1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_REVISION($Revision: 1.583 $) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([ENT], [ent]) 38AC_SUBST([ENT]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 40AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 42AC_PATH_PROG([SH], [sh]) 43AC_PATH_PROG([GROFF], [groff]) 44AC_PATH_PROG([NROFF], [nroff]) 45AC_PATH_PROG([MANDOC], [mandoc]) 46AC_SUBST([TEST_SHELL], [sh]) 47 48dnl select manpage formatter 49if test "x$MANDOC" != "x" ; then 50 MANFMT="$MANDOC" 51elif test "x$NROFF" != "x" ; then 52 MANFMT="$NROFF -mandoc" 53elif test "x$GROFF" != "x" ; then 54 MANFMT="$GROFF -mandoc -Tascii" 55else 56 AC_MSG_WARN([no manpage formatted found]) 57 MANFMT="false" 58fi 59AC_SUBST([MANFMT]) 60 61dnl for buildpkg.sh 62AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 67if test -x /sbin/sh; then 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 69else 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 71fi 72 73# System features 74AC_SYS_LARGEFILE 75 76if test -z "$AR" ; then 77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 78fi 79 80AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 81if test ! -z "$PATH_PASSWD_PROG" ; then 82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 83 [Full path of your "passwd" program]) 84fi 85 86dnl Since autoconf doesn't support it very well, we no longer allow users to 87dnl override LD, however keeping the hook here for now in case there's a use 88dnl use case we overlooked and someone needs to re-enable it. Unless a good 89dnl reason is found we'll be removing this in future. 90LD="$CC" 91AC_SUBST([LD]) 92 93AC_C_INLINE 94 95AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 96AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 97 #include <sys/types.h> 98 #include <sys/param.h> 99 #include <dev/systrace.h> 100]) 101AC_CHECK_DECL([RLIMIT_NPROC], 102 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 103 #include <sys/types.h> 104 #include <sys/resource.h> 105]) 106AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 107 #include <sys/types.h> 108 #include <linux/prctl.h> 109]) 110 111openssl=yes 112AC_ARG_WITH([openssl], 113 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 114 [ if test "x$withval" = "xno" ; then 115 openssl=no 116 fi 117 ] 118) 119AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 120if test "x$openssl" = "xyes" ; then 121 AC_MSG_RESULT([yes]) 122 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 123else 124 AC_MSG_RESULT([no]) 125fi 126 127use_stack_protector=1 128use_toolchain_hardening=1 129AC_ARG_WITH([stackprotect], 130 [ --without-stackprotect Don't use compiler's stack protection], [ 131 if test "x$withval" = "xno"; then 132 use_stack_protector=0 133 fi ]) 134AC_ARG_WITH([hardening], 135 [ --without-hardening Don't use toolchain hardening flags], [ 136 if test "x$withval" = "xno"; then 137 use_toolchain_hardening=0 138 fi ]) 139 140# We use -Werror for the tests only so that we catch warnings like "this is 141# on by default" for things like -fPIE. 142AC_MSG_CHECKING([if $CC supports -Werror]) 143saved_CFLAGS="$CFLAGS" 144CFLAGS="$CFLAGS -Werror" 145AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 146 [ AC_MSG_RESULT([yes]) 147 WERROR="-Werror"], 148 [ AC_MSG_RESULT([no]) 149 WERROR="" ] 150) 151CFLAGS="$saved_CFLAGS" 152 153if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 154 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 155 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 165 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 166 if test "x$use_toolchain_hardening" = "x1"; then 167 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 168 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 169 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 171 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 173 # NB. -ftrapv expects certain support functions to be present in 174 # the compiler library (libgcc or similar) to detect integer operations 175 # that can overflow. We must check that the result of enabling it 176 # actually links. The test program compiled/linked includes a number 177 # of integer operations that should exercise this. 178 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 179 fi 180 AC_MSG_CHECKING([gcc version]) 181 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 182 case $GCC_VER in 183 1.*) no_attrib_nonnull=1 ;; 184 2.8* | 2.9*) 185 no_attrib_nonnull=1 186 ;; 187 2.*) no_attrib_nonnull=1 ;; 188 *) ;; 189 esac 190 AC_MSG_RESULT([$GCC_VER]) 191 192 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 193 saved_CFLAGS="$CFLAGS" 194 CFLAGS="$CFLAGS -fno-builtin-memset" 195 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 196 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 197 [ AC_MSG_RESULT([yes]) ], 198 [ AC_MSG_RESULT([no]) 199 CFLAGS="$saved_CFLAGS" ] 200 ) 201 202 # -fstack-protector-all doesn't always work for some GCC versions 203 # and/or platforms, so we test if we can. If it's not supported 204 # on a given platform gcc will emit a warning so we use -Werror. 205 if test "x$use_stack_protector" = "x1"; then 206 for t in -fstack-protector-strong -fstack-protector-all \ 207 -fstack-protector; do 208 AC_MSG_CHECKING([if $CC supports $t]) 209 saved_CFLAGS="$CFLAGS" 210 saved_LDFLAGS="$LDFLAGS" 211 CFLAGS="$CFLAGS $t -Werror" 212 LDFLAGS="$LDFLAGS $t -Werror" 213 AC_LINK_IFELSE( 214 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 215 [[ 216 char x[256]; 217 snprintf(x, sizeof(x), "XXX"); 218 ]])], 219 [ AC_MSG_RESULT([yes]) 220 CFLAGS="$saved_CFLAGS $t" 221 LDFLAGS="$saved_LDFLAGS $t" 222 AC_MSG_CHECKING([if $t works]) 223 AC_RUN_IFELSE( 224 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 225 [[ 226 char x[256]; 227 snprintf(x, sizeof(x), "XXX"); 228 ]])], 229 [ AC_MSG_RESULT([yes]) 230 break ], 231 [ AC_MSG_RESULT([no]) ], 232 [ AC_MSG_WARN([cross compiling: cannot test]) 233 break ] 234 ) 235 ], 236 [ AC_MSG_RESULT([no]) ] 237 ) 238 CFLAGS="$saved_CFLAGS" 239 LDFLAGS="$saved_LDFLAGS" 240 done 241 fi 242 243 if test -z "$have_llong_max"; then 244 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 245 unset ac_cv_have_decl_LLONG_MAX 246 saved_CFLAGS="$CFLAGS" 247 CFLAGS="$CFLAGS -std=gnu99" 248 AC_CHECK_DECL([LLONG_MAX], 249 [have_llong_max=1], 250 [CFLAGS="$saved_CFLAGS"], 251 [#include <limits.h>] 252 ) 253 fi 254fi 255 256AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 257AC_COMPILE_IFELSE( 258 [AC_LANG_PROGRAM([[ 259#include <stdlib.h> 260__attribute__((__unused__)) static void foo(void){return;}]], 261 [[ exit(0); ]])], 262 [ AC_MSG_RESULT([yes]) ], 263 [ AC_MSG_RESULT([no]) 264 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 265 [compiler does not accept __attribute__ on return types]) ] 266) 267 268AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 269AC_COMPILE_IFELSE( 270 [AC_LANG_PROGRAM([[ 271#include <stdlib.h> 272typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 273 [[ exit(0); ]])], 274 [ AC_MSG_RESULT([yes]) ], 275 [ AC_MSG_RESULT([no]) 276 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 277 [compiler does not accept __attribute__ on prototype args]) ] 278) 279 280if test "x$no_attrib_nonnull" != "x1" ; then 281 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 282fi 283 284AC_ARG_WITH([rpath], 285 [ --without-rpath Disable auto-added -R linker paths], 286 [ 287 if test "x$withval" = "xno" ; then 288 need_dash_r="" 289 fi 290 if test "x$withval" = "xyes" ; then 291 need_dash_r=1 292 fi 293 ] 294) 295 296# Allow user to specify flags 297AC_ARG_WITH([cflags], 298 [ --with-cflags Specify additional flags to pass to compiler], 299 [ 300 if test -n "$withval" && test "x$withval" != "xno" && \ 301 test "x${withval}" != "xyes"; then 302 CFLAGS="$CFLAGS $withval" 303 fi 304 ] 305) 306 307AC_ARG_WITH([cflags-after], 308 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 309 [ 310 if test -n "$withval" && test "x$withval" != "xno" && \ 311 test "x${withval}" != "xyes"; then 312 CFLAGS_AFTER="$withval" 313 fi 314 ] 315) 316AC_ARG_WITH([cppflags], 317 [ --with-cppflags Specify additional flags to pass to preprocessor] , 318 [ 319 if test -n "$withval" && test "x$withval" != "xno" && \ 320 test "x${withval}" != "xyes"; then 321 CPPFLAGS="$CPPFLAGS $withval" 322 fi 323 ] 324) 325AC_ARG_WITH([ldflags], 326 [ --with-ldflags Specify additional flags to pass to linker], 327 [ 328 if test -n "$withval" && test "x$withval" != "xno" && \ 329 test "x${withval}" != "xyes"; then 330 LDFLAGS="$LDFLAGS $withval" 331 fi 332 ] 333) 334AC_ARG_WITH([ldflags-after], 335 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 336 [ 337 if test -n "$withval" && test "x$withval" != "xno" && \ 338 test "x${withval}" != "xyes"; then 339 LDFLAGS_AFTER="$withval" 340 fi 341 ] 342) 343AC_ARG_WITH([libs], 344 [ --with-libs Specify additional libraries to link with], 345 [ 346 if test -n "$withval" && test "x$withval" != "xno" && \ 347 test "x${withval}" != "xyes"; then 348 LIBS="$LIBS $withval" 349 fi 350 ] 351) 352AC_ARG_WITH([Werror], 353 [ --with-Werror Build main code with -Werror], 354 [ 355 if test -n "$withval" && test "x$withval" != "xno"; then 356 werror_flags="-Werror" 357 if test "x${withval}" != "xyes"; then 358 werror_flags="$withval" 359 fi 360 fi 361 ] 362) 363 364AC_CHECK_HEADERS([ \ 365 blf.h \ 366 bstring.h \ 367 crypt.h \ 368 crypto/sha2.h \ 369 dirent.h \ 370 endian.h \ 371 elf.h \ 372 err.h \ 373 features.h \ 374 fcntl.h \ 375 floatingpoint.h \ 376 getopt.h \ 377 glob.h \ 378 ia.h \ 379 iaf.h \ 380 ifaddrs.h \ 381 inttypes.h \ 382 langinfo.h \ 383 limits.h \ 384 locale.h \ 385 login.h \ 386 maillock.h \ 387 ndir.h \ 388 net/if_tun.h \ 389 netdb.h \ 390 netgroup.h \ 391 pam/pam_appl.h \ 392 paths.h \ 393 poll.h \ 394 pty.h \ 395 readpassphrase.h \ 396 rpc/types.h \ 397 security/pam_appl.h \ 398 sha2.h \ 399 shadow.h \ 400 stddef.h \ 401 stdint.h \ 402 string.h \ 403 strings.h \ 404 sys/bitypes.h \ 405 sys/bsdtty.h \ 406 sys/cdefs.h \ 407 sys/dir.h \ 408 sys/file.h \ 409 sys/mman.h \ 410 sys/label.h \ 411 sys/ndir.h \ 412 sys/poll.h \ 413 sys/prctl.h \ 414 sys/pstat.h \ 415 sys/ptrace.h \ 416 sys/random.h \ 417 sys/select.h \ 418 sys/stat.h \ 419 sys/stream.h \ 420 sys/stropts.h \ 421 sys/strtio.h \ 422 sys/statvfs.h \ 423 sys/sysmacros.h \ 424 sys/time.h \ 425 sys/timers.h \ 426 sys/vfs.h \ 427 time.h \ 428 tmpdir.h \ 429 ttyent.h \ 430 ucred.h \ 431 unistd.h \ 432 usersec.h \ 433 util.h \ 434 utime.h \ 435 utmp.h \ 436 utmpx.h \ 437 vis.h \ 438 wchar.h \ 439]) 440 441# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 442# to be included first. 443AC_CHECK_HEADERS([sys/audit.h], [], [], [ 444#ifdef HAVE_SYS_TIME_H 445# include <sys/time.h> 446#endif 447#ifdef HAVE_SYS_TYPES_H 448# include <sys/types.h> 449#endif 450#ifdef HAVE_SYS_LABEL_H 451# include <sys/label.h> 452#endif 453]) 454 455# sys/capsicum.h requires sys/types.h 456AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 457#ifdef HAVE_SYS_TYPES_H 458# include <sys/types.h> 459#endif 460]) 461 462# net/route.h requires sys/socket.h and sys/types.h. 463# sys/sysctl.h also requires sys/param.h 464AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 465#ifdef HAVE_SYS_TYPES_H 466# include <sys/types.h> 467#endif 468#include <sys/param.h> 469#include <sys/socket.h> 470]) 471 472# lastlog.h requires sys/time.h to be included first on Solaris 473AC_CHECK_HEADERS([lastlog.h], [], [], [ 474#ifdef HAVE_SYS_TIME_H 475# include <sys/time.h> 476#endif 477]) 478 479# sys/ptms.h requires sys/stream.h to be included first on Solaris 480AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 481#ifdef HAVE_SYS_STREAM_H 482# include <sys/stream.h> 483#endif 484]) 485 486# login_cap.h requires sys/types.h on NetBSD 487AC_CHECK_HEADERS([login_cap.h], [], [], [ 488#include <sys/types.h> 489]) 490 491# older BSDs need sys/param.h before sys/mount.h 492AC_CHECK_HEADERS([sys/mount.h], [], [], [ 493#include <sys/param.h> 494]) 495 496# Android requires sys/socket.h to be included before sys/un.h 497AC_CHECK_HEADERS([sys/un.h], [], [], [ 498#include <sys/types.h> 499#include <sys/socket.h> 500]) 501 502# Messages for features tested for in target-specific section 503SIA_MSG="no" 504SPC_MSG="no" 505SP_MSG="no" 506SPP_MSG="no" 507 508# Support for Solaris/Illumos privileges (this test is used by both 509# the --with-solaris-privs option and --with-sandbox=solaris). 510SOLARIS_PRIVS="no" 511 512# Check for some target-specific stuff 513case "$host" in 514*-*-aix*) 515 # Some versions of VAC won't allow macro redefinitions at 516 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 517 # particularly with older versions of vac or xlc. 518 # It also throws errors about null macro arguments, but these are 519 # not fatal. 520 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 521 AC_COMPILE_IFELSE( 522 [AC_LANG_PROGRAM([[ 523#define testmacro foo 524#define testmacro bar]], 525 [[ exit(0); ]])], 526 [ AC_MSG_RESULT([yes]) ], 527 [ AC_MSG_RESULT([no]) 528 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 529 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 530 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 531 ] 532 ) 533 534 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 535 if (test -z "$blibpath"); then 536 blibpath="/usr/lib:/lib" 537 fi 538 saved_LDFLAGS="$LDFLAGS" 539 if test "$GCC" = "yes"; then 540 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 541 else 542 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 543 fi 544 for tryflags in $flags ;do 545 if (test -z "$blibflags"); then 546 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 547 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 548 [blibflags=$tryflags], []) 549 fi 550 done 551 if (test -z "$blibflags"); then 552 AC_MSG_RESULT([not found]) 553 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 554 else 555 AC_MSG_RESULT([$blibflags]) 556 fi 557 LDFLAGS="$saved_LDFLAGS" 558 dnl Check for authenticate. Might be in libs.a on older AIXes 559 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 560 [Define if you want to enable AIX4's authenticate function])], 561 [AC_CHECK_LIB([s], [authenticate], 562 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 563 LIBS="$LIBS -ls" 564 ]) 565 ]) 566 dnl Check for various auth function declarations in headers. 567 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 568 passwdexpired, setauthdb], , , [#include <usersec.h>]) 569 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 570 AC_CHECK_DECLS([loginfailed], 571 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 572 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 573 [[ (void)loginfailed("user","host","tty",0); ]])], 574 [AC_MSG_RESULT([yes]) 575 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 576 [Define if your AIX loginfailed() function 577 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 578 ])], 579 [], 580 [#include <usersec.h>] 581 ) 582 AC_CHECK_FUNCS([getgrset setauthdb]) 583 AC_CHECK_DECL([F_CLOSEM], 584 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 585 [], 586 [ #include <limits.h> 587 #include <fcntl.h> ] 588 ) 589 check_for_aix_broken_getaddrinfo=1 590 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 591 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 592 [Define if your platform breaks doing a seteuid before a setuid]) 593 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 594 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 595 dnl AIX handles lastlog as part of its login message 596 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 597 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 598 [Some systems need a utmpx entry for /bin/login to work]) 599 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 600 [Define to a Set Process Title type if your system is 601 supported by bsd-setproctitle.c]) 602 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 603 [AIX 5.2 and 5.3 (and presumably newer) require this]) 604 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 605 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 606 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 607 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 608 ;; 609*-*-android*) 610 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 611 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 612 ;; 613*-*-cygwin*) 614 check_for_libcrypt_later=1 615 LIBS="$LIBS /usr/lib/textreadmode.o" 616 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 617 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 618 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 619 [Define to disable UID restoration test]) 620 AC_DEFINE([DISABLE_SHADOW], [1], 621 [Define if you want to disable shadow passwords]) 622 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 623 [Define if X11 doesn't support AF_UNIX sockets on that system]) 624 AC_DEFINE([DISABLE_FD_PASSING], [1], 625 [Define if your platform needs to skip post auth 626 file descriptor passing]) 627 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 628 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 629 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 630 # reasons which cause compile warnings, so we disable those warnings. 631 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 632 ;; 633*-*-dgux*) 634 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 635 [Define if your system choked on IP TOS setting]) 636 AC_DEFINE([SETEUID_BREAKS_SETUID]) 637 AC_DEFINE([BROKEN_SETREUID]) 638 AC_DEFINE([BROKEN_SETREGID]) 639 ;; 640*-*-darwin*) 641 use_pie=auto 642 AC_MSG_CHECKING([if we have working getaddrinfo]) 643 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 644main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 645 exit(0); 646 else 647 exit(1); 648} 649 ]])], 650 [AC_MSG_RESULT([working])], 651 [AC_MSG_RESULT([buggy]) 652 AC_DEFINE([BROKEN_GETADDRINFO], [1], 653 [getaddrinfo is broken (if present)]) 654 ], 655 [AC_MSG_RESULT([assume it is working])]) 656 AC_DEFINE([SETEUID_BREAKS_SETUID]) 657 AC_DEFINE([BROKEN_SETREUID]) 658 AC_DEFINE([BROKEN_SETREGID]) 659 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 660 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 661 [Define if your resolver libs need this for getrrsetbyname]) 662 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 663 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 664 [Use tunnel device compatibility to OpenBSD]) 665 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 666 [Prepend the address family to IP tunnel traffic]) 667 m4_pattern_allow([AU_IPv]) 668 AC_CHECK_DECL([AU_IPv4], [], 669 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 670 [#include <bsm/audit.h>] 671 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 672 [Define if pututxline updates lastlog too]) 673 ) 674 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 675 [Define to a Set Process Title type if your system is 676 supported by bsd-setproctitle.c]) 677 AC_CHECK_FUNCS([sandbox_init]) 678 AC_CHECK_HEADERS([sandbox.h]) 679 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 680 SSHDLIBS="$SSHDLIBS -lsandbox" 681 ]) 682 ;; 683*-*-dragonfly*) 684 SSHDLIBS="$SSHDLIBS -lcrypt" 685 TEST_MALLOC_OPTIONS="AFGJPRX" 686 ;; 687*-*-haiku*) 688 LIBS="$LIBS -lbsd " 689 AC_CHECK_LIB([network], [socket]) 690 AC_DEFINE([HAVE_U_INT64_T]) 691 MANTYPE=man 692 ;; 693*-*-hpux*) 694 # first we define all of the options common to all HP-UX releases 695 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 696 IPADDR_IN_DISPLAY=yes 697 AC_DEFINE([USE_PIPES]) 698 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 699 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 700 [String used in /etc/passwd to denote locked account]) 701 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 702 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 703 maildir="/var/mail" 704 LIBS="$LIBS -lsec" 705 AC_CHECK_LIB([xnet], [t_error], , 706 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 707 708 # next, we define all of the options specific to major releases 709 case "$host" in 710 *-*-hpux10*) 711 if test -z "$GCC"; then 712 CFLAGS="$CFLAGS -Ae" 713 fi 714 ;; 715 *-*-hpux11*) 716 AC_DEFINE([PAM_SUN_CODEBASE], [1], 717 [Define if you are using Solaris-derived PAM which 718 passes pam_messages to the conversation function 719 with an extra level of indirection]) 720 AC_DEFINE([DISABLE_UTMP], [1], 721 [Define if you don't want to use utmp]) 722 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 723 check_for_hpux_broken_getaddrinfo=1 724 check_for_conflicting_getspnam=1 725 ;; 726 esac 727 728 # lastly, we define options specific to minor releases 729 case "$host" in 730 *-*-hpux10.26) 731 AC_DEFINE([HAVE_SECUREWARE], [1], 732 [Define if you have SecureWare-based 733 protected password database]) 734 disable_ptmx_check=yes 735 LIBS="$LIBS -lsecpw" 736 ;; 737 esac 738 ;; 739*-*-irix5*) 740 PATH="$PATH:/usr/etc" 741 AC_DEFINE([BROKEN_INET_NTOA], [1], 742 [Define if you system's inet_ntoa is busted 743 (e.g. Irix gcc issue)]) 744 AC_DEFINE([SETEUID_BREAKS_SETUID]) 745 AC_DEFINE([BROKEN_SETREUID]) 746 AC_DEFINE([BROKEN_SETREGID]) 747 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 748 [Define if you shouldn't strip 'tty' from your 749 ttyname in [uw]tmp]) 750 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 751 ;; 752*-*-irix6*) 753 PATH="$PATH:/usr/etc" 754 AC_DEFINE([WITH_IRIX_ARRAY], [1], 755 [Define if you have/want arrays 756 (cluster-wide session management, not C arrays)]) 757 AC_DEFINE([WITH_IRIX_PROJECT], [1], 758 [Define if you want IRIX project management]) 759 AC_DEFINE([WITH_IRIX_AUDIT], [1], 760 [Define if you want IRIX audit trails]) 761 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 762 [Define if you want IRIX kernel jobs])]) 763 AC_DEFINE([BROKEN_INET_NTOA]) 764 AC_DEFINE([SETEUID_BREAKS_SETUID]) 765 AC_DEFINE([BROKEN_SETREUID]) 766 AC_DEFINE([BROKEN_SETREGID]) 767 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 768 AC_DEFINE([WITH_ABBREV_NO_TTY]) 769 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 770 ;; 771*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 772 check_for_libcrypt_later=1 773 AC_DEFINE([PAM_TTY_KLUDGE]) 774 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 775 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 776 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 777 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 778 ;; 779*-*-linux*) 780 no_dev_ptmx=1 781 use_pie=auto 782 check_for_libcrypt_later=1 783 check_for_openpty_ctty_bug=1 784 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 785 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 786 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 787 AC_DEFINE([PAM_TTY_KLUDGE], [1], 788 [Work around problematic Linux PAM modules handling of PAM_TTY]) 789 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 790 [String used in /etc/passwd to denote locked account]) 791 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 792 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 793 [Define to whatever link() returns for "not supported" 794 if it doesn't return EOPNOTSUPP.]) 