1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADERS([config.h]) 22AC_PROG_CC([cc gcc]) 23 24# XXX relax this after reimplementing logit() etc. 25AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 26AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 27int f(int a, int b, int c) { return a + b + c; } 28#define F(a, ...) f(a, __VA_ARGS__) 29]], [[return F(1, 2, -3);]])], 30 [ AC_MSG_RESULT([yes]) ], 31 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 32) 33 34AC_CANONICAL_HOST 35AC_C_BIGENDIAN 36 37# Checks for programs. 38AC_PROG_AWK 39AC_PROG_CPP 40AC_PROG_RANLIB 41AC_PROG_INSTALL 42AC_PROG_EGREP 43AC_PROG_MKDIR_P 44AC_CHECK_TOOLS([AR], [ar]) 45AC_PATH_PROG([CAT], [cat]) 46AC_PATH_PROG([KILL], [kill]) 47AC_PATH_PROG([SED], [sed]) 48AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 49AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 50AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 51AC_PATH_PROG([SH], [sh]) 52AC_PATH_PROG([GROFF], [groff]) 53AC_PATH_PROG([NROFF], [nroff awf]) 54AC_PATH_PROG([MANDOC], [mandoc]) 55AC_SUBST([TEST_SHELL], [sh]) 56 57dnl select manpage formatter to be used to build "cat" format pages. 58if test "x$MANDOC" != "x" ; then 59 MANFMT="$MANDOC" 60elif test "x$NROFF" != "x" ; then 61 MANFMT="$NROFF -mandoc" 62elif test "x$GROFF" != "x" ; then 63 MANFMT="$GROFF -mandoc -Tascii" 64else 65 AC_MSG_WARN([no manpage formatter found]) 66 MANFMT="false" 67fi 68AC_SUBST([MANFMT]) 69 70dnl for buildpkg.sh 71AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 72 [/usr/sbin${PATH_SEPARATOR}/etc]) 73AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 74 [/usr/sbin${PATH_SEPARATOR}/etc]) 75AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 76if test -x /sbin/sh; then 77 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 78else 79 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 80fi 81 82# System features 83AC_SYS_LARGEFILE 84 85if test -z "$AR" ; then 86 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 87fi 88 89AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 90if test ! -z "$PATH_PASSWD_PROG" ; then 91 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 92 [Full path of your "passwd" program]) 93fi 94 95dnl Since autoconf doesn't support it very well, we no longer allow users to 96dnl override LD, however keeping the hook here for now in case there's a use 97dnl use case we overlooked and someone needs to re-enable it. Unless a good 98dnl reason is found we'll be removing this in future. 99LD="$CC" 100AC_SUBST([LD]) 101 102AC_C_INLINE 103 104AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 105AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 106AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 107 #include <sys/types.h> 108 #include <sys/param.h> 109 #include <dev/systrace.h> 110]) 111AC_CHECK_DECL([RLIMIT_NPROC], 112 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 113 #include <sys/types.h> 114 #include <sys/resource.h> 115]) 116AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 117 #include <sys/types.h> 118 #include <linux/prctl.h> 119]) 120 121openssl=yes 122AC_ARG_WITH([openssl], 123 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 124 [ if test "x$withval" = "xno" ; then 125 openssl=no 126 fi 127 ] 128) 129AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 130if test "x$openssl" = "xyes" ; then 131 AC_MSG_RESULT([yes]) 132 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 133else 134 AC_MSG_RESULT([no]) 135fi 136 137use_stack_protector=1 138use_toolchain_hardening=1 139AC_ARG_WITH([stackprotect], 140 [ --without-stackprotect Don't use compiler's stack protection], [ 141 if test "x$withval" = "xno"; then 142 use_stack_protector=0 143 fi ]) 144AC_ARG_WITH([hardening], 145 [ --without-hardening Don't use toolchain hardening flags], [ 146 if test "x$withval" = "xno"; then 147 use_toolchain_hardening=0 148 fi ]) 149 150# We use -Werror for the tests only so that we catch warnings like "this is 151# on by default" for things like -fPIE. 152AC_MSG_CHECKING([if $CC supports -Werror]) 153saved_CFLAGS="$CFLAGS" 154CFLAGS="$CFLAGS -Werror" 155AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 156 [ AC_MSG_RESULT([yes]) 157 WERROR="-Werror"], 158 [ AC_MSG_RESULT([no]) 159 WERROR="" ] 160) 161CFLAGS="$saved_CFLAGS" 162 163if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 164 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 167 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 169 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 170 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 171 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 172 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 173 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 174 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 175 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 178 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 179 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 180 if test "x$use_toolchain_hardening" = "x1"; then 181 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 182 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 183 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 184 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 185 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 186 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 187 # NB. -ftrapv expects certain support functions to be present in 188 # the compiler library (libgcc or similar) to detect integer operations 189 # that can overflow. We must check that the result of enabling it 190 # actually links. The test program compiled/linked includes a number 191 # of integer operations that should exercise this. 192 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 193 fi 194 AC_MSG_CHECKING([gcc version]) 195 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 196 case $GCC_VER in 197 1.*) no_attrib_nonnull=1 ;; 198 2.8* | 2.9*) 199 no_attrib_nonnull=1 200 ;; 201 2.*) no_attrib_nonnull=1 ;; 202 *) ;; 203 esac 204 AC_MSG_RESULT([$GCC_VER]) 205 206 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 207 saved_CFLAGS="$CFLAGS" 208 CFLAGS="$CFLAGS -fno-builtin-memset" 209 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 210 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 211 [ AC_MSG_RESULT([yes]) ], 212 [ AC_MSG_RESULT([no]) 213 CFLAGS="$saved_CFLAGS" ] 214 ) 215 216 # -fstack-protector-all doesn't always work for some GCC versions 217 # and/or platforms, so we test if we can. If it's not supported 218 # on a given platform gcc will emit a warning so we use -Werror. 219 if test "x$use_stack_protector" = "x1"; then 220 for t in -fstack-protector-strong -fstack-protector-all \ 221 -fstack-protector; do 222 AC_MSG_CHECKING([if $CC supports $t]) 223 saved_CFLAGS="$CFLAGS" 224 saved_LDFLAGS="$LDFLAGS" 225 CFLAGS="$CFLAGS $t -Werror" 226 LDFLAGS="$LDFLAGS $t -Werror" 227 AC_LINK_IFELSE( 228 [AC_LANG_PROGRAM([[ 229 #include <stdio.h> 230 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 231 ]], 232 [[ 233 char x[256]; 234 snprintf(x, sizeof(x), "XXX%d", func(1)); 235 ]])], 236 [ AC_MSG_RESULT([yes]) 237 CFLAGS="$saved_CFLAGS $t" 238 LDFLAGS="$saved_LDFLAGS $t" 239 AC_MSG_CHECKING([if $t works]) 240 AC_RUN_IFELSE( 241 [AC_LANG_PROGRAM([[ 242 #include <stdio.h> 243 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 244 ]], 245 [[ 246 char x[256]; 247 snprintf(x, sizeof(x), "XXX%d", func(1)); 248 ]])], 249 [ AC_MSG_RESULT([yes]) 250 break ], 251 [ AC_MSG_RESULT([no]) ], 252 [ AC_MSG_WARN([cross compiling: cannot test]) 253 break ] 254 ) 255 ], 256 [ AC_MSG_RESULT([no]) ] 257 ) 258 CFLAGS="$saved_CFLAGS" 259 LDFLAGS="$saved_LDFLAGS" 260 done 261 fi 262 263 if test -z "$have_llong_max"; then 264 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 265 unset ac_cv_have_decl_LLONG_MAX 266 saved_CFLAGS="$CFLAGS" 267 CFLAGS="$CFLAGS -std=gnu99" 268 AC_CHECK_DECL([LLONG_MAX], 269 [have_llong_max=1], 270 [CFLAGS="$saved_CFLAGS"], 271 [#include <limits.h>] 272 ) 273 fi 274fi 275 276AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 277AC_COMPILE_IFELSE( 278 [AC_LANG_PROGRAM([[ 279#include <stdlib.h> 280__attribute__((__unused__)) static void foo(void){return;}]], 281 [[ exit(0); ]])], 282 [ AC_MSG_RESULT([yes]) ], 283 [ AC_MSG_RESULT([no]) 284 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 285 [compiler does not accept __attribute__ on return types]) ] 286) 287 288AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 289AC_COMPILE_IFELSE( 290 [AC_LANG_PROGRAM([[ 291#include <stdlib.h> 292typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 293 [[ exit(0); ]])], 294 [ AC_MSG_RESULT([yes]) ], 295 [ AC_MSG_RESULT([no]) 296 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 297 [compiler does not accept __attribute__ on prototype args]) ] 298) 299 300AC_MSG_CHECKING([if compiler supports variable length arrays]) 301AC_COMPILE_IFELSE( 302 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 303 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 304 [ AC_MSG_RESULT([yes]) 305 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 306 [compiler supports variable length arrays]) ], 307 [ AC_MSG_RESULT([no]) ] 308) 309 310AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 311AC_COMPILE_IFELSE( 312 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 313 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 314 [ AC_MSG_RESULT([yes]) 315 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 316 [compiler variable declarations after code]) ], 317 [ AC_MSG_RESULT([no]) ] 318) 319 320if test "x$no_attrib_nonnull" != "x1" ; then 321 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 322fi 323 324AC_ARG_WITH([rpath], 325 [ --without-rpath Disable auto-added -R linker paths], 326 [ 327 if test "x$withval" = "xno" ; then 328 rpath_opt="" 329 elif test "x$withval" = "xyes" ; then 330 rpath_opt="-R" 331 else 332 rpath_opt="$withval" 333 fi 334 ] 335) 336 337# Allow user to specify flags 338AC_ARG_WITH([cflags], 339 [ --with-cflags Specify additional flags to pass to compiler], 340 [ 341 if test -n "$withval" && test "x$withval" != "xno" && \ 342 test "x${withval}" != "xyes"; then 343 CFLAGS="$CFLAGS $withval" 344 fi 345 ] 346) 347 348AC_ARG_WITH([cflags-after], 349 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 350 [ 351 if test -n "$withval" && test "x$withval" != "xno" && \ 352 test "x${withval}" != "xyes"; then 353 CFLAGS_AFTER="$withval" 354 fi 355 ] 356) 357AC_ARG_WITH([cppflags], 358 [ --with-cppflags Specify additional flags to pass to preprocessor] , 359 [ 360 if test -n "$withval" && test "x$withval" != "xno" && \ 361 test "x${withval}" != "xyes"; then 362 CPPFLAGS="$CPPFLAGS $withval" 363 fi 364 ] 365) 366AC_ARG_WITH([ldflags], 367 [ --with-ldflags Specify additional flags to pass to linker], 368 [ 369 if test -n "$withval" && test "x$withval" != "xno" && \ 370 test "x${withval}" != "xyes"; then 371 LDFLAGS="$LDFLAGS $withval" 372 fi 373 ] 374) 375AC_ARG_WITH([ldflags-after], 376 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 377 [ 378 if test -n "$withval" && test "x$withval" != "xno" && \ 379 test "x${withval}" != "xyes"; then 380 LDFLAGS_AFTER="$withval" 381 fi 382 ] 383) 384AC_ARG_WITH([libs], 385 [ --with-libs Specify additional libraries to link with], 386 [ 387 if test -n "$withval" && test "x$withval" != "xno" && \ 388 test "x${withval}" != "xyes"; then 389 LIBS="$LIBS $withval" 390 fi 391 ] 392) 393AC_ARG_WITH([Werror], 394 [ --with-Werror Build main code with -Werror], 395 [ 396 if test -n "$withval" && test "x$withval" != "xno"; then 397 werror_flags="-Werror" 398 if test "x${withval}" != "xyes"; then 399 werror_flags="$withval" 400 fi 401 fi 402 ] 403) 404 405AC_CHECK_HEADERS([ \ 406 blf.h \ 407 bstring.h \ 408 crypt.h \ 409 crypto/sha2.h \ 410 dirent.h \ 411 endian.h \ 412 elf.h \ 413 err.h \ 414 features.h \ 415 fcntl.h \ 416 floatingpoint.h \ 417 fnmatch.h \ 418 getopt.h \ 419 glob.h \ 420 ia.h \ 421 iaf.h \ 422 ifaddrs.h \ 423 inttypes.h \ 424 langinfo.h \ 425 limits.h \ 426 locale.h \ 427 login.h \ 428 maillock.h \ 429 ndir.h \ 430 net/if_tun.h \ 431 netdb.h \ 432 netgroup.h \ 433 pam/pam_appl.h \ 434 paths.h \ 435 poll.h \ 436 pty.h \ 437 readpassphrase.h \ 438 rpc/types.h \ 439 security/pam_appl.h \ 440 sha2.h \ 441 shadow.h \ 442 stddef.h \ 443 stdint.h \ 444 string.h \ 445 strings.h \ 446 sys/bitypes.h \ 447 sys/byteorder.h \ 448 sys/bsdtty.h \ 449 sys/cdefs.h \ 450 sys/dir.h \ 451 sys/file.h \ 452 sys/mman.h \ 453 sys/label.h \ 454 sys/ndir.h \ 455 sys/poll.h \ 456 sys/prctl.h \ 457 sys/procctl.h \ 458 sys/pstat.h \ 459 sys/ptrace.h \ 460 sys/random.h \ 461 sys/select.h \ 462 sys/stat.h \ 463 sys/stream.h \ 464 sys/stropts.h \ 465 sys/strtio.h \ 466 sys/statvfs.h \ 467 sys/sysmacros.h \ 468 sys/time.h \ 469 sys/timers.h \ 470 sys/vfs.h \ 471 time.h \ 472 tmpdir.h \ 473 ttyent.h \ 474 ucred.h \ 475 unistd.h \ 476 usersec.h \ 477 util.h \ 478 utime.h \ 479 utmp.h \ 480 utmpx.h \ 481 vis.h \ 482 wchar.h \ 483]) 484 485# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 486# to be included first. 487AC_CHECK_HEADERS([sys/audit.h], [], [], [ 488#ifdef HAVE_SYS_TIME_H 489# include <sys/time.h> 490#endif 491#ifdef HAVE_SYS_TYPES_H 492# include <sys/types.h> 493#endif 494#ifdef HAVE_SYS_LABEL_H 495# include <sys/label.h> 496#endif 497]) 498 499# sys/capsicum.h requires sys/types.h 500AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 501#ifdef HAVE_SYS_TYPES_H 502# include <sys/types.h> 503#endif 504]) 505 506# net/route.h requires sys/socket.h and sys/types.h. 507# sys/sysctl.h also requires sys/param.h 508AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 509#ifdef HAVE_SYS_TYPES_H 510# include <sys/types.h> 511#endif 512#include <sys/param.h> 513#include <sys/socket.h> 514]) 515 516# lastlog.h requires sys/time.h to be included first on Solaris 517AC_CHECK_HEADERS([lastlog.h], [], [], [ 518#ifdef HAVE_SYS_TIME_H 519# include <sys/time.h> 520#endif 521]) 522 523# sys/ptms.h requires sys/stream.h to be included first on Solaris 524AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 525#ifdef HAVE_SYS_STREAM_H 526# include <sys/stream.h> 527#endif 528]) 529 530# login_cap.h requires sys/types.h on NetBSD 531AC_CHECK_HEADERS([login_cap.h], [], [], [ 532#include <sys/types.h> 533]) 534 535# older BSDs need sys/param.h before sys/mount.h 536AC_CHECK_HEADERS([sys/mount.h], [], [], [ 537#include <sys/param.h> 538]) 539 540# Android requires sys/socket.h to be included before sys/un.h 541AC_CHECK_HEADERS([sys/un.h], [], [], [ 542#include <sys/types.h> 543#include <sys/socket.h> 544]) 545 546# Messages for features tested for in target-specific section 547SIA_MSG="no" 548SPC_MSG="no" 549SP_MSG="no" 550SPP_MSG="no" 551 552# Support for Solaris/Illumos privileges (this test is used by both 553# the --with-solaris-privs option and --with-sandbox=solaris). 554SOLARIS_PRIVS="no" 555 556# Check for some target-specific stuff 557case "$host" in 558*-*-aix*) 559 # Some versions of VAC won't allow macro redefinitions at 560 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 561 # particularly with older versions of vac or xlc. 562 # It also throws errors about null macro arguments, but these are 563 # not fatal. 564 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 565 AC_COMPILE_IFELSE( 566 [AC_LANG_PROGRAM([[ 567#define testmacro foo 568#define testmacro bar]], 569 [[ exit(0); ]])], 570 [ AC_MSG_RESULT([yes]) ], 571 [ AC_MSG_RESULT([no]) 572 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 573 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 574 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 575 ] 576 ) 577 578 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 579 if (test -z "$blibpath"); then 580 blibpath="/usr/lib:/lib" 581 fi 582 saved_LDFLAGS="$LDFLAGS" 583 if test "$GCC" = "yes"; then 584 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 585 else 586 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 587 fi 588 for tryflags in $flags ;do 589 if (test -z "$blibflags"); then 590 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 591 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 592 [blibflags=$tryflags], []) 593 fi 594 done 595 if (test -z "$blibflags"); then 596 AC_MSG_RESULT([not found]) 597 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 598 else 599 AC_MSG_RESULT([$blibflags]) 600 fi 601 LDFLAGS="$saved_LDFLAGS" 602 dnl Check for authenticate. Might be in libs.a on older AIXes 603 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 604 [Define if you want to enable AIX4's authenticate function])], 605 [AC_CHECK_LIB([s], [authenticate], 606 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 607 LIBS="$LIBS -ls" 608 ]) 609 ]) 610 dnl Check for various auth function declarations in headers. 611 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 612 passwdexpired, setauthdb], , , [#include <usersec.h>]) 613 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 614 AC_CHECK_DECLS([loginfailed], 615 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 616 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 617 [[ (void)loginfailed("user","host","tty",0); ]])], 618 [AC_MSG_RESULT([yes]) 619 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 620 [Define if your AIX loginfailed() function 621 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 622 ])], 623 [], 624 [#include <usersec.h>] 625 ) 626 AC_CHECK_FUNCS([getgrset setauthdb]) 627 AC_CHECK_DECL([F_CLOSEM], 628 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 629 [], 630 [ #include <limits.h> 631 #include <fcntl.h> ] 632 ) 633 check_for_aix_broken_getaddrinfo=1 634 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 635 [Define if your platform breaks doing a seteuid before a setuid]) 636 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 637 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 638 dnl AIX handles lastlog as part of its login message 639 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 640 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 641 [Some systems need a utmpx entry for /bin/login to work]) 642 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 643 [Define to a Set Process Title type if your system is 644 supported by bsd-setproctitle.c]) 645 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 646 [AIX 5.2 and 5.3 (and presumably newer) require this]) 647 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 648 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 649 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 650 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 651 ;; 652*-*-android*) 653 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 654 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 655 ;; 656*-*-cygwin*) 657 check_for_libcrypt_later=1 658 LIBS="$LIBS /usr/lib/textreadmode.o" 659 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 660 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 661 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 662 [Define to disable UID restoration test]) 663 AC_DEFINE([DISABLE_SHADOW], [1], 664 [Define if you want to disable shadow passwords]) 665 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 666 [Define if X11 doesn't support AF_UNIX sockets on that system]) 667 AC_DEFINE([DISABLE_FD_PASSING], [1], 668 [Define if your platform needs to skip post auth 669 file descriptor passing]) 670 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 671 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 672 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 673 # reasons which cause compile warnings, so we disable those warnings. 674 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 675 ;; 676*-*-dgux*) 677 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 678 [Define if your system choked on IP TOS setting]) 679 AC_DEFINE([SETEUID_BREAKS_SETUID]) 680 AC_DEFINE([BROKEN_SETREUID]) 681 AC_DEFINE([BROKEN_SETREGID]) 682 ;; 683*-*-darwin*) 684 use_pie=auto 685 AC_MSG_CHECKING([if we have working getaddrinfo]) 686 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 687#include <mach-o/dyld.h> 688#include <stdlib.h> 689main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 690 exit(0); 691 else 692 exit(1); 693} 694 ]])], 695 [AC_MSG_RESULT([working])], 696 [AC_MSG_RESULT([buggy]) 697 AC_DEFINE([BROKEN_GETADDRINFO], [1], 698 [getaddrinfo is broken (if present)]) 699 ], 700 [AC_MSG_RESULT([assume it is working])]) 701 AC_DEFINE([SETEUID_BREAKS_SETUID]) 702 AC_DEFINE([BROKEN_SETREUID]) 703 AC_DEFINE([BROKEN_SETREGID]) 704 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 705 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 706 [Define if your resolver libs need this for getrrsetbyname]) 707 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 708 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 709 [Use tunnel device compatibility to OpenBSD]) 710 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 711 [Prepend the address family to IP tunnel traffic]) 712 m4_pattern_allow([AU_IPv]) 713 AC_CHECK_DECL([AU_IPv4], [], 714 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 715 [#include <bsm/audit.h>] 716 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 717 [Define if pututxline updates lastlog too]) 718 ) 719 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 720 [Define to a Set Process Title type if your system is 721 supported by bsd-setproctitle.c]) 722 AC_CHECK_FUNCS([sandbox_init]) 723 AC_CHECK_HEADERS([sandbox.h]) 724 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 725 SSHDLIBS="$SSHDLIBS -lsandbox" 726 ]) 727 # proc_pidinfo()-based closefrom() replacement. 