strnvis \ 2039 strptime \ 2040 strsignal \ 2041 strtonum \ 2042 strtoll \ 2043 strtoul \ 2044 strtoull \ 2045 swap32 \ 2046 sysconf \ 2047 tcgetpgrp \ 2048 timegm \ 2049 timingsafe_bcmp \ 2050 truncate \ 2051 unsetenv \ 2052 updwtmpx \ 2053 utimensat \ 2054 user_from_uid \ 2055 usleep \ 2056 vasprintf \ 2057 vsnprintf \ 2058 waitpid \ 2059 warn \ 2060]) 2061 2062AC_CHECK_DECLS([bzero, memmem]) 2063 2064dnl Wide character support. 2065AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2066 2067TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2068AC_MSG_CHECKING([for utf8 locale support]) 2069AC_RUN_IFELSE( 2070 [AC_LANG_PROGRAM([[ 2071#include <locale.h> 2072#include <stdlib.h> 2073 ]], [[ 2074 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2075 if (loc != NULL) 2076 exit(0); 2077 exit(1); 2078 ]])], 2079 AC_MSG_RESULT(yes), 2080 [AC_MSG_RESULT(no) 2081 TEST_SSH_UTF8=no], 2082 AC_MSG_WARN([cross compiling: assuming yes]) 2083) 2084 2085AC_LINK_IFELSE( 2086 [AC_LANG_PROGRAM( 2087 [[ #include <ctype.h> ]], 2088 [[ return (isblank('a')); ]])], 2089 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2090]) 2091 2092disable_pkcs11= 2093AC_ARG_ENABLE([pkcs11], 2094 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2095 [ 2096 if test "x$enableval" = "xno" ; then 2097 disable_pkcs11=1 2098 fi 2099 ] 2100) 2101 2102disable_sk= 2103AC_ARG_ENABLE([security-key], 2104 [ --disable-security-key disable U2F/FIDO support code [no]], 2105 [ 2106 if test "x$enableval" = "xno" ; then 2107 disable_sk=1 2108 fi 2109 ] 2110) 2111enable_sk_internal= 2112AC_ARG_WITH([security-key-builtin], 2113 [ --with-security-key-builtin include builtin U2F/FIDO support], 2114 [ enable_sk_internal=$withval ] 2115) 2116 2117AC_SEARCH_LIBS([dlopen], [dl]) 2118AC_CHECK_FUNCS([dlopen]) 2119AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2120 2121# IRIX has a const char return value for gai_strerror() 2122AC_CHECK_FUNCS([gai_strerror], [ 2123 AC_DEFINE([HAVE_GAI_STRERROR]) 2124 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2125#include <sys/types.h> 2126#include <sys/socket.h> 2127#include <netdb.h> 2128 2129const char *gai_strerror(int); 2130 ]], [[ 2131 char *str; 2132 str = gai_strerror(0); 2133 ]])], [ 2134 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2135 [Define if gai_strerror() returns const char *])], [])]) 2136 2137AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2138 [Some systems put nanosleep outside of libc])]) 2139 2140AC_SEARCH_LIBS([clock_gettime], [rt], 2141 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2142 2143dnl check if we need -D_REENTRANT for localtime_r declaration. 2144AC_CHECK_DECL([localtime_r], [], 2145 [ saved_CPPFLAGS="$CPPFLAGS" 2146 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2147 unset ac_cv_have_decl_localtime_r 2148 AC_CHECK_DECL([localtime_r], [], 2149 [ CPPFLAGS="$saved_CPPFLAGS" ], 2150 [ #include <time.h> ] 2151 ) 2152 ], 2153 [ #include <time.h> ] 2154) 2155 2156dnl Make sure prototypes are defined for these before using them. 2157AC_CHECK_DECL([strsep], 2158 [AC_CHECK_FUNCS([strsep])], 2159 [], 2160 [ 2161#ifdef HAVE_STRING_H 2162# include <string.h> 2163#endif 2164 ]) 2165 2166dnl tcsendbreak might be a macro 2167AC_CHECK_DECL([tcsendbreak], 2168 [AC_DEFINE([HAVE_TCSENDBREAK])], 2169 [AC_CHECK_FUNCS([tcsendbreak])], 2170 [#include <termios.h>] 2171) 2172 2173AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2174 2175AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2176 [ 2177#include <sys/types.h> 2178#include <sys/socket.h> 2179#include <unistd.h> 2180 ]) 2181 2182AC_CHECK_DECLS([O_NONBLOCK], , , 2183 [ 2184#include <sys/types.h> 2185#ifdef HAVE_SYS_STAT_H 2186# include <sys/stat.h> 2187#endif 2188#ifdef HAVE_FCNTL_H 2189# include <fcntl.h> 2190#endif 2191 ]) 2192 2193AC_CHECK_DECLS([ftruncate, getentropy], , , 2194 [ 2195#include <sys/types.h> 2196#include <unistd.h> 2197 ]) 2198 2199AC_CHECK_DECLS([readv, writev], , , [ 2200#include <sys/types.h> 2201#include <sys/uio.h> 2202#include <unistd.h> 2203 ]) 2204 2205AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2206#include <sys/param.h> 2207 ]) 2208 2209AC_CHECK_DECLS([offsetof], , , [ 2210#include <stddef.h> 2211 ]) 2212 2213# extra bits for select(2) 2214AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2215#include <sys/param.h> 2216#include <sys/types.h> 2217#ifdef HAVE_SYS_SYSMACROS_H 2218#include <sys/sysmacros.h> 2219#endif 2220#ifdef HAVE_SYS_SELECT_H 2221#include <sys/select.h> 2222#endif 2223#ifdef HAVE_SYS_TIME_H 2224#include <sys/time.h> 2225#endif 2226#ifdef HAVE_UNISTD_H 2227#include <unistd.h> 2228#endif 2229 ]]) 2230AC_CHECK_TYPES([fd_mask], [], [], [[ 2231#include <sys/param.h> 2232#include <sys/types.h> 2233#ifdef HAVE_SYS_SELECT_H 2234#include <sys/select.h> 2235#endif 2236#ifdef HAVE_SYS_TIME_H 2237#include <sys/time.h> 2238#endif 2239#ifdef HAVE_UNISTD_H 2240#include <unistd.h> 2241#endif 2242 ]]) 2243 2244AC_CHECK_FUNCS([setresuid], [ 2245 dnl Some platorms have setresuid that isn't implemented, test for this 2246 AC_MSG_CHECKING([if setresuid seems to work]) 2247 AC_RUN_IFELSE( 2248 [AC_LANG_PROGRAM([[ 2249#include <errno.h> 2250#include <stdlib.h> 2251#include <unistd.h> 2252 ]], [[ 2253 errno=0; 2254 setresuid(0,0,0); 2255 if (errno==ENOSYS) 2256 exit(1); 2257 else 2258 exit(0); 2259 ]])], 2260 [AC_MSG_RESULT([yes])], 2261 [AC_DEFINE([BROKEN_SETRESUID], [1], 2262 [Define if your setresuid() is broken]) 2263 AC_MSG_RESULT([not implemented])], 2264 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2265 ) 2266]) 2267 2268AC_CHECK_FUNCS([setresgid], [ 2269 dnl Some platorms have setresgid that isn't implemented, test for this 2270 AC_MSG_CHECKING([if setresgid seems to work]) 2271 AC_RUN_IFELSE( 2272 [AC_LANG_PROGRAM([[ 2273#include <errno.h> 2274#include <stdlib.h> 2275#include <unistd.h> 2276 ]], [[ 2277 errno=0; 2278 setresgid(0,0,0); 2279 if (errno==ENOSYS) 2280 exit(1); 2281 else 2282 exit(0); 2283 ]])], 2284 [AC_MSG_RESULT([yes])], 2285 [AC_DEFINE([BROKEN_SETRESGID], [1], 2286 [Define if your setresgid() is broken]) 2287 AC_MSG_RESULT([not implemented])], 2288 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2289 ) 2290]) 2291 2292AC_MSG_CHECKING([for working fflush(NULL)]) 2293AC_RUN_IFELSE( 2294 [AC_LANG_PROGRAM([[ 2295#include <stdio.h> 2296#include <stdlib.h> 2297 ]], 2298 [[fflush(NULL); exit(0);]])], 2299 AC_MSG_RESULT([yes]), 2300 [AC_MSG_RESULT([no]) 2301 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2302 [define if fflush(NULL) does not work])], 2303 AC_MSG_WARN([cross compiling: assuming working]) 2304) 2305 2306dnl Checks for time functions 2307AC_CHECK_FUNCS([gettimeofday time]) 2308dnl Checks for utmp functions 2309AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2310AC_CHECK_FUNCS([utmpname]) 2311dnl Checks for utmpx functions 2312AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2313AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2314dnl Checks for lastlog functions 2315AC_CHECK_FUNCS([getlastlogxbyname]) 2316 2317AC_CHECK_FUNC([daemon], 2318 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2319 [AC_CHECK_LIB([bsd], [daemon], 2320 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2321) 2322 2323AC_CHECK_FUNC([getpagesize], 2324 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2325 [Define if your libraries define getpagesize()])], 2326 [AC_CHECK_LIB([ucb], [getpagesize], 2327 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2328) 2329 2330# Check for broken snprintf 2331if test "x$ac_cv_func_snprintf" = "xyes" ; then 2332 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2333 AC_RUN_IFELSE( 2334 [AC_LANG_PROGRAM([[ 2335#include <stdio.h> 2336#include <stdlib.h> 2337 ]], 2338 [[ 2339 char b[5]; 2340 snprintf(b,5,"123456789"); 2341 exit(b[4]!='\0'); 2342 ]])], 2343 [AC_MSG_RESULT([yes])], 2344 [ 2345 AC_MSG_RESULT([no]) 2346 AC_DEFINE([BROKEN_SNPRINTF], [1], 2347 [Define if your snprintf is busted]) 2348 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2349 ], 2350 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2351 ) 2352fi 2353 2354if test "x$ac_cv_func_snprintf" = "xyes" ; then 2355 AC_MSG_CHECKING([whether snprintf understands %zu]) 2356 AC_RUN_IFELSE( 2357 [AC_LANG_PROGRAM([[ 2358#include <sys/types.h> 2359#include <stdio.h> 2360#include <stdlib.h> 2361#include <string.h> 2362 ]], 2363 [[ 2364 size_t a = 1, b = 2; 2365 char z[128]; 2366 snprintf(z, sizeof z, "%zu%zu", a, b); 2367 exit(strcmp(z, "12")); 2368 ]])], 2369 [AC_MSG_RESULT([yes])], 2370 [ 2371 AC_MSG_RESULT([no]) 2372 AC_DEFINE([BROKEN_SNPRINTF], [1], 2373 [snprintf does not understand %zu]) 2374 ], 2375 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2376 ) 2377fi 2378 2379# We depend on vsnprintf returning the right thing on overflow: the 2380# number of characters it tried to create (as per SUSv3) 2381if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2382 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2383 AC_RUN_IFELSE( 2384 [AC_LANG_PROGRAM([[ 2385#include <sys/types.h> 2386#include <stdio.h> 2387#include <stdarg.h> 2388 2389int x_snprintf(char *str, size_t count, const char *fmt, ...) 2390{ 2391 size_t ret; 2392 va_list ap; 2393 2394 va_start(ap, fmt); 2395 ret = vsnprintf(str, count, fmt, ap); 2396 va_end(ap); 2397 return ret; 2398} 2399 ]], [[ 2400char x[1]; 2401if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2402 return 1; 2403if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2404 return 1; 2405return 0; 2406 ]])], 2407 [AC_MSG_RESULT([yes])], 2408 [ 2409 AC_MSG_RESULT([no]) 2410 AC_DEFINE([BROKEN_SNPRINTF], [1], 2411 [Define if your snprintf is busted]) 2412 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2413 ], 2414 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2415 ) 2416fi 2417 2418# On systems where [v]snprintf is broken, but is declared in stdio, 2419# check that the fmt argument is const char * or just char *. 2420# This is only useful for when BROKEN_SNPRINTF 2421AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2422AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2423#include <stdio.h> 2424int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2425 ]], [[ 2426 snprintf(0, 0, 0); 2427 ]])], 2428 [AC_MSG_RESULT([yes]) 2429 AC_DEFINE([SNPRINTF_CONST], [const], 2430 [Define as const if snprintf() can declare const char *fmt])], 2431 [AC_MSG_RESULT([no]) 2432 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2433 2434# Check for missing getpeereid (or equiv) support 2435NO_PEERCHECK="" 2436if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2437 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2438 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2439#include <sys/types.h> 2440#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2441 [ AC_MSG_RESULT([yes]) 2442 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2443 ], [AC_MSG_RESULT([no]) 2444 NO_PEERCHECK=1 2445 ]) 2446fi 2447 2448dnl make sure that openpty does not reacquire controlling terminal 2449if test ! -z "$check_for_openpty_ctty_bug"; then 2450 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2451 AC_RUN_IFELSE( 2452 [AC_LANG_PROGRAM([[ 2453#include <stdio.h> 2454#include <stdlib.h> 2455#include <unistd.h> 2456#ifdef HAVE_PTY_H 2457# include <pty.h> 2458#endif 2459#include <sys/fcntl.h> 2460#include <sys/types.h> 2461#include <sys/wait.h> 2462 ]], [[ 2463 pid_t pid; 2464 int fd, ptyfd, ttyfd, status; 2465 2466 pid = fork(); 2467 if (pid < 0) { /* failed */ 2468 exit(1); 2469 } else if (pid > 0) { /* parent */ 2470 waitpid(pid, &status, 0); 2471 if (WIFEXITED(status)) 2472 exit(WEXITSTATUS(status)); 2473 else 2474 exit(2); 2475 } else { /* child */ 2476 close(0); close(1); close(2); 2477 setsid(); 2478 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2479 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2480 if (fd >= 0) 2481 exit(3); /* Acquired ctty: broken */ 2482 else 2483 exit(0); /* Did not acquire ctty: OK */ 2484 } 2485 ]])], 2486 [ 2487 AC_MSG_RESULT([yes]) 2488 ], 2489 [ 2490 AC_MSG_RESULT([no]) 2491 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2492 ], 2493 [ 2494 AC_MSG_RESULT([cross-compiling, assuming yes]) 2495 ] 2496 ) 2497fi 2498 2499if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2500 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2501 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2502 AC_RUN_IFELSE( 2503 [AC_LANG_PROGRAM([[ 2504#include <stdio.h> 2505#include <stdlib.h> 2506#include <sys/socket.h> 2507#include <netdb.h> 2508#include <errno.h> 2509#include <netinet/in.h> 2510 2511#define TEST_PORT "2222" 2512 ]], [[ 2513 int err, sock; 2514 struct addrinfo *gai_ai, *ai, hints; 2515 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2516 2517 memset(&hints, 0, sizeof(hints)); 2518 hints.ai_family = PF_UNSPEC; 2519 hints.ai_socktype = SOCK_STREAM; 2520 hints.ai_flags = AI_PASSIVE; 2521 2522 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2523 if (err != 0) { 2524 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2525 exit(1); 2526 } 2527 2528 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2529 if (ai->ai_family != AF_INET6) 2530 continue; 2531 2532 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2533 sizeof(ntop), strport, sizeof(strport), 2534 NI_NUMERICHOST|NI_NUMERICSERV); 2535 2536 if (err != 0) { 2537 if (err == EAI_SYSTEM) 2538 perror("getnameinfo EAI_SYSTEM"); 2539 else 2540 fprintf(stderr, "getnameinfo failed: %s\n", 2541 gai_strerror(err)); 2542 exit(2); 2543 } 2544 2545 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2546 if (sock < 0) 2547 perror("socket"); 2548 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2549 if (errno == EBADF) 2550 