795 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 796 AC_DEFINE([USE_BTMP]) 797 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 798 inet6_default_4in6=yes 799 case `uname -r` in 800 1.*|2.0.*) 801 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 802 [Define if cmsg_type is not passed correctly]) 803 ;; 804 esac 805 # tun(4) forwarding compat code 806 AC_CHECK_HEADERS([linux/if_tun.h]) 807 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 808 AC_DEFINE([SSH_TUN_LINUX], [1], 809 [Open tunnel devices the Linux tun/tap way]) 810 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 811 [Use tunnel device compatibility to OpenBSD]) 812 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 813 [Prepend the address family to IP tunnel traffic]) 814 fi 815 AC_CHECK_HEADER([linux/if.h], 816 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 817 [Support routing domains using Linux VRF]), [], [ 818#ifdef HAVE_SYS_TYPES_H 819# include <sys/types.H> 820#endif 821 ]) 822 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 823 [], [#include <linux/types.h>]) 824 # Obtain MIPS ABI 825 case "$host" in 826 mips*) 827 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 828#if _MIPS_SIM != _ABIO32 829#error 830#endif 831 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 832#if _MIPS_SIM != _ABIN32 833#error 834#endif 835 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 836#if _MIPS_SIM != _ABI64 837#error 838#endif 839 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 840 ]) 841 ]) 842 ]) 843 ;; 844 esac 845 AC_MSG_CHECKING([for seccomp architecture]) 846 seccomp_audit_arch= 847 case "$host" in 848 x86_64-*) 849 seccomp_audit_arch=AUDIT_ARCH_X86_64 850 ;; 851 i*86-*) 852 seccomp_audit_arch=AUDIT_ARCH_I386 853 ;; 854 arm*-*) 855 seccomp_audit_arch=AUDIT_ARCH_ARM 856 ;; 857 aarch64*-*) 858 seccomp_audit_arch=AUDIT_ARCH_AARCH64 859 ;; 860 s390x-*) 861 seccomp_audit_arch=AUDIT_ARCH_S390X 862 ;; 863 s390-*) 864 seccomp_audit_arch=AUDIT_ARCH_S390 865 ;; 866 powerpc64-*) 867 seccomp_audit_arch=AUDIT_ARCH_PPC64 868 ;; 869 powerpc64le-*) 870 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 871 ;; 872 mips-*) 873 seccomp_audit_arch=AUDIT_ARCH_MIPS 874 ;; 875 mipsel-*) 876 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 877 ;; 878 mips64-*) 879 case "$mips_abi" in 880 "n32") 881 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 882 ;; 883 "n64") 884 seccomp_audit_arch=AUDIT_ARCH_MIPS64 885 ;; 886 esac 887 ;; 888 mips64el-*) 889 case "$mips_abi" in 890 "n32") 891 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 892 ;; 893 "n64") 894 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 895 ;; 896 esac 897 ;; 898 esac 899 if test "x$seccomp_audit_arch" != "x" ; then 900 AC_MSG_RESULT(["$seccomp_audit_arch"]) 901 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 902 [Specify the system call convention in use]) 903 else 904 AC_MSG_RESULT([architecture not supported]) 905 fi 906 ;; 907mips-sony-bsd|mips-sony-newsos4) 908 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 909 SONY=1 910 ;; 911*-*-netbsd*) 912 check_for_libcrypt_before=1 913 if test "x$withval" != "xno" ; then 914 need_dash_r=1 915 fi 916 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 917 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 918 AC_CHECK_HEADER([net/if_tap.h], , 919 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 920 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 921 [Prepend the address family to IP tunnel traffic]) 922 TEST_MALLOC_OPTIONS="AJRX" 923 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 924 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 925 ;; 926*-*-freebsd*) 927 check_for_libcrypt_later=1 928 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 929 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 930 AC_CHECK_HEADER([net/if_tap.h], , 931 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 932 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 933 TEST_MALLOC_OPTIONS="AJRX" 934 # Preauth crypto occasionally uses file descriptors for crypto offload 935 # and will crash if they cannot be opened. 936 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 937 [define if setrlimit RLIMIT_NOFILE breaks things]) 938 ;; 939*-*-bsdi*) 940 AC_DEFINE([SETEUID_BREAKS_SETUID]) 941 AC_DEFINE([BROKEN_SETREUID]) 942 AC_DEFINE([BROKEN_SETREGID]) 943 ;; 944*-next-*) 945 conf_lastlog_location="/usr/adm/lastlog" 946 conf_utmp_location=/etc/utmp 947 conf_wtmp_location=/usr/adm/wtmp 948 maildir=/usr/spool/mail 949 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 950 AC_DEFINE([BROKEN_REALPATH]) 951 AC_DEFINE([USE_PIPES]) 952 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 953 ;; 954*-*-openbsd*) 955 use_pie=auto 956 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 957 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 958 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 959 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 960 [syslog_r function is safe to use in in a signal handler]) 961 TEST_MALLOC_OPTIONS="AFGJPRX" 962 ;; 963*-*-solaris*) 964 if test "x$withval" != "xno" ; then 965 need_dash_r=1 966 fi 967 AC_DEFINE([PAM_SUN_CODEBASE]) 968 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 969 AC_DEFINE([PAM_TTY_KLUDGE]) 970 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 971 [Define if pam_chauthtok wants real uid set 972 to the unpriv'ed user]) 973 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 974 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 975 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 976 [Define if sshd somehow reacquires a controlling TTY 977 after setsid()]) 978 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 979 in case the name is longer than 8 chars]) 980 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 981 external_path_file=/etc/default/login 982 # hardwire lastlog location (can't detect it on some versions) 983 conf_lastlog_location="/var/adm/lastlog" 984 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 985 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 986 if test "$sol2ver" -ge 8; then 987 AC_MSG_RESULT([yes]) 988 AC_DEFINE([DISABLE_UTMP]) 989 AC_DEFINE([DISABLE_WTMP], [1], 990 [Define if you don't want to use wtmp]) 991 else 992 AC_MSG_RESULT([no]) 993 fi 994 AC_CHECK_FUNCS([setpflags]) 995 AC_CHECK_FUNCS([setppriv]) 996 AC_CHECK_FUNCS([priv_basicset]) 997 AC_CHECK_HEADERS([priv.h]) 998 AC_ARG_WITH([solaris-contracts], 999 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1000 [ 1001 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1002 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1003 [Define if you have Solaris process contracts]) 1004 LIBS="$LIBS -lcontract" 1005 SPC_MSG="yes" ], ) 1006 ], 1007 ) 1008 AC_ARG_WITH([solaris-projects], 1009 [ --with-solaris-projects Enable Solaris projects (experimental)], 1010 [ 1011 AC_CHECK_LIB([project], [setproject], 1012 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1013 [Define if you have Solaris projects]) 1014 LIBS="$LIBS -lproject" 1015 SP_MSG="yes" ], ) 1016 ], 1017 ) 1018 AC_ARG_WITH([solaris-privs], 1019 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1020 [ 1021 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1022 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1023 "x$ac_cv_header_priv_h" = "xyes" ; then 1024 SOLARIS_PRIVS=yes 1025 AC_MSG_RESULT([found]) 1026 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1027 [Define to disable UID restoration test]) 1028 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1029 [Define if you have Solaris privileges]) 1030 SPP_MSG="yes" 1031 else 1032 AC_MSG_RESULT([not found]) 1033 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1034 fi 1035 ], 1036 ) 1037 TEST_SHELL=$SHELL # let configure find us a capable shell 1038 ;; 1039*-*-sunos4*) 1040 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1041 AC_CHECK_FUNCS([getpwanam]) 1042 AC_DEFINE([PAM_SUN_CODEBASE]) 1043 conf_utmp_location=/etc/utmp 1044 conf_wtmp_location=/var/adm/wtmp 1045 conf_lastlog_location=/var/adm/lastlog 1046 AC_DEFINE([USE_PIPES]) 1047 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1048 ;; 1049*-ncr-sysv*) 1050 LIBS="$LIBS -lc89" 1051 AC_DEFINE([USE_PIPES]) 1052 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1053 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1054 AC_DEFINE([BROKEN_SETREUID]) 1055 AC_DEFINE([BROKEN_SETREGID]) 1056 ;; 1057*-sni-sysv*) 1058 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1059 AC_CHECK_LIB([dl], [dlsym], ,) 1060 # -lresolv needs to be at the end of LIBS or DNS lookups break 1061 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1062 IPADDR_IN_DISPLAY=yes 1063 AC_DEFINE([USE_PIPES]) 1064 AC_DEFINE([IP_TOS_IS_BROKEN]) 1065 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1066 AC_DEFINE([BROKEN_SETREUID]) 1067 AC_DEFINE([BROKEN_SETREGID]) 1068 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1069 external_path_file=/etc/default/login 1070 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1071 # Attention: always take care to bind libsocket and libnsl before libc, 1072 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1073 ;; 1074# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1075*-*-sysv4.2*) 1076 AC_DEFINE([USE_PIPES]) 1077 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1078 AC_DEFINE([BROKEN_SETREUID]) 1079 AC_DEFINE([BROKEN_SETREGID]) 1080 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1081 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1082 TEST_SHELL=$SHELL # let configure find us a capable shell 1083 ;; 1084# UnixWare 7.x, OpenUNIX 8 1085*-*-sysv5*) 1086 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1087 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1088 AC_DEFINE([USE_PIPES]) 1089 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1090 AC_DEFINE([BROKEN_GETADDRINFO]) 1091 AC_DEFINE([BROKEN_SETREUID]) 1092 AC_DEFINE([BROKEN_SETREGID]) 1093 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1094 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1095 TEST_SHELL=$SHELL # let configure find us a capable shell 1096 check_for_libcrypt_later=1 1097 case "$host" in 1098 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1099 maildir=/var/spool/mail 1100 AC_DEFINE([BROKEN_UPDWTMPX]) 1101 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1102 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1103 ], , ) 1104 ;; 1105 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1106 ;; 1107 esac 1108 ;; 1109*-*-sysv*) 1110 ;; 1111# SCO UNIX and OEM versions of SCO UNIX 1112*-*-sco3.2v4*) 1113 AC_MSG_ERROR("This Platform is no longer supported.") 1114 ;; 1115# SCO OpenServer 5.x 1116*-*-sco3.2v5*) 1117 if test -z "$GCC"; then 1118 CFLAGS="$CFLAGS -belf" 1119 fi 1120 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1121 no_dev_ptmx=1 1122 AC_DEFINE([USE_PIPES]) 1123 AC_DEFINE([HAVE_SECUREWARE]) 1124 AC_DEFINE([DISABLE_SHADOW]) 1125 AC_DEFINE([DISABLE_FD_PASSING]) 1126 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1127 AC_DEFINE([BROKEN_GETADDRINFO]) 1128 AC_DEFINE([BROKEN_SETREUID]) 1129 AC_DEFINE([BROKEN_SETREGID]) 1130 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1131 AC_DEFINE([BROKEN_UPDWTMPX]) 1132 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1133 AC_CHECK_FUNCS([getluid setluid]) 1134 MANTYPE=man 1135 TEST_SHELL=$SHELL # let configure find us a capable shell 1136 SKIP_DISABLE_LASTLOG_DEFINE=yes 1137 ;; 1138*-dec-osf*) 1139 AC_MSG_CHECKING([for Digital Unix SIA]) 1140 no_osfsia="" 1141 AC_ARG_WITH([osfsia], 1142 [ --with-osfsia Enable Digital Unix SIA], 1143 [ 1144 if test "x$withval" = "xno" ; then 1145 AC_MSG_RESULT([disabled]) 1146 no_osfsia=1 1147 fi 1148 ], 1149 ) 1150 if test -z "$no_osfsia" ; then 1151 if test -f /etc/sia/matrix.conf; then 1152 AC_MSG_RESULT([yes]) 1153 AC_DEFINE([HAVE_OSF_SIA], [1], 1154 [Define if you have Digital Unix Security 1155 Integration Architecture]) 1156 AC_DEFINE([DISABLE_LOGIN], [1], 1157 [Define if you don't want to use your 1158 system's login() call]) 1159 AC_DEFINE([DISABLE_FD_PASSING]) 1160 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1161 SIA_MSG="yes" 1162 else 1163 AC_MSG_RESULT([no]) 1164 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1165 [String used in /etc/passwd to denote locked account]) 1166 fi 1167 fi 1168 AC_DEFINE([BROKEN_GETADDRINFO]) 1169 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1170 AC_DEFINE([BROKEN_SETREUID]) 1171 AC_DEFINE([BROKEN_SETREGID]) 1172 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1173 ;; 1174 1175*-*-nto-qnx*) 1176 AC_DEFINE([USE_PIPES]) 1177 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1178 AC_DEFINE([DISABLE_LASTLOG]) 1179 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1180 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1181 enable_etc_default_login=no # has incompatible /etc/default/login 1182 case "$host" in 1183 *-*-nto-qnx6*) 1184 AC_DEFINE([DISABLE_FD_PASSING]) 1185 ;; 1186 esac 1187 ;; 1188 1189*-*-ultrix*) 1190 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1191 AC_DEFINE([NEED_SETPGRP]) 1192 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1193 ;; 1194 1195*-*-lynxos) 1196 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1197 AC_DEFINE([BROKEN_SETVBUF], [1], 1198 [LynxOS has broken setvbuf() implementation]) 1199 ;; 1200esac 1201 1202AC_MSG_CHECKING([compiler and flags for sanity]) 1203AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1204 [ AC_MSG_RESULT([yes]) ], 1205 [ 1206 AC_MSG_RESULT([no]) 1207 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1208 ], 1209 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1210) 1211 1212dnl Checks for header files. 1213# Checks for libraries. 1214AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1215 1216dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1217AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1218 AC_CHECK_LIB([gen], [dirname], [ 1219 AC_CACHE_CHECK([for broken dirname], 1220 ac_cv_have_broken_dirname, [ 1221 save_LIBS="$LIBS" 1222 LIBS="$LIBS -lgen" 1223 AC_RUN_IFELSE( 1224 [AC_LANG_SOURCE([[ 1225#include <libgen.h> 1226#include <string.h> 1227 1228int main(int argc, char **argv) { 1229 char *s, buf[32]; 1230 1231 strncpy(buf,"/etc", 32); 1232 s = dirname(buf); 1233 if (!s || strncmp(s, "/", 32) != 0) { 1234 exit(1); 1235 } else { 1236 exit(0); 1237 } 1238} 1239 ]])], 1240 [ ac_cv_have_broken_dirname="no" ], 1241 [ ac_cv_have_broken_dirname="yes" ], 1242 [ ac_cv_have_broken_dirname="no" ], 1243 ) 1244 LIBS="$save_LIBS" 1245 ]) 1246 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1247 LIBS="$LIBS -lgen" 1248 AC_DEFINE([HAVE_DIRNAME]) 1249 AC_CHECK_HEADERS([libgen.h]) 1250 fi 1251 ]) 1252]) 1253 1254AC_CHECK_FUNC([getspnam], , 1255 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1256AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1257 [Define if you have the basename function.])]) 1258 1259dnl zlib is required 1260AC_ARG_WITH([zlib], 1261 [ --with-zlib=PATH Use zlib in PATH], 1262 [ if test "x$withval" = "xno" ; then 1263 AC_MSG_ERROR([*** zlib is required ***]) 1264 elif test "x$withval" != "xyes"; then 1265 if test -d "$withval/lib"; then 1266 if test -n "${need_dash_r}"; then 1267 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1268 else 1269 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1270 fi 1271 else 1272 if test -n "${need_dash_r}"; then 1273 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1274 else 1275 LDFLAGS="-L${withval} ${LDFLAGS}" 1276 fi 1277 fi 1278 if test -d "$withval/include"; then 1279 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1280 else 1281 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1282 fi 1283 fi ] 1284) 1285 1286AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1287AC_CHECK_LIB([z], [deflate], , 1288 [ 1289 saved_CPPFLAGS="$CPPFLAGS" 1290 saved_LDFLAGS="$LDFLAGS" 1291 save_LIBS="$LIBS" 1292 dnl Check default zlib install dir 1293 if test -n "${need_dash_r}"; then 1294 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1295 else 1296 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1297 fi 1298 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1299 LIBS="$LIBS -lz" 1300 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1301 [ 1302 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1303 ] 1304 ) 1305 ] 1306) 1307 1308AC_ARG_WITH([zlib-version-check], 1309 [ --without-zlib-version-check Disable zlib version check], 1310 [ if test "x$withval" = "xno" ; then 1311 zlib_check_nonfatal=1 1312 fi 1313 ] 1314) 1315 1316AC_MSG_CHECKING([for possibly buggy zlib]) 1317AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1318#include <stdio.h> 1319#include <stdlib.h> 1320#include <zlib.h> 1321 ]], 1322 [[ 1323 int a=0, b=0, c=0, d=0, n, v; 1324 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1325 if (n != 3 && n != 4) 1326 exit(1); 1327 v = a*1000000 + b*10000 + c*100 + d; 1328 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1329 1330 /* 1.1.4 is OK */ 1331 if (a == 1 && b == 1 && c >= 4) 1332 exit(0); 1333 1334 /* 1.2.3 and up are OK */ 1335 if (v >= 1020300) 1336 exit(0); 1337 1338 exit(2); 1339 ]])], 1340 AC_MSG_RESULT([no]), 1341 [ AC_MSG_RESULT([yes]) 1342 if test -z "$zlib_check_nonfatal" ; then 1343 AC_MSG_ERROR([*** zlib too old - check config.log *** 1344Your reported zlib version has known security problems. It's possible your 1345vendor has fixed these problems without changing the version number. If you 1346are sure this is the case, you can disable the check by running 1347"./configure --without-zlib-version-check". 