1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ 2# $FreeBSD$ 3# 4# Copyright (c) 1999-2004 Damien Miller 5# 6# Permission to use, copy, modify, and distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 19AC_REVISION($Revision: 1.583 $) 20AC_CONFIG_SRCDIR([ssh.c]) 21AC_LANG([C]) 22 23AC_CONFIG_HEADER([config.h]) 24AC_PROG_CC 25AC_CANONICAL_HOST 26AC_C_BIGENDIAN 27 28# Checks for programs. 29AC_PROG_AWK 30AC_PROG_CPP 31AC_PROG_RANLIB 32AC_PROG_INSTALL 33AC_PROG_EGREP 34AC_CHECK_TOOLS([AR], [ar]) 35AC_PATH_PROG([CAT], [cat]) 36AC_PATH_PROG([KILL], [kill]) 37AC_PATH_PROGS([PERL], [perl5 perl]) 38AC_PATH_PROG([SED], [sed]) 39AC_SUBST([PERL]) 40AC_PATH_PROG([ENT], [ent]) 41AC_SUBST([ENT]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 44AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 45AC_PATH_PROG([SH], [sh]) 46AC_PATH_PROG([GROFF], [groff]) 47AC_PATH_PROG([NROFF], [nroff]) 48AC_PATH_PROG([MANDOC], [mandoc]) 49AC_SUBST([TEST_SHELL], [sh]) 50 51dnl select manpage formatter 52if test "x$MANDOC" != "x" ; then 53 MANFMT="$MANDOC" 54elif test "x$NROFF" != "x" ; then 55 MANFMT="$NROFF -mandoc" 56elif test "x$GROFF" != "x" ; then 57 MANFMT="$GROFF -mandoc -Tascii" 58else 59 AC_MSG_WARN([no manpage formatted found]) 60 MANFMT="false" 61fi 62AC_SUBST([MANFMT]) 63 64dnl for buildpkg.sh 65AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 66 [/usr/sbin${PATH_SEPARATOR}/etc]) 67AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 68 [/usr/sbin${PATH_SEPARATOR}/etc]) 69AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 70if test -x /sbin/sh; then 71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 72else 73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 74fi 75 76# System features 77AC_SYS_LARGEFILE 78 79if test -z "$AR" ; then 80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 81fi 82 83AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 84if test ! -z "$PATH_PASSWD_PROG" ; then 85 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 86 [Full path of your "passwd" program]) 87fi 88 89if test -z "$LD" ; then 90 LD=$CC 91fi 92AC_SUBST([LD]) 93 94AC_C_INLINE 95 96AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 97AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 98 #include <sys/types.h> 99 #include <sys/param.h> 100 #include <dev/systrace.h> 101]) 102AC_CHECK_DECL([RLIMIT_NPROC], 103 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 104 #include <sys/types.h> 105 #include <sys/resource.h> 106]) 107AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 108 #include <sys/types.h> 109 #include <linux/prctl.h> 110]) 111 112openssl=yes 113ssh1=no 114COMMENT_OUT_RSA1="#no ssh1#" 115AC_ARG_WITH([openssl], 116 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 117 [ if test "x$withval" = "xno" ; then 118 openssl=no 119 ssh1=no 120 fi 121 ] 122) 123AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 124if test "x$openssl" = "xyes" ; then 125 AC_MSG_RESULT([yes]) 126 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 127else 128 AC_MSG_RESULT([no]) 129fi 130 131AC_ARG_WITH([ssh1], 132 [ --with-ssh1 Enable support for SSH protocol 1], 133 [ 134 if test "x$withval" = "xyes" ; then 135 if test "x$openssl" = "xno" ; then 136 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) 137 fi 138 ssh1=yes 139 COMMENT_OUT_RSA1="" 140 elif test "x$withval" = "xno" ; then 141 ssh1=no 142 else 143 AC_MSG_ERROR([unknown --with-ssh1 argument]) 144 fi 145 ] 146) 147AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) 148if test "x$ssh1" = "xyes" ; then 149 AC_MSG_RESULT([yes]) 150 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) 151 AC_SUBST([COMMENT_OUT_RSA1]) 152else 153 AC_MSG_RESULT([no]) 154fi 155 156use_stack_protector=1 157use_toolchain_hardening=1 158AC_ARG_WITH([stackprotect], 159 [ --without-stackprotect Don't use compiler's stack protection], [ 160 if test "x$withval" = "xno"; then 161 use_stack_protector=0 162 fi ]) 163AC_ARG_WITH([hardening], 164 [ --without-hardening Don't use toolchain hardening flags], [ 165 if test "x$withval" = "xno"; then 166 use_toolchain_hardening=0 167 fi ]) 168 169# We use -Werror for the tests only so that we catch warnings like "this is 170# on by default" for things like -fPIE. 171AC_MSG_CHECKING([if $CC supports -Werror]) 172saved_CFLAGS="$CFLAGS" 173CFLAGS="$CFLAGS -Werror" 174AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 175 [ AC_MSG_RESULT([yes]) 176 WERROR="-Werror"], 177 [ AC_MSG_RESULT([no]) 178 WERROR="" ] 179) 180CFLAGS="$saved_CFLAGS" 181 182if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 183 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 184 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 185 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 186 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 187 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 188 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 189 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 190 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 191 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 192 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 193 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 194 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 195 if test "x$use_toolchain_hardening" = "x1"; then 196 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 197 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 198 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 199 # NB. -ftrapv expects certain support functions to be present in 200 # the compiler library (libgcc or similar) to detect integer operations 201 # that can overflow. We must check that the result of enabling it 202 # actually links. The test program compiled/linked includes a number 203 # of integer operations that should exercise this. 204 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 205 fi 206 AC_MSG_CHECKING([gcc version]) 207 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 208 case $GCC_VER in 209 1.*) no_attrib_nonnull=1 ;; 210 2.8* | 2.9*) 211 no_attrib_nonnull=1 212 ;; 213 2.*) no_attrib_nonnull=1 ;; 214 *) ;; 215 esac 216 AC_MSG_RESULT([$GCC_VER]) 217 218 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 219 saved_CFLAGS="$CFLAGS" 220 CFLAGS="$CFLAGS -fno-builtin-memset" 221 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 222 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 223 [ AC_MSG_RESULT([yes]) ], 224 [ AC_MSG_RESULT([no]) 225 CFLAGS="$saved_CFLAGS" ] 226 ) 227 228 # -fstack-protector-all doesn't always work for some GCC versions 229 # and/or platforms, so we test if we can. If it's not supported 230 # on a given platform gcc will emit a warning so we use -Werror. 231 if test "x$use_stack_protector" = "x1"; then 232 for t in -fstack-protector-strong -fstack-protector-all \ 233 -fstack-protector; do 234 AC_MSG_CHECKING([if $CC supports $t]) 235 saved_CFLAGS="$CFLAGS" 236 saved_LDFLAGS="$LDFLAGS" 237 CFLAGS="$CFLAGS $t -Werror" 238 LDFLAGS="$LDFLAGS $t -Werror" 239 AC_LINK_IFELSE( 240 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 241 [[ 242 char x[256]; 243 snprintf(x, sizeof(x), "XXX"); 244 ]])], 245 [ AC_MSG_RESULT([yes]) 246 CFLAGS="$saved_CFLAGS $t" 247 LDFLAGS="$saved_LDFLAGS $t" 248 AC_MSG_CHECKING([if $t works]) 249 AC_RUN_IFELSE( 250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 251 [[ 252 char x[256]; 253 snprintf(x, sizeof(x), "XXX"); 254 ]])], 255 [ AC_MSG_RESULT([yes]) 256 break ], 257 [ AC_MSG_RESULT([no]) ], 258 [ AC_MSG_WARN([cross compiling: cannot test]) 259 break ] 260 ) 261 ], 262 [ AC_MSG_RESULT([no]) ] 263 ) 264 CFLAGS="$saved_CFLAGS" 265 LDFLAGS="$saved_LDFLAGS" 266 done 267 fi 268 269 if test -z "$have_llong_max"; then 270 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 271 unset ac_cv_have_decl_LLONG_MAX 272 saved_CFLAGS="$CFLAGS" 273 CFLAGS="$CFLAGS -std=gnu99" 274 AC_CHECK_DECL([LLONG_MAX], 275 [have_llong_max=1], 276 [CFLAGS="$saved_CFLAGS"], 277 [#include <limits.h>] 278 ) 279 fi 280fi 281 282AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 283AC_COMPILE_IFELSE( 284 [AC_LANG_PROGRAM([[ 285#include <stdlib.h> 286__attribute__((__unused__)) static void foo(void){return;}]], 287 [[ exit(0); ]])], 288 [ AC_MSG_RESULT([yes]) ], 289 [ AC_MSG_RESULT([no]) 290 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 291 [compiler does not accept __attribute__ on return types]) ] 292) 293 294if test "x$no_attrib_nonnull" != "x1" ; then 295 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 296fi 297 298AC_ARG_WITH([rpath], 299 [ --without-rpath Disable auto-added -R linker paths], 300 [ 301 if test "x$withval" = "xno" ; then 302 need_dash_r="" 303 fi 304 if test "x$withval" = "xyes" ; then 305 need_dash_r=1 306 fi 307 ] 308) 309 310# Allow user to specify flags 311AC_ARG_WITH([cflags], 312 [ --with-cflags Specify additional flags to pass to compiler], 313 [ 314 if test -n "$withval" && test "x$withval" != "xno" && \ 315 test "x${withval}" != "xyes"; then 316 CFLAGS="$CFLAGS $withval" 317 fi 318 ] 319) 320AC_ARG_WITH([cppflags], 321 [ --with-cppflags Specify additional flags to pass to preprocessor] , 322 [ 323 if test -n "$withval" && test "x$withval" != "xno" && \ 324 test "x${withval}" != "xyes"; then 325 CPPFLAGS="$CPPFLAGS $withval" 326 fi 327 ] 328) 329AC_ARG_WITH([ldflags], 330 [ --with-ldflags Specify additional flags to pass to linker], 331 [ 332 if test -n "$withval" && test "x$withval" != "xno" && \ 333 test "x${withval}" != "xyes"; then 334 LDFLAGS="$LDFLAGS $withval" 335 fi 336 ] 337) 338AC_ARG_WITH([libs], 339 [ --with-libs Specify additional libraries to link with], 340 [ 341 if test -n "$withval" && test "x$withval" != "xno" && \ 342 test "x${withval}" != "xyes"; then 343 LIBS="$LIBS $withval" 344 fi 345 ] 346) 347AC_ARG_WITH([Werror], 348 [ --with-Werror Build main code with -Werror], 349 [ 350 if test -n "$withval" && test "x$withval" != "xno"; then 351 werror_flags="-Werror" 352 if test "x${withval}" != "xyes"; then 353 werror_flags="$withval" 354 fi 355 fi 356 ] 357) 358 359AC_CHECK_HEADERS([ \ 360 blf.h \ 361 bstring.h \ 362 crypt.h \ 363 crypto/sha2.h \ 364 dirent.h \ 365 endian.h \ 366 elf.h \ 367 err.h \ 368 features.h \ 369 fcntl.h \ 370 floatingpoint.h \ 371 getopt.h \ 372 glob.h \ 373 ia.h \ 374 iaf.h \ 375 inttypes.h \ 376 langinfo.h \ 377 limits.h \ 378 locale.h \ 379 login.h \ 380 maillock.h \ 381 ndir.h \ 382 net/if_tun.h \ 383 netdb.h \ 384 netgroup.h \ 385 pam/pam_appl.h \ 386 paths.h \ 387 poll.h \ 388 pty.h \ 389 readpassphrase.h \ 390 rpc/types.h \ 391 security/pam_appl.h \ 392 sha2.h \ 393 shadow.h \ 394 stddef.h \ 395 stdint.h \ 396 string.h \ 397 strings.h \ 398 sys/audit.h \ 399 sys/bitypes.h \ 400 sys/bsdtty.h \ 401 sys/cdefs.h \ 402 sys/dir.h \ 403 sys/mman.h \ 404 sys/ndir.h \ 405 sys/poll.h \ 406 sys/prctl.h \ 407 sys/pstat.h \ 408 sys/ptrace.h \ 409 sys/select.h \ 410 sys/stat.h \ 411 sys/stream.h \ 412 sys/stropts.h \ 413 sys/strtio.h \ 414 sys/statvfs.h \ 415 sys/sysmacros.h \ 416 sys/time.h \ 417 sys/timers.h \ 418 time.h \ 419 tmpdir.h \ 420 ttyent.h \ 421 ucred.h \ 422 unistd.h \ 423 usersec.h \ 424 util.h \ 425 utime.h \ 426 utmp.h \ 427 utmpx.h \ 428 vis.h \ 429 wchar.h \ 430]) 431 432# sys/capsicum.h requires sys/types.h 433AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 434#ifdef HAVE_SYS_TYPES_H 435# include <sys/types.h> 436#endif 437]) 438 439# lastlog.h requires sys/time.h to be included first on Solaris 440AC_CHECK_HEADERS([lastlog.h], [], [], [ 441#ifdef HAVE_SYS_TIME_H 442# include <sys/time.h> 443#endif 444]) 445 446# sys/ptms.h requires sys/stream.h to be included first on Solaris 447AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 448#ifdef HAVE_SYS_STREAM_H 449# include <sys/stream.h> 450#endif 451]) 452 453# login_cap.h requires sys/types.h on NetBSD 454AC_CHECK_HEADERS([login_cap.h], [], [], [ 455#include <sys/types.h> 456]) 457 458# older BSDs need sys/param.h before sys/mount.h 459AC_CHECK_HEADERS([sys/mount.h], [], [], [ 460#include <sys/param.h> 461]) 462 463# Android requires sys/socket.h to be included before sys/un.h 464AC_CHECK_HEADERS([sys/un.h], [], [], [ 465#include <sys/types.h> 466#include <sys/socket.h> 467]) 468 469# Messages for features tested for in target-specific section 470SIA_MSG="no" 471SPC_MSG="no" 472SP_MSG="no" 473SPP_MSG="no" 474 475# Support for Solaris/Illumos privileges (this test is used by both 476# the --with-solaris-privs option and --with-sandbox=solaris). 477SOLARIS_PRIVS="no" 478 479# Check for some target-specific stuff 480case "$host" in 481*-*-aix*) 482 # Some versions of VAC won't allow macro redefinitions at 483 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 484 # particularly with older versions of vac or xlc. 485 # It also throws errors about null macro argments, but these are 486 # not fatal. 487 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 488 AC_COMPILE_IFELSE( 489 [AC_LANG_PROGRAM([[ 490#define testmacro foo 491#define testmacro bar]], 492 [[ exit(0); ]])], 493 [ AC_MSG_RESULT([yes]) ], 494 [ AC_MSG_RESULT([no]) 495 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 496 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 497 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 498 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 499 ] 500 ) 501 502 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 503 if (test -z "$blibpath"); then 504 blibpath="/usr/lib:/lib" 505 fi 506 saved_LDFLAGS="$LDFLAGS" 507 if test "$GCC" = "yes"; then 508 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 509 else 510 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 511 fi 512 for tryflags in $flags ;do 513 if (test -z "$blibflags"); then 514 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 515 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 516 [blibflags=$tryflags], []) 517 fi 518 done 519 if (test -z "$blibflags"); then 520 AC_MSG_RESULT([not found]) 521 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 522 else 523 AC_MSG_RESULT([$blibflags]) 524 fi 525 LDFLAGS="$saved_LDFLAGS" 526 dnl Check for authenticate. Might be in libs.a on older AIXes 527 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 528 [Define if you want to enable AIX4's authenticate function])], 529 [AC_CHECK_LIB([s], [authenticate], 530 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 531 LIBS="$LIBS -ls" 532 ]) 533 ]) 534 dnl Check for various auth function declarations in headers. 535 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 536 passwdexpired, setauthdb], , , [#include <usersec.h>]) 537 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 538 AC_CHECK_DECLS([loginfailed], 539 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 540 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 541 [[ (void)loginfailed("user","host","tty",0); ]])], 542 [AC_MSG_RESULT([yes]) 543 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 544 [Define if your AIX loginfailed() function 545 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 546 ])], 547 [], 548 [#include <usersec.h>] 549 ) 550 AC_CHECK_FUNCS([getgrset setauthdb]) 551 AC_CHECK_DECL([F_CLOSEM], 552 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 553 [], 554 [ #include <limits.h> 555 #include <fcntl.h> ] 556 ) 557 check_for_aix_broken_getaddrinfo=1 558 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 559 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 560 [Define if your platform breaks doing a seteuid before a setuid]) 561 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 562 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 563 dnl AIX handles lastlog as part of its login message 564 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 565 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 566 [Some systems need a utmpx entry for /bin/login to work]) 567 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 568 [Define to a Set Process Title type if your system is 569 supported by bsd-setproctitle.c]) 570 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 571 [AIX 5.2 and 5.3 (and presumably newer) require this]) 572 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 573 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 574 ;; 575*-*-android*) 576 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 577 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 578 ;; 579*-*-cygwin*) 580 check_for_libcrypt_later=1 581 LIBS="$LIBS /usr/lib/textreadmode.o" 582 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 583 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 584 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 585 [Define to disable UID restoration test]) 586 AC_DEFINE([DISABLE_SHADOW], [1], 587 [Define if you want to disable shadow passwords]) 588 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 589 [Define if X11 doesn't support AF_UNIX sockets on that system]) 590 AC_DEFINE([DISABLE_FD_PASSING], [1], 591 [Define if your platform needs to skip post auth 592 file descriptor passing]) 593 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 594 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 595 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 596 # reasons which cause compile warnings, so we disable those warnings. 