728 AC_CHECK_HEADERS([libproc.h]) 729 AC_CHECK_FUNCS([proc_pidinfo]) 730 ;; 731*-*-dragonfly*) 732 SSHDLIBS="$SSHDLIBS -lcrypt" 733 TEST_MALLOC_OPTIONS="AFGJPRX" 734 ;; 735*-*-haiku*) 736 LIBS="$LIBS -lbsd " 737 CFLAGS="$CFLAGS -D_BSD_SOURCE" 738 AC_CHECK_LIB([network], [socket]) 739 AC_DEFINE([HAVE_U_INT64_T]) 740 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 741 MANTYPE=man 742 ;; 743*-*-hpux*) 744 # first we define all of the options common to all HP-UX releases 745 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 746 IPADDR_IN_DISPLAY=yes 747 AC_DEFINE([USE_PIPES]) 748 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 749 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 750 [String used in /etc/passwd to denote locked account]) 751 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 752 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 753 maildir="/var/mail" 754 LIBS="$LIBS -lsec" 755 AC_CHECK_LIB([xnet], [t_error], , 756 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 757 758 # next, we define all of the options specific to major releases 759 case "$host" in 760 *-*-hpux10*) 761 if test -z "$GCC"; then 762 CFLAGS="$CFLAGS -Ae" 763 fi 764 ;; 765 *-*-hpux11*) 766 AC_DEFINE([PAM_SUN_CODEBASE], [1], 767 [Define if you are using Solaris-derived PAM which 768 passes pam_messages to the conversation function 769 with an extra level of indirection]) 770 AC_DEFINE([DISABLE_UTMP], [1], 771 [Define if you don't want to use utmp]) 772 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 773 check_for_hpux_broken_getaddrinfo=1 774 check_for_conflicting_getspnam=1 775 ;; 776 esac 777 778 # lastly, we define options specific to minor releases 779 case "$host" in 780 *-*-hpux10.26) 781 AC_DEFINE([HAVE_SECUREWARE], [1], 782 [Define if you have SecureWare-based 783 protected password database]) 784 disable_ptmx_check=yes 785 LIBS="$LIBS -lsecpw" 786 ;; 787 esac 788 ;; 789*-*-irix5*) 790 PATH="$PATH:/usr/etc" 791 AC_DEFINE([BROKEN_INET_NTOA], [1], 792 [Define if you system's inet_ntoa is busted 793 (e.g. Irix gcc issue)]) 794 AC_DEFINE([SETEUID_BREAKS_SETUID]) 795 AC_DEFINE([BROKEN_SETREUID]) 796 AC_DEFINE([BROKEN_SETREGID]) 797 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 798 [Define if you shouldn't strip 'tty' from your 799 ttyname in [uw]tmp]) 800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 801 ;; 802*-*-irix6*) 803 PATH="$PATH:/usr/etc" 804 AC_DEFINE([WITH_IRIX_ARRAY], [1], 805 [Define if you have/want arrays 806 (cluster-wide session management, not C arrays)]) 807 AC_DEFINE([WITH_IRIX_PROJECT], [1], 808 [Define if you want IRIX project management]) 809 AC_DEFINE([WITH_IRIX_AUDIT], [1], 810 [Define if you want IRIX audit trails]) 811 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 812 [Define if you want IRIX kernel jobs])]) 813 AC_DEFINE([BROKEN_INET_NTOA]) 814 AC_DEFINE([SETEUID_BREAKS_SETUID]) 815 AC_DEFINE([BROKEN_SETREUID]) 816 AC_DEFINE([BROKEN_SETREGID]) 817 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 818 AC_DEFINE([WITH_ABBREV_NO_TTY]) 819 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 820 ;; 821*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 822 check_for_libcrypt_later=1 823 AC_DEFINE([PAM_TTY_KLUDGE]) 824 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 825 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 826 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 827 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 828 ;; 829*-*-linux*) 830 no_dev_ptmx=1 831 use_pie=auto 832 check_for_libcrypt_later=1 833 check_for_openpty_ctty_bug=1 834 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 835 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 836 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 837 AC_DEFINE([PAM_TTY_KLUDGE], [1], 838 [Work around problematic Linux PAM modules handling of PAM_TTY]) 839 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 840 [String used in /etc/passwd to denote locked account]) 841 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 842 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 843 [Define to whatever link() returns for "not supported" 844 if it doesn't return EOPNOTSUPP.]) 845 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 846 AC_DEFINE([USE_BTMP]) 847 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 848 inet6_default_4in6=yes 849 case `uname -r` in 850 1.*|2.0.*) 851 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 852 [Define if cmsg_type is not passed correctly]) 853 ;; 854 esac 855 # tun(4) forwarding compat code 856 AC_CHECK_HEADERS([linux/if_tun.h]) 857 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 858 AC_DEFINE([SSH_TUN_LINUX], [1], 859 [Open tunnel devices the Linux tun/tap way]) 860 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 861 [Use tunnel device compatibility to OpenBSD]) 862 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 863 [Prepend the address family to IP tunnel traffic]) 864 fi 865 AC_CHECK_HEADER([linux/if.h], 866 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 867 [Support routing domains using Linux VRF]), [], [ 868#ifdef HAVE_SYS_TYPES_H 869# include <sys/types.h> 870#endif 871 ]) 872 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 873 [], [#include <linux/types.h>]) 874 # Obtain MIPS ABI 875 case "$host" in 876 mips*) 877 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 878#if _MIPS_SIM != _ABIO32 879#error 880#endif 881 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 882#if _MIPS_SIM != _ABIN32 883#error 884#endif 885 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 886#if _MIPS_SIM != _ABI64 887#error 888#endif 889 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 890 ]) 891 ]) 892 ]) 893 ;; 894 esac 895 AC_MSG_CHECKING([for seccomp architecture]) 896 seccomp_audit_arch= 897 case "$host" in 898 x86_64-*) 899 seccomp_audit_arch=AUDIT_ARCH_X86_64 900 ;; 901 i*86-*) 902 seccomp_audit_arch=AUDIT_ARCH_I386 903 ;; 904 arm*-*) 905 seccomp_audit_arch=AUDIT_ARCH_ARM 906 ;; 907 aarch64*-*) 908 seccomp_audit_arch=AUDIT_ARCH_AARCH64 909 ;; 910 s390x-*) 911 seccomp_audit_arch=AUDIT_ARCH_S390X 912 ;; 913 s390-*) 914 seccomp_audit_arch=AUDIT_ARCH_S390 915 ;; 916 powerpc64-*) 917 seccomp_audit_arch=AUDIT_ARCH_PPC64 918 ;; 919 powerpc64le-*) 920 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 921 ;; 922 mips-*) 923 seccomp_audit_arch=AUDIT_ARCH_MIPS 924 ;; 925 mipsel-*) 926 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 927 ;; 928 mips64-*) 929 case "$mips_abi" in 930 "n32") 931 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 932 ;; 933 "n64") 934 seccomp_audit_arch=AUDIT_ARCH_MIPS64 935 ;; 936 esac 937 ;; 938 mips64el-*) 939 case "$mips_abi" in 940 "n32") 941 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 942 ;; 943 "n64") 944 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 945 ;; 946 esac 947 ;; 948 riscv64-*) 949 seccomp_audit_arch=AUDIT_ARCH_RISCV64 950 ;; 951 esac 952 if test "x$seccomp_audit_arch" != "x" ; then 953 AC_MSG_RESULT(["$seccomp_audit_arch"]) 954 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 955 [Specify the system call convention in use]) 956 else 957 AC_MSG_RESULT([architecture not supported]) 958 fi 959 ;; 960mips-sony-bsd|mips-sony-newsos4) 961 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 962 SONY=1 963 ;; 964*-*-netbsd*) 965 check_for_libcrypt_before=1 966 if test "x$withval" != "xno" ; then 967 rpath_opt="-R" 968 fi 969 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 970 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 971 AC_CHECK_HEADER([net/if_tap.h], , 972 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 973 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 974 [Prepend the address family to IP tunnel traffic]) 975 TEST_MALLOC_OPTIONS="AJRX" 976 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 977 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 978 ;; 979*-*-freebsd*) 980 check_for_libcrypt_later=1 981 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 982 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 983 AC_CHECK_HEADER([net/if_tap.h], , 984 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 985 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 986 TEST_MALLOC_OPTIONS="AJRX" 987 # Preauth crypto occasionally uses file descriptors for crypto offload 988 # and will crash if they cannot be opened. 989 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 990 [define if setrlimit RLIMIT_NOFILE breaks things]) 991 ;; 992*-*-bsdi*) 993 AC_DEFINE([SETEUID_BREAKS_SETUID]) 994 AC_DEFINE([BROKEN_SETREUID]) 995 AC_DEFINE([BROKEN_SETREGID]) 996 ;; 997*-next-*) 998 conf_lastlog_location="/usr/adm/lastlog" 999 conf_utmp_location=/etc/utmp 1000 conf_wtmp_location=/usr/adm/wtmp 1001 maildir=/usr/spool/mail 1002 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1003 AC_DEFINE([USE_PIPES]) 1004 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1005 ;; 1006*-*-openbsd*) 1007 use_pie=auto 1008 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1009 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1010 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1011 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1012 [syslog_r function is safe to use in in a signal handler]) 1013 TEST_MALLOC_OPTIONS="AFGJPRX" 1014 ;; 1015*-*-solaris*) 1016 if test "x$withval" != "xno" ; then 1017 rpath_opt="-R" 1018 fi 1019 AC_DEFINE([PAM_SUN_CODEBASE]) 1020 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1021 AC_DEFINE([PAM_TTY_KLUDGE]) 1022 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1023 [Define if pam_chauthtok wants real uid set 1024 to the unpriv'ed user]) 1025 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1026 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1027 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1028 [Define if sshd somehow reacquires a controlling TTY 1029 after setsid()]) 1030 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1031 in case the name is longer than 8 chars]) 1032 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1033 external_path_file=/etc/default/login 1034 # hardwire lastlog location (can't detect it on some versions) 1035 conf_lastlog_location="/var/adm/lastlog" 1036 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1037 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1038 if test "$sol2ver" -ge 8; then 1039 AC_MSG_RESULT([yes]) 1040 AC_DEFINE([DISABLE_UTMP]) 1041 AC_DEFINE([DISABLE_WTMP], [1], 1042 [Define if you don't want to use wtmp]) 1043 else 1044 AC_MSG_RESULT([no]) 1045 fi 1046 AC_CHECK_FUNCS([setpflags]) 1047 AC_CHECK_FUNCS([setppriv]) 1048 AC_CHECK_FUNCS([priv_basicset]) 1049 AC_CHECK_HEADERS([priv.h]) 1050 AC_ARG_WITH([solaris-contracts], 1051 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1052 [ 1053 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1054 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1055 [Define if you have Solaris process contracts]) 1056 LIBS="$LIBS -lcontract" 1057 SPC_MSG="yes" ], ) 1058 ], 1059 ) 1060 AC_ARG_WITH([solaris-projects], 1061 [ --with-solaris-projects Enable Solaris projects (experimental)], 1062 [ 1063 AC_CHECK_LIB([project], [setproject], 1064 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1065 [Define if you have Solaris projects]) 1066 LIBS="$LIBS -lproject" 1067 SP_MSG="yes" ], ) 1068 ], 1069 ) 1070 AC_ARG_WITH([solaris-privs], 1071 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1072 [ 1073 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1074 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1075 "x$ac_cv_header_priv_h" = "xyes" ; then 1076 SOLARIS_PRIVS=yes 1077 AC_MSG_RESULT([found]) 1078 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1079 [Define to disable UID restoration test]) 1080 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1081 [Define if you have Solaris privileges]) 1082 SPP_MSG="yes" 1083 else 1084 AC_MSG_RESULT([not found]) 1085 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1086 fi 1087 ], 1088 ) 1089 TEST_SHELL=$SHELL # let configure find us a capable shell 1090 ;; 1091*-*-sunos4*) 1092 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1093 AC_CHECK_FUNCS([getpwanam]) 1094 AC_DEFINE([PAM_SUN_CODEBASE]) 1095 conf_utmp_location=/etc/utmp 1096 conf_wtmp_location=/var/adm/wtmp 1097 conf_lastlog_location=/var/adm/lastlog 1098 AC_DEFINE([USE_PIPES]) 1099 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1100 ;; 1101*-ncr-sysv*) 1102 LIBS="$LIBS -lc89" 1103 AC_DEFINE([USE_PIPES]) 1104 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1105 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1106 AC_DEFINE([BROKEN_SETREUID]) 1107 AC_DEFINE([BROKEN_SETREGID]) 1108 ;; 1109*-sni-sysv*) 1110 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1111 AC_CHECK_LIB([dl], [dlsym], ,) 1112 # -lresolv needs to be at the end of LIBS or DNS lookups break 1113 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1114 IPADDR_IN_DISPLAY=yes 1115 AC_DEFINE([USE_PIPES]) 1116 AC_DEFINE([IP_TOS_IS_BROKEN]) 1117 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1118 AC_DEFINE([BROKEN_SETREUID]) 1119 AC_DEFINE([BROKEN_SETREGID]) 1120 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1121 external_path_file=/etc/default/login 1122 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1123 # Attention: always take care to bind libsocket and libnsl before libc, 1124 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1125 ;; 1126# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1127*-*-sysv4.2*) 1128 AC_DEFINE([USE_PIPES]) 1129 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1130 AC_DEFINE([BROKEN_SETREUID]) 1131 AC_DEFINE([BROKEN_SETREGID]) 1132 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1133 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1134 TEST_SHELL=$SHELL # let configure find us a capable shell 1135 ;; 1136# UnixWare 7.x, OpenUNIX 8 1137*-*-sysv5*) 1138 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1139 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1140 AC_DEFINE([USE_PIPES]) 1141 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1142 AC_DEFINE([BROKEN_GETADDRINFO]) 1143 AC_DEFINE([BROKEN_SETREUID]) 1144 AC_DEFINE([BROKEN_SETREGID]) 1145 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1146 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1147 TEST_SHELL=$SHELL # let configure find us a capable shell 1148 check_for_libcrypt_later=1 1149 case "$host" in 1150 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1151 maildir=/var/spool/mail 1152 AC_DEFINE([BROKEN_UPDWTMPX]) 1153 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1154 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1155 ], , ) 1156 ;; 1157 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1158 ;; 1159 esac 1160 ;; 1161*-*-sysv*) 1162 ;; 1163# SCO UNIX and OEM versions of SCO UNIX 1164*-*-sco3.2v4*) 1165 AC_MSG_ERROR("This Platform is no longer supported.") 1166 ;; 1167# SCO OpenServer 5.x 1168*-*-sco3.2v5*) 1169 if test -z "$GCC"; then 1170 CFLAGS="$CFLAGS -belf" 1171 fi 1172 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1173 no_dev_ptmx=1 1174 AC_DEFINE([USE_PIPES]) 1175 AC_DEFINE([HAVE_SECUREWARE]) 1176 AC_DEFINE([DISABLE_SHADOW]) 1177 AC_DEFINE([DISABLE_FD_PASSING]) 1178 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1179 AC_DEFINE([BROKEN_GETADDRINFO]) 1180 AC_DEFINE([BROKEN_SETREUID]) 1181 AC_DEFINE([BROKEN_SETREGID]) 1182 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1183 AC_DEFINE([BROKEN_UPDWTMPX]) 1184 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1185 AC_CHECK_FUNCS([getluid setluid]) 1186 MANTYPE=man 1187 TEST_SHELL=$SHELL # let configure find us a capable shell 1188 SKIP_DISABLE_LASTLOG_DEFINE=yes 1189 ;; 1190*-dec-osf*) 1191 AC_MSG_CHECKING([for Digital Unix SIA]) 1192 no_osfsia="" 1193 AC_ARG_WITH([osfsia], 1194 [ --with-osfsia Enable Digital Unix SIA], 1195 [ 1196 if test "x$withval" = "xno" ; then 1197 AC_MSG_RESULT([disabled]) 1198 no_osfsia=1 1199 fi 1200 ], 1201 ) 1202 if test -z "$no_osfsia" ; then 1203 if test -f /etc/sia/matrix.conf; then 1204 AC_MSG_RESULT([yes]) 1205 AC_DEFINE([HAVE_OSF_SIA], [1], 1206 [Define if you have Digital Unix Security 1207 Integration Architecture]) 1208 AC_DEFINE([DISABLE_LOGIN], [1], 1209 [Define if you don't want to use your 1210 system's login() call]) 1211 AC_DEFINE([DISABLE_FD_PASSING]) 1212 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1213 SIA_MSG="yes" 1214 else 1215 AC_MSG_RESULT([no]) 1216 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1217 [String used in /etc/passwd to denote locked account]) 1218 fi 1219 fi 1220 AC_DEFINE([BROKEN_GETADDRINFO]) 1221 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1222 AC_DEFINE([BROKEN_SETREUID]) 1223 AC_DEFINE([BROKEN_SETREGID]) 1224 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1225 ;; 1226 1227*-*-nto-qnx*) 1228 AC_DEFINE([USE_PIPES]) 1229 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1230 AC_DEFINE([DISABLE_LASTLOG]) 1231 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1232 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1233 enable_etc_default_login=no # has incompatible /etc/default/login 1234 case "$host" in 1235 *-*-nto-qnx6*) 1236 AC_DEFINE([DISABLE_FD_PASSING]) 1237 ;; 1238 esac 1239 ;; 1240 1241*-*-ultrix*) 1242 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1243 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1244 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1245 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1246 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1247 # don't get a controlling tty. 1248 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1249 # On Ultrix some headers are not protected against multiple includes, 1250 # so we create wrappers and put it where the compiler will find it. 1251 AC_MSG_WARN([creating compat wrappers for headers]) 1252 mkdir -p netinet 1253 for header in netinet/ip.h netdb.h resolv.h; do 1254 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1255 cat >$header <<EOD 1256#ifndef _SSH_COMPAT_${name} 1257#define _SSH_COMPAT_${name} 1258#include "/usr/include/${header}" 1259#endif 1260EOD 1261 done 1262 ;; 1263 1264*-*-lynxos) 1265 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1266 AC_DEFINE([BROKEN_SETVBUF], [1], 1267 [LynxOS has broken setvbuf() implementation]) 1268 ;; 1269esac 1270 1271AC_MSG_CHECKING([compiler and flags for sanity]) 1272AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1273 [ AC_MSG_RESULT([yes]) ], 1274 [ 1275 AC_MSG_RESULT([no]) 1276 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1277 ], 1278 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1279) 1280 1281dnl Checks for header files. 1282# Checks for libraries. 1283AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1284 1285dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1286AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1287 AC_CHECK_LIB([gen], [dirname], [ 1288 AC_CACHE_CHECK([for broken dirname], 1289 ac_cv_have_broken_dirname, [ 1290 save_LIBS="$LIBS" 1291 LIBS="$LIBS -lgen" 1292 AC_RUN_IFELSE( 1293 [AC_LANG_SOURCE([[ 1294#include <libgen.h> 1295#include <string.h> 1296#include <stdlib.h> 1297 1298int main(int argc, char **argv) { 1299 char *s, buf[32]; 1300 1301 strncpy(buf,"/etc", 32); 1302 s = dirname(buf); 1303 if (!s || strncmp(s, "/", 32) != 0) { 1304 exit(1); 1305 } else { 1306 exit(0); 1307 } 1308} 1309 ]])], 1310 [ ac_cv_have_broken_dirname="no" ], 1311 [ ac_cv_have_broken_dirname="yes" ], 1312 [ ac_cv_have_broken_dirname="no" ], 1313 ) 1314 LIBS="$save_LIBS" 1315 ]) 1316 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1317 LIBS="$LIBS -lgen" 1318 AC_DEFINE([HAVE_DIRNAME]) 1319 AC_CHECK_HEADERS([libgen.h]) 1320 fi 1321 ]) 1322]) 1323 1324AC_CHECK_FUNC([getspnam], , 1325 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1326AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1327 [Define if you have the basename function.])]) 