1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ 2# $FreeBSD$ 3# 4# Copyright (c) 1999-2004 Damien Miller 5# 6# Permission to use, copy, modify, and distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 19AC_REVISION($Revision: 1.583 $) 20AC_CONFIG_SRCDIR([ssh.c]) 21AC_LANG([C]) 22 23AC_CONFIG_HEADER([config.h]) 24AC_PROG_CC 25AC_CANONICAL_HOST 26AC_C_BIGENDIAN 27 28# Checks for programs. 29AC_PROG_AWK 30AC_PROG_CPP 31AC_PROG_RANLIB 32AC_PROG_INSTALL 33AC_PROG_EGREP 34AC_CHECK_TOOLS([AR], [ar]) 35AC_PATH_PROG([CAT], [cat]) 36AC_PATH_PROG([KILL], [kill]) 37AC_PATH_PROGS([PERL], [perl5 perl]) 38AC_PATH_PROG([SED], [sed]) 39AC_SUBST([PERL]) 40AC_PATH_PROG([ENT], [ent]) 41AC_SUBST([ENT]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 44AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 45AC_PATH_PROG([SH], [sh]) 46AC_PATH_PROG([GROFF], [groff]) 47AC_PATH_PROG([NROFF], [nroff]) 48AC_PATH_PROG([MANDOC], [mandoc]) 49AC_SUBST([TEST_SHELL], [sh]) 50 51dnl select manpage formatter 52if test "x$MANDOC" != "x" ; then 53 MANFMT="$MANDOC" 54elif test "x$NROFF" != "x" ; then 55 MANFMT="$NROFF -mandoc" 56elif test "x$GROFF" != "x" ; then 57 MANFMT="$GROFF -mandoc -Tascii" 58else 59 AC_MSG_WARN([no manpage formatted found]) 60 MANFMT="false" 61fi 62AC_SUBST([MANFMT]) 63 64dnl for buildpkg.sh 65AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 66 [/usr/sbin${PATH_SEPARATOR}/etc]) 67AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 68 [/usr/sbin${PATH_SEPARATOR}/etc]) 69AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 70if test -x /sbin/sh; then 71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 72else 73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 74fi 75 76# System features 77AC_SYS_LARGEFILE 78 79if test -z "$AR" ; then 80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 81fi 82 83AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 84if test ! -z "$PATH_PASSWD_PROG" ; then 85 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 86 [Full path of your "passwd" program]) 87fi 88 89if test -z "$LD" ; then 90 LD=$CC 91fi 92AC_SUBST([LD]) 93 94AC_C_INLINE 95 96AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 97AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 98 #include <sys/types.h> 99 #include <sys/param.h> 100 #include <dev/systrace.h> 101]) 102AC_CHECK_DECL([RLIMIT_NPROC], 103 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 104 #include <sys/types.h> 105 #include <sys/resource.h> 106]) 107AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 108 #include <sys/types.h> 109 #include <linux/prctl.h> 110]) 111 112openssl=yes 113ssh1=no 114COMMENT_OUT_RSA1="#no ssh1#" 115AC_ARG_WITH([openssl], 116 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 117 [ if test "x$withval" = "xno" ; then 118 openssl=no 119 ssh1=no 120 fi 121 ] 122) 123AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 124if test "x$openssl" = "xyes" ; then 125 AC_MSG_RESULT([yes]) 126 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 127else 128 AC_MSG_RESULT([no]) 129fi 130 131AC_ARG_WITH([ssh1], 132 [ --with-ssh1 Enable support for SSH protocol 1], 133 [ 134 if test "x$withval" = "xyes" ; then 135 if test "x$openssl" = "xno" ; then 136 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) 137 fi 138 ssh1=yes 139 COMMENT_OUT_RSA1="" 140 elif test "x$withval" = "xno" ; then 141 ssh1=no 142 else 143 AC_MSG_ERROR([unknown --with-ssh1 argument]) 144 fi 145 ] 146) 147AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) 148if test "x$ssh1" = "xyes" ; then 149 AC_MSG_RESULT([yes]) 150 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) 151 AC_SUBST([COMMENT_OUT_RSA1]) 152else 153 AC_MSG_RESULT([no]) 154fi 155 156use_stack_protector=1 157use_toolchain_hardening=1 158AC_ARG_WITH([stackprotect], 159 [ --without-stackprotect Don't use compiler's stack protection], [ 160 if test "x$withval" = "xno"; then 161 use_stack_protector=0 162 fi ]) 163AC_ARG_WITH([hardening], 164 [ --without-hardening Don't use toolchain hardening flags], [ 165 if test "x$withval" = "xno"; then 166 use_toolchain_hardening=0 167 fi ]) 168 169# We use -Werror for the tests only so that we catch warnings like "this is 170# on by default" for things like -fPIE. 171AC_MSG_CHECKING([if $CC supports -Werror]) 172saved_CFLAGS="$CFLAGS" 173CFLAGS="$CFLAGS -Werror" 174AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 175 [ AC_MSG_RESULT([yes]) 176 WERROR="-Werror"], 177 [ AC_MSG_RESULT([no]) 178 WERROR="" ] 179) 180CFLAGS="$saved_CFLAGS" 181 182if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 183 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 184 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 185 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 186 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 187 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 188 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 189 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 190 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 191 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 192 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 193 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 194 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 195 if test "x$use_toolchain_hardening" = "x1"; then 196 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 197 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 198 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 199 # NB. -ftrapv expects certain support functions to be present in 200 # the compiler library (libgcc or similar) to detect integer operations 201 # that can overflow. We must check that the result of enabling it 202 # actually links. The test program compiled/linked includes a number 203 # of integer operations that should exercise this. 204 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 205 fi 206 AC_MSG_CHECKING([gcc version]) 207 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 208 case $GCC_VER in 209 1.*) no_attrib_nonnull=1 ;; 210 2.8* | 2.9*) 211 no_attrib_nonnull=1 212 ;; 213 2.*) no_attrib_nonnull=1 ;; 214 *) ;; 215 esac 216 AC_MSG_RESULT([$GCC_VER]) 217 218 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 219 saved_CFLAGS="$CFLAGS" 220 CFLAGS="$CFLAGS -fno-builtin-memset" 221 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 222 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 223 [ AC_MSG_RESULT([yes]) ], 224 [ AC_MSG_RESULT([no]) 225 CFLAGS="$saved_CFLAGS" ] 226 ) 227 228 # -fstack-protector-all doesn't always work for some GCC versions 229 # and/or platforms, so we test if we can. If it's not supported 230 # on a given platform gcc will emit a warning so we use -Werror. 231 if test "x$use_stack_protector" = "x1"; then 232 for t in -fstack-protector-strong -fstack-protector-all \ 233 -fstack-protector; do 234 AC_MSG_CHECKING([if $CC supports $t]) 235 saved_CFLAGS="$CFLAGS" 236 saved_LDFLAGS="$LDFLAGS" 237 CFLAGS="$CFLAGS $t -Werror" 238 LDFLAGS="$LDFLAGS $t -Werror" 239 AC_LINK_IFELSE( 240 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 241 [[ 242 char x[256]; 243 snprintf(x, sizeof(x), "XXX"); 244 ]])], 245 [ AC_MSG_RESULT([yes]) 246 CFLAGS="$saved_CFLAGS $t" 247 LDFLAGS="$saved_LDFLAGS $t" 248 AC_MSG_CHECKING([if $t works]) 249 AC_RUN_IFELSE( 250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 251 [[ 252 char x[256]; 253 snprintf(x, sizeof(x), "XXX"); 254 ]])], 255 [ AC_MSG_RESULT([yes]) 256 break ], 257 [ AC_MSG_RESULT([no]) ], 258 [ AC_MSG_WARN([cross compiling: cannot test]) 259 break ] 260 ) 261 ], 262 [ AC_MSG_RESULT([no]) ] 263 ) 264 CFLAGS="$saved_CFLAGS" 265 LDFLAGS="$saved_LDFLAGS" 266 done 267 fi 268 269 if test -z "$have_llong_max"; then 270 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 271 unset ac_cv_have_decl_LLONG_MAX 272 saved_CFLAGS="$CFLAGS" 273 CFLAGS="$CFLAGS -std=gnu99" 274 AC_CHECK_DECL([LLONG_MAX], 275 [have_llong_max=1], 276 [CFLAGS="$saved_CFLAGS"], 277 [#include <limits.h>] 278 ) 279 fi 280fi 281 282AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 283AC_COMPILE_IFELSE( 284 [AC_LANG_PROGRAM([[ 285#include <stdlib.h> 286__attribute__((__unused__)) static void foo(void){return;}]], 287 [[ exit(0); ]])], 288 [ AC_MSG_RESULT([yes]) ], 289 [ AC_MSG_RESULT([no]) 290 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 291 [compiler does not accept __attribute__ on return types]) ] 292) 293 294if test "x$no_attrib_nonnull" != "x1" ; then 295 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 296fi 297 298AC_ARG_WITH([rpath], 299 [ --without-rpath Disable auto-added -R linker paths], 300 [ 301 if test "x$withval" = "xno" ; then 302 need_dash_r="" 303 fi 304 if test "x$withval" = "xyes" ; then 305 need_dash_r=1 306 fi 307 ] 308) 309 310# Allow user to specify flags 311AC_ARG_WITH([cflags], 312 [ --with-cflags Specify additional flags to pass to compiler], 313 [ 314 if test -n "$withval" && test "x$withval" != "xno" && \ 315 test "x${withval}" != "xyes"; then 316 CFLAGS="$CFLAGS $withval" 317 fi 318 ] 319) 320AC_ARG_WITH([cppflags], 321 [ --with-cppflags Specify additional flags to pass to preprocessor] , 322 [ 323 if test -n "$withval" && test "x$withval" != "xno" && \ 324 test "x${withval}" != "xyes"; then 325 CPPFLAGS="$CPPFLAGS $withval" 326 fi 327 ] 328) 329AC_ARG_WITH([ldflags], 330 [ --with-ldflags Specify additional flags to pass to linker], 331 [ 332 if test -n "$withval" && test "x$withval" != "xno" && \ 333 test "x${withval}" != "xyes"; then 334 LDFLAGS="$LDFLAGS $withval" 335 fi 336 ] 337) 338AC_ARG_WITH([libs], 339 [ --with-libs Specify additional libraries to link with], 340 [ 341 if test -n "$withval" && test "x$withval" != "xno" && \ 342 test "x${withval}" != "xyes"; then 343 LIBS="$LIBS $withval" 344 fi 345 ] 346) 347AC_ARG_WITH([Werror], 348 [ --with-Werror Build main code with -Werror], 349 [ 350 if test -n "$withval" && test "x$withval" != "xno"; then 351 werror_flags="-Werror" 352 if test "x${withval}" != "xyes"; then 353 werror_flags="$withval" 354 fi 355 fi 356 ] 357) 358 359AC_CHECK_HEADERS([ \ 360 blf.h \ 361 bstring.h \ 362 crypt.h \ 363 crypto/sha2.h \ 364 dirent.h \ 365 endian.h \ 366 elf.h \ 367 err.h \ 368 features.h \ 369 fcntl.h \ 370 floatingpoint.h \ 371 getopt.h \ 372 glob.h \ 373 ia.h \ 374 iaf.h \ 375 inttypes.h \ 376 langinfo.h \ 377 limits.h \ 378 locale.h \ 379 login.h \ 380 maillock.h \ 381 ndir.h \ 382 net/if_tun.h \ 383 netdb.h \ 384 netgroup.h \ 385 pam/pam_appl.h \ 386 paths.h \ 387 poll.h \ 388 pty.h \ 389 readpassphrase.h \ 390 rpc/types.h \ 391 security/pam_appl.h \ 392 sha2.h \ 393 shadow.h \ 394 stddef.h \ 395 stdint.h \ 396 string.h \ 397 strings.h \ 398 sys/audit.h \ 399 sys/bitypes.h \ 400 sys/bsdtty.h \ 401 sys/cdefs.h \ 402 sys/dir.h \ 403 sys/mman.h \ 404 sys/ndir.h \ 405 sys/poll.h \ 406 sys/prctl.h \ 407 sys/pstat.h \ 408 sys/ptrace.h \ 409 sys/select.h \ 410 sys/stat.h \ 411 sys/stream.h \ 412 sys/stropts.h \ 413 sys/strtio.h \ 414 sys/statvfs.h \ 415 sys/sysmacros.h \ 416 sys/time.h \ 417 sys/timers.h \ 418 time.h \ 419 tmpdir.h \ 420 ttyent.h \ 421 ucred.h \ 422 unistd.h \ 423 usersec.h \ 424 util.h \ 425 utime.h \ 426 utmp.h \ 427 utmpx.h \ 428 vis.h \ 429 wchar.h \ 430]) 431 432# sys/capsicum.h requires sys/types.h 433AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 434#ifdef HAVE_SYS_TYPES_H 435# include <sys/types.h> 436#endif 437]) 438 439# lastlog.h requires sys/time.h to be included first on Solaris 440AC_CHECK_HEADERS([lastlog.h], [], [], [ 441#ifdef HAVE_SYS_TIME_H 442# include <sys/time.h> 443#endif 444]) 445 446# sys/ptms.h requires sys/stream.h to be included first on Solaris 447AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 448#ifdef HAVE_SYS_STREAM_H 449# include <sys/stream.h> 450#endif 451]) 452 453# login_cap.h requires sys/types.h on NetBSD 454AC_CHECK_HEADERS([login_cap.h], [], [], [ 455#include <sys/types.h> 456]) 457 458# older BSDs need sys/param.h before sys/mount.h 459AC_CHECK_HEADERS([sys/mount.h], [], [], [ 460#include <sys/param.h> 461]) 462 463# Android requires sys/socket.h to be included before sys/un.h 464AC_CHECK_HEADERS([sys/un.h], [], [], [ 465#include <sys/types.h> 466#include <sys/socket.h> 467]) 468 469# Messages for features tested for in target-specific section 470SIA_MSG="no" 471SPC_MSG="no" 472SP_MSG="no" 473SPP_MSG="no" 474 475# Support for Solaris/Illumos privileges (this test is used by both 476# the --with-solaris-privs option and --with-sandbox=solaris). 477SOLARIS_PRIVS="no" 478 479# Check for some target-specific stuff 480case "$host" in 481*-*-aix*) 482 # Some versions of VAC won't allow macro redefinitions at 483 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 484 # particularly with older versions of vac or xlc. 485 # It also throws errors about null macro argments, but these are 486 # not fatal. 487 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 488 AC_COMPILE_IFELSE( 489 [AC_LANG_PROGRAM([[ 490#define testmacro foo 491#define testmacro bar]], 492 [[ exit(0); ]])], 493 [ AC_MSG_RESULT([yes]) ], 494 [ AC_MSG_RESULT([no]) 495 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 496 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 497 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 498 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 499 ] 500 ) 501 502 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 503 if (test -z "$blibpath"); then 504 blibpath="/usr/lib:/lib" 505 fi 506 saved_LDFLAGS="$LDFLAGS" 507 if test "$GCC" = "yes"; then 508 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 509 else 510 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 511 fi 512 for tryflags in $flags ;do 513 if (test -z "$blibflags"); then 514 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 515 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 516 [blibflags=$tryflags], []) 517 fi 518 done 519 if (test -z "$blibflags"); then 520 AC_MSG_RESULT([not found]) 521 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 522 else 523 AC_MSG_RESULT([$blibflags]) 524 fi 525 LDFLAGS="$saved_LDFLAGS" 526 dnl Check for authenticate. Might be in libs.a on older AIXes 527 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 528 [Define if you want to enable AIX4's authenticate function])], 529 [AC_CHECK_LIB([s], [authenticate], 530 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 531 LIBS="$LIBS -ls" 532 ]) 533 ]) 534 dnl Check for various auth function declarations in headers. 535 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 536 passwdexpired, setauthdb], , , [#include <usersec.h>]) 537 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 538 AC_CHECK_DECLS([loginfailed], 539 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 540 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 541 [[ (void)loginfailed("user","host","tty",0); ]])], 542 [AC_MSG_RESULT([yes]) 543 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 544 [Define if your AIX loginfailed() function 545 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 546 ])], 547 [], 548 [#include <usersec.h>] 549 ) 550 AC_CHECK_FUNCS([getgrset setauthdb]) 551 AC_CHECK_DECL([F_CLOSEM], 552 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 553 [], 554 [ #include <limits.h> 555 #include <fcntl.h> ] 556 ) 557 check_for_aix_broken_getaddrinfo=1 558 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 559 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 560 [Define if your platform breaks doing a seteuid before a setuid]) 561 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 562 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 563 dnl AIX handles lastlog as part of its login message 564 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 565 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 566 [Some systems need a utmpx entry for /bin/login to work]) 567 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 568 [Define to a Set Process Title type if your system is 569 supported by bsd-setproctitle.c]) 570 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 571 [AIX 5.2 and 5.3 (and presumably newer) require this]) 572 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 573 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 574 ;; 575*-*-android*) 576 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 577 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 578 ;; 579*-*-cygwin*) 580 check_for_libcrypt_later=1 581 LIBS="$LIBS /usr/lib/textreadmode.o" 582 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 583 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 584 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 585 [Define to disable UID restoration test]) 586 AC_DEFINE([DISABLE_SHADOW], [1], 587 [Define if you want to disable shadow passwords]) 588 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 589 [Define if X11 doesn't support AF_UNIX sockets on that system]) 590 AC_DEFINE([DISABLE_FD_PASSING], [1], 591 [Define if your platform needs to skip post auth 592 file descriptor passing]) 593 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 594 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 595 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 596 # reasons which cause compile warnings, so we disable those warnings. 