597 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 598 ;; 599*-*-dgux*) 600 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 601 [Define if your system choked on IP TOS setting]) 602 AC_DEFINE([SETEUID_BREAKS_SETUID]) 603 AC_DEFINE([BROKEN_SETREUID]) 604 AC_DEFINE([BROKEN_SETREGID]) 605 ;; 606*-*-darwin*) 607 use_pie=auto 608 AC_MSG_CHECKING([if we have working getaddrinfo]) 609 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 610main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 611 exit(0); 612 else 613 exit(1); 614} 615 ]])], 616 [AC_MSG_RESULT([working])], 617 [AC_MSG_RESULT([buggy]) 618 AC_DEFINE([BROKEN_GETADDRINFO], [1], 619 [getaddrinfo is broken (if present)]) 620 ], 621 [AC_MSG_RESULT([assume it is working])]) 622 AC_DEFINE([SETEUID_BREAKS_SETUID]) 623 AC_DEFINE([BROKEN_SETREUID]) 624 AC_DEFINE([BROKEN_SETREGID]) 625 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 626 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 627 [Define if your resolver libs need this for getrrsetbyname]) 628 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 629 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 630 [Use tunnel device compatibility to OpenBSD]) 631 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 632 [Prepend the address family to IP tunnel traffic]) 633 m4_pattern_allow([AU_IPv]) 634 AC_CHECK_DECL([AU_IPv4], [], 635 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 636 [#include <bsm/audit.h>] 637 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 638 [Define if pututxline updates lastlog too]) 639 ) 640 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 641 [Define to a Set Process Title type if your system is 642 supported by bsd-setproctitle.c]) 643 AC_CHECK_FUNCS([sandbox_init]) 644 AC_CHECK_HEADERS([sandbox.h]) 645 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 646 SSHDLIBS="$SSHDLIBS -lsandbox" 647 ]) 648 ;; 649*-*-dragonfly*) 650 SSHDLIBS="$SSHDLIBS -lcrypt" 651 TEST_MALLOC_OPTIONS="AFGJPRX" 652 ;; 653*-*-haiku*) 654 LIBS="$LIBS -lbsd " 655 AC_CHECK_LIB([network], [socket]) 656 AC_DEFINE([HAVE_U_INT64_T]) 657 MANTYPE=man 658 ;; 659*-*-hpux*) 660 # first we define all of the options common to all HP-UX releases 661 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 662 IPADDR_IN_DISPLAY=yes 663 AC_DEFINE([USE_PIPES]) 664 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 665 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 666 [String used in /etc/passwd to denote locked account]) 667 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 668 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 669 maildir="/var/mail" 670 LIBS="$LIBS -lsec" 671 AC_CHECK_LIB([xnet], [t_error], , 672 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 673 674 # next, we define all of the options specific to major releases 675 case "$host" in 676 *-*-hpux10*) 677 if test -z "$GCC"; then 678 CFLAGS="$CFLAGS -Ae" 679 fi 680 ;; 681 *-*-hpux11*) 682 AC_DEFINE([PAM_SUN_CODEBASE], [1], 683 [Define if you are using Solaris-derived PAM which 684 passes pam_messages to the conversation function 685 with an extra level of indirection]) 686 AC_DEFINE([DISABLE_UTMP], [1], 687 [Define if you don't want to use utmp]) 688 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 689 check_for_hpux_broken_getaddrinfo=1 690 check_for_conflicting_getspnam=1 691 ;; 692 esac 693 694 # lastly, we define options specific to minor releases 695 case "$host" in 696 *-*-hpux10.26) 697 AC_DEFINE([HAVE_SECUREWARE], [1], 698 [Define if you have SecureWare-based 699 protected password database]) 700 disable_ptmx_check=yes 701 LIBS="$LIBS -lsecpw" 702 ;; 703 esac 704 ;; 705*-*-irix5*) 706 PATH="$PATH:/usr/etc" 707 AC_DEFINE([BROKEN_INET_NTOA], [1], 708 [Define if you system's inet_ntoa is busted 709 (e.g. Irix gcc issue)]) 710 AC_DEFINE([SETEUID_BREAKS_SETUID]) 711 AC_DEFINE([BROKEN_SETREUID]) 712 AC_DEFINE([BROKEN_SETREGID]) 713 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 714 [Define if you shouldn't strip 'tty' from your 715 ttyname in [uw]tmp]) 716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 717 ;; 718*-*-irix6*) 719 PATH="$PATH:/usr/etc" 720 AC_DEFINE([WITH_IRIX_ARRAY], [1], 721 [Define if you have/want arrays 722 (cluster-wide session managment, not C arrays)]) 723 AC_DEFINE([WITH_IRIX_PROJECT], [1], 724 [Define if you want IRIX project management]) 725 AC_DEFINE([WITH_IRIX_AUDIT], [1], 726 [Define if you want IRIX audit trails]) 727 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 728 [Define if you want IRIX kernel jobs])]) 729 AC_DEFINE([BROKEN_INET_NTOA]) 730 AC_DEFINE([SETEUID_BREAKS_SETUID]) 731 AC_DEFINE([BROKEN_SETREUID]) 732 AC_DEFINE([BROKEN_SETREGID]) 733 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 734 AC_DEFINE([WITH_ABBREV_NO_TTY]) 735 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 736 ;; 737*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 738 check_for_libcrypt_later=1 739 AC_DEFINE([PAM_TTY_KLUDGE]) 740 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 741 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 742 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 743 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 744 ;; 745*-*-linux*) 746 no_dev_ptmx=1 747 use_pie=auto 748 check_for_libcrypt_later=1 749 check_for_openpty_ctty_bug=1 750 AC_DEFINE([PAM_TTY_KLUDGE], [1], 751 [Work around problematic Linux PAM modules handling of PAM_TTY]) 752 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 753 [String used in /etc/passwd to denote locked account]) 754 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 755 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 756 [Define to whatever link() returns for "not supported" 757 if it doesn't return EOPNOTSUPP.]) 758 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 759 AC_DEFINE([USE_BTMP]) 760 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 761 inet6_default_4in6=yes 762 case `uname -r` in 763 1.*|2.0.*) 764 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 765 [Define if cmsg_type is not passed correctly]) 766 ;; 767 esac 768 # tun(4) forwarding compat code 769 AC_CHECK_HEADERS([linux/if_tun.h]) 770 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 771 AC_DEFINE([SSH_TUN_LINUX], [1], 772 [Open tunnel devices the Linux tun/tap way]) 773 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 774 [Use tunnel device compatibility to OpenBSD]) 775 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 776 [Prepend the address family to IP tunnel traffic]) 777 fi 778 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 779 [], [#include <linux/types.h>]) 780 AC_MSG_CHECKING([for seccomp architecture]) 781 seccomp_audit_arch= 782 case "$host" in 783 x86_64-*) 784 seccomp_audit_arch=AUDIT_ARCH_X86_64 785 ;; 786 i*86-*) 787 seccomp_audit_arch=AUDIT_ARCH_I386 788 ;; 789 arm*-*) 790 seccomp_audit_arch=AUDIT_ARCH_ARM 791 ;; 792 aarch64*-*) 793 seccomp_audit_arch=AUDIT_ARCH_AARCH64 794 ;; 795 s390x-*) 796 seccomp_audit_arch=AUDIT_ARCH_S390X 797 ;; 798 s390-*) 799 seccomp_audit_arch=AUDIT_ARCH_S390 800 ;; 801 powerpc64-*) 802 seccomp_audit_arch=AUDIT_ARCH_PPC64 803 ;; 804 powerpc64le-*) 805 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 806 ;; 807 mips-*) 808 seccomp_audit_arch=AUDIT_ARCH_MIPS 809 ;; 810 mipsel-*) 811 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 812 ;; 813 mips64-*) 814 seccomp_audit_arch=AUDIT_ARCH_MIPS64 815 ;; 816 mips64el-*) 817 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 818 ;; 819 esac 820 if test "x$seccomp_audit_arch" != "x" ; then 821 AC_MSG_RESULT(["$seccomp_audit_arch"]) 822 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 823 [Specify the system call convention in use]) 824 else 825 AC_MSG_RESULT([architecture not supported]) 826 fi 827 ;; 828mips-sony-bsd|mips-sony-newsos4) 829 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 830 SONY=1 831 ;; 832*-*-netbsd*) 833 check_for_libcrypt_before=1 834 if test "x$withval" != "xno" ; then 835 need_dash_r=1 836 fi 837 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 838 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 839 AC_CHECK_HEADER([net/if_tap.h], , 840 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 841 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 842 [Prepend the address family to IP tunnel traffic]) 843 TEST_MALLOC_OPTIONS="AJRX" 844 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 845 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 846 ;; 847*-*-freebsd*) 848 check_for_libcrypt_later=1 849 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 850 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 851 AC_CHECK_HEADER([net/if_tap.h], , 852 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 853 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 854 TEST_MALLOC_OPTIONS="AJRX" 855 # Preauth crypto occasionally uses file descriptors for crypto offload 856 # and will crash if they cannot be opened. 857 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 858 [define if setrlimit RLIMIT_NOFILE breaks things]) 859 ;; 860*-*-bsdi*) 861 AC_DEFINE([SETEUID_BREAKS_SETUID]) 862 AC_DEFINE([BROKEN_SETREUID]) 863 AC_DEFINE([BROKEN_SETREGID]) 864 ;; 865*-next-*) 866 conf_lastlog_location="/usr/adm/lastlog" 867 conf_utmp_location=/etc/utmp 868 conf_wtmp_location=/usr/adm/wtmp 869 maildir=/usr/spool/mail 870 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 871 AC_DEFINE([BROKEN_REALPATH]) 872 AC_DEFINE([USE_PIPES]) 873 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 874 ;; 875*-*-openbsd*) 876 use_pie=auto 877 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 878 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 879 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 880 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 881 [syslog_r function is safe to use in in a signal handler]) 882 TEST_MALLOC_OPTIONS="AFGJPRX" 883 ;; 884*-*-solaris*) 885 if test "x$withval" != "xno" ; then 886 need_dash_r=1 887 fi 888 AC_DEFINE([PAM_SUN_CODEBASE]) 889 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 890 AC_DEFINE([PAM_TTY_KLUDGE]) 891 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 892 [Define if pam_chauthtok wants real uid set 893 to the unpriv'ed user]) 894 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 895 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 896 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 897 [Define if sshd somehow reacquires a controlling TTY 898 after setsid()]) 899 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 900 in case the name is longer than 8 chars]) 901 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 902 external_path_file=/etc/default/login 903 # hardwire lastlog location (can't detect it on some versions) 904 conf_lastlog_location="/var/adm/lastlog" 905 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 906 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 907 if test "$sol2ver" -ge 8; then 908 AC_MSG_RESULT([yes]) 909 AC_DEFINE([DISABLE_UTMP]) 910 AC_DEFINE([DISABLE_WTMP], [1], 911 [Define if you don't want to use wtmp]) 912 else 913 AC_MSG_RESULT([no]) 914 fi 915 AC_CHECK_FUNCS([setpflags]) 916 AC_CHECK_FUNCS([setppriv]) 917 AC_CHECK_FUNCS([priv_basicset]) 918 AC_CHECK_HEADERS([priv.h]) 919 AC_ARG_WITH([solaris-contracts], 920 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 921 [ 922 AC_CHECK_LIB([contract], [ct_tmpl_activate], 923 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 924 [Define if you have Solaris process contracts]) 925 LIBS="$LIBS -lcontract" 926 SPC_MSG="yes" ], ) 927 ], 928 ) 929 AC_ARG_WITH([solaris-projects], 930 [ --with-solaris-projects Enable Solaris projects (experimental)], 931 [ 932 AC_CHECK_LIB([project], [setproject], 933 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 934 [Define if you have Solaris projects]) 935 LIBS="$LIBS -lproject" 936 SP_MSG="yes" ], ) 937 ], 938 ) 939 AC_ARG_WITH([solaris-privs], 940 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 941 [ 942 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 943 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 944 "x$ac_cv_header_priv_h" = "xyes" ; then 945 SOLARIS_PRIVS=yes 946 AC_MSG_RESULT([found]) 947 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 948 [Define to disable UID restoration test]) 949 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 950 [Define if you have Solaris privileges]) 951 SPP_MSG="yes" 952 else 953 AC_MSG_RESULT([not found]) 954 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 955 fi 956 ], 957 ) 958 TEST_SHELL=$SHELL # let configure find us a capable shell 959 ;; 960*-*-sunos4*) 961 CPPFLAGS="$CPPFLAGS -DSUNOS4" 962 AC_CHECK_FUNCS([getpwanam]) 963 AC_DEFINE([PAM_SUN_CODEBASE]) 964 conf_utmp_location=/etc/utmp 965 conf_wtmp_location=/var/adm/wtmp 966 conf_lastlog_location=/var/adm/lastlog 967 AC_DEFINE([USE_PIPES]) 968 ;; 969*-ncr-sysv*) 970 LIBS="$LIBS -lc89" 971 AC_DEFINE([USE_PIPES]) 972 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 973 AC_DEFINE([SETEUID_BREAKS_SETUID]) 974 AC_DEFINE([BROKEN_SETREUID]) 975 AC_DEFINE([BROKEN_SETREGID]) 976 ;; 977*-sni-sysv*) 978 # /usr/ucblib MUST NOT be searched on ReliantUNIX 979 AC_CHECK_LIB([dl], [dlsym], ,) 980 # -lresolv needs to be at the end of LIBS or DNS lookups break 981 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 982 IPADDR_IN_DISPLAY=yes 983 AC_DEFINE([USE_PIPES]) 984 AC_DEFINE([IP_TOS_IS_BROKEN]) 985 AC_DEFINE([SETEUID_BREAKS_SETUID]) 986 AC_DEFINE([BROKEN_SETREUID]) 987 AC_DEFINE([BROKEN_SETREGID]) 988 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 989 external_path_file=/etc/default/login 990 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 991 # Attention: always take care to bind libsocket and libnsl before libc, 992 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 993 ;; 994# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 995*-*-sysv4.2*) 996 AC_DEFINE([USE_PIPES]) 997 AC_DEFINE([SETEUID_BREAKS_SETUID]) 998 AC_DEFINE([BROKEN_SETREUID]) 999 AC_DEFINE([BROKEN_SETREGID]) 1000 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1001 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1002 TEST_SHELL=$SHELL # let configure find us a capable shell 1003 ;; 1004# UnixWare 7.x, OpenUNIX 8 1005*-*-sysv5*) 1006 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1007 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1008 AC_DEFINE([USE_PIPES]) 1009 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1010 AC_DEFINE([BROKEN_GETADDRINFO]) 1011 AC_DEFINE([BROKEN_SETREUID]) 1012 AC_DEFINE([BROKEN_SETREGID]) 1013 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1014 TEST_SHELL=$SHELL # let configure find us a capable shell 1015 case "$host" in 1016 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1017 maildir=/var/spool/mail 1018 AC_DEFINE([BROKEN_LIBIAF], [1], 1019 [ia_uinfo routines not supported by OS yet]) 1020 AC_DEFINE([BROKEN_UPDWTMPX]) 1021 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1022 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1023 AC_DEFINE([HAVE_SECUREWARE]) 1024 AC_DEFINE([DISABLE_SHADOW]) 1025 ], , ) 1026 ;; 1027 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1028 check_for_libcrypt_later=1 1029 ;; 1030 esac 1031 ;; 1032*-*-sysv*) 1033 ;; 1034# SCO UNIX and OEM versions of SCO UNIX 1035*-*-sco3.2v4*) 1036 AC_MSG_ERROR("This Platform is no longer supported.") 1037 ;; 1038# SCO OpenServer 5.x 1039*-*-sco3.2v5*) 1040 if test -z "$GCC"; then 1041 CFLAGS="$CFLAGS -belf" 1042 fi 1043 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1044 no_dev_ptmx=1 1045 AC_DEFINE([USE_PIPES]) 1046 AC_DEFINE([HAVE_SECUREWARE]) 1047 AC_DEFINE([DISABLE_SHADOW]) 1048 AC_DEFINE([DISABLE_FD_PASSING]) 1049 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1050 AC_DEFINE([BROKEN_GETADDRINFO]) 1051 AC_DEFINE([BROKEN_SETREUID]) 1052 AC_DEFINE([BROKEN_SETREGID]) 1053 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1054 AC_DEFINE([BROKEN_UPDWTMPX]) 1055 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1056 AC_CHECK_FUNCS([getluid setluid]) 1057 MANTYPE=man 1058 TEST_SHELL=$SHELL # let configure find us a capable shell 1059 SKIP_DISABLE_LASTLOG_DEFINE=yes 1060 ;; 1061*-*-unicosmk*) 1062 AC_DEFINE([NO_SSH_LASTLOG], [1], 1063 [Define if you don't want to use lastlog in session.c]) 1064 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1065 AC_DEFINE([BROKEN_SETREUID]) 1066 AC_DEFINE([BROKEN_SETREGID]) 1067 AC_DEFINE([USE_PIPES]) 1068 AC_DEFINE([DISABLE_FD_PASSING]) 1069 LDFLAGS="$LDFLAGS" 1070 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1071 MANTYPE=cat 1072 ;; 1073*-*-unicosmp*) 1074 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1075 AC_DEFINE([BROKEN_SETREUID]) 1076 AC_DEFINE([BROKEN_SETREGID]) 1077 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1078 AC_DEFINE([USE_PIPES]) 1079 AC_DEFINE([DISABLE_FD_PASSING]) 1080 LDFLAGS="$LDFLAGS" 1081 LIBS="$LIBS -lgen -lacid -ldb" 1082 MANTYPE=cat 1083 ;; 1084*-*-unicos*) 1085 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1086 AC_DEFINE([BROKEN_SETREUID]) 1087 AC_DEFINE([BROKEN_SETREGID]) 1088 AC_DEFINE([USE_PIPES]) 1089 AC_DEFINE([DISABLE_FD_PASSING]) 1090 AC_DEFINE([NO_SSH_LASTLOG]) 1091 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1092 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1093 MANTYPE=cat 1094 ;; 1095*-dec-osf*) 1096 AC_MSG_CHECKING([for Digital Unix SIA]) 1097 no_osfsia="" 1098 AC_ARG_WITH([osfsia], 1099 [ --with-osfsia Enable Digital Unix SIA], 1100 [ 1101 if test "x$withval" = "xno" ; then 1102 AC_MSG_RESULT([disabled]) 1103 no_osfsia=1 1104 fi 1105 ], 1106 ) 1107 if test -z "$no_osfsia" ; then 1108 if test -f /etc/sia/matrix.conf; then 1109 AC_MSG_RESULT([yes]) 1110 AC_DEFINE([HAVE_OSF_SIA], [1], 1111 [Define if you have Digital Unix Security 1112 Integration Architecture]) 1113 AC_DEFINE([DISABLE_LOGIN], [1], 1114 [Define if you don't want to use your 1115 system's login() call]) 1116 AC_DEFINE([DISABLE_FD_PASSING]) 1117 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1118 SIA_MSG="yes" 1119 else 1120 AC_MSG_RESULT([no]) 1121 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1122 [String used in /etc/passwd to denote locked account]) 1123 fi 1124 fi 1125 AC_DEFINE([BROKEN_GETADDRINFO]) 1126 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1127 AC_DEFINE([BROKEN_SETREUID]) 1128 AC_DEFINE([BROKEN_SETREGID]) 1129 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1130 ;; 1131 1132*-*-nto-qnx*) 1133 AC_DEFINE([USE_PIPES]) 1134 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1135 AC_DEFINE([DISABLE_LASTLOG]) 1136 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1137 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1138 enable_etc_default_login=no # has incompatible /etc/default/login 1139 case "$host" in 1140 *-*-nto-qnx6*) 1141 AC_DEFINE([DISABLE_FD_PASSING]) 1142 ;; 1143 esac 1144 ;; 1145 1146*-*-ultrix*) 1147 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1148 AC_DEFINE([NEED_SETPGRP]) 1149 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1150 ;; 1151 1152*-*-lynxos) 1153 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1154 AC_DEFINE([BROKEN_SETVBUF], [1], 1155 [LynxOS has broken setvbuf() implementation]) 1156 ;; 1157esac 1158 1159AC_MSG_CHECKING([compiler and flags for sanity]) 1160AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1161 [ AC_MSG_RESULT([yes]) ], 1162 [ 1163 AC_MSG_RESULT([no]) 1164 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1165 ], 1166 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1167) 1168 1169dnl Checks for header files. 1170# Checks for libraries. 1171AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1172 1173dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1174AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1175 AC_CHECK_LIB([gen], [dirname], [ 1176 AC_CACHE_CHECK([for broken dirname], 1177 ac_cv_have_broken_dirname, [ 1178 save_LIBS="$LIBS" 1179 LIBS="$LIBS -lgen" 1180 AC_RUN_IFELSE( 1181 [AC_LANG_SOURCE([[ 1182#include <libgen.h> 1183#include <string.h> 1184 1185int main(int argc, char **argv) { 1186 char *s, buf[32]; 1187 1188 strncpy(buf,"/etc", 32); 1189 s = dirname(buf); 1190 if (!s || strncmp(s, "/", 32) != 0) { 1191 exit(1); 1192 } else { 1193 exit(0); 1194 } 1195} 1196 ]])], 1197 [ ac_cv_have_broken_dirname="no" ], 1198 [ ac_cv_have_broken_dirname="yes" ], 1199 [ ac_cv_have_broken_dirname="no" ], 1200 ) 1201 LIBS="$save_LIBS" 1202 ]) 1203 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1204 LIBS="$LIBS -lgen" 1205 AC_DEFINE([HAVE_DIRNAME]) 1206 AC_CHECK_HEADERS([libgen.h]) 1207 fi 1208 ]) 1209]) 1210 1211AC_CHECK_FUNC([getspnam], , 1212 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1213AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1214 [Define if you have the basename function.])]) 