1328 1329dnl zlib defaults to enabled 1330zlib=yes 1331AC_ARG_WITH([zlib], 1332 [ --with-zlib=PATH Use zlib in PATH], 1333 [ if test "x$withval" = "xno" ; then 1334 zlib=no 1335 elif test "x$withval" != "xyes"; then 1336 if test -d "$withval/lib"; then 1337 if test -n "${rpath_opt}"; then 1338 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1339 else 1340 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1341 fi 1342 else 1343 if test -n "${rpath_opt}"; then 1344 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1345 else 1346 LDFLAGS="-L${withval} ${LDFLAGS}" 1347 fi 1348 fi 1349 if test -d "$withval/include"; then 1350 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1351 else 1352 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1353 fi 1354 fi ] 1355) 1356 1357AC_MSG_CHECKING([for zlib]) 1358if test "x${zlib}" = "xno"; then 1359 AC_MSG_RESULT([no]) 1360else 1361 AC_MSG_RESULT([yes]) 1362 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1363 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1364 AC_CHECK_LIB([z], [deflate], , 1365 [ 1366 saved_CPPFLAGS="$CPPFLAGS" 1367 saved_LDFLAGS="$LDFLAGS" 1368 save_LIBS="$LIBS" 1369 dnl Check default zlib install dir 1370 if test -n "${rpath_opt}"; then 1371 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1372 else 1373 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1374 fi 1375 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1376 LIBS="$LIBS -lz" 1377 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1378 [ 1379 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1380 ] 1381 ) 1382 ] 1383 ) 1384 1385 AC_ARG_WITH([zlib-version-check], 1386 [ --without-zlib-version-check Disable zlib version check], 1387 [ if test "x$withval" = "xno" ; then 1388 zlib_check_nonfatal=1 1389 fi 1390 ] 1391 ) 1392 1393 AC_MSG_CHECKING([for possibly buggy zlib]) 1394 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1395#include <stdio.h> 1396#include <stdlib.h> 1397#include <zlib.h> 1398 ]], 1399 [[ 1400 int a=0, b=0, c=0, d=0, n, v; 1401 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1402 if (n != 3 && n != 4) 1403 exit(1); 1404 v = a*1000000 + b*10000 + c*100 + d; 1405 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1406 1407 /* 1.1.4 is OK */ 1408 if (a == 1 && b == 1 && c >= 4) 1409 exit(0); 1410 1411 /* 1.2.3 and up are OK */ 1412 if (v >= 1020300) 1413 exit(0); 1414 1415 exit(2); 1416 ]])], 1417 AC_MSG_RESULT([no]), 1418 [ AC_MSG_RESULT([yes]) 1419 if test -z "$zlib_check_nonfatal" ; then 1420 AC_MSG_ERROR([*** zlib too old - check config.log *** 1421Your reported zlib version has known security problems. It's possible your 1422vendor has fixed these problems without changing the version number. If you 1423are sure this is the case, you can disable the check by running 1424"./configure --without-zlib-version-check". 1425If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1426See http://www.gzip.org/zlib/ for details.]) 1427 else 1428 AC_MSG_WARN([zlib version may have security problems]) 1429 fi 1430 ], 1431 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1432 ) 1433fi 1434 1435dnl UnixWare 2.x 1436AC_CHECK_FUNC([strcasecmp], 1437 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1438) 1439AC_CHECK_FUNCS([utimes], 1440 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1441 LIBS="$LIBS -lc89"]) ] 1442) 1443 1444dnl Checks for libutil functions 1445AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1446AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1447AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1448AC_SEARCH_LIBS([login], [util bsd]) 1449AC_SEARCH_LIBS([logout], [util bsd]) 1450AC_SEARCH_LIBS([logwtmp], [util bsd]) 1451AC_SEARCH_LIBS([openpty], [util bsd]) 1452AC_SEARCH_LIBS([updwtmp], [util bsd]) 1453AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1454 1455# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1456# or libnsl. 1457AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1458AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1459 1460# Some Linux distribtions ship the BSD libc hashing functions in 1461# separate libraries. 1462AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1463 1464# "Particular Function Checks" 1465# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1466AC_FUNC_STRFTIME 1467AC_FUNC_MALLOC 1468AC_FUNC_REALLOC 1469# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1470AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1471AC_RUN_IFELSE( 1472 [AC_LANG_PROGRAM( 1473 [[ #include <stdlib.h> ]], 1474 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1475 )], 1476 [ func_calloc_0_nonnull=yes ], 1477 [ func_calloc_0_nonnull=no ], 1478 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1479 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1480) 1481AC_MSG_RESULT([$func_calloc_0_nonnull]) 1482 1483if test "x$func_calloc_0_nonnull" = "xyes"; then 1484 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1485else 1486 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1487 AC_DEFINE(calloc, rpl_calloc, 1488 [Define to rpl_calloc if the replacement function should be used.]) 1489fi 1490 1491# Check for ALTDIRFUNC glob() extension 1492AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1493AC_EGREP_CPP([FOUNDIT], 1494 [ 1495 #include <glob.h> 1496 #ifdef GLOB_ALTDIRFUNC 1497 FOUNDIT 1498 #endif 1499 ], 1500 [ 1501 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1502 [Define if your system glob() function has 1503 the GLOB_ALTDIRFUNC extension]) 1504 AC_MSG_RESULT([yes]) 1505 ], 1506 [ 1507 AC_MSG_RESULT([no]) 1508 ] 1509) 1510 1511# Check for g.gl_matchc glob() extension 1512AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1513AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1514 [[ glob_t g; g.gl_matchc = 1; ]])], 1515 [ 1516 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1517 [Define if your system glob() function has 1518 gl_matchc options in glob_t]) 1519 AC_MSG_RESULT([yes]) 1520 ], [ 1521 AC_MSG_RESULT([no]) 1522]) 1523 1524# Check for g.gl_statv glob() extension 1525AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1526AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1527#ifndef GLOB_KEEPSTAT 1528#error "glob does not support GLOB_KEEPSTAT extension" 1529#endif 1530glob_t g; 1531g.gl_statv = NULL; 1532]])], 1533 [ 1534 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1535 [Define if your system glob() function has 1536 gl_statv options in glob_t]) 1537 AC_MSG_RESULT([yes]) 1538 ], [ 1539 AC_MSG_RESULT([no]) 1540 1541]) 1542 1543AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1544 1545AC_CHECK_DECL([VIS_ALL], , 1546 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1547 1548AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1549AC_RUN_IFELSE( 1550 [AC_LANG_PROGRAM([[ 1551#include <sys/types.h> 1552#include <dirent.h> 1553#include <stdlib.h> 1554 ]], 1555 [[ 1556 struct dirent d; 1557 exit(sizeof(d.d_name)<=sizeof(char)); 1558 ]])], 1559 [AC_MSG_RESULT([yes])], 1560 [ 1561 AC_MSG_RESULT([no]) 1562 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1563 [Define if your struct dirent expects you to 1564 allocate extra space for d_name]) 1565 ], 1566 [ 1567 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1568 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1569 ] 1570) 1571 1572AC_MSG_CHECKING([for /proc/pid/fd directory]) 1573if test -d "/proc/$$/fd" ; then 1574 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1575 AC_MSG_RESULT([yes]) 1576else 1577 AC_MSG_RESULT([no]) 1578fi 1579 1580# Check whether user wants TCP wrappers support 1581TCPW_MSG="no" 1582AC_ARG_WITH([tcp-wrappers], 1583 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1584 [ 1585 if test "x$withval" != "xno" ; then 1586 saved_LIBS="$LIBS" 1587 saved_LDFLAGS="$LDFLAGS" 1588 saved_CPPFLAGS="$CPPFLAGS" 1589 if test -n "${withval}" && \ 1590 test "x${withval}" != "xyes"; then 1591 if test -d "${withval}/lib"; then 1592 if test -n "${need_dash_r}"; then 1593 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1594 else 1595 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1596 fi 1597 else 1598 if test -n "${need_dash_r}"; then 1599 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1600 else 1601 LDFLAGS="-L${withval} ${LDFLAGS}" 1602 fi 1603 fi 1604 if test -d "${withval}/include"; then 1605 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1606 else 1607 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1608 fi 1609 fi 1610 LIBS="-lwrap $LIBS" 1611 AC_MSG_CHECKING([for libwrap]) 1612 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1613#include <sys/types.h> 1614#include <sys/socket.h> 1615#include <netinet/in.h> 1616#include <tcpd.h> 1617int deny_severity = 0, allow_severity = 0; 1618 ]], [[ 1619 hosts_access(0); 1620 ]])], [ 1621 AC_MSG_RESULT([yes]) 1622 AC_DEFINE([LIBWRAP], [1], 1623 [Define if you want 1624 TCP Wrappers support]) 1625 SSHDLIBS="$SSHDLIBS -lwrap" 1626 TCPW_MSG="yes" 1627 ], [ 1628 AC_MSG_ERROR([*** libwrap missing]) 1629 ]) 1630 LIBS="$saved_LIBS" 1631 fi 1632 ] 1633) 1634 1635# Check whether user wants to use ldns 1636LDNS_MSG="no" 1637AC_ARG_WITH(ldns, 1638 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1639 [ 1640 ldns="" 1641 if test "x$withval" = "xyes" ; then 1642 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1643 if test "x$LDNSCONFIG" = "xno"; then 1644 LIBS="-lldns $LIBS" 1645 ldns=yes 1646 else 1647 LIBS="$LIBS `$LDNSCONFIG --libs`" 1648 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1649 ldns=yes 1650 fi 1651 elif test "x$withval" != "xno" ; then 1652 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1653 LDFLAGS="$LDFLAGS -L${withval}/lib" 1654 LIBS="-lldns $LIBS" 1655 ldns=yes 1656 fi 1657 1658 # Verify that it works. 1659 if test "x$ldns" = "xyes" ; then 1660 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1661 LDNS_MSG="yes" 1662 AC_MSG_CHECKING([for ldns support]) 1663 AC_LINK_IFELSE( 1664 [AC_LANG_SOURCE([[ 1665#include <stdio.h> 1666#include <stdlib.h> 1667#ifdef HAVE_STDINT_H 1668# include <stdint.h> 1669#endif 1670#include <ldns/ldns.h> 1671int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1672 ]]) 1673 ], 1674 [AC_MSG_RESULT(yes)], 1675 [ 1676 AC_MSG_RESULT(no) 1677 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1678 ]) 1679 fi 1680]) 1681 1682# Check whether user wants libedit support 1683LIBEDIT_MSG="no" 1684AC_ARG_WITH([libedit], 1685 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1686 [ if test "x$withval" != "xno" ; then 1687 if test "x$withval" = "xyes" ; then 1688 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1689 if test "x$PKGCONFIG" != "xno"; then 1690 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1691 if "$PKGCONFIG" libedit; then 1692 AC_MSG_RESULT([yes]) 1693 use_pkgconfig_for_libedit=yes 1694 else 1695 AC_MSG_RESULT([no]) 1696 fi 1697 fi 1698 else 1699 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1700 if test -n "${rpath_opt}"; then 1701 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1702 else 1703 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1704 fi 1705 fi 1706 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1707 LIBEDIT=`$PKGCONFIG --libs libedit` 1708 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1709 else 1710 LIBEDIT="-ledit -lcurses" 1711 fi 1712 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1713 AC_CHECK_LIB([edit], [el_init], 1714 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1715 LIBEDIT_MSG="yes" 1716 AC_SUBST([LIBEDIT]) 1717 ], 1718 [ AC_MSG_ERROR([libedit not found]) ], 1719 [ $OTHERLIBS ] 1720 ) 1721 AC_MSG_CHECKING([if libedit version is compatible]) 1722 AC_COMPILE_IFELSE( 1723 [AC_LANG_PROGRAM([[ 1724#include <histedit.h> 1725#include <stdlib.h> 1726 ]], 1727 [[ 1728 int i = H_SETSIZE; 1729 el_init("", NULL, NULL, NULL); 1730 exit(0); 1731 ]])], 1732 [ AC_MSG_RESULT([yes]) ], 1733 [ AC_MSG_RESULT([no]) 1734 AC_MSG_ERROR([libedit version is not compatible]) ] 1735 ) 1736 fi ] 1737) 1738 1739AUDIT_MODULE=none 1740AC_ARG_WITH([audit], 1741 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1742 [ 1743 AC_MSG_CHECKING([for supported audit module]) 1744 case "$withval" in 1745 bsm) 1746 AC_MSG_RESULT([bsm]) 1747 AUDIT_MODULE=bsm 1748 dnl Checks for headers, libs and functions 1749 AC_CHECK_HEADERS([bsm/audit.h], [], 1750 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1751 [ 1752#ifdef HAVE_TIME_H 1753# include <time.h> 1754#endif 1755 ] 1756) 1757 AC_CHECK_LIB([bsm], [getaudit], [], 1758 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1759 AC_CHECK_FUNCS([getaudit], [], 1760 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1761 # These are optional 1762 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1763 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1764 if test "$sol2ver" -ge 11; then 1765 SSHDLIBS="$SSHDLIBS -lscf" 1766 AC_DEFINE([BROKEN_BSM_API], [1], 1767 [The system has incomplete BSM API]) 1768 fi 1769 ;; 1770 linux) 1771 AC_MSG_RESULT([linux]) 1772 AUDIT_MODULE=linux 1773 dnl Checks for headers, libs and functions 1774 AC_CHECK_HEADERS([libaudit.h]) 1775 SSHDLIBS="$SSHDLIBS -laudit" 1776 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1777 ;; 1778 debug) 1779 AUDIT_MODULE=debug 1780 AC_MSG_RESULT([debug]) 1781 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1782 ;; 1783 no) 1784 AC_MSG_RESULT([no]) 1785 ;; 1786 *) 1787 AC_MSG_ERROR([Unknown audit module $withval]) 1788 ;; 1789 esac ] 1790) 1791 1792AC_ARG_WITH([pie], 1793 [ --with-pie Build Position Independent Executables if possible], [ 1794 if test "x$withval" = "xno"; then 1795 use_pie=no 1796 fi 1797 if test "x$withval" = "xyes"; then 1798 use_pie=yes 1799 fi 1800 ] 1801) 1802if test "x$use_pie" = "x"; then 1803 use_pie=no 1804fi 1805if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1806 # Turn off automatic PIE when toolchain hardening is off. 1807 use_pie=no 1808fi 1809if test "x$use_pie" = "xauto"; then 1810 # Automatic PIE requires gcc >= 4.x 1811 AC_MSG_CHECKING([for gcc >= 4.x]) 1812 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1813#if !defined(__GNUC__) || __GNUC__ < 4 1814#error gcc is too old 1815#endif 1816]])], 1817 [ AC_MSG_RESULT([yes]) ], 1818 [ AC_MSG_RESULT([no]) 1819 use_pie=no ] 1820) 1821fi 1822if test "x$use_pie" != "xno"; then 1823 SAVED_CFLAGS="$CFLAGS" 1824 SAVED_LDFLAGS="$LDFLAGS" 1825 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1826 OSSH_CHECK_LDFLAG_LINK([-pie]) 1827 # We use both -fPIE and -pie or neither. 1828 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1829 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1830 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1831 AC_MSG_RESULT([yes]) 1832 else 1833 AC_MSG_RESULT([no]) 1834 CFLAGS="$SAVED_CFLAGS" 1835 LDFLAGS="$SAVED_LDFLAGS" 1836 fi 1837fi 1838 1839AC_MSG_CHECKING([whether -fPIC is accepted]) 1840SAVED_CFLAGS="$CFLAGS" 1841CFLAGS="$CFLAGS -fPIC" 1842AC_COMPILE_IFELSE( 1843 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1844 [AC_MSG_RESULT([yes]) 1845 PICFLAG="-fPIC"; ], 1846 [AC_MSG_RESULT([no]) 1847 PICFLAG=""; ]) 1848CFLAGS="$SAVED_CFLAGS" 1849AC_SUBST([PICFLAG]) 1850 1851dnl Checks for library functions. Please keep in alphabetical order 1852AC_CHECK_FUNCS([ \ 1853 auth_hostok \ 1854 auth_timeok \ 1855 Blowfish_initstate \ 1856 Blowfish_expandstate \ 1857 Blowfish_expand0state \ 1858 Blowfish_stream2word \ 1859 SHA256Update \ 1860 SHA384Update \ 1861 SHA512Update \ 1862 asprintf \ 1863 b64_ntop \ 1864 __b64_ntop \ 1865 b64_pton \ 1866 __b64_pton \ 1867 bcopy \ 1868 bcrypt_pbkdf \ 1869 bindresvport_sa \ 1870 blf_enc \ 1871 bzero \ 1872 cap_rights_limit \ 1873 clock \ 1874 closefrom \ 1875 dirfd \ 1876 endgrent \ 1877 err \ 1878 errx \ 1879 explicit_bzero \ 1880 explicit_memset \ 1881 fchmod \ 1882 fchmodat \ 1883 fchown \ 1884 fchownat \ 1885 flock \ 1886 fnmatch \ 1887 freeaddrinfo \ 1888 freezero \ 1889 fstatfs \ 1890 fstatvfs \ 1891 futimes \ 1892 getaddrinfo \ 1893 getcwd \ 1894 getgrouplist \ 1895 getline \ 1896 getnameinfo \ 1897 getopt \ 1898 getpagesize \ 1899 getpeereid \ 1900 getpeerucred \ 1901 getpgid \ 1902 _getpty \ 1903 getrlimit \ 1904 getrandom \ 1905 getsid \ 1906 getttyent \ 1907 glob \ 1908 group_from_gid \ 1909 inet_aton \ 1910 inet_ntoa \ 1911 inet_ntop \ 1912 innetgr \ 1913 llabs \ 1914 localtime_r \ 1915 login_getcapbool \ 1916 login_getpwclass \ 1917 md5_crypt \ 1918 memmem \ 1919 memmove \ 1920 memset_s \ 1921 mkdtemp \ 1922 ngetaddrinfo \ 1923 nsleep \ 1924 ogetaddrinfo \ 1925 openlog_r \ 1926 pledge \ 1927 poll \ 1928 prctl \ 1929 procctl \ 1930 pselect \ 1931 pstat \ 1932 raise \ 1933 readpassphrase \ 1934 reallocarray \ 1935 realpath \ 1936 recvmsg \ 1937 recallocarray \ 1938 rresvport_af \ 1939 sendmsg \ 1940 setdtablesize \ 1941 setegid \ 1942 setenv \ 1943 seteuid \ 1944 setgroupent \ 1945 setgroups \ 1946 setlinebuf \ 1947 setlogin \ 1948 setpassent\ 1949 setpcred \ 1950 setproctitle \ 1951 setregid \ 1952 setreuid \ 1953 setrlimit \ 1954 setsid \ 1955 setvbuf \ 1956 sigaction \ 1957 sigvec \ 1958 snprintf \ 1959 socketpair \ 1960 statfs \ 1961 statvfs \ 1962 strcasestr \ 1963 strdup \ 1964 strerror \ 1965 strlcat \ 1966 strlcpy \ 1967 strmode \ 1968 strndup \ 1969 strnlen \ 1970 strnvis \ 1971 strptime \ 1972 strsignal \ 1973 strtonum \ 1974 strtoll \ 1975 strtoul \ 1976 strtoull \ 1977 swap32 \ 1978 sysconf \ 1979 tcgetpgrp \ 1980 timingsafe_bcmp \ 1981 truncate \ 1982 unsetenv \ 1983 updwtmpx \ 1984 utimensat \ 1985 user_from_uid \ 1986 usleep \ 1987 vasprintf \ 1988 vsnprintf \ 1989 waitpid \ 1990 warn \ 1991]) 1992 1993AC_CHECK_DECLS([bzero, memmem]) 1994 1995dnl Wide character support. 1996AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1997 1998TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1999AC_MSG_CHECKING([for utf8 locale support]) 2000AC_RUN_IFELSE( 2001 [AC_LANG_PROGRAM([[ 2002#include <locale.h> 2003#include <stdlib.h> 2004 ]], [[ 2005 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2006 if (loc != NULL) 2007 exit(0); 2008 exit(1); 2009 ]])], 2010 AC_MSG_RESULT(yes), 2011 [AC_MSG_RESULT(no) 2012 TEST_SSH_UTF8=no], 2013 AC_MSG_WARN([cross compiling: assuming yes]) 2014) 2015 2016AC_LINK_IFELSE( 2017 [AC_LANG_PROGRAM( 2018 [[ #include <ctype.h> ]], 2019 [[ return (isblank('a')); ]])], 2020 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2021]) 2022 2023disable_pkcs11= 2024AC_ARG_ENABLE([pkcs11], 2025 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2026 [ 2027 if test "x$enableval" = "xno" ; then 2028 disable_pkcs11=1 2029 fi 2030 ] 2031) 2032 2033disable_sk= 2034AC_ARG_ENABLE([security-key], 2035 [ --disable-security-key disable U2F/FIDO support code [no]], 2036 [ 2037 if test "x$enableval" = "xno" ; then 2038 disable_sk=1 2039 fi 2040 ] 2041) 2042enable_sk_internal= 2043AC_ARG_WITH([security-key-builtin], 2044 [ --with-security-key-builtin include builtin U2F/FIDO support], 2045 [ 2046 if test "x$withval" != "xno" ; then 2047 enable_sk_internal=yes 2048 fi 2049 ] 2050) 2051test "x$disable_sk" != "x" && enable_sk_internal="" 2052 2053AC_SEARCH_LIBS([dlopen], [dl]) 2054AC_CHECK_FUNCS([dlopen]) 2055AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2056 2057# IRIX has a const char return value for gai_strerror() 2058AC_CHECK_FUNCS([gai_strerror], [ 2059 AC_DEFINE([HAVE_GAI_STRERROR]) 2060 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2061#include <sys/types.h> 2062#include <sys/socket.h> 2063#include <netdb.h> 2064 2065const char *gai_strerror(int); 2066 ]], [[ 2067 char *str; 2068 str = gai_strerror(0); 2069 ]])], [ 2070 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2071 [Define if gai_strerror() returns const char *])], [])]) 2072 2073AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2074 [Some systems put nanosleep outside of libc])]) 2075 2076AC_SEARCH_LIBS([clock_gettime], [rt], 2077 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2078 2079dnl check if we need -D_REENTRANT for localtime_r declaration. 