597 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 598 ;; 599*-*-dgux*) 600 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 601 [Define if your system choked on IP TOS setting]) 602 AC_DEFINE([SETEUID_BREAKS_SETUID]) 603 AC_DEFINE([BROKEN_SETREUID]) 604 AC_DEFINE([BROKEN_SETREGID]) 605 ;; 606*-*-darwin*) 607 use_pie=auto 608 AC_MSG_CHECKING([if we have working getaddrinfo]) 609 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 610main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 611 exit(0); 612 else 613 exit(1); 614} 615 ]])], 616 [AC_MSG_RESULT([working])], 617 [AC_MSG_RESULT([buggy]) 618 AC_DEFINE([BROKEN_GETADDRINFO], [1], 619 [getaddrinfo is broken (if present)]) 620 ], 621 [AC_MSG_RESULT([assume it is working])]) 622 AC_DEFINE([SETEUID_BREAKS_SETUID]) 623 AC_DEFINE([BROKEN_SETREUID]) 624 AC_DEFINE([BROKEN_SETREGID]) 625 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 626 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 627 [Define if your resolver libs need this for getrrsetbyname]) 628 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 629 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 630 [Use tunnel device compatibility to OpenBSD]) 631 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 632 [Prepend the address family to IP tunnel traffic]) 633 m4_pattern_allow([AU_IPv]) 634 AC_CHECK_DECL([AU_IPv4], [], 635 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 636 [#include <bsm/audit.h>] 637 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 638 [Define if pututxline updates lastlog too]) 639 ) 640 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 641 [Define to a Set Process Title type if your system is 642 supported by bsd-setproctitle.c]) 643 AC_CHECK_FUNCS([sandbox_init]) 644 AC_CHECK_HEADERS([sandbox.h]) 645 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 646 SSHDLIBS="$SSHDLIBS -lsandbox" 647 ]) 648 ;; 649*-*-dragonfly*) 650 SSHDLIBS="$SSHDLIBS -lcrypt" 651 TEST_MALLOC_OPTIONS="AFGJPRX" 652 ;; 653*-*-haiku*) 654 LIBS="$LIBS -lbsd " 655 AC_CHECK_LIB([network], [socket]) 656 AC_DEFINE([HAVE_U_INT64_T]) 657 MANTYPE=man 658 ;; 659*-*-hpux*) 660 # first we define all of the options common to all HP-UX releases 661 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 662 IPADDR_IN_DISPLAY=yes 663 AC_DEFINE([USE_PIPES]) 664 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 665 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 666 [String used in /etc/passwd to denote locked account]) 667 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 668 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 669 maildir="/var/mail" 670 LIBS="$LIBS -lsec" 671 AC_CHECK_LIB([xnet], [t_error], , 672 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 673 674 # next, we define all of the options specific to major releases 675 case "$host" in 676 *-*-hpux10*) 677 if test -z "$GCC"; then 678 CFLAGS="$CFLAGS -Ae" 679 fi 680 ;; 681 *-*-hpux11*) 682 AC_DEFINE([PAM_SUN_CODEBASE], [1], 683 [Define if you are using Solaris-derived PAM which 684 passes pam_messages to the conversation function 685 with an extra level of indirection]) 686 AC_DEFINE([DISABLE_UTMP], [1], 687 [Define if you don't want to use utmp]) 688 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 689 check_for_hpux_broken_getaddrinfo=1 690 check_for_conflicting_getspnam=1 691 ;; 692 esac 693 694 # lastly, we define options specific to minor releases 695 case "$host" in 696 *-*-hpux10.26) 697 AC_DEFINE([HAVE_SECUREWARE], [1], 698 [Define if you have SecureWare-based 699 protected password database]) 700 disable_ptmx_check=yes 701 LIBS="$LIBS -lsecpw" 702 ;; 703 esac 704 ;; 705*-*-irix5*) 706 PATH="$PATH:/usr/etc" 707 AC_DEFINE([BROKEN_INET_NTOA], [1], 708 [Define if you system's inet_ntoa is busted 709 (e.g. Irix gcc issue)]) 710 AC_DEFINE([SETEUID_BREAKS_SETUID]) 711 AC_DEFINE([BROKEN_SETREUID]) 712 AC_DEFINE([BROKEN_SETREGID]) 713 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 714 [Define if you shouldn't strip 'tty' from your 715 ttyname in [uw]tmp]) 716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 717 ;; 718*-*-irix6*) 719 PATH="$PATH:/usr/etc" 720 AC_DEFINE([WITH_IRIX_ARRAY], [1], 721 [Define if you have/want arrays 722 (cluster-wide session managment, not C arrays)]) 723 AC_DEFINE([WITH_IRIX_PROJECT], [1], 724 [Define if you want IRIX project management]) 725 AC_DEFINE([WITH_IRIX_AUDIT], [1], 726 [Define if you want IRIX audit trails]) 727 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 728 [Define if you want IRIX kernel jobs])]) 729 AC_DEFINE([BROKEN_INET_NTOA]) 730 AC_DEFINE([SETEUID_BREAKS_SETUID]) 731 AC_DEFINE([BROKEN_SETREUID]) 732 AC_DEFINE([BROKEN_SETREGID]) 733 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 734 AC_DEFINE([WITH_ABBREV_NO_TTY]) 735 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 736 ;; 737*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 738 check_for_libcrypt_later=1 739 AC_DEFINE([PAM_TTY_KLUDGE]) 740 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 741 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 742 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 743 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 744 ;; 745*-*-linux*) 746 no_dev_ptmx=1 747 use_pie=auto 748 check_for_libcrypt_later=1 749 check_for_openpty_ctty_bug=1 750 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 751 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 752 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 753 AC_DEFINE([PAM_TTY_KLUDGE], [1], 754 [Work around problematic Linux PAM modules handling of PAM_TTY]) 755 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 756 [String used in /etc/passwd to denote locked account]) 757 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 758 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 759 [Define to whatever link() returns for "not supported" 760 if it doesn't return EOPNOTSUPP.]) 761 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 762 AC_DEFINE([USE_BTMP]) 763 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 764 inet6_default_4in6=yes 765 case `uname -r` in 766 1.*|2.0.*) 767 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 768 [Define if cmsg_type is not passed correctly]) 769 ;; 770 esac 771 # tun(4) forwarding compat code 772 AC_CHECK_HEADERS([linux/if_tun.h]) 773 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 774 AC_DEFINE([SSH_TUN_LINUX], [1], 775 [Open tunnel devices the Linux tun/tap way]) 776 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 777 [Use tunnel device compatibility to OpenBSD]) 778 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 779 [Prepend the address family to IP tunnel traffic]) 780 fi 781 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 782 [], [#include <linux/types.h>]) 783 AC_MSG_CHECKING([for seccomp architecture]) 784 seccomp_audit_arch= 785 case "$host" in 786 x86_64-*) 787 seccomp_audit_arch=AUDIT_ARCH_X86_64 788 ;; 789 i*86-*) 790 seccomp_audit_arch=AUDIT_ARCH_I386 791 ;; 792 arm*-*) 793 seccomp_audit_arch=AUDIT_ARCH_ARM 794 ;; 795 aarch64*-*) 796 seccomp_audit_arch=AUDIT_ARCH_AARCH64 797 ;; 798 s390x-*) 799 seccomp_audit_arch=AUDIT_ARCH_S390X 800 ;; 801 s390-*) 802 seccomp_audit_arch=AUDIT_ARCH_S390 803 ;; 804 powerpc64-*) 805 seccomp_audit_arch=AUDIT_ARCH_PPC64 806 ;; 807 powerpc64le-*) 808 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 809 ;; 810 mips-*) 811 seccomp_audit_arch=AUDIT_ARCH_MIPS 812 ;; 813 mipsel-*) 814 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 815 ;; 816 mips64-*) 817 seccomp_audit_arch=AUDIT_ARCH_MIPS64 818 ;; 819 mips64el-*) 820 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 821 ;; 822 esac 823 if test "x$seccomp_audit_arch" != "x" ; then 824 AC_MSG_RESULT(["$seccomp_audit_arch"]) 825 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 826 [Specify the system call convention in use]) 827 else 828 AC_MSG_RESULT([architecture not supported]) 829 fi 830 ;; 831mips-sony-bsd|mips-sony-newsos4) 832 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 833 SONY=1 834 ;; 835*-*-netbsd*) 836 check_for_libcrypt_before=1 837 if test "x$withval" != "xno" ; then 838 need_dash_r=1 839 fi 840 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 841 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 842 AC_CHECK_HEADER([net/if_tap.h], , 843 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 844 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 845 [Prepend the address family to IP tunnel traffic]) 846 TEST_MALLOC_OPTIONS="AJRX" 847 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 848 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 849 ;; 850*-*-freebsd*) 851 check_for_libcrypt_later=1 852 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 853 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 854 AC_CHECK_HEADER([net/if_tap.h], , 855 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 856 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 857 TEST_MALLOC_OPTIONS="AJRX" 858 # Preauth crypto occasionally uses file descriptors for crypto offload 859 # and will crash if they cannot be opened. 860 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 861 [define if setrlimit RLIMIT_NOFILE breaks things]) 862 ;; 863*-*-bsdi*) 864 AC_DEFINE([SETEUID_BREAKS_SETUID]) 865 AC_DEFINE([BROKEN_SETREUID]) 866 AC_DEFINE([BROKEN_SETREGID]) 867 ;; 868*-next-*) 869 conf_lastlog_location="/usr/adm/lastlog" 870 conf_utmp_location=/etc/utmp 871 conf_wtmp_location=/usr/adm/wtmp 872 maildir=/usr/spool/mail 873 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 874 AC_DEFINE([BROKEN_REALPATH]) 875 AC_DEFINE([USE_PIPES]) 876 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 877 ;; 878*-*-openbsd*) 879 use_pie=auto 880 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 881 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 882 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 883 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 884 [syslog_r function is safe to use in in a signal handler]) 885 TEST_MALLOC_OPTIONS="AFGJPRX" 886 ;; 887*-*-solaris*) 888 if test "x$withval" != "xno" ; then 889 need_dash_r=1 890 fi 891 AC_DEFINE([PAM_SUN_CODEBASE]) 892 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 893 AC_DEFINE([PAM_TTY_KLUDGE]) 894 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 895 [Define if pam_chauthtok wants real uid set 896 to the unpriv'ed user]) 897 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 898 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 899 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 900 [Define if sshd somehow reacquires a controlling TTY 901 after setsid()]) 902 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 903 in case the name is longer than 8 chars]) 904 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 905 external_path_file=/etc/default/login 906 # hardwire lastlog location (can't detect it on some versions) 907 conf_lastlog_location="/var/adm/lastlog" 908 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 909 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 910 if test "$sol2ver" -ge 8; then 911 AC_MSG_RESULT([yes]) 912 AC_DEFINE([DISABLE_UTMP]) 913 AC_DEFINE([DISABLE_WTMP], [1], 914 [Define if you don't want to use wtmp]) 915 else 916 AC_MSG_RESULT([no]) 917 fi 918 AC_CHECK_FUNCS([setpflags]) 919 AC_CHECK_FUNCS([setppriv]) 920 AC_CHECK_FUNCS([priv_basicset]) 921 AC_CHECK_HEADERS([priv.h]) 922 AC_ARG_WITH([solaris-contracts], 923 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 924 [ 925 AC_CHECK_LIB([contract], [ct_tmpl_activate], 926 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 927 [Define if you have Solaris process contracts]) 928 LIBS="$LIBS -lcontract" 929 SPC_MSG="yes" ], ) 930 ], 931 ) 932 AC_ARG_WITH([solaris-projects], 933 [ --with-solaris-projects Enable Solaris projects (experimental)], 934 [ 935 AC_CHECK_LIB([project], [setproject], 936 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 937 [Define if you have Solaris projects]) 938 LIBS="$LIBS -lproject" 939 SP_MSG="yes" ], ) 940 ], 941 ) 942 AC_ARG_WITH([solaris-privs], 943 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 944 [ 945 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 946 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 947 "x$ac_cv_header_priv_h" = "xyes" ; then 948 SOLARIS_PRIVS=yes 949 AC_MSG_RESULT([found]) 950 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 951 [Define to disable UID restoration test]) 952 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 953 [Define if you have Solaris privileges]) 954 SPP_MSG="yes" 955 else 956 AC_MSG_RESULT([not found]) 957 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 958 fi 959 ], 960 ) 961 TEST_SHELL=$SHELL # let configure find us a capable shell 962 ;; 963*-*-sunos4*) 964 CPPFLAGS="$CPPFLAGS -DSUNOS4" 965 AC_CHECK_FUNCS([getpwanam]) 966 AC_DEFINE([PAM_SUN_CODEBASE]) 967 conf_utmp_location=/etc/utmp 968 conf_wtmp_location=/var/adm/wtmp 969 conf_lastlog_location=/var/adm/lastlog 970 AC_DEFINE([USE_PIPES]) 971 ;; 972*-ncr-sysv*) 973 LIBS="$LIBS -lc89" 974 AC_DEFINE([USE_PIPES]) 975 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 976 AC_DEFINE([SETEUID_BREAKS_SETUID]) 977 AC_DEFINE([BROKEN_SETREUID]) 978 AC_DEFINE([BROKEN_SETREGID]) 979 ;; 980*-sni-sysv*) 981 # /usr/ucblib MUST NOT be searched on ReliantUNIX 982 AC_CHECK_LIB([dl], [dlsym], ,) 983 # -lresolv needs to be at the end of LIBS or DNS lookups break 984 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 985 IPADDR_IN_DISPLAY=yes 986 AC_DEFINE([USE_PIPES]) 987 AC_DEFINE([IP_TOS_IS_BROKEN]) 988 AC_DEFINE([SETEUID_BREAKS_SETUID]) 989 AC_DEFINE([BROKEN_SETREUID]) 990 AC_DEFINE([BROKEN_SETREGID]) 991 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 992 external_path_file=/etc/default/login 993 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 994 # Attention: always take care to bind libsocket and libnsl before libc, 995 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 996 ;; 997# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 998*-*-sysv4.2*) 999 AC_DEFINE([USE_PIPES]) 1000 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1001 AC_DEFINE([BROKEN_SETREUID]) 1002 AC_DEFINE([BROKEN_SETREGID]) 1003 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1004 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1005 TEST_SHELL=$SHELL # let configure find us a capable shell 1006 ;; 1007# UnixWare 7.x, OpenUNIX 8 1008*-*-sysv5*) 1009 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1010 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1011 AC_DEFINE([USE_PIPES]) 1012 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1013 AC_DEFINE([BROKEN_GETADDRINFO]) 1014 AC_DEFINE([BROKEN_SETREUID]) 1015 AC_DEFINE([BROKEN_SETREGID]) 1016 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1017 TEST_SHELL=$SHELL # let configure find us a capable shell 1018 case "$host" in 1019 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1020 maildir=/var/spool/mail 1021 AC_DEFINE([BROKEN_LIBIAF], [1], 1022 [ia_uinfo routines not supported by OS yet]) 1023 AC_DEFINE([BROKEN_UPDWTMPX]) 1024 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1025 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1026 AC_DEFINE([HAVE_SECUREWARE]) 1027 AC_DEFINE([DISABLE_SHADOW]) 1028 ], , ) 1029 ;; 1030 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1031 check_for_libcrypt_later=1 1032 ;; 1033 esac 1034 ;; 1035*-*-sysv*) 1036 ;; 1037# SCO UNIX and OEM versions of SCO UNIX 1038*-*-sco3.2v4*) 1039 AC_MSG_ERROR("This Platform is no longer supported.") 1040 ;; 1041# SCO OpenServer 5.x 1042*-*-sco3.2v5*) 1043 if test -z "$GCC"; then 1044 CFLAGS="$CFLAGS -belf" 1045 fi 1046 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1047 no_dev_ptmx=1 1048 AC_DEFINE([USE_PIPES]) 1049 AC_DEFINE([HAVE_SECUREWARE]) 1050 AC_DEFINE([DISABLE_SHADOW]) 1051 AC_DEFINE([DISABLE_FD_PASSING]) 1052 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1053 AC_DEFINE([BROKEN_GETADDRINFO]) 1054 AC_DEFINE([BROKEN_SETREUID]) 1055 AC_DEFINE([BROKEN_SETREGID]) 1056 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1057 AC_DEFINE([BROKEN_UPDWTMPX]) 1058 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1059 AC_CHECK_FUNCS([getluid setluid]) 1060 MANTYPE=man 1061 TEST_SHELL=$SHELL # let configure find us a capable shell 1062 SKIP_DISABLE_LASTLOG_DEFINE=yes 1063 ;; 1064*-*-unicosmk*) 1065 AC_DEFINE([NO_SSH_LASTLOG], [1], 1066 [Define if you don't want to use lastlog in session.c]) 1067 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1068 AC_DEFINE([BROKEN_SETREUID]) 1069 AC_DEFINE([BROKEN_SETREGID]) 1070 AC_DEFINE([USE_PIPES]) 1071 AC_DEFINE([DISABLE_FD_PASSING]) 1072 LDFLAGS="$LDFLAGS" 1073 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1074 MANTYPE=cat 1075 ;; 1076*-*-unicosmp*) 1077 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1078 AC_DEFINE([BROKEN_SETREUID]) 1079 AC_DEFINE([BROKEN_SETREGID]) 1080 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1081 AC_DEFINE([USE_PIPES]) 1082 AC_DEFINE([DISABLE_FD_PASSING]) 1083 LDFLAGS="$LDFLAGS" 1084 LIBS="$LIBS -lgen -lacid -ldb" 1085 MANTYPE=cat 1086 ;; 1087*-*-unicos*) 1088 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1089 AC_DEFINE([BROKEN_SETREUID]) 1090 AC_DEFINE([BROKEN_SETREGID]) 1091 AC_DEFINE([USE_PIPES]) 1092 AC_DEFINE([DISABLE_FD_PASSING]) 1093 AC_DEFINE([NO_SSH_LASTLOG]) 1094 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1095 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1096 MANTYPE=cat 1097 ;; 1098*-dec-osf*) 1099 AC_MSG_CHECKING([for Digital Unix SIA]) 1100 no_osfsia="" 1101 AC_ARG_WITH([osfsia], 1102 [ --with-osfsia Enable Digital Unix SIA], 1103 [ 1104 if test "x$withval" = "xno" ; then 1105 AC_MSG_RESULT([disabled]) 1106 no_osfsia=1 1107 fi 1108 ], 1109 ) 1110 if test -z "$no_osfsia" ; then 1111 if test -f /etc/sia/matrix.conf; then 1112 AC_MSG_RESULT([yes]) 1113 AC_DEFINE([HAVE_OSF_SIA], [1], 1114 [Define if you have Digital Unix Security 1115 Integration Architecture]) 1116 AC_DEFINE([DISABLE_LOGIN], [1], 1117 [Define if you don't want to use your 1118 system's login() call]) 1119 AC_DEFINE([DISABLE_FD_PASSING]) 1120 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1121 SIA_MSG="yes" 1122 else 1123 AC_MSG_RESULT([no]) 1124 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1125 [String used in /etc/passwd to denote locked account]) 1126 fi 1127 fi 1128 AC_DEFINE([BROKEN_GETADDRINFO]) 1129 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1130 AC_DEFINE([BROKEN_SETREUID]) 1131 AC_DEFINE([BROKEN_SETREGID]) 1132 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1133 ;; 1134 1135*-*-nto-qnx*) 1136 AC_DEFINE([USE_PIPES]) 1137 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1138 AC_DEFINE([DISABLE_LASTLOG]) 1139 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1140 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1141 enable_etc_default_login=no # has incompatible /etc/default/login 1142 case "$host" in 1143 *-*-nto-qnx6*) 1144 AC_DEFINE([DISABLE_FD_PASSING]) 1145 ;; 1146 esac 1147 ;; 1148 1149*-*-ultrix*) 1150 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1151 AC_DEFINE([NEED_SETPGRP]) 1152 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1153 ;; 1154 1155*-*-lynxos) 1156 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1157 AC_DEFINE([BROKEN_SETVBUF], [1], 1158 [LynxOS has broken setvbuf() implementation]) 1159 ;; 1160esac 1161 1162AC_MSG_CHECKING([compiler and flags for sanity]) 1163AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1164 [ AC_MSG_RESULT([yes]) ], 1165 [ 1166 AC_MSG_RESULT([no]) 1167 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1168 ], 1169 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1170) 1171 1172dnl Checks for header files. 1173# Checks for libraries. 1174AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1175 1176dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1177AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1178 AC_CHECK_LIB([gen], [dirname], [ 1179 AC_CACHE_CHECK([for broken dirname], 1180 ac_cv_have_broken_dirname, [ 1181 save_LIBS="$LIBS" 1182 LIBS="$LIBS -lgen" 1183 AC_RUN_IFELSE( 1184 [AC_LANG_SOURCE([[ 1185#include <libgen.h> 1186#include <string.h> 1187 1188int main(int argc, char **argv) { 1189 char *s, buf[32]; 1190 1191 strncpy(buf,"/etc", 32); 1192 s = dirname(buf); 1193 if (!s || strncmp(s, "/", 32) != 0) { 1194 exit(1); 1195 } else { 1196 exit(0); 1197 } 1198} 1199 ]])], 1200 [ ac_cv_have_broken_dirname="no" ], 1201 [ ac_cv_have_broken_dirname="yes" ], 1202 [ ac_cv_have_broken_dirname="no" ], 1203 ) 1204 LIBS="$save_LIBS" 1205 ]) 1206 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1207 LIBS="$LIBS -lgen" 1208 AC_DEFINE([HAVE_DIRNAME]) 1209 AC_CHECK_HEADERS([libgen.h]) 1210 fi 1211 ]) 1212]) 1213 1214AC_CHECK_FUNC([getspnam], , 1215 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1216AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1217 [Define if you have the basename function.])]) 