1348If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1349See http://www.gzip.org/zlib/ for details.]) 1350 else 1351 AC_MSG_WARN([zlib version may have security problems]) 1352 fi 1353 ], 1354 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1355) 1356 1357dnl UnixWare 2.x 1358AC_CHECK_FUNC([strcasecmp], 1359 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1360) 1361AC_CHECK_FUNCS([utimes], 1362 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1363 LIBS="$LIBS -lc89"]) ] 1364) 1365 1366dnl Checks for libutil functions 1367AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1368AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1369AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1370AC_SEARCH_LIBS([login], [util bsd]) 1371AC_SEARCH_LIBS([logout], [util bsd]) 1372AC_SEARCH_LIBS([logwtmp], [util bsd]) 1373AC_SEARCH_LIBS([openpty], [util bsd]) 1374AC_SEARCH_LIBS([updwtmp], [util bsd]) 1375AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1376 1377# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1378# or libnsl. 1379AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1380AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1381 1382# "Particular Function Checks" 1383# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1384AC_FUNC_STRFTIME 1385AC_FUNC_MALLOC 1386AC_FUNC_REALLOC 1387# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1388AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1389AC_RUN_IFELSE( 1390 [AC_LANG_PROGRAM( 1391 [[ #include <stdlib.h> ]], 1392 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1393 )], 1394 [ func_calloc_0_nonnull=yes ], 1395 [ func_calloc_0_nonnull=no ], 1396 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1397 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1398) 1399AC_MSG_RESULT([$func_calloc_0_nonnull]) 1400 1401if test "x$func_calloc_0_nonnull" = "xyes"; then 1402 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1403else 1404 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1405 AC_DEFINE(calloc, rpl_calloc, 1406 [Define to rpl_calloc if the replacement function should be used.]) 1407fi 1408 1409# Check for ALTDIRFUNC glob() extension 1410AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1411AC_EGREP_CPP([FOUNDIT], 1412 [ 1413 #include <glob.h> 1414 #ifdef GLOB_ALTDIRFUNC 1415 FOUNDIT 1416 #endif 1417 ], 1418 [ 1419 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1420 [Define if your system glob() function has 1421 the GLOB_ALTDIRFUNC extension]) 1422 AC_MSG_RESULT([yes]) 1423 ], 1424 [ 1425 AC_MSG_RESULT([no]) 1426 ] 1427) 1428 1429# Check for g.gl_matchc glob() extension 1430AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1431AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1432 [[ glob_t g; g.gl_matchc = 1; ]])], 1433 [ 1434 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1435 [Define if your system glob() function has 1436 gl_matchc options in glob_t]) 1437 AC_MSG_RESULT([yes]) 1438 ], [ 1439 AC_MSG_RESULT([no]) 1440]) 1441 1442# Check for g.gl_statv glob() extension 1443AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1444AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1445#ifndef GLOB_KEEPSTAT 1446#error "glob does not support GLOB_KEEPSTAT extension" 1447#endif 1448glob_t g; 1449g.gl_statv = NULL; 1450]])], 1451 [ 1452 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1453 [Define if your system glob() function has 1454 gl_statv options in glob_t]) 1455 AC_MSG_RESULT([yes]) 1456 ], [ 1457 AC_MSG_RESULT([no]) 1458 1459]) 1460 1461AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1462 1463AC_CHECK_DECL([VIS_ALL], , 1464 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1465 1466AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1467AC_RUN_IFELSE( 1468 [AC_LANG_PROGRAM([[ 1469#include <sys/types.h> 1470#include <dirent.h>]], 1471 [[ 1472 struct dirent d; 1473 exit(sizeof(d.d_name)<=sizeof(char)); 1474 ]])], 1475 [AC_MSG_RESULT([yes])], 1476 [ 1477 AC_MSG_RESULT([no]) 1478 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1479 [Define if your struct dirent expects you to 1480 allocate extra space for d_name]) 1481 ], 1482 [ 1483 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1484 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1485 ] 1486) 1487 1488AC_MSG_CHECKING([for /proc/pid/fd directory]) 1489if test -d "/proc/$$/fd" ; then 1490 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1491 AC_MSG_RESULT([yes]) 1492else 1493 AC_MSG_RESULT([no]) 1494fi 1495 1496# Check whether user wants TCP wrappers support 1497TCPW_MSG="no" 1498AC_ARG_WITH([tcp-wrappers], 1499 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1500 [ 1501 if test "x$withval" != "xno" ; then 1502 saved_LIBS="$LIBS" 1503 saved_LDFLAGS="$LDFLAGS" 1504 saved_CPPFLAGS="$CPPFLAGS" 1505 if test -n "${withval}" && \ 1506 test "x${withval}" != "xyes"; then 1507 if test -d "${withval}/lib"; then 1508 if test -n "${need_dash_r}"; then 1509 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1510 else 1511 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1512 fi 1513 else 1514 if test -n "${need_dash_r}"; then 1515 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1516 else 1517 LDFLAGS="-L${withval} ${LDFLAGS}" 1518 fi 1519 fi 1520 if test -d "${withval}/include"; then 1521 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1522 else 1523 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1524 fi 1525 fi 1526 LIBS="-lwrap $LIBS" 1527 AC_MSG_CHECKING([for libwrap]) 1528 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1529#include <sys/types.h> 1530#include <sys/socket.h> 1531#include <netinet/in.h> 1532#include <tcpd.h> 1533int deny_severity = 0, allow_severity = 0; 1534 ]], [[ 1535 hosts_access(0); 1536 ]])], [ 1537 AC_MSG_RESULT([yes]) 1538 AC_DEFINE([LIBWRAP], [1], 1539 [Define if you want 1540 TCP Wrappers support]) 1541 SSHDLIBS="$SSHDLIBS -lwrap" 1542 TCPW_MSG="yes" 1543 ], [ 1544 AC_MSG_ERROR([*** libwrap missing]) 1545 ]) 1546 LIBS="$saved_LIBS" 1547 fi 1548 ] 1549) 1550 1551# Check whether user wants to use ldns 1552LDNS_MSG="no" 1553AC_ARG_WITH(ldns, 1554 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1555 [ 1556 ldns="" 1557 if test "x$withval" = "xyes" ; then 1558 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1559 if test "x$LDNSCONFIG" = "xno"; then 1560 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1561 LDFLAGS="$LDFLAGS -L${withval}/lib" 1562 LIBS="-lldns $LIBS" 1563 ldns=yes 1564 else 1565 LIBS="$LIBS `$LDNSCONFIG --libs`" 1566 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1567 ldns=yes 1568 fi 1569 elif test "x$withval" != "xno" ; then 1570 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1571 LDFLAGS="$LDFLAGS -L${withval}/lib" 1572 LIBS="-lldns $LIBS" 1573 ldns=yes 1574 fi 1575 1576 # Verify that it works. 1577 if test "x$ldns" = "xyes" ; then 1578 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1579 LDNS_MSG="yes" 1580 AC_MSG_CHECKING([for ldns support]) 1581 AC_LINK_IFELSE( 1582 [AC_LANG_SOURCE([[ 1583#include <stdio.h> 1584#include <stdlib.h> 1585#include <stdint.h> 1586#include <ldns/ldns.h> 1587int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1588 ]]) 1589 ], 1590 [AC_MSG_RESULT(yes)], 1591 [ 1592 AC_MSG_RESULT(no) 1593 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1594 ]) 1595 fi 1596]) 1597 1598# Check whether user wants libedit support 1599LIBEDIT_MSG="no" 1600AC_ARG_WITH([libedit], 1601 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1602 [ if test "x$withval" != "xno" ; then 1603 if test "x$withval" = "xyes" ; then 1604 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1605 if test "x$PKGCONFIG" != "xno"; then 1606 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1607 if "$PKGCONFIG" libedit; then 1608 AC_MSG_RESULT([yes]) 1609 use_pkgconfig_for_libedit=yes 1610 else 1611 AC_MSG_RESULT([no]) 1612 fi 1613 fi 1614 else 1615 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1616 if test -n "${need_dash_r}"; then 1617 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1618 else 1619 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1620 fi 1621 fi 1622 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1623 LIBEDIT=`$PKGCONFIG --libs libedit` 1624 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1625 else 1626 LIBEDIT="-ledit -lcurses" 1627 fi 1628 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1629 AC_CHECK_LIB([edit], [el_init], 1630 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1631 LIBEDIT_MSG="yes" 1632 AC_SUBST([LIBEDIT]) 1633 ], 1634 [ AC_MSG_ERROR([libedit not found]) ], 1635 [ $OTHERLIBS ] 1636 ) 1637 AC_MSG_CHECKING([if libedit version is compatible]) 1638 AC_COMPILE_IFELSE( 1639 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1640 [[ 1641 int i = H_SETSIZE; 1642 el_init("", NULL, NULL, NULL); 1643 exit(0); 1644 ]])], 1645 [ AC_MSG_RESULT([yes]) ], 1646 [ AC_MSG_RESULT([no]) 1647 AC_MSG_ERROR([libedit version is not compatible]) ] 1648 ) 1649 fi ] 1650) 1651 1652AUDIT_MODULE=none 1653AC_ARG_WITH([audit], 1654 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1655 [ 1656 AC_MSG_CHECKING([for supported audit module]) 1657 case "$withval" in 1658 bsm) 1659 AC_MSG_RESULT([bsm]) 1660 AUDIT_MODULE=bsm 1661 dnl Checks for headers, libs and functions 1662 AC_CHECK_HEADERS([bsm/audit.h], [], 1663 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1664 [ 1665#ifdef HAVE_TIME_H 1666# include <time.h> 1667#endif 1668 ] 1669) 1670 AC_CHECK_LIB([bsm], [getaudit], [], 1671 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1672 AC_CHECK_FUNCS([getaudit], [], 1673 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1674 # These are optional 1675 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1676 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1677 if test "$sol2ver" -ge 11; then 1678 SSHDLIBS="$SSHDLIBS -lscf" 1679 AC_DEFINE([BROKEN_BSM_API], [1], 1680 [The system has incomplete BSM API]) 1681 fi 1682 ;; 1683 linux) 1684 AC_MSG_RESULT([linux]) 1685 AUDIT_MODULE=linux 1686 dnl Checks for headers, libs and functions 1687 AC_CHECK_HEADERS([libaudit.h]) 1688 SSHDLIBS="$SSHDLIBS -laudit" 1689 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1690 ;; 1691 debug) 1692 AUDIT_MODULE=debug 1693 AC_MSG_RESULT([debug]) 1694 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1695 ;; 1696 no) 1697 AC_MSG_RESULT([no]) 1698 ;; 1699 *) 1700 AC_MSG_ERROR([Unknown audit module $withval]) 1701 ;; 1702 esac ] 1703) 1704 1705AC_ARG_WITH([pie], 1706 [ --with-pie Build Position Independent Executables if possible], [ 1707 if test "x$withval" = "xno"; then 1708 use_pie=no 1709 fi 1710 if test "x$withval" = "xyes"; then 1711 use_pie=yes 1712 fi 1713 ] 1714) 1715if test "x$use_pie" = "x"; then 1716 use_pie=no 1717fi 1718if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1719 # Turn off automatic PIE when toolchain hardening is off. 1720 use_pie=no 1721fi 1722if test "x$use_pie" = "xauto"; then 1723 # Automatic PIE requires gcc >= 4.x 1724 AC_MSG_CHECKING([for gcc >= 4.x]) 1725 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1726#if !defined(__GNUC__) || __GNUC__ < 4 1727#error gcc is too old 1728#endif 1729]])], 1730 [ AC_MSG_RESULT([yes]) ], 1731 [ AC_MSG_RESULT([no]) 1732 use_pie=no ] 1733) 1734fi 1735if test "x$use_pie" != "xno"; then 1736 SAVED_CFLAGS="$CFLAGS" 1737 SAVED_LDFLAGS="$LDFLAGS" 1738 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1739 OSSH_CHECK_LDFLAG_LINK([-pie]) 1740 # We use both -fPIE and -pie or neither. 1741 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1742 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1743 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1744 AC_MSG_RESULT([yes]) 1745 else 1746 AC_MSG_RESULT([no]) 1747 CFLAGS="$SAVED_CFLAGS" 1748 LDFLAGS="$SAVED_LDFLAGS" 1749 fi 1750fi 1751 1752dnl Checks for library functions. Please keep in alphabetical order 1753AC_CHECK_FUNCS([ \ 1754 Blowfish_initstate \ 1755 Blowfish_expandstate \ 1756 Blowfish_expand0state \ 1757 Blowfish_stream2word \ 1758 asprintf \ 1759 b64_ntop \ 1760 __b64_ntop \ 1761 b64_pton \ 1762 __b64_pton \ 1763 bcopy \ 1764 bcrypt_pbkdf \ 1765 bindresvport_sa \ 1766 blf_enc \ 1767 bzero \ 1768 cap_rights_limit \ 1769 clock \ 1770 closefrom \ 1771 dirfd \ 1772 endgrent \ 1773 err \ 1774 errx \ 1775 explicit_bzero \ 1776 fchmod \ 1777 fchown \ 1778 flock \ 1779 freeaddrinfo \ 1780 freezero \ 1781 fstatfs \ 1782 fstatvfs \ 1783 futimes \ 1784 getaddrinfo \ 1785 getcwd \ 1786 getgrouplist \ 1787 getline \ 1788 getnameinfo \ 1789 getopt \ 1790 getpagesize \ 1791 getpeereid \ 1792 getpeerucred \ 1793 getpgid \ 1794 _getpty \ 1795 getrlimit \ 1796 getrandom \ 1797 getsid \ 1798 getttyent \ 1799 glob \ 1800 group_from_gid \ 1801 inet_aton \ 1802 inet_ntoa \ 1803 inet_ntop \ 1804 innetgr \ 1805 llabs \ 1806 login_getcapbool \ 1807 md5_crypt \ 1808 memmove \ 1809 memset_s \ 1810 mkdtemp \ 1811 ngetaddrinfo \ 1812 nsleep \ 1813 ogetaddrinfo \ 1814 openlog_r \ 1815 pledge \ 1816 poll \ 1817 prctl \ 1818 pstat \ 1819 raise \ 1820 readpassphrase \ 1821 reallocarray \ 1822 recvmsg \ 1823 recallocarray \ 1824 rresvport_af \ 1825 sendmsg \ 1826 setdtablesize \ 1827 setegid \ 1828 setenv \ 1829 seteuid \ 1830 setgroupent \ 1831 setgroups \ 1832 setlinebuf \ 1833 setlogin \ 1834 setpassent\ 1835 setpcred \ 1836 setproctitle \ 1837 setregid \ 1838 setreuid \ 1839 setrlimit \ 1840 setsid \ 1841 setvbuf \ 1842 sigaction \ 1843 sigvec \ 1844 snprintf \ 1845 socketpair \ 1846 statfs \ 1847 statvfs \ 1848 strcasestr \ 1849 strdup \ 1850 strerror \ 1851 strlcat \ 1852 strlcpy \ 1853 strmode \ 1854 strndup \ 1855 strnlen \ 1856 strnvis \ 1857 strptime \ 1858 strsignal \ 1859 strtonum \ 1860 strtoll \ 1861 strtoul \ 1862 strtoull \ 1863 swap32 \ 1864 sysconf \ 1865 tcgetpgrp \ 1866 timingsafe_bcmp \ 1867 truncate \ 1868 unsetenv \ 1869 updwtmpx \ 1870 user_from_uid \ 1871 usleep \ 1872 vasprintf \ 1873 vsnprintf \ 1874 waitpid \ 1875 warn \ 1876]) 1877 1878AC_CHECK_DECLS([bzero]) 1879 1880dnl Wide character support. 1881AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1882 1883TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1884AC_MSG_CHECKING([for utf8 locale support]) 1885AC_RUN_IFELSE( 1886 [AC_LANG_PROGRAM([[ 1887#include <locale.h> 1888#include <stdlib.h> 1889 ]], [[ 1890 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1891 if (loc != NULL) 1892 exit(0); 1893 exit(1); 1894 ]])], 1895 AC_MSG_RESULT(yes), 1896 [AC_MSG_RESULT(no) 1897 TEST_SSH_UTF8=no], 1898 AC_MSG_WARN([cross compiling: assuming yes]) 1899) 1900 1901AC_LINK_IFELSE( 1902 [AC_LANG_PROGRAM( 1903 [[ #include <ctype.h> ]], 1904 [[ return (isblank('a')); ]])], 1905 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1906]) 1907 1908disable_pkcs11= 1909AC_ARG_ENABLE([pkcs11], 1910 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1911 [ 1912 if test "x$enableval" = "xno" ; then 1913 disable_pkcs11=1 1914 fi 1915 ] 1916) 1917 1918# PKCS11 depends on OpenSSL. 1919if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 1920 # PKCS#11 support requires dlopen() and co 1921 AC_SEARCH_LIBS([dlopen], [dl], 1922 AC_CHECK_DECL([RTLD_NOW], 1923 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]), 1924 [], [#include <dlfcn.h>] 1925 ) 1926 ) 1927fi 1928 1929# IRIX has a const char return value for gai_strerror() 1930AC_CHECK_FUNCS([gai_strerror], [ 1931 AC_DEFINE([HAVE_GAI_STRERROR]) 1932 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1933#include <sys/types.h> 1934#include <sys/socket.h> 1935#include <netdb.h> 1936 1937const char *gai_strerror(int); 1938 ]], [[ 1939 char *str; 1940 str = gai_strerror(0); 1941 ]])], [ 1942 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1943 [Define if gai_strerror() returns const char *])], [])]) 1944 1945AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1946 [Some systems put nanosleep outside of libc])]) 1947 1948AC_SEARCH_LIBS([clock_gettime], [rt], 1949 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1950 1951dnl Make sure prototypes are defined for these before using them. 1952AC_CHECK_DECL([strsep], 1953 [AC_CHECK_FUNCS([strsep])], 1954 [], 1955 [ 1956#ifdef HAVE_STRING_H 1957# include <string.h> 1958#endif 1959 ]) 1960 1961dnl tcsendbreak might be a macro 1962AC_CHECK_DECL([tcsendbreak], 1963 [AC_DEFINE([HAVE_TCSENDBREAK])], 1964 [AC_CHECK_FUNCS([tcsendbreak])], 1965 [#include <termios.h>] 1966) 1967 1968AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1969 1970AC_CHECK_DECLS([SHUT_RD], , , 1971 [ 1972#include <sys/types.h> 1973#include <sys/socket.h> 1974 ]) 1975 1976AC_CHECK_DECLS([O_NONBLOCK], , , 1977 [ 1978#include <sys/types.h> 1979#ifdef HAVE_SYS_STAT_H 1980# include <sys/stat.h> 1981#endif 1982#ifdef HAVE_FCNTL_H 1983# include <fcntl.h> 1984#endif 1985 ]) 1986 1987AC_CHECK_DECLS([readv, writev], , , [ 1988#include <sys/types.h> 1989#include <sys/uio.h> 1990#include <unistd.h> 1991 ]) 1992 1993AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1994#include <sys/param.h> 1995 ]) 1996 1997AC_CHECK_DECLS([offsetof], , , [ 1998#include <stddef.h> 1999 ]) 2000 2001# extra bits for select(2) 2002AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2003#include <sys/param.h> 2004#include <sys/types.h> 2005#ifdef HAVE_SYS_SYSMACROS_H 2006#include <sys/sysmacros.h> 2007#endif 2008#ifdef HAVE_SYS_SELECT_H 2009#include <sys/select.h> 2010#endif 2011#ifdef HAVE_SYS_TIME_H 2012#include <sys/time.h> 2013#endif 2014#ifdef HAVE_UNISTD_H 2015#include <unistd.h> 2016#endif 2017 ]]) 2018AC_CHECK_TYPES([fd_mask], [], [], [[ 2019#include <sys/param.h> 2020#include <sys/types.h> 2021#ifdef HAVE_SYS_SELECT_H 2022#include <sys/select.h> 2023#endif 2024#ifdef HAVE_SYS_TIME_H 2025#include <sys/time.h> 2026#endif 2027#ifdef HAVE_UNISTD_H 2028#include <unistd.h> 2029#endif 2030 ]]) 2031 2032AC_CHECK_FUNCS([setresuid], [ 2033 dnl Some platorms have setresuid that isn't implemented, test for this 2034 AC_MSG_CHECKING([if setresuid seems to work]) 2035 AC_RUN_IFELSE( 2036 [AC_LANG_PROGRAM([[ 2037#include <stdlib.h> 2038#include <errno.h> 2039 ]], [[ 2040 errno=0; 2041 setresuid(0,0,0); 2042 if (errno==ENOSYS) 2043 exit(1); 2044 else 2045 exit(0); 2046 ]])], 2047 [AC_MSG_RESULT([yes])], 2048 [AC_DEFINE([BROKEN_SETRESUID], [1], 2049 [Define if your setresuid() is broken]) 2050 AC_MSG_RESULT([not implemented])], 2051 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2052 ) 2053]) 2054 2055AC_CHECK_FUNCS([setresgid], [ 2056 dnl Some platorms have setresgid that isn't implemented, test for this 2057 AC_MSG_CHECKING([if setresgid seems to work]) 2058 AC_RUN_IFELSE( 2059 [AC_LANG_PROGRAM([[ 2060#include <stdlib.h> 2061#include <errno.h> 2062 ]], [[ 2063 errno=0; 2064 setresgid(0,0,0); 2065 if (errno==ENOSYS) 2066 exit(1); 2067 else 2068 exit(0); 2069 ]])], 2070 [AC_MSG_RESULT([yes])], 2071 [AC_DEFINE([BROKEN_SETRESGID], [1], 2072 [Define if your setresgid() is broken]) 2073 AC_MSG_RESULT([not implemented])], 2074 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2075 ) 2076]) 2077 2078AC_CHECK_FUNCS([realpath], [ 2079 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 2080 dnl path name", however some implementations of realpath (and some 2081 dnl versions of the POSIX spec) do not work on non-existent files, 2082 dnl so we use the OpenBSD implementation on those platforms. 