2080AC_CHECK_DECL([localtime_r], [], 2081 [ saved_CPPFLAGS="$CPPFLAGS" 2082 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2083 unset ac_cv_have_decl_localtime_r 2084 AC_CHECK_DECL([localtime_r], [], 2085 [ CPPFLAGS="$saved_CPPFLAGS" ], 2086 [ #include <time.h> ] 2087 ) 2088 ], 2089 [ #include <time.h> ] 2090) 2091 2092dnl Make sure prototypes are defined for these before using them. 2093AC_CHECK_DECL([strsep], 2094 [AC_CHECK_FUNCS([strsep])], 2095 [], 2096 [ 2097#ifdef HAVE_STRING_H 2098# include <string.h> 2099#endif 2100 ]) 2101 2102dnl tcsendbreak might be a macro 2103AC_CHECK_DECL([tcsendbreak], 2104 [AC_DEFINE([HAVE_TCSENDBREAK])], 2105 [AC_CHECK_FUNCS([tcsendbreak])], 2106 [#include <termios.h>] 2107) 2108 2109AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2110 2111AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2112 [ 2113#include <sys/types.h> 2114#include <sys/socket.h> 2115#include <unistd.h> 2116 ]) 2117 2118AC_CHECK_DECLS([O_NONBLOCK], , , 2119 [ 2120#include <sys/types.h> 2121#ifdef HAVE_SYS_STAT_H 2122# include <sys/stat.h> 2123#endif 2124#ifdef HAVE_FCNTL_H 2125# include <fcntl.h> 2126#endif 2127 ]) 2128 2129AC_CHECK_DECLS([readv, writev], , , [ 2130#include <sys/types.h> 2131#include <sys/uio.h> 2132#include <unistd.h> 2133 ]) 2134 2135AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2136#include <sys/param.h> 2137 ]) 2138 2139AC_CHECK_DECLS([offsetof], , , [ 2140#include <stddef.h> 2141 ]) 2142 2143# extra bits for select(2) 2144AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2145#include <sys/param.h> 2146#include <sys/types.h> 2147#ifdef HAVE_SYS_SYSMACROS_H 2148#include <sys/sysmacros.h> 2149#endif 2150#ifdef HAVE_SYS_SELECT_H 2151#include <sys/select.h> 2152#endif 2153#ifdef HAVE_SYS_TIME_H 2154#include <sys/time.h> 2155#endif 2156#ifdef HAVE_UNISTD_H 2157#include <unistd.h> 2158#endif 2159 ]]) 2160AC_CHECK_TYPES([fd_mask], [], [], [[ 2161#include <sys/param.h> 2162#include <sys/types.h> 2163#ifdef HAVE_SYS_SELECT_H 2164#include <sys/select.h> 2165#endif 2166#ifdef HAVE_SYS_TIME_H 2167#include <sys/time.h> 2168#endif 2169#ifdef HAVE_UNISTD_H 2170#include <unistd.h> 2171#endif 2172 ]]) 2173 2174AC_CHECK_FUNCS([setresuid], [ 2175 dnl Some platorms have setresuid that isn't implemented, test for this 2176 AC_MSG_CHECKING([if setresuid seems to work]) 2177 AC_RUN_IFELSE( 2178 [AC_LANG_PROGRAM([[ 2179#include <stdlib.h> 2180#include <errno.h> 2181 ]], [[ 2182 errno=0; 2183 setresuid(0,0,0); 2184 if (errno==ENOSYS) 2185 exit(1); 2186 else 2187 exit(0); 2188 ]])], 2189 [AC_MSG_RESULT([yes])], 2190 [AC_DEFINE([BROKEN_SETRESUID], [1], 2191 [Define if your setresuid() is broken]) 2192 AC_MSG_RESULT([not implemented])], 2193 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2194 ) 2195]) 2196 2197AC_CHECK_FUNCS([setresgid], [ 2198 dnl Some platorms have setresgid that isn't implemented, test for this 2199 AC_MSG_CHECKING([if setresgid seems to work]) 2200 AC_RUN_IFELSE( 2201 [AC_LANG_PROGRAM([[ 2202#include <stdlib.h> 2203#include <errno.h> 2204 ]], [[ 2205 errno=0; 2206 setresgid(0,0,0); 2207 if (errno==ENOSYS) 2208 exit(1); 2209 else 2210 exit(0); 2211 ]])], 2212 [AC_MSG_RESULT([yes])], 2213 [AC_DEFINE([BROKEN_SETRESGID], [1], 2214 [Define if your setresgid() is broken]) 2215 AC_MSG_RESULT([not implemented])], 2216 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2217 ) 2218]) 2219 2220AC_MSG_CHECKING([for working fflush(NULL)]) 2221AC_RUN_IFELSE( 2222 [AC_LANG_PROGRAM([[ 2223#include <stdio.h> 2224#include <stdlib.h> 2225 ]], 2226 [[fflush(NULL); exit(0);]])], 2227 AC_MSG_RESULT([yes]), 2228 [AC_MSG_RESULT([no]) 2229 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2230 [define if fflush(NULL) does not work])], 2231 AC_MSG_WARN([cross compiling: assuming working]) 2232) 2233 2234dnl Checks for time functions 2235AC_CHECK_FUNCS([gettimeofday time]) 2236dnl Checks for utmp functions 2237AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2238AC_CHECK_FUNCS([utmpname]) 2239dnl Checks for utmpx functions 2240AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2241AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2242dnl Checks for lastlog functions 2243AC_CHECK_FUNCS([getlastlogxbyname]) 2244 2245AC_CHECK_FUNC([daemon], 2246 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2247 [AC_CHECK_LIB([bsd], [daemon], 2248 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2249) 2250 2251AC_CHECK_FUNC([getpagesize], 2252 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2253 [Define if your libraries define getpagesize()])], 2254 [AC_CHECK_LIB([ucb], [getpagesize], 2255 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2256) 2257 2258# Check for broken snprintf 2259if test "x$ac_cv_func_snprintf" = "xyes" ; then 2260 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2261 AC_RUN_IFELSE( 2262 [AC_LANG_PROGRAM([[ 2263#include <stdio.h> 2264#include <stdlib.h> 2265 ]], 2266 [[ 2267 char b[5]; 2268 snprintf(b,5,"123456789"); 2269 exit(b[4]!='\0'); 2270 ]])], 2271 [AC_MSG_RESULT([yes])], 2272 [ 2273 AC_MSG_RESULT([no]) 2274 AC_DEFINE([BROKEN_SNPRINTF], [1], 2275 [Define if your snprintf is busted]) 2276 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2277 ], 2278 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2279 ) 2280fi 2281 2282if test "x$ac_cv_func_snprintf" = "xyes" ; then 2283 AC_MSG_CHECKING([whether snprintf understands %zu]) 2284 AC_RUN_IFELSE( 2285 [AC_LANG_PROGRAM([[ 2286#include <sys/types.h> 2287#include <stdio.h> 2288#include <stdlib.h> 2289#include <string.h> 2290 ]], 2291 [[ 2292 size_t a = 1, b = 2; 2293 char z[128]; 2294 snprintf(z, sizeof z, "%zu%zu", a, b); 2295 exit(strcmp(z, "12")); 2296 ]])], 2297 [AC_MSG_RESULT([yes])], 2298 [ 2299 AC_MSG_RESULT([no]) 2300 AC_DEFINE([BROKEN_SNPRINTF], [1], 2301 [snprintf does not understand %zu]) 2302 ], 2303 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2304 ) 2305fi 2306 2307# We depend on vsnprintf returning the right thing on overflow: the 2308# number of characters it tried to create (as per SUSv3) 2309if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2310 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2311 AC_RUN_IFELSE( 2312 [AC_LANG_PROGRAM([[ 2313#include <sys/types.h> 2314#include <stdio.h> 2315#include <stdarg.h> 2316 2317int x_snprintf(char *str, size_t count, const char *fmt, ...) 2318{ 2319 size_t ret; 2320 va_list ap; 2321 2322 va_start(ap, fmt); 2323 ret = vsnprintf(str, count, fmt, ap); 2324 va_end(ap); 2325 return ret; 2326} 2327 ]], [[ 2328char x[1]; 2329if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2330 return 1; 2331if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2332 return 1; 2333return 0; 2334 ]])], 2335 [AC_MSG_RESULT([yes])], 2336 [ 2337 AC_MSG_RESULT([no]) 2338 AC_DEFINE([BROKEN_SNPRINTF], [1], 2339 [Define if your snprintf is busted]) 2340 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2341 ], 2342 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2343 ) 2344fi 2345 2346# On systems where [v]snprintf is broken, but is declared in stdio, 2347# check that the fmt argument is const char * or just char *. 2348# This is only useful for when BROKEN_SNPRINTF 2349AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2350AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2351#include <stdio.h> 2352int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2353 ]], [[ 2354 snprintf(0, 0, 0); 2355 ]])], 2356 [AC_MSG_RESULT([yes]) 2357 AC_DEFINE([SNPRINTF_CONST], [const], 2358 [Define as const if snprintf() can declare const char *fmt])], 2359 [AC_MSG_RESULT([no]) 2360 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2361 2362# Check for missing getpeereid (or equiv) support 2363NO_PEERCHECK="" 2364if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2365 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2366 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2367#include <sys/types.h> 2368#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2369 [ AC_MSG_RESULT([yes]) 2370 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2371 ], [AC_MSG_RESULT([no]) 2372 NO_PEERCHECK=1 2373 ]) 2374fi 2375 2376dnl make sure that openpty does not reacquire controlling terminal 2377if test ! -z "$check_for_openpty_ctty_bug"; then 2378 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2379 AC_RUN_IFELSE( 2380 [AC_LANG_PROGRAM([[ 2381#include <stdio.h> 2382#include <stdlib.h> 2383#include <unistd.h> 2384#include <sys/fcntl.h> 2385#include <sys/types.h> 2386#include <sys/wait.h> 2387 ]], [[ 2388 pid_t pid; 2389 int fd, ptyfd, ttyfd, status; 2390 2391 pid = fork(); 2392 if (pid < 0) { /* failed */ 2393 exit(1); 2394 } else if (pid > 0) { /* parent */ 2395 waitpid(pid, &status, 0); 2396 if (WIFEXITED(status)) 2397 exit(WEXITSTATUS(status)); 2398 else 2399 exit(2); 2400 } else { /* child */ 2401 close(0); close(1); close(2); 2402 setsid(); 2403 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2404 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2405 if (fd >= 0) 2406 exit(3); /* Acquired ctty: broken */ 2407 else 2408 exit(0); /* Did not acquire ctty: OK */ 2409 } 2410 ]])], 2411 [ 2412 AC_MSG_RESULT([yes]) 2413 ], 2414 [ 2415 AC_MSG_RESULT([no]) 2416 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2417 ], 2418 [ 2419 AC_MSG_RESULT([cross-compiling, assuming yes]) 2420 ] 2421 ) 2422fi 2423 2424if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2425 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2426 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2427 AC_RUN_IFELSE( 2428 [AC_LANG_PROGRAM([[ 2429#include <stdio.h> 2430#include <stdlib.h> 2431#include <sys/socket.h> 2432#include <netdb.h> 2433#include <errno.h> 2434#include <netinet/in.h> 2435 2436#define TEST_PORT "2222" 2437 ]], [[ 2438 int err, sock; 2439 struct addrinfo *gai_ai, *ai, hints; 2440 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2441 2442 memset(&hints, 0, sizeof(hints)); 2443 hints.ai_family = PF_UNSPEC; 2444 hints.ai_socktype = SOCK_STREAM; 2445 hints.ai_flags = AI_PASSIVE; 2446 2447 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2448 if (err != 0) { 2449 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2450 exit(1); 2451 } 2452 2453 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2454 if (ai->ai_family != AF_INET6) 2455 continue; 2456 2457 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2458 sizeof(ntop), strport, sizeof(strport), 2459 NI_NUMERICHOST|NI_NUMERICSERV); 2460 2461 if (err != 0) { 2462 if (err == EAI_SYSTEM) 2463 perror("getnameinfo EAI_SYSTEM"); 2464 else 2465 fprintf(stderr, "getnameinfo failed: %s\n", 2466 gai_strerror(err)); 2467 exit(2); 2468 } 2469 2470 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2471 if (sock < 0) 2472 perror("socket"); 2473 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2474 if (errno == EBADF) 2475 exit(3); 2476 } 2477 } 2478 exit(0); 2479 ]])], 2480 [ 2481 AC_MSG_RESULT([yes]) 2482 ], 2483 [ 2484 AC_MSG_RESULT([no]) 2485 AC_DEFINE([BROKEN_GETADDRINFO]) 2486 ], 2487 [ 2488 AC_MSG_RESULT([cross-compiling, assuming yes]) 2489 ] 2490 ) 2491fi 2492 2493if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2494 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2495 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2496 AC_RUN_IFELSE( 2497 [AC_LANG_PROGRAM([[ 2498#include <stdio.h> 2499#include <stdlib.h> 2500#include <sys/socket.h> 2501#include <netdb.h> 2502#include <errno.h> 2503#include <netinet/in.h> 2504 2505#define TEST_PORT "2222" 2506 ]], [[ 2507 int err, sock; 2508 struct addrinfo *gai_ai, *ai, hints; 2509 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2510 2511 memset(&hints, 0, sizeof(hints)); 2512 hints.ai_family = PF_UNSPEC; 2513 hints.ai_socktype = SOCK_STREAM; 2514 hints.ai_flags = AI_PASSIVE; 2515 2516 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2517 if (err != 0) { 2518 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2519 exit(1); 2520 } 2521 2522 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2523 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2524 continue; 2525 2526 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2527 sizeof(ntop), strport, sizeof(strport), 2528 NI_NUMERICHOST|NI_NUMERICSERV); 2529 2530 if (ai->ai_family == AF_INET && err != 0) { 2531 perror("getnameinfo"); 2532 exit(2); 2533 } 2534 } 2535 exit(0); 2536 ]])], 2537 [ 2538 AC_MSG_RESULT([yes]) 2539 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2540 [Define if you have a getaddrinfo that fails 2541 for the all-zeros IPv6 address]) 2542 ], 2543 [ 2544 AC_MSG_RESULT([no]) 2545 AC_DEFINE([BROKEN_GETADDRINFO]) 2546 ], 2547 [ 2548 AC_MSG_RESULT([cross-compiling, assuming no]) 2549 ] 2550 ) 2551fi 2552 2553if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2554 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2555 [#include <sys/types.h> 2556 #include <sys/socket.h> 2557 #include <netdb.h>]) 2558fi 2559 2560if test "x$check_for_conflicting_getspnam" = "x1"; then 2561 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2562 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2563#include <shadow.h> 2564#include <stdlib.h> 2565 ]], 2566 [[ exit(0); ]])], 2567 [ 2568 AC_MSG_RESULT([no]) 2569 ], 2570 [ 2571 AC_MSG_RESULT([yes]) 2572 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2573 [Conflicting defs for getspnam]) 2574 ] 2575 ) 2576fi 2577 2578dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2579dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2580dnl for over ten years). Despite this incompatibility being reported during 2581dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2582dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2583dnl implementation. Try to detect this mess, and assume the only safe option 2584dnl if we're cross compiling. 2585dnl 2586dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2587dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2588if test "x$ac_cv_func_strnvis" = "xyes"; then 2589 AC_MSG_CHECKING([for working strnvis]) 2590 AC_RUN_IFELSE( 2591 [AC_LANG_PROGRAM([[ 2592#include <signal.h> 2593#include <stdlib.h> 2594#include <string.h> 2595#include <unistd.h> 2596#include <vis.h> 2597static void sighandler(int sig) { _exit(1); } 2598 ]], [[ 2599 char dst[16]; 2600 2601 signal(SIGSEGV, sighandler); 2602 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2603 exit(0); 2604 exit(1) 2605 ]])], 2606 [AC_MSG_RESULT([yes])], 2607 [AC_MSG_RESULT([no]) 2608 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2609 [AC_MSG_WARN([cross compiling: assuming broken]) 2610 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2611 ) 2612fi 2613 2614AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2615AC_RUN_IFELSE( 2616 [AC_LANG_PROGRAM([[ 2617#ifdef HAVE_SYS_SELECT 2618# include <sys/select.h> 2619#endif 2620#include <sys/types.h> 2621#include <sys/time.h> 2622#include <stdlib.h> 2623#include <signal.h> 2624#include <unistd.h> 2625static void sighandler(int sig) { } 2626 ]], [[ 2627 int r; 2628 pid_t pid; 2629 struct sigaction sa; 2630 2631 sa.sa_handler = sighandler; 2632 sa.sa_flags = SA_RESTART; 2633 (void)sigaction(SIGTERM, &sa, NULL); 2634 if ((pid = fork()) == 0) { /* child */ 2635 pid = getppid(); 2636 sleep(1); 2637 kill(pid, SIGTERM); 2638 sleep(1); 2639 if (getppid() == pid) /* if parent did not exit, shoot it */ 2640 kill(pid, SIGKILL); 2641 exit(0); 2642 } else { /* parent */ 2643 r = select(0, NULL, NULL, NULL, NULL); 2644 } 2645 exit(r == -1 ? 0 : 1); 2646 ]])], 2647 [AC_MSG_RESULT([yes])], 2648 [AC_MSG_RESULT([no]) 2649 AC_DEFINE([NO_SA_RESTART], [1], 2650 [SA_RESTARTed signals do no interrupt select])], 2651 [AC_MSG_WARN([cross compiling: assuming yes])] 2652) 2653 2654AC_CHECK_FUNCS([getpgrp],[ 2655 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2656 AC_COMPILE_IFELSE( 2657 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2658 [ AC_MSG_RESULT([yes]) 2659 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2660 [ AC_MSG_RESULT([no]) 2661 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2662 ) 2663]) 2664 2665# Search for OpenSSL 2666saved_CPPFLAGS="$CPPFLAGS" 2667saved_LDFLAGS="$LDFLAGS" 2668AC_ARG_WITH([ssl-dir], 2669 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2670 [ 2671 if test "x$openssl" = "xno" ; then 2672 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2673 fi 2674 if test "x$withval" != "xno" ; then 2675 case "$withval" in 2676 # Relative paths 2677 ./*|../*) withval="`pwd`/$withval" 2678 esac 2679 if test -d "$withval/lib"; then 2680 if test -n "${rpath_opt}"; then 2681 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2682 else 2683 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2684 fi 2685 elif test -d "$withval/lib64"; then 2686 if test -n "${rpath_opt}"; then 2687 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2688 else 2689 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2690 fi 2691 else 2692 if test -n "${rpath_opt}"; then 2693 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2694 else 2695 LDFLAGS="-L${withval} ${LDFLAGS}" 2696 fi 2697 fi 2698 if test -d "$withval/include"; then 2699 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2700 else 2701 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2702 fi 2703 fi 2704 ] 2705) 2706 2707AC_ARG_WITH([openssl-header-check], 2708 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2709 [ 2710 if test "x$withval" = "xno" ; then 2711 openssl_check_nonfatal=1 2712 fi 2713 ] 2714) 2715 2716openssl_engine=no 2717AC_ARG_WITH([ssl-engine], 2718 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2719 [ 2720 if test "x$withval" != "xno" ; then 2721 if test "x$openssl" = "xno" ; then 2722 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2723 fi 2724 openssl_engine=yes 2725 fi 2726 ] 2727) 2728 2729if test "x$openssl" = "xyes" ; then 2730 LIBS="-lcrypto $LIBS" 2731 AC_TRY_LINK_FUNC([RAND_add], , 2732 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2733 AC_CHECK_HEADER([openssl/opensslv.h], , 2734 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2735 2736 # Determine OpenSSL header version 2737 AC_MSG_CHECKING([OpenSSL header version]) 2738 AC_RUN_IFELSE( 2739 [AC_LANG_PROGRAM([[ 2740 #include <stdlib.h> 2741 #include <stdio.h> 2742 #include <string.h> 2743 #include <openssl/opensslv.h> 2744 #define DATA "conftest.sslincver" 2745 ]], [[ 2746 FILE *fd; 2747 int rc; 2748 2749 fd = fopen(DATA,"w"); 2750 if(fd == NULL) 2751 exit(1); 2752 2753 if ((rc = fprintf(fd, "%08lx (%s)\n", 2754 (unsigned long)OPENSSL_VERSION_NUMBER, 2755 OPENSSL_VERSION_TEXT)) < 0) 2756 exit(1); 2757 2758 exit(0); 2759 ]])], 2760 [ 2761 ssl_header_ver=`cat conftest.sslincver` 2762 AC_MSG_RESULT([$ssl_header_ver]) 2763 ], 2764 [ 2765 AC_MSG_RESULT([not found]) 2766 AC_MSG_ERROR([OpenSSL version header not found.]) 2767 ], 2768 [ 2769 AC_MSG_WARN([cross compiling: not checking]) 2770 ] 2771 ) 2772 2773 # Determining OpenSSL library version is version dependent. 2774 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2775 2776 # Determine OpenSSL library version 2777 AC_MSG_CHECKING([OpenSSL library version]) 2778 AC_RUN_IFELSE( 2779 [AC_LANG_PROGRAM([[ 2780 #include <stdio.h> 2781 #include <stdlib.h> 2782 #include <string.h> 2783 #include <openssl/opensslv.h> 2784 #include <openssl/crypto.h> 2785 #define DATA "conftest.ssllibver" 2786 ]], [[ 2787 FILE *fd; 2788 int rc; 2789 2790 fd = fopen(DATA,"w"); 2791 if(fd == NULL) 2792 exit(1); 2793#ifndef OPENSSL_VERSION 2794# define OPENSSL_VERSION SSLEAY_VERSION 2795#endif 2796#ifndef HAVE_OPENSSL_VERSION 2797# define OpenSSL_version SSLeay_version 2798#endif 2799#ifndef HAVE_OPENSSL_VERSION_NUM 2800# define OpenSSL_version_num SSLeay 2801#endif 2802 if ((rc = fprintf(fd, "%08lx (%s)\n", 2803 (unsigned long)OpenSSL_version_num(), 2804 OpenSSL_version(OPENSSL_VERSION))) < 0) 2805 exit(1); 2806 2807 exit(0); 2808 ]])], 2809 [ 2810 ssl_library_ver=`cat conftest.ssllibver` 2811 # Check version is supported. 2812 case "$ssl_library_ver" in 2813 10000*|0*) 2814 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2815 ;; 2816 100*) ;; # 1.0.x 2817 101000[[0123456]]*) 2818 # https://github.com/openssl/openssl/pull/4613 2819 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2820 ;; 2821 101*) ;; # 1.1.x 2822 200*) ;; # LibreSSL 2823 300*) ;; # OpenSSL 3 2824 301*) ;; # OpenSSL development branch. 2825 *) 2826 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2827 ;; 2828 esac 2829 AC_MSG_RESULT([$ssl_library_ver]) 2830 ], 2831 [ 2832 AC_MSG_RESULT([not found]) 2833 AC_MSG_ERROR([OpenSSL library not found.]) 2834 ], 2835 [ 2836 AC_MSG_WARN([cross compiling: not checking]) 2837 ] 2838 ) 2839 2840 # Sanity check OpenSSL headers 2841 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2842 AC_RUN_IFELSE( 2843 [AC_LANG_PROGRAM([[ 2844 #include <stdlib.h> 2845 #include <string.h> 2846 #include <openssl/opensslv.h> 2847 #include <openssl/crypto.h> 2848 ]], [[ 2849#ifndef HAVE_OPENSSL_VERSION_NUM 2850# define OpenSSL_version_num SSLeay 2851#endif 2852 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2853 ]])], 2854 [ 2855 AC_MSG_RESULT([yes]) 2856 ], 2857 [ 2858 AC_MSG_RESULT([no]) 2859 if test "x$openssl_check_nonfatal" = "x"; then 2860 AC_MSG_ERROR([Your OpenSSL headers do not match your 2861 library. Check config.log for details. 2862 If you are sure your installation is consistent, you can disable the check 2863 by running "./configure --without-openssl-header-check". 2864 Also see contrib/findssl.sh for help identifying header/library mismatches. 2865 ]) 2866 else 2867 AC_MSG_WARN([Your OpenSSL headers do not match your 2868 library. Check config.log for details. 2869 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2870 fi 2871 ], 2872 [ 2873 AC_MSG_WARN([cross compiling: not checking]) 2874 ] 2875 ) 2876 2877 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2878 AC_LINK_IFELSE( 2879 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2880 [[ ERR_load_crypto_strings(); ]])], 2881 [ 2882 AC_MSG_RESULT([yes]) 2883 ], 2884 [ 2885 AC_MSG_RESULT([no]) 2886 saved_LIBS="$LIBS" 2887 LIBS="$LIBS -ldl" 2888 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2889 AC_LINK_IFELSE( 2890 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2891 [[ ERR_load_crypto_strings(); ]])], 2892 [ 2893 AC_MSG_RESULT([yes]) 2894 ], 2895 [ 2896 AC_MSG_RESULT([no]) 2897 LIBS="$saved_LIBS" 2898 ] 2899 ) 2900 ] 2901 ) 2902 2903 AC_CHECK_FUNCS([ \ 2904 BN_is_prime_ex \ 2905 DSA_generate_parameters_ex \ 2906 EVP_CIPHER_CTX_ctrl \ 2907 EVP_DigestFinal_ex \ 2908 EVP_DigestInit_ex \ 2909 EVP_MD_CTX_cleanup \ 2910 EVP_MD_CTX_copy_ex \ 2911 EVP_MD_CTX_init \ 2912 HMAC_CTX_init \ 2913 RSA_generate_key_ex \ 2914 RSA_get_default_method \ 2915 ]) 2916 2917 # OpenSSL_add_all_algorithms may be a macro. 