1215 1216dnl zlib is required 1217AC_ARG_WITH([zlib], 1218 [ --with-zlib=PATH Use zlib in PATH], 1219 [ if test "x$withval" = "xno" ; then 1220 AC_MSG_ERROR([*** zlib is required ***]) 1221 elif test "x$withval" != "xyes"; then 1222 if test -d "$withval/lib"; then 1223 if test -n "${need_dash_r}"; then 1224 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1225 else 1226 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1227 fi 1228 else 1229 if test -n "${need_dash_r}"; then 1230 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1231 else 1232 LDFLAGS="-L${withval} ${LDFLAGS}" 1233 fi 1234 fi 1235 if test -d "$withval/include"; then 1236 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1237 else 1238 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1239 fi 1240 fi ] 1241) 1242 1243AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1244AC_CHECK_LIB([z], [deflate], , 1245 [ 1246 saved_CPPFLAGS="$CPPFLAGS" 1247 saved_LDFLAGS="$LDFLAGS" 1248 save_LIBS="$LIBS" 1249 dnl Check default zlib install dir 1250 if test -n "${need_dash_r}"; then 1251 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1252 else 1253 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1254 fi 1255 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1256 LIBS="$LIBS -lz" 1257 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1258 [ 1259 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1260 ] 1261 ) 1262 ] 1263) 1264 1265AC_ARG_WITH([zlib-version-check], 1266 [ --without-zlib-version-check Disable zlib version check], 1267 [ if test "x$withval" = "xno" ; then 1268 zlib_check_nonfatal=1 1269 fi 1270 ] 1271) 1272 1273AC_MSG_CHECKING([for possibly buggy zlib]) 1274AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1275#include <stdio.h> 1276#include <stdlib.h> 1277#include <zlib.h> 1278 ]], 1279 [[ 1280 int a=0, b=0, c=0, d=0, n, v; 1281 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1282 if (n != 3 && n != 4) 1283 exit(1); 1284 v = a*1000000 + b*10000 + c*100 + d; 1285 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1286 1287 /* 1.1.4 is OK */ 1288 if (a == 1 && b == 1 && c >= 4) 1289 exit(0); 1290 1291 /* 1.2.3 and up are OK */ 1292 if (v >= 1020300) 1293 exit(0); 1294 1295 exit(2); 1296 ]])], 1297 AC_MSG_RESULT([no]), 1298 [ AC_MSG_RESULT([yes]) 1299 if test -z "$zlib_check_nonfatal" ; then 1300 AC_MSG_ERROR([*** zlib too old - check config.log *** 1301Your reported zlib version has known security problems. It's possible your 1302vendor has fixed these problems without changing the version number. If you 1303are sure this is the case, you can disable the check by running 1304"./configure --without-zlib-version-check". 1305If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1306See http://www.gzip.org/zlib/ for details.]) 1307 else 1308 AC_MSG_WARN([zlib version may have security problems]) 1309 fi 1310 ], 1311 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1312) 1313 1314dnl UnixWare 2.x 1315AC_CHECK_FUNC([strcasecmp], 1316 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1317) 1318AC_CHECK_FUNCS([utimes], 1319 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1320 LIBS="$LIBS -lc89"]) ] 1321) 1322 1323dnl Checks for libutil functions 1324AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1325AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1326AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1327AC_SEARCH_LIBS([login], [util bsd]) 1328AC_SEARCH_LIBS([logout], [util bsd]) 1329AC_SEARCH_LIBS([logwtmp], [util bsd]) 1330AC_SEARCH_LIBS([openpty], [util bsd]) 1331AC_SEARCH_LIBS([updwtmp], [util bsd]) 1332AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1333 1334# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1335# or libnsl. 1336AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1337AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1338 1339AC_FUNC_STRFTIME 1340 1341# Check for ALTDIRFUNC glob() extension 1342AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1343AC_EGREP_CPP([FOUNDIT], 1344 [ 1345 #include <glob.h> 1346 #ifdef GLOB_ALTDIRFUNC 1347 FOUNDIT 1348 #endif 1349 ], 1350 [ 1351 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1352 [Define if your system glob() function has 1353 the GLOB_ALTDIRFUNC extension]) 1354 AC_MSG_RESULT([yes]) 1355 ], 1356 [ 1357 AC_MSG_RESULT([no]) 1358 ] 1359) 1360 1361# Check for g.gl_matchc glob() extension 1362AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1363AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1364 [[ glob_t g; g.gl_matchc = 1; ]])], 1365 [ 1366 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1367 [Define if your system glob() function has 1368 gl_matchc options in glob_t]) 1369 AC_MSG_RESULT([yes]) 1370 ], [ 1371 AC_MSG_RESULT([no]) 1372]) 1373 1374# Check for g.gl_statv glob() extension 1375AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1376AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1377#ifndef GLOB_KEEPSTAT 1378#error "glob does not support GLOB_KEEPSTAT extension" 1379#endif 1380glob_t g; 1381g.gl_statv = NULL; 1382]])], 1383 [ 1384 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1385 [Define if your system glob() function has 1386 gl_statv options in glob_t]) 1387 AC_MSG_RESULT([yes]) 1388 ], [ 1389 AC_MSG_RESULT([no]) 1390 1391]) 1392 1393AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1394 1395AC_CHECK_DECL([VIS_ALL], , 1396 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1397 1398AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1399AC_RUN_IFELSE( 1400 [AC_LANG_PROGRAM([[ 1401#include <sys/types.h> 1402#include <dirent.h>]], 1403 [[ 1404 struct dirent d; 1405 exit(sizeof(d.d_name)<=sizeof(char)); 1406 ]])], 1407 [AC_MSG_RESULT([yes])], 1408 [ 1409 AC_MSG_RESULT([no]) 1410 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1411 [Define if your struct dirent expects you to 1412 allocate extra space for d_name]) 1413 ], 1414 [ 1415 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1416 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1417 ] 1418) 1419 1420AC_MSG_CHECKING([for /proc/pid/fd directory]) 1421if test -d "/proc/$$/fd" ; then 1422 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1423 AC_MSG_RESULT([yes]) 1424else 1425 AC_MSG_RESULT([no]) 1426fi 1427 1428# Check whether user wants S/Key support 1429SKEY_MSG="no" 1430AC_ARG_WITH([skey], 1431 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1432 [ 1433 if test "x$withval" != "xno" ; then 1434 1435 if test "x$withval" != "xyes" ; then 1436 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1437 LDFLAGS="$LDFLAGS -L${withval}/lib" 1438 fi 1439 1440 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1441 LIBS="-lskey $LIBS" 1442 SKEY_MSG="yes" 1443 1444 AC_MSG_CHECKING([for s/key support]) 1445 AC_LINK_IFELSE( 1446 [AC_LANG_PROGRAM([[ 1447#include <stdio.h> 1448#include <skey.h> 1449 ]], [[ 1450 char *ff = skey_keyinfo(""); ff=""; 1451 exit(0); 1452 ]])], 1453 [AC_MSG_RESULT([yes])], 1454 [ 1455 AC_MSG_RESULT([no]) 1456 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1457 ]) 1458 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1459 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1460#include <stdio.h> 1461#include <skey.h> 1462 ]], [[ 1463 (void)skeychallenge(NULL,"name","",0); 1464 ]])], 1465 [ 1466 AC_MSG_RESULT([yes]) 1467 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1468 [Define if your skeychallenge() 1469 function takes 4 arguments (NetBSD)])], 1470 [ 1471 AC_MSG_RESULT([no]) 1472 ]) 1473 fi 1474 ] 1475) 1476 1477# Check whether user wants TCP wrappers support 1478TCPW_MSG="no" 1479AC_ARG_WITH([tcp-wrappers], 1480 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1481 [ 1482 if test "x$withval" != "xno" ; then 1483 saved_LIBS="$LIBS" 1484 saved_LDFLAGS="$LDFLAGS" 1485 saved_CPPFLAGS="$CPPFLAGS" 1486 if test -n "${withval}" && \ 1487 test "x${withval}" != "xyes"; then 1488 if test -d "${withval}/lib"; then 1489 if test -n "${need_dash_r}"; then 1490 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1491 else 1492 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1493 fi 1494 else 1495 if test -n "${need_dash_r}"; then 1496 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1497 else 1498 LDFLAGS="-L${withval} ${LDFLAGS}" 1499 fi 1500 fi 1501 if test -d "${withval}/include"; then 1502 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1503 else 1504 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1505 fi 1506 fi 1507 LIBS="-lwrap $LIBS" 1508 AC_MSG_CHECKING([for libwrap]) 1509 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1510#include <sys/types.h> 1511#include <sys/socket.h> 1512#include <netinet/in.h> 1513#include <tcpd.h> 1514int deny_severity = 0, allow_severity = 0; 1515 ]], [[ 1516 hosts_access(0); 1517 ]])], [ 1518 AC_MSG_RESULT([yes]) 1519 AC_DEFINE([LIBWRAP], [1], 1520 [Define if you want 1521 TCP Wrappers support]) 1522 SSHDLIBS="$SSHDLIBS -lwrap" 1523 TCPW_MSG="yes" 1524 ], [ 1525 AC_MSG_ERROR([*** libwrap missing]) 1526 1527 ]) 1528 LIBS="$saved_LIBS" 1529 fi 1530 ] 1531) 1532 1533# Check whether user wants to use ldns 1534LDNS_MSG="no" 1535AC_ARG_WITH(ldns, 1536 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1537 [ 1538 if test "x$withval" != "xno" ; then 1539 1540 if test "x$withval" != "xyes" ; then 1541 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1542 LDFLAGS="$LDFLAGS -L${withval}/lib" 1543 fi 1544 1545 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1546 LIBS="-lldns $LIBS" 1547 LDNS_MSG="yes" 1548 1549 AC_MSG_CHECKING([for ldns support]) 1550 AC_LINK_IFELSE( 1551 [AC_LANG_SOURCE([[ 1552#include <stdio.h> 1553#include <stdlib.h> 1554#include <stdint.h> 1555#include <ldns/ldns.h> 1556int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1557 ]]) 1558 ], 1559 [AC_MSG_RESULT(yes)], 1560 [ 1561 AC_MSG_RESULT(no) 1562 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1563 ]) 1564 fi 1565 ] 1566) 1567 1568# Check whether user wants libedit support 1569LIBEDIT_MSG="no" 1570AC_ARG_WITH([libedit], 1571 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1572 [ if test "x$withval" != "xno" ; then 1573 if test "x$withval" = "xyes" ; then 1574 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1575 if test "x$PKGCONFIG" != "xno"; then 1576 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1577 if "$PKGCONFIG" libedit; then 1578 AC_MSG_RESULT([yes]) 1579 use_pkgconfig_for_libedit=yes 1580 else 1581 AC_MSG_RESULT([no]) 1582 fi 1583 fi 1584 else 1585 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1586 if test -n "${need_dash_r}"; then 1587 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1588 else 1589 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1590 fi 1591 fi 1592 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1593 LIBEDIT=`$PKGCONFIG --libs libedit` 1594 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1595 else 1596 LIBEDIT="-ledit -lcurses" 1597 fi 1598 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1599 AC_CHECK_LIB([edit], [el_init], 1600 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1601 LIBEDIT_MSG="yes" 1602 AC_SUBST([LIBEDIT]) 1603 ], 1604 [ AC_MSG_ERROR([libedit not found]) ], 1605 [ $OTHERLIBS ] 1606 ) 1607 AC_MSG_CHECKING([if libedit version is compatible]) 1608 AC_COMPILE_IFELSE( 1609 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1610 [[ 1611 int i = H_SETSIZE; 1612 el_init("", NULL, NULL, NULL); 1613 exit(0); 1614 ]])], 1615 [ AC_MSG_RESULT([yes]) ], 1616 [ AC_MSG_RESULT([no]) 1617 AC_MSG_ERROR([libedit version is not compatible]) ] 1618 ) 1619 fi ] 1620) 1621 1622AUDIT_MODULE=none 1623AC_ARG_WITH([audit], 1624 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1625 [ 1626 AC_MSG_CHECKING([for supported audit module]) 1627 case "$withval" in 1628 bsm) 1629 AC_MSG_RESULT([bsm]) 1630 AUDIT_MODULE=bsm 1631 dnl Checks for headers, libs and functions 1632 AC_CHECK_HEADERS([bsm/audit.h], [], 1633 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1634 [ 1635#ifdef HAVE_TIME_H 1636# include <time.h> 1637#endif 1638 ] 1639) 1640 AC_CHECK_LIB([bsm], [getaudit], [], 1641 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1642 AC_CHECK_FUNCS([getaudit], [], 1643 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1644 # These are optional 1645 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1646 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1647 if test "$sol2ver" -ge 11; then 1648 SSHDLIBS="$SSHDLIBS -lscf" 1649 AC_DEFINE([BROKEN_BSM_API], [1], 1650 [The system has incomplete BSM API]) 1651 fi 1652 ;; 1653 linux) 1654 AC_MSG_RESULT([linux]) 1655 AUDIT_MODULE=linux 1656 dnl Checks for headers, libs and functions 1657 AC_CHECK_HEADERS([libaudit.h]) 1658 SSHDLIBS="$SSHDLIBS -laudit" 1659 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1660 ;; 1661 debug) 1662 AUDIT_MODULE=debug 1663 AC_MSG_RESULT([debug]) 1664 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1665 ;; 1666 no) 1667 AC_MSG_RESULT([no]) 1668 ;; 1669 *) 1670 AC_MSG_ERROR([Unknown audit module $withval]) 1671 ;; 1672 esac ] 1673) 1674 1675AC_ARG_WITH([pie], 1676 [ --with-pie Build Position Independent Executables if possible], [ 1677 if test "x$withval" = "xno"; then 1678 use_pie=no 1679 fi 1680 if test "x$withval" = "xyes"; then 1681 use_pie=yes 1682 fi 1683 ] 1684) 1685if test "x$use_pie" = "x"; then 1686 use_pie=no 1687fi 1688if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1689 # Turn off automatic PIE when toolchain hardening is off. 1690 use_pie=no 1691fi 1692if test "x$use_pie" = "xauto"; then 1693 # Automatic PIE requires gcc >= 4.x 1694 AC_MSG_CHECKING([for gcc >= 4.x]) 1695 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1696#if !defined(__GNUC__) || __GNUC__ < 4 1697#error gcc is too old 1698#endif 1699]])], 1700 [ AC_MSG_RESULT([yes]) ], 1701 [ AC_MSG_RESULT([no]) 1702 use_pie=no ] 1703) 1704fi 1705if test "x$use_pie" != "xno"; then 1706 SAVED_CFLAGS="$CFLAGS" 1707 SAVED_LDFLAGS="$LDFLAGS" 1708 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1709 OSSH_CHECK_LDFLAG_LINK([-pie]) 1710 # We use both -fPIE and -pie or neither. 1711 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1712 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1713 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1714 AC_MSG_RESULT([yes]) 1715 else 1716 AC_MSG_RESULT([no]) 1717 CFLAGS="$SAVED_CFLAGS" 1718 LDFLAGS="$SAVED_LDFLAGS" 1719 fi 1720fi 1721 1722dnl Checks for library functions. Please keep in alphabetical order 1723AC_CHECK_FUNCS([ \ 1724 Blowfish_initstate \ 1725 Blowfish_expandstate \ 1726 Blowfish_expand0state \ 1727 Blowfish_stream2word \ 1728 asprintf \ 1729 b64_ntop \ 1730 __b64_ntop \ 1731 b64_pton \ 1732 __b64_pton \ 1733 bcopy \ 1734 bcrypt_pbkdf \ 1735 bindresvport_sa \ 1736 blf_enc \ 1737 cap_rights_limit \ 1738 clock \ 1739 closefrom \ 1740 dirfd \ 1741 endgrent \ 1742 err \ 1743 errx \ 1744 explicit_bzero \ 1745 fchmod \ 1746 fchown \ 1747 freeaddrinfo \ 1748 fstatfs \ 1749 fstatvfs \ 1750 futimes \ 1751 getaddrinfo \ 1752 getcwd \ 1753 getgrouplist \ 1754 getnameinfo \ 1755 getopt \ 1756 getpeereid \ 1757 getpeerucred \ 1758 getpgid \ 1759 getpgrp \ 1760 _getpty \ 1761 getrlimit \ 1762 getttyent \ 1763 glob \ 1764 group_from_gid \ 1765 inet_aton \ 1766 inet_ntoa \ 1767 inet_ntop \ 1768 innetgr \ 1769 login_getcapbool \ 1770 md5_crypt \ 1771 memmove \ 1772 memset_s \ 1773 mkdtemp \ 1774 ngetaddrinfo \ 1775 nsleep \ 1776 ogetaddrinfo \ 1777 openlog_r \ 1778 pledge \ 1779 poll \ 1780 prctl \ 1781 pstat \ 1782 readpassphrase \ 1783 reallocarray \ 1784 recvmsg \ 1785 rresvport_af \ 1786 sendmsg \ 1787 setdtablesize \ 1788 setegid \ 1789 setenv \ 1790 seteuid \ 1791 setgroupent \ 1792 setgroups \ 1793 setlinebuf \ 1794 setlogin \ 1795 setpassent\ 1796 setpcred \ 1797 setproctitle \ 1798 setregid \ 1799 setreuid \ 1800 setrlimit \ 1801 setsid \ 1802 setvbuf \ 1803 sigaction \ 1804 sigvec \ 1805 snprintf \ 1806 socketpair \ 1807 statfs \ 1808 statvfs \ 1809 strcasestr \ 1810 strdup \ 1811 strerror \ 1812 strlcat \ 1813 strlcpy \ 1814 strmode \ 1815 strnlen \ 1816 strnvis \ 1817 strptime \ 1818 strtonum \ 1819 strtoll \ 1820 strtoul \ 1821 strtoull \ 1822 swap32 \ 1823 sysconf \ 1824 tcgetpgrp \ 1825 timingsafe_bcmp \ 1826 truncate \ 1827 unsetenv \ 1828 updwtmpx \ 1829 user_from_uid \ 1830 usleep \ 1831 vasprintf \ 1832 vsnprintf \ 1833 waitpid \ 1834 warn \ 1835]) 1836 1837dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE. 1838saved_CFLAGS="$CFLAGS" 1839CFLAGS="$CFLAGS -D_XOPEN_SOURCE" 1840AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1841CFLAGS="$saved_CFLAGS" 1842 1843TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1844AC_MSG_CHECKING([for utf8 locale support]) 1845AC_RUN_IFELSE( 1846 [AC_LANG_PROGRAM([[ 1847#include <locale.h> 1848#include <stdlib.h> 1849 ]], [[ 1850 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1851 if (loc != NULL) 1852 exit(0); 1853 exit(1); 1854 ]])], 1855 AC_MSG_RESULT(yes), 1856 [AC_MSG_RESULT(no) 1857 TEST_SSH_UTF8=no], 1858 AC_MSG_WARN([cross compiling: assuming yes]) 1859) 1860 1861AC_LINK_IFELSE( 1862 [AC_LANG_PROGRAM( 1863 [[ #include <ctype.h> ]], 1864 [[ return (isblank('a')); ]])], 1865 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1866]) 1867 1868disable_pkcs11= 1869AC_ARG_ENABLE([pkcs11], 1870 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1871 [ 1872 if test "x$enableval" = "xno" ; then 1873 disable_pkcs11=1 1874 fi 1875 ] 1876) 1877 1878# PKCS11 depends on OpenSSL. 1879if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 1880 # PKCS#11 support requires dlopen() and co 1881 AC_SEARCH_LIBS([dlopen], [dl], 1882 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1883 ) 1884fi 1885 1886# IRIX has a const char return value for gai_strerror() 1887AC_CHECK_FUNCS([gai_strerror], [ 1888 AC_DEFINE([HAVE_GAI_STRERROR]) 1889 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1890#include <sys/types.h> 1891#include <sys/socket.h> 1892#include <netdb.h> 1893 1894const char *gai_strerror(int); 1895 ]], [[ 1896 char *str; 1897 str = gai_strerror(0); 1898 ]])], [ 1899 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1900 [Define if gai_strerror() returns const char *])], [])]) 1901 1902AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1903 [Some systems put nanosleep outside of libc])]) 1904 1905AC_SEARCH_LIBS([clock_gettime], [rt], 1906 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1907 1908dnl Make sure prototypes are defined for these before using them. 1909AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1910AC_CHECK_DECL([strsep], 1911 [AC_CHECK_FUNCS([strsep])], 1912 [], 1913 [ 1914#ifdef HAVE_STRING_H 1915# include <string.h> 1916#endif 1917 ]) 1918 1919dnl tcsendbreak might be a macro 1920AC_CHECK_DECL([tcsendbreak], 1921 [AC_DEFINE([HAVE_TCSENDBREAK])], 1922 [AC_CHECK_FUNCS([tcsendbreak])], 1923 [#include <termios.h>] 1924) 1925 1926AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1927 1928AC_CHECK_DECLS([SHUT_RD], , , 1929 [ 1930#include <sys/types.h> 1931#include <sys/socket.h> 1932 ]) 1933 1934AC_CHECK_DECLS([O_NONBLOCK], , , 1935 [ 1936#include <sys/types.h> 1937#ifdef HAVE_SYS_STAT_H 1938# include <sys/stat.h> 1939#endif 1940#ifdef HAVE_FCNTL_H 1941# include <fcntl.h> 1942#endif 1943 ]) 1944 1945AC_CHECK_DECLS([writev], , , [ 1946#include <sys/types.h> 1947#include <sys/uio.h> 1948#include <unistd.h> 1949 ]) 1950 1951AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1952#include <sys/param.h> 1953 ]) 1954 1955AC_CHECK_DECLS([offsetof], , , [ 1956#include <stddef.h> 1957 ]) 1958 1959# extra bits for select(2) 1960AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1961#include <sys/param.h> 1962#include <sys/types.h> 1963#ifdef HAVE_SYS_SYSMACROS_H 1964#include <sys/sysmacros.h> 1965#endif 1966#ifdef HAVE_SYS_SELECT_H 1967#include <sys/select.h> 1968#endif 1969#ifdef HAVE_SYS_TIME_H 1970#include <sys/time.h> 1971#endif 1972#ifdef HAVE_UNISTD_H 1973#include <unistd.h> 1974#endif 1975 ]]) 1976AC_CHECK_TYPES([fd_mask], [], [], [[ 1977#include <sys/param.h> 1978#include <sys/types.h> 1979#ifdef HAVE_SYS_SELECT_H 1980#include <sys/select.h> 1981#endif 1982#ifdef HAVE_SYS_TIME_H 1983#include <sys/time.h> 1984#endif 1985#ifdef HAVE_UNISTD_H 1986#include <unistd.h> 1987#endif 1988 ]]) 1989 1990AC_CHECK_FUNCS([setresuid], [ 1991 dnl Some platorms have setresuid that isn't implemented, test for this 1992 AC_MSG_CHECKING([if setresuid seems to work]) 1993 AC_RUN_IFELSE( 1994 [AC_LANG_PROGRAM([[ 1995#include <stdlib.h> 1996#include <errno.h> 1997 ]], [[ 1998 errno=0; 1999 setresuid(0,0,0); 2000 if (errno==ENOSYS) 2001 exit(1); 2002 else 2003 exit(0); 2004 ]])], 2005 [AC_MSG_RESULT([yes])], 2006 [AC_DEFINE([BROKEN_SETRESUID], [1], 2007 [Define if your setresuid() is broken]) 2008 AC_MSG_RESULT([not implemented])], 2009 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2010 ) 2011]) 2012 2013AC_CHECK_FUNCS([setresgid], [ 2014 dnl Some platorms have setresgid that isn't implemented, test for this 2015 AC_MSG_CHECKING([if setresgid seems to work]) 2016 AC_RUN_IFELSE( 2017 [AC_LANG_PROGRAM([[ 2018#include <stdlib.h> 2019#include <errno.h> 2020 ]], [[ 2021 errno=0; 2022 setresgid(0,0,0); 2023 if (errno==ENOSYS) 2024 exit(1); 2025 else 2026 exit(0); 2027 ]])], 2028 [AC_MSG_RESULT([yes])], 2029 [AC_DEFINE([BROKEN_SETRESGID], [1], 2030 [Define if your setresgid() is broken]) 2031 AC_MSG_RESULT([not implemented])], 2032 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2033 ) 2034]) 2035 2036AC_CHECK_FUNCS([realpath], [ 2037 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 2038 dnl path name", however some implementations of realpath (and some 2039 dnl versions of the POSIX spec) do not work on non-existent files, 2040 dnl so we use the OpenBSD implementation on those platforms. 