2083 AC_MSG_CHECKING([if realpath works with non-existent files]) 2084 AC_RUN_IFELSE( 2085 [AC_LANG_PROGRAM([[ 2086#include <limits.h> 2087#include <stdlib.h> 2088#include <errno.h> 2089 ]], [[ 2090 char buf[PATH_MAX]; 2091 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 2092 if (errno == ENOENT) 2093 exit(1); 2094 exit(0); 2095 ]])], 2096 [AC_MSG_RESULT([yes])], 2097 [AC_DEFINE([BROKEN_REALPATH], [1], 2098 [realpath does not work with nonexistent files]) 2099 AC_MSG_RESULT([no])], 2100 [AC_MSG_WARN([cross compiling: assuming working])] 2101 ) 2102]) 2103 2104AC_MSG_CHECKING([for working fflush(NULL)]) 2105AC_RUN_IFELSE( 2106 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2107 AC_MSG_RESULT([yes]), 2108 [AC_MSG_RESULT([no]) 2109 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2110 [define if fflush(NULL) does not work])], 2111 AC_MSG_WARN([cross compiling: assuming working]) 2112) 2113 2114dnl Checks for time functions 2115AC_CHECK_FUNCS([gettimeofday time]) 2116dnl Checks for utmp functions 2117AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2118AC_CHECK_FUNCS([utmpname]) 2119dnl Checks for utmpx functions 2120AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2121AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2122dnl Checks for lastlog functions 2123AC_CHECK_FUNCS([getlastlogxbyname]) 2124 2125AC_CHECK_FUNC([daemon], 2126 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2127 [AC_CHECK_LIB([bsd], [daemon], 2128 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2129) 2130 2131AC_CHECK_FUNC([getpagesize], 2132 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2133 [Define if your libraries define getpagesize()])], 2134 [AC_CHECK_LIB([ucb], [getpagesize], 2135 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2136) 2137 2138# Check for broken snprintf 2139if test "x$ac_cv_func_snprintf" = "xyes" ; then 2140 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2141 AC_RUN_IFELSE( 2142 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2143 [[ 2144 char b[5]; 2145 snprintf(b,5,"123456789"); 2146 exit(b[4]!='\0'); 2147 ]])], 2148 [AC_MSG_RESULT([yes])], 2149 [ 2150 AC_MSG_RESULT([no]) 2151 AC_DEFINE([BROKEN_SNPRINTF], [1], 2152 [Define if your snprintf is busted]) 2153 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2154 ], 2155 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2156 ) 2157fi 2158 2159if test "x$ac_cv_func_snprintf" = "xyes" ; then 2160 AC_MSG_CHECKING([whether snprintf understands %zu]) 2161 AC_RUN_IFELSE( 2162 [AC_LANG_PROGRAM([[ 2163#include <sys/types.h> 2164#include <stdio.h> 2165 ]], 2166 [[ 2167 size_t a = 1, b = 2; 2168 char z[128]; 2169 snprintf(z, sizeof z, "%zu%zu", a, b); 2170 exit(strcmp(z, "12")); 2171 ]])], 2172 [AC_MSG_RESULT([yes])], 2173 [ 2174 AC_MSG_RESULT([no]) 2175 AC_DEFINE([BROKEN_SNPRINTF], [1], 2176 [snprintf does not understand %zu]) 2177 ], 2178 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2179 ) 2180fi 2181 2182# We depend on vsnprintf returning the right thing on overflow: the 2183# number of characters it tried to create (as per SUSv3) 2184if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2185 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2186 AC_RUN_IFELSE( 2187 [AC_LANG_PROGRAM([[ 2188#include <sys/types.h> 2189#include <stdio.h> 2190#include <stdarg.h> 2191 2192int x_snprintf(char *str, size_t count, const char *fmt, ...) 2193{ 2194 size_t ret; 2195 va_list ap; 2196 2197 va_start(ap, fmt); 2198 ret = vsnprintf(str, count, fmt, ap); 2199 va_end(ap); 2200 return ret; 2201} 2202 ]], [[ 2203char x[1]; 2204if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2205 return 1; 2206if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2207 return 1; 2208return 0; 2209 ]])], 2210 [AC_MSG_RESULT([yes])], 2211 [ 2212 AC_MSG_RESULT([no]) 2213 AC_DEFINE([BROKEN_SNPRINTF], [1], 2214 [Define if your snprintf is busted]) 2215 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2216 ], 2217 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2218 ) 2219fi 2220 2221# On systems where [v]snprintf is broken, but is declared in stdio, 2222# check that the fmt argument is const char * or just char *. 2223# This is only useful for when BROKEN_SNPRINTF 2224AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2225AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2226#include <stdio.h> 2227int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2228 ]], [[ 2229 snprintf(0, 0, 0); 2230 ]])], 2231 [AC_MSG_RESULT([yes]) 2232 AC_DEFINE([SNPRINTF_CONST], [const], 2233 [Define as const if snprintf() can declare const char *fmt])], 2234 [AC_MSG_RESULT([no]) 2235 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2236 2237# Check for missing getpeereid (or equiv) support 2238NO_PEERCHECK="" 2239if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2240 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2241 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2242#include <sys/types.h> 2243#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2244 [ AC_MSG_RESULT([yes]) 2245 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2246 ], [AC_MSG_RESULT([no]) 2247 NO_PEERCHECK=1 2248 ]) 2249fi 2250 2251dnl see whether mkstemp() requires XXXXXX 2252if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2253AC_MSG_CHECKING([for (overly) strict mkstemp]) 2254AC_RUN_IFELSE( 2255 [AC_LANG_PROGRAM([[ 2256#include <stdlib.h> 2257 ]], [[ 2258 char template[]="conftest.mkstemp-test"; 2259 if (mkstemp(template) == -1) 2260 exit(1); 2261 unlink(template); 2262 exit(0); 2263 ]])], 2264 [ 2265 AC_MSG_RESULT([no]) 2266 ], 2267 [ 2268 AC_MSG_RESULT([yes]) 2269 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2270 ], 2271 [ 2272 AC_MSG_RESULT([yes]) 2273 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2274 ] 2275) 2276fi 2277 2278dnl make sure that openpty does not reacquire controlling terminal 2279if test ! -z "$check_for_openpty_ctty_bug"; then 2280 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2281 AC_RUN_IFELSE( 2282 [AC_LANG_PROGRAM([[ 2283#include <stdio.h> 2284#include <sys/fcntl.h> 2285#include <sys/types.h> 2286#include <sys/wait.h> 2287 ]], [[ 2288 pid_t pid; 2289 int fd, ptyfd, ttyfd, status; 2290 2291 pid = fork(); 2292 if (pid < 0) { /* failed */ 2293 exit(1); 2294 } else if (pid > 0) { /* parent */ 2295 waitpid(pid, &status, 0); 2296 if (WIFEXITED(status)) 2297 exit(WEXITSTATUS(status)); 2298 else 2299 exit(2); 2300 } else { /* child */ 2301 close(0); close(1); close(2); 2302 setsid(); 2303 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2304 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2305 if (fd >= 0) 2306 exit(3); /* Acquired ctty: broken */ 2307 else 2308 exit(0); /* Did not acquire ctty: OK */ 2309 } 2310 ]])], 2311 [ 2312 AC_MSG_RESULT([yes]) 2313 ], 2314 [ 2315 AC_MSG_RESULT([no]) 2316 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2317 ], 2318 [ 2319 AC_MSG_RESULT([cross-compiling, assuming yes]) 2320 ] 2321 ) 2322fi 2323 2324if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2325 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2326 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2327 AC_RUN_IFELSE( 2328 [AC_LANG_PROGRAM([[ 2329#include <stdio.h> 2330#include <sys/socket.h> 2331#include <netdb.h> 2332#include <errno.h> 2333#include <netinet/in.h> 2334 2335#define TEST_PORT "2222" 2336 ]], [[ 2337 int err, sock; 2338 struct addrinfo *gai_ai, *ai, hints; 2339 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2340 2341 memset(&hints, 0, sizeof(hints)); 2342 hints.ai_family = PF_UNSPEC; 2343 hints.ai_socktype = SOCK_STREAM; 2344 hints.ai_flags = AI_PASSIVE; 2345 2346 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2347 if (err != 0) { 2348 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2349 exit(1); 2350 } 2351 2352 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2353 if (ai->ai_family != AF_INET6) 2354 continue; 2355 2356 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2357 sizeof(ntop), strport, sizeof(strport), 2358 NI_NUMERICHOST|NI_NUMERICSERV); 2359 2360 if (err != 0) { 2361 if (err == EAI_SYSTEM) 2362 perror("getnameinfo EAI_SYSTEM"); 2363 else 2364 fprintf(stderr, "getnameinfo failed: %s\n", 2365 gai_strerror(err)); 2366 exit(2); 2367 } 2368 2369 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2370 if (sock < 0) 2371 perror("socket"); 2372 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2373 if (errno == EBADF) 2374 exit(3); 2375 } 2376 } 2377 exit(0); 2378 ]])], 2379 [ 2380 AC_MSG_RESULT([yes]) 2381 ], 2382 [ 2383 AC_MSG_RESULT([no]) 2384 AC_DEFINE([BROKEN_GETADDRINFO]) 2385 ], 2386 [ 2387 AC_MSG_RESULT([cross-compiling, assuming yes]) 2388 ] 2389 ) 2390fi 2391 2392if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2393 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2394 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2395 AC_RUN_IFELSE( 2396 [AC_LANG_PROGRAM([[ 2397#include <stdio.h> 2398#include <sys/socket.h> 2399#include <netdb.h> 2400#include <errno.h> 2401#include <netinet/in.h> 2402 2403#define TEST_PORT "2222" 2404 ]], [[ 2405 int err, sock; 2406 struct addrinfo *gai_ai, *ai, hints; 2407 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2408 2409 memset(&hints, 0, sizeof(hints)); 2410 hints.ai_family = PF_UNSPEC; 2411 hints.ai_socktype = SOCK_STREAM; 2412 hints.ai_flags = AI_PASSIVE; 2413 2414 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2415 if (err != 0) { 2416 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2417 exit(1); 2418 } 2419 2420 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2421 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2422 continue; 2423 2424 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2425 sizeof(ntop), strport, sizeof(strport), 2426 NI_NUMERICHOST|NI_NUMERICSERV); 2427 2428 if (ai->ai_family == AF_INET && err != 0) { 2429 perror("getnameinfo"); 2430 exit(2); 2431 } 2432 } 2433 exit(0); 2434 ]])], 2435 [ 2436 AC_MSG_RESULT([yes]) 2437 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2438 [Define if you have a getaddrinfo that fails 2439 for the all-zeros IPv6 address]) 2440 ], 2441 [ 2442 AC_MSG_RESULT([no]) 2443 AC_DEFINE([BROKEN_GETADDRINFO]) 2444 ], 2445 [ 2446 AC_MSG_RESULT([cross-compiling, assuming no]) 2447 ] 2448 ) 2449fi 2450 2451if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2452 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2453 [#include <sys/types.h> 2454 #include <sys/socket.h> 2455 #include <netdb.h>]) 2456fi 2457 2458if test "x$check_for_conflicting_getspnam" = "x1"; then 2459 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2460 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2461 [[ exit(0); ]])], 2462 [ 2463 AC_MSG_RESULT([no]) 2464 ], 2465 [ 2466 AC_MSG_RESULT([yes]) 2467 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2468 [Conflicting defs for getspnam]) 2469 ] 2470 ) 2471fi 2472 2473dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2474dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2475dnl for over ten years). Despite this incompatibility being reported during 2476dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2477dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2478dnl implementation. Try to detect this mess, and assume the only safe option 2479dnl if we're cross compiling. 2480dnl 2481dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2482dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2483if test "x$ac_cv_func_strnvis" = "xyes"; then 2484 AC_MSG_CHECKING([for working strnvis]) 2485 AC_RUN_IFELSE( 2486 [AC_LANG_PROGRAM([[ 2487#include <signal.h> 2488#include <stdlib.h> 2489#include <string.h> 2490#include <vis.h> 2491static void sighandler(int sig) { _exit(1); } 2492 ]], [[ 2493 char dst[16]; 2494 2495 signal(SIGSEGV, sighandler); 2496 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2497 exit(0); 2498 exit(1) 2499 ]])], 2500 [AC_MSG_RESULT([yes])], 2501 [AC_MSG_RESULT([no]) 2502 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2503 [AC_MSG_WARN([cross compiling: assuming broken]) 2504 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2505 ) 2506fi 2507 2508AC_CHECK_FUNCS([getpgrp],[ 2509 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2510 AC_COMPILE_IFELSE( 2511 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2512 [ AC_MSG_RESULT([yes]) 2513 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2514 [ AC_MSG_RESULT([no]) 2515 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2516 ) 2517]) 2518 2519# Search for OpenSSL 2520saved_CPPFLAGS="$CPPFLAGS" 2521saved_LDFLAGS="$LDFLAGS" 2522AC_ARG_WITH([ssl-dir], 2523 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2524 [ 2525 if test "x$openssl" = "xno" ; then 2526 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2527 fi 2528 if test "x$withval" != "xno" ; then 2529 case "$withval" in 2530 # Relative paths 2531 ./*|../*) withval="`pwd`/$withval" 2532 esac 2533 if test -d "$withval/lib"; then 2534 if test -n "${need_dash_r}"; then 2535 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2536 else 2537 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2538 fi 2539 elif test -d "$withval/lib64"; then 2540 if test -n "${need_dash_r}"; then 2541 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2542 else 2543 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2544 fi 2545 else 2546 if test -n "${need_dash_r}"; then 2547 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2548 else 2549 LDFLAGS="-L${withval} ${LDFLAGS}" 2550 fi 2551 fi 2552 if test -d "$withval/include"; then 2553 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2554 else 2555 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2556 fi 2557 fi 2558 ] 2559) 2560 2561AC_ARG_WITH([openssl-header-check], 2562 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2563 [ 2564 if test "x$withval" = "xno" ; then 2565 openssl_check_nonfatal=1 2566 fi 2567 ] 2568) 2569 2570openssl_engine=no 2571AC_ARG_WITH([ssl-engine], 2572 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2573 [ 2574 if test "x$withval" != "xno" ; then 2575 if test "x$openssl" = "xno" ; then 2576 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2577 fi 2578 openssl_engine=yes 2579 fi 2580 ] 2581) 2582 2583if test "x$openssl" = "xyes" ; then 2584 LIBS="-lcrypto $LIBS" 2585 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2586 [Define if your ssl headers are included 2587 with #include <openssl/header.h>])], 2588 [ 2589 dnl Check default openssl install dir 2590 if test -n "${need_dash_r}"; then 2591 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2592 else 2593 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2594 fi 2595 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2596 AC_CHECK_HEADER([openssl/opensslv.h], , 2597 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2598 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2599 [ 2600 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2601 ] 2602 ) 2603 ] 2604 ) 2605 2606 # Determine OpenSSL header version 2607 AC_MSG_CHECKING([OpenSSL header version]) 2608 AC_RUN_IFELSE( 2609 [AC_LANG_PROGRAM([[ 2610 #include <stdlib.h> 2611 #include <stdio.h> 2612 #include <string.h> 2613 #include <openssl/opensslv.h> 2614 #define DATA "conftest.sslincver" 2615 ]], [[ 2616 FILE *fd; 2617 int rc; 2618 2619 fd = fopen(DATA,"w"); 2620 if(fd == NULL) 2621 exit(1); 2622 2623 if ((rc = fprintf(fd, "%08lx (%s)\n", 2624 (unsigned long)OPENSSL_VERSION_NUMBER, 2625 OPENSSL_VERSION_TEXT)) < 0) 2626 exit(1); 2627 2628 exit(0); 2629 ]])], 2630 [ 2631 ssl_header_ver=`cat conftest.sslincver` 2632 AC_MSG_RESULT([$ssl_header_ver]) 2633 ], 2634 [ 2635 AC_MSG_RESULT([not found]) 2636 AC_MSG_ERROR([OpenSSL version header not found.]) 2637 ], 2638 [ 2639 AC_MSG_WARN([cross compiling: not checking]) 2640 ] 2641 ) 2642 2643 # Determine OpenSSL library version 2644 AC_MSG_CHECKING([OpenSSL library version]) 2645 AC_RUN_IFELSE( 2646 [AC_LANG_PROGRAM([[ 2647 #include <stdio.h> 2648 #include <string.h> 2649 #include <openssl/opensslv.h> 2650 #include <openssl/crypto.h> 2651 #define DATA "conftest.ssllibver" 2652 ]], [[ 2653 FILE *fd; 2654 int rc; 2655 2656 fd = fopen(DATA,"w"); 2657 if(fd == NULL) 2658 exit(1); 2659 2660 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), 2661 SSLeay_version(SSLEAY_VERSION))) < 0) 2662 exit(1); 2663 2664 exit(0); 2665 ]])], 2666 [ 2667 ssl_library_ver=`cat conftest.ssllibver` 2668 # Check version is supported. 2669 case "$ssl_library_ver" in 2670 10000*|0*) 2671 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2672 ;; 2673 100*) ;; # 1.0.x 2674 101000[0123456]*) 2675 # https://github.com/openssl/openssl/pull/4613 2676 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2677 ;; 2678 101*) ;; # 1.1.x 2679 200*) ;; # LibreSSL 2680 *) 2681 AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")]) 2682 ;; 2683 esac 2684 AC_MSG_RESULT([$ssl_library_ver]) 2685 ], 2686 [ 2687 AC_MSG_RESULT([not found]) 2688 AC_MSG_ERROR([OpenSSL library not found.]) 2689 ], 2690 [ 2691 AC_MSG_WARN([cross compiling: not checking]) 2692 ] 2693 ) 2694 2695 # Sanity check OpenSSL headers 2696 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2697 AC_RUN_IFELSE( 2698 [AC_LANG_PROGRAM([[ 2699 #include <string.h> 2700 #include <openssl/opensslv.h> 2701 #include <openssl/crypto.h> 2702 ]], [[ 2703 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2704 ]])], 2705 [ 2706 AC_MSG_RESULT([yes]) 2707 ], 2708 [ 2709 AC_MSG_RESULT([no]) 2710 if test "x$openssl_check_nonfatal" = "x"; then 2711 AC_MSG_ERROR([Your OpenSSL headers do not match your 2712 library. Check config.log for details. 2713 If you are sure your installation is consistent, you can disable the check 2714 by running "./configure --without-openssl-header-check". 2715 Also see contrib/findssl.sh for help identifying header/library mismatches. 2716 ]) 2717 else 2718 AC_MSG_WARN([Your OpenSSL headers do not match your 2719 library. Check config.log for details. 2720 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2721 fi 2722 ], 2723 [ 2724 AC_MSG_WARN([cross compiling: not checking]) 2725 ] 2726 ) 2727 2728 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2729 AC_LINK_IFELSE( 2730 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2731 [[ SSLeay_add_all_algorithms(); ]])], 2732 [ 2733 AC_MSG_RESULT([yes]) 2734 ], 2735 [ 2736 AC_MSG_RESULT([no]) 2737 saved_LIBS="$LIBS" 2738 LIBS="$LIBS -ldl" 2739 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2740 AC_LINK_IFELSE( 2741 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2742 [[ SSLeay_add_all_algorithms(); ]])], 2743 [ 2744 AC_MSG_RESULT([yes]) 2745 ], 2746 [ 2747 AC_MSG_RESULT([no]) 2748 LIBS="$saved_LIBS" 2749 ] 2750 ) 2751 ] 2752 ) 2753 2754 AC_CHECK_FUNCS([ \ 2755 BN_is_prime_ex \ 2756 DSA_generate_parameters_ex \ 2757 EVP_DigestInit_ex \ 2758 EVP_DigestFinal_ex \ 2759 EVP_MD_CTX_init \ 2760 EVP_MD_CTX_cleanup \ 2761 EVP_MD_CTX_copy_ex \ 2762 HMAC_CTX_init \ 2763 RSA_generate_key_ex \ 2764 RSA_get_default_method \ 2765 ]) 2766 2767 if test "x$openssl_engine" = "xyes" ; then 2768 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2769 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2770 #include <openssl/engine.h> 2771 ]], [[ 2772 ENGINE_load_builtin_engines(); 2773 ENGINE_register_all_complete(); 2774 ]])], 2775 [ AC_MSG_RESULT([yes]) 2776 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2777 [Enable OpenSSL engine support]) 2778 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2779 ]) 2780 fi 2781 2782 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2783 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2784 AC_LINK_IFELSE( 2785 [AC_LANG_PROGRAM([[ 2786 #include <string.h> 2787 #include <openssl/evp.h> 2788 ]], [[ 2789 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2790 ]])], 2791 [ 2792 AC_MSG_RESULT([no]) 2793 ], 2794 [ 2795 AC_MSG_RESULT([yes]) 2796 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2797 [libcrypto is missing AES 192 and 256 bit functions]) 2798 ] 2799 ) 2800 2801 # Check for OpenSSL with EVP_aes_*ctr 2802 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2803 AC_LINK_IFELSE( 2804 [AC_LANG_PROGRAM([[ 2805 #include <string.h> 2806 #include <openssl/evp.h> 2807 ]], [[ 2808 exit(EVP_aes_128_ctr() == NULL || 2809 EVP_aes_192_cbc() == NULL || 2810 EVP_aes_256_cbc() == NULL); 2811 ]])], 2812 [ 2813 AC_MSG_RESULT([yes]) 2814 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2815 [libcrypto has EVP AES CTR]) 2816 ], 2817 [ 2818 AC_MSG_RESULT([no]) 2819 ] 2820 ) 2821 2822 # Check for OpenSSL with EVP_aes_*gcm 2823 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2824 AC_LINK_IFELSE( 2825 [AC_LANG_PROGRAM([[ 2826 #include <string.h> 2827 #include <openssl/evp.h> 2828 ]], [[ 2829 exit(EVP_aes_128_gcm() == NULL || 2830 EVP_aes_256_gcm() == NULL || 2831 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2832 EVP_CTRL_GCM_IV_GEN == 0 || 2833 EVP_CTRL_GCM_SET_TAG == 0 || 2834 EVP_CTRL_GCM_GET_TAG == 0 || 2835 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2836 ]])], 2837 [ 2838 AC_MSG_RESULT([yes]) 2839 