1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ 2# $FreeBSD$ 3# 4# Copyright (c) 1999-2004 Damien Miller 5# 6# Permission to use, copy, modify, and distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 19AC_REVISION($Revision: 1.583 $) 20AC_CONFIG_SRCDIR([ssh.c]) 21AC_LANG([C]) 22 23AC_CONFIG_HEADER([config.h]) 24AC_PROG_CC 25AC_CANONICAL_HOST 26AC_C_BIGENDIAN 27 28# Checks for programs. 29AC_PROG_AWK 30AC_PROG_CPP 31AC_PROG_RANLIB 32AC_PROG_INSTALL 33AC_PROG_EGREP 34AC_CHECK_TOOLS([AR], [ar]) 35AC_PATH_PROG([CAT], [cat]) 36AC_PATH_PROG([KILL], [kill]) 37AC_PATH_PROGS([PERL], [perl5 perl]) 38AC_PATH_PROG([SED], [sed]) 39AC_SUBST([PERL]) 40AC_PATH_PROG([ENT], [ent]) 41AC_SUBST([ENT]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 44AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 45AC_PATH_PROG([SH], [sh]) 46AC_PATH_PROG([GROFF], [groff]) 47AC_PATH_PROG([NROFF], [nroff]) 48AC_PATH_PROG([MANDOC], [mandoc]) 49AC_SUBST([TEST_SHELL], [sh]) 50 51dnl select manpage formatter 52if test "x$MANDOC" != "x" ; then 53 MANFMT="$MANDOC" 54elif test "x$NROFF" != "x" ; then 55 MANFMT="$NROFF -mandoc" 56elif test "x$GROFF" != "x" ; then 57 MANFMT="$GROFF -mandoc -Tascii" 58else 59 AC_MSG_WARN([no manpage formatted found]) 60 MANFMT="false" 61fi 62AC_SUBST([MANFMT]) 63 64dnl for buildpkg.sh 65AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 66 [/usr/sbin${PATH_SEPARATOR}/etc]) 67AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 68 [/usr/sbin${PATH_SEPARATOR}/etc]) 69AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 70if test -x /sbin/sh; then 71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 72else 73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 74fi 75 76# System features 77AC_SYS_LARGEFILE 78 79if test -z "$AR" ; then 80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 81fi 82 83# Use LOGIN_PROGRAM from environment if possible 84if test ! -z "$LOGIN_PROGRAM" ; then 85 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], 86 [If your header files don't define LOGIN_PROGRAM, 87 then use this (detected) from environment and PATH]) 88else 89 # Search for login 90 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) 91 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 92 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) 93 fi 94fi 95 96AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 97if test ! -z "$PATH_PASSWD_PROG" ; then 98 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 99 [Full path of your "passwd" program]) 100fi 101 102if test -z "$LD" ; then 103 LD=$CC 104fi 105AC_SUBST([LD]) 106 107AC_C_INLINE 108 109AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 110AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 111 #include <sys/types.h> 112 #include <sys/param.h> 113 #include <dev/systrace.h> 114]) 115AC_CHECK_DECL([RLIMIT_NPROC], 116 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 117 #include <sys/types.h> 118 #include <sys/resource.h> 119]) 120AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 121 #include <sys/types.h> 122 #include <linux/prctl.h> 123]) 124 125openssl=yes 126ssh1=yes 127AC_ARG_WITH([openssl], 128 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 129 [ if test "x$withval" = "xno" ; then 130 openssl=no 131 ssh1=no 132 fi 133 ] 134) 135AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 136if test "x$openssl" = "xyes" ; then 137 AC_MSG_RESULT([yes]) 138 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 139else 140 AC_MSG_RESULT([no]) 141fi 142 143AC_ARG_WITH([ssh1], 144 [ --with-ssh1 Enable support for SSH protocol 1], 145 [ 146 if test "x$withval" = "xyes" ; then 147 if test "x$openssl" = "xno" ; then 148 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) 149 fi 150 ssh1=yes 151 elif test "x$withval" = "xno" ; then 152 ssh1=no 153 else 154 AC_MSG_ERROR([unknown --with-ssh1 argument]) 155 fi 156 ] 157) 158AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) 159if test "x$ssh1" = "xyes" ; then 160 AC_MSG_RESULT([yes]) 161 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) 162else 163 AC_MSG_RESULT([no]) 164fi 165 166use_stack_protector=1 167use_toolchain_hardening=1 168AC_ARG_WITH([stackprotect], 169 [ --without-stackprotect Don't use compiler's stack protection], [ 170 if test "x$withval" = "xno"; then 171 use_stack_protector=0 172 fi ]) 173AC_ARG_WITH([hardening], 174 [ --without-hardening Don't use toolchain hardening flags], [ 175 if test "x$withval" = "xno"; then 176 use_toolchain_hardening=0 177 fi ]) 178 179# We use -Werror for the tests only so that we catch warnings like "this is 180# on by default" for things like -fPIE. 181AC_MSG_CHECKING([if $CC supports -Werror]) 182saved_CFLAGS="$CFLAGS" 183CFLAGS="$CFLAGS -Werror" 184AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 185 [ AC_MSG_RESULT([yes]) 186 WERROR="-Werror"], 187 [ AC_MSG_RESULT([no]) 188 WERROR="" ] 189) 190CFLAGS="$saved_CFLAGS" 191 192if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 193 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 195 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 196 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 197 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 198 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 199 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 200 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 201 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 202 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 203 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 204 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 205 if test "x$use_toolchain_hardening" = "x1"; then 206 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 207 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 208 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 209 # NB. -ftrapv expects certain support functions to be present in 210 # the compiler library (libgcc or similar) to detect integer operations 211 # that can overflow. We must check that the result of enabling it 212 # actually links. The test program compiled/linked includes a number 213 # of integer operations that should exercise this. 214 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 215 fi 216 AC_MSG_CHECKING([gcc version]) 217 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 218 case $GCC_VER in 219 1.*) no_attrib_nonnull=1 ;; 220 2.8* | 2.9*) 221 no_attrib_nonnull=1 222 ;; 223 2.*) no_attrib_nonnull=1 ;; 224 *) ;; 225 esac 226 AC_MSG_RESULT([$GCC_VER]) 227 228 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 229 saved_CFLAGS="$CFLAGS" 230 CFLAGS="$CFLAGS -fno-builtin-memset" 231 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 232 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 233 [ AC_MSG_RESULT([yes]) ], 234 [ AC_MSG_RESULT([no]) 235 CFLAGS="$saved_CFLAGS" ] 236 ) 237 238 # -fstack-protector-all doesn't always work for some GCC versions 239 # and/or platforms, so we test if we can. If it's not supported 240 # on a given platform gcc will emit a warning so we use -Werror. 241 if test "x$use_stack_protector" = "x1"; then 242 for t in -fstack-protector-strong -fstack-protector-all \ 243 -fstack-protector; do 244 AC_MSG_CHECKING([if $CC supports $t]) 245 saved_CFLAGS="$CFLAGS" 246 saved_LDFLAGS="$LDFLAGS" 247 CFLAGS="$CFLAGS $t -Werror" 248 LDFLAGS="$LDFLAGS $t -Werror" 249 AC_LINK_IFELSE( 250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 251 [[ 252 char x[256]; 253 snprintf(x, sizeof(x), "XXX"); 254 ]])], 255 [ AC_MSG_RESULT([yes]) 256 CFLAGS="$saved_CFLAGS $t" 257 LDFLAGS="$saved_LDFLAGS $t" 258 AC_MSG_CHECKING([if $t works]) 259 AC_RUN_IFELSE( 260 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 261 [[ 262 char x[256]; 263 snprintf(x, sizeof(x), "XXX"); 264 ]])], 265 [ AC_MSG_RESULT([yes]) 266 break ], 267 [ AC_MSG_RESULT([no]) ], 268 [ AC_MSG_WARN([cross compiling: cannot test]) 269 break ] 270 ) 271 ], 272 [ AC_MSG_RESULT([no]) ] 273 ) 274 CFLAGS="$saved_CFLAGS" 275 LDFLAGS="$saved_LDFLAGS" 276 done 277 fi 278 279 if test -z "$have_llong_max"; then 280 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 281 unset ac_cv_have_decl_LLONG_MAX 282 saved_CFLAGS="$CFLAGS" 283 CFLAGS="$CFLAGS -std=gnu99" 284 AC_CHECK_DECL([LLONG_MAX], 285 [have_llong_max=1], 286 [CFLAGS="$saved_CFLAGS"], 287 [#include <limits.h>] 288 ) 289 fi 290fi 291 292AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 293AC_COMPILE_IFELSE( 294 [AC_LANG_PROGRAM([[ 295#include <stdlib.h> 296__attribute__((__unused__)) static void foo(void){return;}]], 297 [[ exit(0); ]])], 298 [ AC_MSG_RESULT([yes]) ], 299 [ AC_MSG_RESULT([no]) 300 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 301 [compiler does not accept __attribute__ on return types]) ] 302) 303 304if test "x$no_attrib_nonnull" != "x1" ; then 305 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 306fi 307 308AC_ARG_WITH([rpath], 309 [ --without-rpath Disable auto-added -R linker paths], 310 [ 311 if test "x$withval" = "xno" ; then 312 need_dash_r="" 313 fi 314 if test "x$withval" = "xyes" ; then 315 need_dash_r=1 316 fi 317 ] 318) 319 320# Allow user to specify flags 321AC_ARG_WITH([cflags], 322 [ --with-cflags Specify additional flags to pass to compiler], 323 [ 324 if test -n "$withval" && test "x$withval" != "xno" && \ 325 test "x${withval}" != "xyes"; then 326 CFLAGS="$CFLAGS $withval" 327 fi 328 ] 329) 330AC_ARG_WITH([cppflags], 331 [ --with-cppflags Specify additional flags to pass to preprocessor] , 332 [ 333 if test -n "$withval" && test "x$withval" != "xno" && \ 334 test "x${withval}" != "xyes"; then 335 CPPFLAGS="$CPPFLAGS $withval" 336 fi 337 ] 338) 339AC_ARG_WITH([ldflags], 340 [ --with-ldflags Specify additional flags to pass to linker], 341 [ 342 if test -n "$withval" && test "x$withval" != "xno" && \ 343 test "x${withval}" != "xyes"; then 344 LDFLAGS="$LDFLAGS $withval" 345 fi 346 ] 347) 348AC_ARG_WITH([libs], 349 [ --with-libs Specify additional libraries to link with], 350 [ 351 if test -n "$withval" && test "x$withval" != "xno" && \ 352 test "x${withval}" != "xyes"; then 353 LIBS="$LIBS $withval" 354 fi 355 ] 356) 357AC_ARG_WITH([Werror], 358 [ --with-Werror Build main code with -Werror], 359 [ 360 if test -n "$withval" && test "x$withval" != "xno"; then 361 werror_flags="-Werror" 362 if test "x${withval}" != "xyes"; then 363 werror_flags="$withval" 364 fi 365 fi 366 ] 367) 368 369AC_CHECK_HEADERS([ \ 370 blf.h \ 371 bstring.h \ 372 crypt.h \ 373 crypto/sha2.h \ 374 dirent.h \ 375 endian.h \ 376 elf.h \ 377 features.h \ 378 fcntl.h \ 379 floatingpoint.h \ 380 getopt.h \ 381 glob.h \ 382 ia.h \ 383 iaf.h \ 384 inttypes.h \ 385 limits.h \ 386 locale.h \ 387 login.h \ 388 maillock.h \ 389 ndir.h \ 390 net/if_tun.h \ 391 netdb.h \ 392 netgroup.h \ 393 pam/pam_appl.h \ 394 paths.h \ 395 poll.h \ 396 pty.h \ 397 readpassphrase.h \ 398 rpc/types.h \ 399 security/pam_appl.h \ 400 sha2.h \ 401 shadow.h \ 402 stddef.h \ 403 stdint.h \ 404 string.h \ 405 strings.h \ 406 sys/audit.h \ 407 sys/bitypes.h \ 408 sys/bsdtty.h \ 409 sys/cdefs.h \ 410 sys/dir.h \ 411 sys/mman.h \ 412 sys/ndir.h \ 413 sys/poll.h \ 414 sys/prctl.h \ 415 sys/pstat.h \ 416 sys/select.h \ 417 sys/stat.h \ 418 sys/stream.h \ 419 sys/stropts.h \ 420 sys/strtio.h \ 421 sys/statvfs.h \ 422 sys/sysmacros.h \ 423 sys/time.h \ 424 sys/timers.h \ 425 time.h \ 426 tmpdir.h \ 427 ttyent.h \ 428 ucred.h \ 429 unistd.h \ 430 usersec.h \ 431 util.h \ 432 utime.h \ 433 utmp.h \ 434 utmpx.h \ 435 vis.h \ 436]) 437 438# sys/capsicum.h requires sys/types.h 439AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 440#ifdef HAVE_SYS_TYPES_H 441# include <sys/types.h> 442#endif 443]) 444 445# lastlog.h requires sys/time.h to be included first on Solaris 446AC_CHECK_HEADERS([lastlog.h], [], [], [ 447#ifdef HAVE_SYS_TIME_H 448# include <sys/time.h> 449#endif 450]) 451 452# sys/ptms.h requires sys/stream.h to be included first on Solaris 453AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 454#ifdef HAVE_SYS_STREAM_H 455# include <sys/stream.h> 456#endif 457]) 458 459# login_cap.h requires sys/types.h on NetBSD 460AC_CHECK_HEADERS([login_cap.h], [], [], [ 461#include <sys/types.h> 462]) 463 464# older BSDs need sys/param.h before sys/mount.h 465AC_CHECK_HEADERS([sys/mount.h], [], [], [ 466#include <sys/param.h> 467]) 468 469# Android requires sys/socket.h to be included before sys/un.h 470AC_CHECK_HEADERS([sys/un.h], [], [], [ 471#include <sys/types.h> 472#include <sys/socket.h> 473]) 474 475# Messages for features tested for in target-specific section 476SIA_MSG="no" 477SPC_MSG="no" 478SP_MSG="no" 479SPP_MSG="no" 480 481# Support for Solaris/Illumos privileges (this test is used by both 482# the --with-solaris-privs option and --with-sandbox=solaris). 