exit(3); 2551 } 2552 } 2553 exit(0); 2554 ]])], 2555 [ 2556 AC_MSG_RESULT([yes]) 2557 ], 2558 [ 2559 AC_MSG_RESULT([no]) 2560 AC_DEFINE([BROKEN_GETADDRINFO]) 2561 ], 2562 [ 2563 AC_MSG_RESULT([cross-compiling, assuming yes]) 2564 ] 2565 ) 2566fi 2567 2568if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2569 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2570 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2571 AC_RUN_IFELSE( 2572 [AC_LANG_PROGRAM([[ 2573#include <stdio.h> 2574#include <stdlib.h> 2575#include <sys/socket.h> 2576#include <netdb.h> 2577#include <errno.h> 2578#include <netinet/in.h> 2579 2580#define TEST_PORT "2222" 2581 ]], [[ 2582 int err, sock; 2583 struct addrinfo *gai_ai, *ai, hints; 2584 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2585 2586 memset(&hints, 0, sizeof(hints)); 2587 hints.ai_family = PF_UNSPEC; 2588 hints.ai_socktype = SOCK_STREAM; 2589 hints.ai_flags = AI_PASSIVE; 2590 2591 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2592 if (err != 0) { 2593 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2594 exit(1); 2595 } 2596 2597 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2598 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2599 continue; 2600 2601 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2602 sizeof(ntop), strport, sizeof(strport), 2603 NI_NUMERICHOST|NI_NUMERICSERV); 2604 2605 if (ai->ai_family == AF_INET && err != 0) { 2606 perror("getnameinfo"); 2607 exit(2); 2608 } 2609 } 2610 exit(0); 2611 ]])], 2612 [ 2613 AC_MSG_RESULT([yes]) 2614 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2615 [Define if you have a getaddrinfo that fails 2616 for the all-zeros IPv6 address]) 2617 ], 2618 [ 2619 AC_MSG_RESULT([no]) 2620 AC_DEFINE([BROKEN_GETADDRINFO]) 2621 ], 2622 [ 2623 AC_MSG_RESULT([cross-compiling, assuming no]) 2624 ] 2625 ) 2626fi 2627 2628if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2629 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2630 [#include <sys/types.h> 2631 #include <sys/socket.h> 2632 #include <netdb.h>]) 2633fi 2634 2635if test "x$check_for_conflicting_getspnam" = "x1"; then 2636 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2637 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2638#include <shadow.h> 2639#include <stdlib.h> 2640 ]], 2641 [[ exit(0); ]])], 2642 [ 2643 AC_MSG_RESULT([no]) 2644 ], 2645 [ 2646 AC_MSG_RESULT([yes]) 2647 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2648 [Conflicting defs for getspnam]) 2649 ] 2650 ) 2651fi 2652 2653dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2654dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2655dnl for over ten years). Despite this incompatibility being reported during 2656dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2657dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2658dnl implementation. Try to detect this mess, and assume the only safe option 2659dnl if we're cross compiling. 2660dnl 2661dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2662dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2663if test "x$ac_cv_func_strnvis" = "xyes"; then 2664 AC_MSG_CHECKING([for working strnvis]) 2665 AC_RUN_IFELSE( 2666 [AC_LANG_PROGRAM([[ 2667#include <signal.h> 2668#include <stdlib.h> 2669#include <string.h> 2670#include <unistd.h> 2671#include <vis.h> 2672static void sighandler(int sig) { _exit(1); } 2673 ]], [[ 2674 char dst[16]; 2675 2676 signal(SIGSEGV, sighandler); 2677 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2678 exit(0); 2679 exit(1) 2680 ]])], 2681 [AC_MSG_RESULT([yes])], 2682 [AC_MSG_RESULT([no]) 2683 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2684 [AC_MSG_WARN([cross compiling: assuming broken]) 2685 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2686 ) 2687fi 2688 2689AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2690AC_RUN_IFELSE( 2691 [AC_LANG_PROGRAM([[ 2692#ifdef HAVE_SYS_SELECT 2693# include <sys/select.h> 2694#endif 2695#include <sys/types.h> 2696#include <sys/time.h> 2697#include <stdlib.h> 2698#include <signal.h> 2699#include <unistd.h> 2700static void sighandler(int sig) { } 2701 ]], [[ 2702 int r; 2703 pid_t pid; 2704 struct sigaction sa; 2705 2706 sa.sa_handler = sighandler; 2707 sa.sa_flags = SA_RESTART; 2708 (void)sigaction(SIGTERM, &sa, NULL); 2709 if ((pid = fork()) == 0) { /* child */ 2710 pid = getppid(); 2711 sleep(1); 2712 kill(pid, SIGTERM); 2713 sleep(1); 2714 if (getppid() == pid) /* if parent did not exit, shoot it */ 2715 kill(pid, SIGKILL); 2716 exit(0); 2717 } else { /* parent */ 2718 r = select(0, NULL, NULL, NULL, NULL); 2719 } 2720 exit(r == -1 ? 0 : 1); 2721 ]])], 2722 [AC_MSG_RESULT([yes])], 2723 [AC_MSG_RESULT([no]) 2724 AC_DEFINE([NO_SA_RESTART], [1], 2725 [SA_RESTARTed signals do no interrupt select])], 2726 [AC_MSG_WARN([cross compiling: assuming yes])] 2727) 2728 2729AC_CHECK_FUNCS([getpgrp],[ 2730 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2731 AC_COMPILE_IFELSE( 2732 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2733 [ AC_MSG_RESULT([yes]) 2734 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2735 [ AC_MSG_RESULT([no]) 2736 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2737 ) 2738]) 2739 2740# Search for OpenSSL 2741saved_CPPFLAGS="$CPPFLAGS" 2742saved_LDFLAGS="$LDFLAGS" 2743openssl_bin_PATH="$PATH" 2744AC_ARG_WITH([ssl-dir], 2745 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2746 [ 2747 if test "x$openssl" = "xno" ; then 2748 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2749 fi 2750 if test "x$withval" != "xno" ; then 2751 case "$withval" in 2752 # Relative paths 2753 ./*|../*) withval="`pwd`/$withval" 2754 esac 2755 if test -d "$withval/lib"; then 2756 libcrypto_path="${withval}/lib" 2757 elif test -d "$withval/lib64"; then 2758 libcrypto_path="$withval/lib64" 2759 else 2760 # Built but not installed 2761 libcrypto_path="${withval}" 2762 fi 2763 if test -n "${rpath_opt}"; then 2764 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2765 else 2766 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2767 fi 2768 if test -d "$withval/include"; then 2769 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2770 else 2771 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2772 fi 2773 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" 2774 fi 2775 ] 2776) 2777AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2778AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2779 2780AC_ARG_WITH([openssl-header-check], 2781 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2782 [ 2783 if test "x$withval" = "xno" ; then 2784 openssl_check_nonfatal=1 2785 fi 2786 ] 2787) 2788 2789openssl_engine=no 2790AC_ARG_WITH([ssl-engine], 2791 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2792 [ 2793 if test "x$withval" != "xno" ; then 2794 if test "x$openssl" = "xno" ; then 2795 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2796 fi 2797 openssl_engine=yes 2798 fi 2799 ] 2800) 2801 2802nocrypto_saved_LIBS="$LIBS" 2803if test "x$openssl" = "xyes" ; then 2804 LIBS="-lcrypto $LIBS" 2805 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2806 AC_TRY_LINK_FUNC([RAND_add], , 2807 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2808 AC_CHECK_HEADER([openssl/opensslv.h], , 2809 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2810 2811 # Determine OpenSSL header version 2812 AC_MSG_CHECKING([OpenSSL header version]) 2813 AC_RUN_IFELSE( 2814 [AC_LANG_PROGRAM([[ 2815 #include <stdlib.h> 2816 #include <stdio.h> 2817 #include <string.h> 2818 #include <openssl/opensslv.h> 2819 #define DATA "conftest.sslincver" 2820 ]], [[ 2821 FILE *fd; 2822 int rc; 2823 2824 fd = fopen(DATA,"w"); 2825 if(fd == NULL) 2826 exit(1); 2827 2828 if ((rc = fprintf(fd, "%08lx (%s)\n", 2829 (unsigned long)OPENSSL_VERSION_NUMBER, 2830 OPENSSL_VERSION_TEXT)) < 0) 2831 exit(1); 2832 2833 exit(0); 2834 ]])], 2835 [ 2836 ssl_header_ver=`cat conftest.sslincver` 2837 AC_MSG_RESULT([$ssl_header_ver]) 2838 ], 2839 [ 2840 AC_MSG_RESULT([not found]) 2841 AC_MSG_ERROR([OpenSSL version header not found.]) 2842 ], 2843 [ 2844 AC_MSG_WARN([cross compiling: not checking]) 2845 ] 2846 ) 2847 2848 # Determining OpenSSL library version is version dependent. 2849 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2850 2851 # Determine OpenSSL library version 2852 AC_MSG_CHECKING([OpenSSL library version]) 2853 AC_RUN_IFELSE( 2854 [AC_LANG_PROGRAM([[ 2855 #include <stdio.h> 2856 #include <stdlib.h> 2857 #include <string.h> 2858 #include <openssl/opensslv.h> 2859 #include <openssl/crypto.h> 2860 #define DATA "conftest.ssllibver" 2861 ]], [[ 2862 FILE *fd; 2863 int rc; 2864 2865 fd = fopen(DATA,"w"); 2866 if(fd == NULL) 2867 exit(1); 2868#ifndef OPENSSL_VERSION 2869# define OPENSSL_VERSION SSLEAY_VERSION 2870#endif 2871#ifndef HAVE_OPENSSL_VERSION 2872# define OpenSSL_version SSLeay_version 2873#endif 2874#ifndef HAVE_OPENSSL_VERSION_NUM 2875# define OpenSSL_version_num SSLeay 2876#endif 2877 if ((rc = fprintf(fd, "%08lx (%s)\n", 2878 (unsigned long)OpenSSL_version_num(), 2879 OpenSSL_version(OPENSSL_VERSION))) < 0) 2880 exit(1); 2881 2882 exit(0); 2883 ]])], 2884 [ 2885 ssl_library_ver=`cat conftest.ssllibver` 2886 # Check version is supported. 2887 case "$ssl_library_ver" in 2888 10000*|0*) 2889 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2890 ;; 2891 100*) ;; # 1.0.x 2892 101000[[0123456]]*) 2893 # https://github.com/openssl/openssl/pull/4613 2894 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2895 ;; 2896 101*) ;; # 1.1.x 2897 200*) ;; # LibreSSL 2898 300*) 2899 # OpenSSL 3; we use the 1.1x API 2900 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2901 ;; 2902 301*|302*) 2903 # OpenSSL development branch; request 1.1x API 2904 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2905 ;; 2906 *) 2907 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2908 ;; 2909 esac 2910 AC_MSG_RESULT([$ssl_library_ver]) 2911 ], 2912 [ 2913 AC_MSG_RESULT([not found]) 2914 AC_MSG_ERROR([OpenSSL library not found.]) 2915 ], 2916 [ 2917 AC_MSG_WARN([cross compiling: not checking]) 2918 ] 2919 ) 2920 2921 case "$host" in 2922 x86_64-*) 2923 case "$ssl_library_ver" in 2924 3000004*) 2925 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2926 ;; 2927 esac 2928 esac 2929 2930 # Sanity check OpenSSL headers 2931 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2932 AC_RUN_IFELSE( 2933 [AC_LANG_PROGRAM([[ 2934 #include <stdlib.h> 2935 #include <string.h> 2936 #include <openssl/opensslv.h> 2937 #include <openssl/crypto.h> 2938 ]], [[ 2939#ifndef HAVE_OPENSSL_VERSION_NUM 2940# define OpenSSL_version_num SSLeay 2941#endif 2942 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2943 ]])], 2944 [ 2945 AC_MSG_RESULT([yes]) 2946 ], 2947 [ 2948 AC_MSG_RESULT([no]) 2949 if test "x$openssl_check_nonfatal" = "x"; then 2950 AC_MSG_ERROR([Your OpenSSL headers do not match your 2951 library. Check config.log for details. 2952 If you are sure your installation is consistent, you can disable the check 2953 by running "./configure --without-openssl-header-check". 2954 Also see contrib/findssl.sh for help identifying header/library mismatches. 2955 ]) 2956 else 2957 AC_MSG_WARN([Your OpenSSL headers do not match your 2958 library. Check config.log for details. 2959 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2960 fi 2961 ], 2962 [ 2963 AC_MSG_WARN([cross compiling: not checking]) 2964 ] 2965 ) 2966 2967 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2968 AC_LINK_IFELSE( 2969 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2970 [[ ERR_load_crypto_strings(); ]])], 2971 [ 2972 AC_MSG_RESULT([yes]) 2973 ], 2974 [ 2975 AC_MSG_RESULT([no]) 2976 LIBS="$LIBS -ldl" 2977 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2978 AC_LINK_IFELSE( 2979 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2980 [[ ERR_load_crypto_strings(); ]])], 2981 [ 2982 AC_MSG_RESULT([yes]) 2983 CHANNELLIBS="$CHANNELLIBS -ldl" 2984 ], 2985 [ 2986 AC_MSG_RESULT([no]) 2987 ] 2988 ) 2989 ] 2990 ) 2991 2992 AC_CHECK_FUNCS([ \ 2993 BN_is_prime_ex \ 2994 DES_crypt \ 2995 DSA_generate_parameters_ex \ 2996 EVP_DigestFinal_ex \ 2997 EVP_DigestInit_ex \ 2998 EVP_MD_CTX_cleanup \ 2999 EVP_MD_CTX_copy_ex \ 3000 EVP_MD_CTX_init \ 3001 HMAC_CTX_init \ 3002 RSA_generate_key_ex \ 3003 RSA_get_default_method \ 3004 ]) 3005 3006 # OpenSSL_add_all_algorithms may be a macro. 