2041 AC_MSG_CHECKING([if realpath works with non-existent files]) 2042 AC_RUN_IFELSE( 2043 [AC_LANG_PROGRAM([[ 2044#include <limits.h> 2045#include <stdlib.h> 2046#include <errno.h> 2047 ]], [[ 2048 char buf[PATH_MAX]; 2049 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 2050 if (errno == ENOENT) 2051 exit(1); 2052 exit(0); 2053 ]])], 2054 [AC_MSG_RESULT([yes])], 2055 [AC_DEFINE([BROKEN_REALPATH], [1], 2056 [realpath does not work with nonexistent files]) 2057 AC_MSG_RESULT([no])], 2058 [AC_MSG_WARN([cross compiling: assuming working])] 2059 ) 2060]) 2061 2062dnl Checks for time functions 2063AC_CHECK_FUNCS([gettimeofday time]) 2064dnl Checks for utmp functions 2065AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2066AC_CHECK_FUNCS([utmpname]) 2067dnl Checks for utmpx functions 2068AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2069AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2070dnl Checks for lastlog functions 2071AC_CHECK_FUNCS([getlastlogxbyname]) 2072 2073AC_CHECK_FUNC([daemon], 2074 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2075 [AC_CHECK_LIB([bsd], [daemon], 2076 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2077) 2078 2079AC_CHECK_FUNC([getpagesize], 2080 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2081 [Define if your libraries define getpagesize()])], 2082 [AC_CHECK_LIB([ucb], [getpagesize], 2083 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2084) 2085 2086# Check for broken snprintf 2087if test "x$ac_cv_func_snprintf" = "xyes" ; then 2088 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2089 AC_RUN_IFELSE( 2090 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2091 [[ 2092 char b[5]; 2093 snprintf(b,5,"123456789"); 2094 exit(b[4]!='\0'); 2095 ]])], 2096 [AC_MSG_RESULT([yes])], 2097 [ 2098 AC_MSG_RESULT([no]) 2099 AC_DEFINE([BROKEN_SNPRINTF], [1], 2100 [Define if your snprintf is busted]) 2101 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2102 ], 2103 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2104 ) 2105fi 2106 2107# We depend on vsnprintf returning the right thing on overflow: the 2108# number of characters it tried to create (as per SUSv3) 2109if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2110 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2111 AC_RUN_IFELSE( 2112 [AC_LANG_PROGRAM([[ 2113#include <sys/types.h> 2114#include <stdio.h> 2115#include <stdarg.h> 2116 2117int x_snprintf(char *str, size_t count, const char *fmt, ...) 2118{ 2119 size_t ret; 2120 va_list ap; 2121 2122 va_start(ap, fmt); 2123 ret = vsnprintf(str, count, fmt, ap); 2124 va_end(ap); 2125 return ret; 2126} 2127 ]], [[ 2128char x[1]; 2129if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2130 return 1; 2131if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2132 return 1; 2133return 0; 2134 ]])], 2135 [AC_MSG_RESULT([yes])], 2136 [ 2137 AC_MSG_RESULT([no]) 2138 AC_DEFINE([BROKEN_SNPRINTF], [1], 2139 [Define if your snprintf is busted]) 2140 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2141 ], 2142 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2143 ) 2144fi 2145 2146# On systems where [v]snprintf is broken, but is declared in stdio, 2147# check that the fmt argument is const char * or just char *. 2148# This is only useful for when BROKEN_SNPRINTF 2149AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2150AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2151#include <stdio.h> 2152int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2153 ]], [[ 2154 snprintf(0, 0, 0); 2155 ]])], 2156 [AC_MSG_RESULT([yes]) 2157 AC_DEFINE([SNPRINTF_CONST], [const], 2158 [Define as const if snprintf() can declare const char *fmt])], 2159 [AC_MSG_RESULT([no]) 2160 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2161 2162# Check for missing getpeereid (or equiv) support 2163NO_PEERCHECK="" 2164if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2165 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2166 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2167#include <sys/types.h> 2168#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2169 [ AC_MSG_RESULT([yes]) 2170 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2171 ], [AC_MSG_RESULT([no]) 2172 NO_PEERCHECK=1 2173 ]) 2174fi 2175 2176dnl see whether mkstemp() requires XXXXXX 2177if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2178AC_MSG_CHECKING([for (overly) strict mkstemp]) 2179AC_RUN_IFELSE( 2180 [AC_LANG_PROGRAM([[ 2181#include <stdlib.h> 2182 ]], [[ 2183 char template[]="conftest.mkstemp-test"; 2184 if (mkstemp(template) == -1) 2185 exit(1); 2186 unlink(template); 2187 exit(0); 2188 ]])], 2189 [ 2190 AC_MSG_RESULT([no]) 2191 ], 2192 [ 2193 AC_MSG_RESULT([yes]) 2194 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2195 ], 2196 [ 2197 AC_MSG_RESULT([yes]) 2198 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2199 ] 2200) 2201fi 2202 2203dnl make sure that openpty does not reacquire controlling terminal 2204if test ! -z "$check_for_openpty_ctty_bug"; then 2205 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2206 AC_RUN_IFELSE( 2207 [AC_LANG_PROGRAM([[ 2208#include <stdio.h> 2209#include <sys/fcntl.h> 2210#include <sys/types.h> 2211#include <sys/wait.h> 2212 ]], [[ 2213 pid_t pid; 2214 int fd, ptyfd, ttyfd, status; 2215 2216 pid = fork(); 2217 if (pid < 0) { /* failed */ 2218 exit(1); 2219 } else if (pid > 0) { /* parent */ 2220 waitpid(pid, &status, 0); 2221 if (WIFEXITED(status)) 2222 exit(WEXITSTATUS(status)); 2223 else 2224 exit(2); 2225 } else { /* child */ 2226 close(0); close(1); close(2); 2227 setsid(); 2228 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2229 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2230 if (fd >= 0) 2231 exit(3); /* Acquired ctty: broken */ 2232 else 2233 exit(0); /* Did not acquire ctty: OK */ 2234 } 2235 ]])], 2236 [ 2237 AC_MSG_RESULT([yes]) 2238 ], 2239 [ 2240 AC_MSG_RESULT([no]) 2241 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2242 ], 2243 [ 2244 AC_MSG_RESULT([cross-compiling, assuming yes]) 2245 ] 2246 ) 2247fi 2248 2249if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2250 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2251 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2252 AC_RUN_IFELSE( 2253 [AC_LANG_PROGRAM([[ 2254#include <stdio.h> 2255#include <sys/socket.h> 2256#include <netdb.h> 2257#include <errno.h> 2258#include <netinet/in.h> 2259 2260#define TEST_PORT "2222" 2261 ]], [[ 2262 int err, sock; 2263 struct addrinfo *gai_ai, *ai, hints; 2264 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2265 2266 memset(&hints, 0, sizeof(hints)); 2267 hints.ai_family = PF_UNSPEC; 2268 hints.ai_socktype = SOCK_STREAM; 2269 hints.ai_flags = AI_PASSIVE; 2270 2271 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2272 if (err != 0) { 2273 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2274 exit(1); 2275 } 2276 2277 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2278 if (ai->ai_family != AF_INET6) 2279 continue; 2280 2281 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2282 sizeof(ntop), strport, sizeof(strport), 2283 NI_NUMERICHOST|NI_NUMERICSERV); 2284 2285 if (err != 0) { 2286 if (err == EAI_SYSTEM) 2287 perror("getnameinfo EAI_SYSTEM"); 2288 else 2289 fprintf(stderr, "getnameinfo failed: %s\n", 2290 gai_strerror(err)); 2291 exit(2); 2292 } 2293 2294 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2295 if (sock < 0) 2296 perror("socket"); 2297 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2298 if (errno == EBADF) 2299 exit(3); 2300 } 2301 } 2302 exit(0); 2303 ]])], 2304 [ 2305 AC_MSG_RESULT([yes]) 2306 ], 2307 [ 2308 AC_MSG_RESULT([no]) 2309 AC_DEFINE([BROKEN_GETADDRINFO]) 2310 ], 2311 [ 2312 AC_MSG_RESULT([cross-compiling, assuming yes]) 2313 ] 2314 ) 2315fi 2316 2317if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2318 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2319 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2320 AC_RUN_IFELSE( 2321 [AC_LANG_PROGRAM([[ 2322#include <stdio.h> 2323#include <sys/socket.h> 2324#include <netdb.h> 2325#include <errno.h> 2326#include <netinet/in.h> 2327 2328#define TEST_PORT "2222" 2329 ]], [[ 2330 int err, sock; 2331 struct addrinfo *gai_ai, *ai, hints; 2332 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2333 2334 memset(&hints, 0, sizeof(hints)); 2335 hints.ai_family = PF_UNSPEC; 2336 hints.ai_socktype = SOCK_STREAM; 2337 hints.ai_flags = AI_PASSIVE; 2338 2339 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2340 if (err != 0) { 2341 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2342 exit(1); 2343 } 2344 2345 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2346 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2347 continue; 2348 2349 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2350 sizeof(ntop), strport, sizeof(strport), 2351 NI_NUMERICHOST|NI_NUMERICSERV); 2352 2353 if (ai->ai_family == AF_INET && err != 0) { 2354 perror("getnameinfo"); 2355 exit(2); 2356 } 2357 } 2358 exit(0); 2359 ]])], 2360 [ 2361 AC_MSG_RESULT([yes]) 2362 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2363 [Define if you have a getaddrinfo that fails 2364 for the all-zeros IPv6 address]) 2365 ], 2366 [ 2367 AC_MSG_RESULT([no]) 2368 AC_DEFINE([BROKEN_GETADDRINFO]) 2369 ], 2370 [ 2371 AC_MSG_RESULT([cross-compiling, assuming no]) 2372 ] 2373 ) 2374fi 2375 2376if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2377 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2378 [#include <sys/types.h> 2379 #include <sys/socket.h> 2380 #include <netdb.h>]) 2381fi 2382 2383if test "x$check_for_conflicting_getspnam" = "x1"; then 2384 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2385 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2386 [[ exit(0); ]])], 2387 [ 2388 AC_MSG_RESULT([no]) 2389 ], 2390 [ 2391 AC_MSG_RESULT([yes]) 2392 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2393 [Conflicting defs for getspnam]) 2394 ] 2395 ) 2396fi 2397 2398dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2399dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2400dnl for over ten years). Despite this incompatibility being reported during 2401dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2402dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2403dnl implementation. Try to detect this mess, and assume the only safe option 2404dnl if we're cross compiling. 2405dnl 2406dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2407dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2408if test "x$ac_cv_func_strnvis" = "xyes"; then 2409 AC_MSG_CHECKING([for working strnvis]) 2410 AC_RUN_IFELSE( 2411 [AC_LANG_PROGRAM([[ 2412#include <signal.h> 2413#include <stdlib.h> 2414#include <string.h> 2415#include <vis.h> 2416static void sighandler(int sig) { _exit(1); } 2417 ]], [[ 2418 char dst[16]; 2419 2420 signal(SIGSEGV, sighandler); 2421 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2422 exit(0); 2423 exit(1) 2424 ]])], 2425 [AC_MSG_RESULT([yes])], 2426 [AC_MSG_RESULT([no]) 2427 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2428 [AC_MSG_WARN([cross compiling: assuming broken]) 2429 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2430 ) 2431fi 2432 2433AC_FUNC_GETPGRP 2434 2435# Search for OpenSSL 2436saved_CPPFLAGS="$CPPFLAGS" 2437saved_LDFLAGS="$LDFLAGS" 2438AC_ARG_WITH([ssl-dir], 2439 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2440 [ 2441 if test "x$openssl" = "xno" ; then 2442 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2443 fi 2444 if test "x$withval" != "xno" ; then 2445 case "$withval" in 2446 # Relative paths 2447 ./*|../*) withval="`pwd`/$withval" 2448 esac 2449 if test -d "$withval/lib"; then 2450 if test -n "${need_dash_r}"; then 2451 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2452 else 2453 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2454 fi 2455 elif test -d "$withval/lib64"; then 2456 if test -n "${need_dash_r}"; then 2457 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2458 else 2459 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2460 fi 2461 else 2462 if test -n "${need_dash_r}"; then 2463 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2464 else 2465 LDFLAGS="-L${withval} ${LDFLAGS}" 2466 fi 2467 fi 2468 if test -d "$withval/include"; then 2469 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2470 else 2471 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2472 fi 2473 fi 2474 ] 2475) 2476 2477AC_ARG_WITH([openssl-header-check], 2478 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2479 [ 2480 if test "x$withval" = "xno" ; then 2481 openssl_check_nonfatal=1 2482 fi 2483 ] 2484) 2485 2486openssl_engine=no 2487AC_ARG_WITH([ssl-engine], 2488 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2489 [ 2490 if test "x$withval" != "xno" ; then 2491 if test "x$openssl" = "xno" ; then 2492 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2493 fi 2494 openssl_engine=yes 2495 fi 2496 ] 2497) 2498 2499if test "x$openssl" = "xyes" ; then 2500 LIBS="-lcrypto $LIBS" 2501 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2502 [Define if your ssl headers are included 2503 with #include <openssl/header.h>])], 2504 [ 2505 dnl Check default openssl install dir 2506 if test -n "${need_dash_r}"; then 2507 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2508 else 2509 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2510 fi 2511 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2512 AC_CHECK_HEADER([openssl/opensslv.h], , 2513 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2514 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2515 [ 2516 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2517 ] 2518 ) 2519 ] 2520 ) 2521 2522 # Determine OpenSSL header version 2523 AC_MSG_CHECKING([OpenSSL header version]) 2524 AC_RUN_IFELSE( 2525 [AC_LANG_PROGRAM([[ 2526 #include <stdlib.h> 2527 #include <stdio.h> 2528 #include <string.h> 2529 #include <openssl/opensslv.h> 2530 #define DATA "conftest.sslincver" 2531 ]], [[ 2532 FILE *fd; 2533 int rc; 2534 2535 fd = fopen(DATA,"w"); 2536 if(fd == NULL) 2537 exit(1); 2538 2539 if ((rc = fprintf(fd, "%08lx (%s)\n", 2540 (unsigned long)OPENSSL_VERSION_NUMBER, 2541 OPENSSL_VERSION_TEXT)) < 0) 2542 exit(1); 2543 2544 exit(0); 2545 ]])], 2546 [ 2547 ssl_header_ver=`cat conftest.sslincver` 2548 AC_MSG_RESULT([$ssl_header_ver]) 2549 ], 2550 [ 2551 AC_MSG_RESULT([not found]) 2552 AC_MSG_ERROR([OpenSSL version header not found.]) 2553 ], 2554 [ 2555 AC_MSG_WARN([cross compiling: not checking]) 2556 ] 2557 ) 2558 2559 # Determine OpenSSL library version 2560 AC_MSG_CHECKING([OpenSSL library version]) 2561 AC_RUN_IFELSE( 2562 [AC_LANG_PROGRAM([[ 2563 #include <stdio.h> 2564 #include <string.h> 2565 #include <openssl/opensslv.h> 2566 #include <openssl/crypto.h> 2567 #define DATA "conftest.ssllibver" 2568 ]], [[ 2569 FILE *fd; 2570 int rc; 2571 2572 fd = fopen(DATA,"w"); 2573 if(fd == NULL) 2574 exit(1); 2575 2576 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), 2577 SSLeay_version(SSLEAY_VERSION))) < 0) 2578 exit(1); 2579 2580 exit(0); 2581 ]])], 2582 [ 2583 ssl_library_ver=`cat conftest.ssllibver` 2584 # Check version is supported. 2585 case "$ssl_library_ver" in 2586 0090[[0-7]]*|009080[[0-5]]*) 2587 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) 2588 ;; 2589 *) ;; 2590 esac 2591 AC_MSG_RESULT([$ssl_library_ver]) 2592 ], 2593 [ 2594 AC_MSG_RESULT([not found]) 2595 AC_MSG_ERROR([OpenSSL library not found.]) 2596 ], 2597 [ 2598 AC_MSG_WARN([cross compiling: not checking]) 2599 ] 2600 ) 2601 2602 # Sanity check OpenSSL headers 2603 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2604 AC_RUN_IFELSE( 2605 [AC_LANG_PROGRAM([[ 2606 #include <string.h> 2607 #include <openssl/opensslv.h> 2608 #include <openssl/crypto.h> 2609 ]], [[ 2610 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2611 ]])], 2612 [ 2613 AC_MSG_RESULT([yes]) 2614 ], 2615 [ 2616 AC_MSG_RESULT([no]) 2617 if test "x$openssl_check_nonfatal" = "x"; then 2618 AC_MSG_ERROR([Your OpenSSL headers do not match your 2619 library. Check config.log for details. 2620 If you are sure your installation is consistent, you can disable the check 2621 by running "./configure --without-openssl-header-check". 2622 Also see contrib/findssl.sh for help identifying header/library mismatches. 2623 ]) 2624 else 2625 AC_MSG_WARN([Your OpenSSL headers do not match your 2626 library. Check config.log for details. 