483SOLARIS_PRIVS="no" 484 485# Check for some target-specific stuff 486case "$host" in 487*-*-aix*) 488 # Some versions of VAC won't allow macro redefinitions at 489 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 490 # particularly with older versions of vac or xlc. 491 # It also throws errors about null macro argments, but these are 492 # not fatal. 493 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 494 AC_COMPILE_IFELSE( 495 [AC_LANG_PROGRAM([[ 496#define testmacro foo 497#define testmacro bar]], 498 [[ exit(0); ]])], 499 [ AC_MSG_RESULT([yes]) ], 500 [ AC_MSG_RESULT([no]) 501 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 502 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 503 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 504 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 505 ] 506 ) 507 508 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 509 if (test -z "$blibpath"); then 510 blibpath="/usr/lib:/lib" 511 fi 512 saved_LDFLAGS="$LDFLAGS" 513 if test "$GCC" = "yes"; then 514 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 515 else 516 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 517 fi 518 for tryflags in $flags ;do 519 if (test -z "$blibflags"); then 520 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 521 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 522 [blibflags=$tryflags], []) 523 fi 524 done 525 if (test -z "$blibflags"); then 526 AC_MSG_RESULT([not found]) 527 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 528 else 529 AC_MSG_RESULT([$blibflags]) 530 fi 531 LDFLAGS="$saved_LDFLAGS" 532 dnl Check for authenticate. Might be in libs.a on older AIXes 533 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 534 [Define if you want to enable AIX4's authenticate function])], 535 [AC_CHECK_LIB([s], [authenticate], 536 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 537 LIBS="$LIBS -ls" 538 ]) 539 ]) 540 dnl Check for various auth function declarations in headers. 541 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 542 passwdexpired, setauthdb], , , [#include <usersec.h>]) 543 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 544 AC_CHECK_DECLS([loginfailed], 545 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 546 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 547 [[ (void)loginfailed("user","host","tty",0); ]])], 548 [AC_MSG_RESULT([yes]) 549 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 550 [Define if your AIX loginfailed() function 551 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 552 ])], 553 [], 554 [#include <usersec.h>] 555 ) 556 AC_CHECK_FUNCS([getgrset setauthdb]) 557 AC_CHECK_DECL([F_CLOSEM], 558 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 559 [], 560 [ #include <limits.h> 561 #include <fcntl.h> ] 562 ) 563 check_for_aix_broken_getaddrinfo=1 564 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 565 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 566 [Define if your platform breaks doing a seteuid before a setuid]) 567 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 568 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 569 dnl AIX handles lastlog as part of its login message 570 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 571 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 572 [Some systems need a utmpx entry for /bin/login to work]) 573 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 574 [Define to a Set Process Title type if your system is 575 supported by bsd-setproctitle.c]) 576 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 577 [AIX 5.2 and 5.3 (and presumably newer) require this]) 578 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 579 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 580 ;; 581*-*-android*) 582 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 583 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 584 ;; 585*-*-cygwin*) 586 check_for_libcrypt_later=1 587 LIBS="$LIBS /usr/lib/textreadmode.o" 588 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 589 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 590 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 591 [Define to disable UID restoration test]) 592 AC_DEFINE([DISABLE_SHADOW], [1], 593 [Define if you want to disable shadow passwords]) 594 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 595 [Define if X11 doesn't support AF_UNIX sockets on that system]) 596 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], 597 [Define if the concept of ports only accessible to 598 superusers isn't known]) 599 AC_DEFINE([DISABLE_FD_PASSING], [1], 600 [Define if your platform needs to skip post auth 601 file descriptor passing]) 602 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 603 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 604 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 605 # reasons which cause compile warnings, so we disable those warnings. 606 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 607 ;; 608*-*-dgux*) 609 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 610 [Define if your system choked on IP TOS setting]) 611 AC_DEFINE([SETEUID_BREAKS_SETUID]) 612 AC_DEFINE([BROKEN_SETREUID]) 613 AC_DEFINE([BROKEN_SETREGID]) 614 ;; 615*-*-darwin*) 616 use_pie=auto 617 AC_MSG_CHECKING([if we have working getaddrinfo]) 618 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 619main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 620 exit(0); 621 else 622 exit(1); 623} 624 ]])], 625 [AC_MSG_RESULT([working])], 626 [AC_MSG_RESULT([buggy]) 627 AC_DEFINE([BROKEN_GETADDRINFO], [1], 628 [getaddrinfo is broken (if present)]) 629 ], 630 [AC_MSG_RESULT([assume it is working])]) 631 AC_DEFINE([SETEUID_BREAKS_SETUID]) 632 AC_DEFINE([BROKEN_SETREUID]) 633 AC_DEFINE([BROKEN_SETREGID]) 634 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 635 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 636 [Define if your resolver libs need this for getrrsetbyname]) 637 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 638 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 639 [Use tunnel device compatibility to OpenBSD]) 640 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 641 [Prepend the address family to IP tunnel traffic]) 642 m4_pattern_allow([AU_IPv]) 643 AC_CHECK_DECL([AU_IPv4], [], 644 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 645 [#include <bsm/audit.h>] 646 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 647 [Define if pututxline updates lastlog too]) 648 ) 649 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 650 [Define to a Set Process Title type if your system is 651 supported by bsd-setproctitle.c]) 652 AC_CHECK_FUNCS([sandbox_init]) 653 AC_CHECK_HEADERS([sandbox.h]) 654 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 655 SSHDLIBS="$SSHDLIBS -lsandbox" 656 ]) 657 ;; 658*-*-dragonfly*) 659 SSHDLIBS="$SSHDLIBS -lcrypt" 660 TEST_MALLOC_OPTIONS="AFGJPRX" 661 ;; 662*-*-haiku*) 663 LIBS="$LIBS -lbsd " 664 AC_CHECK_LIB([network], [socket]) 665 AC_DEFINE([HAVE_U_INT64_T]) 666 MANTYPE=man 667 ;; 668*-*-hpux*) 669 # first we define all of the options common to all HP-UX releases 670 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 671 IPADDR_IN_DISPLAY=yes 672 AC_DEFINE([USE_PIPES]) 673 AC_DEFINE([LOGIN_NO_ENDOPT], [1], 674 [Define if your login program cannot handle end of options ("--")]) 675 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 676 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 677 [String used in /etc/passwd to denote locked account]) 678 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 679 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 680 maildir="/var/mail" 681 LIBS="$LIBS -lsec" 682 AC_CHECK_LIB([xnet], [t_error], , 683 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 684 685 # next, we define all of the options specific to major releases 686 case "$host" in 687 *-*-hpux10*) 688 if test -z "$GCC"; then 689 CFLAGS="$CFLAGS -Ae" 690 fi 691 ;; 692 *-*-hpux11*) 693 AC_DEFINE([PAM_SUN_CODEBASE], [1], 694 [Define if you are using Solaris-derived PAM which 695 passes pam_messages to the conversation function 696 with an extra level of indirection]) 697 AC_DEFINE([DISABLE_UTMP], [1], 698 [Define if you don't want to use utmp]) 699 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 700 check_for_hpux_broken_getaddrinfo=1 701 check_for_conflicting_getspnam=1 702 ;; 703 esac 704 705 # lastly, we define options specific to minor releases 706 case "$host" in 707 *-*-hpux10.26) 708 AC_DEFINE([HAVE_SECUREWARE], [1], 709 [Define if you have SecureWare-based 710 protected password database]) 711 disable_ptmx_check=yes 712 LIBS="$LIBS -lsecpw" 713 ;; 714 esac 715 ;; 716*-*-irix5*) 717 PATH="$PATH:/usr/etc" 718 AC_DEFINE([BROKEN_INET_NTOA], [1], 719 [Define if you system's inet_ntoa is busted 720 (e.g. Irix gcc issue)]) 721 AC_DEFINE([SETEUID_BREAKS_SETUID]) 722 AC_DEFINE([BROKEN_SETREUID]) 723 AC_DEFINE([BROKEN_SETREGID]) 724 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 725 [Define if you shouldn't strip 'tty' from your 726 ttyname in [uw]tmp]) 727 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 728 ;; 729*-*-irix6*) 730 PATH="$PATH:/usr/etc" 731 AC_DEFINE([WITH_IRIX_ARRAY], [1], 732 [Define if you have/want arrays 733 (cluster-wide session managment, not C arrays)]) 734 AC_DEFINE([WITH_IRIX_PROJECT], [1], 735 [Define if you want IRIX project management]) 736 AC_DEFINE([WITH_IRIX_AUDIT], [1], 737 [Define if you want IRIX audit trails]) 738 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 739 [Define if you want IRIX kernel jobs])]) 740 AC_DEFINE([BROKEN_INET_NTOA]) 741 AC_DEFINE([SETEUID_BREAKS_SETUID]) 742 AC_DEFINE([BROKEN_SETREUID]) 743 AC_DEFINE([BROKEN_SETREGID]) 744 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 745 AC_DEFINE([WITH_ABBREV_NO_TTY]) 746 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 747 ;; 748*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 749 check_for_libcrypt_later=1 750 AC_DEFINE([PAM_TTY_KLUDGE]) 751 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 752 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 753 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 754 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 755 ;; 756*-*-linux*) 757 no_dev_ptmx=1 758 use_pie=auto 759 check_for_libcrypt_later=1 760 check_for_openpty_ctty_bug=1 761 AC_DEFINE([PAM_TTY_KLUDGE], [1], 762 [Work around problematic Linux PAM modules handling of PAM_TTY]) 763 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 764 [String used in /etc/passwd to denote locked account]) 765 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 766 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 767 [Define to whatever link() returns for "not supported" 768 if it doesn't return EOPNOTSUPP.]) 769 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 770 AC_DEFINE([USE_BTMP]) 771 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 772 inet6_default_4in6=yes 773 case `uname -r` in 774 1.*|2.0.*) 775 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 776 [Define if cmsg_type is not passed correctly]) 777 ;; 778 esac 779 # tun(4) forwarding compat code 780 AC_CHECK_HEADERS([linux/if_tun.h]) 781 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 782 AC_DEFINE([SSH_TUN_LINUX], [1], 783 [Open tunnel devices the Linux tun/tap way]) 784 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 785 [Use tunnel device compatibility to OpenBSD]) 786 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 787 [Prepend the address family to IP tunnel traffic]) 788 fi 789 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 790 [], [#include <linux/types.h>]) 791 AC_CHECK_FUNCS([prctl]) 792 AC_MSG_CHECKING([for seccomp architecture]) 793 seccomp_audit_arch= 794 case "$host" in 795 x86_64-*) 796 seccomp_audit_arch=AUDIT_ARCH_X86_64 797 ;; 798 i*86-*) 799 seccomp_audit_arch=AUDIT_ARCH_I386 800 ;; 801 arm*-*) 802 seccomp_audit_arch=AUDIT_ARCH_ARM 803 ;; 804 aarch64*-*) 805 seccomp_audit_arch=AUDIT_ARCH_AARCH64 806 ;; 807 esac 808 if test "x$seccomp_audit_arch" != "x" ; then 809 AC_MSG_RESULT(["$seccomp_audit_arch"]) 810 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 811 [Specify the system call convention in use]) 812 else 813 AC_MSG_RESULT([architecture not supported]) 814 fi 815 ;; 816mips-sony-bsd|mips-sony-newsos4) 817 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 818 SONY=1 819 ;; 820*-*-netbsd*) 821 check_for_libcrypt_before=1 822 if test "x$withval" != "xno" ; then 823 need_dash_r=1 824 fi 825 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 826 AC_CHECK_HEADER([net/if_tap.h], , 827 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 828 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 829 [Prepend the address family to IP tunnel traffic]) 830 TEST_MALLOC_OPTIONS="AJRX" 831 AC_DEFINE([BROKEN_STRNVIS], [1], 832 [NetBSD strnvis argument order is swapped compared to OpenBSD]) 833 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 834 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 835 ;; 836*-*-freebsd*) 837 check_for_libcrypt_later=1 838 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 839 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 840 AC_CHECK_HEADER([net/if_tap.h], , 841 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 842 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 843 AC_DEFINE([BROKEN_STRNVIS], [1], 844 [FreeBSD strnvis argument order is swapped compared to OpenBSD]) 845 TEST_MALLOC_OPTIONS="AJRX" 846 # Preauth crypto occasionally uses file descriptors for crypto offload 847 # and will crash if they cannot be opened. 