3007 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 3008 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 3009 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 3010 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 3011 [[#include <openssl/evp.h>]] 3012 ) 3013 ) 3014 3015 # LibreSSL/OpenSSL 1.1x API 3016 AC_CHECK_FUNCS([ \ 3017 OPENSSL_init_crypto \ 3018 DH_get0_key \ 3019 DH_get0_pqg \ 3020 DH_set0_key \ 3021 DH_set_length \ 3022 DH_set0_pqg \ 3023 DSA_get0_key \ 3024 DSA_get0_pqg \ 3025 DSA_set0_key \ 3026 DSA_set0_pqg \ 3027 DSA_SIG_get0 \ 3028 DSA_SIG_set0 \ 3029 ECDSA_SIG_get0 \ 3030 ECDSA_SIG_set0 \ 3031 EVP_CIPHER_CTX_iv \ 3032 EVP_CIPHER_CTX_iv_noconst \ 3033 EVP_CIPHER_CTX_get_iv \ 3034 EVP_CIPHER_CTX_get_updated_iv \ 3035 EVP_CIPHER_CTX_set_iv \ 3036 RSA_get0_crt_params \ 3037 RSA_get0_factors \ 3038 RSA_get0_key \ 3039 RSA_set0_crt_params \ 3040 RSA_set0_factors \ 3041 RSA_set0_key \ 3042 RSA_meth_free \ 3043 RSA_meth_dup \ 3044 RSA_meth_set1_name \ 3045 RSA_meth_get_finish \ 3046 RSA_meth_set_priv_enc \ 3047 RSA_meth_set_priv_dec \ 3048 RSA_meth_set_finish \ 3049 EVP_PKEY_get0_RSA \ 3050 EVP_MD_CTX_new \ 3051 EVP_MD_CTX_free \ 3052 EVP_chacha20 \ 3053 ]) 3054 3055 if test "x$openssl_engine" = "xyes" ; then 3056 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3057 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3058 #include <openssl/engine.h> 3059 ]], [[ 3060 ENGINE_load_builtin_engines(); 3061 ENGINE_register_all_complete(); 3062 ]])], 3063 [ AC_MSG_RESULT([yes]) 3064 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3065 [Enable OpenSSL engine support]) 3066 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3067 ]) 3068 fi 3069 3070 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3071 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 3072 AC_LINK_IFELSE( 3073 [AC_LANG_PROGRAM([[ 3074 #include <stdlib.h> 3075 #include <string.h> 3076 #include <openssl/evp.h> 3077 ]], [[ 3078 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3079 ]])], 3080 [ 3081 AC_MSG_RESULT([no]) 3082 ], 3083 [ 3084 AC_MSG_RESULT([yes]) 3085 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3086 [libcrypto is missing AES 192 and 256 bit functions]) 3087 ] 3088 ) 3089 3090 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3091 AC_LINK_IFELSE( 3092 [AC_LANG_PROGRAM([[ 3093 #include <stdlib.h> 3094 #include <string.h> 3095 #include <openssl/evp.h> 3096 ]], [[ 3097 if(EVP_DigestUpdate(NULL, NULL,0)) 3098 exit(0); 3099 ]])], 3100 [ 3101 AC_MSG_RESULT([yes]) 3102 ], 3103 [ 3104 AC_MSG_RESULT([no]) 3105 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3106 [Define if EVP_DigestUpdate returns void]) 3107 ] 3108 ) 3109 3110 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3111 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3112 3113 # Check complete ECC support in OpenSSL 3114 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3115 AC_LINK_IFELSE( 3116 [AC_LANG_PROGRAM([[ 3117 #include <openssl/ec.h> 3118 #include <openssl/ecdh.h> 3119 #include <openssl/ecdsa.h> 3120 #include <openssl/evp.h> 3121 #include <openssl/objects.h> 3122 #include <openssl/opensslv.h> 3123 ]], [[ 3124 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3125 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3126 ]])], 3127 [ AC_MSG_RESULT([yes]) 3128 enable_nistp256=1 ], 3129 [ AC_MSG_RESULT([no]) ] 3130 ) 3131 3132 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3133 AC_LINK_IFELSE( 3134 [AC_LANG_PROGRAM([[ 3135 #include <openssl/ec.h> 3136 #include <openssl/ecdh.h> 3137 #include <openssl/ecdsa.h> 3138 #include <openssl/evp.h> 3139 #include <openssl/objects.h> 3140 #include <openssl/opensslv.h> 3141 ]], [[ 3142 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3143 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3144 ]])], 3145 [ AC_MSG_RESULT([yes]) 3146 enable_nistp384=1 ], 3147 [ AC_MSG_RESULT([no]) ] 3148 ) 3149 3150 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3151 AC_LINK_IFELSE( 3152 [AC_LANG_PROGRAM([[ 3153 #include <openssl/ec.h> 3154 #include <openssl/ecdh.h> 3155 #include <openssl/ecdsa.h> 3156 #include <openssl/evp.h> 3157 #include <openssl/objects.h> 3158 #include <openssl/opensslv.h> 3159 ]], [[ 3160 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3161 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3162 ]])], 3163 [ AC_MSG_RESULT([yes]) 3164 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3165 AC_RUN_IFELSE( 3166 [AC_LANG_PROGRAM([[ 3167 #include <stdlib.h> 3168 #include <openssl/ec.h> 3169 #include <openssl/ecdh.h> 3170 #include <openssl/ecdsa.h> 3171 #include <openssl/evp.h> 3172 #include <openssl/objects.h> 3173 #include <openssl/opensslv.h> 3174 ]],[[ 3175 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3176 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3177 exit(e == NULL || m == NULL); 3178 ]])], 3179 [ AC_MSG_RESULT([yes]) 3180 enable_nistp521=1 ], 3181 [ AC_MSG_RESULT([no]) ], 3182 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3183 enable_nistp521=1 ] 3184 )], 3185 AC_MSG_RESULT([no]) 3186 ) 3187 3188 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3189 test x$enable_nistp521 = x1; then 3190 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3191 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3192 openssl_ecc=yes 3193 else 3194 openssl_ecc=no 3195 fi 3196 if test x$enable_nistp256 = x1; then 3197 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3198 [libcrypto has NID_X9_62_prime256v1]) 3199 else 3200 unsupported_algorithms="$unsupported_algorithms \ 3201 ecdsa-sha2-nistp256 \ 3202 ecdh-sha2-nistp256 \ 3203 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3204 fi 3205 if test x$enable_nistp384 = x1; then 3206 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3207 else 3208 unsupported_algorithms="$unsupported_algorithms \ 3209 ecdsa-sha2-nistp384 \ 3210 ecdh-sha2-nistp384 \ 3211 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3212 fi 3213 if test x$enable_nistp521 = x1; then 3214 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3215 else 3216 unsupported_algorithms="$unsupported_algorithms \ 3217 ecdh-sha2-nistp521 \ 3218 ecdsa-sha2-nistp521 \ 3219 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3220 fi 3221fi 3222 3223# PKCS11/U2F depend on OpenSSL and dlopen(). 3224enable_pkcs11=yes 3225enable_sk=yes 3226if test "x$openssl" != "xyes" ; then 3227 enable_pkcs11="disabled; missing libcrypto" 3228fi 3229if test "x$ac_cv_func_dlopen" != "xyes" ; then 3230 enable_pkcs11="disabled; missing dlopen(3)" 3231 enable_sk="disabled; missing dlopen(3)" 3232fi 3233if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3234 enable_pkcs11="disabled; missing RTLD_NOW" 3235 enable_sk="disabled; missing RTLD_NOW" 3236fi 3237if test ! -z "$disable_pkcs11" ; then 3238 enable_pkcs11="disabled by user" 3239fi 3240if test ! -z "$disable_sk" ; then 3241 enable_sk="disabled by user" 3242fi 3243 3244AC_MSG_CHECKING([whether to enable PKCS11]) 3245if test "x$enable_pkcs11" = "xyes" ; then 3246 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3247fi 3248AC_MSG_RESULT([$enable_pkcs11]) 3249 3250AC_MSG_CHECKING([whether to enable U2F]) 3251if test "x$enable_sk" = "xyes" ; then 3252 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3253 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3254else 3255 # Do not try to build sk-dummy library. 3256 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3257fi 3258AC_MSG_RESULT([$enable_sk]) 3259 3260# Now check for built-in security key support. 3261if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3262 use_pkgconfig_for_libfido2= 3263 if test "x$PKGCONFIG" != "xno"; then 3264 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3265 if "$PKGCONFIG" libfido2; then 3266 AC_MSG_RESULT([yes]) 3267 use_pkgconfig_for_libfido2=yes 3268 else 3269 AC_MSG_RESULT([no]) 3270 fi 3271 fi 3272 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3273 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3274 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3275 else 3276 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3277 fi 3278 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3279 fido2_error= 3280 AC_CHECK_LIB([privatefido2], [fido_init], 3281 [ ], 3282 [ fido2_error="missing/unusable libfido2" ], 3283 [ $OTHERLIBS ] 3284 ) 3285 AC_CHECK_HEADER([fido.h], [], 3286 [ fido2_error="missing fido.h from libfido2" ]) 3287 AC_CHECK_HEADER([fido/credman.h], [], 3288 [ fido2_error="missing fido/credman.h from libfido2" ], 3289 [ #include <fido.h> ] 3290 ) 3291 AC_MSG_CHECKING([for usable libfido2 installation]) 3292 if test ! -z "$fido2_error" ; then 3293 AC_MSG_RESULT([$fido2_error]) 3294 if test "x$enable_sk_internal" = "xyes" ; then 3295 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3296 fi 3297 LIBFIDO2="" 3298 else 3299 AC_MSG_RESULT([yes]) 3300 AC_SUBST([LIBFIDO2]) 3301 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3302 [Enable for built-in U2F/FIDO support]) 3303 enable_sk="built-in" 3304 saved_LIBS="$LIBS" 3305 LIBS="$LIBFIDO2 $LIBS" 3306 AC_CHECK_FUNCS([ \ 3307 fido_assert_set_clientdata \ 3308 fido_cred_prot \ 3309 fido_cred_set_prot \ 3310 fido_cred_set_clientdata \ 3311 fido_dev_get_touch_begin \ 3312 fido_dev_get_touch_status \ 3313 fido_dev_supports_cred_prot \ 3314 fido_dev_is_winhello \ 3315 ]) 3316 LIBS="$saved_LIBS" 3317 fi 3318fi 3319 3320AC_CHECK_FUNCS([ \ 3321 arc4random \ 3322 arc4random_buf \ 3323 arc4random_stir \ 3324 arc4random_uniform \ 3325]) 3326### Configure cryptographic random number support 3327 3328# Check whether OpenSSL seeds itself 3329if test "x$openssl" = "xyes" ; then 3330 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3331 AC_RUN_IFELSE( 3332 [AC_LANG_PROGRAM([[ 3333 #include <stdlib.h> 3334 #include <string.h> 3335 #include <openssl/rand.h> 3336 ]], [[ 3337 exit(RAND_status() == 1 ? 0 : 1); 3338 ]])], 3339 [ 3340 OPENSSL_SEEDS_ITSELF=yes 3341 AC_MSG_RESULT([yes]) 3342 ], 3343 [ 3344 AC_MSG_RESULT([no]) 3345 ], 3346 [ 3347 AC_MSG_WARN([cross compiling: assuming yes]) 3348 # This is safe, since we will fatal() at runtime if 3349 # OpenSSL is not seeded correctly. 3350 OPENSSL_SEEDS_ITSELF=yes 3351 ] 3352 ) 3353fi 3354 3355# PRNGD TCP socket 3356AC_ARG_WITH([prngd-port], 3357 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3358 [ 3359 case "$withval" in 3360 no) 3361 withval="" 3362 ;; 3363 [[0-9]]*) 3364 ;; 3365 *) 3366 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3367 ;; 3368 esac 3369 if test ! -z "$withval" ; then 3370 PRNGD_PORT="$withval" 3371 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3372 [Port number of PRNGD/EGD random number socket]) 3373 fi 3374 ] 3375) 3376 3377# PRNGD Unix domain socket 3378AC_ARG_WITH([prngd-socket], 3379 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3380 [ 3381 case "$withval" in 3382 yes) 3383 withval="/var/run/egd-pool" 3384 ;; 3385 no) 3386 withval="" 3387 ;; 3388 /*) 3389 ;; 3390 *) 3391 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3392 ;; 3393 esac 3394 3395 if test ! -z "$withval" ; then 3396 if test ! -z "$PRNGD_PORT" ; then 3397 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3398 fi 3399 if test ! -r "$withval" ; then 3400 AC_MSG_WARN([Entropy socket is not readable]) 3401 fi 3402 PRNGD_SOCKET="$withval" 3403 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3404 [Location of PRNGD/EGD random number socket]) 3405 fi 3406 ], 3407 [ 3408 # Check for existing socket only if we don't have a random device already 3409 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3410 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3411 # Insert other locations here 3412 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3413 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3414 PRNGD_SOCKET="$sock" 3415 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3416 break; 3417 fi 3418 done 3419 if test ! -z "$PRNGD_SOCKET" ; then 3420 AC_MSG_RESULT([$PRNGD_SOCKET]) 3421 else 3422 AC_MSG_RESULT([not found]) 3423 fi 3424 fi 3425 ] 3426) 3427 3428# Which randomness source do we use? 3429if test ! -z "$PRNGD_PORT" ; then 3430 RAND_MSG="PRNGd port $PRNGD_PORT" 3431elif test ! -z "$PRNGD_SOCKET" ; then 3432 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3433elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3434 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3435 [Define if you want the OpenSSL internally seeded PRNG only]) 3436 RAND_MSG="OpenSSL internal ONLY" 3437elif test "x$openssl" = "xno" ; then 3438 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3439else 3440 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3441fi 3442LIBS="$nocrypto_saved_LIBS" 3443 3444saved_LIBS="$LIBS" 3445AC_CHECK_LIB([iaf], [ia_openinfo], [ 3446 LIBS="$LIBS -liaf" 3447 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3448 AC_DEFINE([HAVE_LIBIAF], [1], 3449 [Define if system has libiaf that supports set_id]) 3450 ]) 3451]) 3452LIBS="$saved_LIBS" 3453 3454# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3455saved_LIBS="$LIBS" 3456AC_CHECK_LIB([crypt], [crypt], [ 3457 LIBS="-lcrypt $LIBS" 3458 SSHDLIBS="-lcrypt $SSHDLIBS" 3459]) 3460AC_CHECK_FUNCS([crypt]) 3461LIBS="$saved_LIBS" 3462 3463# Check for PAM libs 3464PAM_MSG="no" 3465AC_ARG_WITH([pam], 3466 [ --with-pam Enable PAM support ], 3467 [ 3468 if test "x$withval" != "xno" ; then 3469 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3470 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3471 AC_MSG_ERROR([PAM headers not found]) 3472 fi 3473 3474 saved_LIBS="$LIBS" 3475 AC_CHECK_LIB([dl], [dlopen], , ) 3476 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3477 AC_CHECK_FUNCS([pam_getenvlist]) 3478 AC_CHECK_FUNCS([pam_putenv]) 3479 LIBS="$saved_LIBS" 3480 3481 PAM_MSG="yes" 3482 3483 SSHDLIBS="$SSHDLIBS -lpam" 3484 AC_DEFINE([USE_PAM], [1], 3485 [Define if you want to enable PAM support]) 3486 3487 if test $ac_cv_lib_dl_dlopen = yes; then 3488 case "$LIBS" in 3489 *-ldl*) 3490 # libdl already in LIBS 3491 ;; 3492 *) 3493 SSHDLIBS="$SSHDLIBS -ldl" 3494 ;; 3495 esac 3496 fi 3497 fi 3498 ] 3499) 3500 3501AC_ARG_WITH([pam-service], 3502 [ --with-pam-service=name Specify PAM service name ], 3503 [ 3504 if test "x$withval" != "xno" && \ 3505 test "x$withval" != "xyes" ; then 3506 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3507 ["$withval"], [sshd PAM service name]) 3508 fi 3509 ] 3510) 3511 3512# Check for older PAM 3513if test "x$PAM_MSG" = "xyes" ; then 3514 # Check PAM strerror arguments (old PAM) 3515 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3516 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3517#include <stdlib.h> 3518#if defined(HAVE_SECURITY_PAM_APPL_H) 3519#include <security/pam_appl.h> 3520#elif defined (HAVE_PAM_PAM_APPL_H) 3521#include <pam/pam_appl.h> 3522#endif 3523 ]], [[ 3524(void)pam_strerror((pam_handle_t *)NULL, -1); 3525 ]])], [AC_MSG_RESULT([no])], [ 3526 AC_DEFINE([HAVE_OLD_PAM], [1], 3527 [Define if you have an old version of PAM 3528 which takes only one argument to pam_strerror]) 3529 AC_MSG_RESULT([yes]) 3530 PAM_MSG="yes (old library)" 3531 3532 ]) 3533fi 3534 3535case "$host" in 3536*-*-cygwin*) 3537 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3538 ;; 3539*) 3540 SSH_PRIVSEP_USER=sshd 3541 ;; 3542esac 3543AC_ARG_WITH([privsep-user], 3544 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3545 [ 3546 if test -n "$withval" && test "x$withval" != "xno" && \ 3547 test "x${withval}" != "xyes"; then 3548 SSH_PRIVSEP_USER=$withval 3549 fi 3550 ] 3551) 3552if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3553 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3554 [Cygwin function to fetch non-privileged user for privilege separation]) 3555else 3556 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3557 [non-privileged user for privilege separation]) 3558fi 3559AC_SUBST([SSH_PRIVSEP_USER]) 3560 3561if test "x$have_linux_no_new_privs" = "x1" ; then 3562AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3563 #include <sys/types.h> 3564 #include <linux/seccomp.h> 3565]) 3566fi 3567if test "x$have_seccomp_filter" = "x1" ; then 3568AC_MSG_CHECKING([kernel for seccomp_filter support]) 3569AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3570 #include <errno.h> 3571 #include <elf.h> 3572 #include <linux/audit.h> 3573 #include <linux/seccomp.h> 3574 #include <stdlib.h> 3575 #include <sys/prctl.h> 3576 ]], 3577 [[ int i = $seccomp_audit_arch; 3578 errno = 0; 3579 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3580 exit(errno == EFAULT ? 