2627 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2628 fi 2629 ], 2630 [ 2631 AC_MSG_WARN([cross compiling: not checking]) 2632 ] 2633 ) 2634 2635 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2636 AC_LINK_IFELSE( 2637 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2638 [[ SSLeay_add_all_algorithms(); ]])], 2639 [ 2640 AC_MSG_RESULT([yes]) 2641 ], 2642 [ 2643 AC_MSG_RESULT([no]) 2644 saved_LIBS="$LIBS" 2645 LIBS="$LIBS -ldl" 2646 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2647 AC_LINK_IFELSE( 2648 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2649 [[ SSLeay_add_all_algorithms(); ]])], 2650 [ 2651 AC_MSG_RESULT([yes]) 2652 ], 2653 [ 2654 AC_MSG_RESULT([no]) 2655 LIBS="$saved_LIBS" 2656 ] 2657 ) 2658 ] 2659 ) 2660 2661 AC_CHECK_FUNCS([ \ 2662 BN_is_prime_ex \ 2663 DSA_generate_parameters_ex \ 2664 EVP_DigestInit_ex \ 2665 EVP_DigestFinal_ex \ 2666 EVP_MD_CTX_init \ 2667 EVP_MD_CTX_cleanup \ 2668 EVP_MD_CTX_copy_ex \ 2669 HMAC_CTX_init \ 2670 RSA_generate_key_ex \ 2671 RSA_get_default_method \ 2672 ]) 2673 2674 if test "x$openssl_engine" = "xyes" ; then 2675 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2676 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2677 #include <openssl/engine.h> 2678 ]], [[ 2679 ENGINE_load_builtin_engines(); 2680 ENGINE_register_all_complete(); 2681 ]])], 2682 [ AC_MSG_RESULT([yes]) 2683 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2684 [Enable OpenSSL engine support]) 2685 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2686 ]) 2687 fi 2688 2689 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2690 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2691 AC_LINK_IFELSE( 2692 [AC_LANG_PROGRAM([[ 2693 #include <string.h> 2694 #include <openssl/evp.h> 2695 ]], [[ 2696 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2697 ]])], 2698 [ 2699 AC_MSG_RESULT([no]) 2700 ], 2701 [ 2702 AC_MSG_RESULT([yes]) 2703 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2704 [libcrypto is missing AES 192 and 256 bit functions]) 2705 ] 2706 ) 2707 2708 # Check for OpenSSL with EVP_aes_*ctr 2709 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2710 AC_LINK_IFELSE( 2711 [AC_LANG_PROGRAM([[ 2712 #include <string.h> 2713 #include <openssl/evp.h> 2714 ]], [[ 2715 exit(EVP_aes_128_ctr() == NULL || 2716 EVP_aes_192_cbc() == NULL || 2717 EVP_aes_256_cbc() == NULL); 2718 ]])], 2719 [ 2720 AC_MSG_RESULT([yes]) 2721 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2722 [libcrypto has EVP AES CTR]) 2723 ], 2724 [ 2725 AC_MSG_RESULT([no]) 2726 ] 2727 ) 2728 2729 # Check for OpenSSL with EVP_aes_*gcm 2730 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2731 AC_LINK_IFELSE( 2732 [AC_LANG_PROGRAM([[ 2733 #include <string.h> 2734 #include <openssl/evp.h> 2735 ]], [[ 2736 exit(EVP_aes_128_gcm() == NULL || 2737 EVP_aes_256_gcm() == NULL || 2738 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2739 EVP_CTRL_GCM_IV_GEN == 0 || 2740 EVP_CTRL_GCM_SET_TAG == 0 || 2741 EVP_CTRL_GCM_GET_TAG == 0 || 2742 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2743 ]])], 2744 [ 2745 AC_MSG_RESULT([yes]) 2746 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2747 [libcrypto has EVP AES GCM]) 2748 ], 2749 [ 2750 AC_MSG_RESULT([no]) 2751 unsupported_algorithms="$unsupported_cipers \ 2752 aes128-gcm@openssh.com \ 2753 aes256-gcm@openssh.com" 2754 ] 2755 ) 2756 2757 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2758 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2759 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2760 2761 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2762 AC_LINK_IFELSE( 2763 [AC_LANG_PROGRAM([[ 2764 #include <string.h> 2765 #include <openssl/evp.h> 2766 ]], [[ 2767 if(EVP_DigestUpdate(NULL, NULL,0)) 2768 exit(0); 2769 ]])], 2770 [ 2771 AC_MSG_RESULT([yes]) 2772 ], 2773 [ 2774 AC_MSG_RESULT([no]) 2775 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2776 [Define if EVP_DigestUpdate returns void]) 2777 ] 2778 ) 2779 2780 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2781 # because the system crypt() is more featureful. 2782 if test "x$check_for_libcrypt_before" = "x1"; then 2783 AC_CHECK_LIB([crypt], [crypt]) 2784 fi 2785 2786 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2787 # version in OpenSSL. 2788 if test "x$check_for_libcrypt_later" = "x1"; then 2789 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2790 fi 2791 AC_CHECK_FUNCS([crypt DES_crypt]) 2792 2793 # Search for SHA256 support in libc and/or OpenSSL 2794 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2795 [unsupported_algorithms="$unsupported_algorithms \ 2796 hmac-sha2-256 \ 2797 hmac-sha2-512 \ 2798 diffie-hellman-group-exchange-sha256 \ 2799 hmac-sha2-256-etm@openssh.com \ 2800 hmac-sha2-512-etm@openssh.com" 2801 ] 2802 ) 2803 # Search for RIPE-MD support in OpenSSL 2804 AC_CHECK_FUNCS([EVP_ripemd160], , 2805 [unsupported_algorithms="$unsupported_algorithms \ 2806 hmac-ripemd160 \ 2807 hmac-ripemd160@openssh.com \ 2808 hmac-ripemd160-etm@openssh.com" 2809 ] 2810 ) 2811 2812 # Check complete ECC support in OpenSSL 2813 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2814 AC_LINK_IFELSE( 2815 [AC_LANG_PROGRAM([[ 2816 #include <openssl/ec.h> 2817 #include <openssl/ecdh.h> 2818 #include <openssl/ecdsa.h> 2819 #include <openssl/evp.h> 2820 #include <openssl/objects.h> 2821 #include <openssl/opensslv.h> 2822 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2823 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2824 #endif 2825 ]], [[ 2826 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2827 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2828 ]])], 2829 [ AC_MSG_RESULT([yes]) 2830 enable_nistp256=1 ], 2831 [ AC_MSG_RESULT([no]) ] 2832 ) 2833 2834 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2835 AC_LINK_IFELSE( 2836 [AC_LANG_PROGRAM([[ 2837 #include <openssl/ec.h> 2838 #include <openssl/ecdh.h> 2839 #include <openssl/ecdsa.h> 2840 #include <openssl/evp.h> 2841 #include <openssl/objects.h> 2842 #include <openssl/opensslv.h> 2843 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2844 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2845 #endif 2846 ]], [[ 2847 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2848 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2849 ]])], 2850 [ AC_MSG_RESULT([yes]) 2851 enable_nistp384=1 ], 2852 [ AC_MSG_RESULT([no]) ] 2853 ) 2854 2855 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2856 AC_LINK_IFELSE( 2857 [AC_LANG_PROGRAM([[ 2858 #include <openssl/ec.h> 2859 #include <openssl/ecdh.h> 2860 #include <openssl/ecdsa.h> 2861 #include <openssl/evp.h> 2862 #include <openssl/objects.h> 2863 #include <openssl/opensslv.h> 2864 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2865 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2866 #endif 2867 ]], [[ 2868 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2869 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2870 ]])], 2871 [ AC_MSG_RESULT([yes]) 2872 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2873 AC_RUN_IFELSE( 2874 [AC_LANG_PROGRAM([[ 2875 #include <openssl/ec.h> 2876 #include <openssl/ecdh.h> 2877 #include <openssl/ecdsa.h> 2878 #include <openssl/evp.h> 2879 #include <openssl/objects.h> 2880 #include <openssl/opensslv.h> 2881 ]],[[ 2882 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2883 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2884 exit(e == NULL || m == NULL); 2885 ]])], 2886 [ AC_MSG_RESULT([yes]) 2887 enable_nistp521=1 ], 2888 [ AC_MSG_RESULT([no]) ], 2889 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2890 enable_nistp521=1 ] 2891 )], 2892 AC_MSG_RESULT([no]) 2893 ) 2894 2895 COMMENT_OUT_ECC="#no ecc#" 2896 TEST_SSH_ECC=no 2897 2898 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2899 test x$enable_nistp521 = x1; then 2900 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2901 fi 2902 if test x$enable_nistp256 = x1; then 2903 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2904 [libcrypto has NID_X9_62_prime256v1]) 2905 TEST_SSH_ECC=yes 2906 COMMENT_OUT_ECC="" 2907 else 2908 unsupported_algorithms="$unsupported_algorithms \ 2909 ecdsa-sha2-nistp256 \ 2910 ecdh-sha2-nistp256 \ 2911 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2912 fi 2913 if test x$enable_nistp384 = x1; then 2914 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2915 TEST_SSH_ECC=yes 2916 COMMENT_OUT_ECC="" 2917 else 2918 unsupported_algorithms="$unsupported_algorithms \ 2919 ecdsa-sha2-nistp384 \ 2920 ecdh-sha2-nistp384 \ 2921 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2922 fi 2923 if test x$enable_nistp521 = x1; then 2924 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2925 TEST_SSH_ECC=yes 2926 COMMENT_OUT_ECC="" 2927 else 2928 unsupported_algorithms="$unsupported_algorithms \ 2929 ecdh-sha2-nistp521 \ 2930 ecdsa-sha2-nistp521 \ 2931 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2932 fi 2933 2934 AC_SUBST([TEST_SSH_ECC]) 2935 AC_SUBST([COMMENT_OUT_ECC]) 2936else 2937 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2938 AC_CHECK_FUNCS([crypt]) 2939fi 2940 2941AC_CHECK_FUNCS([ \ 2942 arc4random \ 2943 arc4random_buf \ 2944 arc4random_stir \ 2945 arc4random_uniform \ 2946]) 2947 2948saved_LIBS="$LIBS" 2949AC_CHECK_LIB([iaf], [ia_openinfo], [ 2950 LIBS="$LIBS -liaf" 2951 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2952 AC_DEFINE([HAVE_LIBIAF], [1], 2953 [Define if system has libiaf that supports set_id]) 2954 ]) 2955]) 2956LIBS="$saved_LIBS" 2957 2958### Configure cryptographic random number support 2959 2960# Check wheter OpenSSL seeds itself 2961if test "x$openssl" = "xyes" ; then 2962 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2963 AC_RUN_IFELSE( 2964 [AC_LANG_PROGRAM([[ 2965 #include <string.h> 2966 #include <openssl/rand.h> 2967 ]], [[ 2968 exit(RAND_status() == 1 ? 0 : 1); 2969 ]])], 2970 [ 2971 OPENSSL_SEEDS_ITSELF=yes 2972 AC_MSG_RESULT([yes]) 2973 ], 2974 [ 2975 AC_MSG_RESULT([no]) 2976 ], 2977 [ 2978 AC_MSG_WARN([cross compiling: assuming yes]) 2979 # This is safe, since we will fatal() at runtime if 2980 # OpenSSL is not seeded correctly. 2981 OPENSSL_SEEDS_ITSELF=yes 2982 ] 2983 ) 2984fi 2985 2986# PRNGD TCP socket 2987AC_ARG_WITH([prngd-port], 2988 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2989 [ 2990 case "$withval" in 2991 no) 2992 withval="" 2993 ;; 2994 [[0-9]]*) 2995 ;; 2996 *) 2997 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2998 ;; 2999 esac 3000 if test ! -z "$withval" ; then 3001 PRNGD_PORT="$withval" 3002 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3003 [Port number of PRNGD/EGD random number socket]) 3004 fi 3005 ] 3006) 3007 3008# PRNGD Unix domain socket 3009AC_ARG_WITH([prngd-socket], 3010 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3011 [ 3012 case "$withval" in 3013 yes) 3014 withval="/var/run/egd-pool" 3015 ;; 3016 no) 3017 withval="" 3018 ;; 3019 /*) 3020 ;; 3021 *) 3022 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3023 ;; 3024 esac 3025 3026 if test ! -z "$withval" ; then 3027 if test ! -z "$PRNGD_PORT" ; then 3028 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3029 fi 3030 if test ! -r "$withval" ; then 3031 AC_MSG_WARN([Entropy socket is not readable]) 3032 fi 3033 PRNGD_SOCKET="$withval" 3034 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3035 [Location of PRNGD/EGD random number socket]) 3036 fi 3037 ], 3038 [ 3039 # Check for existing socket only if we don't have a random device already 3040 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3041 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3042 # Insert other locations here 3043 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3044 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3045 PRNGD_SOCKET="$sock" 3046 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3047 break; 3048 fi 3049 done 3050 if test ! -z "$PRNGD_SOCKET" ; then 3051 AC_MSG_RESULT([$PRNGD_SOCKET]) 3052 else 3053 AC_MSG_RESULT([not found]) 3054 fi 3055 fi 3056 ] 3057) 3058 3059# Which randomness source do we use? 3060if test ! -z "$PRNGD_PORT" ; then 3061 RAND_MSG="PRNGd port $PRNGD_PORT" 3062elif test ! -z "$PRNGD_SOCKET" ; then 3063 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3064elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3065 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3066 [Define if you want the OpenSSL internally seeded PRNG only]) 3067 RAND_MSG="OpenSSL internal ONLY" 3068elif test "x$openssl" = "xno" ; then 3069 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3070else 3071 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3072fi 3073 3074# Check for PAM libs 3075PAM_MSG="no" 3076AC_ARG_WITH([pam], 3077 [ --with-pam Enable PAM support ], 3078 [ 3079 if test "x$withval" != "xno" ; then 3080 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3081 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3082 AC_MSG_ERROR([PAM headers not found]) 3083 fi 3084 3085 saved_LIBS="$LIBS" 3086 AC_CHECK_LIB([dl], [dlopen], , ) 3087 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3088 AC_CHECK_FUNCS([pam_getenvlist]) 3089 AC_CHECK_FUNCS([pam_putenv]) 3090 LIBS="$saved_LIBS" 3091 3092 PAM_MSG="yes" 3093 3094 SSHDLIBS="$SSHDLIBS -lpam" 3095 AC_DEFINE([USE_PAM], [1], 3096 [Define if you want to enable PAM support]) 3097 3098 if test $ac_cv_lib_dl_dlopen = yes; then 3099 case "$LIBS" in 3100 *-ldl*) 3101 # libdl already in LIBS 3102 ;; 3103 *) 3104 SSHDLIBS="$SSHDLIBS -ldl" 3105 ;; 3106 esac 3107 fi 3108 fi 3109 ] 3110) 3111 3112AC_ARG_WITH([pam-service], 3113 [ --with-pam-service=name Specify PAM service name ], 3114 [ 3115 if test "x$withval" != "xno" && \ 3116 test "x$withval" != "xyes" ; then 3117 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3118 ["$withval"], [sshd PAM service name]) 3119 fi 3120 ] 3121) 3122 3123# Check for older PAM 3124if test "x$PAM_MSG" = "xyes" ; then 3125 # Check PAM strerror arguments (old PAM) 3126 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3127 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3128#include <stdlib.h> 3129#if defined(HAVE_SECURITY_PAM_APPL_H) 3130#include <security/pam_appl.h> 3131#elif defined (HAVE_PAM_PAM_APPL_H) 3132#include <pam/pam_appl.h> 3133#endif 3134 ]], [[ 3135(void)pam_strerror((pam_handle_t *)NULL, -1); 3136 ]])], [AC_MSG_RESULT([no])], [ 3137 AC_DEFINE([HAVE_OLD_PAM], [1], 3138 [Define if you have an old version of PAM 3139 which takes only one argument to pam_strerror]) 3140 AC_MSG_RESULT([yes]) 3141 PAM_MSG="yes (old library)" 3142 3143 ]) 3144fi 3145 3146case "$host" in 3147*-*-cygwin*) 3148 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3149 ;; 3150*) 3151 SSH_PRIVSEP_USER=sshd 3152 ;; 3153esac 3154AC_ARG_WITH([privsep-user], 3155 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3156 [ 3157 if test -n "$withval" && test "x$withval" != "xno" && \ 3158 test "x${withval}" != "xyes"; then 3159 SSH_PRIVSEP_USER=$withval 3160 fi 3161 ] 3162) 3163if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3164 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3165 [Cygwin function to fetch non-privileged user for privilege separation]) 3166else 3167 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3168 [non-privileged user for privilege separation]) 3169fi 3170AC_SUBST([SSH_PRIVSEP_USER]) 3171 3172if test "x$have_linux_no_new_privs" = "x1" ; then 3173AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3174 #include <sys/types.h> 3175 #include <linux/seccomp.h> 3176]) 3177fi 3178if test "x$have_seccomp_filter" = "x1" ; then 3179AC_MSG_CHECKING([kernel for seccomp_filter support]) 3180AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3181 #include <errno.h> 3182 #include <elf.h> 3183 #include <linux/audit.h> 3184 #include <linux/seccomp.h> 3185 #include <stdlib.h> 3186 #include <sys/prctl.h> 3187 ]], 3188 [[ int i = $seccomp_audit_arch; 3189 errno = 0; 3190 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3191 exit(errno == EFAULT ? 0 : 1); ]])], 3192 [ AC_MSG_RESULT([yes]) ], [ 3193 AC_MSG_RESULT([no]) 3194 # Disable seccomp filter as a target 3195 have_seccomp_filter=0 3196 ] 3197) 3198fi 3199 3200# Decide which sandbox style to use 3201sandbox_arg="" 3202AC_ARG_WITH([sandbox], 3203 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3204 [ 3205 if test "x$withval" = "xyes" ; then 3206 sandbox_arg="" 3207 else 3208 sandbox_arg="$withval" 3209 fi 3210 ] 3211) 3212 3213# Some platforms (seems to be the ones that have a kernel poll(2)-type 3214# function with which they implement select(2)) use an extra file descriptor 3215# when calling select(2), which means we can't use the rlimit sandbox. 3216AC_MSG_CHECKING([if select works with descriptor rlimit]) 3217AC_RUN_IFELSE( 3218 [AC_LANG_PROGRAM([[ 3219#include <sys/types.h> 3220#ifdef HAVE_SYS_TIME_H 3221# include <sys/time.h> 3222#endif 3223#include <sys/resource.h> 3224#ifdef HAVE_SYS_SELECT_H 3225# include <sys/select.h> 3226#endif 3227#include <errno.h> 3228#include <fcntl.h> 3229#include <stdlib.h> 3230 ]],[[ 3231 struct rlimit rl_zero; 3232 int fd, r; 3233 fd_set fds; 3234 struct timeval tv; 3235 3236 fd = open("/dev/null", O_RDONLY); 3237 FD_ZERO(&fds); 3238 FD_SET(fd, &fds); 3239 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3240 setrlimit(RLIMIT_FSIZE, &rl_zero); 3241 setrlimit(RLIMIT_NOFILE, &rl_zero); 3242 tv.tv_sec = 1; 3243 tv.tv_usec = 0; 3244 r = select(fd+1, &fds, NULL, NULL, &tv); 3245 exit (r == -1 ? 1 : 0); 3246 ]])], 3247 [AC_MSG_RESULT([yes]) 3248 select_works_with_rlimit=yes], 3249 [AC_MSG_RESULT([no]) 3250 select_works_with_rlimit=no], 3251 [AC_MSG_WARN([cross compiling: assuming yes])] 3252) 3253 3254AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3255AC_RUN_IFELSE( 3256 [AC_LANG_PROGRAM([[ 3257#include <sys/types.h> 3258#ifdef HAVE_SYS_TIME_H 3259# include <sys/time.h> 3260#endif 3261#include <sys/resource.h> 3262#include <errno.h> 3263#include <stdlib.h> 3264 ]],[[ 3265 struct rlimit rl_zero; 3266 int fd, r; 3267 fd_set fds; 3268 3269 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3270 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3271 exit (r == -1 ? 1 : 0); 3272 ]])], 3273 [AC_MSG_RESULT([yes]) 3274 rlimit_nofile_zero_works=yes], 3275 [AC_MSG_RESULT([no]) 3276 rlimit_nofile_zero_works=no], 3277 [AC_MSG_WARN([cross compiling: assuming yes])] 3278) 3279 3280AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3281AC_RUN_IFELSE( 3282 [AC_LANG_PROGRAM([[ 3283#include <sys/types.h> 3284#include <sys/resource.h> 3285#include <stdlib.h> 3286 ]],[[ 3287 struct rlimit rl_zero; 3288 3289 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3290 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3291 ]])], 3292 [AC_MSG_RESULT([yes])], 3293 [AC_MSG_RESULT([no]) 3294 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3295 [setrlimit RLIMIT_FSIZE works])], 3296 [AC_MSG_WARN([cross compiling: assuming yes])] 3297) 3298 3299if test "x$sandbox_arg" = "xpledge" || \ 3300 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3301 test "x$ac_cv_func_pledge" != "xyes" && \ 3302 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3303 SANDBOX_STYLE="pledge" 3304 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3305elif test "x$sandbox_arg" = "xsystrace" || \ 3306 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3307 test "x$have_systr_policy_kill" != "x1" && \ 3308 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3309 SANDBOX_STYLE="systrace" 3310 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3311elif test "x$sandbox_arg" = "xdarwin" || \ 3312 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3313 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3314 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3315 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3316 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3317 SANDBOX_STYLE="darwin" 3318 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3319elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3320 ( test -z "$sandbox_arg" && \ 3321 test "x$have_seccomp_filter" = "x1" && \ 3322 test "x$ac_cv_header_elf_h" = "xyes" && \ 3323 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3324 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3325 test "x$seccomp_audit_arch" != "x" && \ 3326 test "x$have_linux_no_new_privs" = "x1" && \ 3327 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3328 test "x$seccomp_audit_arch" = "x" && \ 3329 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3330 test "x$have_linux_no_new_privs" != "x1" && \ 3331 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3332 test "x$have_seccomp_filter" != "x1" && \ 3333 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3334 test "x$ac_cv_func_prctl" != "xyes" && \ 3335 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3336 SANDBOX_STYLE="seccomp_filter" 3337 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3338elif test "x$sandbox_arg" = "xcapsicum" || \ 3339 ( test -z "$sandbox_arg" && \ 3340 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3341 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3342 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3343 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3344 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3345 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3346 SANDBOX_STYLE="capsicum" 3347 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3348elif test "x$sandbox_arg" = "xrlimit" || \ 3349 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3350 test "x$select_works_with_rlimit" = "xyes" && \ 3351 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3352 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3353 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3354 test "x$select_works_with_rlimit" != "xyes" && \ 3355 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3356 SANDBOX_STYLE="rlimit" 3357 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3358elif test "x$sandbox_arg" = "xsolaris" || \ 3359 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3360 SANDBOX_STYLE="solaris" 3361 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3362elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3363 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3364 SANDBOX_STYLE="none" 3365 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3366else 3367 AC_MSG_ERROR([unsupported --with-sandbox]) 3368fi 3369 3370# Cheap hack to ensure NEWS-OS libraries are arranged right. 