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2840 [libcrypto has EVP AES GCM]) 2841 ], 2842 [ 2843 AC_MSG_RESULT([no]) 2844 unsupported_algorithms="$unsupported_cipers \ 2845 aes128-gcm@openssh.com \ 2846 aes256-gcm@openssh.com" 2847 ] 2848 ) 2849 2850 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2851 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2852 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2853 2854 # LibreSSL/OpenSSL 1.1x API 2855 AC_SEARCH_LIBS([DH_get0_key], [crypto], 2856 [AC_DEFINE([HAVE_DH_GET0_KEY], [1], 2857 [Define if libcrypto has DH_get0_key])]) 2858 AC_SEARCH_LIBS([DH_get0_pqg], [crypto], 2859 [AC_DEFINE([HAVE_DH_GET0_PQG], [1], 2860 [Define if libcrypto has DH_get0_pqg])]) 2861 AC_SEARCH_LIBS([DH_set0_key], [crypto], 2862 [AC_DEFINE([HAVE_DH_SET0_KEY], [1], 2863 [Define if libcrypto has DH_set0_key])]) 2864 AC_SEARCH_LIBS([DH_set_length], [crypto], 2865 [AC_DEFINE([HAVE_DH_SET_LENGTH], [1], 2866 [Define if libcrypto has DH_set_length])]) 2867 AC_SEARCH_LIBS([DH_set0_pqg], [crypto], 2868 [AC_DEFINE([HAVE_DH_SET0_PQG], [1], 2869 [Define if libcrypto has DH_set0_pqg])]) 2870 2871 AC_SEARCH_LIBS([DSA_get0_key], [crypto], 2872 [AC_DEFINE([HAVE_DSA_GET0_KEY], [1], 2873 [Define if libcrypto has DSA_get0_key])]) 2874 AC_SEARCH_LIBS([DSA_get0_pqg], [crypto], 2875 [AC_DEFINE([HAVE_DSA_GET0_PQG], [1], 2876 [Define if libcrypto has DSA_get0_pqg])]) 2877 AC_SEARCH_LIBS([DSA_set0_key], [crypto], 2878 [AC_DEFINE([HAVE_DSA_SET0_KEY], [1], 2879 [Define if libcrypto has DSA_set0_key])]) 2880 AC_SEARCH_LIBS([DSA_set0_pqg], [crypto], 2881 [AC_DEFINE([HAVE_DSA_SET0_PQG], [1], 2882 [Define if libcrypto has DSA_set0_pqg])]) 2883 2884 AC_SEARCH_LIBS([DSA_SIG_get0], [crypto], 2885 [AC_DEFINE([HAVE_DSA_SIG_GET0], [1], 2886 [Define if libcrypto has DSA_SIG_get0])]) 2887 AC_SEARCH_LIBS([DSA_SIG_set0], [crypto], 2888 [AC_DEFINE([HAVE_DSA_SIG_SET0], [1], 2889 [Define if libcrypto has DSA_SIG_set0])]) 2890 2891 AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto], 2892 [AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1], 2893 [Define if libcrypto has ECDSA_SIG_get0])]) 2894 AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto], 2895 [AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1], 2896 [Define if libcrypto has ECDSA_SIG_set0])]) 2897 2898 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto], 2899 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1], 2900 [Define if libcrypto has EVP_CIPHER_CTX_iv])]) 2901 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto], 2902 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1], 2903 [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])]) 2904 AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto], 2905 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], 2906 [Define if libcrypto has EVP_CIPHER_CTX_get_iv])]) 2907 AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto], 2908 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], 2909 [Define if libcrypto has EVP_CIPHER_CTX_set_iv])]) 2910 2911 AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto], 2912 [AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1], 2913 [Define if libcrypto has RSA_get0_crt_params])]) 2914 AC_SEARCH_LIBS([RSA_get0_factors], [crypto], 2915 [AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1], 2916 [Define if libcrypto has RSA_get0_factors])]) 2917 AC_SEARCH_LIBS([RSA_get0_key], [crypto], 2918 [AC_DEFINE([HAVE_RSA_GET0_KEY], [1], 2919 [Define if libcrypto has RSA_get0_key])]) 2920 AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto], 2921 [AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1], 2922 [Define if libcrypto has RSA_get0_srt_params])]) 2923 AC_SEARCH_LIBS([RSA_set0_factors], [crypto], 2924 [AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1], 2925 [Define if libcrypto has RSA_set0_factors])]) 2926 AC_SEARCH_LIBS([RSA_set0_key], [crypto], 2927 [AC_DEFINE([HAVE_RSA_SET0_KEY], [1], 2928 [Define if libcrypto has RSA_set0_key])]) 2929 2930 AC_SEARCH_LIBS([RSA_meth_free], [crypto], 2931 [AC_DEFINE([HAVE_RSA_METH_FREE], [1], 2932 [Define if libcrypto has RSA_meth_free])]) 2933 AC_SEARCH_LIBS([RSA_meth_dup], [crypto], 2934 [AC_DEFINE([HAVE_RSA_METH_DUP], [1], 2935 [Define if libcrypto has RSA_meth_dup])]) 2936 AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto], 2937 [AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1], 2938 [Define if libcrypto has RSA_meth_set1_name])]) 2939 AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto], 2940 [AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1], 2941 [Define if libcrypto has RSA_meth_get_finish])]) 2942 AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto], 2943 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1], 2944 [Define if libcrypto has RSA_meth_set_priv_enc])]) 2945 AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto], 2946 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1], 2947 [Define if libcrypto has RSA_meth_set_priv_dec])]) 2948 AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto], 2949 [AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1], 2950 [Define if libcrypto has RSA_meth_set_finish])]) 2951 2952 AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto], 2953 [AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1], 2954 [Define if libcrypto has EVP_PKEY_get0_RSA])]) 2955 2956 AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto], 2957 [AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], 2958 [Define if libcrypto has EVP_MD_CTX_new])]) 2959 AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto], 2960 [AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], 2961 [Define if libcrypto has EVP_MD_CTX_free])]) 2962 2963 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2964 AC_LINK_IFELSE( 2965 [AC_LANG_PROGRAM([[ 2966 #include <string.h> 2967 #include <openssl/evp.h> 2968 ]], [[ 2969 if(EVP_DigestUpdate(NULL, NULL,0)) 2970 exit(0); 2971 ]])], 2972 [ 2973 AC_MSG_RESULT([yes]) 2974 ], 2975 [ 2976 AC_MSG_RESULT([no]) 2977 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2978 [Define if EVP_DigestUpdate returns void]) 2979 ] 2980 ) 2981 2982 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2983 # because the system crypt() is more featureful. 2984 if test "x$check_for_libcrypt_before" = "x1"; then 2985 AC_CHECK_LIB([crypt], [crypt]) 2986 fi 2987 2988 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2989 # version in OpenSSL. 2990 if test "x$check_for_libcrypt_later" = "x1"; then 2991 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2992 fi 2993 AC_CHECK_FUNCS([crypt DES_crypt]) 2994 2995 # Search for SHA256 support in libc and/or OpenSSL 2996 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2997 [unsupported_algorithms="$unsupported_algorithms \ 2998 hmac-sha2-256 \ 2999 hmac-sha2-512 \ 3000 diffie-hellman-group-exchange-sha256 \ 3001 hmac-sha2-256-etm@openssh.com \ 3002 hmac-sha2-512-etm@openssh.com" 3003 ] 3004 ) 3005 # Search for RIPE-MD support in OpenSSL 3006 AC_CHECK_FUNCS([EVP_ripemd160], , 3007 [unsupported_algorithms="$unsupported_algorithms \ 3008 hmac-ripemd160 \ 3009 hmac-ripemd160@openssh.com \ 3010 hmac-ripemd160-etm@openssh.com" 3011 ] 3012 ) 3013 3014 # Check complete ECC support in OpenSSL 3015 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3016 AC_LINK_IFELSE( 3017 [AC_LANG_PROGRAM([[ 3018 #include <openssl/ec.h> 3019 #include <openssl/ecdh.h> 3020 #include <openssl/ecdsa.h> 3021 #include <openssl/evp.h> 3022 #include <openssl/objects.h> 3023 #include <openssl/opensslv.h> 3024 ]], [[ 3025 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3026 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3027 ]])], 3028 [ AC_MSG_RESULT([yes]) 3029 enable_nistp256=1 ], 3030 [ AC_MSG_RESULT([no]) ] 3031 ) 3032 3033 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3034 AC_LINK_IFELSE( 3035 [AC_LANG_PROGRAM([[ 3036 #include <openssl/ec.h> 3037 #include <openssl/ecdh.h> 3038 #include <openssl/ecdsa.h> 3039 #include <openssl/evp.h> 3040 #include <openssl/objects.h> 3041 #include <openssl/opensslv.h> 3042 ]], [[ 3043 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3044 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3045 ]])], 3046 [ AC_MSG_RESULT([yes]) 3047 enable_nistp384=1 ], 3048 [ AC_MSG_RESULT([no]) ] 3049 ) 3050 3051 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3052 AC_LINK_IFELSE( 3053 [AC_LANG_PROGRAM([[ 3054 #include <openssl/ec.h> 3055 #include <openssl/ecdh.h> 3056 #include <openssl/ecdsa.h> 3057 #include <openssl/evp.h> 3058 #include <openssl/objects.h> 3059 #include <openssl/opensslv.h> 3060 ]], [[ 3061 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3062 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3063 ]])], 3064 [ AC_MSG_RESULT([yes]) 3065 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3066 AC_RUN_IFELSE( 3067 [AC_LANG_PROGRAM([[ 3068 #include <openssl/ec.h> 3069 #include <openssl/ecdh.h> 3070 #include <openssl/ecdsa.h> 3071 #include <openssl/evp.h> 3072 #include <openssl/objects.h> 3073 #include <openssl/opensslv.h> 3074 ]],[[ 3075 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3076 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3077 exit(e == NULL || m == NULL); 3078 ]])], 3079 [ AC_MSG_RESULT([yes]) 3080 enable_nistp521=1 ], 3081 [ AC_MSG_RESULT([no]) ], 3082 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3083 enable_nistp521=1 ] 3084 )], 3085 AC_MSG_RESULT([no]) 3086 ) 3087 3088 COMMENT_OUT_ECC="#no ecc#" 3089 TEST_SSH_ECC=no 3090 3091 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3092 test x$enable_nistp521 = x1; then 3093 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3094 fi 3095 if test x$enable_nistp256 = x1; then 3096 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3097 [libcrypto has NID_X9_62_prime256v1]) 3098 TEST_SSH_ECC=yes 3099 COMMENT_OUT_ECC="" 3100 else 3101 unsupported_algorithms="$unsupported_algorithms \ 3102 ecdsa-sha2-nistp256 \ 3103 ecdh-sha2-nistp256 \ 3104 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3105 fi 3106 if test x$enable_nistp384 = x1; then 3107 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3108 TEST_SSH_ECC=yes 3109 COMMENT_OUT_ECC="" 3110 else 3111 unsupported_algorithms="$unsupported_algorithms \ 3112 ecdsa-sha2-nistp384 \ 3113 ecdh-sha2-nistp384 \ 3114 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3115 fi 3116 if test x$enable_nistp521 = x1; then 3117 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3118 TEST_SSH_ECC=yes 3119 COMMENT_OUT_ECC="" 3120 else 3121 unsupported_algorithms="$unsupported_algorithms \ 3122 ecdh-sha2-nistp521 \ 3123 ecdsa-sha2-nistp521 \ 3124 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3125 fi 3126 3127 AC_SUBST([TEST_SSH_ECC]) 3128 AC_SUBST([COMMENT_OUT_ECC]) 3129else 3130 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3131 AC_CHECK_FUNCS([crypt]) 3132fi 3133 3134AC_CHECK_FUNCS([ \ 3135 arc4random \ 3136 arc4random_buf \ 3137 arc4random_stir \ 3138 arc4random_uniform \ 3139]) 3140 3141saved_LIBS="$LIBS" 3142AC_CHECK_LIB([iaf], [ia_openinfo], [ 3143 LIBS="$LIBS -liaf" 3144 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3145 AC_DEFINE([HAVE_LIBIAF], [1], 3146 [Define if system has libiaf that supports set_id]) 3147 ]) 3148]) 3149LIBS="$saved_LIBS" 3150 3151### Configure cryptographic random number support 3152 3153# Check whether OpenSSL seeds itself 3154if test "x$openssl" = "xyes" ; then 3155 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3156 AC_RUN_IFELSE( 3157 [AC_LANG_PROGRAM([[ 3158 #include <string.h> 3159 #include <openssl/rand.h> 3160 ]], [[ 3161 exit(RAND_status() == 1 ? 0 : 1); 3162 ]])], 3163 [ 3164 OPENSSL_SEEDS_ITSELF=yes 3165 AC_MSG_RESULT([yes]) 3166 ], 3167 [ 3168 AC_MSG_RESULT([no]) 3169 ], 3170 [ 3171 AC_MSG_WARN([cross compiling: assuming yes]) 3172 # This is safe, since we will fatal() at runtime if 3173 # OpenSSL is not seeded correctly. 3174 OPENSSL_SEEDS_ITSELF=yes 3175 ] 3176 ) 3177fi 3178 3179# PRNGD TCP socket 3180AC_ARG_WITH([prngd-port], 3181 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3182 [ 3183 case "$withval" in 3184 no) 3185 withval="" 3186 ;; 3187 [[0-9]]*) 3188 ;; 3189 *) 3190 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3191 ;; 3192 esac 3193 if test ! -z "$withval" ; then 3194 PRNGD_PORT="$withval" 3195 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3196 [Port number of PRNGD/EGD random number socket]) 3197 fi 3198 ] 3199) 3200 3201# PRNGD Unix domain socket 3202AC_ARG_WITH([prngd-socket], 3203 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3204 [ 3205 case "$withval" in 3206 yes) 3207 withval="/var/run/egd-pool" 3208 ;; 3209 no) 3210 withval="" 3211 ;; 3212 /*) 3213 ;; 3214 *) 3215 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3216 ;; 3217 esac 3218 3219 if test ! -z "$withval" ; then 3220 if test ! -z "$PRNGD_PORT" ; then 3221 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3222 fi 3223 if test ! -r "$withval" ; then 3224 AC_MSG_WARN([Entropy socket is not readable]) 3225 fi 3226 PRNGD_SOCKET="$withval" 3227 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3228 [Location of PRNGD/EGD random number socket]) 3229 fi 3230 ], 3231 [ 3232 # Check for existing socket only if we don't have a random device already 3233 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3234 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3235 # Insert other locations here 3236 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3237 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3238 PRNGD_SOCKET="$sock" 3239 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3240 break; 3241 fi 3242 done 3243 if test ! -z "$PRNGD_SOCKET" ; then 3244 AC_MSG_RESULT([$PRNGD_SOCKET]) 3245 else 3246 AC_MSG_RESULT([not found]) 3247 fi 3248 fi 3249 ] 3250) 3251 3252# Which randomness source do we use? 3253if test ! -z "$PRNGD_PORT" ; then 3254 RAND_MSG="PRNGd port $PRNGD_PORT" 3255elif test ! -z "$PRNGD_SOCKET" ; then 3256 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3257elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3258 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3259 [Define if you want the OpenSSL internally seeded PRNG only]) 3260 RAND_MSG="OpenSSL internal ONLY" 3261elif test "x$openssl" = "xno" ; then 3262 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3263else 3264 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3265fi 3266 3267# Check for PAM libs 3268PAM_MSG="no" 3269AC_ARG_WITH([pam], 3270 [ --with-pam Enable PAM support ], 3271 [ 3272 if test "x$withval" != "xno" ; then 3273 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3274 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3275 AC_MSG_ERROR([PAM headers not found]) 3276 fi 3277 3278 saved_LIBS="$LIBS" 3279 AC_CHECK_LIB([dl], [dlopen], , ) 3280 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3281 AC_CHECK_FUNCS([pam_getenvlist]) 3282 AC_CHECK_FUNCS([pam_putenv]) 3283 LIBS="$saved_LIBS" 3284 3285 PAM_MSG="yes" 3286 3287 SSHDLIBS="$SSHDLIBS -lpam" 3288 AC_DEFINE([USE_PAM], [1], 3289 [Define if you want to enable PAM support]) 3290 3291 if test $ac_cv_lib_dl_dlopen = yes; then 3292 case "$LIBS" in 3293 *-ldl*) 3294 # libdl already in LIBS 3295 ;; 3296 *) 3297 SSHDLIBS="$SSHDLIBS -ldl" 3298 ;; 3299 esac 3300 fi 3301 fi 3302 ] 3303) 3304 3305AC_ARG_WITH([pam-service], 3306 [ --with-pam-service=name Specify PAM service name ], 3307 [ 3308 if test "x$withval" != "xno" && \ 3309 test "x$withval" != "xyes" ; then 3310 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3311 ["$withval"], [sshd PAM service name]) 3312 fi 3313 ] 3314) 3315 3316# Check for older PAM 3317if test "x$PAM_MSG" = "xyes" ; then 3318 # Check PAM strerror arguments (old PAM) 3319 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3320 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3321#include <stdlib.h> 3322#if defined(HAVE_SECURITY_PAM_APPL_H) 3323#include <security/pam_appl.h> 3324#elif defined (HAVE_PAM_PAM_APPL_H) 3325#include <pam/pam_appl.h> 3326#endif 3327 ]], [[ 3328(void)pam_strerror((pam_handle_t *)NULL, -1); 3329 ]])], [AC_MSG_RESULT([no])], [ 3330 AC_DEFINE([HAVE_OLD_PAM], [1], 3331 [Define if you have an old version of PAM 3332 which takes only one argument to pam_strerror]) 3333 AC_MSG_RESULT([yes]) 3334 PAM_MSG="yes (old library)" 3335 3336 ]) 3337fi 3338 3339case "$host" in 3340*-*-cygwin*) 3341 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3342 ;; 3343*) 3344 SSH_PRIVSEP_USER=sshd 3345 ;; 3346esac 3347AC_ARG_WITH([privsep-user], 3348 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3349 [ 3350 if test -n "$withval" && test "x$withval" != "xno" && \ 3351 test "x${withval}" != "xyes"; then 3352 SSH_PRIVSEP_USER=$withval 3353 fi 3354 ] 3355) 3356if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3357 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3358 [Cygwin function to fetch non-privileged user for privilege separation]) 3359else 3360 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3361 [non-privileged user for privilege separation]) 3362fi 3363AC_SUBST([SSH_PRIVSEP_USER]) 3364 3365if test "x$have_linux_no_new_privs" = "x1" ; then 3366AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3367 #include <sys/types.h> 3368 #include <linux/seccomp.h> 3369]) 3370fi 3371if test "x$have_seccomp_filter" = "x1" ; then 3372AC_MSG_CHECKING([kernel for seccomp_filter support]) 3373AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3374 #include <errno.h> 3375 #include <elf.h> 3376 #include <linux/audit.h> 3377 #include <linux/seccomp.h> 3378 #include <stdlib.h> 3379 #include <sys/prctl.h> 3380 ]], 3381 [[ int i = $seccomp_audit_arch; 3382 errno = 0; 3383 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3384 exit(errno == EFAULT ? 0 : 1); ]])], 3385 [ AC_MSG_RESULT([yes]) ], [ 3386 AC_MSG_RESULT([no]) 3387 # Disable seccomp filter as a target 3388 have_seccomp_filter=0 3389 ] 3390) 3391fi 3392 3393# Decide which sandbox style to use 3394sandbox_arg="" 3395AC_ARG_WITH([sandbox], 3396 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3397 [ 3398 if test "x$withval" = "xyes" ; then 3399 sandbox_arg="" 3400 else 3401 sandbox_arg="$withval" 3402 fi 3403 ] 3404) 3405 3406# Some platforms (seems to be the ones that have a kernel poll(2)-type 3407# function with which they implement select(2)) use an extra file descriptor 3408# when calling select(2), which means we can't use the rlimit sandbox. 3409AC_MSG_CHECKING([if select works with descriptor rlimit]) 3410AC_RUN_IFELSE( 3411 [AC_LANG_PROGRAM([[ 3412#include <sys/types.h> 3413#ifdef HAVE_SYS_TIME_H 3414# include <sys/time.h> 3415#endif 3416#include <sys/resource.h> 3417#ifdef HAVE_SYS_SELECT_H 3418# include <sys/select.h> 3419#endif 3420#include <errno.h> 3421#include <fcntl.h> 3422#include <stdlib.h> 3423 ]],[[ 3424 struct rlimit rl_zero; 3425 int fd, r; 3426 fd_set fds; 3427 struct timeval tv; 3428 3429 fd = open("/dev/null", O_RDONLY); 3430 FD_ZERO(&fds); 3431 FD_SET(fd, &fds); 3432 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3433 setrlimit(RLIMIT_FSIZE, &rl_zero); 3434 setrlimit(RLIMIT_NOFILE, &rl_zero); 3435 tv.tv_sec = 1; 3436 tv.tv_usec = 0; 3437 r = select(fd+1, &fds, NULL, NULL, &tv); 3438 exit (r == -1 ? 1 : 0); 3439 ]])], 3440 [AC_MSG_RESULT([yes]) 3441 select_works_with_rlimit=yes], 3442 [AC_MSG_RESULT([no]) 3443 select_works_with_rlimit=no], 3444 [AC_MSG_WARN([cross compiling: assuming yes]) 3445 select_works_with_rlimit=yes] 3446) 3447 3448AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3449AC_RUN_IFELSE( 3450 [AC_LANG_PROGRAM([[ 3451#include <sys/types.h> 3452#ifdef HAVE_SYS_TIME_H 3453# include <sys/time.h> 3454#endif 3455#include <sys/resource.h> 3456#include <errno.h> 3457#include <stdlib.h> 3458 ]],[[ 3459 struct rlimit rl_zero; 3460 int fd, r; 3461 fd_set fds; 3462 3463 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3464 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3465 exit (r == -1 ? 