0 : 1); ]])], 3581 [ AC_MSG_RESULT([yes]) ], [ 3582 AC_MSG_RESULT([no]) 3583 # Disable seccomp filter as a target 3584 have_seccomp_filter=0 3585 ] 3586) 3587fi 3588 3589AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3590#include <sys/types.h> 3591#ifdef HAVE_POLL_H 3592#include <poll.h> 3593#endif 3594#ifdef HAVE_SYS_POLL_H 3595#include <sys/poll.h> 3596#endif 3597]]) 3598 3599AC_CHECK_TYPES([nfds_t], , , [ 3600#include <sys/types.h> 3601#ifdef HAVE_POLL_H 3602#include <poll.h> 3603#endif 3604#ifdef HAVE_SYS_POLL_H 3605#include <sys/poll.h> 3606#endif 3607]) 3608 3609# Decide which sandbox style to use 3610sandbox_arg="" 3611AC_ARG_WITH([sandbox], 3612 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3613 [ 3614 if test "x$withval" = "xyes" ; then 3615 sandbox_arg="" 3616 else 3617 sandbox_arg="$withval" 3618 fi 3619 ] 3620) 3621 3622if test "x$sandbox_arg" != "xno"; then 3623# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3624# is greater than OPEN_MAX". On some platforms that includes implementions 3625# of select in userspace on top of poll() so check both work with rlimit 3626# NOFILES so check that both work before enabling the rlimit sandbox. 3627 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3628 AC_RUN_IFELSE( 3629 [AC_LANG_PROGRAM([[ 3630#include <sys/types.h> 3631#ifdef HAVE_SYS_TIME_H 3632# include <sys/time.h> 3633#endif 3634#include <sys/resource.h> 3635#ifdef HAVE_SYS_SELECT_H 3636# include <sys/select.h> 3637#endif 3638#ifdef HAVE_POLL_H 3639# include <poll.h> 3640#elif HAVE_SYS_POLL_H 3641# include <sys/poll.h> 3642#endif 3643#include <errno.h> 3644#include <fcntl.h> 3645#include <stdlib.h> 3646 ]],[[ 3647 struct rlimit rl_zero; 3648 int fd, r; 3649 fd_set fds; 3650 struct timeval tv; 3651#ifdef HAVE_POLL 3652 struct pollfd pfd; 3653#endif 3654 3655 fd = open("/dev/null", O_RDONLY); 3656 FD_ZERO(&fds); 3657 FD_SET(fd, &fds); 3658 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3659 setrlimit(RLIMIT_FSIZE, &rl_zero); 3660 setrlimit(RLIMIT_NOFILE, &rl_zero); 3661 tv.tv_sec = 1; 3662 tv.tv_usec = 0; 3663 r = select(fd+1, &fds, NULL, NULL, &tv); 3664 if (r == -1) 3665 exit(1); 3666#ifdef HAVE_POLL 3667 pfd.fd = fd; 3668 pfd.events = POLLIN; 3669 r = poll(&pfd, 1, 1); 3670 if (r == -1) 3671 exit(2); 3672#endif 3673 exit(0); 3674 ]])], 3675 [AC_MSG_RESULT([yes]) 3676 select_works_with_rlimit=yes], 3677 [AC_MSG_RESULT([no]) 3678 select_works_with_rlimit=no], 3679 [AC_MSG_WARN([cross compiling: assuming no]) 3680 select_works_with_rlimit=no] 3681 ) 3682 3683 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3684 AC_RUN_IFELSE( 3685 [AC_LANG_PROGRAM([[ 3686#include <sys/types.h> 3687#ifdef HAVE_SYS_TIME_H 3688# include <sys/time.h> 3689#endif 3690#include <sys/resource.h> 3691#include <errno.h> 3692#include <stdlib.h> 3693 ]],[[ 3694 struct rlimit rl_zero; 3695 int r; 3696 3697 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3698 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3699 exit (r == -1 ? 1 : 0); 3700 ]])], 3701 [AC_MSG_RESULT([yes]) 3702 rlimit_nofile_zero_works=yes], 3703 [AC_MSG_RESULT([no]) 3704 rlimit_nofile_zero_works=no], 3705 [AC_MSG_WARN([cross compiling: assuming yes]) 3706 rlimit_nofile_zero_works=yes] 3707 ) 3708 3709 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3710 AC_RUN_IFELSE( 3711 [AC_LANG_PROGRAM([[ 3712#include <sys/types.h> 3713#include <sys/resource.h> 3714#include <stdlib.h> 3715 ]],[[ 3716 struct rlimit rl_zero; 3717 3718 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3719 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3720 ]])], 3721 [AC_MSG_RESULT([yes])], 3722 [AC_MSG_RESULT([no]) 3723 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3724 [setrlimit RLIMIT_FSIZE works])], 3725 [AC_MSG_WARN([cross compiling: assuming yes])] 3726 ) 3727fi 3728 3729if test "x$sandbox_arg" = "xpledge" || \ 3730 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3731 test "x$ac_cv_func_pledge" != "xyes" && \ 3732 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3733 SANDBOX_STYLE="pledge" 3734 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3735elif test "x$sandbox_arg" = "xsystrace" || \ 3736 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3737 test "x$have_systr_policy_kill" != "x1" && \ 3738 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3739 SANDBOX_STYLE="systrace" 3740 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3741elif test "x$sandbox_arg" = "xdarwin" || \ 3742 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3743 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3744 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3745 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3746 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3747 SANDBOX_STYLE="darwin" 3748 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3749elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3750 ( test -z "$sandbox_arg" && \ 3751 test "x$have_seccomp_filter" = "x1" && \ 3752 test "x$ac_cv_header_elf_h" = "xyes" && \ 3753 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3754 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3755 test "x$seccomp_audit_arch" != "x" && \ 3756 test "x$have_linux_no_new_privs" = "x1" && \ 3757 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3758 test "x$seccomp_audit_arch" = "x" && \ 3759 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3760 test "x$have_linux_no_new_privs" != "x1" && \ 3761 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3762 test "x$have_seccomp_filter" != "x1" && \ 3763 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3764 test "x$ac_cv_func_prctl" != "xyes" && \ 3765 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3766 SANDBOX_STYLE="seccomp_filter" 3767 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3768elif test "x$sandbox_arg" = "xcapsicum" || \ 3769 ( test -z "$sandbox_arg" && \ 3770 test "x$disable_capsicum" != "xyes" && \ 3771 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3772 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3773 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3774 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3775 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3776 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3777 SANDBOX_STYLE="capsicum" 3778 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3779elif test "x$sandbox_arg" = "xrlimit" || \ 3780 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3781 test "x$select_works_with_rlimit" = "xyes" && \ 3782 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3783 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3784 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3785 test "x$select_works_with_rlimit" != "xyes" && \ 3786 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3787 SANDBOX_STYLE="rlimit" 3788 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3789elif test "x$sandbox_arg" = "xsolaris" || \ 3790 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3791 SANDBOX_STYLE="solaris" 3792 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3793elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3794 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3795 SANDBOX_STYLE="none" 3796 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3797else 3798 AC_MSG_ERROR([unsupported --with-sandbox]) 3799fi 3800 3801# Cheap hack to ensure NEWS-OS libraries are arranged right. 3802if test ! -z "$SONY" ; then 3803 LIBS="$LIBS -liberty"; 3804fi 3805 3806# Check for long long datatypes 3807AC_CHECK_TYPES([long long, unsigned long long, long double]) 3808 3809# Check datatype sizes 3810AC_CHECK_SIZEOF([short int]) 3811AC_CHECK_SIZEOF([int]) 3812AC_CHECK_SIZEOF([long int]) 3813AC_CHECK_SIZEOF([long long int]) 3814AC_CHECK_SIZEOF([time_t], [], [[ 3815 #include <sys/types.h> 3816 #ifdef HAVE_SYS_TIME_H 3817 # include <sys/time.h> 3818 #endif 3819 #ifdef HAVE_TIME_H 3820 # include <time.h> 3821 #endif 3822 ]] 3823) 3824 3825# Sanity check long long for some platforms (AIX) 3826if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3827 ac_cv_sizeof_long_long_int=0 3828fi 3829 3830# compute LLONG_MIN and LLONG_MAX if we don't know them. 3831if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3832 AC_MSG_CHECKING([for max value of long long]) 3833 AC_RUN_IFELSE( 3834 [AC_LANG_PROGRAM([[ 3835#include <stdio.h> 3836#include <stdlib.h> 3837/* Why is this so damn hard? */ 3838#ifdef __GNUC__ 3839# undef __GNUC__ 3840#endif 3841#define __USE_ISOC99 3842#include <limits.h> 3843#define DATA "conftest.llminmax" 3844#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3845 3846/* 3847 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3848 * we do this the hard way. 3849 */ 3850static int 3851fprint_ll(FILE *f, long long n) 3852{ 3853 unsigned int i; 3854 int l[sizeof(long long) * 8]; 3855 3856 if (n < 0) 3857 if (fprintf(f, "-") < 0) 3858 return -1; 3859 for (i = 0; n != 0; i++) { 3860 l[i] = my_abs(n % 10); 3861 n /= 10; 3862 } 3863 do { 3864 if (fprintf(f, "%d", l[--i]) < 0) 3865 return -1; 3866 } while (i != 0); 3867 if (fprintf(f, " ") < 0) 3868 return -1; 3869 return 0; 3870} 3871 ]], [[ 3872 FILE *f; 3873 long long i, llmin, llmax = 0; 3874 3875 if((f = fopen(DATA,"w")) == NULL) 3876 exit(1); 3877 3878#if defined(LLONG_MIN) && defined(LLONG_MAX) 3879 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3880 llmin = LLONG_MIN; 3881 llmax = LLONG_MAX; 3882#else 3883 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3884 /* This will work on one's complement and two's complement */ 3885 for (i = 1; i > llmax; i <<= 1, i++) 3886 llmax = i; 3887 llmin = llmax + 1LL; /* wrap */ 3888#endif 3889 3890 /* Sanity check */ 3891 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3892 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3893 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3894 fprintf(f, "unknown unknown\n"); 3895 exit(2); 3896 } 3897 3898 if (fprint_ll(f, llmin) < 0) 3899 exit(3); 3900 if (fprint_ll(f, llmax) < 0) 3901 exit(4); 3902 if (fclose(f) < 0) 3903 exit(5); 3904 exit(0); 3905 ]])], 3906 [ 3907 llong_min=`$AWK '{print $1}' conftest.llminmax` 3908 llong_max=`$AWK '{print $2}' conftest.llminmax` 3909 3910 AC_MSG_RESULT([$llong_max]) 3911 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3912 [max value of long long calculated by configure]) 3913 AC_MSG_CHECKING([for min value of long long]) 3914 AC_MSG_RESULT([$llong_min]) 3915 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3916 [min value of long long calculated by configure]) 3917 ], 3918 [ 3919 AC_MSG_RESULT([not found]) 3920 ], 3921 [ 3922 AC_MSG_WARN([cross compiling: not checking]) 3923 ] 3924 ) 3925fi 3926 3927AC_CHECK_DECLS([UINT32_MAX], , , [[ 3928#ifdef HAVE_SYS_LIMITS_H 3929# include <sys/limits.h> 3930#endif 3931#ifdef HAVE_LIMITS_H 3932# include <limits.h> 3933#endif 3934#ifdef HAVE_STDINT_H 3935# include <stdint.h> 3936#endif 3937]]) 3938 3939# More checks for data types 3940AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3941 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3942 [[ u_int a; a = 1;]])], 3943 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3944 ]) 3945]) 3946if test "x$ac_cv_have_u_int" = "xyes" ; then 3947 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3948 have_u_int=1 3949fi 3950 3951AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3952 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3953 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3954 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3955 ]) 3956]) 3957if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3958 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3959 have_intxx_t=1 3960fi 3961 3962if (test -z "$have_intxx_t" && \ 3963 test "x$ac_cv_header_stdint_h" = "xyes") 3964then 3965 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3966 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3967 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3968 [ 3969 AC_DEFINE([HAVE_INTXX_T]) 3970 AC_MSG_RESULT([yes]) 3971 ], [ AC_MSG_RESULT([no]) 3972 ]) 3973fi 3974 3975AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3976 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3977#include <sys/types.h> 3978#ifdef HAVE_STDINT_H 3979# include <stdint.h> 3980#endif 3981#include <sys/socket.h> 3982#ifdef HAVE_SYS_BITYPES_H 3983# include <sys/bitypes.h> 3984#endif 3985 ]], [[ 3986int64_t a; a = 1; 3987 ]])], 3988 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3989 ]) 3990]) 3991if test "x$ac_cv_have_int64_t" = "xyes" ; then 3992 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3993fi 3994 3995AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3996 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3997 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3998 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3999 ]) 4000]) 4001if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 4002 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 4003 have_u_intxx_t=1 4004fi 4005 4006if test -z "$have_u_intxx_t" ; then 4007 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 4008 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 4009 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4010 [ 4011 AC_DEFINE([HAVE_U_INTXX_T]) 4012 AC_MSG_RESULT([yes]) 4013 ], [ AC_MSG_RESULT([no]) 4014 ]) 4015fi 4016 4017AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4018 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4019 [[ u_int64_t a; a = 1;]])], 4020 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4021 ]) 4022]) 4023if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4024 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4025 have_u_int64_t=1 4026fi 4027 4028if (test -z "$have_u_int64_t" && \ 4029 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4030then 4031 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4032 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4033 [[ u_int64_t a; a = 1]])], 4034 [ 4035 AC_DEFINE([HAVE_U_INT64_T]) 4036 AC_MSG_RESULT([yes]) 4037 ], [ AC_MSG_RESULT([no]) 4038 ]) 4039fi 4040 4041if test -z "$have_u_intxx_t" ; then 4042 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4043 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4044#include <sys/types.h> 4045 ]], [[ 4046 uint8_t a; 4047 uint16_t b; 4048 uint32_t c; 4049 a = b = c = 1; 4050 ]])], 4051 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4052 ]) 4053 ]) 4054 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4055 AC_DEFINE([HAVE_UINTXX_T], [1], 4056 [define if you have uintxx_t data type]) 4057 fi 4058fi 4059 4060if (test -z "$have_uintxx_t" && \ 4061 test "x$ac_cv_header_stdint_h" = "xyes") 4062then 4063 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4064 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4065 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4066 [ 4067 AC_DEFINE([HAVE_UINTXX_T]) 4068 AC_MSG_RESULT([yes]) 4069 ], [ AC_MSG_RESULT([no]) 4070 ]) 4071fi 4072 4073if (test -z "$have_uintxx_t" && \ 4074 test "x$ac_cv_header_inttypes_h" = "xyes") 4075then 4076 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4077 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4078 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4079 [ 4080 AC_DEFINE([HAVE_UINTXX_T]) 4081 AC_MSG_RESULT([yes]) 4082 ], [ AC_MSG_RESULT([no]) 4083 ]) 4084fi 4085 4086if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4087 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4088then 4089 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4090 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4091#include <sys/bitypes.h> 4092 ]], [[ 4093 int8_t a; int16_t b; int32_t c; 4094 u_int8_t e; u_int16_t f; u_int32_t g; 4095 a = b = c = e = f = g = 1; 4096 ]])], 4097 [ 4098 AC_DEFINE([HAVE_U_INTXX_T]) 4099 AC_DEFINE([HAVE_INTXX_T]) 4100 AC_MSG_RESULT([yes]) 4101 ], [AC_MSG_RESULT([no]) 4102 ]) 4103fi 4104 4105 4106AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4107 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4108 [[ u_char foo; foo = 125; ]])], 4109 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4110 ]) 4111]) 4112if test "x$ac_cv_have_u_char" = "xyes" ; then 4113 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4114fi 4115 4116AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4117#include <sys/types.h> 4118#ifdef HAVE_STDINT_H 4119# include <stdint.h> 4120#endif 4121]) 4122 4123TYPE_SOCKLEN_T 4124 4125AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4126AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4127#include <sys/types.h> 4128#ifdef HAVE_SYS_BITYPES_H 4129#include <sys/bitypes.h> 4130#endif 4131#ifdef HAVE_SYS_STATFS_H 4132#include <sys/statfs.h> 4133#endif 4134#ifdef HAVE_SYS_STATVFS_H 4135#include <sys/statvfs.h> 4136#endif 4137]) 4138 4139AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4140#include <sys/param.h> 4141#include <sys/types.h> 4142#ifdef HAVE_SYS_BITYPES_H 4143#include <sys/bitypes.h> 4144#endif 4145#ifdef HAVE_SYS_STATFS_H 4146#include <sys/statfs.h> 4147#endif 4148#ifdef HAVE_SYS_STATVFS_H 4149#include <sys/statvfs.h> 4150#endif 4151#ifdef HAVE_SYS_VFS_H 4152#include <sys/vfs.h> 4153#endif 4154#ifdef HAVE_SYS_MOUNT_H 4155#include <sys/mount.h> 4156#endif 4157]]) 4158 4159 4160AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4161[#include <sys/types.h> 4162#include <netinet/in.h>]) 4163 4164AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4165 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4166 [[ size_t foo; foo = 1235; ]])], 4167 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4168 ]) 4169]) 4170if test "x$ac_cv_have_size_t" = "xyes" ; then 4171 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4172fi 4173 4174AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4175 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4176 [[ ssize_t foo; foo = 1235; ]])], 4177 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4178 ]) 4179]) 4180if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4181 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4182fi 4183 4184AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4185 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4186 [[ clock_t foo; foo = 1235; ]])], 4187 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4188 ]) 4189]) 4190if test "x$ac_cv_have_clock_t" = "xyes" ; then 4191 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4192fi 4193 4194AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4195 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4196#include <sys/types.h> 4197#include <sys/socket.h> 4198 ]], [[ sa_family_t foo; foo = 1235; ]])], 4199 [ ac_cv_have_sa_family_t="yes" ], 4200 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4201#include <sys/types.h> 4202#include <sys/socket.h> 4203#include <netinet/in.h> 4204 ]], [[ sa_family_t foo; foo = 1235; ]])], 4205 [ ac_cv_have_sa_family_t="yes" ], 4206 [ ac_cv_have_sa_family_t="no" ] 4207 ) 4208 ]) 4209]) 4210if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4211 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4212 [define if you have sa_family_t data type]) 4213fi 4214 4215AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4216 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4217 [[ pid_t foo; foo = 1235; ]])], 4218 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4219 ]) 4220]) 4221if test "x$ac_cv_have_pid_t" = "xyes" ; then 4222 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4223fi 4224 4225AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4226 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4227 [[ mode_t foo; foo = 1235; ]])], 4228 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4229 ]) 4230]) 4231if test "x$ac_cv_have_mode_t" = "xyes" ; then 4232 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4233fi 4234 4235 4236AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4237 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4238#include <sys/types.h> 4239#include <sys/socket.h> 4240 ]], [[ struct sockaddr_storage s; ]])], 4241 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4242 [ ac_cv_have_struct_sockaddr_storage="no" 4243 ]) 4244]) 4245if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4246 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4247 [define if you have struct sockaddr_storage data type]) 4248fi 4249 4250AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4251 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4252#include <sys/types.h> 4253#include <netinet/in.h> 4254 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4255 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4256 [ ac_cv_have_struct_sockaddr_in6="no" 4257 ]) 4258]) 4259if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4260 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4261 [define if you have struct sockaddr_in6 data type]) 4262fi 4263 4264AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4265 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4266#include <sys/types.h> 4267#include <netinet/in.h> 4268 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4269 [ ac_cv_have_struct_in6_addr="yes" ], 4270 [ ac_cv_have_struct_in6_addr="no" 4271 ]) 4272]) 4273if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4274 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4275 [define if you have struct in6_addr data type]) 4276 4277dnl Now check for sin6_scope_id 4278 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4279 [ 4280#ifdef HAVE_SYS_TYPES_H 4281#include <sys/types.h> 4282#endif 4283#include <netinet/in.h> 4284 ]) 4285fi 4286 4287AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4288 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4289#include <sys/types.h> 4290#include <sys/socket.h> 4291#include <netdb.h> 4292 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4293 [ ac_cv_have_struct_addrinfo="yes" ], 4294 [ ac_cv_have_struct_addrinfo="no" 4295 ]) 4296]) 4297if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4298 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4299 [define if you have struct addrinfo data type]) 4300fi 4301 4302AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4303 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4304 [[ struct timeval tv; tv.tv_sec = 1;]])], 4305 [ ac_cv_have_struct_timeval="yes" ], 4306 [ ac_cv_have_struct_timeval="no" 4307 ]) 4308]) 4309if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4310 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4311 have_struct_timeval=1 4312fi 4313 4314AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4315 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4316 #ifdef HAVE_SYS_TIME_H 4317 # include <sys/time.h> 4318 #endif 4319 #ifdef HAVE_TIME_H 4320 # include <time.h> 4321 #endif 4322 ]], 4323 [[ struct timespec ts; ts.tv_sec = 1;]])], 4324 [ ac_cv_have_struct_timespec="yes" ], 4325 [ ac_cv_have_struct_timespec="no" 4326 ]) 4327]) 4328if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4329 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4330 have_struct_timespec=1 4331fi 4332 4333# We need int64_t or else certain parts of the compile will fail. 4334if test "x$ac_cv_have_int64_t" = "xno" && \ 4335 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4336 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4337 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4338 echo "an alternative compiler (I.E., GCC) before continuing." 4339 echo "" 4340 exit 1; 4341else 4342dnl test snprintf (broken on SCO w/gcc) 4343 AC_RUN_IFELSE( 4344 [AC_LANG_SOURCE([[ 4345#include <stdio.h> 4346#include <stdlib.h> 4347#include <string.h> 4348#ifdef HAVE_SNPRINTF 4349int main(void) 4350{ 4351 char buf[50]; 4352 char expected_out[50]; 4353 int mazsize = 50 ; 4354#if (SIZEOF_LONG_INT == 8) 4355 long int num = 0x7fffffffffffffff; 4356#else 4357 long long num = 0x7fffffffffffffffll; 4358#endif 4359 strcpy(expected_out, "9223372036854775807"); 4360 snprintf(buf, mazsize, "%lld", num); 4361 if(strcmp(buf, expected_out) != 0) 4362 exit(1); 4363 exit(0); 4364} 4365#else 4366int main(void) { exit(0); } 4367#endif 4368 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4369 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4370 ) 4371fi 4372 4373dnl Checks for structure members 4374OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4375OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4376OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4377OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4378OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4379OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4380OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4381OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4382OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4383OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4384OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4385OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4386OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4387OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4388OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4389OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4390OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4391OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4392 4393AC_CHECK_MEMBERS([struct stat.st_blksize]) 4394AC_CHECK_MEMBERS([struct stat.st_mtim]) 4395AC_CHECK_MEMBERS([struct stat.st_mtime]) 4396AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4397struct passwd.pw_change, struct passwd.pw_expire], 4398[], [], [[ 4399#include <sys/types.h> 4400#include <pwd.h> 4401]]) 4402 4403AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4404 [Define if we don't have struct __res_state in resolv.h])], 4405[[ 4406#include <stdio.h> 4407#if HAVE_SYS_TYPES_H 4408# include <sys/types.h> 