3371if test ! -z "$SONY" ; then 3372 LIBS="$LIBS -liberty"; 3373fi 3374 3375# Check for long long datatypes 3376AC_CHECK_TYPES([long long, unsigned long long, long double]) 3377 3378# Check datatype sizes 3379AC_CHECK_SIZEOF([short int], [2]) 3380AC_CHECK_SIZEOF([int], [4]) 3381AC_CHECK_SIZEOF([long int], [4]) 3382AC_CHECK_SIZEOF([long long int], [8]) 3383 3384# Sanity check long long for some platforms (AIX) 3385if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3386 ac_cv_sizeof_long_long_int=0 3387fi 3388 3389# compute LLONG_MIN and LLONG_MAX if we don't know them. 3390if test -z "$have_llong_max"; then 3391 AC_MSG_CHECKING([for max value of long long]) 3392 AC_RUN_IFELSE( 3393 [AC_LANG_PROGRAM([[ 3394#include <stdio.h> 3395/* Why is this so damn hard? */ 3396#ifdef __GNUC__ 3397# undef __GNUC__ 3398#endif 3399#define __USE_ISOC99 3400#include <limits.h> 3401#define DATA "conftest.llminmax" 3402#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3403 3404/* 3405 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3406 * we do this the hard way. 3407 */ 3408static int 3409fprint_ll(FILE *f, long long n) 3410{ 3411 unsigned int i; 3412 int l[sizeof(long long) * 8]; 3413 3414 if (n < 0) 3415 if (fprintf(f, "-") < 0) 3416 return -1; 3417 for (i = 0; n != 0; i++) { 3418 l[i] = my_abs(n % 10); 3419 n /= 10; 3420 } 3421 do { 3422 if (fprintf(f, "%d", l[--i]) < 0) 3423 return -1; 3424 } while (i != 0); 3425 if (fprintf(f, " ") < 0) 3426 return -1; 3427 return 0; 3428} 3429 ]], [[ 3430 FILE *f; 3431 long long i, llmin, llmax = 0; 3432 3433 if((f = fopen(DATA,"w")) == NULL) 3434 exit(1); 3435 3436#if defined(LLONG_MIN) && defined(LLONG_MAX) 3437 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3438 llmin = LLONG_MIN; 3439 llmax = LLONG_MAX; 3440#else 3441 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3442 /* This will work on one's complement and two's complement */ 3443 for (i = 1; i > llmax; i <<= 1, i++) 3444 llmax = i; 3445 llmin = llmax + 1LL; /* wrap */ 3446#endif 3447 3448 /* Sanity check */ 3449 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3450 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3451 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3452 fprintf(f, "unknown unknown\n"); 3453 exit(2); 3454 } 3455 3456 if (fprint_ll(f, llmin) < 0) 3457 exit(3); 3458 if (fprint_ll(f, llmax) < 0) 3459 exit(4); 3460 if (fclose(f) < 0) 3461 exit(5); 3462 exit(0); 3463 ]])], 3464 [ 3465 llong_min=`$AWK '{print $1}' conftest.llminmax` 3466 llong_max=`$AWK '{print $2}' conftest.llminmax` 3467 3468 AC_MSG_RESULT([$llong_max]) 3469 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3470 [max value of long long calculated by configure]) 3471 AC_MSG_CHECKING([for min value of long long]) 3472 AC_MSG_RESULT([$llong_min]) 3473 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3474 [min value of long long calculated by configure]) 3475 ], 3476 [ 3477 AC_MSG_RESULT([not found]) 3478 ], 3479 [ 3480 AC_MSG_WARN([cross compiling: not checking]) 3481 ] 3482 ) 3483fi 3484 3485 3486# More checks for data types 3487AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3488 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3489 [[ u_int a; a = 1;]])], 3490 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3491 ]) 3492]) 3493if test "x$ac_cv_have_u_int" = "xyes" ; then 3494 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3495 have_u_int=1 3496fi 3497 3498AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3499 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3500 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3501 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3502 ]) 3503]) 3504if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3505 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3506 have_intxx_t=1 3507fi 3508 3509if (test -z "$have_intxx_t" && \ 3510 test "x$ac_cv_header_stdint_h" = "xyes") 3511then 3512 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3513 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3514 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3515 [ 3516 AC_DEFINE([HAVE_INTXX_T]) 3517 AC_MSG_RESULT([yes]) 3518 ], [ AC_MSG_RESULT([no]) 3519 ]) 3520fi 3521 3522AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3523 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3524#include <sys/types.h> 3525#ifdef HAVE_STDINT_H 3526# include <stdint.h> 3527#endif 3528#include <sys/socket.h> 3529#ifdef HAVE_SYS_BITYPES_H 3530# include <sys/bitypes.h> 3531#endif 3532 ]], [[ 3533int64_t a; a = 1; 3534 ]])], 3535 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3536 ]) 3537]) 3538if test "x$ac_cv_have_int64_t" = "xyes" ; then 3539 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3540fi 3541 3542AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3543 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3544 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3545 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3546 ]) 3547]) 3548if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3549 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3550 have_u_intxx_t=1 3551fi 3552 3553if test -z "$have_u_intxx_t" ; then 3554 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3555 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3556 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3557 [ 3558 AC_DEFINE([HAVE_U_INTXX_T]) 3559 AC_MSG_RESULT([yes]) 3560 ], [ AC_MSG_RESULT([no]) 3561 ]) 3562fi 3563 3564AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3565 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3566 [[ u_int64_t a; a = 1;]])], 3567 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3568 ]) 3569]) 3570if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3571 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3572 have_u_int64_t=1 3573fi 3574 3575if (test -z "$have_u_int64_t" && \ 3576 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3577then 3578 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3579 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3580 [[ u_int64_t a; a = 1]])], 3581 [ 3582 AC_DEFINE([HAVE_U_INT64_T]) 3583 AC_MSG_RESULT([yes]) 3584 ], [ AC_MSG_RESULT([no]) 3585 ]) 3586fi 3587 3588if test -z "$have_u_intxx_t" ; then 3589 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3590 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3591#include <sys/types.h> 3592 ]], [[ 3593 uint8_t a; 3594 uint16_t b; 3595 uint32_t c; 3596 a = b = c = 1; 3597 ]])], 3598 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3599 ]) 3600 ]) 3601 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3602 AC_DEFINE([HAVE_UINTXX_T], [1], 3603 [define if you have uintxx_t data type]) 3604 fi 3605fi 3606 3607if (test -z "$have_uintxx_t" && \ 3608 test "x$ac_cv_header_stdint_h" = "xyes") 3609then 3610 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3611 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3612 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3613 [ 3614 AC_DEFINE([HAVE_UINTXX_T]) 3615 AC_MSG_RESULT([yes]) 3616 ], [ AC_MSG_RESULT([no]) 3617 ]) 3618fi 3619 3620if (test -z "$have_uintxx_t" && \ 3621 test "x$ac_cv_header_inttypes_h" = "xyes") 3622then 3623 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3624 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3625 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3626 [ 3627 AC_DEFINE([HAVE_UINTXX_T]) 3628 AC_MSG_RESULT([yes]) 3629 ], [ AC_MSG_RESULT([no]) 3630 ]) 3631fi 3632 3633if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3634 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3635then 3636 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3637 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3638#include <sys/bitypes.h> 3639 ]], [[ 3640 int8_t a; int16_t b; int32_t c; 3641 u_int8_t e; u_int16_t f; u_int32_t g; 3642 a = b = c = e = f = g = 1; 3643 ]])], 3644 [ 3645 AC_DEFINE([HAVE_U_INTXX_T]) 3646 AC_DEFINE([HAVE_INTXX_T]) 3647 AC_MSG_RESULT([yes]) 3648 ], [AC_MSG_RESULT([no]) 3649 ]) 3650fi 3651 3652 3653AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3654 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3655 [[ u_char foo; foo = 125; ]])], 3656 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3657 ]) 3658]) 3659if test "x$ac_cv_have_u_char" = "xyes" ; then 3660 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3661fi 3662 3663AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3664#include <sys/types.h> 3665#include <stdint.h> 3666]) 3667 3668TYPE_SOCKLEN_T 3669 3670AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3671AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3672#include <sys/types.h> 3673#ifdef HAVE_SYS_BITYPES_H 3674#include <sys/bitypes.h> 3675#endif 3676#ifdef HAVE_SYS_STATFS_H 3677#include <sys/statfs.h> 3678#endif 3679#ifdef HAVE_SYS_STATVFS_H 3680#include <sys/statvfs.h> 3681#endif 3682]) 3683 3684AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3685[#include <sys/types.h> 3686#include <netinet/in.h>]) 3687 3688AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3689 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3690 [[ size_t foo; foo = 1235; ]])], 3691 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3692 ]) 3693]) 3694if test "x$ac_cv_have_size_t" = "xyes" ; then 3695 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3696fi 3697 3698AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3699 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3700 [[ ssize_t foo; foo = 1235; ]])], 3701 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3702 ]) 3703]) 3704if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3705 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3706fi 3707 3708AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3709 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3710 [[ clock_t foo; foo = 1235; ]])], 3711 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3712 ]) 3713]) 3714if test "x$ac_cv_have_clock_t" = "xyes" ; then 3715 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3716fi 3717 3718AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3719 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3720#include <sys/types.h> 3721#include <sys/socket.h> 3722 ]], [[ sa_family_t foo; foo = 1235; ]])], 3723 [ ac_cv_have_sa_family_t="yes" ], 3724 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3725#include <sys/types.h> 3726#include <sys/socket.h> 3727#include <netinet/in.h> 3728 ]], [[ sa_family_t foo; foo = 1235; ]])], 3729 [ ac_cv_have_sa_family_t="yes" ], 3730 [ ac_cv_have_sa_family_t="no" ] 3731 ) 3732 ]) 3733]) 3734if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3735 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3736 [define if you have sa_family_t data type]) 3737fi 3738 3739AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3740 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3741 [[ pid_t foo; foo = 1235; ]])], 3742 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3743 ]) 3744]) 3745if test "x$ac_cv_have_pid_t" = "xyes" ; then 3746 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3747fi 3748 3749AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3750 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3751 [[ mode_t foo; foo = 1235; ]])], 3752 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3753 ]) 3754]) 3755if test "x$ac_cv_have_mode_t" = "xyes" ; then 3756 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3757fi 3758 3759 3760AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3761 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3762#include <sys/types.h> 3763#include <sys/socket.h> 3764 ]], [[ struct sockaddr_storage s; ]])], 3765 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3766 [ ac_cv_have_struct_sockaddr_storage="no" 3767 ]) 3768]) 3769if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3770 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3771 [define if you have struct sockaddr_storage data type]) 3772fi 3773 3774AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3775 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3776#include <sys/types.h> 3777#include <netinet/in.h> 3778 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3779 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3780 [ ac_cv_have_struct_sockaddr_in6="no" 3781 ]) 3782]) 3783if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3784 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3785 [define if you have struct sockaddr_in6 data type]) 3786fi 3787 3788AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3789 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3790#include <sys/types.h> 3791#include <netinet/in.h> 3792 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3793 [ ac_cv_have_struct_in6_addr="yes" ], 3794 [ ac_cv_have_struct_in6_addr="no" 3795 ]) 3796]) 3797if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3798 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3799 [define if you have struct in6_addr data type]) 3800 3801dnl Now check for sin6_scope_id 3802 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3803 [ 3804#ifdef HAVE_SYS_TYPES_H 3805#include <sys/types.h> 3806#endif 3807#include <netinet/in.h> 3808 ]) 3809fi 3810 3811AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3812 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3813#include <sys/types.h> 3814#include <sys/socket.h> 3815#include <netdb.h> 3816 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3817 [ ac_cv_have_struct_addrinfo="yes" ], 3818 [ ac_cv_have_struct_addrinfo="no" 3819 ]) 3820]) 3821if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3822 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3823 [define if you have struct addrinfo data type]) 3824fi 3825 3826AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3827 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3828 [[ struct timeval tv; tv.tv_sec = 1;]])], 3829 [ ac_cv_have_struct_timeval="yes" ], 3830 [ ac_cv_have_struct_timeval="no" 3831 ]) 3832]) 3833if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3834 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3835 have_struct_timeval=1 3836fi 3837 3838AC_CHECK_TYPES([struct timespec]) 3839 3840# We need int64_t or else certian parts of the compile will fail. 3841if test "x$ac_cv_have_int64_t" = "xno" && \ 3842 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3843 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3844 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3845 echo "an alternative compiler (I.E., GCC) before continuing." 3846 echo "" 3847 exit 1; 3848else 3849dnl test snprintf (broken on SCO w/gcc) 3850 AC_RUN_IFELSE( 3851 [AC_LANG_SOURCE([[ 3852#include <stdio.h> 3853#include <string.h> 3854#ifdef HAVE_SNPRINTF 3855main() 3856{ 3857 char buf[50]; 3858 char expected_out[50]; 3859 int mazsize = 50 ; 3860#if (SIZEOF_LONG_INT == 8) 3861 long int num = 0x7fffffffffffffff; 3862#else 3863 long long num = 0x7fffffffffffffffll; 3864#endif 3865 strcpy(expected_out, "9223372036854775807"); 3866 snprintf(buf, mazsize, "%lld", num); 3867 if(strcmp(buf, expected_out) != 0) 3868 exit(1); 3869 exit(0); 3870} 3871#else 3872main() { exit(0); } 3873#endif 3874 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3875 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3876 ) 3877fi 3878 3879dnl Checks for structure members 3880OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3881OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3882OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3883OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3884OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3885OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3886OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3887OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3888OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3889OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3890OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3891OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3892OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3893OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3894OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3895OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3896OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3897 3898AC_CHECK_MEMBERS([struct stat.st_blksize]) 3899AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3900struct passwd.pw_change, struct passwd.pw_expire], 3901[], [], [[ 3902#include <sys/types.h> 3903#include <pwd.h> 3904]]) 3905 3906AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3907 [Define if we don't have struct __res_state in resolv.h])], 3908[[ 3909#include <stdio.h> 3910#if HAVE_SYS_TYPES_H 3911# include <sys/types.h> 3912#endif 3913#include <netinet/in.h> 3914#include <arpa/nameser.h> 3915#include <resolv.h> 3916]]) 3917 3918AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3919 ac_cv_have_ss_family_in_struct_ss, [ 3920 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3921#include <sys/types.h> 3922#include <sys/socket.h> 3923 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3924 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3925 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3926]) 3927if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3928 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3929fi 3930 3931AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3932 