1218 1219dnl zlib is required 1220AC_ARG_WITH([zlib], 1221 [ --with-zlib=PATH Use zlib in PATH], 1222 [ if test "x$withval" = "xno" ; then 1223 AC_MSG_ERROR([*** zlib is required ***]) 1224 elif test "x$withval" != "xyes"; then 1225 if test -d "$withval/lib"; then 1226 if test -n "${need_dash_r}"; then 1227 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1228 else 1229 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1230 fi 1231 else 1232 if test -n "${need_dash_r}"; then 1233 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1234 else 1235 LDFLAGS="-L${withval} ${LDFLAGS}" 1236 fi 1237 fi 1238 if test -d "$withval/include"; then 1239 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1240 else 1241 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1242 fi 1243 fi ] 1244) 1245 1246AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1247AC_CHECK_LIB([z], [deflate], , 1248 [ 1249 saved_CPPFLAGS="$CPPFLAGS" 1250 saved_LDFLAGS="$LDFLAGS" 1251 save_LIBS="$LIBS" 1252 dnl Check default zlib install dir 1253 if test -n "${need_dash_r}"; then 1254 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1255 else 1256 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1257 fi 1258 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1259 LIBS="$LIBS -lz" 1260 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1261 [ 1262 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1263 ] 1264 ) 1265 ] 1266) 1267 1268AC_ARG_WITH([zlib-version-check], 1269 [ --without-zlib-version-check Disable zlib version check], 1270 [ if test "x$withval" = "xno" ; then 1271 zlib_check_nonfatal=1 1272 fi 1273 ] 1274) 1275 1276AC_MSG_CHECKING([for possibly buggy zlib]) 1277AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1278#include <stdio.h> 1279#include <stdlib.h> 1280#include <zlib.h> 1281 ]], 1282 [[ 1283 int a=0, b=0, c=0, d=0, n, v; 1284 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1285 if (n != 3 && n != 4) 1286 exit(1); 1287 v = a*1000000 + b*10000 + c*100 + d; 1288 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1289 1290 /* 1.1.4 is OK */ 1291 if (a == 1 && b == 1 && c >= 4) 1292 exit(0); 1293 1294 /* 1.2.3 and up are OK */ 1295 if (v >= 1020300) 1296 exit(0); 1297 1298 exit(2); 1299 ]])], 1300 AC_MSG_RESULT([no]), 1301 [ AC_MSG_RESULT([yes]) 1302 if test -z "$zlib_check_nonfatal" ; then 1303 AC_MSG_ERROR([*** zlib too old - check config.log *** 1304Your reported zlib version has known security problems. It's possible your 1305vendor has fixed these problems without changing the version number. If you 1306are sure this is the case, you can disable the check by running 1307"./configure --without-zlib-version-check". 1308If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1309See http://www.gzip.org/zlib/ for details.]) 1310 else 1311 AC_MSG_WARN([zlib version may have security problems]) 1312 fi 1313 ], 1314 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1315) 1316 1317dnl UnixWare 2.x 1318AC_CHECK_FUNC([strcasecmp], 1319 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1320) 1321AC_CHECK_FUNCS([utimes], 1322 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1323 LIBS="$LIBS -lc89"]) ] 1324) 1325 1326dnl Checks for libutil functions 1327AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1328AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1329AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1330AC_SEARCH_LIBS([login], [util bsd]) 1331AC_SEARCH_LIBS([logout], [util bsd]) 1332AC_SEARCH_LIBS([logwtmp], [util bsd]) 1333AC_SEARCH_LIBS([openpty], [util bsd]) 1334AC_SEARCH_LIBS([updwtmp], [util bsd]) 1335AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1336 1337# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1338# or libnsl. 1339AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1340AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1341 1342AC_FUNC_STRFTIME 1343 1344# Check for ALTDIRFUNC glob() extension 1345AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1346AC_EGREP_CPP([FOUNDIT], 1347 [ 1348 #include <glob.h> 1349 #ifdef GLOB_ALTDIRFUNC 1350 FOUNDIT 1351 #endif 1352 ], 1353 [ 1354 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1355 [Define if your system glob() function has 1356 the GLOB_ALTDIRFUNC extension]) 1357 AC_MSG_RESULT([yes]) 1358 ], 1359 [ 1360 AC_MSG_RESULT([no]) 1361 ] 1362) 1363 1364# Check for g.gl_matchc glob() extension 1365AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1366AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1367 [[ glob_t g; g.gl_matchc = 1; ]])], 1368 [ 1369 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1370 [Define if your system glob() function has 1371 gl_matchc options in glob_t]) 1372 AC_MSG_RESULT([yes]) 1373 ], [ 1374 AC_MSG_RESULT([no]) 1375]) 1376 1377# Check for g.gl_statv glob() extension 1378AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1379AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1380#ifndef GLOB_KEEPSTAT 1381#error "glob does not support GLOB_KEEPSTAT extension" 1382#endif 1383glob_t g; 1384g.gl_statv = NULL; 1385]])], 1386 [ 1387 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1388 [Define if your system glob() function has 1389 gl_statv options in glob_t]) 1390 AC_MSG_RESULT([yes]) 1391 ], [ 1392 AC_MSG_RESULT([no]) 1393 1394]) 1395 1396AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1397 1398AC_CHECK_DECL([VIS_ALL], , 1399 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1400 1401AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1402AC_RUN_IFELSE( 1403 [AC_LANG_PROGRAM([[ 1404#include <sys/types.h> 1405#include <dirent.h>]], 1406 [[ 1407 struct dirent d; 1408 exit(sizeof(d.d_name)<=sizeof(char)); 1409 ]])], 1410 [AC_MSG_RESULT([yes])], 1411 [ 1412 AC_MSG_RESULT([no]) 1413 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1414 [Define if your struct dirent expects you to 1415 allocate extra space for d_name]) 1416 ], 1417 [ 1418 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1419 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1420 ] 1421) 1422 1423AC_MSG_CHECKING([for /proc/pid/fd directory]) 1424if test -d "/proc/$$/fd" ; then 1425 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1426 AC_MSG_RESULT([yes]) 1427else 1428 AC_MSG_RESULT([no]) 1429fi 1430 1431# Check whether user wants S/Key support 1432SKEY_MSG="no" 1433AC_ARG_WITH([skey], 1434 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1435 [ 1436 if test "x$withval" != "xno" ; then 1437 1438 if test "x$withval" != "xyes" ; then 1439 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1440 LDFLAGS="$LDFLAGS -L${withval}/lib" 1441 fi 1442 1443 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1444 LIBS="-lskey $LIBS" 1445 SKEY_MSG="yes" 1446 1447 AC_MSG_CHECKING([for s/key support]) 1448 AC_LINK_IFELSE( 1449 [AC_LANG_PROGRAM([[ 1450#include <stdio.h> 1451#include <skey.h> 1452 ]], [[ 1453 char *ff = skey_keyinfo(""); ff=""; 1454 exit(0); 1455 ]])], 1456 [AC_MSG_RESULT([yes])], 1457 [ 1458 AC_MSG_RESULT([no]) 1459 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1460 ]) 1461 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1463#include <stdio.h> 1464#include <skey.h> 1465 ]], [[ 1466 (void)skeychallenge(NULL,"name","",0); 1467 ]])], 1468 [ 1469 AC_MSG_RESULT([yes]) 1470 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1471 [Define if your skeychallenge() 1472 function takes 4 arguments (NetBSD)])], 1473 [ 1474 AC_MSG_RESULT([no]) 1475 ]) 1476 fi 1477 ] 1478) 1479 1480# Check whether user wants TCP wrappers support 1481TCPW_MSG="no" 1482AC_ARG_WITH([tcp-wrappers], 1483 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1484 [ 1485 if test "x$withval" != "xno" ; then 1486 saved_LIBS="$LIBS" 1487 saved_LDFLAGS="$LDFLAGS" 1488 saved_CPPFLAGS="$CPPFLAGS" 1489 if test -n "${withval}" && \ 1490 test "x${withval}" != "xyes"; then 1491 if test -d "${withval}/lib"; then 1492 if test -n "${need_dash_r}"; then 1493 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1494 else 1495 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1496 fi 1497 else 1498 if test -n "${need_dash_r}"; then 1499 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1500 else 1501 LDFLAGS="-L${withval} ${LDFLAGS}" 1502 fi 1503 fi 1504 if test -d "${withval}/include"; then 1505 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1506 else 1507 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1508 fi 1509 fi 1510 LIBS="-lwrap $LIBS" 1511 AC_MSG_CHECKING([for libwrap]) 1512 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1513#include <sys/types.h> 1514#include <sys/socket.h> 1515#include <netinet/in.h> 1516#include <tcpd.h> 1517int deny_severity = 0, allow_severity = 0; 1518 ]], [[ 1519 hosts_access(0); 1520 ]])], [ 1521 AC_MSG_RESULT([yes]) 1522 AC_DEFINE([LIBWRAP], [1], 1523 [Define if you want 1524 TCP Wrappers support]) 1525 SSHDLIBS="$SSHDLIBS -lwrap" 1526 TCPW_MSG="yes" 1527 ], [ 1528 AC_MSG_ERROR([*** libwrap missing]) 1529 ]) 1530 LIBS="$saved_LIBS" 1531 fi 1532 ] 1533) 1534 1535# Check whether user wants to use ldns 1536LDNS_MSG="no" 1537AC_ARG_WITH(ldns, 1538 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1539 [ 1540 ldns="" 1541 if test "x$withval" = "xyes" ; then 1542 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1543 if test "x$PKGCONFIG" = "xno"; then 1544 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1545 LDFLAGS="$LDFLAGS -L${withval}/lib" 1546 LIBS="-lldns $LIBS" 1547 ldns=yes 1548 else 1549 LIBS="$LIBS `$LDNSCONFIG --libs`" 1550 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1551 fi 1552 elif test "x$withval" != "xno" ; then 1553 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1554 LDFLAGS="$LDFLAGS -L${withval}/lib" 1555 LIBS="-lldns $LIBS" 1556 ldns=yes 1557 fi 1558 1559 # Verify that it works. 1560 if test "x$ldns" = "xyes" ; then 1561 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1562 LDNS_MSG="yes" 1563 AC_MSG_CHECKING([for ldns support]) 1564 AC_LINK_IFELSE( 1565 [AC_LANG_SOURCE([[ 1566#include <stdio.h> 1567#include <stdlib.h> 1568#include <stdint.h> 1569#include <ldns/ldns.h> 1570int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1571 ]]) 1572 ], 1573 [AC_MSG_RESULT(yes)], 1574 [ 1575 AC_MSG_RESULT(no) 1576 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1577 ]) 1578 fi 1579]) 1580 1581# Check whether user wants libedit support 1582LIBEDIT_MSG="no" 1583AC_ARG_WITH([libedit], 1584 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1585 [ if test "x$withval" != "xno" ; then 1586 if test "x$withval" = "xyes" ; then 1587 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1588 if test "x$PKGCONFIG" != "xno"; then 1589 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1590 if "$PKGCONFIG" libedit; then 1591 AC_MSG_RESULT([yes]) 1592 use_pkgconfig_for_libedit=yes 1593 else 1594 AC_MSG_RESULT([no]) 1595 fi 1596 fi 1597 else 1598 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1599 if test -n "${need_dash_r}"; then 1600 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1601 else 1602 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1603 fi 1604 fi 1605 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1606 LIBEDIT=`$PKGCONFIG --libs libedit` 1607 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1608 else 1609 LIBEDIT="-ledit -lcurses" 1610 fi 1611 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1612 AC_CHECK_LIB([edit], [el_init], 1613 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1614 LIBEDIT_MSG="yes" 1615 AC_SUBST([LIBEDIT]) 1616 ], 1617 [ AC_MSG_ERROR([libedit not found]) ], 1618 [ $OTHERLIBS ] 1619 ) 1620 AC_MSG_CHECKING([if libedit version is compatible]) 1621 AC_COMPILE_IFELSE( 1622 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1623 [[ 1624 int i = H_SETSIZE; 1625 el_init("", NULL, NULL, NULL); 1626 exit(0); 1627 ]])], 1628 [ AC_MSG_RESULT([yes]) ], 1629 [ AC_MSG_RESULT([no]) 1630 AC_MSG_ERROR([libedit version is not compatible]) ] 1631 ) 1632 fi ] 1633) 1634 1635AUDIT_MODULE=none 1636AC_ARG_WITH([audit], 1637 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1638 [ 1639 AC_MSG_CHECKING([for supported audit module]) 1640 case "$withval" in 1641 bsm) 1642 AC_MSG_RESULT([bsm]) 1643 AUDIT_MODULE=bsm 1644 dnl Checks for headers, libs and functions 1645 AC_CHECK_HEADERS([bsm/audit.h], [], 1646 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1647 [ 1648#ifdef HAVE_TIME_H 1649# include <time.h> 1650#endif 1651 ] 1652) 1653 AC_CHECK_LIB([bsm], [getaudit], [], 1654 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1655 AC_CHECK_FUNCS([getaudit], [], 1656 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1657 # These are optional 1658 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1659 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1660 if test "$sol2ver" -ge 11; then 1661 SSHDLIBS="$SSHDLIBS -lscf" 1662 AC_DEFINE([BROKEN_BSM_API], [1], 1663 [The system has incomplete BSM API]) 1664 fi 1665 ;; 1666 linux) 1667 AC_MSG_RESULT([linux]) 1668 AUDIT_MODULE=linux 1669 dnl Checks for headers, libs and functions 1670 AC_CHECK_HEADERS([libaudit.h]) 1671 SSHDLIBS="$SSHDLIBS -laudit" 1672 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1673 ;; 1674 debug) 1675 AUDIT_MODULE=debug 1676 AC_MSG_RESULT([debug]) 1677 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1678 ;; 1679 no) 1680 AC_MSG_RESULT([no]) 1681 ;; 1682 *) 1683 AC_MSG_ERROR([Unknown audit module $withval]) 1684 ;; 1685 esac ] 1686) 1687 1688AC_ARG_WITH([pie], 1689 [ --with-pie Build Position Independent Executables if possible], [ 1690 if test "x$withval" = "xno"; then 1691 use_pie=no 1692 fi 1693 if test "x$withval" = "xyes"; then 1694 use_pie=yes 1695 fi 1696 ] 1697) 1698if test "x$use_pie" = "x"; then 1699 use_pie=no 1700fi 1701if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1702 # Turn off automatic PIE when toolchain hardening is off. 1703 use_pie=no 1704fi 1705if test "x$use_pie" = "xauto"; then 1706 # Automatic PIE requires gcc >= 4.x 1707 AC_MSG_CHECKING([for gcc >= 4.x]) 1708 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1709#if !defined(__GNUC__) || __GNUC__ < 4 1710#error gcc is too old 1711#endif 1712]])], 1713 [ AC_MSG_RESULT([yes]) ], 1714 [ AC_MSG_RESULT([no]) 1715 use_pie=no ] 1716) 1717fi 1718if test "x$use_pie" != "xno"; then 1719 SAVED_CFLAGS="$CFLAGS" 1720 SAVED_LDFLAGS="$LDFLAGS" 1721 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1722 OSSH_CHECK_LDFLAG_LINK([-pie]) 1723 # We use both -fPIE and -pie or neither. 1724 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1725 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1726 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1727 AC_MSG_RESULT([yes]) 1728 else 1729 AC_MSG_RESULT([no]) 1730 CFLAGS="$SAVED_CFLAGS" 1731 LDFLAGS="$SAVED_LDFLAGS" 1732 fi 1733fi 1734 1735dnl Checks for library functions. Please keep in alphabetical order 1736AC_CHECK_FUNCS([ \ 1737 Blowfish_initstate \ 1738 Blowfish_expandstate \ 1739 Blowfish_expand0state \ 1740 Blowfish_stream2word \ 1741 asprintf \ 1742 b64_ntop \ 1743 __b64_ntop \ 1744 b64_pton \ 1745 __b64_pton \ 1746 bcopy \ 1747 bcrypt_pbkdf \ 1748 bindresvport_sa \ 1749 blf_enc \ 1750 cap_rights_limit \ 1751 clock \ 1752 closefrom \ 1753 dirfd \ 1754 endgrent \ 1755 err \ 1756 errx \ 1757 explicit_bzero \ 1758 fchmod \ 1759 fchown \ 1760 freeaddrinfo \ 1761 fstatfs \ 1762 fstatvfs \ 1763 futimes \ 1764 getaddrinfo \ 1765 getcwd \ 1766 getgrouplist \ 1767 getnameinfo \ 1768 getopt \ 1769 getpeereid \ 1770 getpeerucred \ 1771 getpgid \ 1772 getpgrp \ 1773 _getpty \ 1774 getrlimit \ 1775 getttyent \ 1776 glob \ 1777 group_from_gid \ 1778 inet_aton \ 1779 inet_ntoa \ 1780 inet_ntop \ 1781 innetgr \ 1782 llabs \ 1783 login_getcapbool \ 1784 md5_crypt \ 1785 memmove \ 1786 memset_s \ 1787 mkdtemp \ 1788 ngetaddrinfo \ 1789 nsleep \ 1790 ogetaddrinfo \ 1791 openlog_r \ 1792 pledge \ 1793 poll \ 1794 prctl \ 1795 pstat \ 1796 readpassphrase \ 1797 reallocarray \ 1798 recvmsg \ 1799 rresvport_af \ 1800 sendmsg \ 1801 setdtablesize \ 1802 setegid \ 1803 setenv \ 1804 seteuid \ 1805 setgroupent \ 1806 setgroups \ 1807 setlinebuf \ 1808 setlogin \ 1809 setpassent\ 1810 setpcred \ 1811 setproctitle \ 1812 setregid \ 1813 setreuid \ 1814 setrlimit \ 1815 setsid \ 1816 setvbuf \ 1817 sigaction \ 1818 sigvec \ 1819 snprintf \ 1820 socketpair \ 1821 statfs \ 1822 statvfs \ 1823 strcasestr \ 1824 strdup \ 1825 strerror \ 1826 strlcat \ 1827 strlcpy \ 1828 strmode \ 1829 strnlen \ 1830 strnvis \ 1831 strptime \ 1832 strtonum \ 1833 strtoll \ 1834 strtoul \ 1835 strtoull \ 1836 swap32 \ 1837 sysconf \ 1838 tcgetpgrp \ 1839 timingsafe_bcmp \ 1840 truncate \ 1841 unsetenv \ 1842 updwtmpx \ 1843 user_from_uid \ 1844 usleep \ 1845 vasprintf \ 1846 vsnprintf \ 1847 waitpid \ 1848 warn \ 1849]) 1850 1851dnl Wide character support. 1852AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1853 1854TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1855AC_MSG_CHECKING([for utf8 locale support]) 1856AC_RUN_IFELSE( 1857 [AC_LANG_PROGRAM([[ 1858#include <locale.h> 1859#include <stdlib.h> 1860 ]], [[ 1861 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1862 if (loc != NULL) 1863 exit(0); 1864 exit(1); 1865 ]])], 1866 AC_MSG_RESULT(yes), 1867 [AC_MSG_RESULT(no) 1868 TEST_SSH_UTF8=no], 1869 AC_MSG_WARN([cross compiling: assuming yes]) 1870) 1871 1872AC_LINK_IFELSE( 1873 [AC_LANG_PROGRAM( 1874 [[ #include <ctype.h> ]], 1875 [[ return (isblank('a')); ]])], 1876 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1877]) 1878 1879disable_pkcs11= 1880AC_ARG_ENABLE([pkcs11], 1881 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1882 [ 1883 if test "x$enableval" = "xno" ; then 1884 disable_pkcs11=1 1885 fi 1886 ] 1887) 1888 1889# PKCS11 depends on OpenSSL. 1890if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 1891 # PKCS#11 support requires dlopen() and co 1892 AC_SEARCH_LIBS([dlopen], [dl], 1893 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1894 ) 1895fi 1896 1897# IRIX has a const char return value for gai_strerror() 1898AC_CHECK_FUNCS([gai_strerror], [ 1899 AC_DEFINE([HAVE_GAI_STRERROR]) 1900 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1901#include <sys/types.h> 1902#include <sys/socket.h> 1903#include <netdb.h> 1904 1905const char *gai_strerror(int); 1906 ]], [[ 1907 char *str; 1908 str = gai_strerror(0); 1909 ]])], [ 1910 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1911 [Define if gai_strerror() returns const char *])], [])]) 1912 1913AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1914 [Some systems put nanosleep outside of libc])]) 1915 1916AC_SEARCH_LIBS([clock_gettime], [rt], 1917 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1918 1919dnl Make sure prototypes are defined for these before using them. 1920AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1921AC_CHECK_DECL([strsep], 1922 [AC_CHECK_FUNCS([strsep])], 1923 [], 1924 [ 1925#ifdef HAVE_STRING_H 1926# include <string.h> 1927#endif 1928 ]) 1929 1930dnl tcsendbreak might be a macro 1931AC_CHECK_DECL([tcsendbreak], 1932 [AC_DEFINE([HAVE_TCSENDBREAK])], 1933 [AC_CHECK_FUNCS([tcsendbreak])], 1934 [#include <termios.h>] 1935) 1936 1937AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1938 1939AC_CHECK_DECLS([SHUT_RD], , , 1940 [ 1941#include <sys/types.h> 1942#include <sys/socket.h> 1943 ]) 1944 1945AC_CHECK_DECLS([O_NONBLOCK], , , 1946 [ 1947#include <sys/types.h> 1948#ifdef HAVE_SYS_STAT_H 1949# include <sys/stat.h> 1950#endif 1951#ifdef HAVE_FCNTL_H 1952# include <fcntl.h> 1953#endif 1954 ]) 1955 1956AC_CHECK_DECLS([writev], , , [ 1957#include <sys/types.h> 1958#include <sys/uio.h> 1959#include <unistd.h> 1960 ]) 1961 1962AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1963#include <sys/param.h> 1964 ]) 1965 1966AC_CHECK_DECLS([offsetof], , , [ 1967#include <stddef.h> 1968 ]) 1969 1970# extra bits for select(2) 1971AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1972#include <sys/param.h> 1973#include <sys/types.h> 1974#ifdef HAVE_SYS_SYSMACROS_H 1975#include <sys/sysmacros.h> 1976#endif 1977#ifdef HAVE_SYS_SELECT_H 1978#include <sys/select.h> 1979#endif 1980#ifdef HAVE_SYS_TIME_H 1981#include <sys/time.h> 1982#endif 1983#ifdef HAVE_UNISTD_H 1984#include <unistd.h> 1985#endif 1986 ]]) 1987AC_CHECK_TYPES([fd_mask], [], [], [[ 1988#include <sys/param.h> 1989#include <sys/types.h> 1990#ifdef HAVE_SYS_SELECT_H 1991#include <sys/select.h> 1992#endif 1993#ifdef HAVE_SYS_TIME_H 1994#include <sys/time.h> 1995#endif 1996#ifdef HAVE_UNISTD_H 1997#include <unistd.h> 1998#endif 1999 ]]) 2000 2001AC_CHECK_FUNCS([setresuid], [ 2002 dnl Some platorms have setresuid that isn't implemented, test for this 2003 AC_MSG_CHECKING([if setresuid seems to work]) 2004 AC_RUN_IFELSE( 2005 [AC_LANG_PROGRAM([[ 2006#include <stdlib.h> 2007#include <errno.h> 2008 ]], [[ 2009 errno=0; 2010 setresuid(0,0,0); 2011 if (errno==ENOSYS) 2012 exit(1); 2013 else 2014 exit(0); 2015 ]])], 2016 [AC_MSG_RESULT([yes])], 2017 [AC_DEFINE([BROKEN_SETRESUID], [1], 2018 [Define if your setresuid() is broken]) 2019 AC_MSG_RESULT([not implemented])], 2020 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2021 ) 2022]) 2023 2024AC_CHECK_FUNCS([setresgid], [ 2025 dnl Some platorms have setresgid that isn't implemented, test for this 2026 AC_MSG_CHECKING([if setresgid seems to work]) 2027 AC_RUN_IFELSE( 2028 [AC_LANG_PROGRAM([[ 2029#include <stdlib.h> 2030#include <errno.h> 2031 ]], [[ 2032 errno=0; 2033 setresgid(0,0,0); 2034 if (errno==ENOSYS) 2035 exit(1); 2036 else 2037 exit(0); 2038 ]])], 2039 [AC_MSG_RESULT([yes])], 2040 [AC_DEFINE([BROKEN_SETRESGID], [1], 2041 [Define if your setresgid() is broken]) 2042 AC_MSG_RESULT([not implemented])], 2043 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2044 ) 2045]) 2046 2047AC_CHECK_FUNCS([realpath], [ 2048 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 2049 dnl path name", however some implementations of realpath (and some 2050 dnl versions of the POSIX spec) do not work on non-existent files, 2051 dnl so we use the OpenBSD implementation on those platforms. 