4409#endif 4410#include <netinet/in.h> 4411#include <arpa/nameser.h> 4412#include <resolv.h> 4413]]) 4414 4415AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4416 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4417 [], 4418 [AC_LANG_SOURCE([[ 4419#include <sys/types.h> 4420#include <sys/socket.h> 4421#include <netinet/in.h> 4422 ]])] 4423) 4424 4425AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4426 ac_cv_have_ss_family_in_struct_ss, [ 4427 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4428#include <sys/types.h> 4429#include <sys/socket.h> 4430 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4431 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4432 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4433]) 4434if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4435 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4436fi 4437 4438AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4439 ac_cv_have___ss_family_in_struct_ss, [ 4440 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4441#include <sys/types.h> 4442#include <sys/socket.h> 4443 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4444 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4445 [ ac_cv_have___ss_family_in_struct_ss="no" 4446 ]) 4447]) 4448if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4449 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4450 [Fields in struct sockaddr_storage]) 4451fi 4452 4453dnl make sure we're using the real structure members and not defines 4454AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4455 ac_cv_have_accrights_in_msghdr, [ 4456 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4457#include <sys/types.h> 4458#include <sys/socket.h> 4459#include <sys/uio.h> 4460#include <stdlib.h> 4461 ]], [[ 4462#ifdef msg_accrights 4463#error "msg_accrights is a macro" 4464exit(1); 4465#endif 4466struct msghdr m; 4467m.msg_accrights = 0; 4468exit(0); 4469 ]])], 4470 [ ac_cv_have_accrights_in_msghdr="yes" ], 4471 [ ac_cv_have_accrights_in_msghdr="no" ] 4472 ) 4473]) 4474if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4475 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4476 [Define if your system uses access rights style 4477 file descriptor passing]) 4478fi 4479 4480AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4481AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4482#include <sys/param.h> 4483#include <sys/stat.h> 4484#ifdef HAVE_SYS_TIME_H 4485# include <sys/time.h> 4486#endif 4487#ifdef HAVE_SYS_MOUNT_H 4488#include <sys/mount.h> 4489#endif 4490#ifdef HAVE_SYS_STATVFS_H 4491#include <sys/statvfs.h> 4492#endif 4493 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4494 [ AC_MSG_RESULT([yes]) ], 4495 [ AC_MSG_RESULT([no]) 4496 4497 AC_MSG_CHECKING([if fsid_t has member val]) 4498 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4499#include <sys/types.h> 4500#include <sys/statvfs.h> 4501 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4502 [ AC_MSG_RESULT([yes]) 4503 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4504 [ AC_MSG_RESULT([no]) ]) 4505 4506 AC_MSG_CHECKING([if f_fsid has member __val]) 4507 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4508#include <sys/types.h> 4509#include <sys/statvfs.h> 4510 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4511 [ AC_MSG_RESULT([yes]) 4512 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4513 [ AC_MSG_RESULT([no]) ]) 4514]) 4515 4516AC_CACHE_CHECK([for msg_control field in struct msghdr], 4517 ac_cv_have_control_in_msghdr, [ 4518 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4519#include <sys/types.h> 4520#include <sys/socket.h> 4521#include <sys/uio.h> 4522#include <stdlib.h> 4523 ]], [[ 4524#ifdef msg_control 4525#error "msg_control is a macro" 4526exit(1); 4527#endif 4528struct msghdr m; 4529m.msg_control = 0; 4530exit(0); 4531 ]])], 4532 [ ac_cv_have_control_in_msghdr="yes" ], 4533 [ ac_cv_have_control_in_msghdr="no" ] 4534 ) 4535]) 4536if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4537 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4538 [Define if your system uses ancillary data style 4539 file descriptor passing]) 4540fi 4541 4542AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4543 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4544 [[ extern char *__progname; printf("%s", __progname); ]])], 4545 [ ac_cv_libc_defines___progname="yes" ], 4546 [ ac_cv_libc_defines___progname="no" 4547 ]) 4548]) 4549if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4550 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4551fi 4552 4553AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4554 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4555 [[ printf("%s", __FUNCTION__); ]])], 4556 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4557 [ ac_cv_cc_implements___FUNCTION__="no" 4558 ]) 4559]) 4560if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4561 AC_DEFINE([HAVE___FUNCTION__], [1], 4562 [Define if compiler implements __FUNCTION__]) 4563fi 4564 4565AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4566 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4567 [[ printf("%s", __func__); ]])], 4568 [ ac_cv_cc_implements___func__="yes" ], 4569 [ ac_cv_cc_implements___func__="no" 4570 ]) 4571]) 4572if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4573 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4574fi 4575 4576AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4577 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4578#include <stdarg.h> 4579va_list x,y; 4580 ]], [[ va_copy(x,y); ]])], 4581 [ ac_cv_have_va_copy="yes" ], 4582 [ ac_cv_have_va_copy="no" 4583 ]) 4584]) 4585if test "x$ac_cv_have_va_copy" = "xyes" ; then 4586 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4587fi 4588 4589AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4590 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4591#include <stdarg.h> 4592va_list x,y; 4593 ]], [[ __va_copy(x,y); ]])], 4594 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4595 ]) 4596]) 4597if test "x$ac_cv_have___va_copy" = "xyes" ; then 4598 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4599fi 4600 4601AC_CACHE_CHECK([whether getopt has optreset support], 4602 ac_cv_have_getopt_optreset, [ 4603 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4604 [[ extern int optreset; optreset = 0; ]])], 4605 [ ac_cv_have_getopt_optreset="yes" ], 4606 [ ac_cv_have_getopt_optreset="no" 4607 ]) 4608]) 4609if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4610 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4611 [Define if your getopt(3) defines and uses optreset]) 4612fi 4613 4614AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4615 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4616[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4617 [ ac_cv_libc_defines_sys_errlist="yes" ], 4618 [ ac_cv_libc_defines_sys_errlist="no" 4619 ]) 4620]) 4621if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4622 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4623 [Define if your system defines sys_errlist[]]) 4624fi 4625 4626 4627AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4628 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4629[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4630 [ ac_cv_libc_defines_sys_nerr="yes" ], 4631 [ ac_cv_libc_defines_sys_nerr="no" 4632 ]) 4633]) 4634if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4635 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4636fi 4637 4638# Check libraries needed by DNS fingerprint support 4639AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4640 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4641 [Define if getrrsetbyname() exists])], 4642 [ 4643 # Needed by our getrrsetbyname() 4644 AC_SEARCH_LIBS([res_query], [resolv]) 4645 AC_SEARCH_LIBS([dn_expand], [resolv]) 4646 AC_MSG_CHECKING([if res_query will link]) 4647 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4648#include <sys/types.h> 4649#include <netinet/in.h> 4650#include <arpa/nameser.h> 4651#include <netdb.h> 4652#include <resolv.h> 4653 ]], [[ 4654 res_query (0, 0, 0, 0, 0); 4655 ]])], 4656 AC_MSG_RESULT([yes]), 4657 [AC_MSG_RESULT([no]) 4658 saved_LIBS="$LIBS" 4659 LIBS="$LIBS -lresolv" 4660 AC_MSG_CHECKING([for res_query in -lresolv]) 4661 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4662#include <sys/types.h> 4663#include <netinet/in.h> 4664#include <arpa/nameser.h> 4665#include <netdb.h> 4666#include <resolv.h> 4667 ]], [[ 4668 res_query (0, 0, 0, 0, 0); 4669 ]])], 4670 [AC_MSG_RESULT([yes])], 4671 [LIBS="$saved_LIBS" 4672 AC_MSG_RESULT([no])]) 4673 ]) 4674 AC_CHECK_FUNCS([_getshort _getlong]) 4675 AC_CHECK_DECLS([_getshort, _getlong], , , 4676 [#include <sys/types.h> 4677 #include <arpa/nameser.h>]) 4678 AC_CHECK_MEMBER([HEADER.ad], 4679 [AC_DEFINE([HAVE_HEADER_AD], [1], 4680 [Define if HEADER.ad exists in arpa/nameser.h])], , 4681 [#include <arpa/nameser.h>]) 4682 ]) 4683 4684AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4685AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4686#include <stdio.h> 4687#if HAVE_SYS_TYPES_H 4688# include <sys/types.h> 4689#endif 4690#include <netinet/in.h> 4691#include <arpa/nameser.h> 4692#include <resolv.h> 4693extern struct __res_state _res; 4694 ]], [[ 4695struct __res_state *volatile p = &_res; /* force resolution of _res */ 4696return 0; 4697 ]],)], 4698 [AC_MSG_RESULT([yes]) 4699 AC_DEFINE([HAVE__RES_EXTERN], [1], 4700 [Define if you have struct __res_state _res as an extern]) 4701 ], 4702 [ AC_MSG_RESULT([no]) ] 4703) 4704 4705# Check whether user wants SELinux support 4706SELINUX_MSG="no" 4707LIBSELINUX="" 4708AC_ARG_WITH([selinux], 4709 [ --with-selinux Enable SELinux support], 4710 [ if test "x$withval" != "xno" ; then 4711 save_LIBS="$LIBS" 4712 AC_DEFINE([WITH_SELINUX], [1], 4713 [Define if you want SELinux support.]) 4714 SELINUX_MSG="yes" 4715 AC_CHECK_HEADER([selinux/selinux.h], , 4716 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4717 AC_CHECK_LIB([selinux], [setexeccon], 4718 [ LIBSELINUX="-lselinux" 4719 LIBS="$LIBS -lselinux" 4720 ], 4721 AC_MSG_ERROR([SELinux support requires libselinux library])) 4722 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4723 LIBS="$save_LIBS $LIBSELINUX" 4724 fi ] 4725) 4726AC_SUBST([SSHDLIBS]) 4727 4728# Check whether user wants Kerberos 5 support 4729KRB5_MSG="no" 4730AC_ARG_WITH([kerberos5], 4731 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4732 [ if test "x$withval" != "xno" ; then 4733 if test "x$withval" = "xyes" ; then 4734 KRB5ROOT="/usr/local" 4735 else 4736 KRB5ROOT=${withval} 4737 fi 4738 4739 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4740 KRB5_MSG="yes" 4741 4742 use_pkgconfig_for_krb5= 4743 if test "x$PKGCONFIG" != "xno"; then 4744 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4745 if "$PKGCONFIG" krb5; then 4746 AC_MSG_RESULT([yes]) 4747 use_pkgconfig_for_krb5=yes 4748 else 4749 AC_MSG_RESULT([no]) 4750 fi 4751 fi 4752 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4753 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4754 K5LIBS=`$PKGCONFIG --libs krb5` 4755 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4756 4757 AC_MSG_CHECKING([for gssapi support]) 4758 if "$PKGCONFIG" krb5-gssapi; then 4759 AC_MSG_RESULT([yes]) 4760 AC_DEFINE([GSSAPI], [1], 4761 [Define this if you want GSSAPI 4762 support in the version 2 protocol]) 4763 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4764 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4765 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4766 else 4767 AC_MSG_RESULT([no]) 4768 fi 4769 AC_MSG_CHECKING([whether we are using Heimdal]) 4770 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4771 ]], [[ char *tmp = heimdal_version; ]])], 4772 [ AC_MSG_RESULT([yes]) 4773 AC_DEFINE([HEIMDAL], [1], 4774 [Define this if you are using the Heimdal 4775 version of Kerberos V5]) ], 4776 [AC_MSG_RESULT([no]) 4777 ]) 4778 else 4779 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4780 [$KRB5ROOT/bin/krb5-config], 4781 [$KRB5ROOT/bin:$PATH]) 4782 if test -x $KRB5CONF ; then 4783 K5CFLAGS="`$KRB5CONF --cflags`" 4784 K5LIBS="`$KRB5CONF --libs`" 4785 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4786 4787 AC_MSG_CHECKING([for gssapi support]) 4788 if $KRB5CONF | grep gssapi >/dev/null ; then 4789 AC_MSG_RESULT([yes]) 4790 AC_DEFINE([GSSAPI], [1], 4791 [Define this if you want GSSAPI 4792 support in the version 2 protocol]) 4793 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4794 GSSLIBS="`$KRB5CONF --libs gssapi`" 4795 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4796 else 4797 AC_MSG_RESULT([no]) 4798 fi 4799 AC_MSG_CHECKING([whether we are using Heimdal]) 4800 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4801 ]], [[ char *tmp = heimdal_version; ]])], 4802 [ AC_MSG_RESULT([yes]) 4803 AC_DEFINE([HEIMDAL], [1], 4804 [Define this if you are using the Heimdal 4805 version of Kerberos V5]) ], 4806 [AC_MSG_RESULT([no]) 4807 ]) 4808 else 4809 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4810 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4811 AC_MSG_CHECKING([whether we are using Heimdal]) 4812 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4813 ]], [[ char *tmp = heimdal_version; ]])], 4814 [ AC_MSG_RESULT([yes]) 4815 AC_DEFINE([HEIMDAL]) 4816 K5LIBS="-lkrb5" 4817 K5LIBS="$K5LIBS -lcom_err -lasn1" 4818 AC_CHECK_LIB([roken], [net_write], 4819 [K5LIBS="$K5LIBS -lroken"]) 4820 AC_CHECK_LIB([des], [des_cbc_encrypt], 4821 [K5LIBS="$K5LIBS -ldes"]) 4822 ], [ AC_MSG_RESULT([no]) 4823 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4824 ]) 4825 