ac_cv_have___ss_family_in_struct_ss, [ 3933 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3934#include <sys/types.h> 3935#include <sys/socket.h> 3936 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3937 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3938 [ ac_cv_have___ss_family_in_struct_ss="no" 3939 ]) 3940]) 3941if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3942 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3943 [Fields in struct sockaddr_storage]) 3944fi 3945 3946dnl make sure we're using the real structure members and not defines 3947AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3948 ac_cv_have_accrights_in_msghdr, [ 3949 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3950#include <sys/types.h> 3951#include <sys/socket.h> 3952#include <sys/uio.h> 3953 ]], [[ 3954#ifdef msg_accrights 3955#error "msg_accrights is a macro" 3956exit(1); 3957#endif 3958struct msghdr m; 3959m.msg_accrights = 0; 3960exit(0); 3961 ]])], 3962 [ ac_cv_have_accrights_in_msghdr="yes" ], 3963 [ ac_cv_have_accrights_in_msghdr="no" ] 3964 ) 3965]) 3966if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3967 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3968 [Define if your system uses access rights style 3969 file descriptor passing]) 3970fi 3971 3972AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3973AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3974#include <sys/param.h> 3975#include <sys/stat.h> 3976#ifdef HAVE_SYS_TIME_H 3977# include <sys/time.h> 3978#endif 3979#ifdef HAVE_SYS_MOUNT_H 3980#include <sys/mount.h> 3981#endif 3982#ifdef HAVE_SYS_STATVFS_H 3983#include <sys/statvfs.h> 3984#endif 3985 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3986 [ AC_MSG_RESULT([yes]) ], 3987 [ AC_MSG_RESULT([no]) 3988 3989 AC_MSG_CHECKING([if fsid_t has member val]) 3990 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3991#include <sys/types.h> 3992#include <sys/statvfs.h> 3993 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3994 [ AC_MSG_RESULT([yes]) 3995 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3996 [ AC_MSG_RESULT([no]) ]) 3997 3998 AC_MSG_CHECKING([if f_fsid has member __val]) 3999 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4000#include <sys/types.h> 4001#include <sys/statvfs.h> 4002 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4003 [ AC_MSG_RESULT([yes]) 4004 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4005 [ AC_MSG_RESULT([no]) ]) 4006]) 4007 4008AC_CACHE_CHECK([for msg_control field in struct msghdr], 4009 ac_cv_have_control_in_msghdr, [ 4010 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4011#include <sys/types.h> 4012#include <sys/socket.h> 4013#include <sys/uio.h> 4014 ]], [[ 4015#ifdef msg_control 4016#error "msg_control is a macro" 4017exit(1); 4018#endif 4019struct msghdr m; 4020m.msg_control = 0; 4021exit(0); 4022 ]])], 4023 [ ac_cv_have_control_in_msghdr="yes" ], 4024 [ ac_cv_have_control_in_msghdr="no" ] 4025 ) 4026]) 4027if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4028 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4029 [Define if your system uses ancillary data style 4030 file descriptor passing]) 4031fi 4032 4033AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4034 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4035 [[ extern char *__progname; printf("%s", __progname); ]])], 4036 [ ac_cv_libc_defines___progname="yes" ], 4037 [ ac_cv_libc_defines___progname="no" 4038 ]) 4039]) 4040if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4041 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4042fi 4043 4044AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4045 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4046 [[ printf("%s", __FUNCTION__); ]])], 4047 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4048 [ ac_cv_cc_implements___FUNCTION__="no" 4049 ]) 4050]) 4051if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4052 AC_DEFINE([HAVE___FUNCTION__], [1], 4053 [Define if compiler implements __FUNCTION__]) 4054fi 4055 4056AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4057 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4058 [[ printf("%s", __func__); ]])], 4059 [ ac_cv_cc_implements___func__="yes" ], 4060 [ ac_cv_cc_implements___func__="no" 4061 ]) 4062]) 4063if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4064 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4065fi 4066 4067AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4068 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4069#include <stdarg.h> 4070va_list x,y; 4071 ]], [[ va_copy(x,y); ]])], 4072 [ ac_cv_have_va_copy="yes" ], 4073 [ ac_cv_have_va_copy="no" 4074 ]) 4075]) 4076if test "x$ac_cv_have_va_copy" = "xyes" ; then 4077 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4078fi 4079 4080AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4081 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4082#include <stdarg.h> 4083va_list x,y; 4084 ]], [[ __va_copy(x,y); ]])], 4085 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4086 ]) 4087]) 4088if test "x$ac_cv_have___va_copy" = "xyes" ; then 4089 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4090fi 4091 4092AC_CACHE_CHECK([whether getopt has optreset support], 4093 ac_cv_have_getopt_optreset, [ 4094 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4095 [[ extern int optreset; optreset = 0; ]])], 4096 [ ac_cv_have_getopt_optreset="yes" ], 4097 [ ac_cv_have_getopt_optreset="no" 4098 ]) 4099]) 4100if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4101 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4102 [Define if your getopt(3) defines and uses optreset]) 4103fi 4104 4105AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4106 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4107[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4108 [ ac_cv_libc_defines_sys_errlist="yes" ], 4109 [ ac_cv_libc_defines_sys_errlist="no" 4110 ]) 4111]) 4112if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4113 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4114 [Define if your system defines sys_errlist[]]) 4115fi 4116 4117 4118AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4119 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4120[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4121 [ ac_cv_libc_defines_sys_nerr="yes" ], 4122 [ ac_cv_libc_defines_sys_nerr="no" 4123 ]) 4124]) 4125if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4126 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4127fi 4128 4129# Check libraries needed by DNS fingerprint support 4130AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4131 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4132 [Define if getrrsetbyname() exists])], 4133 [ 4134 # Needed by our getrrsetbyname() 4135 AC_SEARCH_LIBS([res_query], [resolv]) 4136 AC_SEARCH_LIBS([dn_expand], [resolv]) 4137 AC_MSG_CHECKING([if res_query will link]) 4138 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4139#include <sys/types.h> 4140#include <netinet/in.h> 4141#include <arpa/nameser.h> 4142#include <netdb.h> 4143#include <resolv.h> 4144 ]], [[ 4145 res_query (0, 0, 0, 0, 0); 4146 ]])], 4147 AC_MSG_RESULT([yes]), 4148 [AC_MSG_RESULT([no]) 4149 saved_LIBS="$LIBS" 4150 LIBS="$LIBS -lresolv" 4151 AC_MSG_CHECKING([for res_query in -lresolv]) 4152 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4153#include <sys/types.h> 4154#include <netinet/in.h> 4155#include <arpa/nameser.h> 4156#include <netdb.h> 4157#include <resolv.h> 4158 ]], [[ 4159 res_query (0, 0, 0, 0, 0); 4160 ]])], 4161 [AC_MSG_RESULT([yes])], 4162 [LIBS="$saved_LIBS" 4163 AC_MSG_RESULT([no])]) 4164 ]) 4165 AC_CHECK_FUNCS([_getshort _getlong]) 4166 AC_CHECK_DECLS([_getshort, _getlong], , , 4167 [#include <sys/types.h> 4168 #include <arpa/nameser.h>]) 4169 AC_CHECK_MEMBER([HEADER.ad], 4170 [AC_DEFINE([HAVE_HEADER_AD], [1], 4171 [Define if HEADER.ad exists in arpa/nameser.h])], , 4172 [#include <arpa/nameser.h>]) 4173 ]) 4174 4175AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4176AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4177#include <stdio.h> 4178#if HAVE_SYS_TYPES_H 4179# include <sys/types.h> 4180#endif 4181#include <netinet/in.h> 4182#include <arpa/nameser.h> 4183#include <resolv.h> 4184extern struct __res_state _res; 4185 ]], [[ 4186struct __res_state *volatile p = &_res; /* force resolution of _res */ 4187return 0; 4188 ]],)], 4189 [AC_MSG_RESULT([yes]) 4190 AC_DEFINE([HAVE__RES_EXTERN], [1], 4191 [Define if you have struct __res_state _res as an extern]) 4192 ], 4193 [ AC_MSG_RESULT([no]) ] 4194) 4195 4196# Check whether user wants SELinux support 4197SELINUX_MSG="no" 4198LIBSELINUX="" 4199AC_ARG_WITH([selinux], 4200 [ --with-selinux Enable SELinux support], 4201 [ if test "x$withval" != "xno" ; then 4202 save_LIBS="$LIBS" 4203 AC_DEFINE([WITH_SELINUX], [1], 4204 [Define if you want SELinux support.]) 4205 SELINUX_MSG="yes" 4206 AC_CHECK_HEADER([selinux/selinux.h], , 4207 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4208 AC_CHECK_LIB([selinux], [setexeccon], 4209 [ LIBSELINUX="-lselinux" 4210 LIBS="$LIBS -lselinux" 4211 ], 4212 AC_MSG_ERROR([SELinux support requires libselinux library])) 4213 SSHLIBS="$SSHLIBS $LIBSELINUX" 4214 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4215 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4216 LIBS="$save_LIBS" 4217 fi ] 4218) 4219AC_SUBST([SSHLIBS]) 4220AC_SUBST([SSHDLIBS]) 4221 4222# Check whether user wants Kerberos 5 support 4223KRB5_MSG="no" 4224AC_ARG_WITH([kerberos5], 4225 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4226 [ if test "x$withval" != "xno" ; then 4227 if test "x$withval" = "xyes" ; then 4228 KRB5ROOT="/usr/local" 4229 else 4230 KRB5ROOT=${withval} 4231 fi 4232 4233 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4234 KRB5_MSG="yes" 4235 4236 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4237 [$KRB5ROOT/bin/krb5-config], 4238 [$KRB5ROOT/bin:$PATH]) 4239 if test -x $KRB5CONF ; then 4240 K5CFLAGS="`$KRB5CONF --cflags`" 4241 K5LIBS="`$KRB5CONF --libs`" 4242 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4243 4244 AC_MSG_CHECKING([for gssapi support]) 4245 if $KRB5CONF | grep gssapi >/dev/null ; then 4246 AC_MSG_RESULT([yes]) 4247 AC_DEFINE([GSSAPI], [1], 4248 [Define this if you want GSSAPI 4249 support in the version 2 protocol]) 4250 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4251 GSSLIBS="`$KRB5CONF --libs gssapi`" 4252 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4253 else 4254 AC_MSG_RESULT([no]) 4255 fi 4256 AC_MSG_CHECKING([whether we are using Heimdal]) 4257 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4258 ]], [[ char *tmp = heimdal_version; ]])], 4259 [ AC_MSG_RESULT([yes]) 4260 AC_DEFINE([HEIMDAL], [1], 4261 [Define this if you are using the Heimdal 4262 version of Kerberos V5]) ], 4263 [AC_MSG_RESULT([no]) 4264 ]) 4265 else 4266 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4267 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4268 AC_MSG_CHECKING([whether we are using Heimdal]) 4269 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4270 ]], [[ char *tmp = heimdal_version; ]])], 4271 [ AC_MSG_RESULT([yes]) 4272 AC_DEFINE([HEIMDAL]) 4273 K5LIBS="-lkrb5" 4274 K5LIBS="$K5LIBS -lcom_err -lasn1" 4275 AC_CHECK_LIB([roken], [net_write], 4276 [K5LIBS="$K5LIBS -lroken"]) 4277 AC_CHECK_LIB([des], [des_cbc_encrypt], 4278 [K5LIBS="$K5LIBS -ldes"]) 4279 ], [ AC_MSG_RESULT([no]) 4280 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4281 ]) 4282 AC_SEARCH_LIBS([dn_expand], [resolv]) 4283 4284 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4285 [ AC_DEFINE([GSSAPI]) 4286 GSSLIBS="-lgssapi_krb5" ], 4287 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4288 [ AC_DEFINE([GSSAPI]) 4289 GSSLIBS="-lgssapi" ], 4290 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4291 [ AC_DEFINE([GSSAPI]) 4292 GSSLIBS="-lgss" ], 4293 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4294 ]) 4295 ]) 4296 4297 AC_CHECK_HEADER([gssapi.h], , 4298 [ unset ac_cv_header_gssapi_h 4299 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4300 AC_CHECK_HEADERS([gssapi.h], , 4301 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4302 ) 4303 ] 4304 ) 4305 4306 oldCPP="$CPPFLAGS" 4307 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4308 AC_CHECK_HEADER([gssapi_krb5.h], , 4309 [ CPPFLAGS="$oldCPP" ]) 4310 4311 fi 4312 if test ! -z "$need_dash_r" ; then 4313 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4314 fi 4315 if test ! -z "$blibpath" ; then 4316 blibpath="$blibpath:${KRB5ROOT}/lib" 4317 fi 4318 4319 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4320 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4321 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4322 4323 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4324 [Define this if you want to use libkafs' AFS support])]) 4325 4326 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4327#ifdef HAVE_GSSAPI_H 4328# include <gssapi.h> 4329#elif defined(HAVE_GSSAPI_GSSAPI_H) 4330# include <gssapi/gssapi.h> 4331#endif 4332 4333#ifdef HAVE_GSSAPI_GENERIC_H 4334# include <gssapi_generic.h> 4335#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4336# include <gssapi/gssapi_generic.h> 4337#endif 4338 ]]) 4339 saved_LIBS="$LIBS" 4340 LIBS="$LIBS $K5LIBS" 4341 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4342 LIBS="$saved_LIBS" 4343 4344 fi 4345 ] 4346) 4347AC_SUBST([GSSLIBS]) 4348AC_SUBST([K5LIBS]) 4349 4350# Looking for programs, paths and files 4351 4352PRIVSEP_PATH=/var/empty 4353AC_ARG_WITH([privsep-path], 4354 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4355 [ 4356 if test -n "$withval" && test "x$withval" != "xno" && \ 4357 test "x${withval}" != "xyes"; then 4358 PRIVSEP_PATH=$withval 4359 fi 4360 ] 4361) 4362AC_SUBST([PRIVSEP_PATH]) 4363 4364AC_ARG_WITH([xauth], 4365 [ --with-xauth=PATH Specify path to xauth program ], 4366 [ 4367 if test -n "$withval" && test "x$withval" != "xno" && \ 4368 test "x${withval}" != "xyes"; then 4369 xauth_path=$withval 4370 fi 4371 ], 4372 [ 4373 TestPath="$PATH" 4374 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4375 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4376 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4377 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4378 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4379 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4380 xauth_path="/usr/openwin/bin/xauth" 4381 fi 4382 ] 4383) 4384 4385STRIP_OPT=-s 4386AC_ARG_ENABLE([strip], 4387 [ --disable-strip Disable calling strip(1) on install], 4388 [ 4389 if test "x$enableval" = "xno" ; then 4390 STRIP_OPT= 4391 fi 4392 ] 4393) 4394AC_SUBST([STRIP_OPT]) 4395 4396if test -z "$xauth_path" ; then 4397 XAUTH_PATH="undefined" 4398 AC_SUBST([XAUTH_PATH]) 4399else 4400 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4401 [Define if xauth is found in your path]) 4402 XAUTH_PATH=$xauth_path 4403 AC_SUBST([XAUTH_PATH]) 4404fi 4405 4406dnl # --with-maildir=/path/to/mail gets top priority. 4407dnl # if maildir is set in the platform case statement above we use that. 4408dnl # Otherwise we run a program to get the dir from system headers. 4409dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4410dnl # If we find _PATH_MAILDIR we do nothing because that is what 4411dnl # session.c expects anyway. Otherwise we set to the value found 4412dnl # stripping any trailing slash. If for some strage reason our program 4413dnl # does not find what it needs, we default to /var/spool/mail. 4414# Check for mail directory 4415AC_ARG_WITH([maildir], 4416 [ --with-maildir=/path/to/mail Specify your system mail directory], 4417 [ 4418 if test "X$withval" != X && test "x$withval" != xno && \ 4419 test "x${withval}" != xyes; then 4420 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4421 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4422 fi 4423 ],[ 4424 if test "X$maildir" != "X"; then 4425 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4426 else 4427 AC_MSG_CHECKING([Discovering system mail directory]) 4428 AC_RUN_IFELSE( 4429 [AC_LANG_PROGRAM([[ 4430#include <stdio.h> 4431#include <string.h> 4432#ifdef HAVE_PATHS_H 4433#include <paths.h> 4434#endif 4435#ifdef HAVE_MAILLOCK_H 4436#include <maillock.h> 4437#endif 4438#define DATA "conftest.maildir" 4439 ]], [[ 4440 FILE *fd; 4441 int rc; 4442 4443 fd = fopen(DATA,"w"); 4444 if(fd == NULL) 4445 exit(1); 4446 4447#if defined (_PATH_MAILDIR) 4448 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4449 exit(1); 4450#elif defined (MAILDIR) 4451 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4452 exit(1); 4453#elif defined (_PATH_MAIL) 4454 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4455 exit(1); 4456#else 4457 exit (2); 4458#endif 4459 4460 exit(0); 4461 ]])], 4462 [ 4463 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4464 maildir=`awk -F: '{print $2}' conftest.maildir \ 4465 | sed 's|/$||'` 4466 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4467 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4468 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4469 fi 4470 ], 4471 [ 4472 if test "X$ac_status" = "X2";then 4473# our test program didn't find it. Default to /var/spool/mail 4474 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4475 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4476 else 4477 AC_MSG_RESULT([*** not found ***]) 4478 fi 4479 ], 4480 [ 4481 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4482 ] 4483 ) 4484 fi 4485 ] 4486) # maildir 4487 4488if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4489 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4490 disable_ptmx_check=yes 4491fi 4492if test -z "$no_dev_ptmx" ; then 4493 if test "x$disable_ptmx_check" != "xyes" ; then 4494 AC_CHECK_FILE(["/dev/ptmx"], 4495 [ 4496 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4497 [Define if you have /dev/ptmx]) 4498 have_dev_ptmx=1 4499 ] 4500 ) 4501 fi 4502fi 4503 4504if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4505 AC_CHECK_FILE(["/dev/ptc"], 4506 [ 4507 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4508 [Define if you have /dev/ptc]) 4509 have_dev_ptc=1 4510 ] 4511 ) 4512else 4513 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4514fi 4515 4516# Options from here on. Some of these are preset by platform above 4517AC_ARG_WITH([mantype], 4518 [ --with-mantype=man|cat|doc Set man page type], 4519 [ 4520 case "$withval" in 4521 man|cat|doc) 4522 MANTYPE=$withval 4523 ;; 4524 *) 4525 AC_MSG_ERROR([invalid man type: $withval]) 4526 ;; 4527 esac 4528 ] 4529) 4530if test -z "$MANTYPE"; then 4531 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4532 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4533 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4534 MANTYPE=doc 4535 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4536 MANTYPE=man 4537 else 4538 MANTYPE=cat 4539 fi 4540fi 4541AC_SUBST([MANTYPE]) 4542if test "$MANTYPE" = "doc"; then 4543 mansubdir=man; 4544else 4545 mansubdir=$MANTYPE; 4546fi 4547AC_SUBST([mansubdir]) 4548 4549# Check whether to enable MD5 passwords 4550MD5_MSG="no" 4551AC_ARG_WITH([md5-passwords], 4552 [ --with-md5-passwords Enable use of MD5 passwords], 4553 [ 4554 if test "x$withval" != "xno" ; then 4555 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4556 [Define if you want to allow MD5 passwords]) 4557 MD5_MSG="yes" 4558 fi 4559 ] 4560) 4561 4562# Whether to disable shadow password support 4563AC_ARG_WITH([shadow], 4564 [ --without-shadow Disable shadow password support], 4565 [ 4566 if test "x$withval" = "xno" ; then 4567 AC_DEFINE([DISABLE_SHADOW]) 4568 disable_shadow=yes 4569 fi 4570 ] 4571) 4572 4573if test -z "$disable_shadow" ; then 4574 AC_MSG_CHECKING([if the systems has expire shadow information]) 4575 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4576#include <sys/types.h> 4577#include <shadow.h> 4578struct spwd sp; 4579 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4580 [ sp_expire_available=yes ], [ 4581 ]) 4582 4583 if test "x$sp_expire_available" = "xyes" ; then 4584 AC_MSG_RESULT([yes]) 4585 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4586 [Define if you want to use shadow password expire field]) 4587 else 4588 AC_MSG_RESULT([no]) 4589 fi 4590fi 4591 4592# Use ip address instead of hostname in $DISPLAY 4593if test ! -z "$IPADDR_IN_DISPLAY" ; then 4594 DISPLAY_HACK_MSG="yes" 4595 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4596 [Define if you need to use IP address 4597 instead of hostname in $DISPLAY]) 4598else 4599 DISPLAY_HACK_MSG="no" 4600 AC_ARG_WITH([ipaddr-display], 4601 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4602 [ 4603 if test "x$withval" != "xno" ; then 4604 AC_DEFINE([IPADDR_IN_DISPLAY]) 4605 DISPLAY_HACK_MSG="yes" 4606 fi 4607 ] 4608 ) 4609fi 4610 4611# check for /etc/default/login and use it if present. 