1 : 0); 3466 ]])], 3467 [AC_MSG_RESULT([yes]) 3468 rlimit_nofile_zero_works=yes], 3469 [AC_MSG_RESULT([no]) 3470 rlimit_nofile_zero_works=no], 3471 [AC_MSG_WARN([cross compiling: assuming yes]) 3472 rlimit_nofile_zero_works=yes] 3473) 3474 3475AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3476AC_RUN_IFELSE( 3477 [AC_LANG_PROGRAM([[ 3478#include <sys/types.h> 3479#include <sys/resource.h> 3480#include <stdlib.h> 3481 ]],[[ 3482 struct rlimit rl_zero; 3483 3484 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3485 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3486 ]])], 3487 [AC_MSG_RESULT([yes])], 3488 [AC_MSG_RESULT([no]) 3489 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3490 [setrlimit RLIMIT_FSIZE works])], 3491 [AC_MSG_WARN([cross compiling: assuming yes])] 3492) 3493 3494if test "x$sandbox_arg" = "xpledge" || \ 3495 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3496 test "x$ac_cv_func_pledge" != "xyes" && \ 3497 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3498 SANDBOX_STYLE="pledge" 3499 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3500elif test "x$sandbox_arg" = "xsystrace" || \ 3501 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3502 test "x$have_systr_policy_kill" != "x1" && \ 3503 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3504 SANDBOX_STYLE="systrace" 3505 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3506elif test "x$sandbox_arg" = "xdarwin" || \ 3507 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3508 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3509 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3510 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3511 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3512 SANDBOX_STYLE="darwin" 3513 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3514elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3515 ( test -z "$sandbox_arg" && \ 3516 test "x$have_seccomp_filter" = "x1" && \ 3517 test "x$ac_cv_header_elf_h" = "xyes" && \ 3518 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3519 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3520 test "x$seccomp_audit_arch" != "x" && \ 3521 test "x$have_linux_no_new_privs" = "x1" && \ 3522 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3523 test "x$seccomp_audit_arch" = "x" && \ 3524 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3525 test "x$have_linux_no_new_privs" != "x1" && \ 3526 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3527 test "x$have_seccomp_filter" != "x1" && \ 3528 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3529 test "x$ac_cv_func_prctl" != "xyes" && \ 3530 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3531 SANDBOX_STYLE="seccomp_filter" 3532 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3533elif test "x$sandbox_arg" = "xcapsicum" || \ 3534 ( test -z "$sandbox_arg" && \ 3535 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3536 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3537 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3538 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3539 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3540 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3541 SANDBOX_STYLE="capsicum" 3542 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3543elif test "x$sandbox_arg" = "xrlimit" || \ 3544 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3545 test "x$select_works_with_rlimit" = "xyes" && \ 3546 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3547 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3548 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3549 test "x$select_works_with_rlimit" != "xyes" && \ 3550 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3551 SANDBOX_STYLE="rlimit" 3552 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3553elif test "x$sandbox_arg" = "xsolaris" || \ 3554 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3555 SANDBOX_STYLE="solaris" 3556 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3557elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3558 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3559 SANDBOX_STYLE="none" 3560 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3561else 3562 AC_MSG_ERROR([unsupported --with-sandbox]) 3563fi 3564 3565# Cheap hack to ensure NEWS-OS libraries are arranged right. 3566if test ! -z "$SONY" ; then 3567 LIBS="$LIBS -liberty"; 3568fi 3569 3570# Check for long long datatypes 3571AC_CHECK_TYPES([long long, unsigned long long, long double]) 3572 3573# Check datatype sizes 3574AC_CHECK_SIZEOF([short int], [2]) 3575AC_CHECK_SIZEOF([int], [4]) 3576AC_CHECK_SIZEOF([long int], [4]) 3577AC_CHECK_SIZEOF([long long int], [8]) 3578 3579# Sanity check long long for some platforms (AIX) 3580if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3581 ac_cv_sizeof_long_long_int=0 3582fi 3583 3584# compute LLONG_MIN and LLONG_MAX if we don't know them. 3585if test -z "$have_llong_max"; then 3586 AC_MSG_CHECKING([for max value of long long]) 3587 AC_RUN_IFELSE( 3588 [AC_LANG_PROGRAM([[ 3589#include <stdio.h> 3590/* Why is this so damn hard? */ 3591#ifdef __GNUC__ 3592# undef __GNUC__ 3593#endif 3594#define __USE_ISOC99 3595#include <limits.h> 3596#define DATA "conftest.llminmax" 3597#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3598 3599/* 3600 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3601 * we do this the hard way. 3602 */ 3603static int 3604fprint_ll(FILE *f, long long n) 3605{ 3606 unsigned int i; 3607 int l[sizeof(long long) * 8]; 3608 3609 if (n < 0) 3610 if (fprintf(f, "-") < 0) 3611 return -1; 3612 for (i = 0; n != 0; i++) { 3613 l[i] = my_abs(n % 10); 3614 n /= 10; 3615 } 3616 do { 3617 if (fprintf(f, "%d", l[--i]) < 0) 3618 return -1; 3619 } while (i != 0); 3620 if (fprintf(f, " ") < 0) 3621 return -1; 3622 return 0; 3623} 3624 ]], [[ 3625 FILE *f; 3626 long long i, llmin, llmax = 0; 3627 3628 if((f = fopen(DATA,"w")) == NULL) 3629 exit(1); 3630 3631#if defined(LLONG_MIN) && defined(LLONG_MAX) 3632 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3633 llmin = LLONG_MIN; 3634 llmax = LLONG_MAX; 3635#else 3636 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3637 /* This will work on one's complement and two's complement */ 3638 for (i = 1; i > llmax; i <<= 1, i++) 3639 llmax = i; 3640 llmin = llmax + 1LL; /* wrap */ 3641#endif 3642 3643 /* Sanity check */ 3644 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3645 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3646 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3647 fprintf(f, "unknown unknown\n"); 3648 exit(2); 3649 } 3650 3651 if (fprint_ll(f, llmin) < 0) 3652 exit(3); 3653 if (fprint_ll(f, llmax) < 0) 3654 exit(4); 3655 if (fclose(f) < 0) 3656 exit(5); 3657 exit(0); 3658 ]])], 3659 [ 3660 llong_min=`$AWK '{print $1}' conftest.llminmax` 3661 llong_max=`$AWK '{print $2}' conftest.llminmax` 3662 3663 AC_MSG_RESULT([$llong_max]) 3664 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3665 [max value of long long calculated by configure]) 3666 AC_MSG_CHECKING([for min value of long long]) 3667 AC_MSG_RESULT([$llong_min]) 3668 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3669 [min value of long long calculated by configure]) 3670 ], 3671 [ 3672 AC_MSG_RESULT([not found]) 3673 ], 3674 [ 3675 AC_MSG_WARN([cross compiling: not checking]) 3676 ] 3677 ) 3678fi 3679 3680 3681# More checks for data types 3682AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3683 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3684 [[ u_int a; a = 1;]])], 3685 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3686 ]) 3687]) 3688if test "x$ac_cv_have_u_int" = "xyes" ; then 3689 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3690 have_u_int=1 3691fi 3692 3693AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3694 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3695 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3696 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3697 ]) 3698]) 3699if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3700 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3701 have_intxx_t=1 3702fi 3703 3704if (test -z "$have_intxx_t" && \ 3705 test "x$ac_cv_header_stdint_h" = "xyes") 3706then 3707 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3708 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3709 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3710 [ 3711 AC_DEFINE([HAVE_INTXX_T]) 3712 AC_MSG_RESULT([yes]) 3713 ], [ AC_MSG_RESULT([no]) 3714 ]) 3715fi 3716 3717AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3718 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3719#include <sys/types.h> 3720#ifdef HAVE_STDINT_H 3721# include <stdint.h> 3722#endif 3723#include <sys/socket.h> 3724#ifdef HAVE_SYS_BITYPES_H 3725# include <sys/bitypes.h> 3726#endif 3727 ]], [[ 3728int64_t a; a = 1; 3729 ]])], 3730 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3731 ]) 3732]) 3733if test "x$ac_cv_have_int64_t" = "xyes" ; then 3734 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3735fi 3736 3737AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3738 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3739 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3740 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3741 ]) 3742]) 3743if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3744 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3745 have_u_intxx_t=1 3746fi 3747 3748if test -z "$have_u_intxx_t" ; then 3749 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3750 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3751 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3752 [ 3753 AC_DEFINE([HAVE_U_INTXX_T]) 3754 AC_MSG_RESULT([yes]) 3755 ], [ AC_MSG_RESULT([no]) 3756 ]) 3757fi 3758 3759AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3760 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3761 [[ u_int64_t a; a = 1;]])], 3762 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3763 ]) 3764]) 3765if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3766 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3767 have_u_int64_t=1 3768fi 3769 3770if (test -z "$have_u_int64_t" && \ 3771 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3772then 3773 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3774 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3775 [[ u_int64_t a; a = 1]])], 3776 [ 3777 AC_DEFINE([HAVE_U_INT64_T]) 3778 AC_MSG_RESULT([yes]) 3779 ], [ AC_MSG_RESULT([no]) 3780 ]) 3781fi 3782 3783if test -z "$have_u_intxx_t" ; then 3784 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3785 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3786#include <sys/types.h> 3787 ]], [[ 3788 uint8_t a; 3789 uint16_t b; 3790 uint32_t c; 3791 a = b = c = 1; 3792 ]])], 3793 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3794 ]) 3795 ]) 3796 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3797 AC_DEFINE([HAVE_UINTXX_T], [1], 3798 [define if you have uintxx_t data type]) 3799 fi 3800fi 3801 3802if (test -z "$have_uintxx_t" && \ 3803 test "x$ac_cv_header_stdint_h" = "xyes") 3804then 3805 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3806 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3807 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3808 [ 3809 AC_DEFINE([HAVE_UINTXX_T]) 3810 AC_MSG_RESULT([yes]) 3811 ], [ AC_MSG_RESULT([no]) 3812 ]) 3813fi 3814 3815if (test -z "$have_uintxx_t" && \ 3816 test "x$ac_cv_header_inttypes_h" = "xyes") 3817then 3818 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3819 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3820 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3821 [ 3822 AC_DEFINE([HAVE_UINTXX_T]) 3823 AC_MSG_RESULT([yes]) 3824 ], [ AC_MSG_RESULT([no]) 3825 ]) 3826fi 3827 3828if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3829 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3830then 3831 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3832 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3833#include <sys/bitypes.h> 3834 ]], [[ 3835 int8_t a; int16_t b; int32_t c; 3836 u_int8_t e; u_int16_t f; u_int32_t g; 3837 a = b = c = e = f = g = 1; 3838 ]])], 3839 [ 3840 AC_DEFINE([HAVE_U_INTXX_T]) 3841 AC_DEFINE([HAVE_INTXX_T]) 3842 AC_MSG_RESULT([yes]) 3843 ], [AC_MSG_RESULT([no]) 3844 ]) 3845fi 3846 3847 3848AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3849 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3850 [[ u_char foo; foo = 125; ]])], 3851 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3852 ]) 3853]) 3854if test "x$ac_cv_have_u_char" = "xyes" ; then 3855 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3856fi 3857 3858AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3859#include <sys/types.h> 3860#include <stdint.h> 3861]) 3862 3863TYPE_SOCKLEN_T 3864 3865AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3866AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3867#include <sys/types.h> 3868#ifdef HAVE_SYS_BITYPES_H 3869#include <sys/bitypes.h> 3870#endif 3871#ifdef HAVE_SYS_STATFS_H 3872#include <sys/statfs.h> 3873#endif 3874#ifdef HAVE_SYS_STATVFS_H 3875#include <sys/statvfs.h> 3876#endif 3877]) 3878 3879AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[ 3880#include <sys/types.h> 3881#ifdef HAVE_SYS_BITYPES_H 3882#include <sys/bitypes.h> 3883#endif 3884#ifdef HAVE_SYS_STATFS_H 3885#include <sys/statfs.h> 3886#endif 3887#ifdef HAVE_SYS_STATVFS_H 3888#include <sys/statvfs.h> 3889#endif 3890#ifdef HAVE_SYS_VFS_H 3891#include <sys/vfs.h> 3892#endif 3893]]) 3894 3895 3896AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3897[#include <sys/types.h> 3898#include <netinet/in.h>]) 3899 3900AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3901 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3902 [[ size_t foo; foo = 1235; ]])], 3903 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3904 ]) 3905]) 3906if test "x$ac_cv_have_size_t" = "xyes" ; then 3907 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3908fi 3909 3910AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3911 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3912 [[ ssize_t foo; foo = 1235; ]])], 3913 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3914 ]) 3915]) 3916if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3917 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3918fi 3919 3920AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3921 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3922 [[ clock_t foo; foo = 1235; ]])], 3923 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3924 ]) 3925]) 3926if test "x$ac_cv_have_clock_t" = "xyes" ; then 3927 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3928fi 3929 3930AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3931 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3932#include <sys/types.h> 3933#include <sys/socket.h> 3934 ]], [[ sa_family_t foo; foo = 1235; ]])], 3935 [ ac_cv_have_sa_family_t="yes" ], 3936 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3937#include <sys/types.h> 3938#include <sys/socket.h> 3939#include <netinet/in.h> 3940 ]], [[ sa_family_t foo; foo = 1235; ]])], 3941 [ ac_cv_have_sa_family_t="yes" ], 3942 [ ac_cv_have_sa_family_t="no" ] 3943 ) 3944 ]) 3945]) 3946if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3947 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3948 [define if you have sa_family_t data type]) 3949fi 3950 3951AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3952 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3953 [[ pid_t foo; foo = 1235; ]])], 3954 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3955 ]) 3956]) 3957if test "x$ac_cv_have_pid_t" = "xyes" ; then 3958 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3959fi 3960 3961AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3962 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3963 [[ mode_t foo; foo = 1235; ]])], 3964 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3965 ]) 3966]) 3967if test "x$ac_cv_have_mode_t" = "xyes" ; then 3968 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3969fi 3970 3971 3972AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3973 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3974#include <sys/types.h> 3975#include <sys/socket.h> 3976 ]], [[ struct sockaddr_storage s; ]])], 3977 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3978 [ ac_cv_have_struct_sockaddr_storage="no" 3979 ]) 3980]) 3981if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3982 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3983 [define if you have struct sockaddr_storage data type]) 3984fi 3985 3986AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3987 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3988#include <sys/types.h> 3989#include <netinet/in.h> 3990 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3991 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3992 [ ac_cv_have_struct_sockaddr_in6="no" 3993 ]) 3994]) 3995if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3996 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3997 [define if you have struct sockaddr_in6 data type]) 3998fi 3999 4000AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4001 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4002#include <sys/types.h> 4003#include <netinet/in.h> 4004 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4005 [ ac_cv_have_struct_in6_addr="yes" ], 4006 [ ac_cv_have_struct_in6_addr="no" 4007 ]) 4008]) 4009if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4010 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4011 [define if you have struct in6_addr data type]) 4012 4013dnl Now check for sin6_scope_id 4014 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4015 [ 4016#ifdef HAVE_SYS_TYPES_H 4017#include <sys/types.h> 4018#endif 4019#include <netinet/in.h> 4020 ]) 4021fi 4022 4023AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4024 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4025#include <sys/types.h> 4026#include <sys/socket.h> 4027#include <netdb.h> 4028 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4029 [ ac_cv_have_struct_addrinfo="yes" ], 4030 [ ac_cv_have_struct_addrinfo="no" 4031 ]) 4032]) 4033if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4034 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4035 [define if you have struct addrinfo data type]) 4036fi 4037 4038AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4039 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4040 [[ struct timeval tv; tv.tv_sec = 1;]])], 4041 [ ac_cv_have_struct_timeval="yes" ], 4042 [ ac_cv_have_struct_timeval="no" 4043 ]) 4044]) 4045if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4046 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4047 have_struct_timeval=1 4048fi 4049 4050AC_CHECK_TYPES([struct timespec]) 4051 4052# We need int64_t or else certain parts of the compile will fail. 4053if test "x$ac_cv_have_int64_t" = "xno" && \ 4054 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4055 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4056 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4057 echo "an alternative compiler (I.E., GCC) before continuing." 