848 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 849 [define if setrlimit RLIMIT_NOFILE breaks things]) 850 ;; 851*-*-bsdi*) 852 AC_DEFINE([SETEUID_BREAKS_SETUID]) 853 AC_DEFINE([BROKEN_SETREUID]) 854 AC_DEFINE([BROKEN_SETREGID]) 855 ;; 856*-next-*) 857 conf_lastlog_location="/usr/adm/lastlog" 858 conf_utmp_location=/etc/utmp 859 conf_wtmp_location=/usr/adm/wtmp 860 maildir=/usr/spool/mail 861 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 862 AC_DEFINE([BROKEN_REALPATH]) 863 AC_DEFINE([USE_PIPES]) 864 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 865 ;; 866*-*-openbsd*) 867 use_pie=auto 868 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 869 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 870 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 871 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 872 [syslog_r function is safe to use in in a signal handler]) 873 TEST_MALLOC_OPTIONS="AFGJPRX" 874 ;; 875*-*-solaris*) 876 if test "x$withval" != "xno" ; then 877 need_dash_r=1 878 fi 879 AC_DEFINE([PAM_SUN_CODEBASE]) 880 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 881 AC_DEFINE([LOGIN_NEEDS_TERM], [1], 882 [Some versions of /bin/login need the TERM supplied 883 on the commandline]) 884 AC_DEFINE([PAM_TTY_KLUDGE]) 885 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 886 [Define if pam_chauthtok wants real uid set 887 to the unpriv'ed user]) 888 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 889 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 890 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 891 [Define if sshd somehow reacquires a controlling TTY 892 after setsid()]) 893 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 894 in case the name is longer than 8 chars]) 895 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 896 external_path_file=/etc/default/login 897 # hardwire lastlog location (can't detect it on some versions) 898 conf_lastlog_location="/var/adm/lastlog" 899 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 900 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 901 if test "$sol2ver" -ge 8; then 902 AC_MSG_RESULT([yes]) 903 AC_DEFINE([DISABLE_UTMP]) 904 AC_DEFINE([DISABLE_WTMP], [1], 905 [Define if you don't want to use wtmp]) 906 else 907 AC_MSG_RESULT([no]) 908 fi 909 AC_CHECK_FUNCS([setppriv]) 910 AC_CHECK_FUNCS([priv_basicset]) 911 AC_CHECK_HEADERS([priv.h]) 912 AC_ARG_WITH([solaris-contracts], 913 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 914 [ 915 AC_CHECK_LIB([contract], [ct_tmpl_activate], 916 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 917 [Define if you have Solaris process contracts]) 918 LIBS="$LIBS -lcontract" 919 SPC_MSG="yes" ], ) 920 ], 921 ) 922 AC_ARG_WITH([solaris-projects], 923 [ --with-solaris-projects Enable Solaris projects (experimental)], 924 [ 925 AC_CHECK_LIB([project], [setproject], 926 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 927 [Define if you have Solaris projects]) 928 LIBS="$LIBS -lproject" 929 SP_MSG="yes" ], ) 930 ], 931 ) 932 AC_ARG_WITH([solaris-privs], 933 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 934 [ 935 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 936 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 937 "x$ac_cv_header_priv_h" = "xyes" ; then 938 SOLARIS_PRIVS=yes 939 AC_MSG_RESULT([found]) 940 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 941 [Define to disable UID restoration test]) 942 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 943 [Define if you have Solaris privileges]) 944 SPP_MSG="yes" 945 else 946 AC_MSG_RESULT([not found]) 947 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 948 fi 949 ], 950 ) 951 TEST_SHELL=$SHELL # let configure find us a capable shell 952 ;; 953*-*-sunos4*) 954 CPPFLAGS="$CPPFLAGS -DSUNOS4" 955 AC_CHECK_FUNCS([getpwanam]) 956 AC_DEFINE([PAM_SUN_CODEBASE]) 957 conf_utmp_location=/etc/utmp 958 conf_wtmp_location=/var/adm/wtmp 959 conf_lastlog_location=/var/adm/lastlog 960 AC_DEFINE([USE_PIPES]) 961 ;; 962*-ncr-sysv*) 963 LIBS="$LIBS -lc89" 964 AC_DEFINE([USE_PIPES]) 965 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 966 AC_DEFINE([SETEUID_BREAKS_SETUID]) 967 AC_DEFINE([BROKEN_SETREUID]) 968 AC_DEFINE([BROKEN_SETREGID]) 969 ;; 970*-sni-sysv*) 971 # /usr/ucblib MUST NOT be searched on ReliantUNIX 972 AC_CHECK_LIB([dl], [dlsym], ,) 973 # -lresolv needs to be at the end of LIBS or DNS lookups break 974 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 975 IPADDR_IN_DISPLAY=yes 976 AC_DEFINE([USE_PIPES]) 977 AC_DEFINE([IP_TOS_IS_BROKEN]) 978 AC_DEFINE([SETEUID_BREAKS_SETUID]) 979 AC_DEFINE([BROKEN_SETREUID]) 980 AC_DEFINE([BROKEN_SETREGID]) 981 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 982 external_path_file=/etc/default/login 983 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 984 # Attention: always take care to bind libsocket and libnsl before libc, 985 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 986 ;; 987# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 988*-*-sysv4.2*) 989 AC_DEFINE([USE_PIPES]) 990 AC_DEFINE([SETEUID_BREAKS_SETUID]) 991 AC_DEFINE([BROKEN_SETREUID]) 992 AC_DEFINE([BROKEN_SETREGID]) 993 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 994 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 995 TEST_SHELL=$SHELL # let configure find us a capable shell 996 ;; 997# UnixWare 7.x, OpenUNIX 8 998*-*-sysv5*) 999 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1000 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1001 AC_DEFINE([USE_PIPES]) 1002 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1003 AC_DEFINE([BROKEN_GETADDRINFO]) 1004 AC_DEFINE([BROKEN_SETREUID]) 1005 AC_DEFINE([BROKEN_SETREGID]) 1006 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1007 TEST_SHELL=$SHELL # let configure find us a capable shell 1008 case "$host" in 1009 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1010 maildir=/var/spool/mail 1011 AC_DEFINE([BROKEN_LIBIAF], [1], 1012 [ia_uinfo routines not supported by OS yet]) 1013 AC_DEFINE([BROKEN_UPDWTMPX]) 1014 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1015 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1016 AC_DEFINE([HAVE_SECUREWARE]) 1017 AC_DEFINE([DISABLE_SHADOW]) 1018 ], , ) 1019 ;; 1020 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1021 check_for_libcrypt_later=1 1022 ;; 1023 esac 1024 ;; 1025*-*-sysv*) 1026 ;; 1027# SCO UNIX and OEM versions of SCO UNIX 1028*-*-sco3.2v4*) 1029 AC_MSG_ERROR("This Platform is no longer supported.") 1030 ;; 1031# SCO OpenServer 5.x 1032*-*-sco3.2v5*) 1033 if test -z "$GCC"; then 1034 CFLAGS="$CFLAGS -belf" 1035 fi 1036 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1037 no_dev_ptmx=1 1038 AC_DEFINE([USE_PIPES]) 1039 AC_DEFINE([HAVE_SECUREWARE]) 1040 AC_DEFINE([DISABLE_SHADOW]) 1041 AC_DEFINE([DISABLE_FD_PASSING]) 1042 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1043 AC_DEFINE([BROKEN_GETADDRINFO]) 1044 AC_DEFINE([BROKEN_SETREUID]) 1045 AC_DEFINE([BROKEN_SETREGID]) 1046 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1047 AC_DEFINE([BROKEN_UPDWTMPX]) 1048 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1049 AC_CHECK_FUNCS([getluid setluid]) 1050 MANTYPE=man 1051 TEST_SHELL=$SHELL # let configure find us a capable shell 1052 SKIP_DISABLE_LASTLOG_DEFINE=yes 1053 ;; 1054*-*-unicosmk*) 1055 AC_DEFINE([NO_SSH_LASTLOG], [1], 1056 [Define if you don't want to use lastlog in session.c]) 1057 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1058 AC_DEFINE([BROKEN_SETREUID]) 1059 AC_DEFINE([BROKEN_SETREGID]) 1060 AC_DEFINE([USE_PIPES]) 1061 AC_DEFINE([DISABLE_FD_PASSING]) 1062 LDFLAGS="$LDFLAGS" 1063 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1064 MANTYPE=cat 1065 ;; 1066*-*-unicosmp*) 1067 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1068 AC_DEFINE([BROKEN_SETREUID]) 1069 AC_DEFINE([BROKEN_SETREGID]) 1070 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1071 AC_DEFINE([USE_PIPES]) 1072 AC_DEFINE([DISABLE_FD_PASSING]) 1073 LDFLAGS="$LDFLAGS" 1074 LIBS="$LIBS -lgen -lacid -ldb" 1075 MANTYPE=cat 1076 ;; 1077*-*-unicos*) 1078 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1079 AC_DEFINE([BROKEN_SETREUID]) 1080 AC_DEFINE([BROKEN_SETREGID]) 1081 AC_DEFINE([USE_PIPES]) 1082 AC_DEFINE([DISABLE_FD_PASSING]) 1083 AC_DEFINE([NO_SSH_LASTLOG]) 1084 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1085 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1086 MANTYPE=cat 1087 ;; 1088*-dec-osf*) 1089 AC_MSG_CHECKING([for Digital Unix SIA]) 1090 no_osfsia="" 1091 AC_ARG_WITH([osfsia], 1092 [ --with-osfsia Enable Digital Unix SIA], 1093 [ 1094 if test "x$withval" = "xno" ; then 1095 AC_MSG_RESULT([disabled]) 1096 no_osfsia=1 1097 fi 1098 ], 1099 ) 1100 if test -z "$no_osfsia" ; then 1101 if test -f /etc/sia/matrix.conf; then 1102 AC_MSG_RESULT([yes]) 1103 AC_DEFINE([HAVE_OSF_SIA], [1], 1104 [Define if you have Digital Unix Security 1105 Integration Architecture]) 1106 AC_DEFINE([DISABLE_LOGIN], [1], 1107 [Define if you don't want to use your 1108 system's login() call]) 1109 AC_DEFINE([DISABLE_FD_PASSING]) 1110 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1111 SIA_MSG="yes" 1112 else 1113 AC_MSG_RESULT([no]) 1114 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1115 [String used in /etc/passwd to denote locked account]) 1116 fi 1117 fi 1118 AC_DEFINE([BROKEN_GETADDRINFO]) 1119 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1120 AC_DEFINE([BROKEN_SETREUID]) 1121 AC_DEFINE([BROKEN_SETREGID]) 1122 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1123 ;; 1124 1125*-*-nto-qnx*) 1126 AC_DEFINE([USE_PIPES]) 1127 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1128 AC_DEFINE([DISABLE_LASTLOG]) 1129 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1130 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1131 enable_etc_default_login=no # has incompatible /etc/default/login 1132 case "$host" in 1133 *-*-nto-qnx6*) 1134 AC_DEFINE([DISABLE_FD_PASSING]) 1135 ;; 1136 esac 1137 ;; 1138 1139*-*-ultrix*) 1140 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1141 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) 1142 AC_DEFINE([NEED_SETPGRP]) 1143 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1144 ;; 1145 1146*-*-lynxos) 1147 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1148 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) 1149 ;; 1150esac 1151 1152AC_MSG_CHECKING([compiler and flags for sanity]) 1153AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1154 [ AC_MSG_RESULT([yes]) ], 1155 [ 1156 AC_MSG_RESULT([no]) 1157 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1158 ], 1159 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1160) 1161 1162dnl Checks for header files. 1163# Checks for libraries. 1164AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1165 1166dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1167AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1168 AC_CHECK_LIB([gen], [dirname], [ 1169 AC_CACHE_CHECK([for broken dirname], 1170 ac_cv_have_broken_dirname, [ 1171 save_LIBS="$LIBS" 1172 LIBS="$LIBS -lgen" 1173 AC_RUN_IFELSE( 1174 [AC_LANG_SOURCE([[ 1175#include <libgen.h> 1176#include <string.h> 1177 1178int main(int argc, char **argv) { 1179 char *s, buf[32]; 1180 1181 strncpy(buf,"/etc", 32); 1182 s = dirname(buf); 1183 if (!s || strncmp(s, "/", 32) != 0) { 1184 exit(1); 1185 } else { 1186 exit(0); 1187 } 1188} 1189 ]])], 1190 [ ac_cv_have_broken_dirname="no" ], 1191 [ ac_cv_have_broken_dirname="yes" ], 1192 [ ac_cv_have_broken_dirname="no" ], 1193 ) 1194 LIBS="$save_LIBS" 1195 ]) 1196 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1197 LIBS="$LIBS -lgen" 1198 AC_DEFINE([HAVE_DIRNAME]) 1199 AC_CHECK_HEADERS([libgen.h]) 1200 fi 1201 ]) 1202]) 1203 1204AC_CHECK_FUNC([getspnam], , 1205 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1206AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1207 [Define if you have the basename function.])]) 