2052 AC_MSG_CHECKING([if realpath works with non-existent files]) 2053 AC_RUN_IFELSE( 2054 [AC_LANG_PROGRAM([[ 2055#include <limits.h> 2056#include <stdlib.h> 2057#include <errno.h> 2058 ]], [[ 2059 char buf[PATH_MAX]; 2060 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 2061 if (errno == ENOENT) 2062 exit(1); 2063 exit(0); 2064 ]])], 2065 [AC_MSG_RESULT([yes])], 2066 [AC_DEFINE([BROKEN_REALPATH], [1], 2067 [realpath does not work with nonexistent files]) 2068 AC_MSG_RESULT([no])], 2069 [AC_MSG_WARN([cross compiling: assuming working])] 2070 ) 2071]) 2072 2073dnl Checks for time functions 2074AC_CHECK_FUNCS([gettimeofday time]) 2075dnl Checks for utmp functions 2076AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2077AC_CHECK_FUNCS([utmpname]) 2078dnl Checks for utmpx functions 2079AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2080AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2081dnl Checks for lastlog functions 2082AC_CHECK_FUNCS([getlastlogxbyname]) 2083 2084AC_CHECK_FUNC([daemon], 2085 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2086 [AC_CHECK_LIB([bsd], [daemon], 2087 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2088) 2089 2090AC_CHECK_FUNC([getpagesize], 2091 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2092 [Define if your libraries define getpagesize()])], 2093 [AC_CHECK_LIB([ucb], [getpagesize], 2094 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2095) 2096 2097# Check for broken snprintf 2098if test "x$ac_cv_func_snprintf" = "xyes" ; then 2099 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2100 AC_RUN_IFELSE( 2101 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2102 [[ 2103 char b[5]; 2104 snprintf(b,5,"123456789"); 2105 exit(b[4]!='\0'); 2106 ]])], 2107 [AC_MSG_RESULT([yes])], 2108 [ 2109 AC_MSG_RESULT([no]) 2110 AC_DEFINE([BROKEN_SNPRINTF], [1], 2111 [Define if your snprintf is busted]) 2112 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2113 ], 2114 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2115 ) 2116fi 2117 2118# We depend on vsnprintf returning the right thing on overflow: the 2119# number of characters it tried to create (as per SUSv3) 2120if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2121 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2122 AC_RUN_IFELSE( 2123 [AC_LANG_PROGRAM([[ 2124#include <sys/types.h> 2125#include <stdio.h> 2126#include <stdarg.h> 2127 2128int x_snprintf(char *str, size_t count, const char *fmt, ...) 2129{ 2130 size_t ret; 2131 va_list ap; 2132 2133 va_start(ap, fmt); 2134 ret = vsnprintf(str, count, fmt, ap); 2135 va_end(ap); 2136 return ret; 2137} 2138 ]], [[ 2139char x[1]; 2140if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2141 return 1; 2142if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2143 return 1; 2144return 0; 2145 ]])], 2146 [AC_MSG_RESULT([yes])], 2147 [ 2148 AC_MSG_RESULT([no]) 2149 AC_DEFINE([BROKEN_SNPRINTF], [1], 2150 [Define if your snprintf is busted]) 2151 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2152 ], 2153 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2154 ) 2155fi 2156 2157# On systems where [v]snprintf is broken, but is declared in stdio, 2158# check that the fmt argument is const char * or just char *. 2159# This is only useful for when BROKEN_SNPRINTF 2160AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2161AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2162#include <stdio.h> 2163int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2164 ]], [[ 2165 snprintf(0, 0, 0); 2166 ]])], 2167 [AC_MSG_RESULT([yes]) 2168 AC_DEFINE([SNPRINTF_CONST], [const], 2169 [Define as const if snprintf() can declare const char *fmt])], 2170 [AC_MSG_RESULT([no]) 2171 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2172 2173# Check for missing getpeereid (or equiv) support 2174NO_PEERCHECK="" 2175if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2176 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2177 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2178#include <sys/types.h> 2179#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2180 [ AC_MSG_RESULT([yes]) 2181 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2182 ], [AC_MSG_RESULT([no]) 2183 NO_PEERCHECK=1 2184 ]) 2185fi 2186 2187dnl see whether mkstemp() requires XXXXXX 2188if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2189AC_MSG_CHECKING([for (overly) strict mkstemp]) 2190AC_RUN_IFELSE( 2191 [AC_LANG_PROGRAM([[ 2192#include <stdlib.h> 2193 ]], [[ 2194 char template[]="conftest.mkstemp-test"; 2195 if (mkstemp(template) == -1) 2196 exit(1); 2197 unlink(template); 2198 exit(0); 2199 ]])], 2200 [ 2201 AC_MSG_RESULT([no]) 2202 ], 2203 [ 2204 AC_MSG_RESULT([yes]) 2205 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2206 ], 2207 [ 2208 AC_MSG_RESULT([yes]) 2209 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2210 ] 2211) 2212fi 2213 2214dnl make sure that openpty does not reacquire controlling terminal 2215if test ! -z "$check_for_openpty_ctty_bug"; then 2216 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2217 AC_RUN_IFELSE( 2218 [AC_LANG_PROGRAM([[ 2219#include <stdio.h> 2220#include <sys/fcntl.h> 2221#include <sys/types.h> 2222#include <sys/wait.h> 2223 ]], [[ 2224 pid_t pid; 2225 int fd, ptyfd, ttyfd, status; 2226 2227 pid = fork(); 2228 if (pid < 0) { /* failed */ 2229 exit(1); 2230 } else if (pid > 0) { /* parent */ 2231 waitpid(pid, &status, 0); 2232 if (WIFEXITED(status)) 2233 exit(WEXITSTATUS(status)); 2234 else 2235 exit(2); 2236 } else { /* child */ 2237 close(0); close(1); close(2); 2238 setsid(); 2239 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2240 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2241 if (fd >= 0) 2242 exit(3); /* Acquired ctty: broken */ 2243 else 2244 exit(0); /* Did not acquire ctty: OK */ 2245 } 2246 ]])], 2247 [ 2248 AC_MSG_RESULT([yes]) 2249 ], 2250 [ 2251 AC_MSG_RESULT([no]) 2252 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2253 ], 2254 [ 2255 AC_MSG_RESULT([cross-compiling, assuming yes]) 2256 ] 2257 ) 2258fi 2259 2260if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2261 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2262 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2263 AC_RUN_IFELSE( 2264 [AC_LANG_PROGRAM([[ 2265#include <stdio.h> 2266#include <sys/socket.h> 2267#include <netdb.h> 2268#include <errno.h> 2269#include <netinet/in.h> 2270 2271#define TEST_PORT "2222" 2272 ]], [[ 2273 int err, sock; 2274 struct addrinfo *gai_ai, *ai, hints; 2275 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2276 2277 memset(&hints, 0, sizeof(hints)); 2278 hints.ai_family = PF_UNSPEC; 2279 hints.ai_socktype = SOCK_STREAM; 2280 hints.ai_flags = AI_PASSIVE; 2281 2282 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2283 if (err != 0) { 2284 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2285 exit(1); 2286 } 2287 2288 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2289 if (ai->ai_family != AF_INET6) 2290 continue; 2291 2292 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2293 sizeof(ntop), strport, sizeof(strport), 2294 NI_NUMERICHOST|NI_NUMERICSERV); 2295 2296 if (err != 0) { 2297 if (err == EAI_SYSTEM) 2298 perror("getnameinfo EAI_SYSTEM"); 2299 else 2300 fprintf(stderr, "getnameinfo failed: %s\n", 2301 gai_strerror(err)); 2302 exit(2); 2303 } 2304 2305 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2306 if (sock < 0) 2307 perror("socket"); 2308 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2309 if (errno == EBADF) 2310 exit(3); 2311 } 2312 } 2313 exit(0); 2314 ]])], 2315 [ 2316 AC_MSG_RESULT([yes]) 2317 ], 2318 [ 2319 AC_MSG_RESULT([no]) 2320 AC_DEFINE([BROKEN_GETADDRINFO]) 2321 ], 2322 [ 2323 AC_MSG_RESULT([cross-compiling, assuming yes]) 2324 ] 2325 ) 2326fi 2327 2328if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2329 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2330 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2331 AC_RUN_IFELSE( 2332 [AC_LANG_PROGRAM([[ 2333#include <stdio.h> 2334#include <sys/socket.h> 2335#include <netdb.h> 2336#include <errno.h> 2337#include <netinet/in.h> 2338 2339#define TEST_PORT "2222" 2340 ]], [[ 2341 int err, sock; 2342 struct addrinfo *gai_ai, *ai, hints; 2343 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2344 2345 memset(&hints, 0, sizeof(hints)); 2346 hints.ai_family = PF_UNSPEC; 2347 hints.ai_socktype = SOCK_STREAM; 2348 hints.ai_flags = AI_PASSIVE; 2349 2350 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2351 if (err != 0) { 2352 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2353 exit(1); 2354 } 2355 2356 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2357 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2358 continue; 2359 2360 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2361 sizeof(ntop), strport, sizeof(strport), 2362 NI_NUMERICHOST|NI_NUMERICSERV); 2363 2364 if (ai->ai_family == AF_INET && err != 0) { 2365 perror("getnameinfo"); 2366 exit(2); 2367 } 2368 } 2369 exit(0); 2370 ]])], 2371 [ 2372 AC_MSG_RESULT([yes]) 2373 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2374 [Define if you have a getaddrinfo that fails 2375 for the all-zeros IPv6 address]) 2376 ], 2377 [ 2378 AC_MSG_RESULT([no]) 2379 AC_DEFINE([BROKEN_GETADDRINFO]) 2380 ], 2381 [ 2382 AC_MSG_RESULT([cross-compiling, assuming no]) 2383 ] 2384 ) 2385fi 2386 2387if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2388 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2389 [#include <sys/types.h> 2390 #include <sys/socket.h> 2391 #include <netdb.h>]) 2392fi 2393 2394if test "x$check_for_conflicting_getspnam" = "x1"; then 2395 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2396 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2397 [[ exit(0); ]])], 2398 [ 2399 AC_MSG_RESULT([no]) 2400 ], 2401 [ 2402 AC_MSG_RESULT([yes]) 2403 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2404 [Conflicting defs for getspnam]) 2405 ] 2406 ) 2407fi 2408 2409dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2410dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2411dnl for over ten years). Despite this incompatibility being reported during 2412dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2413dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2414dnl implementation. Try to detect this mess, and assume the only safe option 2415dnl if we're cross compiling. 2416dnl 2417dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2418dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2419if test "x$ac_cv_func_strnvis" = "xyes"; then 2420 AC_MSG_CHECKING([for working strnvis]) 2421 AC_RUN_IFELSE( 2422 [AC_LANG_PROGRAM([[ 2423#include <signal.h> 2424#include <stdlib.h> 2425#include <string.h> 2426#include <vis.h> 2427static void sighandler(int sig) { _exit(1); } 2428 ]], [[ 2429 char dst[16]; 2430 2431 signal(SIGSEGV, sighandler); 2432 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2433 exit(0); 2434 exit(1) 2435 ]])], 2436 [AC_MSG_RESULT([yes])], 2437 [AC_MSG_RESULT([no]) 2438 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2439 [AC_MSG_WARN([cross compiling: assuming broken]) 2440 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2441 ) 2442fi 2443 2444AC_FUNC_GETPGRP 2445 2446# Search for OpenSSL 2447saved_CPPFLAGS="$CPPFLAGS" 2448saved_LDFLAGS="$LDFLAGS" 2449AC_ARG_WITH([ssl-dir], 2450 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2451 [ 2452 if test "x$openssl" = "xno" ; then 2453 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2454 fi 2455 if test "x$withval" != "xno" ; then 2456 case "$withval" in 2457 # Relative paths 2458 ./*|../*) withval="`pwd`/$withval" 2459 esac 2460 if test -d "$withval/lib"; then 2461 if test -n "${need_dash_r}"; then 2462 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2463 else 2464 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2465 fi 2466 elif test -d "$withval/lib64"; then 2467 if test -n "${need_dash_r}"; then 2468 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2469 else 2470 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2471 fi 2472 else 2473 if test -n "${need_dash_r}"; then 2474 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2475 else 2476 LDFLAGS="-L${withval} ${LDFLAGS}" 2477 fi 2478 fi 2479 if test -d "$withval/include"; then 2480 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2481 else 2482 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2483 fi 2484 fi 2485 ] 2486) 2487 2488AC_ARG_WITH([openssl-header-check], 2489 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2490 [ 2491 if test "x$withval" = "xno" ; then 2492 openssl_check_nonfatal=1 2493 fi 2494 ] 2495) 2496 2497openssl_engine=no 2498AC_ARG_WITH([ssl-engine], 2499 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2500 [ 2501 if test "x$withval" != "xno" ; then 2502 if test "x$openssl" = "xno" ; then 2503 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2504 fi 2505 openssl_engine=yes 2506 fi 2507 ] 2508) 2509 2510if test "x$openssl" = "xyes" ; then 2511 LIBS="-lcrypto $LIBS" 2512 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2513 [Define if your ssl headers are included 2514 with #include <openssl/header.h>])], 2515 [ 2516 dnl Check default openssl install dir 2517 if test -n "${need_dash_r}"; then 2518 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2519 else 2520 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2521 fi 2522 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2523 AC_CHECK_HEADER([openssl/opensslv.h], , 2524 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2525 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2526 [ 2527 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2528 ] 2529 ) 2530 ] 2531 ) 2532 2533 # Determine OpenSSL header version 2534 AC_MSG_CHECKING([OpenSSL header version]) 2535 AC_RUN_IFELSE( 2536 [AC_LANG_PROGRAM([[ 2537 #include <stdlib.h> 2538 #include <stdio.h> 2539 #include <string.h> 2540 #include <openssl/opensslv.h> 2541 #define DATA "conftest.sslincver" 2542 ]], [[ 2543 FILE *fd; 2544 int rc; 2545 2546 fd = fopen(DATA,"w"); 2547 if(fd == NULL) 2548 exit(1); 2549 2550 if ((rc = fprintf(fd, "%08lx (%s)\n", 2551 (unsigned long)OPENSSL_VERSION_NUMBER, 2552 OPENSSL_VERSION_TEXT)) < 0) 2553 exit(1); 2554 2555 exit(0); 2556 ]])], 2557 [ 2558 ssl_header_ver=`cat conftest.sslincver` 2559 AC_MSG_RESULT([$ssl_header_ver]) 2560 ], 2561 [ 2562 AC_MSG_RESULT([not found]) 2563 AC_MSG_ERROR([OpenSSL version header not found.]) 2564 ], 2565 [ 2566 AC_MSG_WARN([cross compiling: not checking]) 2567 ] 2568 ) 2569 2570 # Determine OpenSSL library version 2571 AC_MSG_CHECKING([OpenSSL library version]) 2572 AC_RUN_IFELSE( 2573 [AC_LANG_PROGRAM([[ 2574 #include <stdio.h> 2575 #include <string.h> 2576 #include <openssl/opensslv.h> 2577 #include <openssl/crypto.h> 2578 #define DATA "conftest.ssllibver" 2579 ]], [[ 2580 FILE *fd; 2581 int rc; 2582 2583 fd = fopen(DATA,"w"); 2584 if(fd == NULL) 2585 exit(1); 2586 2587 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), 2588 SSLeay_version(SSLEAY_VERSION))) < 0) 2589 exit(1); 2590 2591 exit(0); 2592 ]])], 2593 [ 2594 ssl_library_ver=`cat conftest.ssllibver` 2595 # Check version is supported. 2596 case "$ssl_library_ver" in 2597 10000*|0*) 2598 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2599 ;; 2600 *) ;; 2601 esac 2602 AC_MSG_RESULT([$ssl_library_ver]) 2603 ], 2604 [ 2605 AC_MSG_RESULT([not found]) 2606 AC_MSG_ERROR([OpenSSL library not found.]) 2607 ], 2608 [ 2609 AC_MSG_WARN([cross compiling: not checking]) 2610 ] 2611 ) 2612 2613 # Sanity check OpenSSL headers 2614 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2615 AC_RUN_IFELSE( 2616 [AC_LANG_PROGRAM([[ 2617 #include <string.h> 2618 #include <openssl/opensslv.h> 2619 #include <openssl/crypto.h> 2620 ]], [[ 2621 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2622 ]])], 2623 [ 2624 AC_MSG_RESULT([yes]) 2625 ], 2626 [ 2627 AC_MSG_RESULT([no]) 2628 if test "x$openssl_check_nonfatal" = "x"; then 2629 AC_MSG_ERROR([Your OpenSSL headers do not match your 2630 library. Check config.log for details. 2631 If you are sure your installation is consistent, you can disable the check 2632 by running "./configure --without-openssl-header-check". 2633 Also see contrib/findssl.sh for help identifying header/library mismatches. 2634 ]) 2635 else 2636 AC_MSG_WARN([Your OpenSSL headers do not match your 2637 library. Check config.log for details. 