4058 echo "" 4059 exit 1; 4060else 4061dnl test snprintf (broken on SCO w/gcc) 4062 AC_RUN_IFELSE( 4063 [AC_LANG_SOURCE([[ 4064#include <stdio.h> 4065#include <string.h> 4066#ifdef HAVE_SNPRINTF 4067main() 4068{ 4069 char buf[50]; 4070 char expected_out[50]; 4071 int mazsize = 50 ; 4072#if (SIZEOF_LONG_INT == 8) 4073 long int num = 0x7fffffffffffffff; 4074#else 4075 long long num = 0x7fffffffffffffffll; 4076#endif 4077 strcpy(expected_out, "9223372036854775807"); 4078 snprintf(buf, mazsize, "%lld", num); 4079 if(strcmp(buf, expected_out) != 0) 4080 exit(1); 4081 exit(0); 4082} 4083#else 4084main() { exit(0); } 4085#endif 4086 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4087 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4088 ) 4089fi 4090 4091dnl Checks for structure members 4092OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4093OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4094OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4095OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4096OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4097OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4098OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4099OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4100OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4101OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4102OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4103OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4104OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4105OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4106OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4107OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4108OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4109 4110AC_CHECK_MEMBERS([struct stat.st_blksize]) 4111AC_CHECK_MEMBERS([struct stat.st_mtim]) 4112AC_CHECK_MEMBERS([struct stat.st_mtime]) 4113AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4114struct passwd.pw_change, struct passwd.pw_expire], 4115[], [], [[ 4116#include <sys/types.h> 4117#include <pwd.h> 4118]]) 4119 4120AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4121 [Define if we don't have struct __res_state in resolv.h])], 4122[[ 4123#include <stdio.h> 4124#if HAVE_SYS_TYPES_H 4125# include <sys/types.h> 4126#endif 4127#include <netinet/in.h> 4128#include <arpa/nameser.h> 4129#include <resolv.h> 4130]]) 4131 4132AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4133 ac_cv_have_ss_family_in_struct_ss, [ 4134 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4135#include <sys/types.h> 4136#include <sys/socket.h> 4137 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4138 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4139 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4140]) 4141if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4142 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4143fi 4144 4145AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4146 ac_cv_have___ss_family_in_struct_ss, [ 4147 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4148#include <sys/types.h> 4149#include <sys/socket.h> 4150 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4151 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4152 [ ac_cv_have___ss_family_in_struct_ss="no" 4153 ]) 4154]) 4155if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4156 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4157 [Fields in struct sockaddr_storage]) 4158fi 4159 4160dnl make sure we're using the real structure members and not defines 4161AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4162 ac_cv_have_accrights_in_msghdr, [ 4163 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4164#include <sys/types.h> 4165#include <sys/socket.h> 4166#include <sys/uio.h> 4167 ]], [[ 4168#ifdef msg_accrights 4169#error "msg_accrights is a macro" 4170exit(1); 4171#endif 4172struct msghdr m; 4173m.msg_accrights = 0; 4174exit(0); 4175 ]])], 4176 [ ac_cv_have_accrights_in_msghdr="yes" ], 4177 [ ac_cv_have_accrights_in_msghdr="no" ] 4178 ) 4179]) 4180if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4181 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4182 [Define if your system uses access rights style 4183 file descriptor passing]) 4184fi 4185 4186AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4187AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4188#include <sys/param.h> 4189#include <sys/stat.h> 4190#ifdef HAVE_SYS_TIME_H 4191# include <sys/time.h> 4192#endif 4193#ifdef HAVE_SYS_MOUNT_H 4194#include <sys/mount.h> 4195#endif 4196#ifdef HAVE_SYS_STATVFS_H 4197#include <sys/statvfs.h> 4198#endif 4199 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4200 [ AC_MSG_RESULT([yes]) ], 4201 [ AC_MSG_RESULT([no]) 4202 4203 AC_MSG_CHECKING([if fsid_t has member val]) 4204 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4205#include <sys/types.h> 4206#include <sys/statvfs.h> 4207 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4208 [ AC_MSG_RESULT([yes]) 4209 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4210 [ AC_MSG_RESULT([no]) ]) 4211 4212 AC_MSG_CHECKING([if f_fsid has member __val]) 4213 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4214#include <sys/types.h> 4215#include <sys/statvfs.h> 4216 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4217 [ AC_MSG_RESULT([yes]) 4218 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4219 [ AC_MSG_RESULT([no]) ]) 4220]) 4221 4222AC_CACHE_CHECK([for msg_control field in struct msghdr], 4223 ac_cv_have_control_in_msghdr, [ 4224 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4225#include <sys/types.h> 4226#include <sys/socket.h> 4227#include <sys/uio.h> 4228 ]], [[ 4229#ifdef msg_control 4230#error "msg_control is a macro" 4231exit(1); 4232#endif 4233struct msghdr m; 4234m.msg_control = 0; 4235exit(0); 4236 ]])], 4237 [ ac_cv_have_control_in_msghdr="yes" ], 4238 [ ac_cv_have_control_in_msghdr="no" ] 4239 ) 4240]) 4241if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4242 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4243 [Define if your system uses ancillary data style 4244 file descriptor passing]) 4245fi 4246 4247AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4248 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4249 [[ extern char *__progname; printf("%s", __progname); ]])], 4250 [ ac_cv_libc_defines___progname="yes" ], 4251 [ ac_cv_libc_defines___progname="no" 4252 ]) 4253]) 4254if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4255 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4256fi 4257 4258AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4259 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4260 [[ printf("%s", __FUNCTION__); ]])], 4261 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4262 [ ac_cv_cc_implements___FUNCTION__="no" 4263 ]) 4264]) 4265if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4266 AC_DEFINE([HAVE___FUNCTION__], [1], 4267 [Define if compiler implements __FUNCTION__]) 4268fi 4269 4270AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4271 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4272 [[ printf("%s", __func__); ]])], 4273 [ ac_cv_cc_implements___func__="yes" ], 4274 [ ac_cv_cc_implements___func__="no" 4275 ]) 4276]) 4277if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4278 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4279fi 4280 4281AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4282 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4283#include <stdarg.h> 4284va_list x,y; 4285 ]], [[ va_copy(x,y); ]])], 4286 [ ac_cv_have_va_copy="yes" ], 4287 [ ac_cv_have_va_copy="no" 4288 ]) 4289]) 4290if test "x$ac_cv_have_va_copy" = "xyes" ; then 4291 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4292fi 4293 4294AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4295 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4296#include <stdarg.h> 4297va_list x,y; 4298 ]], [[ __va_copy(x,y); ]])], 4299 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4300 ]) 4301]) 4302if test "x$ac_cv_have___va_copy" = "xyes" ; then 4303 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4304fi 4305 4306AC_CACHE_CHECK([whether getopt has optreset support], 4307 ac_cv_have_getopt_optreset, [ 4308 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4309 [[ extern int optreset; optreset = 0; ]])], 4310 [ ac_cv_have_getopt_optreset="yes" ], 4311 [ ac_cv_have_getopt_optreset="no" 4312 ]) 4313]) 4314if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4315 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4316 [Define if your getopt(3) defines and uses optreset]) 4317fi 4318 4319AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4320 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4321[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4322 [ ac_cv_libc_defines_sys_errlist="yes" ], 4323 [ ac_cv_libc_defines_sys_errlist="no" 4324 ]) 4325]) 4326if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4327 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4328 [Define if your system defines sys_errlist[]]) 4329fi 4330 4331 4332AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4333 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4334[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4335 [ ac_cv_libc_defines_sys_nerr="yes" ], 4336 [ ac_cv_libc_defines_sys_nerr="no" 4337 ]) 4338]) 4339if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4340 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4341fi 4342 4343# Check libraries needed by DNS fingerprint support 4344AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4345 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4346 [Define if getrrsetbyname() exists])], 4347 [ 4348 # Needed by our getrrsetbyname() 4349 AC_SEARCH_LIBS([res_query], [resolv]) 4350 AC_SEARCH_LIBS([dn_expand], [resolv]) 4351 AC_MSG_CHECKING([if res_query will link]) 4352 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4353#include <sys/types.h> 4354#include <netinet/in.h> 4355#include <arpa/nameser.h> 4356#include <netdb.h> 4357#include <resolv.h> 4358 ]], [[ 4359 res_query (0, 0, 0, 0, 0); 4360 ]])], 4361 AC_MSG_RESULT([yes]), 4362 [AC_MSG_RESULT([no]) 4363 saved_LIBS="$LIBS" 4364 LIBS="$LIBS -lresolv" 4365 AC_MSG_CHECKING([for res_query in -lresolv]) 4366 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4367#include <sys/types.h> 4368#include <netinet/in.h> 4369#include <arpa/nameser.h> 4370#include <netdb.h> 4371#include <resolv.h> 4372 ]], [[ 4373 res_query (0, 0, 0, 0, 0); 4374 ]])], 4375 [AC_MSG_RESULT([yes])], 4376 [LIBS="$saved_LIBS" 4377 AC_MSG_RESULT([no])]) 4378 ]) 4379 AC_CHECK_FUNCS([_getshort _getlong]) 4380 AC_CHECK_DECLS([_getshort, _getlong], , , 4381 [#include <sys/types.h> 4382 #include <arpa/nameser.h>]) 4383 AC_CHECK_MEMBER([HEADER.ad], 4384 [AC_DEFINE([HAVE_HEADER_AD], [1], 4385 [Define if HEADER.ad exists in arpa/nameser.h])], , 4386 [#include <arpa/nameser.h>]) 4387 ]) 4388 4389AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4390AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4391#include <stdio.h> 4392#if HAVE_SYS_TYPES_H 4393# include <sys/types.h> 4394#endif 4395#include <netinet/in.h> 4396#include <arpa/nameser.h> 4397#include <resolv.h> 4398extern struct __res_state _res; 4399 ]], [[ 4400struct __res_state *volatile p = &_res; /* force resolution of _res */ 4401return 0; 4402 ]],)], 4403 [AC_MSG_RESULT([yes]) 4404 AC_DEFINE([HAVE__RES_EXTERN], [1], 4405 [Define if you have struct __res_state _res as an extern]) 4406 ], 4407 [ AC_MSG_RESULT([no]) ] 4408) 4409 4410# Check whether user wants SELinux support 4411SELINUX_MSG="no" 4412LIBSELINUX="" 4413AC_ARG_WITH([selinux], 4414 [ --with-selinux Enable SELinux support], 4415 [ if test "x$withval" != "xno" ; then 4416 save_LIBS="$LIBS" 4417 AC_DEFINE([WITH_SELINUX], [1], 4418 [Define if you want SELinux support.]) 4419 SELINUX_MSG="yes" 4420 AC_CHECK_HEADER([selinux/selinux.h], , 4421 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4422 AC_CHECK_LIB([selinux], [setexeccon], 4423 [ LIBSELINUX="-lselinux" 4424 LIBS="$LIBS -lselinux" 4425 ], 4426 AC_MSG_ERROR([SELinux support requires libselinux library])) 4427 SSHLIBS="$SSHLIBS $LIBSELINUX" 4428 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4429 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4430 LIBS="$save_LIBS" 4431 fi ] 4432) 4433AC_SUBST([SSHLIBS]) 4434AC_SUBST([SSHDLIBS]) 4435 4436# Check whether user wants Kerberos 5 support 4437KRB5_MSG="no" 4438AC_ARG_WITH([kerberos5], 4439 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4440 [ if test "x$withval" != "xno" ; then 4441 if test "x$withval" = "xyes" ; then 4442 KRB5ROOT="/usr/local" 4443 else 4444 KRB5ROOT=${withval} 4445 fi 4446 4447 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4448 KRB5_MSG="yes" 4449 4450 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4451 [$KRB5ROOT/bin/krb5-config], 4452 [$KRB5ROOT/bin:$PATH]) 4453 if test -x $KRB5CONF ; then 4454 K5CFLAGS="`$KRB5CONF --cflags`" 4455 K5LIBS="`$KRB5CONF --libs`" 4456 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4457 4458 AC_MSG_CHECKING([for gssapi support]) 4459 if $KRB5CONF | grep gssapi >/dev/null ; then 4460 AC_MSG_RESULT([yes]) 4461 AC_DEFINE([GSSAPI], [1], 4462 [Define this if you want GSSAPI 4463 support in the version 2 protocol]) 4464 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4465 GSSLIBS="`$KRB5CONF --libs gssapi`" 4466 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4467 else 4468 AC_MSG_RESULT([no]) 4469 fi 4470 AC_MSG_CHECKING([whether we are using Heimdal]) 4471 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4472 ]], [[ char *tmp = heimdal_version; ]])], 4473 [ AC_MSG_RESULT([yes]) 4474 AC_DEFINE([HEIMDAL], [1], 4475 [Define this if you are using the Heimdal 4476 version of Kerberos V5]) ], 4477 [AC_MSG_RESULT([no]) 4478 ]) 4479 else 4480 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4481 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4482 AC_MSG_CHECKING([whether we are using Heimdal]) 4483 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4484 ]], [[ char *tmp = heimdal_version; ]])], 4485 [ AC_MSG_RESULT([yes]) 4486 AC_DEFINE([HEIMDAL]) 4487 K5LIBS="-lkrb5" 4488 K5LIBS="$K5LIBS -lcom_err -lasn1" 4489 AC_CHECK_LIB([roken], [net_write], 4490 [K5LIBS="$K5LIBS -lroken"]) 4491 AC_CHECK_LIB([des], [des_cbc_encrypt], 4492 [K5LIBS="$K5LIBS -ldes"]) 4493 ], [ AC_MSG_RESULT([no]) 4494 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4495 ]) 4496 AC_SEARCH_LIBS([dn_expand], [resolv]) 4497 4498 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4499 [ AC_DEFINE([GSSAPI]) 4500 GSSLIBS="-lgssapi_krb5" ], 4501 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4502 [ AC_DEFINE([GSSAPI]) 4503 GSSLIBS="-lgssapi" ], 4504 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4505 [ AC_DEFINE([GSSAPI]) 4506 GSSLIBS="-lgss" ], 4507 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4508 ]) 4509 ]) 4510 4511 AC_CHECK_HEADER([gssapi.h], , 4512 [ unset ac_cv_header_gssapi_h 4513 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4514 AC_CHECK_HEADERS([gssapi.h], , 4515 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4516 ) 4517 ] 4518 ) 4519 4520 oldCPP="$CPPFLAGS" 4521 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4522 AC_CHECK_HEADER([gssapi_krb5.h], , 4523 [ CPPFLAGS="$oldCPP" ]) 4524 4525 fi 4526 if test ! -z "$need_dash_r" ; then 4527 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4528 fi 4529 if test ! -z "$blibpath" ; then 4530 blibpath="$blibpath:${KRB5ROOT}/lib" 4531 fi 4532 4533 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4534 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4535 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4536 4537 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4538 [Define this if you want to use libkafs' AFS support])]) 4539 4540 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4541#ifdef HAVE_GSSAPI_H 4542# include <gssapi.h> 4543#elif defined(HAVE_GSSAPI_GSSAPI_H) 4544# include <gssapi/gssapi.h> 4545#endif 4546 4547#ifdef HAVE_GSSAPI_GENERIC_H 4548# include <gssapi_generic.h> 4549#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4550# include <gssapi/gssapi_generic.h> 4551#endif 4552 ]]) 4553 saved_LIBS="$LIBS" 4554 LIBS="$LIBS $K5LIBS" 4555 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4556 LIBS="$saved_LIBS" 4557 4558 fi 4559 ] 4560) 4561AC_SUBST([GSSLIBS]) 4562AC_SUBST([K5LIBS]) 4563 4564# Looking for programs, paths and files 4565 4566PRIVSEP_PATH=/var/empty 4567AC_ARG_WITH([privsep-path], 4568 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4569 [ 4570 if test -n "$withval" && test "x$withval" != "xno" && \ 4571 test "x${withval}" != "xyes"; then 4572 PRIVSEP_PATH=$withval 4573 fi 4574 ] 4575) 4576AC_SUBST([PRIVSEP_PATH]) 4577 4578AC_ARG_WITH([xauth], 4579 [ --with-xauth=PATH Specify path to xauth program ], 4580 [ 4581 if test -n "$withval" && test "x$withval" != "xno" && \ 4582 test "x${withval}" != "xyes"; then 4583 xauth_path=$withval 4584 fi 4585 ], 4586 [ 4587 TestPath="$PATH" 4588 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4589 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4590 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4591 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4592 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4593 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4594 xauth_path="/usr/openwin/bin/xauth" 4595 fi 4596 ] 4597) 4598 4599STRIP_OPT=-s 4600AC_ARG_ENABLE([strip], 4601 [ --disable-strip Disable calling strip(1) on install], 4602 [ 4603 if test "x$enableval" = "xno" ; then 4604 STRIP_OPT= 4605 fi 4606 ] 4607) 4608AC_SUBST([STRIP_OPT]) 4609 4610if test -z "$xauth_path" ; then 4611 XAUTH_PATH="undefined" 4612 AC_SUBST([XAUTH_PATH]) 4613else 4614 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4615 [Define if xauth is found in your path]) 4616 XAUTH_PATH=$xauth_path 4617 AC_SUBST([XAUTH_PATH]) 4618fi 4619 4620dnl # --with-maildir=/path/to/mail gets top priority. 4621dnl # if maildir is set in the platform case statement above we use that. 4622dnl # Otherwise we run a program to get the dir from system headers. 4623dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4624dnl # If we find _PATH_MAILDIR we do nothing because that is what 4625dnl # session.c expects anyway. Otherwise we set to the value found 4626dnl # stripping any trailing slash. If for some strage reason our program 4627dnl # does not find what it needs, we default to /var/spool/mail. 4628# Check for mail directory 4629AC_ARG_WITH([maildir], 4630 [ --with-maildir=/path/to/mail Specify your system mail directory], 4631 [ 4632 if test "X$withval" != X && test "x$withval" != xno && \ 4633 test "x${withval}" != xyes; then 4634 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4635 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4636 fi 4637 ],[ 4638 if test "X$maildir" != "X"; then 4639 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4640 else 4641 AC_MSG_CHECKING([Discovering system mail directory]) 4642 AC_RUN_IFELSE( 4643 [AC_LANG_PROGRAM([[ 4644#include <stdio.h> 4645#include <string.h> 4646#ifdef HAVE_PATHS_H 4647#include <paths.h> 4648#endif 4649#ifdef HAVE_MAILLOCK_H 4650#include <maillock.h> 4651#endif 4652#define DATA "conftest.maildir" 4653 ]], [[ 4654 FILE *fd; 4655 int rc; 4656 4657 fd = fopen(DATA,"w"); 4658 if(fd == NULL) 4659 exit(1); 4660 4661#if defined (_PATH_MAILDIR) 4662 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4663 exit(1); 4664#elif defined (MAILDIR) 4665 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4666 exit(1); 4667#elif defined (_PATH_MAIL) 4668 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4669 exit(1); 4670#else 4671 exit (2); 4672#endif 4673 4674 exit(0); 4675 ]])], 4676 [ 4677 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4678 maildir=`awk -F: '{print $2}' conftest.maildir \ 4679 | sed 's|/$||'` 4680 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4681 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4682 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4683 fi 4684 ], 4685 [ 4686 if test "X$ac_status" = "X2";then 4687# our test program didn't find it. Default to /var/spool/mail 4688 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4689 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4690 else 4691 AC_MSG_RESULT([*** not found ***]) 4692 fi 4693 ], 4694 [ 4695 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4696 ] 4697 ) 4698 fi 4699 ] 4700) # maildir 4701 4702if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4703 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4704 disable_ptmx_check=yes 4705fi 4706if test -z "$no_dev_ptmx" ; then 4707 if test "x$disable_ptmx_check" != "xyes" ; then 4708 AC_CHECK_FILE(["/dev/ptmx"], 4709 [ 4710 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4711 [Define if you have /dev/ptmx]) 4712 have_dev_ptmx=1 4713 ] 4714 ) 4715 fi 4716fi 4717 4718if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4719 AC_CHECK_FILE(["/dev/ptc"], 4720 [ 4721 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4722 [Define if you have /dev/ptc]) 4723 have_dev_ptc=1 4724 ] 4725 ) 4726else 4727 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4728fi 4729 4730# Options from here on. Some of these are preset by platform above 4731AC_ARG_WITH([mantype], 4732 [ --with-mantype=man|cat|doc Set man page type], 4733 [ 4734 case "$withval" in 4735 man|cat|doc) 4736 MANTYPE=$withval 4737 ;; 4738 *) 4739 AC_MSG_ERROR([invalid man type: $withval]) 4740 ;; 4741 esac 4742 ] 4743) 4744if test -z "$MANTYPE"; then 4745 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4746 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4747 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4748 MANTYPE=doc 4749 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4750 MANTYPE=man 4751 else 4752 MANTYPE=cat 4753 fi 4754fi 4755AC_SUBST([MANTYPE]) 4756if test "$MANTYPE" = "doc"; then 4757 mansubdir=man; 4758else 4759 mansubdir=$MANTYPE; 4760fi 4761AC_SUBST([mansubdir]) 4762 4763# Check whether to enable MD5 passwords 4764MD5_MSG="no" 4765AC_ARG_WITH([md5-passwords], 4766 [ --with-md5-passwords Enable use of MD5 passwords], 4767 [ 4768 if test "x$withval" != "xno" ; then 4769 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4770 [Define if you want to allow MD5 passwords]) 4771 MD5_MSG="yes" 4772 fi 4773 ] 4774) 4775 4776# Whether to disable shadow password support 4777AC_ARG_WITH([shadow], 4778 [ --without-shadow Disable shadow password support], 4779 [ 4780 if test "x$withval" = "xno" ; then 4781 AC_DEFINE([DISABLE_SHADOW]) 4782 disable_shadow=yes 4783 fi 4784 ] 4785) 4786 4787if test -z "$disable_shadow" ; then 4788 AC_MSG_CHECKING([if the systems has expire shadow information]) 4789 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4790#include <sys/types.h> 4791#include <shadow.h> 4792struct spwd sp; 4793 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4794 [ sp_expire_available=yes ], [ 4795 ]) 4796 4797 if test "x$sp_expire_available" = "xyes" ; then 4798 AC_MSG_RESULT([yes]) 4799 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4800 [Define if you want to use shadow password expire field]) 4801 else 4802 AC_MSG_RESULT([no]) 4803 fi 4804fi 4805 4806# Use ip address instead of hostname in $DISPLAY 4807if test ! -z "$IPADDR_IN_DISPLAY" ; then 4808 DISPLAY_HACK_MSG="yes" 4809 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4810 [Define if you need to use IP address 4811 instead of hostname in $DISPLAY]) 4812else 4813 DISPLAY_HACK_MSG="no" 4814 AC_ARG_WITH([ipaddr-display], 4815 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4816 [ 4817 if test "x$withval" != "xno" ; then 4818 AC_DEFINE([IPADDR_IN_DISPLAY]) 4819 DISPLAY_HACK_MSG="yes" 4820 fi 4821 ] 4822 ) 4823fi 4824 4825# check for /etc/default/login and use it if present. 