1208 1209dnl zlib is required 1210AC_ARG_WITH([zlib], 1211 [ --with-zlib=PATH Use zlib in PATH], 1212 [ if test "x$withval" = "xno" ; then 1213 AC_MSG_ERROR([*** zlib is required ***]) 1214 elif test "x$withval" != "xyes"; then 1215 if test -d "$withval/lib"; then 1216 if test -n "${need_dash_r}"; then 1217 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1218 else 1219 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1220 fi 1221 else 1222 if test -n "${need_dash_r}"; then 1223 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1224 else 1225 LDFLAGS="-L${withval} ${LDFLAGS}" 1226 fi 1227 fi 1228 if test -d "$withval/include"; then 1229 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1230 else 1231 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1232 fi 1233 fi ] 1234) 1235 1236AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1237AC_CHECK_LIB([z], [deflate], , 1238 [ 1239 saved_CPPFLAGS="$CPPFLAGS" 1240 saved_LDFLAGS="$LDFLAGS" 1241 save_LIBS="$LIBS" 1242 dnl Check default zlib install dir 1243 if test -n "${need_dash_r}"; then 1244 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1245 else 1246 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1247 fi 1248 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1249 LIBS="$LIBS -lz" 1250 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1251 [ 1252 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1253 ] 1254 ) 1255 ] 1256) 1257 1258AC_ARG_WITH([zlib-version-check], 1259 [ --without-zlib-version-check Disable zlib version check], 1260 [ if test "x$withval" = "xno" ; then 1261 zlib_check_nonfatal=1 1262 fi 1263 ] 1264) 1265 1266AC_MSG_CHECKING([for possibly buggy zlib]) 1267AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1268#include <stdio.h> 1269#include <stdlib.h> 1270#include <zlib.h> 1271 ]], 1272 [[ 1273 int a=0, b=0, c=0, d=0, n, v; 1274 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1275 if (n != 3 && n != 4) 1276 exit(1); 1277 v = a*1000000 + b*10000 + c*100 + d; 1278 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1279 1280 /* 1.1.4 is OK */ 1281 if (a == 1 && b == 1 && c >= 4) 1282 exit(0); 1283 1284 /* 1.2.3 and up are OK */ 1285 if (v >= 1020300) 1286 exit(0); 1287 1288 exit(2); 1289 ]])], 1290 AC_MSG_RESULT([no]), 1291 [ AC_MSG_RESULT([yes]) 1292 if test -z "$zlib_check_nonfatal" ; then 1293 AC_MSG_ERROR([*** zlib too old - check config.log *** 1294Your reported zlib version has known security problems. It's possible your 1295vendor has fixed these problems without changing the version number. If you 1296are sure this is the case, you can disable the check by running 1297"./configure --without-zlib-version-check". 1298If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1299See http://www.gzip.org/zlib/ for details.]) 1300 else 1301 AC_MSG_WARN([zlib version may have security problems]) 1302 fi 1303 ], 1304 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1305) 1306 1307dnl UnixWare 2.x 1308AC_CHECK_FUNC([strcasecmp], 1309 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1310) 1311AC_CHECK_FUNCS([utimes], 1312 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1313 LIBS="$LIBS -lc89"]) ] 1314) 1315 1316dnl Checks for libutil functions 1317AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1318AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1319AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1320AC_SEARCH_LIBS([login], [util bsd]) 1321AC_SEARCH_LIBS([logout], [util bsd]) 1322AC_SEARCH_LIBS([logwtmp], [util bsd]) 1323AC_SEARCH_LIBS([openpty], [util bsd]) 1324AC_SEARCH_LIBS([updwtmp], [util bsd]) 1325AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1326 1327# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1328# or libnsl. 1329AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1330AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1331 1332AC_FUNC_STRFTIME 1333 1334# Check for ALTDIRFUNC glob() extension 1335AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1336AC_EGREP_CPP([FOUNDIT], 1337 [ 1338 #include <glob.h> 1339 #ifdef GLOB_ALTDIRFUNC 1340 FOUNDIT 1341 #endif 1342 ], 1343 [ 1344 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1345 [Define if your system glob() function has 1346 the GLOB_ALTDIRFUNC extension]) 1347 AC_MSG_RESULT([yes]) 1348 ], 1349 [ 1350 AC_MSG_RESULT([no]) 1351 ] 1352) 1353 1354# Check for g.gl_matchc glob() extension 1355AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1356AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1357 [[ glob_t g; g.gl_matchc = 1; ]])], 1358 [ 1359 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1360 [Define if your system glob() function has 1361 gl_matchc options in glob_t]) 1362 AC_MSG_RESULT([yes]) 1363 ], [ 1364 AC_MSG_RESULT([no]) 1365]) 1366 1367# Check for g.gl_statv glob() extension 1368AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1369AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1370#ifndef GLOB_KEEPSTAT 1371#error "glob does not support GLOB_KEEPSTAT extension" 1372#endif 1373glob_t g; 1374g.gl_statv = NULL; 1375]])], 1376 [ 1377 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1378 [Define if your system glob() function has 1379 gl_statv options in glob_t]) 1380 AC_MSG_RESULT([yes]) 1381 ], [ 1382 AC_MSG_RESULT([no]) 1383 1384]) 1385 1386AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1387 1388AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1389AC_RUN_IFELSE( 1390 [AC_LANG_PROGRAM([[ 1391#include <sys/types.h> 1392#include <dirent.h>]], 1393 [[ 1394 struct dirent d; 1395 exit(sizeof(d.d_name)<=sizeof(char)); 1396 ]])], 1397 [AC_MSG_RESULT([yes])], 1398 [ 1399 AC_MSG_RESULT([no]) 1400 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1401 [Define if your struct dirent expects you to 1402 allocate extra space for d_name]) 1403 ], 1404 [ 1405 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1406 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1407 ] 1408) 1409 1410AC_MSG_CHECKING([for /proc/pid/fd directory]) 1411if test -d "/proc/$$/fd" ; then 1412 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1413 AC_MSG_RESULT([yes]) 1414else 1415 AC_MSG_RESULT([no]) 1416fi 1417 1418# Check whether user wants S/Key support 1419SKEY_MSG="no" 1420AC_ARG_WITH([skey], 1421 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1422 [ 1423 if test "x$withval" != "xno" ; then 1424 1425 if test "x$withval" != "xyes" ; then 1426 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1427 LDFLAGS="$LDFLAGS -L${withval}/lib" 1428 fi 1429 1430 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1431 LIBS="-lskey $LIBS" 1432 SKEY_MSG="yes" 1433 1434 AC_MSG_CHECKING([for s/key support]) 1435 AC_LINK_IFELSE( 1436 [AC_LANG_PROGRAM([[ 1437#include <stdio.h> 1438#include <skey.h> 1439 ]], [[ 1440 char *ff = skey_keyinfo(""); ff=""; 1441 exit(0); 1442 ]])], 1443 [AC_MSG_RESULT([yes])], 1444 [ 1445 AC_MSG_RESULT([no]) 1446 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1447 ]) 1448 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1449 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1450#include <stdio.h> 1451#include <skey.h> 1452 ]], [[ 1453 (void)skeychallenge(NULL,"name","",0); 1454 ]])], 1455 [ 1456 AC_MSG_RESULT([yes]) 1457 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1458 [Define if your skeychallenge() 1459 function takes 4 arguments (NetBSD)])], 1460 [ 1461 AC_MSG_RESULT([no]) 1462 ]) 1463 fi 1464 ] 1465) 1466 1467# Check whether user wants TCP wrappers support 1468TCPW_MSG="no" 1469AC_ARG_WITH([tcp-wrappers], 1470 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1471 [ 1472 if test "x$withval" != "xno" ; then 1473 saved_LIBS="$LIBS" 1474 saved_LDFLAGS="$LDFLAGS" 1475 saved_CPPFLAGS="$CPPFLAGS" 1476 if test -n "${withval}" && \ 1477 test "x${withval}" != "xyes"; then 1478 if test -d "${withval}/lib"; then 1479 if test -n "${need_dash_r}"; then 1480 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1481 else 1482 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1483 fi 1484 else 1485 if test -n "${need_dash_r}"; then 1486 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1487 else 1488 LDFLAGS="-L${withval} ${LDFLAGS}" 1489 fi 1490 fi 1491 if test -d "${withval}/include"; then 1492 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1493 else 1494 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1495 fi 1496 fi 1497 LIBS="-lwrap $LIBS" 1498 AC_MSG_CHECKING([for libwrap]) 1499 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1500#include <sys/types.h> 1501#include <sys/socket.h> 1502#include <netinet/in.h> 1503#include <tcpd.h> 1504int deny_severity = 0, allow_severity = 0; 1505 ]], [[ 1506 hosts_access(0); 1507 ]])], [ 1508 AC_MSG_RESULT([yes]) 1509 AC_DEFINE([LIBWRAP], [1], 1510 [Define if you want 1511 TCP Wrappers support]) 1512 SSHDLIBS="$SSHDLIBS -lwrap" 1513 TCPW_MSG="yes" 1514 ], [ 1515 AC_MSG_ERROR([*** libwrap missing]) 1516 1517 ]) 1518 LIBS="$saved_LIBS" 1519 fi 1520 ] 1521) 1522 1523# Check whether user wants to use ldns 1524LDNS_MSG="no" 1525AC_ARG_WITH(ldns, 1526 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1527 [ 1528 if test "x$withval" != "xno" ; then 1529 1530 if test "x$withval" != "xyes" ; then 1531 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1532 LDFLAGS="$LDFLAGS -L${withval}/lib" 1533 fi 1534 1535 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1536 LIBS="-lldns $LIBS" 1537 LDNS_MSG="yes" 1538 1539 AC_MSG_CHECKING([for ldns support]) 1540 AC_LINK_IFELSE( 1541 [AC_LANG_SOURCE([[ 1542#include <stdio.h> 1543#include <stdlib.h> 1544#include <stdint.h> 1545#include <ldns/ldns.h> 1546int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1547 ]]) 1548 ], 1549 [AC_MSG_RESULT(yes)], 1550 [ 1551 AC_MSG_RESULT(no) 1552 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1553 ]) 1554 fi 1555 ] 1556) 1557 1558# Check whether user wants libedit support 1559LIBEDIT_MSG="no" 1560AC_ARG_WITH([libedit], 1561 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1562 [ if test "x$withval" != "xno" ; then 1563 if test "x$withval" = "xyes" ; then 1564 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1565 if test "x$PKGCONFIG" != "xno"; then 1566 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1567 if "$PKGCONFIG" libedit; then 1568 AC_MSG_RESULT([yes]) 1569 use_pkgconfig_for_libedit=yes 1570 else 1571 AC_MSG_RESULT([no]) 1572 fi 1573 fi 1574 else 1575 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1576 if test -n "${need_dash_r}"; then 1577 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1578 else 1579 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1580 fi 1581 fi 1582 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1583 LIBEDIT=`$PKGCONFIG --libs libedit` 1584 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1585 else 1586 LIBEDIT="-ledit -lcurses" 1587 fi 1588 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1589 AC_CHECK_LIB([edit], [el_init], 1590 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1591 LIBEDIT_MSG="yes" 1592 AC_SUBST([LIBEDIT]) 1593 ], 1594 [ AC_MSG_ERROR([libedit not found]) ], 1595 [ $OTHERLIBS ] 1596 ) 1597 AC_MSG_CHECKING([if libedit version is compatible]) 1598 AC_COMPILE_IFELSE( 1599 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1600 [[ 1601 int i = H_SETSIZE; 1602 el_init("", NULL, NULL, NULL); 1603 exit(0); 1604 ]])], 1605 [ AC_MSG_RESULT([yes]) ], 1606 [ AC_MSG_RESULT([no]) 1607 AC_MSG_ERROR([libedit version is not compatible]) ] 1608 ) 1609 fi ] 1610) 1611 1612AUDIT_MODULE=none 1613AC_ARG_WITH([audit], 1614 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1615 [ 1616 AC_MSG_CHECKING([for supported audit module]) 1617 case "$withval" in 1618 bsm) 1619 AC_MSG_RESULT([bsm]) 1620 AUDIT_MODULE=bsm 1621 dnl Checks for headers, libs and functions 1622 AC_CHECK_HEADERS([bsm/audit.h], [], 1623 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1624 [ 1625#ifdef HAVE_TIME_H 1626# include <time.h> 1627#endif 1628 ] 1629) 1630 AC_CHECK_LIB([bsm], [getaudit], [], 1631 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1632 AC_CHECK_FUNCS([getaudit], [], 1633 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1634 # These are optional 1635 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1636 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1637 if test "$sol2ver" -ge 11; then 1638 SSHDLIBS="$SSHDLIBS -lscf" 1639 AC_DEFINE([BROKEN_BSM_API], [1], 1640 [The system has incomplete BSM API]) 1641 fi 1642 ;; 1643 linux) 1644 AC_MSG_RESULT([linux]) 1645 AUDIT_MODULE=linux 1646 dnl Checks for headers, libs and functions 1647 AC_CHECK_HEADERS([libaudit.h]) 1648 SSHDLIBS="$SSHDLIBS -laudit" 1649 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1650 ;; 1651 debug) 1652 AUDIT_MODULE=debug 1653 AC_MSG_RESULT([debug]) 1654 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1655 ;; 1656 no) 1657 AC_MSG_RESULT([no]) 1658 ;; 1659 *) 1660 AC_MSG_ERROR([Unknown audit module $withval]) 1661 ;; 1662 esac ] 1663) 1664 1665AC_ARG_WITH([pie], 1666 [ --with-pie Build Position Independent Executables if possible], [ 1667 if test "x$withval" = "xno"; then 1668 use_pie=no 1669 fi 1670 if test "x$withval" = "xyes"; then 1671 use_pie=yes 1672 fi 1673 ] 1674) 1675if test "x$use_pie" = "x"; then 1676 use_pie=no 1677fi 1678if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1679 # Turn off automatic PIE when toolchain hardening is off. 1680 use_pie=no 1681fi 1682if test "x$use_pie" = "xauto"; then 1683 # Automatic PIE requires gcc >= 4.x 1684 AC_MSG_CHECKING([for gcc >= 4.x]) 1685 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1686#if !defined(__GNUC__) || __GNUC__ < 4 1687#error gcc is too old 1688#endif 1689]])], 1690 [ AC_MSG_RESULT([yes]) ], 1691 [ AC_MSG_RESULT([no]) 1692 use_pie=no ] 1693) 1694fi 1695if test "x$use_pie" != "xno"; then 1696 SAVED_CFLAGS="$CFLAGS" 1697 SAVED_LDFLAGS="$LDFLAGS" 1698 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1699 OSSH_CHECK_LDFLAG_LINK([-pie]) 1700 # We use both -fPIE and -pie or neither. 