AC_SEARCH_LIBS([dn_expand], [resolv]) 4826 4827 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4828 [ AC_DEFINE([GSSAPI]) 4829 GSSLIBS="-lgssapi_krb5" ], 4830 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4831 [ AC_DEFINE([GSSAPI]) 4832 GSSLIBS="-lgssapi" ], 4833 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4834 [ AC_DEFINE([GSSAPI]) 4835 GSSLIBS="-lgss" ], 4836 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4837 ]) 4838 ]) 4839 4840 AC_CHECK_HEADER([gssapi.h], , 4841 [ unset ac_cv_header_gssapi_h 4842 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4843 AC_CHECK_HEADERS([gssapi.h], , 4844 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4845 ) 4846 ] 4847 ) 4848 4849 oldCPP="$CPPFLAGS" 4850 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4851 AC_CHECK_HEADER([gssapi_krb5.h], , 4852 [ CPPFLAGS="$oldCPP" ]) 4853 4854 fi 4855 fi 4856 if test -n "${rpath_opt}" ; then 4857 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4858 fi 4859 if test ! -z "$blibpath" ; then 4860 blibpath="$blibpath:${KRB5ROOT}/lib" 4861 fi 4862 4863 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4864 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4865 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4866 4867 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4868 [Define this if you want to use libkafs' AFS support])]) 4869 4870 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4871#ifdef HAVE_GSSAPI_H 4872# include <gssapi.h> 4873#elif defined(HAVE_GSSAPI_GSSAPI_H) 4874# include <gssapi/gssapi.h> 4875#endif 4876 4877#ifdef HAVE_GSSAPI_GENERIC_H 4878# include <gssapi_generic.h> 4879#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4880# include <gssapi/gssapi_generic.h> 4881#endif 4882 ]]) 4883 saved_LIBS="$LIBS" 4884 LIBS="$LIBS $K5LIBS" 4885 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4886 LIBS="$saved_LIBS" 4887 4888 fi 4889 ] 4890) 4891AC_SUBST([GSSLIBS]) 4892AC_SUBST([K5LIBS]) 4893AC_SUBST([CHANNELLIBS]) 4894 4895# Looking for programs, paths and files 4896 4897PRIVSEP_PATH=/var/empty 4898AC_ARG_WITH([privsep-path], 4899 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4900 [ 4901 if test -n "$withval" && test "x$withval" != "xno" && \ 4902 test "x${withval}" != "xyes"; then 4903 PRIVSEP_PATH=$withval 4904 fi 4905 ] 4906) 4907AC_SUBST([PRIVSEP_PATH]) 4908 4909AC_ARG_WITH([xauth], 4910 [ --with-xauth=PATH Specify path to xauth program ], 4911 [ 4912 if test -n "$withval" && test "x$withval" != "xno" && \ 4913 test "x${withval}" != "xyes"; then 4914 xauth_path=$withval 4915 fi 4916 ], 4917 [ 4918 TestPath="$PATH" 4919 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4920 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4921 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4922 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4923 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4924 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4925 xauth_path="/usr/openwin/bin/xauth" 4926 fi 4927 ] 4928) 4929 4930STRIP_OPT=-s 4931AC_ARG_ENABLE([strip], 4932 [ --disable-strip Disable calling strip(1) on install], 4933 [ 4934 if test "x$enableval" = "xno" ; then 4935 STRIP_OPT= 4936 fi 4937 ] 4938) 4939AC_SUBST([STRIP_OPT]) 4940 4941if test -z "$xauth_path" ; then 4942 XAUTH_PATH="undefined" 4943 AC_SUBST([XAUTH_PATH]) 4944else 4945 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4946 [Define if xauth is found in your path]) 4947 XAUTH_PATH=$xauth_path 4948 AC_SUBST([XAUTH_PATH]) 4949fi 4950 4951dnl # --with-maildir=/path/to/mail gets top priority. 4952dnl # if maildir is set in the platform case statement above we use that. 4953dnl # Otherwise we run a program to get the dir from system headers. 4954dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4955dnl # If we find _PATH_MAILDIR we do nothing because that is what 4956dnl # session.c expects anyway. Otherwise we set to the value found 4957dnl # stripping any trailing slash. If for some strage reason our program 4958dnl # does not find what it needs, we default to /var/spool/mail. 4959# Check for mail directory 4960AC_ARG_WITH([maildir], 4961 [ --with-maildir=/path/to/mail Specify your system mail directory], 4962 [ 4963 if test "X$withval" != X && test "x$withval" != xno && \ 4964 test "x${withval}" != xyes; then 4965 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4966 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4967 fi 4968 ],[ 4969 if test "X$maildir" != "X"; then 4970 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4971 else 4972 AC_MSG_CHECKING([Discovering system mail directory]) 4973 AC_RUN_IFELSE( 4974 [AC_LANG_PROGRAM([[ 4975#include <stdio.h> 4976#include <stdlib.h> 4977#include <string.h> 4978#ifdef HAVE_PATHS_H 4979#include <paths.h> 4980#endif 4981#ifdef HAVE_MAILLOCK_H 4982#include <maillock.h> 4983#endif 4984#define DATA "conftest.maildir" 4985 ]], [[ 4986 FILE *fd; 4987 int rc; 4988 4989 fd = fopen(DATA,"w"); 4990 if(fd == NULL) 4991 exit(1); 4992 4993#if defined (_PATH_MAILDIR) 4994 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4995 exit(1); 4996#elif defined (MAILDIR) 4997 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4998 exit(1); 4999#elif defined (_PATH_MAIL) 5000 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 5001 exit(1); 5002#else 5003 exit (2); 5004#endif 5005 5006 exit(0); 5007 ]])], 5008 [ 5009 maildir_what=`awk -F: '{print $1}' conftest.maildir` 5010 maildir=`awk -F: '{print $2}' conftest.maildir \ 5011 | sed 's|/$||'` 5012 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 5013 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 5014 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5015 fi 5016 ], 5017 [ 5018 if test "X$ac_status" = "X2";then 5019# our test program didn't find it. Default to /var/spool/mail 5020 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5021 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5022 else 5023 AC_MSG_RESULT([*** not found ***]) 5024 fi 5025 ], 5026 [ 5027 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5028 ] 5029 ) 5030 fi 5031 ] 5032) # maildir 5033 5034if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5035 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5036 disable_ptmx_check=yes 5037fi 5038if test -z "$no_dev_ptmx" ; then 5039 if test "x$disable_ptmx_check" != "xyes" ; then 5040 AC_CHECK_FILE(["/dev/ptmx"], 5041 [ 5042 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5043 [Define if you have /dev/ptmx]) 5044 have_dev_ptmx=1 5045 ] 5046 ) 5047 fi 5048fi 5049 5050if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5051 AC_CHECK_FILE(["/dev/ptc"], 5052 [ 5053 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5054 [Define if you have /dev/ptc]) 5055 have_dev_ptc=1 5056 ] 5057 ) 5058else 5059 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5060fi 5061 5062# Options from here on. Some of these are preset by platform above 5063AC_ARG_WITH([mantype], 5064 [ --with-mantype=man|cat|doc Set man page type], 5065 [ 5066 case "$withval" in 5067 man|cat|doc) 5068 MANTYPE=$withval 5069 ;; 5070 *) 5071 AC_MSG_ERROR([invalid man type: $withval]) 5072 ;; 5073 esac 5074 ] 5075) 5076if test -z "$MANTYPE"; then 5077 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5078 MANTYPE=doc 5079 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5080 MANTYPE=doc 5081 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5082 MANTYPE=man 5083 else 5084 MANTYPE=cat 5085 fi 5086fi 5087AC_SUBST([MANTYPE]) 5088if test "$MANTYPE" = "doc"; then 5089 mansubdir=man; 5090else 5091 mansubdir=$MANTYPE; 5092fi 5093AC_SUBST([mansubdir]) 5094 5095# Whether to disable shadow password support 5096AC_ARG_WITH([shadow], 5097 [ --without-shadow Disable shadow password support], 5098 [ 5099 if test "x$withval" = "xno" ; then 5100 AC_DEFINE([DISABLE_SHADOW]) 5101 disable_shadow=yes 5102 fi 5103 ] 5104) 5105 5106if test -z "$disable_shadow" ; then 5107 AC_MSG_CHECKING([if the systems has expire shadow information]) 5108 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5109#include <sys/types.h> 5110#include <shadow.h> 5111struct spwd sp; 5112 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5113 [ sp_expire_available=yes ], [ 5114 ]) 5115 5116 if test "x$sp_expire_available" = "xyes" ; then 5117 AC_MSG_RESULT([yes]) 5118 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5119 [Define if you want to use shadow password expire field]) 5120 else 5121 AC_MSG_RESULT([no]) 5122 fi 5123fi 5124 5125# Use ip address instead of hostname in $DISPLAY 5126if test ! -z "$IPADDR_IN_DISPLAY" ; then 5127 DISPLAY_HACK_MSG="yes" 5128 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5129 [Define if you need to use IP address 5130 instead of hostname in $DISPLAY]) 5131else 5132 DISPLAY_HACK_MSG="no" 5133 AC_ARG_WITH([ipaddr-display], 5134 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5135 [ 5136 if test "x$withval" != "xno" ; then 5137 AC_DEFINE([IPADDR_IN_DISPLAY]) 5138 DISPLAY_HACK_MSG="yes" 5139 fi 5140 ] 5141 ) 5142fi 5143 5144# check for /etc/default/login and use it if present. 5145AC_ARG_ENABLE([etc-default-login], 5146 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5147 [ if test "x$enableval" = "xno"; then 5148 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5149 etc_default_login=no 5150 else 5151 etc_default_login=yes 5152 fi ], 5153 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5154 then 5155 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5156 etc_default_login=no 5157 else 5158 etc_default_login=yes 5159 fi ] 5160) 5161 5162if test "x$etc_default_login" != "xno"; then 5163 AC_CHECK_FILE(["/etc/default/login"], 5164 [ external_path_file=/etc/default/login ]) 5165 if test "x$external_path_file" = "x/etc/default/login"; then 5166 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5167 [Define if your system has /etc/default/login]) 5168 fi 5169fi 5170 5171dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5172if test $ac_cv_func_login_getcapbool = "yes" && \ 5173 test $ac_cv_header_login_cap_h = "yes" ; then 5174 external_path_file=/etc/login.conf 5175fi 5176 5177# Whether to mess with the default path 5178SERVER_PATH_MSG="(default)" 5179AC_ARG_WITH([default-path], 5180 [ --with-default-path= Specify default $PATH environment for server], 5181 [ 5182 if test "x$external_path_file" = "x/etc/login.conf" ; then 5183 AC_MSG_WARN([ 5184--with-default-path=PATH has no effect on this system. 5185Edit /etc/login.conf instead.]) 5186 elif test "x$withval" != "xno" ; then 5187 if test ! -z "$external_path_file" ; then 5188 AC_MSG_WARN([ 5189--with-default-path=PATH will only be used if PATH is not defined in 5190$external_path_file .]) 5191 fi 5192 user_path="$withval" 5193 SERVER_PATH_MSG="$withval" 5194 fi 5195 ], 5196 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5197 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5198 else 5199 if test ! -z "$external_path_file" ; then 5200 AC_MSG_WARN([ 5201If PATH is defined in $external_path_file, ensure the path to scp is included, 5202otherwise scp will not work.]) 5203 fi 5204 AC_RUN_IFELSE( 5205 [AC_LANG_PROGRAM([[ 5206/* find out what STDPATH is */ 5207#include <stdio.h> 5208#include <stdlib.h> 5209#ifdef HAVE_PATHS_H 5210# include <paths.h> 5211#endif 5212#ifndef _PATH_STDPATH 5213# ifdef _PATH_USERPATH /* Irix */ 5214# define _PATH_STDPATH _PATH_USERPATH 5215# else 5216# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5217# endif 5218#endif 5219#include <sys/types.h> 5220#include <sys/stat.h> 5221#include <fcntl.h> 5222#define DATA "conftest.stdpath" 5223 ]], [[ 5224 FILE *fd; 5225 int rc; 5226 5227 fd = fopen(DATA,"w"); 5228 if(fd == NULL) 5229 exit(1); 5230 5231 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5232 exit(1); 5233 5234 exit(0); 5235 ]])], 5236 [ user_path=`cat conftest.stdpath` ], 5237 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5238 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5239 ) 5240# make sure $bindir is in USER_PATH so scp will work 5241 t_bindir="${bindir}" 5242 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5243 t_bindir=`eval echo ${t_bindir}` 5244 case $t_bindir in 5245 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5246 esac 5247 case $t_bindir in 5248 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5249 esac 5250 done 5251 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5252 if test $? -ne 0 ; then 5253 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5254 if test $? -ne 0 ; then 5255 user_path=$user_path:$t_bindir 5256 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5257 fi 5258 fi 5259 fi ] 5260) 5261if test "x$external_path_file" != "x/etc/login.conf" ; then 5262 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5263 AC_SUBST([user_path]) 5264fi 5265 5266# Set superuser path separately to user path 5267AC_ARG_WITH([superuser-path], 5268 [ --with-superuser-path= Specify different path for super-user], 5269 [ 5270 if test -n "$withval" && test "x$withval" != "xno" && \ 5271 test "x${withval}" != "xyes"; then 5272 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5273 [Define if you want a different $PATH 5274 for the superuser]) 5275 superuser_path=$withval 5276 fi 5277 ] 5278) 5279 5280 5281AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5282IPV4_IN6_HACK_MSG="no" 5283AC_ARG_WITH(4in6, 5284 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5285 [ 5286 if test "x$withval" != "xno" ; then 5287 AC_MSG_RESULT([yes]) 5288 AC_DEFINE([IPV4_IN_IPV6], [1], 5289 [Detect IPv4 in IPv6 mapped addresses 5290 and treat as IPv4]) 5291 IPV4_IN6_HACK_MSG="yes" 5292 else 5293 AC_MSG_RESULT([no]) 5294 fi 5295 ], [ 5296 if test "x$inet6_default_4in6" = "xyes"; then 5297 