2638 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2639 fi 2640 ], 2641 [ 2642 AC_MSG_WARN([cross compiling: not checking]) 2643 ] 2644 ) 2645 2646 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2647 AC_LINK_IFELSE( 2648 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2649 [[ SSLeay_add_all_algorithms(); ]])], 2650 [ 2651 AC_MSG_RESULT([yes]) 2652 ], 2653 [ 2654 AC_MSG_RESULT([no]) 2655 saved_LIBS="$LIBS" 2656 LIBS="$LIBS -ldl" 2657 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2658 AC_LINK_IFELSE( 2659 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2660 [[ SSLeay_add_all_algorithms(); ]])], 2661 [ 2662 AC_MSG_RESULT([yes]) 2663 ], 2664 [ 2665 AC_MSG_RESULT([no]) 2666 LIBS="$saved_LIBS" 2667 ] 2668 ) 2669 ] 2670 ) 2671 2672 AC_CHECK_FUNCS([ \ 2673 BN_is_prime_ex \ 2674 DSA_generate_parameters_ex \ 2675 EVP_DigestInit_ex \ 2676 EVP_DigestFinal_ex \ 2677 EVP_MD_CTX_init \ 2678 EVP_MD_CTX_cleanup \ 2679 EVP_MD_CTX_copy_ex \ 2680 HMAC_CTX_init \ 2681 RSA_generate_key_ex \ 2682 RSA_get_default_method \ 2683 ]) 2684 2685 if test "x$openssl_engine" = "xyes" ; then 2686 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2687 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2688 #include <openssl/engine.h> 2689 ]], [[ 2690 ENGINE_load_builtin_engines(); 2691 ENGINE_register_all_complete(); 2692 ]])], 2693 [ AC_MSG_RESULT([yes]) 2694 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2695 [Enable OpenSSL engine support]) 2696 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2697 ]) 2698 fi 2699 2700 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2701 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2702 AC_LINK_IFELSE( 2703 [AC_LANG_PROGRAM([[ 2704 #include <string.h> 2705 #include <openssl/evp.h> 2706 ]], [[ 2707 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2708 ]])], 2709 [ 2710 AC_MSG_RESULT([no]) 2711 ], 2712 [ 2713 AC_MSG_RESULT([yes]) 2714 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2715 [libcrypto is missing AES 192 and 256 bit functions]) 2716 ] 2717 ) 2718 2719 # Check for OpenSSL with EVP_aes_*ctr 2720 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2721 AC_LINK_IFELSE( 2722 [AC_LANG_PROGRAM([[ 2723 #include <string.h> 2724 #include <openssl/evp.h> 2725 ]], [[ 2726 exit(EVP_aes_128_ctr() == NULL || 2727 EVP_aes_192_cbc() == NULL || 2728 EVP_aes_256_cbc() == NULL); 2729 ]])], 2730 [ 2731 AC_MSG_RESULT([yes]) 2732 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2733 [libcrypto has EVP AES CTR]) 2734 ], 2735 [ 2736 AC_MSG_RESULT([no]) 2737 ] 2738 ) 2739 2740 # Check for OpenSSL with EVP_aes_*gcm 2741 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2742 AC_LINK_IFELSE( 2743 [AC_LANG_PROGRAM([[ 2744 #include <string.h> 2745 #include <openssl/evp.h> 2746 ]], [[ 2747 exit(EVP_aes_128_gcm() == NULL || 2748 EVP_aes_256_gcm() == NULL || 2749 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2750 EVP_CTRL_GCM_IV_GEN == 0 || 2751 EVP_CTRL_GCM_SET_TAG == 0 || 2752 EVP_CTRL_GCM_GET_TAG == 0 || 2753 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2754 ]])], 2755 [ 2756 AC_MSG_RESULT([yes]) 2757 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2758 [libcrypto has EVP AES GCM]) 2759 ], 2760 [ 2761 AC_MSG_RESULT([no]) 2762 unsupported_algorithms="$unsupported_cipers \ 2763 aes128-gcm@openssh.com \ 2764 aes256-gcm@openssh.com" 2765 ] 2766 ) 2767 2768 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2769 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2770 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2771 2772 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2773 AC_LINK_IFELSE( 2774 [AC_LANG_PROGRAM([[ 2775 #include <string.h> 2776 #include <openssl/evp.h> 2777 ]], [[ 2778 if(EVP_DigestUpdate(NULL, NULL,0)) 2779 exit(0); 2780 ]])], 2781 [ 2782 AC_MSG_RESULT([yes]) 2783 ], 2784 [ 2785 AC_MSG_RESULT([no]) 2786 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2787 [Define if EVP_DigestUpdate returns void]) 2788 ] 2789 ) 2790 2791 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2792 # because the system crypt() is more featureful. 2793 if test "x$check_for_libcrypt_before" = "x1"; then 2794 AC_CHECK_LIB([crypt], [crypt]) 2795 fi 2796 2797 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2798 # version in OpenSSL. 2799 if test "x$check_for_libcrypt_later" = "x1"; then 2800 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2801 fi 2802 AC_CHECK_FUNCS([crypt DES_crypt]) 2803 2804 # Search for SHA256 support in libc and/or OpenSSL 2805 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2806 [unsupported_algorithms="$unsupported_algorithms \ 2807 hmac-sha2-256 \ 2808 hmac-sha2-512 \ 2809 diffie-hellman-group-exchange-sha256 \ 2810 hmac-sha2-256-etm@openssh.com \ 2811 hmac-sha2-512-etm@openssh.com" 2812 ] 2813 ) 2814 # Search for RIPE-MD support in OpenSSL 2815 AC_CHECK_FUNCS([EVP_ripemd160], , 2816 [unsupported_algorithms="$unsupported_algorithms \ 2817 hmac-ripemd160 \ 2818 hmac-ripemd160@openssh.com \ 2819 hmac-ripemd160-etm@openssh.com" 2820 ] 2821 ) 2822 2823 # Check complete ECC support in OpenSSL 2824 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2825 AC_LINK_IFELSE( 2826 [AC_LANG_PROGRAM([[ 2827 #include <openssl/ec.h> 2828 #include <openssl/ecdh.h> 2829 #include <openssl/ecdsa.h> 2830 #include <openssl/evp.h> 2831 #include <openssl/objects.h> 2832 #include <openssl/opensslv.h> 2833 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2834 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2835 #endif 2836 ]], [[ 2837 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2838 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2839 ]])], 2840 [ AC_MSG_RESULT([yes]) 2841 enable_nistp256=1 ], 2842 [ AC_MSG_RESULT([no]) ] 2843 ) 2844 2845 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2846 AC_LINK_IFELSE( 2847 [AC_LANG_PROGRAM([[ 2848 #include <openssl/ec.h> 2849 #include <openssl/ecdh.h> 2850 #include <openssl/ecdsa.h> 2851 #include <openssl/evp.h> 2852 #include <openssl/objects.h> 2853 #include <openssl/opensslv.h> 2854 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2855 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2856 #endif 2857 ]], [[ 2858 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2859 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2860 ]])], 2861 [ AC_MSG_RESULT([yes]) 2862 enable_nistp384=1 ], 2863 [ AC_MSG_RESULT([no]) ] 2864 ) 2865 2866 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2867 AC_LINK_IFELSE( 2868 [AC_LANG_PROGRAM([[ 2869 #include <openssl/ec.h> 2870 #include <openssl/ecdh.h> 2871 #include <openssl/ecdsa.h> 2872 #include <openssl/evp.h> 2873 #include <openssl/objects.h> 2874 #include <openssl/opensslv.h> 2875 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2876 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2877 #endif 2878 ]], [[ 2879 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2880 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2881 ]])], 2882 [ AC_MSG_RESULT([yes]) 2883 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2884 AC_RUN_IFELSE( 2885 [AC_LANG_PROGRAM([[ 2886 #include <openssl/ec.h> 2887 #include <openssl/ecdh.h> 2888 #include <openssl/ecdsa.h> 2889 #include <openssl/evp.h> 2890 #include <openssl/objects.h> 2891 #include <openssl/opensslv.h> 2892 ]],[[ 2893 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2894 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2895 exit(e == NULL || m == NULL); 2896 ]])], 2897 [ AC_MSG_RESULT([yes]) 2898 enable_nistp521=1 ], 2899 [ AC_MSG_RESULT([no]) ], 2900 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2901 enable_nistp521=1 ] 2902 )], 2903 AC_MSG_RESULT([no]) 2904 ) 2905 2906 COMMENT_OUT_ECC="#no ecc#" 2907 TEST_SSH_ECC=no 2908 2909 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2910 test x$enable_nistp521 = x1; then 2911 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2912 fi 2913 if test x$enable_nistp256 = x1; then 2914 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2915 [libcrypto has NID_X9_62_prime256v1]) 2916 TEST_SSH_ECC=yes 2917 COMMENT_OUT_ECC="" 2918 else 2919 unsupported_algorithms="$unsupported_algorithms \ 2920 ecdsa-sha2-nistp256 \ 2921 ecdh-sha2-nistp256 \ 2922 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2923 fi 2924 if test x$enable_nistp384 = x1; then 2925 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2926 TEST_SSH_ECC=yes 2927 COMMENT_OUT_ECC="" 2928 else 2929 unsupported_algorithms="$unsupported_algorithms \ 2930 ecdsa-sha2-nistp384 \ 2931 ecdh-sha2-nistp384 \ 2932 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2933 fi 2934 if test x$enable_nistp521 = x1; then 2935 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2936 TEST_SSH_ECC=yes 2937 COMMENT_OUT_ECC="" 2938 else 2939 unsupported_algorithms="$unsupported_algorithms \ 2940 ecdh-sha2-nistp521 \ 2941 ecdsa-sha2-nistp521 \ 2942 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2943 fi 2944 2945 AC_SUBST([TEST_SSH_ECC]) 2946 AC_SUBST([COMMENT_OUT_ECC]) 2947else 2948 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2949 AC_CHECK_FUNCS([crypt]) 2950fi 2951 2952AC_CHECK_FUNCS([ \ 2953 arc4random \ 2954 arc4random_buf \ 2955 arc4random_stir \ 2956 arc4random_uniform \ 2957]) 2958 2959saved_LIBS="$LIBS" 2960AC_CHECK_LIB([iaf], [ia_openinfo], [ 2961 LIBS="$LIBS -liaf" 2962 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2963 AC_DEFINE([HAVE_LIBIAF], [1], 2964 [Define if system has libiaf that supports set_id]) 2965 ]) 2966]) 2967LIBS="$saved_LIBS" 2968 2969### Configure cryptographic random number support 2970 2971# Check wheter OpenSSL seeds itself 2972if test "x$openssl" = "xyes" ; then 2973 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2974 AC_RUN_IFELSE( 2975 [AC_LANG_PROGRAM([[ 2976 #include <string.h> 2977 #include <openssl/rand.h> 2978 ]], [[ 2979 exit(RAND_status() == 1 ? 0 : 1); 2980 ]])], 2981 [ 2982 OPENSSL_SEEDS_ITSELF=yes 2983 AC_MSG_RESULT([yes]) 2984 ], 2985 [ 2986 AC_MSG_RESULT([no]) 2987 ], 2988 [ 2989 AC_MSG_WARN([cross compiling: assuming yes]) 2990 # This is safe, since we will fatal() at runtime if 2991 # OpenSSL is not seeded correctly. 2992 OPENSSL_SEEDS_ITSELF=yes 2993 ] 2994 ) 2995fi 2996 2997# PRNGD TCP socket 2998AC_ARG_WITH([prngd-port], 2999 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3000 [ 3001 case "$withval" in 3002 no) 3003 withval="" 3004 ;; 3005 [[0-9]]*) 3006 ;; 3007 *) 3008 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3009 ;; 3010 esac 3011 if test ! -z "$withval" ; then 3012 PRNGD_PORT="$withval" 3013 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3014 [Port number of PRNGD/EGD random number socket]) 3015 fi 3016 ] 3017) 3018 3019# PRNGD Unix domain socket 3020AC_ARG_WITH([prngd-socket], 3021 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3022 [ 3023 case "$withval" in 3024 yes) 3025 withval="/var/run/egd-pool" 3026 ;; 3027 no) 3028 withval="" 3029 ;; 3030 /*) 3031 ;; 3032 *) 3033 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3034 ;; 3035 esac 3036 3037 if test ! -z "$withval" ; then 3038 if test ! -z "$PRNGD_PORT" ; then 3039 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3040 fi 3041 if test ! -r "$withval" ; then 3042 AC_MSG_WARN([Entropy socket is not readable]) 3043 fi 3044 PRNGD_SOCKET="$withval" 3045 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3046 [Location of PRNGD/EGD random number socket]) 3047 fi 3048 ], 3049 [ 3050 # Check for existing socket only if we don't have a random device already 3051 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3052 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3053 # Insert other locations here 3054 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3055 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3056 PRNGD_SOCKET="$sock" 3057 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3058 break; 3059 fi 3060 done 3061 if test ! -z "$PRNGD_SOCKET" ; then 3062 AC_MSG_RESULT([$PRNGD_SOCKET]) 3063 else 3064 AC_MSG_RESULT([not found]) 3065 fi 3066 fi 3067 ] 3068) 3069 3070# Which randomness source do we use? 3071if test ! -z "$PRNGD_PORT" ; then 3072 RAND_MSG="PRNGd port $PRNGD_PORT" 3073elif test ! -z "$PRNGD_SOCKET" ; then 3074 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3075elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3076 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3077 [Define if you want the OpenSSL internally seeded PRNG only]) 3078 RAND_MSG="OpenSSL internal ONLY" 3079elif test "x$openssl" = "xno" ; then 3080 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3081else 3082 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3083fi 3084 3085# Check for PAM libs 3086PAM_MSG="no" 3087AC_ARG_WITH([pam], 3088 [ --with-pam Enable PAM support ], 3089 [ 3090 if test "x$withval" != "xno" ; then 3091 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3092 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3093 AC_MSG_ERROR([PAM headers not found]) 3094 fi 3095 3096 saved_LIBS="$LIBS" 3097 AC_CHECK_LIB([dl], [dlopen], , ) 3098 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3099 AC_CHECK_FUNCS([pam_getenvlist]) 3100 AC_CHECK_FUNCS([pam_putenv]) 3101 LIBS="$saved_LIBS" 3102 3103 PAM_MSG="yes" 3104 3105 SSHDLIBS="$SSHDLIBS -lpam" 3106 AC_DEFINE([USE_PAM], [1], 3107 [Define if you want to enable PAM support]) 3108 3109 if test $ac_cv_lib_dl_dlopen = yes; then 3110 case "$LIBS" in 3111 *-ldl*) 3112 # libdl already in LIBS 3113 ;; 3114 *) 3115 SSHDLIBS="$SSHDLIBS -ldl" 3116 ;; 3117 esac 3118 fi 3119 fi 3120 ] 3121) 3122 3123AC_ARG_WITH([pam-service], 3124 [ --with-pam-service=name Specify PAM service name ], 3125 [ 3126 if test "x$withval" != "xno" && \ 3127 test "x$withval" != "xyes" ; then 3128 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3129 ["$withval"], [sshd PAM service name]) 3130 fi 3131 ] 3132) 3133 3134# Check for older PAM 3135if test "x$PAM_MSG" = "xyes" ; then 3136 # Check PAM strerror arguments (old PAM) 3137 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3138 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3139#include <stdlib.h> 3140#if defined(HAVE_SECURITY_PAM_APPL_H) 3141#include <security/pam_appl.h> 3142#elif defined (HAVE_PAM_PAM_APPL_H) 3143#include <pam/pam_appl.h> 3144#endif 3145 ]], [[ 3146(void)pam_strerror((pam_handle_t *)NULL, -1); 3147 ]])], [AC_MSG_RESULT([no])], [ 3148 AC_DEFINE([HAVE_OLD_PAM], [1], 3149 [Define if you have an old version of PAM 3150 which takes only one argument to pam_strerror]) 3151 AC_MSG_RESULT([yes]) 3152 PAM_MSG="yes (old library)" 3153 3154 ]) 3155fi 3156 3157case "$host" in 3158*-*-cygwin*) 3159 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3160 ;; 3161*) 3162 SSH_PRIVSEP_USER=sshd 3163 ;; 3164esac 3165AC_ARG_WITH([privsep-user], 3166 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3167 [ 3168 if test -n "$withval" && test "x$withval" != "xno" && \ 3169 test "x${withval}" != "xyes"; then 3170 SSH_PRIVSEP_USER=$withval 3171 fi 3172 ] 3173) 3174if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3175 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3176 [Cygwin function to fetch non-privileged user for privilege separation]) 3177else 3178 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3179 [non-privileged user for privilege separation]) 3180fi 3181AC_SUBST([SSH_PRIVSEP_USER]) 3182 3183if test "x$have_linux_no_new_privs" = "x1" ; then 3184AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3185 #include <sys/types.h> 3186 #include <linux/seccomp.h> 3187]) 3188fi 3189if test "x$have_seccomp_filter" = "x1" ; then 3190AC_MSG_CHECKING([kernel for seccomp_filter support]) 3191AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3192 #include <errno.h> 3193 #include <elf.h> 3194 #include <linux/audit.h> 3195 #include <linux/seccomp.h> 3196 #include <stdlib.h> 3197 #include <sys/prctl.h> 3198 ]], 3199 [[ int i = $seccomp_audit_arch; 3200 errno = 0; 3201 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3202 exit(errno == EFAULT ? 0 : 1); ]])], 3203 [ AC_MSG_RESULT([yes]) ], [ 3204 AC_MSG_RESULT([no]) 3205 # Disable seccomp filter as a target 3206 have_seccomp_filter=0 3207 ] 3208) 3209fi 3210 3211# Decide which sandbox style to use 3212sandbox_arg="" 3213AC_ARG_WITH([sandbox], 3214 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3215 [ 3216 if test "x$withval" = "xyes" ; then 3217 sandbox_arg="" 3218 else 3219 sandbox_arg="$withval" 3220 fi 3221 ] 3222) 3223 3224# Some platforms (seems to be the ones that have a kernel poll(2)-type 3225# function with which they implement select(2)) use an extra file descriptor 3226# when calling select(2), which means we can't use the rlimit sandbox. 3227AC_MSG_CHECKING([if select works with descriptor rlimit]) 3228AC_RUN_IFELSE( 3229 [AC_LANG_PROGRAM([[ 3230#include <sys/types.h> 3231#ifdef HAVE_SYS_TIME_H 3232# include <sys/time.h> 3233#endif 3234#include <sys/resource.h> 3235#ifdef HAVE_SYS_SELECT_H 3236# include <sys/select.h> 3237#endif 3238#include <errno.h> 3239#include <fcntl.h> 3240#include <stdlib.h> 3241 ]],[[ 3242 struct rlimit rl_zero; 3243 int fd, r; 3244 fd_set fds; 3245 struct timeval tv; 3246 3247 fd = open("/dev/null", O_RDONLY); 3248 FD_ZERO(&fds); 3249 FD_SET(fd, &fds); 3250 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3251 setrlimit(RLIMIT_FSIZE, &rl_zero); 3252 setrlimit(RLIMIT_NOFILE, &rl_zero); 3253 tv.tv_sec = 1; 3254 tv.tv_usec = 0; 3255 r = select(fd+1, &fds, NULL, NULL, &tv); 3256 exit (r == -1 ? 1 : 0); 3257 ]])], 3258 [AC_MSG_RESULT([yes]) 3259 select_works_with_rlimit=yes], 3260 [AC_MSG_RESULT([no]) 3261 select_works_with_rlimit=no], 3262 [AC_MSG_WARN([cross compiling: assuming yes])] 3263) 3264 3265AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3266AC_RUN_IFELSE( 3267 [AC_LANG_PROGRAM([[ 3268#include <sys/types.h> 3269#ifdef HAVE_SYS_TIME_H 3270# include <sys/time.h> 3271#endif 3272#include <sys/resource.h> 3273#include <errno.h> 3274#include <stdlib.h> 3275 ]],[[ 3276 struct rlimit rl_zero; 3277 int fd, r; 3278 fd_set fds; 3279 3280 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3281 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3282 exit (r == -1 ? 1 : 0); 3283 ]])], 3284 [AC_MSG_RESULT([yes]) 3285 rlimit_nofile_zero_works=yes], 3286 [AC_MSG_RESULT([no]) 3287 rlimit_nofile_zero_works=no], 3288 [AC_MSG_WARN([cross compiling: assuming yes])] 3289) 3290 3291AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3292AC_RUN_IFELSE( 3293 [AC_LANG_PROGRAM([[ 3294#include <sys/types.h> 3295#include <sys/resource.h> 3296#include <stdlib.h> 3297 ]],[[ 3298 struct rlimit rl_zero; 3299 3300 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3301 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3302 ]])], 3303 [AC_MSG_RESULT([yes])], 3304 [AC_MSG_RESULT([no]) 3305 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3306 [setrlimit RLIMIT_FSIZE works])], 3307 [AC_MSG_WARN([cross compiling: assuming yes])] 3308) 3309 3310if test "x$sandbox_arg" = "xpledge" || \ 3311 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3312 test "x$ac_cv_func_pledge" != "xyes" && \ 3313 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3314 SANDBOX_STYLE="pledge" 3315 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3316elif test "x$sandbox_arg" = "xsystrace" || \ 3317 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3318 test "x$have_systr_policy_kill" != "x1" && \ 3319 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3320 SANDBOX_STYLE="systrace" 3321 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3322elif test "x$sandbox_arg" = "xdarwin" || \ 3323 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3324 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3325 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3326 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3327 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3328 SANDBOX_STYLE="darwin" 3329 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3330elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3331 ( test -z "$sandbox_arg" && \ 3332 test "x$have_seccomp_filter" = "x1" && \ 3333 test "x$ac_cv_header_elf_h" = "xyes" && \ 3334 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3335 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3336 test "x$seccomp_audit_arch" != "x" && \ 3337 test "x$have_linux_no_new_privs" = "x1" && \ 3338 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3339 test "x$seccomp_audit_arch" = "x" && \ 3340 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3341 test "x$have_linux_no_new_privs" != "x1" && \ 3342 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3343 test "x$have_seccomp_filter" != "x1" && \ 3344 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3345 test "x$ac_cv_func_prctl" != "xyes" && \ 3346 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3347 SANDBOX_STYLE="seccomp_filter" 3348 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3349elif test "x$sandbox_arg" = "xcapsicum" || \ 3350 ( test -z "$sandbox_arg" && \ 3351 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3352 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3353 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3354 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3355 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3356 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3357 SANDBOX_STYLE="capsicum" 3358 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3359elif test "x$sandbox_arg" = "xrlimit" || \ 3360 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3361 test "x$select_works_with_rlimit" = "xyes" && \ 3362 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3363 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3364 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3365 test "x$select_works_with_rlimit" != "xyes" && \ 3366 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3367 SANDBOX_STYLE="rlimit" 3368 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3369elif test "x$sandbox_arg" = "xsolaris" || \ 3370 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3371 SANDBOX_STYLE="solaris" 3372 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3373elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3374 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3375 SANDBOX_STYLE="none" 3376 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3377else 3378 AC_MSG_ERROR([unsupported --with-sandbox]) 3379fi 3380 3381# Cheap hack to ensure NEWS-OS libraries are arranged right. 