2918 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2919 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2920 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2921 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2922 [[#include <openssl/evp.h>]] 2923 ) 2924 ) 2925 2926 # LibreSSL/OpenSSL 1.1x API 2927 AC_CHECK_FUNCS([ \ 2928 OPENSSL_init_crypto \ 2929 DH_get0_key \ 2930 DH_get0_pqg \ 2931 DH_set0_key \ 2932 DH_set_length \ 2933 DH_set0_pqg \ 2934 DSA_get0_key \ 2935 DSA_get0_pqg \ 2936 DSA_set0_key \ 2937 DSA_set0_pqg \ 2938 DSA_SIG_get0 \ 2939 DSA_SIG_set0 \ 2940 ECDSA_SIG_get0 \ 2941 ECDSA_SIG_set0 \ 2942 EVP_CIPHER_CTX_iv \ 2943 EVP_CIPHER_CTX_iv_noconst \ 2944 EVP_CIPHER_CTX_get_iv \ 2945 EVP_CIPHER_CTX_get_updated_iv \ 2946 EVP_CIPHER_CTX_set_iv \ 2947 RSA_get0_crt_params \ 2948 RSA_get0_factors \ 2949 RSA_get0_key \ 2950 RSA_set0_crt_params \ 2951 RSA_set0_factors \ 2952 RSA_set0_key \ 2953 RSA_meth_free \ 2954 RSA_meth_dup \ 2955 RSA_meth_set1_name \ 2956 RSA_meth_get_finish \ 2957 RSA_meth_set_priv_enc \ 2958 RSA_meth_set_priv_dec \ 2959 RSA_meth_set_finish \ 2960 EVP_PKEY_get0_RSA \ 2961 EVP_MD_CTX_new \ 2962 EVP_MD_CTX_free \ 2963 EVP_chacha20 \ 2964 ]) 2965 2966 if test "x$openssl_engine" = "xyes" ; then 2967 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2968 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2969 #include <openssl/engine.h> 2970 ]], [[ 2971 ENGINE_load_builtin_engines(); 2972 ENGINE_register_all_complete(); 2973 ]])], 2974 [ AC_MSG_RESULT([yes]) 2975 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2976 [Enable OpenSSL engine support]) 2977 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2978 ]) 2979 fi 2980 2981 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2982 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2983 AC_LINK_IFELSE( 2984 [AC_LANG_PROGRAM([[ 2985 #include <stdlib.h> 2986 #include <string.h> 2987 #include <openssl/evp.h> 2988 ]], [[ 2989 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2990 ]])], 2991 [ 2992 AC_MSG_RESULT([no]) 2993 ], 2994 [ 2995 AC_MSG_RESULT([yes]) 2996 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2997 [libcrypto is missing AES 192 and 256 bit functions]) 2998 ] 2999 ) 3000 3001 # Check for OpenSSL with EVP_aes_*ctr 3002 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 3003 AC_LINK_IFELSE( 3004 [AC_LANG_PROGRAM([[ 3005 #include <stdlib.h> 3006 #include <string.h> 3007 #include <openssl/evp.h> 3008 ]], [[ 3009 exit(EVP_aes_128_ctr() == NULL || 3010 EVP_aes_192_cbc() == NULL || 3011 EVP_aes_256_cbc() == NULL); 3012 ]])], 3013 [ 3014 AC_MSG_RESULT([yes]) 3015 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 3016 [libcrypto has EVP AES CTR]) 3017 ], 3018 [ 3019 AC_MSG_RESULT([no]) 3020 ] 3021 ) 3022 3023 # Check for OpenSSL with EVP_aes_*gcm 3024 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 3025 AC_LINK_IFELSE( 3026 [AC_LANG_PROGRAM([[ 3027 #include <stdlib.h> 3028 #include <string.h> 3029 #include <openssl/evp.h> 3030 ]], [[ 3031 exit(EVP_aes_128_gcm() == NULL || 3032 EVP_aes_256_gcm() == NULL || 3033 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 3034 EVP_CTRL_GCM_IV_GEN == 0 || 3035 EVP_CTRL_GCM_SET_TAG == 0 || 3036 EVP_CTRL_GCM_GET_TAG == 0 || 3037 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 3038 ]])], 3039 [ 3040 AC_MSG_RESULT([yes]) 3041 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 3042 [libcrypto has EVP AES GCM]) 3043 ], 3044 [ 3045 AC_MSG_RESULT([no]) 3046 unsupported_algorithms="$unsupported_cipers \ 3047 aes128-gcm@openssh.com \ 3048 aes256-gcm@openssh.com" 3049 ] 3050 ) 3051 3052 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3053 AC_LINK_IFELSE( 3054 [AC_LANG_PROGRAM([[ 3055 #include <stdlib.h> 3056 #include <string.h> 3057 #include <openssl/evp.h> 3058 ]], [[ 3059 if(EVP_DigestUpdate(NULL, NULL,0)) 3060 exit(0); 3061 ]])], 3062 [ 3063 AC_MSG_RESULT([yes]) 3064 ], 3065 [ 3066 AC_MSG_RESULT([no]) 3067 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3068 [Define if EVP_DigestUpdate returns void]) 3069 ] 3070 ) 3071 3072 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 3073 # because the system crypt() is more featureful. 3074 if test "x$check_for_libcrypt_before" = "x1"; then 3075 AC_CHECK_LIB([crypt], [crypt]) 3076 fi 3077 3078 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 3079 # version in OpenSSL. 3080 if test "x$check_for_libcrypt_later" = "x1"; then 3081 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3082 fi 3083 AC_CHECK_FUNCS([crypt DES_crypt]) 3084 3085 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3086 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3087 3088 # Check complete ECC support in OpenSSL 3089 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3090 AC_LINK_IFELSE( 3091 [AC_LANG_PROGRAM([[ 3092 #include <openssl/ec.h> 3093 #include <openssl/ecdh.h> 3094 #include <openssl/ecdsa.h> 3095 #include <openssl/evp.h> 3096 #include <openssl/objects.h> 3097 #include <openssl/opensslv.h> 3098 ]], [[ 3099 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3100 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3101 ]])], 3102 [ AC_MSG_RESULT([yes]) 3103 enable_nistp256=1 ], 3104 [ AC_MSG_RESULT([no]) ] 3105 ) 3106 3107 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3108 AC_LINK_IFELSE( 3109 [AC_LANG_PROGRAM([[ 3110 #include <openssl/ec.h> 3111 #include <openssl/ecdh.h> 3112 #include <openssl/ecdsa.h> 3113 #include <openssl/evp.h> 3114 #include <openssl/objects.h> 3115 #include <openssl/opensslv.h> 3116 ]], [[ 3117 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3118 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3119 ]])], 3120 [ AC_MSG_RESULT([yes]) 3121 enable_nistp384=1 ], 3122 [ AC_MSG_RESULT([no]) ] 3123 ) 3124 3125 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3126 AC_LINK_IFELSE( 3127 [AC_LANG_PROGRAM([[ 3128 #include <openssl/ec.h> 3129 #include <openssl/ecdh.h> 3130 #include <openssl/ecdsa.h> 3131 #include <openssl/evp.h> 3132 #include <openssl/objects.h> 3133 #include <openssl/opensslv.h> 3134 ]], [[ 3135 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3136 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3137 ]])], 3138 [ AC_MSG_RESULT([yes]) 3139 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3140 AC_RUN_IFELSE( 3141 [AC_LANG_PROGRAM([[ 3142 #include <stdlib.h> 3143 #include <openssl/ec.h> 3144 #include <openssl/ecdh.h> 3145 #include <openssl/ecdsa.h> 3146 #include <openssl/evp.h> 3147 #include <openssl/objects.h> 3148 #include <openssl/opensslv.h> 3149 ]],[[ 3150 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3151 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3152 exit(e == NULL || m == NULL); 3153 ]])], 3154 [ AC_MSG_RESULT([yes]) 3155 enable_nistp521=1 ], 3156 [ AC_MSG_RESULT([no]) ], 3157 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3158 enable_nistp521=1 ] 3159 )], 3160 AC_MSG_RESULT([no]) 3161 ) 3162 3163 TEST_SSH_ECC=no 3164 3165 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3166 test x$enable_nistp521 = x1; then 3167 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3168 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3169 openssl_ecc=yes 3170 else 3171 openssl_ecc=no 3172 fi 3173 if test x$enable_nistp256 = x1; then 3174 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3175 [libcrypto has NID_X9_62_prime256v1]) 3176 TEST_SSH_ECC=yes 3177 else 3178 unsupported_algorithms="$unsupported_algorithms \ 3179 ecdsa-sha2-nistp256 \ 3180 ecdh-sha2-nistp256 \ 3181 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3182 fi 3183 if test x$enable_nistp384 = x1; then 3184 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3185 TEST_SSH_ECC=yes 3186 else 3187 unsupported_algorithms="$unsupported_algorithms \ 3188 ecdsa-sha2-nistp384 \ 3189 ecdh-sha2-nistp384 \ 3190 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3191 fi 3192 if test x$enable_nistp521 = x1; then 3193 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3194 TEST_SSH_ECC=yes 3195 else 3196 unsupported_algorithms="$unsupported_algorithms \ 3197 ecdh-sha2-nistp521 \ 3198 ecdsa-sha2-nistp521 \ 3199 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3200 fi 3201 3202 AC_SUBST([TEST_SSH_ECC]) 3203else 3204 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3205 AC_CHECK_FUNCS([crypt]) 3206fi 3207 3208# PKCS11/U2F depend on OpenSSL and dlopen(). 3209enable_pkcs11=yes 3210enable_sk=yes 3211if test "x$openssl" != "xyes" ; then 3212 enable_pkcs11="disabled; missing libcrypto" 3213 enable_sk="disabled; missing libcrypto" 3214fi 3215if test "x$openssl_ecc" != "xyes" ; then 3216 enable_sk="disabled; OpenSSL has no ECC support" 3217fi 3218if test "x$ac_cv_func_dlopen" != "xyes" ; then 3219 enable_pkcs11="disabled; missing dlopen(3)" 3220 enable_sk="disabled; missing dlopen(3)" 3221fi 3222if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3223 enable_pkcs11="disabled; missing RTLD_NOW" 3224 enable_sk="disabled; missing RTLD_NOW" 3225fi 3226if test ! -z "$disable_pkcs11" ; then 3227 enable_pkcs11="disabled by user" 3228fi 3229if test ! -z "$disable_sk" ; then 3230 enable_sk="disabled by user" 3231fi 3232 3233AC_MSG_CHECKING([whether to enable PKCS11]) 3234if test "x$enable_pkcs11" = "xyes" ; then 3235 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3236fi 3237AC_MSG_RESULT([$enable_pkcs11]) 3238 3239AC_MSG_CHECKING([whether to enable U2F]) 3240if test "x$enable_sk" = "xyes" ; then 3241 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3242 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3243else 3244 # Do not try to build sk-dummy library. 3245 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3246fi 3247AC_MSG_RESULT([$enable_sk]) 3248 3249# Now check for built-in security key support. 3250if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3251 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3252 use_pkgconfig_for_libfido2= 3253 if test "x$PKGCONFIG" != "xno"; then 3254 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3255 if "$PKGCONFIG" libfido2; then 3256 AC_MSG_RESULT([yes]) 3257 use_pkgconfig_for_libfido2=yes 3258 else 3259 AC_MSG_RESULT([no]) 3260 fi 3261 fi 3262 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3263 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3264 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3265 else 3266 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3267 fi 3268 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3269 AC_CHECK_LIB([privatefido2], [fido_init], 3270 [ 3271 AC_SUBST([LIBFIDO2]) 3272 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3273 [Enable for built-in U2F/FIDO support]) 3274 enable_sk="built-in" 3275 ], [ AC_MSG_ERROR([no usable libprivatefido2 found]) ], 3276 [ $OTHERLIBS ] 3277 ) 3278 saved_LIBS="$LIBS" 3279 LIBS="$LIBS $LIBFIDO2" 3280 AC_CHECK_FUNCS([ \ 3281 fido_cred_prot \ 3282 fido_cred_set_prot \ 3283 fido_dev_get_touch_begin \ 3284 fido_dev_get_touch_status \ 3285 fido_dev_supports_cred_prot \ 3286 ]) 3287 LIBS="$saved_LIBS" 3288 AC_CHECK_HEADER([fido.h], [], 3289 AC_MSG_ERROR([missing fido.h from libfido2])) 3290 AC_CHECK_HEADER([fido/credman.h], [], 3291 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3292 [#include <fido.h>] 3293 ) 3294fi 3295 3296AC_CHECK_FUNCS([ \ 3297 arc4random \ 3298 arc4random_buf \ 3299 arc4random_stir \ 3300 arc4random_uniform \ 3301]) 3302 3303saved_LIBS="$LIBS" 3304AC_CHECK_LIB([iaf], [ia_openinfo], [ 3305 LIBS="$LIBS -liaf" 3306 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3307 AC_DEFINE([HAVE_LIBIAF], [1], 3308 [Define if system has libiaf that supports set_id]) 3309 ]) 3310]) 3311LIBS="$saved_LIBS" 3312 3313### Configure cryptographic random number support 3314 3315# Check whether OpenSSL seeds itself 3316if test "x$openssl" = "xyes" ; then 3317 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3318 AC_RUN_IFELSE( 3319 [AC_LANG_PROGRAM([[ 3320 #include <stdlib.h> 3321 #include <string.h> 3322 #include <openssl/rand.h> 3323 ]], [[ 3324 exit(RAND_status() == 1 ? 0 : 1); 3325 ]])], 3326 [ 3327 OPENSSL_SEEDS_ITSELF=yes 3328 AC_MSG_RESULT([yes]) 3329 ], 3330 [ 3331 AC_MSG_RESULT([no]) 3332 ], 3333 [ 3334 AC_MSG_WARN([cross compiling: assuming yes]) 3335 # This is safe, since we will fatal() at runtime if 3336 # OpenSSL is not seeded correctly. 3337 OPENSSL_SEEDS_ITSELF=yes 3338 ] 3339 ) 3340fi 3341 3342# PRNGD TCP socket 3343AC_ARG_WITH([prngd-port], 3344 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3345 [ 3346 case "$withval" in 3347 no) 3348 withval="" 3349 ;; 3350 [[0-9]]*) 3351 ;; 3352 *) 3353 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3354 ;; 3355 esac 3356 if test ! -z "$withval" ; then 3357 PRNGD_PORT="$withval" 3358 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3359 [Port number of PRNGD/EGD random number socket]) 3360 fi 3361 ] 3362) 3363 3364# PRNGD Unix domain socket 3365AC_ARG_WITH([prngd-socket], 3366 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3367 [ 3368 case "$withval" in 3369 yes) 3370 withval="/var/run/egd-pool" 3371 ;; 3372 no) 3373 withval="" 3374 ;; 3375 /*) 3376 ;; 3377 *) 3378 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3379 ;; 3380 esac 3381 3382 if test ! -z "$withval" ; then 3383 if test ! -z "$PRNGD_PORT" ; then 3384 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3385 fi 3386 if test ! -r "$withval" ; then 3387 AC_MSG_WARN([Entropy socket is not readable]) 3388 fi 3389 PRNGD_SOCKET="$withval" 3390 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3391 [Location of PRNGD/EGD random number socket]) 3392 fi 3393 ], 3394 [ 3395 # Check for existing socket only if we don't have a random device already 3396 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3397 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3398 # Insert other locations here 3399 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3400 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3401 PRNGD_SOCKET="$sock" 3402 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3403 break; 3404 fi 3405 done 3406 if test ! -z "$PRNGD_SOCKET" ; then 3407 AC_MSG_RESULT([$PRNGD_SOCKET]) 3408 else 3409 AC_MSG_RESULT([not found]) 3410 fi 3411 fi 3412 ] 3413) 3414 3415# Which randomness source do we use? 3416if test ! -z "$PRNGD_PORT" ; then 3417 RAND_MSG="PRNGd port $PRNGD_PORT" 3418elif test ! -z "$PRNGD_SOCKET" ; then 3419 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3420elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3421 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3422 [Define if you want the OpenSSL internally seeded PRNG only]) 3423 RAND_MSG="OpenSSL internal ONLY" 3424elif test "x$openssl" = "xno" ; then 3425 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3426else 3427 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3428fi 3429 3430# Check for PAM libs 3431PAM_MSG="no" 3432AC_ARG_WITH([pam], 3433 [ --with-pam Enable PAM support ], 3434 [ 3435 if test "x$withval" != "xno" ; then 3436 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3437 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3438 AC_MSG_ERROR([PAM headers not found]) 3439 fi 3440 3441 saved_LIBS="$LIBS" 3442 AC_CHECK_LIB([dl], [dlopen], , ) 3443 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3444 AC_CHECK_FUNCS([pam_getenvlist]) 3445 AC_CHECK_FUNCS([pam_putenv]) 3446 LIBS="$saved_LIBS" 3447 3448 PAM_MSG="yes" 3449 3450 SSHDLIBS="$SSHDLIBS -lpam" 3451 AC_DEFINE([USE_PAM], [1], 3452 [Define if you want to enable PAM support]) 3453 3454 if test $ac_cv_lib_dl_dlopen = yes; then 3455 case "$LIBS" in 3456 *-ldl*) 3457 # libdl already in LIBS 3458 ;; 3459 *) 3460 SSHDLIBS="$SSHDLIBS -ldl" 3461 ;; 3462 esac 3463 fi 3464 fi 3465 ] 3466) 3467 3468AC_ARG_WITH([pam-service], 3469 [ --with-pam-service=name Specify PAM service name ], 3470 [ 3471 if test "x$withval" != "xno" && \ 3472 test "x$withval" != "xyes" ; then 3473 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3474 ["$withval"], [sshd PAM service name]) 3475 fi 3476 ] 3477) 3478 3479# Check for older PAM 3480if test "x$PAM_MSG" = "xyes" ; then 3481 # Check PAM strerror arguments (old PAM) 3482 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3483 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3484#include <stdlib.h> 3485#if defined(HAVE_SECURITY_PAM_APPL_H) 3486#include <security/pam_appl.h> 3487#elif defined (HAVE_PAM_PAM_APPL_H) 3488#include <pam/pam_appl.h> 3489#endif 3490 ]], [[ 3491(void)pam_strerror((pam_handle_t *)NULL, -1); 3492 ]])], [AC_MSG_RESULT([no])], [ 3493 AC_DEFINE([HAVE_OLD_PAM], [1], 3494 [Define if you have an old version of PAM 3495 which takes only one argument to pam_strerror]) 3496 AC_MSG_RESULT([yes]) 3497 PAM_MSG="yes (old library)" 3498 3499 ]) 3500fi 3501 3502case "$host" in 3503*-*-cygwin*) 3504 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3505 ;; 3506*) 3507 SSH_PRIVSEP_USER=sshd 3508 ;; 3509esac 3510AC_ARG_WITH([privsep-user], 3511 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3512 [ 3513 if test -n "$withval" && test "x$withval" != "xno" && \ 3514 test "x${withval}" != "xyes"; then 3515 SSH_PRIVSEP_USER=$withval 3516 fi 3517 ] 3518) 3519if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3520 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3521 [Cygwin function to fetch non-privileged user for privilege separation]) 3522else 3523 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3524 [non-privileged user for privilege separation]) 3525fi 3526AC_SUBST([SSH_PRIVSEP_USER]) 3527 3528if test "x$have_linux_no_new_privs" = "x1" ; then 3529AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3530 #include <sys/types.h> 3531 #include <linux/seccomp.h> 3532]) 3533fi 3534if test "x$have_seccomp_filter" = "x1" ; then 3535AC_MSG_CHECKING([kernel for seccomp_filter support]) 3536AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3537 #include <errno.h> 3538 #include <elf.h> 3539 #include <linux/audit.h> 3540 #include <linux/seccomp.h> 3541 #include <stdlib.h> 3542 #include <sys/prctl.h> 3543 ]], 3544 [[ int i = $seccomp_audit_arch; 3545 errno = 0; 3546 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3547 exit(errno == EFAULT ? 0 : 1); ]])], 3548 [ AC_MSG_RESULT([yes]) ], [ 3549 AC_MSG_RESULT([no]) 3550 # Disable seccomp filter as a target 3551 have_seccomp_filter=0 3552 ] 3553) 3554fi 3555 3556# Decide which sandbox style to use 3557sandbox_arg="" 3558AC_ARG_WITH([sandbox], 3559 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3560 [ 3561 if test "x$withval" = "xyes" ; then 3562 sandbox_arg="" 3563 else 3564 sandbox_arg="$withval" 3565 fi 3566 ] 3567) 3568 3569# Some platforms (seems to be the ones that have a kernel poll(2)-type 3570# function with which they implement select(2)) use an extra file descriptor 3571# when calling select(2), which means we can't use the rlimit sandbox. 3572AC_MSG_CHECKING([if select works with descriptor rlimit]) 3573AC_RUN_IFELSE( 3574 [AC_LANG_PROGRAM([[ 3575#include <sys/types.h> 3576#ifdef HAVE_SYS_TIME_H 3577# include <sys/time.h> 3578#endif 3579#include <sys/resource.h> 3580#ifdef HAVE_SYS_SELECT_H 3581# include <sys/select.h> 3582#endif 3583#include <errno.h> 3584#include <fcntl.h> 3585#include <stdlib.h> 3586 ]],[[ 3587 struct rlimit rl_zero; 3588 int fd, r; 3589 fd_set fds; 3590 struct timeval tv; 3591 3592 fd = open("/dev/null", O_RDONLY); 3593 FD_ZERO(&fds); 3594 FD_SET(fd, &fds); 3595 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3596 setrlimit(RLIMIT_FSIZE, &rl_zero); 3597 setrlimit(RLIMIT_NOFILE, &rl_zero); 3598 tv.tv_sec = 1; 3599 tv.tv_usec = 0; 3600 r = select(fd+1, &fds, NULL, NULL, &tv); 3601 exit (r == -1 ? 1 : 0); 3602 ]])], 3603 [AC_MSG_RESULT([yes]) 3604 select_works_with_rlimit=yes], 3605 [AC_MSG_RESULT([no]) 3606 select_works_with_rlimit=no], 3607 [AC_MSG_WARN([cross compiling: assuming yes]) 3608 select_works_with_rlimit=yes] 3609) 3610 3611AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3612AC_RUN_IFELSE( 3613 [AC_LANG_PROGRAM([[ 3614#include <sys/types.h> 3615#ifdef HAVE_SYS_TIME_H 3616# include <sys/time.h> 3617#endif 3618#include <sys/resource.h> 3619#include <errno.h> 3620#include <stdlib.h> 3621 ]],[[ 3622 struct rlimit rl_zero; 3623 int r; 3624 3625 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3626 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3627 exit (r == -1 ? 