AC_MSG_RESULT([yes (default)]) 5298 AC_DEFINE([IPV4_IN_IPV6]) 5299 IPV4_IN6_HACK_MSG="yes" 5300 else 5301 AC_MSG_RESULT([no (default)]) 5302 fi 5303 ] 5304) 5305 5306# Whether to enable BSD auth support 5307BSD_AUTH_MSG=no 5308AC_ARG_WITH([bsd-auth], 5309 [ --with-bsd-auth Enable BSD auth support], 5310 [ 5311 if test "x$withval" != "xno" ; then 5312 AC_DEFINE([BSD_AUTH], [1], 5313 [Define if you have BSD auth support]) 5314 BSD_AUTH_MSG=yes 5315 fi 5316 ] 5317) 5318 5319# Where to place sshd.pid 5320piddir=/var/run 5321# make sure the directory exists 5322if test ! -d $piddir ; then 5323 piddir=`eval echo ${sysconfdir}` 5324 case $piddir in 5325 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5326 esac 5327fi 5328 5329AC_ARG_WITH([pid-dir], 5330 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5331 [ 5332 if test -n "$withval" && test "x$withval" != "xno" && \ 5333 test "x${withval}" != "xyes"; then 5334 piddir=$withval 5335 if test ! -d $piddir ; then 5336 AC_MSG_WARN([** no $piddir directory on this system **]) 5337 fi 5338 fi 5339 ] 5340) 5341 5342AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5343 [Specify location of ssh.pid]) 5344AC_SUBST([piddir]) 5345 5346dnl allow user to disable some login recording features 5347AC_ARG_ENABLE([lastlog], 5348 [ --disable-lastlog disable use of lastlog even if detected [no]], 5349 [ 5350 if test "x$enableval" = "xno" ; then 5351 AC_DEFINE([DISABLE_LASTLOG]) 5352 fi 5353 ] 5354) 5355AC_ARG_ENABLE([utmp], 5356 [ --disable-utmp disable use of utmp even if detected [no]], 5357 [ 5358 if test "x$enableval" = "xno" ; then 5359 AC_DEFINE([DISABLE_UTMP]) 5360 fi 5361 ] 5362) 5363AC_ARG_ENABLE([utmpx], 5364 [ --disable-utmpx disable use of utmpx even if detected [no]], 5365 [ 5366 if test "x$enableval" = "xno" ; then 5367 AC_DEFINE([DISABLE_UTMPX], [1], 5368 [Define if you don't want to use utmpx]) 5369 fi 5370 ] 5371) 5372AC_ARG_ENABLE([wtmp], 5373 [ --disable-wtmp disable use of wtmp even if detected [no]], 5374 [ 5375 if test "x$enableval" = "xno" ; then 5376 AC_DEFINE([DISABLE_WTMP]) 5377 fi 5378 ] 5379) 5380AC_ARG_ENABLE([wtmpx], 5381 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5382 [ 5383 if test "x$enableval" = "xno" ; then 5384 AC_DEFINE([DISABLE_WTMPX], [1], 5385 [Define if you don't want to use wtmpx]) 5386 fi 5387 ] 5388) 5389AC_ARG_ENABLE([libutil], 5390 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5391 [ 5392 if test "x$enableval" = "xno" ; then 5393 AC_DEFINE([DISABLE_LOGIN]) 5394 fi 5395 ] 5396) 5397AC_ARG_ENABLE([pututline], 5398 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5399 [ 5400 if test "x$enableval" = "xno" ; then 5401 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5402 [Define if you don't want to use pututline() 5403 etc. to write [uw]tmp]) 5404 fi 5405 ] 5406) 5407AC_ARG_ENABLE([pututxline], 5408 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5409 [ 5410 if test "x$enableval" = "xno" ; then 5411 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5412 [Define if you don't want to use pututxline() 5413 etc. to write [uw]tmpx]) 5414 fi 5415 ] 5416) 5417AC_ARG_WITH([lastlog], 5418 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5419 [ 5420 if test "x$withval" = "xno" ; then 5421 AC_DEFINE([DISABLE_LASTLOG]) 5422 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5423 conf_lastlog_location=$withval 5424 fi 5425 ] 5426) 5427 5428dnl lastlog, [uw]tmpx? detection 5429dnl NOTE: set the paths in the platform section to avoid the 5430dnl need for command-line parameters 5431dnl lastlog and [uw]tmp are subject to a file search if all else fails 5432 5433dnl lastlog detection 5434dnl NOTE: the code itself will detect if lastlog is a directory 5435AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5436AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5437#include <sys/types.h> 5438#include <utmp.h> 5439#ifdef HAVE_LASTLOG_H 5440# include <lastlog.h> 5441#endif 5442#ifdef HAVE_PATHS_H 5443# include <paths.h> 5444#endif 5445#ifdef HAVE_LOGIN_H 5446# include <login.h> 5447#endif 5448 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5449 [ AC_MSG_RESULT([yes]) ], 5450 [ 5451 AC_MSG_RESULT([no]) 5452 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5453 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5454#include <sys/types.h> 5455#include <utmp.h> 5456#ifdef HAVE_LASTLOG_H 5457# include <lastlog.h> 5458#endif 5459#ifdef HAVE_PATHS_H 5460# include <paths.h> 5461#endif 5462 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5463 [ AC_MSG_RESULT([yes]) ], 5464 [ 5465 AC_MSG_RESULT([no]) 5466 system_lastlog_path=no 5467 ]) 5468]) 5469 5470if test -z "$conf_lastlog_location"; then 5471 if test x"$system_lastlog_path" = x"no" ; then 5472 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5473 if (test -d "$f" || test -f "$f") ; then 5474 conf_lastlog_location=$f 5475 fi 5476 done 5477 if test -z "$conf_lastlog_location"; then 5478 AC_MSG_WARN([** Cannot find lastlog **]) 5479 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5480 fi 5481 fi 5482fi 5483 5484if test -n "$conf_lastlog_location"; then 5485 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5486 [Define if you want to specify the path to your lastlog file]) 5487fi 5488 5489dnl utmp detection 5490AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5491AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5492#include <sys/types.h> 5493#include <utmp.h> 5494#ifdef HAVE_PATHS_H 5495# include <paths.h> 5496#endif 5497 ]], [[ char *utmp = UTMP_FILE; ]])], 5498 [ AC_MSG_RESULT([yes]) ], 5499 [ AC_MSG_RESULT([no]) 5500 system_utmp_path=no 5501]) 5502if test -z "$conf_utmp_location"; then 5503 if test x"$system_utmp_path" = x"no" ; then 5504 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5505 if test -f $f ; then 5506 conf_utmp_location=$f 5507 fi 5508 done 5509 if test -z "$conf_utmp_location"; then 5510 AC_DEFINE([DISABLE_UTMP]) 5511 fi 5512 fi 5513fi 5514if test -n "$conf_utmp_location"; then 5515 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5516 [Define if you want to specify the path to your utmp file]) 5517fi 5518 5519dnl wtmp detection 5520AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5521AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5522#include <sys/types.h> 5523#include <utmp.h> 5524#ifdef HAVE_PATHS_H 5525# include <paths.h> 5526#endif 5527 ]], [[ char *wtmp = WTMP_FILE; ]])], 5528 [ AC_MSG_RESULT([yes]) ], 5529 [ AC_MSG_RESULT([no]) 5530 system_wtmp_path=no 5531]) 5532if test -z "$conf_wtmp_location"; then 5533 if test x"$system_wtmp_path" = x"no" ; then 5534 for f in /usr/adm/wtmp /var/log/wtmp; do 5535 if test -f $f ; then 5536 conf_wtmp_location=$f 5537 fi 5538 done 5539 if test -z "$conf_wtmp_location"; then 5540 AC_DEFINE([DISABLE_WTMP]) 5541 fi 5542 fi 5543fi 5544if test -n "$conf_wtmp_location"; then 5545 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5546 [Define if you want to specify the path to your wtmp file]) 5547fi 5548 5549dnl wtmpx detection 5550AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5551AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5552#include <sys/types.h> 5553#include <utmp.h> 5554#ifdef HAVE_UTMPX_H 5555#include <utmpx.h> 5556#endif 5557#ifdef HAVE_PATHS_H 5558# include <paths.h> 5559#endif 5560 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5561 [ AC_MSG_RESULT([yes]) ], 5562 [ AC_MSG_RESULT([no]) 5563 system_wtmpx_path=no 5564]) 5565if test -z "$conf_wtmpx_location"; then 5566 if test x"$system_wtmpx_path" = x"no" ; then 5567 AC_DEFINE([DISABLE_WTMPX]) 5568 fi 5569else 5570 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5571 [Define if you want to specify the path to your wtmpx file]) 5572fi 5573 5574 5575if test ! -z "$blibpath" ; then 5576 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5577 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5578fi 5579 5580AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5581 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5582 AC_DEFINE([DISABLE_LASTLOG]) 5583 fi 5584 ], [ 5585#ifdef HAVE_SYS_TYPES_H 5586#include <sys/types.h> 5587#endif 5588#ifdef HAVE_UTMP_H 5589#include <utmp.h> 5590#endif 5591#ifdef HAVE_UTMPX_H 5592#include <utmpx.h> 5593#endif 5594#ifdef HAVE_LASTLOG_H 5595#include <lastlog.h> 5596#endif 5597 ]) 5598 5599AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5600 AC_DEFINE([DISABLE_UTMP]) 5601 AC_DEFINE([DISABLE_WTMP]) 5602 ], [ 5603#ifdef HAVE_SYS_TYPES_H 5604#include <sys/types.h> 5605#endif 5606#ifdef HAVE_UTMP_H 5607#include <utmp.h> 5608#endif 5609#ifdef HAVE_UTMPX_H 5610#include <utmpx.h> 5611#endif 5612#ifdef HAVE_LASTLOG_H 5613#include <lastlog.h> 5614#endif 5615 ]) 5616 5617dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5618dnl Add now. 5619CFLAGS="$CFLAGS $werror_flags" 5620 5621if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5622 TEST_SSH_IPV6=no 5623else 5624 TEST_SSH_IPV6=yes 5625fi 5626AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5627AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5628AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5629AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5630AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5631AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5632 5633CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5634LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5635 5636# Make a copy of CFLAGS/LDFLAGS without PIE options. 5637LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5638CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5639AC_SUBST([LDFLAGS_NOPIE]) 5640AC_SUBST([CFLAGS_NOPIE]) 5641 5642AC_EXEEXT 5643AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5644 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5645 survey.sh]) 5646AC_OUTPUT 5647 5648# Print summary of options 5649 5650# Someone please show me a better way :) 5651A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5652B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5653C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5654D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5655E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5656F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5657G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5658H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5659I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5660J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5661 5662echo "" 5663echo "OpenSSH has been configured with the following options:" 5664echo " User binaries: $B" 5665echo " System binaries: $C" 5666echo " Configuration files: $D" 5667echo " Askpass program: $E" 5668echo " Manual pages: $F" 5669echo " PID file: $G" 5670echo " Privilege separation chroot path: $H" 5671if test "x$external_path_file" = "x/etc/login.conf" ; then 5672echo " At runtime, sshd will use the path defined in $external_path_file" 5673echo " Make sure the path to scp is present, otherwise scp will not work" 5674else 5675echo " sshd default user PATH: $I" 5676 if test ! -z "$external_path_file"; then 5677echo " (If PATH is set in $external_path_file it will be used instead. If" 5678echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5679 fi 5680fi 5681if test ! -z "$superuser_path" ; then 5682echo " sshd superuser user PATH: $J" 5683fi 5684echo " Manpage format: $MANTYPE" 5685echo " PAM support: $PAM_MSG" 5686echo " OSF SIA support: $SIA_MSG" 5687echo " KerberosV support: $KRB5_MSG" 5688echo " SELinux support: $SELINUX_MSG" 5689echo " TCP Wrappers support: $TCPW_MSG" 5690echo " libedit support: $LIBEDIT_MSG" 5691echo " libldns support: $LDNS_MSG" 5692echo " Solaris process contract support: $SPC_MSG" 5693echo " Solaris project support: $SP_MSG" 5694echo " Solaris privilege support: $SPP_MSG" 5695echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5696echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5697echo " BSD Auth support: $BSD_AUTH_MSG" 5698echo " Random number source: $RAND_MSG" 5699echo " Privsep sandbox style: $SANDBOX_STYLE" 5700echo " PKCS#11 support: $enable_pkcs11" 5701echo " U2F/FIDO support: $enable_sk" 5702 5703echo "" 5704 5705echo " Host: ${host}" 5706echo " Compiler: ${CC}" 5707echo " Compiler flags: ${CFLAGS}" 5708echo "Preprocessor flags: ${CPPFLAGS}" 5709echo " Linker flags: ${LDFLAGS}" 5710echo " Libraries: ${LIBS}" 5711if test ! -z "${CHANNELLIBS}"; then 5712echo " +for channels: ${CHANNELLIBS}" 5713fi 5714if test ! -z "${LIBFIDO2}"; then 5715echo " +for FIDO2: ${LIBFIDO2}" 5716fi 5717if test ! -z "${SSHDLIBS}"; then 5718echo " +for sshd: ${SSHDLIBS}" 5719fi 5720 5721echo "" 5722 5723if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5724 echo "SVR4 style packages are supported with \"make package\"" 5725 echo "" 5726fi 5727 5728if test "x$PAM_MSG" = "xyes" ; then 5729 echo "PAM is enabled. You may need to install a PAM control file " 5730 echo "for sshd, otherwise password authentication may fail. " 5731 echo "Example PAM control files can be found in the contrib/ " 5732 echo "subdirectory" 5733 echo "" 5734fi 5735 5736if test ! -z "$NO_PEERCHECK" ; then 5737 echo "WARNING: the operating system that you are using does not" 5738 echo "appear to support getpeereid(), getpeerucred() or the" 5739 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5740 echo "enforce security checks to prevent unauthorised connections to" 5741 echo "ssh-agent. Their absence increases the risk that a malicious" 5742 echo "user can connect to your agent." 5743 echo "" 5744fi 5745 5746if test "$AUDIT_MODULE" = "bsm" ; then 5747 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5748 echo "See the Solaris section in README.platform for details." 5749fi 5750