3382if test ! -z "$SONY" ; then 3383 LIBS="$LIBS -liberty"; 3384fi 3385 3386# Check for long long datatypes 3387AC_CHECK_TYPES([long long, unsigned long long, long double]) 3388 3389# Check datatype sizes 3390AC_CHECK_SIZEOF([short int], [2]) 3391AC_CHECK_SIZEOF([int], [4]) 3392AC_CHECK_SIZEOF([long int], [4]) 3393AC_CHECK_SIZEOF([long long int], [8]) 3394 3395# Sanity check long long for some platforms (AIX) 3396if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3397 ac_cv_sizeof_long_long_int=0 3398fi 3399 3400# compute LLONG_MIN and LLONG_MAX if we don't know them. 3401if test -z "$have_llong_max"; then 3402 AC_MSG_CHECKING([for max value of long long]) 3403 AC_RUN_IFELSE( 3404 [AC_LANG_PROGRAM([[ 3405#include <stdio.h> 3406/* Why is this so damn hard? */ 3407#ifdef __GNUC__ 3408# undef __GNUC__ 3409#endif 3410#define __USE_ISOC99 3411#include <limits.h> 3412#define DATA "conftest.llminmax" 3413#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3414 3415/* 3416 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3417 * we do this the hard way. 3418 */ 3419static int 3420fprint_ll(FILE *f, long long n) 3421{ 3422 unsigned int i; 3423 int l[sizeof(long long) * 8]; 3424 3425 if (n < 0) 3426 if (fprintf(f, "-") < 0) 3427 return -1; 3428 for (i = 0; n != 0; i++) { 3429 l[i] = my_abs(n % 10); 3430 n /= 10; 3431 } 3432 do { 3433 if (fprintf(f, "%d", l[--i]) < 0) 3434 return -1; 3435 } while (i != 0); 3436 if (fprintf(f, " ") < 0) 3437 return -1; 3438 return 0; 3439} 3440 ]], [[ 3441 FILE *f; 3442 long long i, llmin, llmax = 0; 3443 3444 if((f = fopen(DATA,"w")) == NULL) 3445 exit(1); 3446 3447#if defined(LLONG_MIN) && defined(LLONG_MAX) 3448 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3449 llmin = LLONG_MIN; 3450 llmax = LLONG_MAX; 3451#else 3452 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3453 /* This will work on one's complement and two's complement */ 3454 for (i = 1; i > llmax; i <<= 1, i++) 3455 llmax = i; 3456 llmin = llmax + 1LL; /* wrap */ 3457#endif 3458 3459 /* Sanity check */ 3460 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3461 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3462 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3463 fprintf(f, "unknown unknown\n"); 3464 exit(2); 3465 } 3466 3467 if (fprint_ll(f, llmin) < 0) 3468 exit(3); 3469 if (fprint_ll(f, llmax) < 0) 3470 exit(4); 3471 if (fclose(f) < 0) 3472 exit(5); 3473 exit(0); 3474 ]])], 3475 [ 3476 llong_min=`$AWK '{print $1}' conftest.llminmax` 3477 llong_max=`$AWK '{print $2}' conftest.llminmax` 3478 3479 AC_MSG_RESULT([$llong_max]) 3480 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3481 [max value of long long calculated by configure]) 3482 AC_MSG_CHECKING([for min value of long long]) 3483 AC_MSG_RESULT([$llong_min]) 3484 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3485 [min value of long long calculated by configure]) 3486 ], 3487 [ 3488 AC_MSG_RESULT([not found]) 3489 ], 3490 [ 3491 AC_MSG_WARN([cross compiling: not checking]) 3492 ] 3493 ) 3494fi 3495 3496 3497# More checks for data types 3498AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3499 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3500 [[ u_int a; a = 1;]])], 3501 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3502 ]) 3503]) 3504if test "x$ac_cv_have_u_int" = "xyes" ; then 3505 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3506 have_u_int=1 3507fi 3508 3509AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3510 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3511 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3512 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3513 ]) 3514]) 3515if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3516 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3517 have_intxx_t=1 3518fi 3519 3520if (test -z "$have_intxx_t" && \ 3521 test "x$ac_cv_header_stdint_h" = "xyes") 3522then 3523 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3524 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3525 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3526 [ 3527 AC_DEFINE([HAVE_INTXX_T]) 3528 AC_MSG_RESULT([yes]) 3529 ], [ AC_MSG_RESULT([no]) 3530 ]) 3531fi 3532 3533AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3534 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3535#include <sys/types.h> 3536#ifdef HAVE_STDINT_H 3537# include <stdint.h> 3538#endif 3539#include <sys/socket.h> 3540#ifdef HAVE_SYS_BITYPES_H 3541# include <sys/bitypes.h> 3542#endif 3543 ]], [[ 3544int64_t a; a = 1; 3545 ]])], 3546 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3547 ]) 3548]) 3549if test "x$ac_cv_have_int64_t" = "xyes" ; then 3550 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3551fi 3552 3553AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3554 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3555 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3556 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3557 ]) 3558]) 3559if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3560 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3561 have_u_intxx_t=1 3562fi 3563 3564if test -z "$have_u_intxx_t" ; then 3565 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3566 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3567 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3568 [ 3569 AC_DEFINE([HAVE_U_INTXX_T]) 3570 AC_MSG_RESULT([yes]) 3571 ], [ AC_MSG_RESULT([no]) 3572 ]) 3573fi 3574 3575AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3576 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3577 [[ u_int64_t a; a = 1;]])], 3578 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3579 ]) 3580]) 3581if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3582 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3583 have_u_int64_t=1 3584fi 3585 3586if (test -z "$have_u_int64_t" && \ 3587 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3588then 3589 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3590 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3591 [[ u_int64_t a; a = 1]])], 3592 [ 3593 AC_DEFINE([HAVE_U_INT64_T]) 3594 AC_MSG_RESULT([yes]) 3595 ], [ AC_MSG_RESULT([no]) 3596 ]) 3597fi 3598 3599if test -z "$have_u_intxx_t" ; then 3600 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3601 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3602#include <sys/types.h> 3603 ]], [[ 3604 uint8_t a; 3605 uint16_t b; 3606 uint32_t c; 3607 a = b = c = 1; 3608 ]])], 3609 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3610 ]) 3611 ]) 3612 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3613 AC_DEFINE([HAVE_UINTXX_T], [1], 3614 [define if you have uintxx_t data type]) 3615 fi 3616fi 3617 3618if (test -z "$have_uintxx_t" && \ 3619 test "x$ac_cv_header_stdint_h" = "xyes") 3620then 3621 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3622 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3623 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3624 [ 3625 AC_DEFINE([HAVE_UINTXX_T]) 3626 AC_MSG_RESULT([yes]) 3627 ], [ AC_MSG_RESULT([no]) 3628 ]) 3629fi 3630 3631if (test -z "$have_uintxx_t" && \ 3632 test "x$ac_cv_header_inttypes_h" = "xyes") 3633then 3634 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3635 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3636 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3637 [ 3638 AC_DEFINE([HAVE_UINTXX_T]) 3639 AC_MSG_RESULT([yes]) 3640 ], [ AC_MSG_RESULT([no]) 3641 ]) 3642fi 3643 3644if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3645 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3646then 3647 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3649#include <sys/bitypes.h> 3650 ]], [[ 3651 int8_t a; int16_t b; int32_t c; 3652 u_int8_t e; u_int16_t f; u_int32_t g; 3653 a = b = c = e = f = g = 1; 3654 ]])], 3655 [ 3656 AC_DEFINE([HAVE_U_INTXX_T]) 3657 AC_DEFINE([HAVE_INTXX_T]) 3658 AC_MSG_RESULT([yes]) 3659 ], [AC_MSG_RESULT([no]) 3660 ]) 3661fi 3662 3663 3664AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3665 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3666 [[ u_char foo; foo = 125; ]])], 3667 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3668 ]) 3669]) 3670if test "x$ac_cv_have_u_char" = "xyes" ; then 3671 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3672fi 3673 3674AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3675#include <sys/types.h> 3676#include <stdint.h> 3677]) 3678 3679TYPE_SOCKLEN_T 3680 3681AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3682AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3683#include <sys/types.h> 3684#ifdef HAVE_SYS_BITYPES_H 3685#include <sys/bitypes.h> 3686#endif 3687#ifdef HAVE_SYS_STATFS_H 3688#include <sys/statfs.h> 3689#endif 3690#ifdef HAVE_SYS_STATVFS_H 3691#include <sys/statvfs.h> 3692#endif 3693]) 3694 3695AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3696[#include <sys/types.h> 3697#include <netinet/in.h>]) 3698 3699AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3700 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3701 [[ size_t foo; foo = 1235; ]])], 3702 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3703 ]) 3704]) 3705if test "x$ac_cv_have_size_t" = "xyes" ; then 3706 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3707fi 3708 3709AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3710 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3711 [[ ssize_t foo; foo = 1235; ]])], 3712 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3713 ]) 3714]) 3715if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3716 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3717fi 3718 3719AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3720 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3721 [[ clock_t foo; foo = 1235; ]])], 3722 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3723 ]) 3724]) 3725if test "x$ac_cv_have_clock_t" = "xyes" ; then 3726 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3727fi 3728 3729AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3730 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3731#include <sys/types.h> 3732#include <sys/socket.h> 3733 ]], [[ sa_family_t foo; foo = 1235; ]])], 3734 [ ac_cv_have_sa_family_t="yes" ], 3735 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3736#include <sys/types.h> 3737#include <sys/socket.h> 3738#include <netinet/in.h> 3739 ]], [[ sa_family_t foo; foo = 1235; ]])], 3740 [ ac_cv_have_sa_family_t="yes" ], 3741 [ ac_cv_have_sa_family_t="no" ] 3742 ) 3743 ]) 3744]) 3745if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3746 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3747 [define if you have sa_family_t data type]) 3748fi 3749 3750AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3751 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3752 [[ pid_t foo; foo = 1235; ]])], 3753 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3754 ]) 3755]) 3756if test "x$ac_cv_have_pid_t" = "xyes" ; then 3757 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3758fi 3759 3760AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3761 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3762 [[ mode_t foo; foo = 1235; ]])], 3763 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3764 ]) 3765]) 3766if test "x$ac_cv_have_mode_t" = "xyes" ; then 3767 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3768fi 3769 3770 3771AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3772 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3773#include <sys/types.h> 3774#include <sys/socket.h> 3775 ]], [[ struct sockaddr_storage s; ]])], 3776 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3777 [ ac_cv_have_struct_sockaddr_storage="no" 3778 ]) 3779]) 3780if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3781 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3782 [define if you have struct sockaddr_storage data type]) 3783fi 3784 3785AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3786 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3787#include <sys/types.h> 3788#include <netinet/in.h> 3789 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3790 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3791 [ ac_cv_have_struct_sockaddr_in6="no" 3792 ]) 3793]) 3794if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3795 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3796 [define if you have struct sockaddr_in6 data type]) 3797fi 3798 3799AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3800 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3801#include <sys/types.h> 3802#include <netinet/in.h> 3803 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3804 [ ac_cv_have_struct_in6_addr="yes" ], 3805 [ ac_cv_have_struct_in6_addr="no" 3806 ]) 3807]) 3808if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3809 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3810 [define if you have struct in6_addr data type]) 3811 3812dnl Now check for sin6_scope_id 3813 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3814 [ 3815#ifdef HAVE_SYS_TYPES_H 3816#include <sys/types.h> 3817#endif 3818#include <netinet/in.h> 3819 ]) 3820fi 3821 3822AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3823 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3824#include <sys/types.h> 3825#include <sys/socket.h> 3826#include <netdb.h> 3827 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3828 [ ac_cv_have_struct_addrinfo="yes" ], 3829 [ ac_cv_have_struct_addrinfo="no" 3830 ]) 3831]) 3832if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3833 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3834 [define if you have struct addrinfo data type]) 3835fi 3836 3837AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3838 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3839 [[ struct timeval tv; tv.tv_sec = 1;]])], 3840 [ ac_cv_have_struct_timeval="yes" ], 3841 [ ac_cv_have_struct_timeval="no" 3842 ]) 3843]) 3844if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3845 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3846 have_struct_timeval=1 3847fi 3848 3849AC_CHECK_TYPES([struct timespec]) 3850 3851# We need int64_t or else certian parts of the compile will fail. 3852if test "x$ac_cv_have_int64_t" = "xno" && \ 3853 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3854 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3855 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3856 echo "an alternative compiler (I.E., GCC) before continuing." 