4826AC_ARG_ENABLE([etc-default-login], 4827 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4828 [ if test "x$enableval" = "xno"; then 4829 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4830 etc_default_login=no 4831 else 4832 etc_default_login=yes 4833 fi ], 4834 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4835 then 4836 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4837 etc_default_login=no 4838 else 4839 etc_default_login=yes 4840 fi ] 4841) 4842 4843if test "x$etc_default_login" != "xno"; then 4844 AC_CHECK_FILE(["/etc/default/login"], 4845 [ external_path_file=/etc/default/login ]) 4846 if test "x$external_path_file" = "x/etc/default/login"; then 4847 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4848 [Define if your system has /etc/default/login]) 4849 fi 4850fi 4851 4852dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4853if test $ac_cv_func_login_getcapbool = "yes" && \ 4854 test $ac_cv_header_login_cap_h = "yes" ; then 4855 external_path_file=/etc/login.conf 4856fi 4857 4858# Whether to mess with the default path 4859SERVER_PATH_MSG="(default)" 4860AC_ARG_WITH([default-path], 4861 [ --with-default-path= Specify default $PATH environment for server], 4862 [ 4863 if test "x$external_path_file" = "x/etc/login.conf" ; then 4864 AC_MSG_WARN([ 4865--with-default-path=PATH has no effect on this system. 4866Edit /etc/login.conf instead.]) 4867 elif test "x$withval" != "xno" ; then 4868 if test ! -z "$external_path_file" ; then 4869 AC_MSG_WARN([ 4870--with-default-path=PATH will only be used if PATH is not defined in 4871$external_path_file .]) 4872 fi 4873 user_path="$withval" 4874 SERVER_PATH_MSG="$withval" 4875 fi 4876 ], 4877 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4878 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4879 else 4880 if test ! -z "$external_path_file" ; then 4881 AC_MSG_WARN([ 4882If PATH is defined in $external_path_file, ensure the path to scp is included, 4883otherwise scp will not work.]) 4884 fi 4885 AC_RUN_IFELSE( 4886 [AC_LANG_PROGRAM([[ 4887/* find out what STDPATH is */ 4888#include <stdio.h> 4889#ifdef HAVE_PATHS_H 4890# include <paths.h> 4891#endif 4892#ifndef _PATH_STDPATH 4893# ifdef _PATH_USERPATH /* Irix */ 4894# define _PATH_STDPATH _PATH_USERPATH 4895# else 4896# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4897# endif 4898#endif 4899#include <sys/types.h> 4900#include <sys/stat.h> 4901#include <fcntl.h> 4902#define DATA "conftest.stdpath" 4903 ]], [[ 4904 FILE *fd; 4905 int rc; 4906 4907 fd = fopen(DATA,"w"); 4908 if(fd == NULL) 4909 exit(1); 4910 4911 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4912 exit(1); 4913 4914 exit(0); 4915 ]])], 4916 [ user_path=`cat conftest.stdpath` ], 4917 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4918 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4919 ) 4920# make sure $bindir is in USER_PATH so scp will work 4921 t_bindir="${bindir}" 4922 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4923 t_bindir=`eval echo ${t_bindir}` 4924 case $t_bindir in 4925 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4926 esac 4927 case $t_bindir in 4928 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4929 esac 4930 done 4931 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4932 if test $? -ne 0 ; then 4933 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4934 if test $? -ne 0 ; then 4935 user_path=$user_path:$t_bindir 4936 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4937 fi 4938 fi 4939 fi ] 4940) 4941if test "x$external_path_file" != "x/etc/login.conf" ; then 4942 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4943 AC_SUBST([user_path]) 4944fi 4945 4946# Set superuser path separately to user path 4947AC_ARG_WITH([superuser-path], 4948 [ --with-superuser-path= Specify different path for super-user], 4949 [ 4950 if test -n "$withval" && test "x$withval" != "xno" && \ 4951 test "x${withval}" != "xyes"; then 4952 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4953 [Define if you want a different $PATH 4954 for the superuser]) 4955 superuser_path=$withval 4956 fi 4957 ] 4958) 4959 4960 4961AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4962IPV4_IN6_HACK_MSG="no" 4963AC_ARG_WITH(4in6, 4964 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4965 [ 4966 if test "x$withval" != "xno" ; then 4967 AC_MSG_RESULT([yes]) 4968 AC_DEFINE([IPV4_IN_IPV6], [1], 4969 [Detect IPv4 in IPv6 mapped addresses 4970 and treat as IPv4]) 4971 IPV4_IN6_HACK_MSG="yes" 4972 else 4973 AC_MSG_RESULT([no]) 4974 fi 4975 ], [ 4976 if test "x$inet6_default_4in6" = "xyes"; then 4977 AC_MSG_RESULT([yes (default)]) 4978 AC_DEFINE([IPV4_IN_IPV6]) 4979 IPV4_IN6_HACK_MSG="yes" 4980 else 4981 AC_MSG_RESULT([no (default)]) 4982 fi 4983 ] 4984) 4985 4986# Whether to enable BSD auth support 4987BSD_AUTH_MSG=no 4988AC_ARG_WITH([bsd-auth], 4989 [ --with-bsd-auth Enable BSD auth support], 4990 [ 4991 if test "x$withval" != "xno" ; then 4992 AC_DEFINE([BSD_AUTH], [1], 4993 [Define if you have BSD auth support]) 4994 BSD_AUTH_MSG=yes 4995 fi 4996 ] 4997) 4998 4999# Where to place sshd.pid 5000piddir=/var/run 5001# make sure the directory exists 5002if test ! -d $piddir ; then 5003 piddir=`eval echo ${sysconfdir}` 5004 case $piddir in 5005 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5006 esac 5007fi 5008 5009AC_ARG_WITH([pid-dir], 5010 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5011 [ 5012 if test -n "$withval" && test "x$withval" != "xno" && \ 5013 test "x${withval}" != "xyes"; then 5014 piddir=$withval 5015 if test ! -d $piddir ; then 5016 AC_MSG_WARN([** no $piddir directory on this system **]) 5017 fi 5018 fi 5019 ] 5020) 5021 5022AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5023 [Specify location of ssh.pid]) 5024AC_SUBST([piddir]) 5025 5026dnl allow user to disable some login recording features 5027AC_ARG_ENABLE([lastlog], 5028 [ --disable-lastlog disable use of lastlog even if detected [no]], 5029 [ 5030 if test "x$enableval" = "xno" ; then 5031 AC_DEFINE([DISABLE_LASTLOG]) 5032 fi 5033 ] 5034) 5035AC_ARG_ENABLE([utmp], 5036 [ --disable-utmp disable use of utmp even if detected [no]], 5037 [ 5038 if test "x$enableval" = "xno" ; then 5039 AC_DEFINE([DISABLE_UTMP]) 5040 fi 5041 ] 5042) 5043AC_ARG_ENABLE([utmpx], 5044 [ --disable-utmpx disable use of utmpx even if detected [no]], 5045 [ 5046 if test "x$enableval" = "xno" ; then 5047 AC_DEFINE([DISABLE_UTMPX], [1], 5048 [Define if you don't want to use utmpx]) 5049 fi 5050 ] 5051) 5052AC_ARG_ENABLE([wtmp], 5053 [ --disable-wtmp disable use of wtmp even if detected [no]], 5054 [ 5055 if test "x$enableval" = "xno" ; then 5056 AC_DEFINE([DISABLE_WTMP]) 5057 fi 5058 ] 5059) 5060AC_ARG_ENABLE([wtmpx], 5061 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5062 [ 5063 if test "x$enableval" = "xno" ; then 5064 AC_DEFINE([DISABLE_WTMPX], [1], 5065 [Define if you don't want to use wtmpx]) 5066 fi 5067 ] 5068) 5069AC_ARG_ENABLE([libutil], 5070 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5071 [ 5072 if test "x$enableval" = "xno" ; then 5073 AC_DEFINE([DISABLE_LOGIN]) 5074 fi 5075 ] 5076) 5077AC_ARG_ENABLE([pututline], 5078 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5079 [ 5080 if test "x$enableval" = "xno" ; then 5081 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5082 [Define if you don't want to use pututline() 5083 etc. to write [uw]tmp]) 5084 fi 5085 ] 5086) 5087AC_ARG_ENABLE([pututxline], 5088 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5089 [ 5090 if test "x$enableval" = "xno" ; then 5091 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5092 [Define if you don't want to use pututxline() 5093 etc. to write [uw]tmpx]) 5094 fi 5095 ] 5096) 5097AC_ARG_WITH([lastlog], 5098 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5099 [ 5100 if test "x$withval" = "xno" ; then 5101 AC_DEFINE([DISABLE_LASTLOG]) 5102 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5103 conf_lastlog_location=$withval 5104 fi 5105 ] 5106) 5107 5108dnl lastlog, [uw]tmpx? detection 5109dnl NOTE: set the paths in the platform section to avoid the 5110dnl need for command-line parameters 5111dnl lastlog and [uw]tmp are subject to a file search if all else fails 5112 5113dnl lastlog detection 5114dnl NOTE: the code itself will detect if lastlog is a directory 5115AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5116AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5117#include <sys/types.h> 5118#include <utmp.h> 5119#ifdef HAVE_LASTLOG_H 5120# include <lastlog.h> 5121#endif 5122#ifdef HAVE_PATHS_H 5123# include <paths.h> 5124#endif 5125#ifdef HAVE_LOGIN_H 5126# include <login.h> 5127#endif 5128 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5129 [ AC_MSG_RESULT([yes]) ], 5130 [ 5131 AC_MSG_RESULT([no]) 5132 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5133 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5134#include <sys/types.h> 5135#include <utmp.h> 5136#ifdef HAVE_LASTLOG_H 5137# include <lastlog.h> 5138#endif 5139#ifdef HAVE_PATHS_H 5140# include <paths.h> 5141#endif 5142 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5143 [ AC_MSG_RESULT([yes]) ], 5144 [ 5145 AC_MSG_RESULT([no]) 5146 system_lastlog_path=no 5147 ]) 5148]) 5149 5150if test -z "$conf_lastlog_location"; then 5151 if test x"$system_lastlog_path" = x"no" ; then 5152 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5153 if (test -d "$f" || test -f "$f") ; then 5154 conf_lastlog_location=$f 5155 fi 5156 done 5157 if test -z "$conf_lastlog_location"; then 5158 AC_MSG_WARN([** Cannot find lastlog **]) 5159 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5160 fi 5161 fi 5162fi 5163 5164if test -n "$conf_lastlog_location"; then 5165 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5166 [Define if you want to specify the path to your lastlog file]) 5167fi 5168 5169dnl utmp detection 5170AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5171AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5172#include <sys/types.h> 5173#include <utmp.h> 5174#ifdef HAVE_PATHS_H 5175# include <paths.h> 5176#endif 5177 ]], [[ char *utmp = UTMP_FILE; ]])], 5178 [ AC_MSG_RESULT([yes]) ], 5179 [ AC_MSG_RESULT([no]) 5180 system_utmp_path=no 5181]) 5182if test -z "$conf_utmp_location"; then 5183 if test x"$system_utmp_path" = x"no" ; then 5184 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5185 if test -f $f ; then 5186 conf_utmp_location=$f 5187 fi 5188 done 5189 if test -z "$conf_utmp_location"; then 5190 AC_DEFINE([DISABLE_UTMP]) 5191 fi 5192 fi 5193fi 5194if test -n "$conf_utmp_location"; then 5195 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5196 [Define if you want to specify the path to your utmp file]) 5197fi 5198 5199dnl wtmp detection 5200AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5201AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5202#include <sys/types.h> 5203#include <utmp.h> 5204#ifdef HAVE_PATHS_H 5205# include <paths.h> 5206#endif 5207 ]], [[ char *wtmp = WTMP_FILE; ]])], 5208 [ AC_MSG_RESULT([yes]) ], 5209 [ AC_MSG_RESULT([no]) 5210 system_wtmp_path=no 5211]) 5212if test -z "$conf_wtmp_location"; then 5213 if test x"$system_wtmp_path" = x"no" ; then 5214 for f in /usr/adm/wtmp /var/log/wtmp; do 5215 if test -f $f ; then 5216 conf_wtmp_location=$f 5217 fi 5218 done 5219 if test -z "$conf_wtmp_location"; then 5220 AC_DEFINE([DISABLE_WTMP]) 5221 fi 5222 fi 5223fi 5224if test -n "$conf_wtmp_location"; then 5225 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5226 [Define if you want to specify the path to your wtmp file]) 5227fi 5228 5229dnl wtmpx detection 5230AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5231AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5232#include <sys/types.h> 5233#include <utmp.h> 5234#ifdef HAVE_UTMPX_H 5235#include <utmpx.h> 5236#endif 5237#ifdef HAVE_PATHS_H 5238# include <paths.h> 5239#endif 5240 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5241 [ AC_MSG_RESULT([yes]) ], 5242 [ AC_MSG_RESULT([no]) 5243 system_wtmpx_path=no 5244]) 5245if test -z "$conf_wtmpx_location"; then 5246 if test x"$system_wtmpx_path" = x"no" ; then 5247 AC_DEFINE([DISABLE_WTMPX]) 5248 fi 5249else 5250 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5251 [Define if you want to specify the path to your wtmpx file]) 5252fi 5253 5254 5255if test ! -z "$blibpath" ; then 5256 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5257 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5258fi 5259 5260AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5261 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5262 AC_DEFINE([DISABLE_LASTLOG]) 5263 fi 5264 ], [ 5265#ifdef HAVE_SYS_TYPES_H 5266#include <sys/types.h> 5267#endif 5268#ifdef HAVE_UTMP_H 5269#include <utmp.h> 5270#endif 5271#ifdef HAVE_UTMPX_H 5272#include <utmpx.h> 5273#endif 5274#ifdef HAVE_LASTLOG_H 5275#include <lastlog.h> 5276#endif 5277 ]) 5278 5279AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5280 AC_DEFINE([DISABLE_UTMP]) 5281 AC_DEFINE([DISABLE_WTMP]) 5282 ], [ 5283#ifdef HAVE_SYS_TYPES_H 5284#include <sys/types.h> 5285#endif 5286#ifdef HAVE_UTMP_H 5287#include <utmp.h> 5288#endif 5289#ifdef HAVE_UTMPX_H 5290#include <utmpx.h> 5291#endif 5292#ifdef HAVE_LASTLOG_H 5293#include <lastlog.h> 5294#endif 5295 ]) 5296 5297dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5298dnl Add now. 5299CFLAGS="$CFLAGS $werror_flags" 5300 5301if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5302 TEST_SSH_IPV6=no 5303else 5304 TEST_SSH_IPV6=yes 5305fi 5306AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5307AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5308AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5309AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5310AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5311AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5312 5313CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5314LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5315 5316AC_EXEEXT 5317AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5318 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5319 survey.sh]) 5320AC_OUTPUT 5321 5322# Print summary of options 5323 5324# Someone please show me a better way :) 5325A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5326B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5327C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5328D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5329E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5330F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5331G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5332H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5333I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5334J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5335 5336echo "" 5337echo "OpenSSH has been configured with the following options:" 5338echo " User binaries: $B" 5339echo " System binaries: $C" 5340echo " Configuration files: $D" 5341echo " Askpass program: $E" 5342echo " Manual pages: $F" 5343echo " PID file: $G" 5344echo " Privilege separation chroot path: $H" 5345if test "x$external_path_file" = "x/etc/login.conf" ; then 5346echo " At runtime, sshd will use the path defined in $external_path_file" 5347echo " Make sure the path to scp is present, otherwise scp will not work" 5348else 5349echo " sshd default user PATH: $I" 5350 if test ! -z "$external_path_file"; then 5351echo " (If PATH is set in $external_path_file it will be used instead. If" 5352echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5353 fi 5354fi 5355if test ! -z "$superuser_path" ; then 5356echo " sshd superuser user PATH: $J" 5357fi 5358echo " Manpage format: $MANTYPE" 5359echo " PAM support: $PAM_MSG" 5360echo " OSF SIA support: $SIA_MSG" 5361echo " KerberosV support: $KRB5_MSG" 5362echo " SELinux support: $SELINUX_MSG" 5363echo " TCP Wrappers support: $TCPW_MSG" 5364echo " MD5 password support: $MD5_MSG" 5365echo " libedit support: $LIBEDIT_MSG" 5366echo " libldns support: $LDNS_MSG" 5367echo " Solaris process contract support: $SPC_MSG" 5368echo " Solaris project support: $SP_MSG" 5369echo " Solaris privilege support: $SPP_MSG" 5370echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5371echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5372echo " BSD Auth support: $BSD_AUTH_MSG" 5373echo " Random number source: $RAND_MSG" 5374echo " Privsep sandbox style: $SANDBOX_STYLE" 5375 5376echo "" 5377 5378echo " Host: ${host}" 5379echo " Compiler: ${CC}" 5380echo " Compiler flags: ${CFLAGS}" 5381echo "Preprocessor flags: ${CPPFLAGS}" 5382echo " Linker flags: ${LDFLAGS}" 5383echo " Libraries: ${LIBS}" 5384if test ! -z "${SSHDLIBS}"; then 5385echo " +for sshd: ${SSHDLIBS}" 5386fi 5387if test ! -z "${SSHLIBS}"; then 5388echo " +for ssh: ${SSHLIBS}" 5389fi 5390 5391echo "" 5392 5393if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5394 echo "SVR4 style packages are supported with \"make package\"" 5395 echo "" 5396fi 5397 5398if test "x$PAM_MSG" = "xyes" ; then 5399 echo "PAM is enabled. You may need to install a PAM control file " 5400 echo "for sshd, otherwise password authentication may fail. " 5401 echo "Example PAM control files can be found in the contrib/ " 5402 echo "subdirectory" 5403 echo "" 5404fi 5405 5406if test ! -z "$NO_PEERCHECK" ; then 5407 echo "WARNING: the operating system that you are using does not" 5408 echo "appear to support getpeereid(), getpeerucred() or the" 5409 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5410 echo "enforce security checks to prevent unauthorised connections to" 5411 echo "ssh-agent. Their absence increases the risk that a malicious" 5412 echo "user can connect to your agent." 5413 echo "" 5414fi 5415 5416if test "$AUDIT_MODULE" = "bsm" ; then 5417 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5418 echo "See the Solaris section in README.platform for details." 5419fi 5420