1 : 0); 3628 ]])], 3629 [AC_MSG_RESULT([yes]) 3630 rlimit_nofile_zero_works=yes], 3631 [AC_MSG_RESULT([no]) 3632 rlimit_nofile_zero_works=no], 3633 [AC_MSG_WARN([cross compiling: assuming yes]) 3634 rlimit_nofile_zero_works=yes] 3635) 3636 3637AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3638AC_RUN_IFELSE( 3639 [AC_LANG_PROGRAM([[ 3640#include <sys/types.h> 3641#include <sys/resource.h> 3642#include <stdlib.h> 3643 ]],[[ 3644 struct rlimit rl_zero; 3645 3646 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3647 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3648 ]])], 3649 [AC_MSG_RESULT([yes])], 3650 [AC_MSG_RESULT([no]) 3651 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3652 [setrlimit RLIMIT_FSIZE works])], 3653 [AC_MSG_WARN([cross compiling: assuming yes])] 3654) 3655 3656if test "x$sandbox_arg" = "xpledge" || \ 3657 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3658 test "x$ac_cv_func_pledge" != "xyes" && \ 3659 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3660 SANDBOX_STYLE="pledge" 3661 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3662elif test "x$sandbox_arg" = "xsystrace" || \ 3663 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3664 test "x$have_systr_policy_kill" != "x1" && \ 3665 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3666 SANDBOX_STYLE="systrace" 3667 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3668elif test "x$sandbox_arg" = "xdarwin" || \ 3669 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3670 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3671 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3672 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3673 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3674 SANDBOX_STYLE="darwin" 3675 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3676elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3677 ( test -z "$sandbox_arg" && \ 3678 test "x$have_seccomp_filter" = "x1" && \ 3679 test "x$ac_cv_header_elf_h" = "xyes" && \ 3680 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3681 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3682 test "x$seccomp_audit_arch" != "x" && \ 3683 test "x$have_linux_no_new_privs" = "x1" && \ 3684 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3685 test "x$seccomp_audit_arch" = "x" && \ 3686 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3687 test "x$have_linux_no_new_privs" != "x1" && \ 3688 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3689 test "x$have_seccomp_filter" != "x1" && \ 3690 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3691 test "x$ac_cv_func_prctl" != "xyes" && \ 3692 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3693 SANDBOX_STYLE="seccomp_filter" 3694 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3695elif test "x$sandbox_arg" = "xcapsicum" || \ 3696 ( test -z "$sandbox_arg" && \ 3697 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3698 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3699 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3700 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3701 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3702 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3703 SANDBOX_STYLE="capsicum" 3704 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3705elif test "x$sandbox_arg" = "xrlimit" || \ 3706 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3707 test "x$select_works_with_rlimit" = "xyes" && \ 3708 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3709 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3710 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3711 test "x$select_works_with_rlimit" != "xyes" && \ 3712 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3713 SANDBOX_STYLE="rlimit" 3714 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3715elif test "x$sandbox_arg" = "xsolaris" || \ 3716 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3717 SANDBOX_STYLE="solaris" 3718 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3719elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3720 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3721 SANDBOX_STYLE="none" 3722 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3723else 3724 AC_MSG_ERROR([unsupported --with-sandbox]) 3725fi 3726 3727# Cheap hack to ensure NEWS-OS libraries are arranged right. 3728if test ! -z "$SONY" ; then 3729 LIBS="$LIBS -liberty"; 3730fi 3731 3732# Check for long long datatypes 3733AC_CHECK_TYPES([long long, unsigned long long, long double]) 3734 3735# Check datatype sizes 3736AC_CHECK_SIZEOF([short int]) 3737AC_CHECK_SIZEOF([int]) 3738AC_CHECK_SIZEOF([long int]) 3739AC_CHECK_SIZEOF([long long int]) 3740AC_CHECK_SIZEOF([time_t], [], [[ 3741 #include <sys/types.h> 3742 #ifdef HAVE_SYS_TIME_H 3743 # include <sys/time.h> 3744 #endif 3745 #ifdef HAVE_TIME_H 3746 # include <time.h> 3747 #endif 3748 ]] 3749) 3750 3751# Sanity check long long for some platforms (AIX) 3752if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3753 ac_cv_sizeof_long_long_int=0 3754fi 3755 3756# compute LLONG_MIN and LLONG_MAX if we don't know them. 3757if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3758 AC_MSG_CHECKING([for max value of long long]) 3759 AC_RUN_IFELSE( 3760 [AC_LANG_PROGRAM([[ 3761#include <stdio.h> 3762#include <stdlib.h> 3763/* Why is this so damn hard? */ 3764#ifdef __GNUC__ 3765# undef __GNUC__ 3766#endif 3767#define __USE_ISOC99 3768#include <limits.h> 3769#define DATA "conftest.llminmax" 3770#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3771 3772/* 3773 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3774 * we do this the hard way. 3775 */ 3776static int 3777fprint_ll(FILE *f, long long n) 3778{ 3779 unsigned int i; 3780 int l[sizeof(long long) * 8]; 3781 3782 if (n < 0) 3783 if (fprintf(f, "-") < 0) 3784 return -1; 3785 for (i = 0; n != 0; i++) { 3786 l[i] = my_abs(n % 10); 3787 n /= 10; 3788 } 3789 do { 3790 if (fprintf(f, "%d", l[--i]) < 0) 3791 return -1; 3792 } while (i != 0); 3793 if (fprintf(f, " ") < 0) 3794 return -1; 3795 return 0; 3796} 3797 ]], [[ 3798 FILE *f; 3799 long long i, llmin, llmax = 0; 3800 3801 if((f = fopen(DATA,"w")) == NULL) 3802 exit(1); 3803 3804#if defined(LLONG_MIN) && defined(LLONG_MAX) 3805 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3806 llmin = LLONG_MIN; 3807 llmax = LLONG_MAX; 3808#else 3809 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3810 /* This will work on one's complement and two's complement */ 3811 for (i = 1; i > llmax; i <<= 1, i++) 3812 llmax = i; 3813 llmin = llmax + 1LL; /* wrap */ 3814#endif 3815 3816 /* Sanity check */ 3817 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3818 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3819 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3820 fprintf(f, "unknown unknown\n"); 3821 exit(2); 3822 } 3823 3824 if (fprint_ll(f, llmin) < 0) 3825 exit(3); 3826 if (fprint_ll(f, llmax) < 0) 3827 exit(4); 3828 if (fclose(f) < 0) 3829 exit(5); 3830 exit(0); 3831 ]])], 3832 [ 3833 llong_min=`$AWK '{print $1}' conftest.llminmax` 3834 llong_max=`$AWK '{print $2}' conftest.llminmax` 3835 3836 AC_MSG_RESULT([$llong_max]) 3837 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3838 [max value of long long calculated by configure]) 3839 AC_MSG_CHECKING([for min value of long long]) 3840 AC_MSG_RESULT([$llong_min]) 3841 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3842 [min value of long long calculated by configure]) 3843 ], 3844 [ 3845 AC_MSG_RESULT([not found]) 3846 ], 3847 [ 3848 AC_MSG_WARN([cross compiling: not checking]) 3849 ] 3850 ) 3851fi 3852 3853AC_CHECK_DECLS([UINT32_MAX], , , [[ 3854#ifdef HAVE_SYS_LIMITS_H 3855# include <sys/limits.h> 3856#endif 3857#ifdef HAVE_LIMITS_H 3858# include <limits.h> 3859#endif 3860#ifdef HAVE_STDINT_H 3861# include <stdint.h> 3862#endif 3863]]) 3864 3865# More checks for data types 3866AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3867 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3868 [[ u_int a; a = 1;]])], 3869 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3870 ]) 3871]) 3872if test "x$ac_cv_have_u_int" = "xyes" ; then 3873 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3874 have_u_int=1 3875fi 3876 3877AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3878 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3879 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3880 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3881 ]) 3882]) 3883if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3884 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3885 have_intxx_t=1 3886fi 3887 3888if (test -z "$have_intxx_t" && \ 3889 test "x$ac_cv_header_stdint_h" = "xyes") 3890then 3891 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3892 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3893 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3894 [ 3895 AC_DEFINE([HAVE_INTXX_T]) 3896 AC_MSG_RESULT([yes]) 3897 ], [ AC_MSG_RESULT([no]) 3898 ]) 3899fi 3900 3901AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3902 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3903#include <sys/types.h> 3904#ifdef HAVE_STDINT_H 3905# include <stdint.h> 3906#endif 3907#include <sys/socket.h> 3908#ifdef HAVE_SYS_BITYPES_H 3909# include <sys/bitypes.h> 3910#endif 3911 ]], [[ 3912int64_t a; a = 1; 3913 ]])], 3914 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3915 ]) 3916]) 3917if test "x$ac_cv_have_int64_t" = "xyes" ; then 3918 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3919fi 3920 3921AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3922 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3923 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3924 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3925 ]) 3926]) 3927if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3928 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3929 have_u_intxx_t=1 3930fi 3931 3932if test -z "$have_u_intxx_t" ; then 3933 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3934 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3935 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3936 [ 3937 AC_DEFINE([HAVE_U_INTXX_T]) 3938 AC_MSG_RESULT([yes]) 3939 ], [ AC_MSG_RESULT([no]) 3940 ]) 3941fi 3942 3943AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3944 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3945 [[ u_int64_t a; a = 1;]])], 3946 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3947 ]) 3948]) 3949if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3950 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3951 have_u_int64_t=1 3952fi 3953 3954if (test -z "$have_u_int64_t" && \ 3955 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3956then 3957 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3958 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3959 [[ u_int64_t a; a = 1]])], 3960 [ 3961 AC_DEFINE([HAVE_U_INT64_T]) 3962 AC_MSG_RESULT([yes]) 3963 ], [ AC_MSG_RESULT([no]) 3964 ]) 3965fi 3966 3967if test -z "$have_u_intxx_t" ; then 3968 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3969 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3970#include <sys/types.h> 3971 ]], [[ 3972 uint8_t a; 3973 uint16_t b; 3974 uint32_t c; 3975 a = b = c = 1; 3976 ]])], 3977 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3978 ]) 3979 ]) 3980 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3981 AC_DEFINE([HAVE_UINTXX_T], [1], 3982 [define if you have uintxx_t data type]) 3983 fi 3984fi 3985 3986if (test -z "$have_uintxx_t" && \ 3987 test "x$ac_cv_header_stdint_h" = "xyes") 3988then 3989 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3990 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3991 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3992 [ 3993 AC_DEFINE([HAVE_UINTXX_T]) 3994 AC_MSG_RESULT([yes]) 3995 ], [ AC_MSG_RESULT([no]) 3996 ]) 3997fi 3998 3999if (test -z "$have_uintxx_t" && \ 4000 test "x$ac_cv_header_inttypes_h" = "xyes") 4001then 4002 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4003 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4004 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4005 [ 4006 AC_DEFINE([HAVE_UINTXX_T]) 4007 AC_MSG_RESULT([yes]) 4008 ], [ AC_MSG_RESULT([no]) 4009 ]) 4010fi 4011 4012if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4013 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4014then 4015 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4016 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4017#include <sys/bitypes.h> 4018 ]], [[ 4019 int8_t a; int16_t b; int32_t c; 4020 u_int8_t e; u_int16_t f; u_int32_t g; 4021 a = b = c = e = f = g = 1; 4022 ]])], 4023 [ 4024 AC_DEFINE([HAVE_U_INTXX_T]) 4025 AC_DEFINE([HAVE_INTXX_T]) 4026 AC_MSG_RESULT([yes]) 4027 ], [AC_MSG_RESULT([no]) 4028 ]) 4029fi 4030 4031 4032AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4033 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4034 [[ u_char foo; foo = 125; ]])], 4035 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4036 ]) 4037]) 4038if test "x$ac_cv_have_u_char" = "xyes" ; then 4039 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4040fi 4041 4042AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4043#include <sys/types.h> 4044#ifdef HAVE_STDINT_H 4045# include <stdint.h> 4046#endif 4047]) 4048 4049TYPE_SOCKLEN_T 4050 4051AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4052AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4053#include <sys/types.h> 4054#ifdef HAVE_SYS_BITYPES_H 4055#include <sys/bitypes.h> 4056#endif 4057#ifdef HAVE_SYS_STATFS_H 4058#include <sys/statfs.h> 4059#endif 4060#ifdef HAVE_SYS_STATVFS_H 4061#include <sys/statvfs.h> 4062#endif 4063]) 4064 4065AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4066#include <sys/param.h> 4067#include <sys/types.h> 4068#ifdef HAVE_SYS_BITYPES_H 4069#include <sys/bitypes.h> 4070#endif 4071#ifdef HAVE_SYS_STATFS_H 4072#include <sys/statfs.h> 4073#endif 4074#ifdef HAVE_SYS_STATVFS_H 4075#include <sys/statvfs.h> 4076#endif 4077#ifdef HAVE_SYS_VFS_H 4078#include <sys/vfs.h> 4079#endif 4080#ifdef HAVE_SYS_MOUNT_H 4081#include <sys/mount.h> 4082#endif 4083]]) 4084 4085 4086AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4087[#include <sys/types.h> 4088#include <netinet/in.h>]) 4089 4090AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4091 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4092 [[ size_t foo; foo = 1235; ]])], 4093 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4094 ]) 4095]) 4096if test "x$ac_cv_have_size_t" = "xyes" ; then 4097 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4098fi 4099 4100AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4101 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4102 [[ ssize_t foo; foo = 1235; ]])], 4103 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4104 ]) 4105]) 4106if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4107 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4108fi 4109 4110AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4111 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4112 [[ clock_t foo; foo = 1235; ]])], 4113 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4114 ]) 4115]) 4116if test "x$ac_cv_have_clock_t" = "xyes" ; then 4117 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4118fi 4119 4120AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4121 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4122#include <sys/types.h> 4123#include <sys/socket.h> 4124 ]], [[ sa_family_t foo; foo = 1235; ]])], 4125 [ ac_cv_have_sa_family_t="yes" ], 4126 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4127#include <sys/types.h> 4128#include <sys/socket.h> 4129#include <netinet/in.h> 4130 ]], [[ sa_family_t foo; foo = 1235; ]])], 4131 [ ac_cv_have_sa_family_t="yes" ], 4132 [ ac_cv_have_sa_family_t="no" ] 4133 ) 4134 ]) 4135]) 4136if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4137 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4138 [define if you have sa_family_t data type]) 4139fi 4140 4141AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4142 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4143 [[ pid_t foo; foo = 1235; ]])], 4144 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4145 ]) 4146]) 4147if test "x$ac_cv_have_pid_t" = "xyes" ; then 4148 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4149fi 4150 4151AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4152 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4153 [[ mode_t foo; foo = 1235; ]])], 4154 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4155 ]) 4156]) 4157if test "x$ac_cv_have_mode_t" = "xyes" ; then 4158 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4159fi 4160 4161 4162AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4163 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4164#include <sys/types.h> 4165#include <sys/socket.h> 4166 ]], [[ struct sockaddr_storage s; ]])], 4167 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4168 [ ac_cv_have_struct_sockaddr_storage="no" 4169 ]) 4170]) 4171if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4172 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4173 [define if you have struct sockaddr_storage data type]) 4174fi 4175 4176AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4177 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4178#include <sys/types.h> 4179#include <netinet/in.h> 4180 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4181 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4182 [ ac_cv_have_struct_sockaddr_in6="no" 4183 ]) 4184]) 4185if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4186 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4187 [define if you have struct sockaddr_in6 data type]) 4188fi 4189 4190AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4191 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4192#include <sys/types.h> 4193#include <netinet/in.h> 4194 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4195 [ ac_cv_have_struct_in6_addr="yes" ], 4196 [ ac_cv_have_struct_in6_addr="no" 4197 ]) 4198]) 4199if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4200 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4201 [define if you have struct in6_addr data type]) 4202 4203dnl Now check for sin6_scope_id 4204 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4205 [ 4206#ifdef HAVE_SYS_TYPES_H 4207#include <sys/types.h> 4208#endif 4209#include <netinet/in.h> 4210 ]) 4211fi 4212 4213AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4214 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4215#include <sys/types.h> 4216#include <sys/socket.h> 4217#include <netdb.h> 4218 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4219 [ ac_cv_have_struct_addrinfo="yes" ], 4220 [ ac_cv_have_struct_addrinfo="no" 4221 ]) 4222]) 4223if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4224 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4225 [define if you have struct addrinfo data type]) 4226fi 4227 4228AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4229 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4230 [[ struct timeval tv; tv.tv_sec = 1;]])], 4231 [ ac_cv_have_struct_timeval="yes" ], 4232 [ ac_cv_have_struct_timeval="no" 4233 ]) 4234]) 4235if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4236 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4237 have_struct_timeval=1 4238fi 4239 4240AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4241 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4242 #ifdef HAVE_SYS_TIME_H 4243 # include <sys/time.h> 4244 #endif 4245 #ifdef HAVE_TIME_H 4246 # include <time.h> 4247 #endif 4248 ]], 4249 [[ struct timespec ts; ts.tv_sec = 1;]])], 4250 [ ac_cv_have_struct_timespec="yes" ], 4251 [ ac_cv_have_struct_timespec="no" 4252 ]) 4253]) 4254if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4255 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4256 have_struct_timespec=1 4257fi 4258 4259# We need int64_t or else certain parts of the compile will fail. 4260if test "x$ac_cv_have_int64_t" = "xno" && \ 4261 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4262 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4263 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4264 echo "an alternative compiler (I.E., GCC) before continuing." 