1701 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1702 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1703 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1704 AC_MSG_RESULT([yes]) 1705 else 1706 AC_MSG_RESULT([no]) 1707 CFLAGS="$SAVED_CFLAGS" 1708 LDFLAGS="$SAVED_LDFLAGS" 1709 fi 1710fi 1711 1712dnl Checks for library functions. Please keep in alphabetical order 1713AC_CHECK_FUNCS([ \ 1714 Blowfish_initstate \ 1715 Blowfish_expandstate \ 1716 Blowfish_expand0state \ 1717 Blowfish_stream2word \ 1718 asprintf \ 1719 b64_ntop \ 1720 __b64_ntop \ 1721 b64_pton \ 1722 __b64_pton \ 1723 bcopy \ 1724 bcrypt_pbkdf \ 1725 bindresvport_sa \ 1726 blf_enc \ 1727 cap_rights_limit \ 1728 clock \ 1729 closefrom \ 1730 dirfd \ 1731 endgrent \ 1732 explicit_bzero \ 1733 fchmod \ 1734 fchown \ 1735 freeaddrinfo \ 1736 fstatfs \ 1737 fstatvfs \ 1738 futimes \ 1739 getaddrinfo \ 1740 getcwd \ 1741 getgrouplist \ 1742 getnameinfo \ 1743 getopt \ 1744 getpeereid \ 1745 getpeerucred \ 1746 getpgid \ 1747 getpgrp \ 1748 _getpty \ 1749 getrlimit \ 1750 getttyent \ 1751 glob \ 1752 group_from_gid \ 1753 inet_aton \ 1754 inet_ntoa \ 1755 inet_ntop \ 1756 innetgr \ 1757 login_getcapbool \ 1758 mblen \ 1759 md5_crypt \ 1760 memmove \ 1761 memset_s \ 1762 mkdtemp \ 1763 mmap \ 1764 ngetaddrinfo \ 1765 nsleep \ 1766 ogetaddrinfo \ 1767 openlog_r \ 1768 pledge \ 1769 poll \ 1770 prctl \ 1771 pstat \ 1772 readpassphrase \ 1773 reallocarray \ 1774 recvmsg \ 1775 rresvport_af \ 1776 sendmsg \ 1777 setdtablesize \ 1778 setegid \ 1779 setenv \ 1780 seteuid \ 1781 setgroupent \ 1782 setgroups \ 1783 setlinebuf \ 1784 setlogin \ 1785 setpassent\ 1786 setpcred \ 1787 setproctitle \ 1788 setregid \ 1789 setreuid \ 1790 setrlimit \ 1791 setsid \ 1792 setvbuf \ 1793 sigaction \ 1794 sigvec \ 1795 snprintf \ 1796 socketpair \ 1797 statfs \ 1798 statvfs \ 1799 strdup \ 1800 strerror \ 1801 strlcat \ 1802 strlcpy \ 1803 strmode \ 1804 strnlen \ 1805 strnvis \ 1806 strptime \ 1807 strtonum \ 1808 strtoll \ 1809 strtoul \ 1810 strtoull \ 1811 swap32 \ 1812 sysconf \ 1813 tcgetpgrp \ 1814 timingsafe_bcmp \ 1815 truncate \ 1816 unsetenv \ 1817 updwtmpx \ 1818 user_from_uid \ 1819 usleep \ 1820 vasprintf \ 1821 vsnprintf \ 1822 waitpid \ 1823]) 1824 1825AC_LINK_IFELSE( 1826 [AC_LANG_PROGRAM( 1827 [[ #include <ctype.h> ]], 1828 [[ return (isblank('a')); ]])], 1829 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1830]) 1831 1832# PKCS11 depends on OpenSSL. 1833if test "x$openssl" = "xyes" ; then 1834 # PKCS#11 support requires dlopen() and co 1835 AC_SEARCH_LIBS([dlopen], [dl], 1836 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1837 ) 1838fi 1839 1840# IRIX has a const char return value for gai_strerror() 1841AC_CHECK_FUNCS([gai_strerror], [ 1842 AC_DEFINE([HAVE_GAI_STRERROR]) 1843 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1844#include <sys/types.h> 1845#include <sys/socket.h> 1846#include <netdb.h> 1847 1848const char *gai_strerror(int); 1849 ]], [[ 1850 char *str; 1851 str = gai_strerror(0); 1852 ]])], [ 1853 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1854 [Define if gai_strerror() returns const char *])], [])]) 1855 1856AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1857 [Some systems put nanosleep outside of libc])]) 1858 1859AC_SEARCH_LIBS([clock_gettime], [rt], 1860 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1861 1862dnl Make sure prototypes are defined for these before using them. 1863AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1864AC_CHECK_DECL([strsep], 1865 [AC_CHECK_FUNCS([strsep])], 1866 [], 1867 [ 1868#ifdef HAVE_STRING_H 1869# include <string.h> 1870#endif 1871 ]) 1872 1873dnl tcsendbreak might be a macro 1874AC_CHECK_DECL([tcsendbreak], 1875 [AC_DEFINE([HAVE_TCSENDBREAK])], 1876 [AC_CHECK_FUNCS([tcsendbreak])], 1877 [#include <termios.h>] 1878) 1879 1880AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1881 1882AC_CHECK_DECLS([SHUT_RD], , , 1883 [ 1884#include <sys/types.h> 1885#include <sys/socket.h> 1886 ]) 1887 1888AC_CHECK_DECLS([O_NONBLOCK], , , 1889 [ 1890#include <sys/types.h> 1891#ifdef HAVE_SYS_STAT_H 1892# include <sys/stat.h> 1893#endif 1894#ifdef HAVE_FCNTL_H 1895# include <fcntl.h> 1896#endif 1897 ]) 1898 1899AC_CHECK_DECLS([writev], , , [ 1900#include <sys/types.h> 1901#include <sys/uio.h> 1902#include <unistd.h> 1903 ]) 1904 1905AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1906#include <sys/param.h> 1907 ]) 1908 1909AC_CHECK_DECLS([offsetof], , , [ 1910#include <stddef.h> 1911 ]) 1912 1913# extra bits for select(2) 1914AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1915#include <sys/param.h> 1916#include <sys/types.h> 1917#ifdef HAVE_SYS_SYSMACROS_H 1918#include <sys/sysmacros.h> 1919#endif 1920#ifdef HAVE_SYS_SELECT_H 1921#include <sys/select.h> 1922#endif 1923#ifdef HAVE_SYS_TIME_H 1924#include <sys/time.h> 1925#endif 1926#ifdef HAVE_UNISTD_H 1927#include <unistd.h> 1928#endif 1929 ]]) 1930AC_CHECK_TYPES([fd_mask], [], [], [[ 1931#include <sys/param.h> 1932#include <sys/types.h> 1933#ifdef HAVE_SYS_SELECT_H 1934#include <sys/select.h> 1935#endif 1936#ifdef HAVE_SYS_TIME_H 1937#include <sys/time.h> 1938#endif 1939#ifdef HAVE_UNISTD_H 1940#include <unistd.h> 1941#endif 1942 ]]) 1943 1944AC_CHECK_FUNCS([setresuid], [ 1945 dnl Some platorms have setresuid that isn't implemented, test for this 1946 AC_MSG_CHECKING([if setresuid seems to work]) 1947 AC_RUN_IFELSE( 1948 [AC_LANG_PROGRAM([[ 1949#include <stdlib.h> 1950#include <errno.h> 1951 ]], [[ 1952 errno=0; 1953 setresuid(0,0,0); 1954 if (errno==ENOSYS) 1955 exit(1); 1956 else 1957 exit(0); 1958 ]])], 1959 [AC_MSG_RESULT([yes])], 1960 [AC_DEFINE([BROKEN_SETRESUID], [1], 1961 [Define if your setresuid() is broken]) 1962 AC_MSG_RESULT([not implemented])], 1963 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1964 ) 1965]) 1966 1967AC_CHECK_FUNCS([setresgid], [ 1968 dnl Some platorms have setresgid that isn't implemented, test for this 1969 AC_MSG_CHECKING([if setresgid seems to work]) 1970 AC_RUN_IFELSE( 1971 [AC_LANG_PROGRAM([[ 1972#include <stdlib.h> 1973#include <errno.h> 1974 ]], [[ 1975 errno=0; 1976 setresgid(0,0,0); 1977 if (errno==ENOSYS) 1978 exit(1); 1979 else 1980 exit(0); 1981 ]])], 1982 [AC_MSG_RESULT([yes])], 1983 [AC_DEFINE([BROKEN_SETRESGID], [1], 1984 [Define if your setresgid() is broken]) 1985 AC_MSG_RESULT([not implemented])], 1986 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1987 ) 1988]) 1989 1990AC_CHECK_FUNCS([realpath], [ 1991 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 1992 dnl path name", however some implementations of realpath (and some 1993 dnl versions of the POSIX spec) do not work on non-existent files, 1994 dnl so we use the OpenBSD implementation on those platforms. 1995 AC_MSG_CHECKING([if realpath works with non-existent files]) 1996 AC_RUN_IFELSE( 1997 [AC_LANG_PROGRAM([[ 1998#include <limits.h> 1999#include <stdlib.h> 2000#include <errno.h> 2001 ]], [[ 2002 char buf[PATH_MAX]; 2003 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 2004 if (errno == ENOENT) 2005 exit(1); 2006 exit(0); 2007 ]])], 2008 [AC_MSG_RESULT([yes])], 2009 [AC_DEFINE([BROKEN_REALPATH], [1], 2010 [realpath does not work with nonexistent files]) 2011 AC_MSG_RESULT([no])], 2012 [AC_MSG_WARN([cross compiling: assuming working])] 2013 ) 2014]) 2015 2016dnl Checks for time functions 2017AC_CHECK_FUNCS([gettimeofday time]) 2018dnl Checks for utmp functions 2019AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2020AC_CHECK_FUNCS([utmpname]) 2021dnl Checks for utmpx functions 2022AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2023AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2024dnl Checks for lastlog functions 2025AC_CHECK_FUNCS([getlastlogxbyname]) 2026 2027AC_CHECK_FUNC([daemon], 2028 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2029 [AC_CHECK_LIB([bsd], [daemon], 2030 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2031) 2032 2033AC_CHECK_FUNC([getpagesize], 2034 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2035 [Define if your libraries define getpagesize()])], 2036 [AC_CHECK_LIB([ucb], [getpagesize], 2037 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2038) 2039 2040# Check for broken snprintf 2041if test "x$ac_cv_func_snprintf" = "xyes" ; then 2042 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2043 AC_RUN_IFELSE( 2044 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2045 [[ 2046 char b[5]; 2047 snprintf(b,5,"123456789"); 2048 exit(b[4]!='\0'); 2049 ]])], 2050 [AC_MSG_RESULT([yes])], 2051 [ 2052 AC_MSG_RESULT([no]) 2053 AC_DEFINE([BROKEN_SNPRINTF], [1], 2054 [Define if your snprintf is busted]) 2055 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2056 ], 2057 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2058 ) 2059fi 2060 2061# We depend on vsnprintf returning the right thing on overflow: the 2062# number of characters it tried to create (as per SUSv3) 2063if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2064 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2065 AC_RUN_IFELSE( 2066 [AC_LANG_PROGRAM([[ 2067#include <sys/types.h> 2068#include <stdio.h> 2069#include <stdarg.h> 2070 2071int x_snprintf(char *str, size_t count, const char *fmt, ...) 2072{ 2073 size_t ret; 2074 va_list ap; 2075 2076 va_start(ap, fmt); 2077 ret = vsnprintf(str, count, fmt, ap); 2078 va_end(ap); 2079 return ret; 2080} 2081 ]], [[ 2082char x[1]; 2083if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2084 return 1; 2085if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2086 return 1; 2087return 0; 2088 ]])], 2089 [AC_MSG_RESULT([yes])], 2090 [ 2091 AC_MSG_RESULT([no]) 2092 AC_DEFINE([BROKEN_SNPRINTF], [1], 2093 [Define if your snprintf is busted]) 2094 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2095 ], 2096 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2097 ) 2098fi 2099 2100# On systems where [v]snprintf is broken, but is declared in stdio, 2101# check that the fmt argument is const char * or just char *. 2102# This is only useful for when BROKEN_SNPRINTF 2103AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2104AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2105#include <stdio.h> 2106int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2107 ]], [[ 2108 snprintf(0, 0, 0); 2109 ]])], 2110 [AC_MSG_RESULT([yes]) 2111 AC_DEFINE([SNPRINTF_CONST], [const], 2112 [Define as const if snprintf() can declare const char *fmt])], 2113 [AC_MSG_RESULT([no]) 2114 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2115 2116# Check for missing getpeereid (or equiv) support 2117NO_PEERCHECK="" 2118if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2119 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2120 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2121#include <sys/types.h> 2122#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2123 [ AC_MSG_RESULT([yes]) 2124 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2125 ], [AC_MSG_RESULT([no]) 2126 NO_PEERCHECK=1 2127 ]) 2128fi 2129 2130dnl see whether mkstemp() requires XXXXXX 2131if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2132AC_MSG_CHECKING([for (overly) strict mkstemp]) 2133AC_RUN_IFELSE( 2134 [AC_LANG_PROGRAM([[ 2135#include <stdlib.h> 2136 ]], [[ 2137 char template[]="conftest.mkstemp-test"; 2138 if (mkstemp(template) == -1) 2139 exit(1); 2140 unlink(template); 2141 exit(0); 2142 ]])], 2143 [ 2144 AC_MSG_RESULT([no]) 2145 ], 2146 [ 2147 AC_MSG_RESULT([yes]) 2148 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2149 ], 2150 [ 2151 AC_MSG_RESULT([yes]) 2152 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2153 ] 2154) 2155fi 2156 2157dnl make sure that openpty does not reacquire controlling terminal 2158if test ! -z "$check_for_openpty_ctty_bug"; then 2159 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2160 AC_RUN_IFELSE( 2161 [AC_LANG_PROGRAM([[ 2162#include <stdio.h> 2163#include <sys/fcntl.h> 2164#include <sys/types.h> 2165#include <sys/wait.h> 2166 ]], [[ 2167 pid_t pid; 2168 int fd, ptyfd, ttyfd, status; 2169 2170 pid = fork(); 2171 if (pid < 0) { /* failed */ 2172 exit(1); 2173 } else if (pid > 0) { /* parent */ 2174 waitpid(pid, &status, 0); 2175 if (WIFEXITED(status)) 2176 exit(WEXITSTATUS(status)); 2177 else 2178 exit(2); 2179 } else { /* child */ 2180 close(0); close(1); close(2); 2181 setsid(); 2182 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2183 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2184 if (fd >= 0) 2185 exit(3); /* Acquired ctty: broken */ 2186 else 2187 exit(0); /* Did not acquire ctty: OK */ 2188 } 2189 ]])], 2190 [ 2191 AC_MSG_RESULT([yes]) 2192 ], 2193 [ 2194 AC_MSG_RESULT([no]) 2195 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2196 ], 2197 [ 2198 AC_MSG_RESULT([cross-compiling, assuming yes]) 2199 ] 2200 ) 2201fi 2202 2203if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2204 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2205 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2206 AC_RUN_IFELSE( 2207 [AC_LANG_PROGRAM([[ 2208#include <stdio.h> 2209#include <sys/socket.h> 2210#include <netdb.h> 2211#include <errno.h> 2212#include <netinet/in.h> 2213 2214#define TEST_PORT "2222" 2215 ]], [[ 2216 int err, sock; 2217 struct addrinfo *gai_ai, *ai, hints; 2218 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2219 2220 memset(&hints, 0, sizeof(hints)); 2221 hints.ai_family = PF_UNSPEC; 2222 hints.ai_socktype = SOCK_STREAM; 2223 hints.ai_flags = AI_PASSIVE; 2224 2225 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2226 if (err != 0) { 2227 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2228 exit(1); 2229 } 2230 2231 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2232 if (ai->ai_family != AF_INET6) 2233 continue; 2234 2235 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2236 sizeof(ntop), strport, sizeof(strport), 2237 NI_NUMERICHOST|NI_NUMERICSERV); 2238 2239 if (err != 0) { 2240 if (err == EAI_SYSTEM) 2241 perror("getnameinfo EAI_SYSTEM"); 2242 else 2243 fprintf(stderr, "getnameinfo failed: %s\n", 2244 gai_strerror(err)); 2245 exit(2); 2246 } 2247 2248 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2249 if (sock < 0) 2250 perror("socket"); 2251 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2252 if (errno == EBADF) 2253 exit(3); 2254 } 2255 } 2256 exit(0); 2257 ]])], 2258 [ 2259 AC_MSG_RESULT([yes]) 2260 ], 2261 [ 2262 AC_MSG_RESULT([no]) 2263 AC_DEFINE([BROKEN_GETADDRINFO]) 2264 ], 2265 [ 2266 AC_MSG_RESULT([cross-compiling, assuming yes]) 2267 ] 2268 ) 2269fi 2270 2271if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2272 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2273 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2274 AC_RUN_IFELSE( 2275 [AC_LANG_PROGRAM([[ 2276#include <stdio.h> 2277#include <sys/socket.h> 2278#include <netdb.h> 2279#include <errno.h> 2280#include <netinet/in.h> 2281 2282#define TEST_PORT "2222" 2283 ]], [[ 2284 int err, sock; 2285 struct addrinfo *gai_ai, *ai, hints; 2286 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2287 2288 memset(&hints, 0, sizeof(hints)); 2289 hints.ai_family = PF_UNSPEC; 2290 hints.ai_socktype = SOCK_STREAM; 2291 hints.ai_flags = AI_PASSIVE; 2292 2293 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2294 if (err != 0) { 2295 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2296 exit(1); 2297 } 2298 2299 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2300 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2301 continue; 2302 2303 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2304 sizeof(ntop), strport, sizeof(strport), 2305 NI_NUMERICHOST|NI_NUMERICSERV); 2306 2307 if (ai->ai_family == AF_INET && err != 0) { 2308 perror("getnameinfo"); 2309 exit(2); 2310 } 2311 } 2312 exit(0); 2313 ]])], 2314 [ 2315 AC_MSG_RESULT([yes]) 2316 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2317 [Define if you have a getaddrinfo that fails 2318 for the all-zeros IPv6 address]) 2319 ], 2320 [ 2321 AC_MSG_RESULT([no]) 2322 AC_DEFINE([BROKEN_GETADDRINFO]) 2323 ], 2324 [ 2325 AC_MSG_RESULT([cross-compiling, assuming no]) 2326 ] 2327 ) 2328fi 2329 2330if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2331 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2332 [#include <sys/types.h> 2333 #include <sys/socket.h> 2334 #include <netdb.h>]) 2335fi 2336 2337if test "x$check_for_conflicting_getspnam" = "x1"; then 2338 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2339 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2340 [[ exit(0); ]])], 2341 [ 2342 AC_MSG_RESULT([no]) 2343 ], 2344 [ 2345 AC_MSG_RESULT([yes]) 2346 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2347 [Conflicting defs for getspnam]) 2348 ] 2349 ) 2350fi 2351 2352AC_FUNC_GETPGRP 2353 2354# Search for OpenSSL 2355saved_CPPFLAGS="$CPPFLAGS" 2356saved_LDFLAGS="$LDFLAGS" 2357AC_ARG_WITH([ssl-dir], 2358 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2359 [ 2360 if test "x$openssl" = "xno" ; then 2361 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2362 fi 2363 if test "x$withval" != "xno" ; then 2364 case "$withval" in 2365 # Relative paths 2366 ./*|../*) withval="`pwd`/$withval" 2367 esac 2368 if test -d "$withval/lib"; then 2369 if test -n "${need_dash_r}"; then 2370 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2371 else 2372 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2373 fi 2374 elif test -d "$withval/lib64"; then 2375 if test -n "${need_dash_r}"; then 2376 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2377 else 2378 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2379 fi 2380 else 2381 if test -n "${need_dash_r}"; then 2382 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2383 else 2384 LDFLAGS="-L${withval} ${LDFLAGS}" 2385 fi 2386 fi 2387 if test -d "$withval/include"; then 2388 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2389 else 2390 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2391 fi 2392 fi 2393 ] 2394) 2395 2396AC_ARG_WITH([openssl-header-check], 2397 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2398 [ 2399 if test "x$withval" = "xno" ; then 2400 openssl_check_nonfatal=1 2401 fi 2402 ] 2403) 2404 2405openssl_engine=no 2406AC_ARG_WITH([ssl-engine], 2407 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2408 [ 2409 if test "x$withval" != "xno" ; then 2410 if test "x$openssl" = "xno" ; then 2411 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2412 fi 2413 openssl_engine=yes 2414 fi 2415 ] 2416) 2417 2418if test "x$openssl" = "xyes" ; then 2419 LIBS="-lcrypto $LIBS" 2420 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2421 [Define if your ssl headers are included 2422 with #include <openssl/header.h>])], 2423 [ 2424 dnl Check default openssl install dir 2425 if test -n "${need_dash_r}"; then 2426 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2427 else 2428 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2429 fi 2430 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2431 AC_CHECK_HEADER([openssl/opensslv.h], , 2432 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2433 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2434 [ 2435 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2436 ] 2437 ) 2438 ] 2439 ) 2440 2441 # Determine OpenSSL header version 2442 AC_MSG_CHECKING([OpenSSL header version]) 2443 AC_RUN_IFELSE( 2444 [AC_LANG_PROGRAM([[ 2445 #include <stdlib.h> 2446 #include <stdio.h> 2447 #include <string.h> 2448 #include <openssl/opensslv.h> 2449 #define DATA "conftest.sslincver" 2450 ]], [[ 2451 FILE *fd; 2452 int rc; 2453 2454 fd = fopen(DATA,"w"); 2455 if(fd == NULL) 2456 exit(1); 2457 2458 if ((rc = fprintf(fd ,"%08lx (%s)\n", 2459 (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 2460 exit(1); 2461 2462 exit(0); 2463 ]])], 2464 [ 2465 ssl_header_ver=`cat conftest.sslincver` 2466 AC_MSG_RESULT([$ssl_header_ver]) 2467 ], 2468 [ 2469 AC_MSG_RESULT([not found]) 2470 AC_MSG_ERROR([OpenSSL version header not found.]) 2471 ], 2472 [ 2473 AC_MSG_WARN([cross compiling: not checking]) 2474 ] 2475 ) 2476 2477 # Determine OpenSSL library version 2478 AC_MSG_CHECKING([OpenSSL library version]) 2479 AC_RUN_IFELSE( 2480 [AC_LANG_PROGRAM([[ 2481 #include <stdio.h> 2482 #include <string.h> 2483 #include <openssl/opensslv.h> 2484 #include <openssl/crypto.h> 2485 #define DATA "conftest.ssllibver" 2486 ]], [[ 2487 FILE *fd; 2488 int rc; 2489 2490 fd = fopen(DATA,"w"); 2491 if(fd == NULL) 2492 exit(1); 2493 2494 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), 2495 SSLeay_version(SSLEAY_VERSION))) <0) 2496 exit(1); 2497 2498 exit(0); 2499 ]])], 2500 [ 2501 ssl_library_ver=`cat conftest.ssllibver` 2502 # Check version is supported. 2503 case "$ssl_library_ver" in 2504 0090[[0-7]]*|009080[[0-5]]*) 2505 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) 2506 ;; 2507 *) ;; 2508 esac 2509 AC_MSG_RESULT([$ssl_library_ver]) 2510 ], 2511 [ 2512 AC_MSG_RESULT([not found]) 2513 AC_MSG_ERROR([OpenSSL library not found.]) 2514 ], 2515 [ 2516 AC_MSG_WARN([cross compiling: not checking]) 2517 ] 2518 ) 2519 2520 # Sanity check OpenSSL headers 2521 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2522 AC_RUN_IFELSE( 2523 [AC_LANG_PROGRAM([[ 2524 #include <string.h> 2525 #include <openssl/opensslv.h> 2526 #include <openssl/crypto.h> 2527 ]], [[ 2528 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2529 ]])], 2530 [ 2531 AC_MSG_RESULT([yes]) 2532 ], 2533 [ 2534 AC_MSG_RESULT([no]) 2535 if test "x$openssl_check_nonfatal" = "x"; then 2536 AC_MSG_ERROR([Your OpenSSL headers do not match your 2537 library. Check config.log for details. 2538 If you are sure your installation is consistent, you can disable the check 2539 by running "./configure --without-openssl-header-check". 2540 Also see contrib/findssl.sh for help identifying header/library mismatches. 2541 ]) 2542 else 2543 AC_MSG_WARN([Your OpenSSL headers do not match your 2544 library. Check config.log for details. 2545 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2546 fi 2547 ], 2548 [ 2549 AC_MSG_WARN([cross compiling: not checking]) 2550 ] 2551 ) 2552 2553 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2554 AC_LINK_IFELSE( 2555 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2556 [[ SSLeay_add_all_algorithms(); ]])], 2557 [ 2558 AC_MSG_RESULT([yes]) 2559 ], 2560 [ 2561 AC_MSG_RESULT([no]) 2562 saved_LIBS="$LIBS" 2563 LIBS="$LIBS -ldl" 2564 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2565 AC_LINK_IFELSE( 2566 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2567 [[ SSLeay_add_all_algorithms(); ]])], 2568 [ 2569 AC_MSG_RESULT([yes]) 2570 ], 2571 [ 2572 AC_MSG_RESULT([no]) 2573 LIBS="$saved_LIBS" 2574 ] 2575 ) 2576 ] 2577 ) 2578 2579 AC_CHECK_FUNCS([ \ 2580 BN_is_prime_ex \ 2581 DSA_generate_parameters_ex \ 2582 EVP_DigestInit_ex \ 2583 EVP_DigestFinal_ex \ 2584 EVP_MD_CTX_init \ 2585 EVP_MD_CTX_cleanup \ 2586 EVP_MD_CTX_copy_ex \ 2587 HMAC_CTX_init \ 2588 RSA_generate_key_ex \ 2589 RSA_get_default_method \ 2590 ]) 2591 2592 if test "x$openssl_engine" = "xyes" ; then 2593 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2594 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2595 #include <openssl/engine.h> 2596 ]], [[ 2597 ENGINE_load_builtin_engines(); 2598 ENGINE_register_all_complete(); 2599 ]])], 2600 [ AC_MSG_RESULT([yes]) 2601 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2602 [Enable OpenSSL engine support]) 2603 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2604 ]) 2605 fi 2606 2607 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2608 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2609 AC_LINK_IFELSE( 2610 [AC_LANG_PROGRAM([[ 2611 #include <string.h> 2612 #include <openssl/evp.h> 2613 ]], [[ 2614 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2615 ]])], 2616 [ 2617 AC_MSG_RESULT([no]) 2618 ], 2619 [ 2620 AC_MSG_RESULT([yes]) 2621 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2622 [libcrypto is missing AES 192 and 256 bit functions]) 2623 ] 2624 ) 2625 2626 # Check for OpenSSL with EVP_aes_*ctr 2627 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2628 AC_LINK_IFELSE( 2629 [AC_LANG_PROGRAM([[ 2630 #include <string.h> 2631 #include <openssl/evp.h> 2632 ]], [[ 2633 exit(EVP_aes_128_ctr() == NULL || 2634 EVP_aes_192_cbc() == NULL || 2635 EVP_aes_256_cbc() == NULL); 2636 ]])], 2637 [ 2638 AC_MSG_RESULT([yes]) 2639 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2640 [libcrypto has EVP AES CTR]) 2641 ], 2642 [ 2643 AC_MSG_RESULT([no]) 2644 ] 2645 ) 2646 2647 # Check for OpenSSL with EVP_aes_*gcm 2648 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2649 AC_LINK_IFELSE( 2650 [AC_LANG_PROGRAM([[ 2651 #include <string.h> 2652 #include <openssl/evp.h> 2653 ]], [[ 2654 exit(EVP_aes_128_gcm() == NULL || 2655 EVP_aes_256_gcm() == NULL || 2656 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2657 EVP_CTRL_GCM_IV_GEN == 0 || 2658 EVP_CTRL_GCM_SET_TAG == 0 || 2659 EVP_CTRL_GCM_GET_TAG == 0 || 2660 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2661 ]])], 2662 [ 2663 AC_MSG_RESULT([yes]) 2664 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2665 [libcrypto has EVP AES GCM]) 2666 ], 2667 [ 2668 AC_MSG_RESULT([no]) 2669 unsupported_algorithms="$unsupported_cipers \ 2670 aes128-gcm@openssh.com aes256-gcm@openssh.com" 2671 ] 2672 ) 2673 2674 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2675 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2676 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2677 2678 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2679 AC_LINK_IFELSE( 2680 [AC_LANG_PROGRAM([[ 2681 #include <string.h> 2682 #include <openssl/evp.h> 2683 ]], [[ 2684 if(EVP_DigestUpdate(NULL, NULL,0)) 2685 exit(0); 2686 ]])], 2687 [ 2688 AC_MSG_RESULT([yes]) 2689 ], 2690 [ 2691 AC_MSG_RESULT([no]) 2692 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2693 [Define if EVP_DigestUpdate returns void]) 2694 ] 2695 ) 2696 2697 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2698 # because the system crypt() is more featureful. 