3857 echo "" 3858 exit 1; 3859else 3860dnl test snprintf (broken on SCO w/gcc) 3861 AC_RUN_IFELSE( 3862 [AC_LANG_SOURCE([[ 3863#include <stdio.h> 3864#include <string.h> 3865#ifdef HAVE_SNPRINTF 3866main() 3867{ 3868 char buf[50]; 3869 char expected_out[50]; 3870 int mazsize = 50 ; 3871#if (SIZEOF_LONG_INT == 8) 3872 long int num = 0x7fffffffffffffff; 3873#else 3874 long long num = 0x7fffffffffffffffll; 3875#endif 3876 strcpy(expected_out, "9223372036854775807"); 3877 snprintf(buf, mazsize, "%lld", num); 3878 if(strcmp(buf, expected_out) != 0) 3879 exit(1); 3880 exit(0); 3881} 3882#else 3883main() { exit(0); } 3884#endif 3885 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3886 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3887 ) 3888fi 3889 3890dnl Checks for structure members 3891OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3892OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3893OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3894OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3895OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3896OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3897OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3898OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3899OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3900OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3901OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3902OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3903OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3904OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3905OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3906OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3907OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3908 3909AC_CHECK_MEMBERS([struct stat.st_blksize]) 3910AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3911struct passwd.pw_change, struct passwd.pw_expire], 3912[], [], [[ 3913#include <sys/types.h> 3914#include <pwd.h> 3915]]) 3916 3917AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3918 [Define if we don't have struct __res_state in resolv.h])], 3919[[ 3920#include <stdio.h> 3921#if HAVE_SYS_TYPES_H 3922# include <sys/types.h> 3923#endif 3924#include <netinet/in.h> 3925#include <arpa/nameser.h> 3926#include <resolv.h> 3927]]) 3928 3929AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3930 ac_cv_have_ss_family_in_struct_ss, [ 3931 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3932#include <sys/types.h> 3933#include <sys/socket.h> 3934 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3935 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3936 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3937]) 3938if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3939 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3940fi 3941 3942AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3943 ac_cv_have___ss_family_in_struct_ss, [ 3944 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3945#include <sys/types.h> 3946#include <sys/socket.h> 3947 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3948 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3949 [ ac_cv_have___ss_family_in_struct_ss="no" 3950 ]) 3951]) 3952if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3953 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3954 [Fields in struct sockaddr_storage]) 3955fi 3956 3957dnl make sure we're using the real structure members and not defines 3958AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3959 ac_cv_have_accrights_in_msghdr, [ 3960 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3961#include <sys/types.h> 3962#include <sys/socket.h> 3963#include <sys/uio.h> 3964 ]], [[ 3965#ifdef msg_accrights 3966#error "msg_accrights is a macro" 3967exit(1); 3968#endif 3969struct msghdr m; 3970m.msg_accrights = 0; 3971exit(0); 3972 ]])], 3973 [ ac_cv_have_accrights_in_msghdr="yes" ], 3974 [ ac_cv_have_accrights_in_msghdr="no" ] 3975 ) 3976]) 3977if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3978 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3979 [Define if your system uses access rights style 3980 file descriptor passing]) 3981fi 3982 3983AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3984AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3985#include <sys/param.h> 3986#include <sys/stat.h> 3987#ifdef HAVE_SYS_TIME_H 3988# include <sys/time.h> 3989#endif 3990#ifdef HAVE_SYS_MOUNT_H 3991#include <sys/mount.h> 3992#endif 3993#ifdef HAVE_SYS_STATVFS_H 3994#include <sys/statvfs.h> 3995#endif 3996 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3997 [ AC_MSG_RESULT([yes]) ], 3998 [ AC_MSG_RESULT([no]) 3999 4000 AC_MSG_CHECKING([if fsid_t has member val]) 4001 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4002#include <sys/types.h> 4003#include <sys/statvfs.h> 4004 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4005 [ AC_MSG_RESULT([yes]) 4006 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4007 [ AC_MSG_RESULT([no]) ]) 4008 4009 AC_MSG_CHECKING([if f_fsid has member __val]) 4010 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4011#include <sys/types.h> 4012#include <sys/statvfs.h> 4013 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4014 [ AC_MSG_RESULT([yes]) 4015 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4016 [ AC_MSG_RESULT([no]) ]) 4017]) 4018 4019AC_CACHE_CHECK([for msg_control field in struct msghdr], 4020 ac_cv_have_control_in_msghdr, [ 4021 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4022#include <sys/types.h> 4023#include <sys/socket.h> 4024#include <sys/uio.h> 4025 ]], [[ 4026#ifdef msg_control 4027#error "msg_control is a macro" 4028exit(1); 4029#endif 4030struct msghdr m; 4031m.msg_control = 0; 4032exit(0); 4033 ]])], 4034 [ ac_cv_have_control_in_msghdr="yes" ], 4035 [ ac_cv_have_control_in_msghdr="no" ] 4036 ) 4037]) 4038if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4039 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4040 [Define if your system uses ancillary data style 4041 file descriptor passing]) 4042fi 4043 4044AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4045 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4046 [[ extern char *__progname; printf("%s", __progname); ]])], 4047 [ ac_cv_libc_defines___progname="yes" ], 4048 [ ac_cv_libc_defines___progname="no" 4049 ]) 4050]) 4051if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4052 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4053fi 4054 4055AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4056 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4057 [[ printf("%s", __FUNCTION__); ]])], 4058 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4059 [ ac_cv_cc_implements___FUNCTION__="no" 4060 ]) 4061]) 4062if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4063 AC_DEFINE([HAVE___FUNCTION__], [1], 4064 [Define if compiler implements __FUNCTION__]) 4065fi 4066 4067AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4068 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4069 [[ printf("%s", __func__); ]])], 4070 [ ac_cv_cc_implements___func__="yes" ], 4071 [ ac_cv_cc_implements___func__="no" 4072 ]) 4073]) 4074if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4075 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4076fi 4077 4078AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4079 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4080#include <stdarg.h> 4081va_list x,y; 4082 ]], [[ va_copy(x,y); ]])], 4083 [ ac_cv_have_va_copy="yes" ], 4084 [ ac_cv_have_va_copy="no" 4085 ]) 4086]) 4087if test "x$ac_cv_have_va_copy" = "xyes" ; then 4088 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4089fi 4090 4091AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4092 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4093#include <stdarg.h> 4094va_list x,y; 4095 ]], [[ __va_copy(x,y); ]])], 4096 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4097 ]) 4098]) 4099if test "x$ac_cv_have___va_copy" = "xyes" ; then 4100 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4101fi 4102 4103AC_CACHE_CHECK([whether getopt has optreset support], 4104 ac_cv_have_getopt_optreset, [ 4105 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4106 [[ extern int optreset; optreset = 0; ]])], 4107 [ ac_cv_have_getopt_optreset="yes" ], 4108 [ ac_cv_have_getopt_optreset="no" 4109 ]) 4110]) 4111if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4112 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4113 [Define if your getopt(3) defines and uses optreset]) 4114fi 4115 4116AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4117 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4118[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4119 [ ac_cv_libc_defines_sys_errlist="yes" ], 4120 [ ac_cv_libc_defines_sys_errlist="no" 4121 ]) 4122]) 4123if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4124 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4125 [Define if your system defines sys_errlist[]]) 4126fi 4127 4128 4129AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4130 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4131[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4132 [ ac_cv_libc_defines_sys_nerr="yes" ], 4133 [ ac_cv_libc_defines_sys_nerr="no" 4134 ]) 4135]) 4136if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4137 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4138fi 4139 4140# Check libraries needed by DNS fingerprint support 4141AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4142 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4143 [Define if getrrsetbyname() exists])], 4144 [ 4145 # Needed by our getrrsetbyname() 4146 AC_SEARCH_LIBS([res_query], [resolv]) 4147 AC_SEARCH_LIBS([dn_expand], [resolv]) 4148 AC_MSG_CHECKING([if res_query will link]) 4149 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4150#include <sys/types.h> 4151#include <netinet/in.h> 4152#include <arpa/nameser.h> 4153#include <netdb.h> 4154#include <resolv.h> 4155 ]], [[ 4156 res_query (0, 0, 0, 0, 0); 4157 ]])], 4158 AC_MSG_RESULT([yes]), 4159 [AC_MSG_RESULT([no]) 4160 saved_LIBS="$LIBS" 4161 LIBS="$LIBS -lresolv" 4162 AC_MSG_CHECKING([for res_query in -lresolv]) 4163 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4164#include <sys/types.h> 4165#include <netinet/in.h> 4166#include <arpa/nameser.h> 4167#include <netdb.h> 4168#include <resolv.h> 4169 ]], [[ 4170 res_query (0, 0, 0, 0, 0); 4171 ]])], 4172 [AC_MSG_RESULT([yes])], 4173 [LIBS="$saved_LIBS" 4174 AC_MSG_RESULT([no])]) 4175 ]) 4176 AC_CHECK_FUNCS([_getshort _getlong]) 4177 AC_CHECK_DECLS([_getshort, _getlong], , , 4178 [#include <sys/types.h> 4179 #include <arpa/nameser.h>]) 4180 AC_CHECK_MEMBER([HEADER.ad], 4181 [AC_DEFINE([HAVE_HEADER_AD], [1], 4182 [Define if HEADER.ad exists in arpa/nameser.h])], , 4183 [#include <arpa/nameser.h>]) 4184 ]) 4185 4186AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4187AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4188#include <stdio.h> 4189#if HAVE_SYS_TYPES_H 4190# include <sys/types.h> 4191#endif 4192#include <netinet/in.h> 4193#include <arpa/nameser.h> 4194#include <resolv.h> 4195extern struct __res_state _res; 4196 ]], [[ 4197struct __res_state *volatile p = &_res; /* force resolution of _res */ 4198return 0; 4199 ]],)], 4200 [AC_MSG_RESULT([yes]) 4201 AC_DEFINE([HAVE__RES_EXTERN], [1], 4202 [Define if you have struct __res_state _res as an extern]) 4203 ], 4204 [ AC_MSG_RESULT([no]) ] 4205) 4206 4207# Check whether user wants SELinux support 4208SELINUX_MSG="no" 4209LIBSELINUX="" 4210AC_ARG_WITH([selinux], 4211 [ --with-selinux Enable SELinux support], 4212 [ if test "x$withval" != "xno" ; then 4213 save_LIBS="$LIBS" 4214 AC_DEFINE([WITH_SELINUX], [1], 4215 [Define if you want SELinux support.]) 4216 SELINUX_MSG="yes" 4217 AC_CHECK_HEADER([selinux/selinux.h], , 4218 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4219 AC_CHECK_LIB([selinux], [setexeccon], 4220 [ LIBSELINUX="-lselinux" 4221 LIBS="$LIBS -lselinux" 4222 ], 4223 AC_MSG_ERROR([SELinux support requires libselinux library])) 4224 SSHLIBS="$SSHLIBS $LIBSELINUX" 4225 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4226 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4227 LIBS="$save_LIBS" 4228 fi ] 4229) 4230AC_SUBST([SSHLIBS]) 4231AC_SUBST([SSHDLIBS]) 4232 4233# Check whether user wants Kerberos 5 support 4234KRB5_MSG="no" 4235AC_ARG_WITH([kerberos5], 4236 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4237 [ if test "x$withval" != "xno" ; then 4238 if test "x$withval" = "xyes" ; then 4239 KRB5ROOT="/usr/local" 4240 else 4241 KRB5ROOT=${withval} 4242 fi 4243 4244 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4245 KRB5_MSG="yes" 4246 4247 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4248 [$KRB5ROOT/bin/krb5-config], 4249 [$KRB5ROOT/bin:$PATH]) 4250 if test -x $KRB5CONF ; then 4251 K5CFLAGS="`$KRB5CONF --cflags`" 4252 K5LIBS="`$KRB5CONF --libs`" 4253 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4254 4255 AC_MSG_CHECKING([for gssapi support]) 4256 if $KRB5CONF | grep gssapi >/dev/null ; then 4257 AC_MSG_RESULT([yes]) 4258 AC_DEFINE([GSSAPI], [1], 4259 [Define this if you want GSSAPI 4260 support in the version 2 protocol]) 4261 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4262 GSSLIBS="`$KRB5CONF --libs gssapi`" 4263 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4264 else 4265 AC_MSG_RESULT([no]) 4266 fi 4267 AC_MSG_CHECKING([whether we are using Heimdal]) 4268 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4269 ]], [[ char *tmp = heimdal_version; ]])], 4270 [ AC_MSG_RESULT([yes]) 4271 AC_DEFINE([HEIMDAL], [1], 4272 [Define this if you are using the Heimdal 4273 version of Kerberos V5]) ], 4274 [AC_MSG_RESULT([no]) 4275 ]) 4276 else 4277 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4278 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4279 AC_MSG_CHECKING([whether we are using Heimdal]) 4280 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4281 ]], [[ char *tmp = heimdal_version; ]])], 4282 [ AC_MSG_RESULT([yes]) 4283 AC_DEFINE([HEIMDAL]) 4284 K5LIBS="-lkrb5" 4285 K5LIBS="$K5LIBS -lcom_err -lasn1" 4286 AC_CHECK_LIB([roken], [net_write], 4287 [K5LIBS="$K5LIBS -lroken"]) 4288 AC_CHECK_LIB([des], [des_cbc_encrypt], 4289 [K5LIBS="$K5LIBS -ldes"]) 4290 ], [ AC_MSG_RESULT([no]) 4291 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4292 ]) 4293 AC_SEARCH_LIBS([dn_expand], [resolv]) 4294 4295 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4296 [ AC_DEFINE([GSSAPI]) 4297 GSSLIBS="-lgssapi_krb5" ], 4298 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4299 [ AC_DEFINE([GSSAPI]) 4300 GSSLIBS="-lgssapi" ], 4301 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4302 [ AC_DEFINE([GSSAPI]) 4303 GSSLIBS="-lgss" ], 4304 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4305 ]) 4306 ]) 4307 4308 AC_CHECK_HEADER([gssapi.h], , 4309 [ unset ac_cv_header_gssapi_h 4310 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4311 AC_CHECK_HEADERS([gssapi.h], , 4312 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4313 ) 4314 ] 4315 ) 4316 4317 oldCPP="$CPPFLAGS" 4318 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4319 AC_CHECK_HEADER([gssapi_krb5.h], , 4320 [ CPPFLAGS="$oldCPP" ]) 4321 4322 fi 4323 if test ! -z "$need_dash_r" ; then 4324 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4325 fi 4326 if test ! -z "$blibpath" ; then 4327 blibpath="$blibpath:${KRB5ROOT}/lib" 4328 fi 4329 4330 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4331 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4332 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4333 4334 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4335 [Define this if you want to use libkafs' AFS support])]) 4336 4337 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4338#ifdef HAVE_GSSAPI_H 4339# include <gssapi.h> 4340#elif defined(HAVE_GSSAPI_GSSAPI_H) 4341# include <gssapi/gssapi.h> 4342#endif 4343 4344#ifdef HAVE_GSSAPI_GENERIC_H 4345# include <gssapi_generic.h> 4346#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4347# include <gssapi/gssapi_generic.h> 4348#endif 4349 ]]) 4350 saved_LIBS="$LIBS" 4351 LIBS="$LIBS $K5LIBS" 4352 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4353 LIBS="$saved_LIBS" 4354 4355 fi 4356 ] 4357) 4358AC_SUBST([GSSLIBS]) 4359AC_SUBST([K5LIBS]) 4360 4361# Looking for programs, paths and files 4362 4363PRIVSEP_PATH=/var/empty 4364AC_ARG_WITH([privsep-path], 4365 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4366 [ 4367 if test -n "$withval" && test "x$withval" != "xno" && \ 4368 test "x${withval}" != "xyes"; then 4369 PRIVSEP_PATH=$withval 4370 fi 4371 ] 4372) 4373AC_SUBST([PRIVSEP_PATH]) 4374 4375AC_ARG_WITH([xauth], 4376 [ --with-xauth=PATH Specify path to xauth program ], 4377 [ 4378 if test -n "$withval" && test "x$withval" != "xno" && \ 4379 test "x${withval}" != "xyes"; then 4380 xauth_path=$withval 4381 fi 4382 ], 4383 [ 4384 TestPath="$PATH" 4385 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4386 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4387 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4388 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4389 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4390 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4391 xauth_path="/usr/openwin/bin/xauth" 4392 fi 4393 ] 4394) 4395 4396STRIP_OPT=-s 4397AC_ARG_ENABLE([strip], 4398 [ --disable-strip Disable calling strip(1) on install], 4399 [ 4400 if test "x$enableval" = "xno" ; then 4401 STRIP_OPT= 4402 fi 4403 ] 4404) 4405AC_SUBST([STRIP_OPT]) 4406 4407if test -z "$xauth_path" ; then 4408 XAUTH_PATH="undefined" 4409 AC_SUBST([XAUTH_PATH]) 4410else 4411 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4412 [Define if xauth is found in your path]) 4413 XAUTH_PATH=$xauth_path 4414 AC_SUBST([XAUTH_PATH]) 4415fi 4416 4417dnl # --with-maildir=/path/to/mail gets top priority. 4418dnl # if maildir is set in the platform case statement above we use that. 4419dnl # Otherwise we run a program to get the dir from system headers. 4420dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4421dnl # If we find _PATH_MAILDIR we do nothing because that is what 4422dnl # session.c expects anyway. Otherwise we set to the value found 4423dnl # stripping any trailing slash. If for some strage reason our program 4424dnl # does not find what it needs, we default to /var/spool/mail. 4425# Check for mail directory 4426AC_ARG_WITH([maildir], 4427 [ --with-maildir=/path/to/mail Specify your system mail directory], 4428 [ 4429 if test "X$withval" != X && test "x$withval" != xno && \ 4430 test "x${withval}" != xyes; then 4431 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4432 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4433 fi 4434 ],[ 4435 if test "X$maildir" != "X"; then 4436 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4437 else 4438 AC_MSG_CHECKING([Discovering system mail directory]) 4439 AC_RUN_IFELSE( 4440 [AC_LANG_PROGRAM([[ 4441#include <stdio.h> 4442#include <string.h> 4443#ifdef HAVE_PATHS_H 4444#include <paths.h> 4445#endif 4446#ifdef HAVE_MAILLOCK_H 4447#include <maillock.h> 4448#endif 4449#define DATA "conftest.maildir" 4450 ]], [[ 4451 FILE *fd; 4452 int rc; 4453 4454 fd = fopen(DATA,"w"); 4455 if(fd == NULL) 4456 exit(1); 4457 4458#if defined (_PATH_MAILDIR) 4459 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4460 exit(1); 4461#elif defined (MAILDIR) 4462 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4463 exit(1); 4464#elif defined (_PATH_MAIL) 4465 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4466 exit(1); 4467#else 4468 exit (2); 4469#endif 4470 4471 exit(0); 4472 ]])], 4473 [ 4474 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4475 maildir=`awk -F: '{print $2}' conftest.maildir \ 4476 | sed 's|/$||'` 4477 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4478 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4479 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4480 fi 4481 ], 4482 [ 4483 if test "X$ac_status" = "X2";then 4484# our test program didn't find it. Default to /var/spool/mail 4485 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4486 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4487 else 4488 AC_MSG_RESULT([*** not found ***]) 4489 fi 4490 ], 4491 [ 4492 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4493 ] 4494 ) 4495 fi 4496 ] 4497) # maildir 4498 4499if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4500 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4501 disable_ptmx_check=yes 4502fi 4503if test -z "$no_dev_ptmx" ; then 4504 if test "x$disable_ptmx_check" != "xyes" ; then 4505 AC_CHECK_FILE(["/dev/ptmx"], 4506 [ 4507 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4508 [Define if you have /dev/ptmx]) 4509 have_dev_ptmx=1 4510 ] 4511 ) 4512 fi 4513fi 4514 4515if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4516 AC_CHECK_FILE(["/dev/ptc"], 4517 [ 4518 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4519 [Define if you have /dev/ptc]) 4520 have_dev_ptc=1 4521 ] 4522 ) 4523else 4524 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4525fi 4526 4527# Options from here on. Some of these are preset by platform above 4528AC_ARG_WITH([mantype], 4529 [ --with-mantype=man|cat|doc Set man page type], 4530 [ 4531 case "$withval" in 4532 man|cat|doc) 4533 MANTYPE=$withval 4534 ;; 4535 *) 4536 AC_MSG_ERROR([invalid man type: $withval]) 4537 ;; 4538 esac 4539 ] 4540) 4541if test -z "$MANTYPE"; then 4542 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4543 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4544 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4545 MANTYPE=doc 4546 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4547 MANTYPE=man 4548 else 4549 MANTYPE=cat 4550 fi 4551fi 4552AC_SUBST([MANTYPE]) 4553if test "$MANTYPE" = "doc"; then 4554 mansubdir=man; 4555else 4556 mansubdir=$MANTYPE; 4557fi 4558AC_SUBST([mansubdir]) 4559 4560# Check whether to enable MD5 passwords 4561MD5_MSG="no" 4562AC_ARG_WITH([md5-passwords], 4563 [ --with-md5-passwords Enable use of MD5 passwords], 4564 [ 4565 if test "x$withval" != "xno" ; then 4566 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4567 [Define if you want to allow MD5 passwords]) 4568 MD5_MSG="yes" 4569 fi 4570 ] 4571) 4572 4573# Whether to disable shadow password support 4574AC_ARG_WITH([shadow], 4575 [ --without-shadow Disable shadow password support], 4576 [ 4577 if test "x$withval" = "xno" ; then 4578 AC_DEFINE([DISABLE_SHADOW]) 4579 disable_shadow=yes 4580 fi 4581 ] 4582) 4583 4584if test -z "$disable_shadow" ; then 4585 AC_MSG_CHECKING([if the systems has expire shadow information]) 4586 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4587#include <sys/types.h> 4588#include <shadow.h> 4589struct spwd sp; 4590 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4591 [ sp_expire_available=yes ], [ 4592 ]) 4593 4594 if test "x$sp_expire_available" = "xyes" ; then 4595 AC_MSG_RESULT([yes]) 4596 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4597 [Define if you want to use shadow password expire field]) 4598 else 4599 AC_MSG_RESULT([no]) 4600 fi 4601fi 4602 4603# Use ip address instead of hostname in $DISPLAY 4604if test ! -z "$IPADDR_IN_DISPLAY" ; then 4605 DISPLAY_HACK_MSG="yes" 4606 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4607 [Define if you need to use IP address 4608 instead of hostname in $DISPLAY]) 4609else 4610 DISPLAY_HACK_MSG="no" 4611 AC_ARG_WITH([ipaddr-display], 4612 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4613 [ 4614 if test "x$withval" != "xno" ; then 4615 AC_DEFINE([IPADDR_IN_DISPLAY]) 4616 DISPLAY_HACK_MSG="yes" 4617 fi 4618 ] 4619 ) 4620fi 4621 4622# check for /etc/default/login and use it if present. 