4265 echo "" 4266 exit 1; 4267else 4268dnl test snprintf (broken on SCO w/gcc) 4269 AC_RUN_IFELSE( 4270 [AC_LANG_SOURCE([[ 4271#include <stdio.h> 4272#include <stdlib.h> 4273#include <string.h> 4274#ifdef HAVE_SNPRINTF 4275main() 4276{ 4277 char buf[50]; 4278 char expected_out[50]; 4279 int mazsize = 50 ; 4280#if (SIZEOF_LONG_INT == 8) 4281 long int num = 0x7fffffffffffffff; 4282#else 4283 long long num = 0x7fffffffffffffffll; 4284#endif 4285 strcpy(expected_out, "9223372036854775807"); 4286 snprintf(buf, mazsize, "%lld", num); 4287 if(strcmp(buf, expected_out) != 0) 4288 exit(1); 4289 exit(0); 4290} 4291#else 4292main() { exit(0); } 4293#endif 4294 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4295 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4296 ) 4297fi 4298 4299dnl Checks for structure members 4300OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4301OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4302OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4303OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4304OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4305OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4306OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4307OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4308OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4309OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4310OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4311OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4312OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4313OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4314OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4315OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4316OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4317OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4318 4319AC_CHECK_MEMBERS([struct stat.st_blksize]) 4320AC_CHECK_MEMBERS([struct stat.st_mtim]) 4321AC_CHECK_MEMBERS([struct stat.st_mtime]) 4322AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4323struct passwd.pw_change, struct passwd.pw_expire], 4324[], [], [[ 4325#include <sys/types.h> 4326#include <pwd.h> 4327]]) 4328 4329AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4330 [Define if we don't have struct __res_state in resolv.h])], 4331[[ 4332#include <stdio.h> 4333#if HAVE_SYS_TYPES_H 4334# include <sys/types.h> 4335#endif 4336#include <netinet/in.h> 4337#include <arpa/nameser.h> 4338#include <resolv.h> 4339]]) 4340 4341AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4342 ac_cv_have_ss_family_in_struct_ss, [ 4343 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4344#include <sys/types.h> 4345#include <sys/socket.h> 4346 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4347 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4348 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4349]) 4350if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4351 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4352fi 4353 4354AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4355 ac_cv_have___ss_family_in_struct_ss, [ 4356 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4357#include <sys/types.h> 4358#include <sys/socket.h> 4359 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4360 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4361 [ ac_cv_have___ss_family_in_struct_ss="no" 4362 ]) 4363]) 4364if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4365 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4366 [Fields in struct sockaddr_storage]) 4367fi 4368 4369dnl make sure we're using the real structure members and not defines 4370AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4371 ac_cv_have_accrights_in_msghdr, [ 4372 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4373#include <sys/types.h> 4374#include <sys/socket.h> 4375#include <sys/uio.h> 4376#include <stdlib.h> 4377 ]], [[ 4378#ifdef msg_accrights 4379#error "msg_accrights is a macro" 4380exit(1); 4381#endif 4382struct msghdr m; 4383m.msg_accrights = 0; 4384exit(0); 4385 ]])], 4386 [ ac_cv_have_accrights_in_msghdr="yes" ], 4387 [ ac_cv_have_accrights_in_msghdr="no" ] 4388 ) 4389]) 4390if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4391 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4392 [Define if your system uses access rights style 4393 file descriptor passing]) 4394fi 4395 4396AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4397AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4398#include <sys/param.h> 4399#include <sys/stat.h> 4400#ifdef HAVE_SYS_TIME_H 4401# include <sys/time.h> 4402#endif 4403#ifdef HAVE_SYS_MOUNT_H 4404#include <sys/mount.h> 4405#endif 4406#ifdef HAVE_SYS_STATVFS_H 4407#include <sys/statvfs.h> 4408#endif 4409 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4410 [ AC_MSG_RESULT([yes]) ], 4411 [ AC_MSG_RESULT([no]) 4412 4413 AC_MSG_CHECKING([if fsid_t has member val]) 4414 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4415#include <sys/types.h> 4416#include <sys/statvfs.h> 4417 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4418 [ AC_MSG_RESULT([yes]) 4419 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4420 [ AC_MSG_RESULT([no]) ]) 4421 4422 AC_MSG_CHECKING([if f_fsid has member __val]) 4423 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4424#include <sys/types.h> 4425#include <sys/statvfs.h> 4426 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4427 [ AC_MSG_RESULT([yes]) 4428 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4429 [ AC_MSG_RESULT([no]) ]) 4430]) 4431 4432AC_CACHE_CHECK([for msg_control field in struct msghdr], 4433 ac_cv_have_control_in_msghdr, [ 4434 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4435#include <sys/types.h> 4436#include <sys/socket.h> 4437#include <sys/uio.h> 4438#include <stdlib.h> 4439 ]], [[ 4440#ifdef msg_control 4441#error "msg_control is a macro" 4442exit(1); 4443#endif 4444struct msghdr m; 4445m.msg_control = 0; 4446exit(0); 4447 ]])], 4448 [ ac_cv_have_control_in_msghdr="yes" ], 4449 [ ac_cv_have_control_in_msghdr="no" ] 4450 ) 4451]) 4452if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4453 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4454 [Define if your system uses ancillary data style 4455 file descriptor passing]) 4456fi 4457 4458AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4459 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4460 [[ extern char *__progname; printf("%s", __progname); ]])], 4461 [ ac_cv_libc_defines___progname="yes" ], 4462 [ ac_cv_libc_defines___progname="no" 4463 ]) 4464]) 4465if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4466 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4467fi 4468 4469AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4470 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4471 [[ printf("%s", __FUNCTION__); ]])], 4472 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4473 [ ac_cv_cc_implements___FUNCTION__="no" 4474 ]) 4475]) 4476if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4477 AC_DEFINE([HAVE___FUNCTION__], [1], 4478 [Define if compiler implements __FUNCTION__]) 4479fi 4480 4481AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4482 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4483 [[ printf("%s", __func__); ]])], 4484 [ ac_cv_cc_implements___func__="yes" ], 4485 [ ac_cv_cc_implements___func__="no" 4486 ]) 4487]) 4488if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4489 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4490fi 4491 4492AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4493 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4494#include <stdarg.h> 4495va_list x,y; 4496 ]], [[ va_copy(x,y); ]])], 4497 [ ac_cv_have_va_copy="yes" ], 4498 [ ac_cv_have_va_copy="no" 4499 ]) 4500]) 4501if test "x$ac_cv_have_va_copy" = "xyes" ; then 4502 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4503fi 4504 4505AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4506 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4507#include <stdarg.h> 4508va_list x,y; 4509 ]], [[ __va_copy(x,y); ]])], 4510 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4511 ]) 4512]) 4513if test "x$ac_cv_have___va_copy" = "xyes" ; then 4514 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4515fi 4516 4517AC_CACHE_CHECK([whether getopt has optreset support], 4518 ac_cv_have_getopt_optreset, [ 4519 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4520 [[ extern int optreset; optreset = 0; ]])], 4521 [ ac_cv_have_getopt_optreset="yes" ], 4522 [ ac_cv_have_getopt_optreset="no" 4523 ]) 4524]) 4525if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4526 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4527 [Define if your getopt(3) defines and uses optreset]) 4528fi 4529 4530AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4531 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4532[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4533 [ ac_cv_libc_defines_sys_errlist="yes" ], 4534 [ ac_cv_libc_defines_sys_errlist="no" 4535 ]) 4536]) 4537if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4538 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4539 [Define if your system defines sys_errlist[]]) 4540fi 4541 4542 4543AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4544 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4545[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4546 [ ac_cv_libc_defines_sys_nerr="yes" ], 4547 [ ac_cv_libc_defines_sys_nerr="no" 4548 ]) 4549]) 4550if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4551 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4552fi 4553 4554# Check libraries needed by DNS fingerprint support 4555AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4556 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4557 [Define if getrrsetbyname() exists])], 4558 [ 4559 # Needed by our getrrsetbyname() 4560 AC_SEARCH_LIBS([res_query], [resolv]) 4561 AC_SEARCH_LIBS([dn_expand], [resolv]) 4562 AC_MSG_CHECKING([if res_query will link]) 4563 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4564#include <sys/types.h> 4565#include <netinet/in.h> 4566#include <arpa/nameser.h> 4567#include <netdb.h> 4568#include <resolv.h> 4569 ]], [[ 4570 res_query (0, 0, 0, 0, 0); 4571 ]])], 4572 AC_MSG_RESULT([yes]), 4573 [AC_MSG_RESULT([no]) 4574 saved_LIBS="$LIBS" 4575 LIBS="$LIBS -lresolv" 4576 AC_MSG_CHECKING([for res_query in -lresolv]) 4577 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4578#include <sys/types.h> 4579#include <netinet/in.h> 4580#include <arpa/nameser.h> 4581#include <netdb.h> 4582#include <resolv.h> 4583 ]], [[ 4584 res_query (0, 0, 0, 0, 0); 4585 ]])], 4586 [AC_MSG_RESULT([yes])], 4587 [LIBS="$saved_LIBS" 4588 AC_MSG_RESULT([no])]) 4589 ]) 4590 AC_CHECK_FUNCS([_getshort _getlong]) 4591 AC_CHECK_DECLS([_getshort, _getlong], , , 4592 [#include <sys/types.h> 4593 #include <arpa/nameser.h>]) 4594 AC_CHECK_MEMBER([HEADER.ad], 4595 [AC_DEFINE([HAVE_HEADER_AD], [1], 4596 [Define if HEADER.ad exists in arpa/nameser.h])], , 4597 [#include <arpa/nameser.h>]) 4598 ]) 4599 4600AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4601AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4602#include <stdio.h> 4603#if HAVE_SYS_TYPES_H 4604# include <sys/types.h> 4605#endif 4606#include <netinet/in.h> 4607#include <arpa/nameser.h> 4608#include <resolv.h> 4609extern struct __res_state _res; 4610 ]], [[ 4611struct __res_state *volatile p = &_res; /* force resolution of _res */ 4612return 0; 4613 ]],)], 4614 [AC_MSG_RESULT([yes]) 4615 AC_DEFINE([HAVE__RES_EXTERN], [1], 4616 [Define if you have struct __res_state _res as an extern]) 4617 ], 4618 [ AC_MSG_RESULT([no]) ] 4619) 4620 4621# Check whether user wants SELinux support 4622SELINUX_MSG="no" 4623LIBSELINUX="" 4624AC_ARG_WITH([selinux], 4625 [ --with-selinux Enable SELinux support], 4626 [ if test "x$withval" != "xno" ; then 4627 save_LIBS="$LIBS" 4628 AC_DEFINE([WITH_SELINUX], [1], 4629 [Define if you want SELinux support.]) 4630 SELINUX_MSG="yes" 4631 AC_CHECK_HEADER([selinux/selinux.h], , 4632 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4633 AC_CHECK_LIB([selinux], [setexeccon], 4634 [ LIBSELINUX="-lselinux" 4635 LIBS="$LIBS -lselinux" 4636 ], 4637 AC_MSG_ERROR([SELinux support requires libselinux library])) 4638 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4639 LIBS="$save_LIBS $LIBSELINUX" 4640 fi ] 4641) 4642AC_SUBST([SSHDLIBS]) 4643 4644# Check whether user wants Kerberos 5 support 4645KRB5_MSG="no" 4646AC_ARG_WITH([kerberos5], 4647 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4648 [ if test "x$withval" != "xno" ; then 4649 if test "x$withval" = "xyes" ; then 4650 KRB5ROOT="/usr/local" 4651 else 4652 KRB5ROOT=${withval} 4653 fi 4654 4655 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4656 KRB5_MSG="yes" 4657 4658 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 4659 use_pkgconfig_for_krb5= 4660 if test "x$PKGCONFIG" != "xno"; then 4661 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4662 if "$PKGCONFIG" krb5; then 4663 AC_MSG_RESULT([yes]) 4664 use_pkgconfig_for_krb5=yes 4665 else 4666 AC_MSG_RESULT([no]) 4667 fi 4668 fi 4669 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4670 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4671 K5LIBS=`$PKGCONFIG --libs krb5` 4672 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4673 4674 AC_MSG_CHECKING([for gssapi support]) 4675 if "$PKGCONFIG" krb5-gssapi; then 4676 AC_MSG_RESULT([yes]) 4677 AC_DEFINE([GSSAPI], [1], 4678 [Define this if you want GSSAPI 4679 support in the version 2 protocol]) 4680 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4681 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4682 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4683 else 4684 AC_MSG_RESULT([no]) 4685 fi 4686 AC_MSG_CHECKING([whether we are using Heimdal]) 4687 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4688 ]], [[ char *tmp = heimdal_version; ]])], 4689 [ AC_MSG_RESULT([yes]) 4690 AC_DEFINE([HEIMDAL], [1], 4691 [Define this if you are using the Heimdal 4692 version of Kerberos V5]) ], 4693 [AC_MSG_RESULT([no]) 4694 ]) 4695 else 4696 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4697 [$KRB5ROOT/bin/krb5-config], 4698 [$KRB5ROOT/bin:$PATH]) 4699 if test -x $KRB5CONF ; then 4700 K5CFLAGS="`$KRB5CONF --cflags`" 4701 K5LIBS="`$KRB5CONF --libs`" 4702 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4703 4704 AC_MSG_CHECKING([for gssapi support]) 4705 if $KRB5CONF | grep gssapi >/dev/null ; then 4706 AC_MSG_RESULT([yes]) 4707 AC_DEFINE([GSSAPI], [1], 4708 [Define this if you want GSSAPI 4709 support in the version 2 protocol]) 4710 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4711 GSSLIBS="`$KRB5CONF --libs gssapi`" 4712 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4713 else 4714 AC_MSG_RESULT([no]) 4715 fi 4716 AC_MSG_CHECKING([whether we are using Heimdal]) 4717 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4718 ]], [[ char *tmp = heimdal_version; ]])], 4719 [ AC_MSG_RESULT([yes]) 4720 AC_DEFINE([HEIMDAL], [1], 4721 [Define this if you are using the Heimdal 4722 version of Kerberos V5]) ], 4723 [AC_MSG_RESULT([no]) 4724 ]) 4725 else 4726 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4727 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4728 AC_MSG_CHECKING([whether we are using Heimdal]) 4729 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4730 ]], [[ char *tmp = heimdal_version; ]])], 4731 [ AC_MSG_RESULT([yes]) 4732 AC_DEFINE([HEIMDAL]) 4733 K5LIBS="-lkrb5" 4734 K5LIBS="$K5LIBS -lcom_err -lasn1" 4735 AC_CHECK_LIB([roken], [net_write], 4736 [K5LIBS="$K5LIBS -lroken"]) 4737 AC_CHECK_LIB([des], [des_cbc_encrypt], 4738 [K5LIBS="$K5LIBS -ldes"]) 4739 ], [ AC_MSG_RESULT([no]) 4740 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4741 ]) 4742 AC_SEARCH_LIBS([dn_expand], [resolv]) 4743 4744 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4745 [ AC_DEFINE([GSSAPI]) 4746 GSSLIBS="-lgssapi_krb5" ], 4747 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4748 [ AC_DEFINE([GSSAPI]) 4749 GSSLIBS="-lgssapi" ], 4750 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4751 [ AC_DEFINE([GSSAPI]) 4752 GSSLIBS="-lgss" ], 4753 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4754 ]) 4755 ]) 4756 4757 AC_CHECK_HEADER([gssapi.h], , 4758 [ unset ac_cv_header_gssapi_h 4759 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4760 AC_CHECK_HEADERS([gssapi.h], , 4761 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4762 ) 4763 ] 4764 ) 4765 4766 oldCPP="$CPPFLAGS" 4767 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4768 AC_CHECK_HEADER([gssapi_krb5.h], , 4769 [ CPPFLAGS="$oldCPP" ]) 4770 4771 fi 4772 fi 4773 if test -n "${rpath_opt}" ; then 4774 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4775 fi 4776 if test ! -z "$blibpath" ; then 4777 blibpath="$blibpath:${KRB5ROOT}/lib" 4778 fi 4779 4780 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4781 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4782 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4783 4784 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4785 [Define this if you want to use libkafs' AFS support])]) 4786 4787 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4788#ifdef HAVE_GSSAPI_H 4789# include <gssapi.h> 4790#elif defined(HAVE_GSSAPI_GSSAPI_H) 4791# include <gssapi/gssapi.h> 4792#endif 4793 4794#ifdef HAVE_GSSAPI_GENERIC_H 4795# include <gssapi_generic.h> 4796#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4797# include <gssapi/gssapi_generic.h> 4798#endif 4799 ]]) 4800 saved_LIBS="$LIBS" 4801 LIBS="$LIBS $K5LIBS" 4802 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4803 LIBS="$saved_LIBS" 4804 4805 fi 4806 ] 4807) 4808AC_SUBST([GSSLIBS]) 4809AC_SUBST([K5LIBS]) 4810 4811# Looking for programs, paths and files 4812 4813PRIVSEP_PATH=/var/empty 4814AC_ARG_WITH([privsep-path], 4815 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4816 [ 4817 if test -n "$withval" && test "x$withval" != "xno" && \ 4818 test "x${withval}" != "xyes"; then 4819 PRIVSEP_PATH=$withval 4820 fi 4821 ] 4822) 4823AC_SUBST([PRIVSEP_PATH]) 4824 4825AC_ARG_WITH([xauth], 4826 [ --with-xauth=PATH Specify path to xauth program ], 4827 [ 4828 if test -n "$withval" && test "x$withval" != "xno" && \ 4829 test "x${withval}" != "xyes"; then 4830 xauth_path=$withval 4831 fi 4832 ], 4833 [ 4834 TestPath="$PATH" 4835 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4836 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4837 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4838 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4839 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4840 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4841 xauth_path="/usr/openwin/bin/xauth" 4842 fi 4843 ] 4844) 4845 4846STRIP_OPT=-s 4847AC_ARG_ENABLE([strip], 4848 [ --disable-strip Disable calling strip(1) on install], 4849 [ 4850 if test "x$enableval" = "xno" ; then 4851 STRIP_OPT= 4852 fi 4853 ] 4854) 4855AC_SUBST([STRIP_OPT]) 4856 4857if test -z "$xauth_path" ; then 4858 XAUTH_PATH="undefined" 4859 AC_SUBST([XAUTH_PATH]) 4860else 4861 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4862 [Define if xauth is found in your path]) 4863 XAUTH_PATH=$xauth_path 4864 AC_SUBST([XAUTH_PATH]) 4865fi 4866 4867dnl # --with-maildir=/path/to/mail gets top priority. 4868dnl # if maildir is set in the platform case statement above we use that. 4869dnl # Otherwise we run a program to get the dir from system headers. 