2699 if test "x$check_for_libcrypt_before" = "x1"; then 2700 AC_CHECK_LIB([crypt], [crypt]) 2701 fi 2702 2703 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2704 # version in OpenSSL. 2705 if test "x$check_for_libcrypt_later" = "x1"; then 2706 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2707 fi 2708 AC_CHECK_FUNCS([crypt DES_crypt]) 2709 2710 # Search for SHA256 support in libc and/or OpenSSL 2711 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2712 [unsupported_algorithms="$unsupported_algorithms \ 2713 hmac-sha2-256 hmac-sha2-512 \ 2714 diffie-hellman-group-exchange-sha256 \ 2715 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 2716 ] 2717 ) 2718 # Search for RIPE-MD support in OpenSSL 2719 AC_CHECK_FUNCS([EVP_ripemd160], , 2720 [unsupported_algorithms="$unsupported_algorithms \ 2721 hmac-ripemd160 2722 hmac-ripemd160@openssh.com 2723 hmac-ripemd160-etm@openssh.com" 2724 ] 2725 ) 2726 2727 # Check complete ECC support in OpenSSL 2728 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2729 AC_LINK_IFELSE( 2730 [AC_LANG_PROGRAM([[ 2731 #include <openssl/ec.h> 2732 #include <openssl/ecdh.h> 2733 #include <openssl/ecdsa.h> 2734 #include <openssl/evp.h> 2735 #include <openssl/objects.h> 2736 #include <openssl/opensslv.h> 2737 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2738 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2739 #endif 2740 ]], [[ 2741 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2742 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2743 ]])], 2744 [ AC_MSG_RESULT([yes]) 2745 enable_nistp256=1 ], 2746 [ AC_MSG_RESULT([no]) ] 2747 ) 2748 2749 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2750 AC_LINK_IFELSE( 2751 [AC_LANG_PROGRAM([[ 2752 #include <openssl/ec.h> 2753 #include <openssl/ecdh.h> 2754 #include <openssl/ecdsa.h> 2755 #include <openssl/evp.h> 2756 #include <openssl/objects.h> 2757 #include <openssl/opensslv.h> 2758 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2759 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2760 #endif 2761 ]], [[ 2762 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2763 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2764 ]])], 2765 [ AC_MSG_RESULT([yes]) 2766 enable_nistp384=1 ], 2767 [ AC_MSG_RESULT([no]) ] 2768 ) 2769 2770 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2771 AC_LINK_IFELSE( 2772 [AC_LANG_PROGRAM([[ 2773 #include <openssl/ec.h> 2774 #include <openssl/ecdh.h> 2775 #include <openssl/ecdsa.h> 2776 #include <openssl/evp.h> 2777 #include <openssl/objects.h> 2778 #include <openssl/opensslv.h> 2779 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2780 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2781 #endif 2782 ]], [[ 2783 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2784 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2785 ]])], 2786 [ AC_MSG_RESULT([yes]) 2787 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2788 AC_RUN_IFELSE( 2789 [AC_LANG_PROGRAM([[ 2790 #include <openssl/ec.h> 2791 #include <openssl/ecdh.h> 2792 #include <openssl/ecdsa.h> 2793 #include <openssl/evp.h> 2794 #include <openssl/objects.h> 2795 #include <openssl/opensslv.h> 2796 ]],[[ 2797 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2798 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2799 exit(e == NULL || m == NULL); 2800 ]])], 2801 [ AC_MSG_RESULT([yes]) 2802 enable_nistp521=1 ], 2803 [ AC_MSG_RESULT([no]) ], 2804 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2805 enable_nistp521=1 ] 2806 )], 2807 AC_MSG_RESULT([no]) 2808 ) 2809 2810 COMMENT_OUT_ECC="#no ecc#" 2811 TEST_SSH_ECC=no 2812 2813 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2814 test x$enable_nistp521 = x1; then 2815 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2816 fi 2817 if test x$enable_nistp256 = x1; then 2818 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2819 [libcrypto has NID_X9_62_prime256v1]) 2820 TEST_SSH_ECC=yes 2821 COMMENT_OUT_ECC="" 2822 else 2823 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ 2824 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2825 fi 2826 if test x$enable_nistp384 = x1; then 2827 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2828 TEST_SSH_ECC=yes 2829 COMMENT_OUT_ECC="" 2830 else 2831 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ 2832 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2833 fi 2834 if test x$enable_nistp521 = x1; then 2835 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2836 TEST_SSH_ECC=yes 2837 COMMENT_OUT_ECC="" 2838 else 2839 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ 2840 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2841 fi 2842 2843 AC_SUBST([TEST_SSH_ECC]) 2844 AC_SUBST([COMMENT_OUT_ECC]) 2845else 2846 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2847 AC_CHECK_FUNCS([crypt]) 2848fi 2849 2850AC_CHECK_FUNCS([ \ 2851 arc4random \ 2852 arc4random_buf \ 2853 arc4random_stir \ 2854 arc4random_uniform \ 2855]) 2856 2857saved_LIBS="$LIBS" 2858AC_CHECK_LIB([iaf], [ia_openinfo], [ 2859 LIBS="$LIBS -liaf" 2860 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2861 AC_DEFINE([HAVE_LIBIAF], [1], 2862 [Define if system has libiaf that supports set_id]) 2863 ]) 2864]) 2865LIBS="$saved_LIBS" 2866 2867### Configure cryptographic random number support 2868 2869# Check wheter OpenSSL seeds itself 2870if test "x$openssl" = "xyes" ; then 2871 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2872 AC_RUN_IFELSE( 2873 [AC_LANG_PROGRAM([[ 2874 #include <string.h> 2875 #include <openssl/rand.h> 2876 ]], [[ 2877 exit(RAND_status() == 1 ? 0 : 1); 2878 ]])], 2879 [ 2880 OPENSSL_SEEDS_ITSELF=yes 2881 AC_MSG_RESULT([yes]) 2882 ], 2883 [ 2884 AC_MSG_RESULT([no]) 2885 ], 2886 [ 2887 AC_MSG_WARN([cross compiling: assuming yes]) 2888 # This is safe, since we will fatal() at runtime if 2889 # OpenSSL is not seeded correctly. 2890 OPENSSL_SEEDS_ITSELF=yes 2891 ] 2892 ) 2893fi 2894 2895# PRNGD TCP socket 2896AC_ARG_WITH([prngd-port], 2897 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2898 [ 2899 case "$withval" in 2900 no) 2901 withval="" 2902 ;; 2903 [[0-9]]*) 2904 ;; 2905 *) 2906 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2907 ;; 2908 esac 2909 if test ! -z "$withval" ; then 2910 PRNGD_PORT="$withval" 2911 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2912 [Port number of PRNGD/EGD random number socket]) 2913 fi 2914 ] 2915) 2916 2917# PRNGD Unix domain socket 2918AC_ARG_WITH([prngd-socket], 2919 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2920 [ 2921 case "$withval" in 2922 yes) 2923 withval="/var/run/egd-pool" 2924 ;; 2925 no) 2926 withval="" 2927 ;; 2928 /*) 2929 ;; 2930 *) 2931 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2932 ;; 2933 esac 2934 2935 if test ! -z "$withval" ; then 2936 if test ! -z "$PRNGD_PORT" ; then 2937 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2938 fi 2939 if test ! -r "$withval" ; then 2940 AC_MSG_WARN([Entropy socket is not readable]) 2941 fi 2942 PRNGD_SOCKET="$withval" 2943 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2944 [Location of PRNGD/EGD random number socket]) 2945 fi 2946 ], 2947 [ 2948 # Check for existing socket only if we don't have a random device already 2949 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2950 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2951 # Insert other locations here 2952 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2953 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2954 PRNGD_SOCKET="$sock" 2955 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2956 break; 2957 fi 2958 done 2959 if test ! -z "$PRNGD_SOCKET" ; then 2960 AC_MSG_RESULT([$PRNGD_SOCKET]) 2961 else 2962 AC_MSG_RESULT([not found]) 2963 fi 2964 fi 2965 ] 2966) 2967 2968# Which randomness source do we use? 2969if test ! -z "$PRNGD_PORT" ; then 2970 RAND_MSG="PRNGd port $PRNGD_PORT" 2971elif test ! -z "$PRNGD_SOCKET" ; then 2972 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 2973elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 2974 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 2975 [Define if you want the OpenSSL internally seeded PRNG only]) 2976 RAND_MSG="OpenSSL internal ONLY" 2977elif test "x$openssl" = "xno" ; then 2978 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 2979else 2980 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 2981fi 2982 2983# Check for PAM libs 2984PAM_MSG="no" 2985AC_ARG_WITH([pam], 2986 [ --with-pam Enable PAM support ], 2987 [ 2988 if test "x$withval" != "xno" ; then 2989 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 2990 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 2991 AC_MSG_ERROR([PAM headers not found]) 2992 fi 2993 2994 saved_LIBS="$LIBS" 2995 AC_CHECK_LIB([dl], [dlopen], , ) 2996 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 2997 AC_CHECK_FUNCS([pam_getenvlist]) 2998 AC_CHECK_FUNCS([pam_putenv]) 2999 LIBS="$saved_LIBS" 3000 3001 PAM_MSG="yes" 3002 3003 SSHDLIBS="$SSHDLIBS -lpam" 3004 AC_DEFINE([USE_PAM], [1], 3005 [Define if you want to enable PAM support]) 3006 3007 if test $ac_cv_lib_dl_dlopen = yes; then 3008 case "$LIBS" in 3009 *-ldl*) 3010 # libdl already in LIBS 3011 ;; 3012 *) 3013 SSHDLIBS="$SSHDLIBS -ldl" 3014 ;; 3015 esac 3016 fi 3017 fi 3018 ] 3019) 3020 3021# Check for older PAM 3022if test "x$PAM_MSG" = "xyes" ; then 3023 # Check PAM strerror arguments (old PAM) 3024 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3025 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3026#include <stdlib.h> 3027#if defined(HAVE_SECURITY_PAM_APPL_H) 3028#include <security/pam_appl.h> 3029#elif defined (HAVE_PAM_PAM_APPL_H) 3030#include <pam/pam_appl.h> 3031#endif 3032 ]], [[ 3033(void)pam_strerror((pam_handle_t *)NULL, -1); 3034 ]])], [AC_MSG_RESULT([no])], [ 3035 AC_DEFINE([HAVE_OLD_PAM], [1], 3036 [Define if you have an old version of PAM 3037 which takes only one argument to pam_strerror]) 3038 AC_MSG_RESULT([yes]) 3039 PAM_MSG="yes (old library)" 3040 3041 ]) 3042fi 3043 3044case "$host" in 3045*-*-cygwin*) 3046 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3047 ;; 3048*) 3049 SSH_PRIVSEP_USER=sshd 3050 ;; 3051esac 3052AC_ARG_WITH([privsep-user], 3053 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3054 [ 3055 if test -n "$withval" && test "x$withval" != "xno" && \ 3056 test "x${withval}" != "xyes"; then 3057 SSH_PRIVSEP_USER=$withval 3058 fi 3059 ] 3060) 3061if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3062 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3063 [Cygwin function to fetch non-privileged user for privilege separation]) 3064else 3065 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3066 [non-privileged user for privilege separation]) 3067fi 3068AC_SUBST([SSH_PRIVSEP_USER]) 3069 3070if test "x$have_linux_no_new_privs" = "x1" ; then 3071AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3072 #include <sys/types.h> 3073 #include <linux/seccomp.h> 3074]) 3075fi 3076if test "x$have_seccomp_filter" = "x1" ; then 3077AC_MSG_CHECKING([kernel for seccomp_filter support]) 3078AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3079 #include <errno.h> 3080 #include <elf.h> 3081 #include <linux/audit.h> 3082 #include <linux/seccomp.h> 3083 #include <stdlib.h> 3084 #include <sys/prctl.h> 3085 ]], 3086 [[ int i = $seccomp_audit_arch; 3087 errno = 0; 3088 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3089 exit(errno == EFAULT ? 