4623AC_ARG_ENABLE([etc-default-login], 4624 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4625 [ if test "x$enableval" = "xno"; then 4626 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4627 etc_default_login=no 4628 else 4629 etc_default_login=yes 4630 fi ], 4631 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4632 then 4633 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4634 etc_default_login=no 4635 else 4636 etc_default_login=yes 4637 fi ] 4638) 4639 4640if test "x$etc_default_login" != "xno"; then 4641 AC_CHECK_FILE(["/etc/default/login"], 4642 [ external_path_file=/etc/default/login ]) 4643 if test "x$external_path_file" = "x/etc/default/login"; then 4644 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4645 [Define if your system has /etc/default/login]) 4646 fi 4647fi 4648 4649dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4650if test $ac_cv_func_login_getcapbool = "yes" && \ 4651 test $ac_cv_header_login_cap_h = "yes" ; then 4652 external_path_file=/etc/login.conf 4653fi 4654 4655# Whether to mess with the default path 4656SERVER_PATH_MSG="(default)" 4657AC_ARG_WITH([default-path], 4658 [ --with-default-path= Specify default $PATH environment for server], 4659 [ 4660 if test "x$external_path_file" = "x/etc/login.conf" ; then 4661 AC_MSG_WARN([ 4662--with-default-path=PATH has no effect on this system. 4663Edit /etc/login.conf instead.]) 4664 elif test "x$withval" != "xno" ; then 4665 if test ! -z "$external_path_file" ; then 4666 AC_MSG_WARN([ 4667--with-default-path=PATH will only be used if PATH is not defined in 4668$external_path_file .]) 4669 fi 4670 user_path="$withval" 4671 SERVER_PATH_MSG="$withval" 4672 fi 4673 ], 4674 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4675 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4676 else 4677 if test ! -z "$external_path_file" ; then 4678 AC_MSG_WARN([ 4679If PATH is defined in $external_path_file, ensure the path to scp is included, 4680otherwise scp will not work.]) 4681 fi 4682 AC_RUN_IFELSE( 4683 [AC_LANG_PROGRAM([[ 4684/* find out what STDPATH is */ 4685#include <stdio.h> 4686#ifdef HAVE_PATHS_H 4687# include <paths.h> 4688#endif 4689#ifndef _PATH_STDPATH 4690# ifdef _PATH_USERPATH /* Irix */ 4691# define _PATH_STDPATH _PATH_USERPATH 4692# else 4693# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4694# endif 4695#endif 4696#include <sys/types.h> 4697#include <sys/stat.h> 4698#include <fcntl.h> 4699#define DATA "conftest.stdpath" 4700 ]], [[ 4701 FILE *fd; 4702 int rc; 4703 4704 fd = fopen(DATA,"w"); 4705 if(fd == NULL) 4706 exit(1); 4707 4708 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4709 exit(1); 4710 4711 exit(0); 4712 ]])], 4713 [ user_path=`cat conftest.stdpath` ], 4714 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4715 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4716 ) 4717# make sure $bindir is in USER_PATH so scp will work 4718 t_bindir="${bindir}" 4719 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4720 t_bindir=`eval echo ${t_bindir}` 4721 case $t_bindir in 4722 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4723 esac 4724 case $t_bindir in 4725 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4726 esac 4727 done 4728 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4729 if test $? -ne 0 ; then 4730 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4731 if test $? -ne 0 ; then 4732 user_path=$user_path:$t_bindir 4733 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4734 fi 4735 fi 4736 fi ] 4737) 4738if test "x$external_path_file" != "x/etc/login.conf" ; then 4739 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4740 AC_SUBST([user_path]) 4741fi 4742 4743# Set superuser path separately to user path 4744AC_ARG_WITH([superuser-path], 4745 [ --with-superuser-path= Specify different path for super-user], 4746 [ 4747 if test -n "$withval" && test "x$withval" != "xno" && \ 4748 test "x${withval}" != "xyes"; then 4749 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4750 [Define if you want a different $PATH 4751 for the superuser]) 4752 superuser_path=$withval 4753 fi 4754 ] 4755) 4756 4757 4758AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4759IPV4_IN6_HACK_MSG="no" 4760AC_ARG_WITH(4in6, 4761 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4762 [ 4763 if test "x$withval" != "xno" ; then 4764 AC_MSG_RESULT([yes]) 4765 AC_DEFINE([IPV4_IN_IPV6], [1], 4766 [Detect IPv4 in IPv6 mapped addresses 4767 and treat as IPv4]) 4768 IPV4_IN6_HACK_MSG="yes" 4769 else 4770 AC_MSG_RESULT([no]) 4771 fi 4772 ], [ 4773 if test "x$inet6_default_4in6" = "xyes"; then 4774 AC_MSG_RESULT([yes (default)]) 4775 AC_DEFINE([IPV4_IN_IPV6]) 4776 IPV4_IN6_HACK_MSG="yes" 4777 else 4778 AC_MSG_RESULT([no (default)]) 4779 fi 4780 ] 4781) 4782 4783# Whether to enable BSD auth support 4784BSD_AUTH_MSG=no 4785AC_ARG_WITH([bsd-auth], 4786 [ --with-bsd-auth Enable BSD auth support], 4787 [ 4788 if test "x$withval" != "xno" ; then 4789 AC_DEFINE([BSD_AUTH], [1], 4790 [Define if you have BSD auth support]) 4791 BSD_AUTH_MSG=yes 4792 fi 4793 ] 4794) 4795 4796# Where to place sshd.pid 4797piddir=/var/run 4798# make sure the directory exists 4799if test ! -d $piddir ; then 4800 piddir=`eval echo ${sysconfdir}` 4801 case $piddir in 4802 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4803 esac 4804fi 4805 4806AC_ARG_WITH([pid-dir], 4807 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4808 [ 4809 if test -n "$withval" && test "x$withval" != "xno" && \ 4810 test "x${withval}" != "xyes"; then 4811 piddir=$withval 4812 if test ! -d $piddir ; then 4813 AC_MSG_WARN([** no $piddir directory on this system **]) 4814 fi 4815 fi 4816 ] 4817) 4818 4819AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4820 [Specify location of ssh.pid]) 4821AC_SUBST([piddir]) 4822 4823dnl allow user to disable some login recording features 4824AC_ARG_ENABLE([lastlog], 4825 [ --disable-lastlog disable use of lastlog even if detected [no]], 4826 [ 4827 if test "x$enableval" = "xno" ; then 4828 AC_DEFINE([DISABLE_LASTLOG]) 4829 fi 4830 ] 4831) 4832AC_ARG_ENABLE([utmp], 4833 [ --disable-utmp disable use of utmp even if detected [no]], 4834 [ 4835 if test "x$enableval" = "xno" ; then 4836 AC_DEFINE([DISABLE_UTMP]) 4837 fi 4838 ] 4839) 4840AC_ARG_ENABLE([utmpx], 4841 [ --disable-utmpx disable use of utmpx even if detected [no]], 4842 [ 4843 if test "x$enableval" = "xno" ; then 4844 AC_DEFINE([DISABLE_UTMPX], [1], 4845 [Define if you don't want to use utmpx]) 4846 fi 4847 ] 4848) 4849AC_ARG_ENABLE([wtmp], 4850 [ --disable-wtmp disable use of wtmp even if detected [no]], 4851 [ 4852 if test "x$enableval" = "xno" ; then 4853 AC_DEFINE([DISABLE_WTMP]) 4854 fi 4855 ] 4856) 4857AC_ARG_ENABLE([wtmpx], 4858 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4859 [ 4860 if test "x$enableval" = "xno" ; then 4861 AC_DEFINE([DISABLE_WTMPX], [1], 4862 [Define if you don't want to use wtmpx]) 4863 fi 4864 ] 4865) 4866AC_ARG_ENABLE([libutil], 4867 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4868 [ 4869 if test "x$enableval" = "xno" ; then 4870 AC_DEFINE([DISABLE_LOGIN]) 4871 fi 4872 ] 4873) 4874AC_ARG_ENABLE([pututline], 4875 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4876 [ 4877 if test "x$enableval" = "xno" ; then 4878 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4879 [Define if you don't want to use pututline() 4880 etc. to write [uw]tmp]) 4881 fi 4882 ] 4883) 4884AC_ARG_ENABLE([pututxline], 4885 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4886 [ 4887 if test "x$enableval" = "xno" ; then 4888 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4889 [Define if you don't want to use pututxline() 4890 etc. to write [uw]tmpx]) 4891 fi 4892 ] 4893) 4894AC_ARG_WITH([lastlog], 4895 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4896 [ 4897 if test "x$withval" = "xno" ; then 4898 AC_DEFINE([DISABLE_LASTLOG]) 4899 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4900 conf_lastlog_location=$withval 4901 fi 4902 ] 4903) 4904 4905dnl lastlog, [uw]tmpx? detection 4906dnl NOTE: set the paths in the platform section to avoid the 4907dnl need for command-line parameters 4908dnl lastlog and [uw]tmp are subject to a file search if all else fails 4909 4910dnl lastlog detection 4911dnl NOTE: the code itself will detect if lastlog is a directory 4912AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4913AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4914#include <sys/types.h> 4915#include <utmp.h> 4916#ifdef HAVE_LASTLOG_H 4917# include <lastlog.h> 4918#endif 4919#ifdef HAVE_PATHS_H 4920# include <paths.h> 4921#endif 4922#ifdef HAVE_LOGIN_H 4923# include <login.h> 4924#endif 4925 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4926 [ AC_MSG_RESULT([yes]) ], 4927 [ 4928 AC_MSG_RESULT([no]) 4929 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4930 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4931#include <sys/types.h> 4932#include <utmp.h> 4933#ifdef HAVE_LASTLOG_H 4934# include <lastlog.h> 4935#endif 4936#ifdef HAVE_PATHS_H 4937# include <paths.h> 4938#endif 4939 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4940 [ AC_MSG_RESULT([yes]) ], 4941 [ 4942 AC_MSG_RESULT([no]) 4943 system_lastlog_path=no 4944 ]) 4945]) 4946 4947if test -z "$conf_lastlog_location"; then 4948 if test x"$system_lastlog_path" = x"no" ; then 4949 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4950 if (test -d "$f" || test -f "$f") ; then 4951 conf_lastlog_location=$f 4952 fi 4953 done 4954 if test -z "$conf_lastlog_location"; then 4955 AC_MSG_WARN([** Cannot find lastlog **]) 4956 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4957 fi 4958 fi 4959fi 4960 4961if test -n "$conf_lastlog_location"; then 4962 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4963 [Define if you want to specify the path to your lastlog file]) 4964fi 4965 4966dnl utmp detection 4967AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4968AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4969#include <sys/types.h> 4970#include <utmp.h> 4971#ifdef HAVE_PATHS_H 4972# include <paths.h> 4973#endif 4974 ]], [[ char *utmp = UTMP_FILE; ]])], 4975 [ AC_MSG_RESULT([yes]) ], 4976 [ AC_MSG_RESULT([no]) 4977 system_utmp_path=no 4978]) 4979if test -z "$conf_utmp_location"; then 4980 if test x"$system_utmp_path" = x"no" ; then 4981 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4982 if test -f $f ; then 4983 conf_utmp_location=$f 4984 fi 4985 done 4986 if test -z "$conf_utmp_location"; then 4987 AC_DEFINE([DISABLE_UTMP]) 4988 fi 4989 fi 4990fi 4991if test -n "$conf_utmp_location"; then 4992 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4993 [Define if you want to specify the path to your utmp file]) 4994fi 4995 4996dnl wtmp detection 4997AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4998AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4999#include <sys/types.h> 5000#include <utmp.h> 5001#ifdef HAVE_PATHS_H 5002# include <paths.h> 5003#endif 5004 ]], [[ char *wtmp = WTMP_FILE; ]])], 5005 [ AC_MSG_RESULT([yes]) ], 5006 [ AC_MSG_RESULT([no]) 5007 system_wtmp_path=no 5008]) 5009if test -z "$conf_wtmp_location"; then 5010 if test x"$system_wtmp_path" = x"no" ; then 5011 for f in /usr/adm/wtmp /var/log/wtmp; do 5012 if test -f $f ; then 5013 conf_wtmp_location=$f 5014 fi 5015 done 5016 if test -z "$conf_wtmp_location"; then 5017 AC_DEFINE([DISABLE_WTMP]) 5018 fi 5019 fi 5020fi 5021if test -n "$conf_wtmp_location"; then 5022 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5023 [Define if you want to specify the path to your wtmp file]) 5024fi 5025 5026dnl wtmpx detection 5027AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5028AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5029#include <sys/types.h> 5030#include <utmp.h> 5031#ifdef HAVE_UTMPX_H 5032#include <utmpx.h> 5033#endif 5034#ifdef HAVE_PATHS_H 5035# include <paths.h> 5036#endif 5037 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5038 [ AC_MSG_RESULT([yes]) ], 5039 [ AC_MSG_RESULT([no]) 5040 system_wtmpx_path=no 5041]) 5042if test -z "$conf_wtmpx_location"; then 5043 if test x"$system_wtmpx_path" = x"no" ; then 5044 AC_DEFINE([DISABLE_WTMPX]) 5045 fi 5046else 5047 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5048 [Define if you want to specify the path to your wtmpx file]) 5049fi 5050 5051 5052if test ! -z "$blibpath" ; then 5053 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5054 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5055fi 5056 5057AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5058 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5059 AC_DEFINE([DISABLE_LASTLOG]) 5060 fi 5061 ], [ 5062#ifdef HAVE_SYS_TYPES_H 5063#include <sys/types.h> 5064#endif 5065#ifdef HAVE_UTMP_H 5066#include <utmp.h> 5067#endif 5068#ifdef HAVE_UTMPX_H 5069#include <utmpx.h> 5070#endif 5071#ifdef HAVE_LASTLOG_H 5072#include <lastlog.h> 5073#endif 5074 ]) 5075 5076AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5077 AC_DEFINE([DISABLE_UTMP]) 5078 AC_DEFINE([DISABLE_WTMP]) 5079 ], [ 5080#ifdef HAVE_SYS_TYPES_H 5081#include <sys/types.h> 5082#endif 5083#ifdef HAVE_UTMP_H 5084#include <utmp.h> 5085#endif 5086#ifdef HAVE_UTMPX_H 5087#include <utmpx.h> 5088#endif 5089#ifdef HAVE_LASTLOG_H 5090#include <lastlog.h> 5091#endif 5092 ]) 5093 5094dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5095dnl Add now. 5096CFLAGS="$CFLAGS $werror_flags" 5097 5098if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5099 TEST_SSH_IPV6=no 5100else 5101 TEST_SSH_IPV6=yes 5102fi 5103AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5104AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5105AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5106AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5107AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5108 5109AC_EXEEXT 5110AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5111 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5112 survey.sh]) 5113AC_OUTPUT 5114 5115# Print summary of options 5116 5117# Someone please show me a better way :) 5118A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5119B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5120C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5121D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5122E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5123F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5124G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5125H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5126I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5127J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5128 5129echo "" 5130echo "OpenSSH has been configured with the following options:" 5131echo " User binaries: $B" 5132echo " System binaries: $C" 5133echo " Configuration files: $D" 5134echo " Askpass program: $E" 5135echo " Manual pages: $F" 5136echo " PID file: $G" 5137echo " Privilege separation chroot path: $H" 5138if test "x$external_path_file" = "x/etc/login.conf" ; then 5139echo " At runtime, sshd will use the path defined in $external_path_file" 5140echo " Make sure the path to scp is present, otherwise scp will not work" 5141else 5142echo " sshd default user PATH: $I" 5143 if test ! -z "$external_path_file"; then 5144echo " (If PATH is set in $external_path_file it will be used instead. If" 5145echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5146 fi 5147fi 5148if test ! -z "$superuser_path" ; then 5149echo " sshd superuser user PATH: $J" 5150fi 5151echo " Manpage format: $MANTYPE" 5152echo " PAM support: $PAM_MSG" 5153echo " OSF SIA support: $SIA_MSG" 5154echo " KerberosV support: $KRB5_MSG" 5155echo " SELinux support: $SELINUX_MSG" 5156echo " Smartcard support: $SCARD_MSG" 5157echo " S/KEY support: $SKEY_MSG" 5158echo " TCP Wrappers support: $TCPW_MSG" 5159echo " MD5 password support: $MD5_MSG" 5160echo " libedit support: $LIBEDIT_MSG" 5161echo " libldns support: $LDNS_MSG" 5162echo " Solaris process contract support: $SPC_MSG" 5163echo " Solaris project support: $SP_MSG" 5164echo " Solaris privilege support: $SPP_MSG" 5165echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5166echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5167echo " BSD Auth support: $BSD_AUTH_MSG" 5168echo " Random number source: $RAND_MSG" 5169echo " Privsep sandbox style: $SANDBOX_STYLE" 5170 5171echo "" 5172 5173echo " Host: ${host}" 5174echo " Compiler: ${CC}" 5175echo " Compiler flags: ${CFLAGS}" 5176echo "Preprocessor flags: ${CPPFLAGS}" 5177echo " Linker flags: ${LDFLAGS}" 5178echo " Libraries: ${LIBS}" 5179if test ! -z "${SSHDLIBS}"; then 5180echo " +for sshd: ${SSHDLIBS}" 5181fi 5182if test ! -z "${SSHLIBS}"; then 5183echo " +for ssh: ${SSHLIBS}" 5184fi 5185 5186echo "" 5187 5188if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5189 echo "SVR4 style packages are supported with \"make package\"" 5190 echo "" 5191fi 5192 5193if test "x$PAM_MSG" = "xyes" ; then 5194 echo "PAM is enabled. You may need to install a PAM control file " 5195 echo "for sshd, otherwise password authentication may fail. " 5196 echo "Example PAM control files can be found in the contrib/ " 5197 echo "subdirectory" 5198 echo "" 5199fi 5200 5201if test ! -z "$NO_PEERCHECK" ; then 5202 echo "WARNING: the operating system that you are using does not" 5203 echo "appear to support getpeereid(), getpeerucred() or the" 5204 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5205 echo "enforce security checks to prevent unauthorised connections to" 5206 echo "ssh-agent. Their absence increases the risk that a malicious" 5207 echo "user can connect to your agent." 5208 echo "" 5209fi 5210 5211if test "$AUDIT_MODULE" = "bsm" ; then 5212 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5213 echo "See the Solaris section in README.platform for details." 5214fi 5215