4870dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4871dnl # If we find _PATH_MAILDIR we do nothing because that is what 4872dnl # session.c expects anyway. Otherwise we set to the value found 4873dnl # stripping any trailing slash. If for some strage reason our program 4874dnl # does not find what it needs, we default to /var/spool/mail. 4875# Check for mail directory 4876AC_ARG_WITH([maildir], 4877 [ --with-maildir=/path/to/mail Specify your system mail directory], 4878 [ 4879 if test "X$withval" != X && test "x$withval" != xno && \ 4880 test "x${withval}" != xyes; then 4881 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4882 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4883 fi 4884 ],[ 4885 if test "X$maildir" != "X"; then 4886 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4887 else 4888 AC_MSG_CHECKING([Discovering system mail directory]) 4889 AC_RUN_IFELSE( 4890 [AC_LANG_PROGRAM([[ 4891#include <stdio.h> 4892#include <stdlib.h> 4893#include <string.h> 4894#ifdef HAVE_PATHS_H 4895#include <paths.h> 4896#endif 4897#ifdef HAVE_MAILLOCK_H 4898#include <maillock.h> 4899#endif 4900#define DATA "conftest.maildir" 4901 ]], [[ 4902 FILE *fd; 4903 int rc; 4904 4905 fd = fopen(DATA,"w"); 4906 if(fd == NULL) 4907 exit(1); 4908 4909#if defined (_PATH_MAILDIR) 4910 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4911 exit(1); 4912#elif defined (MAILDIR) 4913 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4914 exit(1); 4915#elif defined (_PATH_MAIL) 4916 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4917 exit(1); 4918#else 4919 exit (2); 4920#endif 4921 4922 exit(0); 4923 ]])], 4924 [ 4925 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4926 maildir=`awk -F: '{print $2}' conftest.maildir \ 4927 | sed 's|/$||'` 4928 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4929 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4930 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4931 fi 4932 ], 4933 [ 4934 if test "X$ac_status" = "X2";then 4935# our test program didn't find it. Default to /var/spool/mail 4936 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4937 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4938 else 4939 AC_MSG_RESULT([*** not found ***]) 4940 fi 4941 ], 4942 [ 4943 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4944 ] 4945 ) 4946 fi 4947 ] 4948) # maildir 4949 4950if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4951 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4952 disable_ptmx_check=yes 4953fi 4954if test -z "$no_dev_ptmx" ; then 4955 if test "x$disable_ptmx_check" != "xyes" ; then 4956 AC_CHECK_FILE(["/dev/ptmx"], 4957 [ 4958 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4959 [Define if you have /dev/ptmx]) 4960 have_dev_ptmx=1 4961 ] 4962 ) 4963 fi 4964fi 4965 4966if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4967 AC_CHECK_FILE(["/dev/ptc"], 4968 [ 4969 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4970 [Define if you have /dev/ptc]) 4971 have_dev_ptc=1 4972 ] 4973 ) 4974else 4975 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4976fi 4977 4978# Options from here on. Some of these are preset by platform above 4979AC_ARG_WITH([mantype], 4980 [ --with-mantype=man|cat|doc Set man page type], 4981 [ 4982 case "$withval" in 4983 man|cat|doc) 4984 MANTYPE=$withval 4985 ;; 4986 *) 4987 AC_MSG_ERROR([invalid man type: $withval]) 4988 ;; 4989 esac 4990 ] 4991) 4992if test -z "$MANTYPE"; then 4993 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4994 MANTYPE=doc 4995 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4996 MANTYPE=doc 4997 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4998 MANTYPE=man 4999 else 5000 MANTYPE=cat 5001 fi 5002fi 5003AC_SUBST([MANTYPE]) 5004if test "$MANTYPE" = "doc"; then 5005 mansubdir=man; 5006else 5007 mansubdir=$MANTYPE; 5008fi 5009AC_SUBST([mansubdir]) 5010 5011# Check whether to enable MD5 passwords 5012MD5_MSG="no" 5013AC_ARG_WITH([md5-passwords], 5014 [ --with-md5-passwords Enable use of MD5 passwords], 5015 [ 5016 if test "x$withval" != "xno" ; then 5017 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 5018 [Define if you want to allow MD5 passwords]) 5019 MD5_MSG="yes" 5020 fi 5021 ] 5022) 5023 5024# Whether to disable shadow password support 5025AC_ARG_WITH([shadow], 5026 [ --without-shadow Disable shadow password support], 5027 [ 5028 if test "x$withval" = "xno" ; then 5029 AC_DEFINE([DISABLE_SHADOW]) 5030 disable_shadow=yes 5031 fi 5032 ] 5033) 5034 5035if test -z "$disable_shadow" ; then 5036 AC_MSG_CHECKING([if the systems has expire shadow information]) 5037 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5038#include <sys/types.h> 5039#include <shadow.h> 5040struct spwd sp; 5041 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5042 [ sp_expire_available=yes ], [ 5043 ]) 5044 5045 if test "x$sp_expire_available" = "xyes" ; then 5046 AC_MSG_RESULT([yes]) 5047 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5048 [Define if you want to use shadow password expire field]) 5049 else 5050 AC_MSG_RESULT([no]) 5051 fi 5052fi 5053 5054# Use ip address instead of hostname in $DISPLAY 5055if test ! -z "$IPADDR_IN_DISPLAY" ; then 5056 DISPLAY_HACK_MSG="yes" 5057 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5058 [Define if you need to use IP address 5059 instead of hostname in $DISPLAY]) 5060else 5061 DISPLAY_HACK_MSG="no" 5062 AC_ARG_WITH([ipaddr-display], 5063 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5064 [ 5065 if test "x$withval" != "xno" ; then 5066 AC_DEFINE([IPADDR_IN_DISPLAY]) 5067 DISPLAY_HACK_MSG="yes" 5068 fi 5069 ] 5070 ) 5071fi 5072 5073# check for /etc/default/login and use it if present. 5074AC_ARG_ENABLE([etc-default-login], 5075 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5076 [ if test "x$enableval" = "xno"; then 5077 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5078 etc_default_login=no 5079 else 5080 etc_default_login=yes 5081 fi ], 5082 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5083 then 5084 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5085 etc_default_login=no 5086 else 5087 etc_default_login=yes 5088 fi ] 5089) 5090 5091if test "x$etc_default_login" != "xno"; then 5092 AC_CHECK_FILE(["/etc/default/login"], 5093 [ external_path_file=/etc/default/login ]) 5094 if test "x$external_path_file" = "x/etc/default/login"; then 5095 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5096 [Define if your system has /etc/default/login]) 5097 fi 5098fi 5099 5100dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5101if test $ac_cv_func_login_getcapbool = "yes" && \ 5102 test $ac_cv_header_login_cap_h = "yes" ; then 5103 external_path_file=/etc/login.conf 5104fi 5105 5106# Whether to mess with the default path 5107SERVER_PATH_MSG="(default)" 5108AC_ARG_WITH([default-path], 5109 [ --with-default-path= Specify default $PATH environment for server], 5110 [ 5111 if test "x$external_path_file" = "x/etc/login.conf" ; then 5112 AC_MSG_WARN([ 5113--with-default-path=PATH has no effect on this system. 5114Edit /etc/login.conf instead.]) 5115 elif test "x$withval" != "xno" ; then 5116 if test ! -z "$external_path_file" ; then 5117 AC_MSG_WARN([ 5118--with-default-path=PATH will only be used if PATH is not defined in 5119$external_path_file .]) 5120 fi 5121 user_path="$withval" 5122 SERVER_PATH_MSG="$withval" 5123 fi 5124 ], 5125 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5126 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5127 else 5128 if test ! -z "$external_path_file" ; then 5129 AC_MSG_WARN([ 5130If PATH is defined in $external_path_file, ensure the path to scp is included, 5131otherwise scp will not work.]) 5132 fi 5133 AC_RUN_IFELSE( 5134 [AC_LANG_PROGRAM([[ 5135/* find out what STDPATH is */ 5136#include <stdio.h> 5137#include <stdlib.h> 5138#ifdef HAVE_PATHS_H 5139# include <paths.h> 5140#endif 5141#ifndef _PATH_STDPATH 5142# ifdef _PATH_USERPATH /* Irix */ 5143# define _PATH_STDPATH _PATH_USERPATH 5144# else 5145# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5146# endif 5147#endif 5148#include <sys/types.h> 5149#include <sys/stat.h> 5150#include <fcntl.h> 5151#define DATA "conftest.stdpath" 5152 ]], [[ 5153 FILE *fd; 5154 int rc; 5155 5156 fd = fopen(DATA,"w"); 5157 if(fd == NULL) 5158 exit(1); 5159 5160 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5161 exit(1); 5162 5163 exit(0); 5164 ]])], 5165 [ user_path=`cat conftest.stdpath` ], 5166 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5167 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5168 ) 5169# make sure $bindir is in USER_PATH so scp will work 5170 t_bindir="${bindir}" 5171 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5172 t_bindir=`eval echo ${t_bindir}` 5173 case $t_bindir in 5174 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5175 esac 5176 case $t_bindir in 5177 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5178 esac 5179 done 5180 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5181 if test $? -ne 0 ; then 5182 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5183 if test $? -ne 0 ; then 5184 user_path=$user_path:$t_bindir 5185 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5186 fi 5187 fi 5188 fi ] 5189) 5190if test "x$external_path_file" != "x/etc/login.conf" ; then 5191 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5192 AC_SUBST([user_path]) 5193fi 5194 5195# Set superuser path separately to user path 5196AC_ARG_WITH([superuser-path], 5197 [ --with-superuser-path= Specify different path for super-user], 5198 [ 5199 if test -n "$withval" && test "x$withval" != "xno" && \ 5200 test "x${withval}" != "xyes"; then 5201 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5202 [Define if you want a different $PATH 5203 for the superuser]) 5204 superuser_path=$withval 5205 fi 5206 ] 5207) 5208 5209 5210AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5211IPV4_IN6_HACK_MSG="no" 5212AC_ARG_WITH(4in6, 5213 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5214 [ 5215 if test "x$withval" != "xno" ; then 5216 AC_MSG_RESULT([yes]) 5217 AC_DEFINE([IPV4_IN_IPV6], [1], 5218 [Detect IPv4 in IPv6 mapped addresses 5219 and treat as IPv4]) 5220 IPV4_IN6_HACK_MSG="yes" 5221 else 5222 AC_MSG_RESULT([no]) 5223 fi 5224 ], [ 5225 if test "x$inet6_default_4in6" = "xyes"; then 5226 AC_MSG_RESULT([yes (default)]) 5227 AC_DEFINE([IPV4_IN_IPV6]) 5228 IPV4_IN6_HACK_MSG="yes" 5229 else 5230 AC_MSG_RESULT([no (default)]) 5231 fi 5232 ] 5233) 5234 5235# Whether to enable BSD auth support 5236BSD_AUTH_MSG=no 5237AC_ARG_WITH([bsd-auth], 5238 [ --with-bsd-auth Enable BSD auth support], 5239 [ 5240 if test "x$withval" != "xno" ; then 5241 AC_DEFINE([BSD_AUTH], [1], 5242 [Define if you have BSD auth support]) 5243 BSD_AUTH_MSG=yes 5244 fi 5245 ] 5246) 5247 5248# Where to place sshd.pid 5249piddir=/var/run 5250# make sure the directory exists 5251if test ! -d $piddir ; then 5252 piddir=`eval echo ${sysconfdir}` 5253 case $piddir in 5254 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5255 esac 5256fi 5257 5258AC_ARG_WITH([pid-dir], 5259 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5260 [ 5261 if test -n "$withval" && test "x$withval" != "xno" && \ 5262 test "x${withval}" != "xyes"; then 5263 piddir=$withval 5264 if test ! -d $piddir ; then 5265 AC_MSG_WARN([** no $piddir directory on this system **]) 5266 fi 5267 fi 5268 ] 5269) 5270 5271AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5272 [Specify location of ssh.pid]) 5273AC_SUBST([piddir]) 5274 5275dnl allow user to disable some login recording features 5276AC_ARG_ENABLE([lastlog], 5277 [ --disable-lastlog disable use of lastlog even if detected [no]], 5278 [ 5279 if test "x$enableval" = "xno" ; then 5280 AC_DEFINE([DISABLE_LASTLOG]) 5281 fi 5282 ] 5283) 5284AC_ARG_ENABLE([utmp], 5285 [ --disable-utmp disable use of utmp even if detected [no]], 5286 [ 5287 if test "x$enableval" = "xno" ; then 5288 AC_DEFINE([DISABLE_UTMP]) 5289 fi 5290 ] 5291) 5292AC_ARG_ENABLE([utmpx], 5293 [ --disable-utmpx disable use of utmpx even if detected [no]], 5294 [ 5295 if test "x$enableval" = "xno" ; then 5296 AC_DEFINE([DISABLE_UTMPX], [1], 5297 [Define if you don't want to use utmpx]) 5298 fi 5299 ] 5300) 5301AC_ARG_ENABLE([wtmp], 5302 [ --disable-wtmp disable use of wtmp even if detected [no]], 5303 [ 5304 if test "x$enableval" = "xno" ; then 5305 AC_DEFINE([DISABLE_WTMP]) 5306 fi 5307 ] 5308) 5309AC_ARG_ENABLE([wtmpx], 5310 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5311 [ 5312 if test "x$enableval" = "xno" ; then 5313 AC_DEFINE([DISABLE_WTMPX], [1], 5314 [Define if you don't want to use wtmpx]) 5315 fi 5316 ] 5317) 5318AC_ARG_ENABLE([libutil], 5319 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5320 [ 5321 if test "x$enableval" = "xno" ; then 5322 AC_DEFINE([DISABLE_LOGIN]) 5323 fi 5324 ] 5325) 5326AC_ARG_ENABLE([pututline], 5327 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5328 [ 5329 if test "x$enableval" = "xno" ; then 5330 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5331 [Define if you don't want to use pututline() 5332 etc. to write [uw]tmp]) 5333 fi 5334 ] 5335) 5336AC_ARG_ENABLE([pututxline], 5337 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5338 [ 5339 if test "x$enableval" = "xno" ; then 5340 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5341 [Define if you don't want to use pututxline() 5342 etc. to write [uw]tmpx]) 5343 fi 5344 ] 5345) 5346AC_ARG_WITH([lastlog], 5347 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5348 [ 5349 if test "x$withval" = "xno" ; then 5350 AC_DEFINE([DISABLE_LASTLOG]) 5351 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5352 conf_lastlog_location=$withval 5353 fi 5354 ] 5355) 5356 5357dnl lastlog, [uw]tmpx? detection 5358dnl NOTE: set the paths in the platform section to avoid the 5359dnl need for command-line parameters 5360dnl lastlog and [uw]tmp are subject to a file search if all else fails 5361 5362dnl lastlog detection 5363dnl NOTE: the code itself will detect if lastlog is a directory 5364AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5365AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5366#include <sys/types.h> 5367#include <utmp.h> 5368#ifdef HAVE_LASTLOG_H 5369# include <lastlog.h> 5370#endif 5371#ifdef HAVE_PATHS_H 5372# include <paths.h> 5373#endif 5374#ifdef HAVE_LOGIN_H 5375# include <login.h> 5376#endif 5377 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5378 [ AC_MSG_RESULT([yes]) ], 5379 [ 5380 AC_MSG_RESULT([no]) 5381 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5382 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5383#include <sys/types.h> 5384#include <utmp.h> 5385#ifdef HAVE_LASTLOG_H 5386# include <lastlog.h> 5387#endif 5388#ifdef HAVE_PATHS_H 5389# include <paths.h> 5390#endif 5391 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5392 [ AC_MSG_RESULT([yes]) ], 5393 [ 5394 AC_MSG_RESULT([no]) 5395 system_lastlog_path=no 5396 ]) 5397]) 5398 5399if test -z "$conf_lastlog_location"; then 5400 if test x"$system_lastlog_path" = x"no" ; then 5401 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5402 if (test -d "$f" || test -f "$f") ; then 5403 conf_lastlog_location=$f 5404 fi 5405 done 5406 if test -z "$conf_lastlog_location"; then 5407 AC_MSG_WARN([** Cannot find lastlog **]) 5408 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5409 fi 5410 fi 5411fi 5412 5413if test -n "$conf_lastlog_location"; then 5414 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5415 [Define if you want to specify the path to your lastlog file]) 5416fi 5417 5418dnl utmp detection 5419AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5420AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5421#include <sys/types.h> 5422#include <utmp.h> 5423#ifdef HAVE_PATHS_H 5424# include <paths.h> 5425#endif 5426 ]], [[ char *utmp = UTMP_FILE; ]])], 5427 [ AC_MSG_RESULT([yes]) ], 5428 [ AC_MSG_RESULT([no]) 5429 system_utmp_path=no 5430]) 5431if test -z "$conf_utmp_location"; then 5432 if test x"$system_utmp_path" = x"no" ; then 5433 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5434 if test -f $f ; then 5435 conf_utmp_location=$f 5436 fi 5437 done 5438 if test -z "$conf_utmp_location"; then 5439 AC_DEFINE([DISABLE_UTMP]) 5440 fi 5441 fi 5442fi 5443if test -n "$conf_utmp_location"; then 5444 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5445 [Define if you want to specify the path to your utmp file]) 5446fi 5447 5448dnl wtmp detection 5449AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5450AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5451#include <sys/types.h> 5452#include <utmp.h> 5453#ifdef HAVE_PATHS_H 5454# include <paths.h> 5455#endif 5456 ]], [[ char *wtmp = WTMP_FILE; ]])], 5457 [ AC_MSG_RESULT([yes]) ], 5458 [ AC_MSG_RESULT([no]) 5459 system_wtmp_path=no 5460]) 5461if test -z "$conf_wtmp_location"; then 5462 if test x"$system_wtmp_path" = x"no" ; then 5463 for f in /usr/adm/wtmp /var/log/wtmp; do 5464 if test -f $f ; then 5465 conf_wtmp_location=$f 5466 fi 5467 done 5468 if test -z "$conf_wtmp_location"; then 5469 AC_DEFINE([DISABLE_WTMP]) 5470 fi 5471 fi 5472fi 5473if test -n "$conf_wtmp_location"; then 5474 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5475 [Define if you want to specify the path to your wtmp file]) 5476fi 5477 5478dnl wtmpx detection 5479AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5480AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5481#include <sys/types.h> 5482#include <utmp.h> 5483#ifdef HAVE_UTMPX_H 5484#include <utmpx.h> 5485#endif 5486#ifdef HAVE_PATHS_H 5487# include <paths.h> 5488#endif 5489 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5490 [ AC_MSG_RESULT([yes]) ], 5491 [ AC_MSG_RESULT([no]) 5492 system_wtmpx_path=no 5493]) 5494if test -z "$conf_wtmpx_location"; then 5495 if test x"$system_wtmpx_path" = x"no" ; then 5496 AC_DEFINE([DISABLE_WTMPX]) 5497 fi 5498else 5499 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5500 [Define if you want to specify the path to your wtmpx file]) 5501fi 5502 5503 5504if test ! -z "$blibpath" ; then 5505 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5506 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5507fi 5508 5509AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5510 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5511 AC_DEFINE([DISABLE_LASTLOG]) 5512 fi 5513 ], [ 5514#ifdef HAVE_SYS_TYPES_H 5515#include <sys/types.h> 5516#endif 5517#ifdef HAVE_UTMP_H 5518#include <utmp.h> 5519#endif 5520#ifdef HAVE_UTMPX_H 5521#include <utmpx.h> 5522#endif 5523#ifdef HAVE_LASTLOG_H 5524#include <lastlog.h> 5525#endif 5526 ]) 5527 5528AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5529 AC_DEFINE([DISABLE_UTMP]) 5530 AC_DEFINE([DISABLE_WTMP]) 5531 ], [ 5532#ifdef HAVE_SYS_TYPES_H 5533#include <sys/types.h> 5534#endif 5535#ifdef HAVE_UTMP_H 5536#include <utmp.h> 5537#endif 5538#ifdef HAVE_UTMPX_H 5539#include <utmpx.h> 5540#endif 5541#ifdef HAVE_LASTLOG_H 5542#include <lastlog.h> 5543#endif 5544 ]) 5545 5546dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5547dnl Add now. 5548CFLAGS="$CFLAGS $werror_flags" 5549 5550if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5551 TEST_SSH_IPV6=no 5552else 5553 TEST_SSH_IPV6=yes 5554fi 5555AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5556AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5557AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5558AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5559AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5560AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5561 5562CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5563LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5564 5565# Make a copy of CFLAGS/LDFLAGS without PIE options. 5566LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5567CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5568AC_SUBST([LDFLAGS_NOPIE]) 5569AC_SUBST([CFLAGS_NOPIE]) 5570 5571AC_EXEEXT 5572AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5573 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5574 survey.sh]) 5575AC_OUTPUT 5576 5577# Print summary of options 5578 5579# Someone please show me a better way :) 5580A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5581B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5582C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5583D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5584E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5585F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5586G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5587H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5588I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5589J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5590 5591echo "" 5592echo "OpenSSH has been configured with the following options:" 5593echo " User binaries: $B" 5594echo " System binaries: $C" 5595echo " Configuration files: $D" 5596echo " Askpass program: $E" 5597echo " Manual pages: $F" 5598echo " PID file: $G" 5599echo " Privilege separation chroot path: $H" 5600if test "x$external_path_file" = "x/etc/login.conf" ; then 5601echo " At runtime, sshd will use the path defined in $external_path_file" 5602echo " Make sure the path to scp is present, otherwise scp will not work" 5603else 5604echo " sshd default user PATH: $I" 5605 if test ! -z "$external_path_file"; then 5606echo " (If PATH is set in $external_path_file it will be used instead. If" 5607echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5608 fi 5609fi 5610if test ! -z "$superuser_path" ; then 5611echo " sshd superuser user PATH: $J" 5612fi 5613echo " Manpage format: $MANTYPE" 5614echo " PAM support: $PAM_MSG" 5615echo " OSF SIA support: $SIA_MSG" 5616echo " KerberosV support: $KRB5_MSG" 5617echo " SELinux support: $SELINUX_MSG" 5618echo " TCP Wrappers support: $TCPW_MSG" 5619echo " MD5 password support: $MD5_MSG" 5620echo " libedit support: $LIBEDIT_MSG" 5621echo " libldns support: $LDNS_MSG" 5622echo " Solaris process contract support: $SPC_MSG" 5623echo " Solaris project support: $SP_MSG" 5624echo " Solaris privilege support: $SPP_MSG" 5625echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5626echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5627echo " BSD Auth support: $BSD_AUTH_MSG" 5628echo " Random number source: $RAND_MSG" 5629echo " Privsep sandbox style: $SANDBOX_STYLE" 5630echo " PKCS#11 support: $enable_pkcs11" 5631echo " U2F/FIDO support: $enable_sk" 5632 5633echo "" 5634 5635echo " Host: ${host}" 5636echo " Compiler: ${CC}" 5637echo " Compiler flags: ${CFLAGS}" 5638echo "Preprocessor flags: ${CPPFLAGS}" 5639echo " Linker flags: ${LDFLAGS}" 5640echo " Libraries: ${LIBS}" 5641if test ! -z "${SSHDLIBS}"; then 5642echo " +for sshd: ${SSHDLIBS}" 5643fi 5644 5645echo "" 5646 5647if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5648 echo "SVR4 style packages are supported with \"make package\"" 5649 echo "" 5650fi 5651 5652if test "x$PAM_MSG" = "xyes" ; then 5653 echo "PAM is enabled. You may need to install a PAM control file " 5654 echo "for sshd, otherwise password authentication may fail. " 5655 echo "Example PAM control files can be found in the contrib/ " 5656 echo "subdirectory" 5657 echo "" 5658fi 5659 5660if test ! -z "$NO_PEERCHECK" ; then 5661 echo "WARNING: the operating system that you are using does not" 5662 echo "appear to support getpeereid(), getpeerucred() or the" 5663 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5664 echo "enforce security checks to prevent unauthorised connections to" 5665 echo "ssh-agent. Their absence increases the risk that a malicious" 5666 echo "user can connect to your agent." 5667 echo "" 5668fi 5669 5670if test "$AUDIT_MODULE" = "bsm" ; then 5671 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5672 echo "See the Solaris section in README.platform for details." 5673fi 5674