4612AC_ARG_ENABLE([etc-default-login], 4613 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4614 [ if test "x$enableval" = "xno"; then 4615 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4616 etc_default_login=no 4617 else 4618 etc_default_login=yes 4619 fi ], 4620 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4621 then 4622 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4623 etc_default_login=no 4624 else 4625 etc_default_login=yes 4626 fi ] 4627) 4628 4629if test "x$etc_default_login" != "xno"; then 4630 AC_CHECK_FILE(["/etc/default/login"], 4631 [ external_path_file=/etc/default/login ]) 4632 if test "x$external_path_file" = "x/etc/default/login"; then 4633 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4634 [Define if your system has /etc/default/login]) 4635 fi 4636fi 4637 4638dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4639if test $ac_cv_func_login_getcapbool = "yes" && \ 4640 test $ac_cv_header_login_cap_h = "yes" ; then 4641 external_path_file=/etc/login.conf 4642fi 4643 4644# Whether to mess with the default path 4645SERVER_PATH_MSG="(default)" 4646AC_ARG_WITH([default-path], 4647 [ --with-default-path= Specify default $PATH environment for server], 4648 [ 4649 if test "x$external_path_file" = "x/etc/login.conf" ; then 4650 AC_MSG_WARN([ 4651--with-default-path=PATH has no effect on this system. 4652Edit /etc/login.conf instead.]) 4653 elif test "x$withval" != "xno" ; then 4654 if test ! -z "$external_path_file" ; then 4655 AC_MSG_WARN([ 4656--with-default-path=PATH will only be used if PATH is not defined in 4657$external_path_file .]) 4658 fi 4659 user_path="$withval" 4660 SERVER_PATH_MSG="$withval" 4661 fi 4662 ], 4663 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4664 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4665 else 4666 if test ! -z "$external_path_file" ; then 4667 AC_MSG_WARN([ 4668If PATH is defined in $external_path_file, ensure the path to scp is included, 4669otherwise scp will not work.]) 4670 fi 4671 AC_RUN_IFELSE( 4672 [AC_LANG_PROGRAM([[ 4673/* find out what STDPATH is */ 4674#include <stdio.h> 4675#ifdef HAVE_PATHS_H 4676# include <paths.h> 4677#endif 4678#ifndef _PATH_STDPATH 4679# ifdef _PATH_USERPATH /* Irix */ 4680# define _PATH_STDPATH _PATH_USERPATH 4681# else 4682# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4683# endif 4684#endif 4685#include <sys/types.h> 4686#include <sys/stat.h> 4687#include <fcntl.h> 4688#define DATA "conftest.stdpath" 4689 ]], [[ 4690 FILE *fd; 4691 int rc; 4692 4693 fd = fopen(DATA,"w"); 4694 if(fd == NULL) 4695 exit(1); 4696 4697 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4698 exit(1); 4699 4700 exit(0); 4701 ]])], 4702 [ user_path=`cat conftest.stdpath` ], 4703 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4704 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4705 ) 4706# make sure $bindir is in USER_PATH so scp will work 4707 t_bindir="${bindir}" 4708 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4709 t_bindir=`eval echo ${t_bindir}` 4710 case $t_bindir in 4711 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4712 esac 4713 case $t_bindir in 4714 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4715 esac 4716 done 4717 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4718 if test $? -ne 0 ; then 4719 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4720 if test $? -ne 0 ; then 4721 user_path=$user_path:$t_bindir 4722 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4723 fi 4724 fi 4725 fi ] 4726) 4727if test "x$external_path_file" != "x/etc/login.conf" ; then 4728 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4729 AC_SUBST([user_path]) 4730fi 4731 4732# Set superuser path separately to user path 4733AC_ARG_WITH([superuser-path], 4734 [ --with-superuser-path= Specify different path for super-user], 4735 [ 4736 if test -n "$withval" && test "x$withval" != "xno" && \ 4737 test "x${withval}" != "xyes"; then 4738 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4739 [Define if you want a different $PATH 4740 for the superuser]) 4741 superuser_path=$withval 4742 fi 4743 ] 4744) 4745 4746 4747AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4748IPV4_IN6_HACK_MSG="no" 4749AC_ARG_WITH(4in6, 4750 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4751 [ 4752 if test "x$withval" != "xno" ; then 4753 AC_MSG_RESULT([yes]) 4754 AC_DEFINE([IPV4_IN_IPV6], [1], 4755 [Detect IPv4 in IPv6 mapped addresses 4756 and treat as IPv4]) 4757 IPV4_IN6_HACK_MSG="yes" 4758 else 4759 AC_MSG_RESULT([no]) 4760 fi 4761 ], [ 4762 if test "x$inet6_default_4in6" = "xyes"; then 4763 AC_MSG_RESULT([yes (default)]) 4764 AC_DEFINE([IPV4_IN_IPV6]) 4765 IPV4_IN6_HACK_MSG="yes" 4766 else 4767 AC_MSG_RESULT([no (default)]) 4768 fi 4769 ] 4770) 4771 4772# Whether to enable BSD auth support 4773BSD_AUTH_MSG=no 4774AC_ARG_WITH([bsd-auth], 4775 [ --with-bsd-auth Enable BSD auth support], 4776 [ 4777 if test "x$withval" != "xno" ; then 4778 AC_DEFINE([BSD_AUTH], [1], 4779 [Define if you have BSD auth support]) 4780 BSD_AUTH_MSG=yes 4781 fi 4782 ] 4783) 4784 4785# Where to place sshd.pid 4786piddir=/var/run 4787# make sure the directory exists 4788if test ! -d $piddir ; then 4789 piddir=`eval echo ${sysconfdir}` 4790 case $piddir in 4791 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4792 esac 4793fi 4794 4795AC_ARG_WITH([pid-dir], 4796 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4797 [ 4798 if test -n "$withval" && test "x$withval" != "xno" && \ 4799 test "x${withval}" != "xyes"; then 4800 piddir=$withval 4801 if test ! -d $piddir ; then 4802 AC_MSG_WARN([** no $piddir directory on this system **]) 4803 fi 4804 fi 4805 ] 4806) 4807 4808AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4809 [Specify location of ssh.pid]) 4810AC_SUBST([piddir]) 4811 4812dnl allow user to disable some login recording features 4813AC_ARG_ENABLE([lastlog], 4814 [ --disable-lastlog disable use of lastlog even if detected [no]], 4815 [ 4816 if test "x$enableval" = "xno" ; then 4817 AC_DEFINE([DISABLE_LASTLOG]) 4818 fi 4819 ] 4820) 4821AC_ARG_ENABLE([utmp], 4822 [ --disable-utmp disable use of utmp even if detected [no]], 4823 [ 4824 if test "x$enableval" = "xno" ; then 4825 AC_DEFINE([DISABLE_UTMP]) 4826 fi 4827 ] 4828) 4829AC_ARG_ENABLE([utmpx], 4830 [ --disable-utmpx disable use of utmpx even if detected [no]], 4831 [ 4832 if test "x$enableval" = "xno" ; then 4833 AC_DEFINE([DISABLE_UTMPX], [1], 4834 [Define if you don't want to use utmpx]) 4835 fi 4836 ] 4837) 4838AC_ARG_ENABLE([wtmp], 4839 [ --disable-wtmp disable use of wtmp even if detected [no]], 4840 [ 4841 if test "x$enableval" = "xno" ; then 4842 AC_DEFINE([DISABLE_WTMP]) 4843 fi 4844 ] 4845) 4846AC_ARG_ENABLE([wtmpx], 4847 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4848 [ 4849 if test "x$enableval" = "xno" ; then 4850 AC_DEFINE([DISABLE_WTMPX], [1], 4851 [Define if you don't want to use wtmpx]) 4852 fi 4853 ] 4854) 4855AC_ARG_ENABLE([libutil], 4856 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4857 [ 4858 if test "x$enableval" = "xno" ; then 4859 AC_DEFINE([DISABLE_LOGIN]) 4860 fi 4861 ] 4862) 4863AC_ARG_ENABLE([pututline], 4864 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4865 [ 4866 if test "x$enableval" = "xno" ; then 4867 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4868 [Define if you don't want to use pututline() 4869 etc. to write [uw]tmp]) 4870 fi 4871 ] 4872) 4873AC_ARG_ENABLE([pututxline], 4874 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4875 [ 4876 if test "x$enableval" = "xno" ; then 4877 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4878 [Define if you don't want to use pututxline() 4879 etc. to write [uw]tmpx]) 4880 fi 4881 ] 4882) 4883AC_ARG_WITH([lastlog], 4884 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4885 [ 4886 if test "x$withval" = "xno" ; then 4887 AC_DEFINE([DISABLE_LASTLOG]) 4888 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4889 conf_lastlog_location=$withval 4890 fi 4891 ] 4892) 4893 4894dnl lastlog, [uw]tmpx? detection 4895dnl NOTE: set the paths in the platform section to avoid the 4896dnl need for command-line parameters 4897dnl lastlog and [uw]tmp are subject to a file search if all else fails 4898 4899dnl lastlog detection 4900dnl NOTE: the code itself will detect if lastlog is a directory 4901AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4902AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4903#include <sys/types.h> 4904#include <utmp.h> 4905#ifdef HAVE_LASTLOG_H 4906# include <lastlog.h> 4907#endif 4908#ifdef HAVE_PATHS_H 4909# include <paths.h> 4910#endif 4911#ifdef HAVE_LOGIN_H 4912# include <login.h> 4913#endif 4914 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4915 [ AC_MSG_RESULT([yes]) ], 4916 [ 4917 AC_MSG_RESULT([no]) 4918 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4919 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4920#include <sys/types.h> 4921#include <utmp.h> 4922#ifdef HAVE_LASTLOG_H 4923# include <lastlog.h> 4924#endif 4925#ifdef HAVE_PATHS_H 4926# include <paths.h> 4927#endif 4928 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4929 [ AC_MSG_RESULT([yes]) ], 4930 [ 4931 AC_MSG_RESULT([no]) 4932 system_lastlog_path=no 4933 ]) 4934]) 4935 4936if test -z "$conf_lastlog_location"; then 4937 if test x"$system_lastlog_path" = x"no" ; then 4938 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4939 if (test -d "$f" || test -f "$f") ; then 4940 conf_lastlog_location=$f 4941 fi 4942 done 4943 if test -z "$conf_lastlog_location"; then 4944 AC_MSG_WARN([** Cannot find lastlog **]) 4945 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4946 fi 4947 fi 4948fi 4949 4950if test -n "$conf_lastlog_location"; then 4951 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4952 [Define if you want to specify the path to your lastlog file]) 4953fi 4954 4955dnl utmp detection 4956AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4957AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4958#include <sys/types.h> 4959#include <utmp.h> 4960#ifdef HAVE_PATHS_H 4961# include <paths.h> 4962#endif 4963 ]], [[ char *utmp = UTMP_FILE; ]])], 4964 [ AC_MSG_RESULT([yes]) ], 4965 [ AC_MSG_RESULT([no]) 4966 system_utmp_path=no 4967]) 4968if test -z "$conf_utmp_location"; then 4969 if test x"$system_utmp_path" = x"no" ; then 4970 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4971 if test -f $f ; then 4972 conf_utmp_location=$f 4973 fi 4974 done 4975 if test -z "$conf_utmp_location"; then 4976 AC_DEFINE([DISABLE_UTMP]) 4977 fi 4978 fi 4979fi 4980if test -n "$conf_utmp_location"; then 4981 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4982 [Define if you want to specify the path to your utmp file]) 4983fi 4984 4985dnl wtmp detection 4986AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4987AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4988#include <sys/types.h> 4989#include <utmp.h> 4990#ifdef HAVE_PATHS_H 4991# include <paths.h> 4992#endif 4993 ]], [[ char *wtmp = WTMP_FILE; ]])], 4994 [ AC_MSG_RESULT([yes]) ], 4995 [ AC_MSG_RESULT([no]) 4996 system_wtmp_path=no 4997]) 4998if test -z "$conf_wtmp_location"; then 4999 if test x"$system_wtmp_path" = x"no" ; then 5000 for f in /usr/adm/wtmp /var/log/wtmp; do 5001 if test -f $f ; then 5002 conf_wtmp_location=$f 5003 fi 5004 done 5005 if test -z "$conf_wtmp_location"; then 5006 AC_DEFINE([DISABLE_WTMP]) 5007 fi 5008 fi 5009fi 5010if test -n "$conf_wtmp_location"; then 5011 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5012 [Define if you want to specify the path to your wtmp file]) 5013fi 5014 5015dnl wtmpx detection 5016AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5017AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5018#include <sys/types.h> 5019#include <utmp.h> 5020#ifdef HAVE_UTMPX_H 5021#include <utmpx.h> 5022#endif 5023#ifdef HAVE_PATHS_H 5024# include <paths.h> 5025#endif 5026 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5027 [ AC_MSG_RESULT([yes]) ], 5028 [ AC_MSG_RESULT([no]) 5029 system_wtmpx_path=no 5030]) 5031if test -z "$conf_wtmpx_location"; then 5032 if test x"$system_wtmpx_path" = x"no" ; then 5033 AC_DEFINE([DISABLE_WTMPX]) 5034 fi 5035else 5036 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5037 [Define if you want to specify the path to your wtmpx file]) 5038fi 5039 5040 5041if test ! -z "$blibpath" ; then 5042 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5043 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5044fi 5045 5046AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5047 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5048 AC_DEFINE([DISABLE_LASTLOG]) 5049 fi 5050 ], [ 5051#ifdef HAVE_SYS_TYPES_H 5052#include <sys/types.h> 5053#endif 5054#ifdef HAVE_UTMP_H 5055#include <utmp.h> 5056#endif 5057#ifdef HAVE_UTMPX_H 5058#include <utmpx.h> 5059#endif 5060#ifdef HAVE_LASTLOG_H 5061#include <lastlog.h> 5062#endif 5063 ]) 5064 5065AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5066 AC_DEFINE([DISABLE_UTMP]) 5067 AC_DEFINE([DISABLE_WTMP]) 5068 ], [ 5069#ifdef HAVE_SYS_TYPES_H 5070#include <sys/types.h> 5071#endif 5072#ifdef HAVE_UTMP_H 5073#include <utmp.h> 5074#endif 5075#ifdef HAVE_UTMPX_H 5076#include <utmpx.h> 5077#endif 5078#ifdef HAVE_LASTLOG_H 5079#include <lastlog.h> 5080#endif 5081 ]) 5082 5083dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5084dnl Add now. 5085CFLAGS="$CFLAGS $werror_flags" 5086 5087if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5088 TEST_SSH_IPV6=no 5089else 5090 TEST_SSH_IPV6=yes 5091fi 5092AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5093AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5094AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5095AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5096AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5097 5098AC_EXEEXT 5099AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5100 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5101 survey.sh]) 5102AC_OUTPUT 5103 5104# Print summary of options 5105 5106# Someone please show me a better way :) 5107A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5108B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5109C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5110D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5111E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5112F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5113G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5114H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5115I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5116J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5117 5118echo "" 5119echo "OpenSSH has been configured with the following options:" 5120echo " User binaries: $B" 5121echo " System binaries: $C" 5122echo " Configuration files: $D" 5123echo " Askpass program: $E" 5124echo " Manual pages: $F" 5125echo " PID file: $G" 5126echo " Privilege separation chroot path: $H" 5127if test "x$external_path_file" = "x/etc/login.conf" ; then 5128echo " At runtime, sshd will use the path defined in $external_path_file" 5129echo " Make sure the path to scp is present, otherwise scp will not work" 5130else 5131echo " sshd default user PATH: $I" 5132 if test ! -z "$external_path_file"; then 5133echo " (If PATH is set in $external_path_file it will be used instead. If" 5134echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5135 fi 5136fi 5137if test ! -z "$superuser_path" ; then 5138echo " sshd superuser user PATH: $J" 5139fi 5140echo " Manpage format: $MANTYPE" 5141echo " PAM support: $PAM_MSG" 5142echo " OSF SIA support: $SIA_MSG" 5143echo " KerberosV support: $KRB5_MSG" 5144echo " SELinux support: $SELINUX_MSG" 5145echo " Smartcard support: $SCARD_MSG" 5146echo " S/KEY support: $SKEY_MSG" 5147echo " TCP Wrappers support: $TCPW_MSG" 5148echo " MD5 password support: $MD5_MSG" 5149echo " libedit support: $LIBEDIT_MSG" 5150echo " Solaris process contract support: $SPC_MSG" 5151echo " Solaris project support: $SP_MSG" 5152echo " Solaris privilege support: $SPP_MSG" 5153echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5154echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5155echo " BSD Auth support: $BSD_AUTH_MSG" 5156echo " Random number source: $RAND_MSG" 5157echo " Privsep sandbox style: $SANDBOX_STYLE" 5158 5159echo "" 5160 5161echo " Host: ${host}" 5162echo " Compiler: ${CC}" 5163echo " Compiler flags: ${CFLAGS}" 5164echo "Preprocessor flags: ${CPPFLAGS}" 5165echo " Linker flags: ${LDFLAGS}" 5166echo " Libraries: ${LIBS}" 5167if test ! -z "${SSHDLIBS}"; then 5168echo " +for sshd: ${SSHDLIBS}" 5169fi 5170if test ! -z "${SSHLIBS}"; then 5171echo " +for ssh: ${SSHLIBS}" 5172fi 5173 5174echo "" 5175 5176if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5177 echo "SVR4 style packages are supported with \"make package\"" 5178 echo "" 5179fi 5180 5181if test "x$PAM_MSG" = "xyes" ; then 5182 echo "PAM is enabled. You may need to install a PAM control file " 5183 echo "for sshd, otherwise password authentication may fail. " 5184 echo "Example PAM control files can be found in the contrib/ " 5185 echo "subdirectory" 5186 echo "" 5187fi 5188 5189if test ! -z "$NO_PEERCHECK" ; then 5190 echo "WARNING: the operating system that you are using does not" 5191 echo "appear to support getpeereid(), getpeerucred() or the" 5192 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5193 echo "enforce security checks to prevent unauthorised connections to" 5194 echo "ssh-agent. Their absence increases the risk that a malicious" 5195 echo "user can connect to your agent." 5196 echo "" 5197fi 5198 5199if test "$AUDIT_MODULE" = "bsm" ; then 5200 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5201 echo "See the Solaris section in README.platform for details." 5202fi 5203