0 : 1); ]])], 3090 [ AC_MSG_RESULT([yes]) ], [ 3091 AC_MSG_RESULT([no]) 3092 # Disable seccomp filter as a target 3093 have_seccomp_filter=0 3094 ] 3095) 3096fi 3097 3098# Decide which sandbox style to use 3099sandbox_arg="" 3100AC_ARG_WITH([sandbox], 3101 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3102 [ 3103 if test "x$withval" = "xyes" ; then 3104 sandbox_arg="" 3105 else 3106 sandbox_arg="$withval" 3107 fi 3108 ] 3109) 3110 3111# Some platforms (seems to be the ones that have a kernel poll(2)-type 3112# function with which they implement select(2)) use an extra file descriptor 3113# when calling select(2), which means we can't use the rlimit sandbox. 3114AC_MSG_CHECKING([if select works with descriptor rlimit]) 3115AC_RUN_IFELSE( 3116 [AC_LANG_PROGRAM([[ 3117#include <sys/types.h> 3118#ifdef HAVE_SYS_TIME_H 3119# include <sys/time.h> 3120#endif 3121#include <sys/resource.h> 3122#ifdef HAVE_SYS_SELECT_H 3123# include <sys/select.h> 3124#endif 3125#include <errno.h> 3126#include <fcntl.h> 3127#include <stdlib.h> 3128 ]],[[ 3129 struct rlimit rl_zero; 3130 int fd, r; 3131 fd_set fds; 3132 struct timeval tv; 3133 3134 fd = open("/dev/null", O_RDONLY); 3135 FD_ZERO(&fds); 3136 FD_SET(fd, &fds); 3137 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3138 setrlimit(RLIMIT_FSIZE, &rl_zero); 3139 setrlimit(RLIMIT_NOFILE, &rl_zero); 3140 tv.tv_sec = 1; 3141 tv.tv_usec = 0; 3142 r = select(fd+1, &fds, NULL, NULL, &tv); 3143 exit (r == -1 ? 1 : 0); 3144 ]])], 3145 [AC_MSG_RESULT([yes]) 3146 select_works_with_rlimit=yes], 3147 [AC_MSG_RESULT([no]) 3148 select_works_with_rlimit=no], 3149 [AC_MSG_WARN([cross compiling: assuming yes])] 3150) 3151 3152AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3153AC_RUN_IFELSE( 3154 [AC_LANG_PROGRAM([[ 3155#include <sys/types.h> 3156#ifdef HAVE_SYS_TIME_H 3157# include <sys/time.h> 3158#endif 3159#include <sys/resource.h> 3160#include <errno.h> 3161#include <stdlib.h> 3162 ]],[[ 3163 struct rlimit rl_zero; 3164 int fd, r; 3165 fd_set fds; 3166 3167 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3168 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3169 exit (r == -1 ? 1 : 0); 3170 ]])], 3171 [AC_MSG_RESULT([yes]) 3172 rlimit_nofile_zero_works=yes], 3173 [AC_MSG_RESULT([no]) 3174 rlimit_nofile_zero_works=no], 3175 [AC_MSG_WARN([cross compiling: assuming yes])] 3176) 3177 3178AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3179AC_RUN_IFELSE( 3180 [AC_LANG_PROGRAM([[ 3181#include <sys/types.h> 3182#include <sys/resource.h> 3183#include <stdlib.h> 3184 ]],[[ 3185 struct rlimit rl_zero; 3186 3187 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3188 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3189 ]])], 3190 [AC_MSG_RESULT([yes])], 3191 [AC_MSG_RESULT([no]) 3192 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3193 [setrlimit RLIMIT_FSIZE works])], 3194 [AC_MSG_WARN([cross compiling: assuming yes])] 3195) 3196 3197if test "x$sandbox_arg" = "xpledge" || \ 3198 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3199 test "x$ac_cv_func_pledge" != "xyes" && \ 3200 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3201 SANDBOX_STYLE="pledge" 3202 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3203elif test "x$sandbox_arg" = "xsystrace" || \ 3204 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3205 test "x$have_systr_policy_kill" != "x1" && \ 3206 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3207 SANDBOX_STYLE="systrace" 3208 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3209elif test "x$sandbox_arg" = "xdarwin" || \ 3210 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3211 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3212 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3213 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3214 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3215 SANDBOX_STYLE="darwin" 3216 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3217elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3218 ( test -z "$sandbox_arg" && \ 3219 test "x$have_seccomp_filter" = "x1" && \ 3220 test "x$ac_cv_header_elf_h" = "xyes" && \ 3221 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3222 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3223 test "x$seccomp_audit_arch" != "x" && \ 3224 test "x$have_linux_no_new_privs" = "x1" && \ 3225 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3226 test "x$seccomp_audit_arch" = "x" && \ 3227 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3228 test "x$have_linux_no_new_privs" != "x1" && \ 3229 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3230 test "x$have_seccomp_filter" != "x1" && \ 3231 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3232 test "x$ac_cv_func_prctl" != "xyes" && \ 3233 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3234 SANDBOX_STYLE="seccomp_filter" 3235 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3236elif test "x$sandbox_arg" = "xcapsicum" || \ 3237 ( test -z "$sandbox_arg" && \ 3238 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3239 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3240 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3241 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3242 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3243 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3244 SANDBOX_STYLE="capsicum" 3245 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3246elif test "x$sandbox_arg" = "xrlimit" || \ 3247 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3248 test "x$select_works_with_rlimit" = "xyes" && \ 3249 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3250 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3251 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3252 test "x$select_works_with_rlimit" != "xyes" && \ 3253 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3254 SANDBOX_STYLE="rlimit" 3255 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3256elif test "x$sandbox_arg" = "xsolaris" || \ 3257 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3258 SANDBOX_STYLE="solaris" 3259 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3260elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3261 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3262 SANDBOX_STYLE="none" 3263 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3264else 3265 AC_MSG_ERROR([unsupported --with-sandbox]) 3266fi 3267 3268# Cheap hack to ensure NEWS-OS libraries are arranged right. 3269if test ! -z "$SONY" ; then 3270 LIBS="$LIBS -liberty"; 3271fi 3272 3273# Check for long long datatypes 3274AC_CHECK_TYPES([long long, unsigned long long, long double]) 3275 3276# Check datatype sizes 3277AC_CHECK_SIZEOF([short int], [2]) 3278AC_CHECK_SIZEOF([int], [4]) 3279AC_CHECK_SIZEOF([long int], [4]) 3280AC_CHECK_SIZEOF([long long int], [8]) 3281 3282# Sanity check long long for some platforms (AIX) 3283if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3284 ac_cv_sizeof_long_long_int=0 3285fi 3286 3287# compute LLONG_MIN and LLONG_MAX if we don't know them. 3288if test -z "$have_llong_max"; then 3289 AC_MSG_CHECKING([for max value of long long]) 3290 AC_RUN_IFELSE( 3291 [AC_LANG_PROGRAM([[ 3292#include <stdio.h> 3293/* Why is this so damn hard? */ 3294#ifdef __GNUC__ 3295# undef __GNUC__ 3296#endif 3297#define __USE_ISOC99 3298#include <limits.h> 3299#define DATA "conftest.llminmax" 3300#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3301 3302/* 3303 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3304 * we do this the hard way. 3305 */ 3306static int 3307fprint_ll(FILE *f, long long n) 3308{ 3309 unsigned int i; 3310 int l[sizeof(long long) * 8]; 3311 3312 if (n < 0) 3313 if (fprintf(f, "-") < 0) 3314 return -1; 3315 for (i = 0; n != 0; i++) { 3316 l[i] = my_abs(n % 10); 3317 n /= 10; 3318 } 3319 do { 3320 if (fprintf(f, "%d", l[--i]) < 0) 3321 return -1; 3322 } while (i != 0); 3323 if (fprintf(f, " ") < 0) 3324 return -1; 3325 return 0; 3326} 3327 ]], [[ 3328 FILE *f; 3329 long long i, llmin, llmax = 0; 3330 3331 if((f = fopen(DATA,"w")) == NULL) 3332 exit(1); 3333 3334#if defined(LLONG_MIN) && defined(LLONG_MAX) 3335 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3336 llmin = LLONG_MIN; 3337 llmax = LLONG_MAX; 3338#else 3339 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3340 /* This will work on one's complement and two's complement */ 3341 for (i = 1; i > llmax; i <<= 1, i++) 3342 llmax = i; 3343 llmin = llmax + 1LL; /* wrap */ 3344#endif 3345 3346 /* Sanity check */ 3347 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3348 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3349 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3350 fprintf(f, "unknown unknown\n"); 3351 exit(2); 3352 } 3353 3354 if (fprint_ll(f, llmin) < 0) 3355 exit(3); 3356 if (fprint_ll(f, llmax) < 0) 3357 exit(4); 3358 if (fclose(f) < 0) 3359 exit(5); 3360 exit(0); 3361 ]])], 3362 [ 3363 llong_min=`$AWK '{print $1}' conftest.llminmax` 3364 llong_max=`$AWK '{print $2}' conftest.llminmax` 3365 3366 AC_MSG_RESULT([$llong_max]) 3367 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3368 [max value of long long calculated by configure]) 3369 AC_MSG_CHECKING([for min value of long long]) 3370 AC_MSG_RESULT([$llong_min]) 3371 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3372 [min value of long long calculated by configure]) 3373 ], 3374 [ 3375 AC_MSG_RESULT([not found]) 3376 ], 3377 [ 3378 AC_MSG_WARN([cross compiling: not checking]) 3379 ] 3380 ) 3381fi 3382 3383 3384# More checks for data types 3385AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3386 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3387 [[ u_int a; a = 1;]])], 3388 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3389 ]) 3390]) 3391if test "x$ac_cv_have_u_int" = "xyes" ; then 3392 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3393 have_u_int=1 3394fi 3395 3396AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3397 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3398 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3399 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3400 ]) 3401]) 3402if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3403 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3404 have_intxx_t=1 3405fi 3406 3407if (test -z "$have_intxx_t" && \ 3408 test "x$ac_cv_header_stdint_h" = "xyes") 3409then 3410 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3411 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3412 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3413 [ 3414 AC_DEFINE([HAVE_INTXX_T]) 3415 AC_MSG_RESULT([yes]) 3416 ], [ AC_MSG_RESULT([no]) 3417 ]) 3418fi 3419 3420AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3421 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3422#include <sys/types.h> 3423#ifdef HAVE_STDINT_H 3424# include <stdint.h> 3425#endif 3426#include <sys/socket.h> 3427#ifdef HAVE_SYS_BITYPES_H 3428# include <sys/bitypes.h> 3429#endif 3430 ]], [[ 3431int64_t a; a = 1; 3432 ]])], 3433 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3434 ]) 3435]) 3436if test "x$ac_cv_have_int64_t" = "xyes" ; then 3437 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3438fi 3439 3440AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3442 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3443 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3444 ]) 3445]) 3446if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3447 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3448 have_u_intxx_t=1 3449fi 3450 3451if test -z "$have_u_intxx_t" ; then 3452 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3453 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3454 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3455 [ 3456 AC_DEFINE([HAVE_U_INTXX_T]) 3457 AC_MSG_RESULT([yes]) 3458 ], [ AC_MSG_RESULT([no]) 3459 ]) 3460fi 3461 3462AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3463 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3464 [[ u_int64_t a; a = 1;]])], 3465 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3466 ]) 3467]) 3468if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3469 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3470 have_u_int64_t=1 3471fi 3472 3473if (test -z "$have_u_int64_t" && \ 3474 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3475then 3476 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3477 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3478 [[ u_int64_t a; a = 1]])], 3479 [ 3480 AC_DEFINE([HAVE_U_INT64_T]) 3481 AC_MSG_RESULT([yes]) 3482 ], [ AC_MSG_RESULT([no]) 3483 ]) 3484fi 3485 3486if test -z "$have_u_intxx_t" ; then 3487 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3488 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3489#include <sys/types.h> 3490 ]], [[ 3491 uint8_t a; 3492 uint16_t b; 3493 uint32_t c; 3494 a = b = c = 1; 3495 ]])], 3496 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3497 ]) 3498 ]) 3499 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3500 AC_DEFINE([HAVE_UINTXX_T], [1], 3501 [define if you have uintxx_t data type]) 3502 fi 3503fi 3504 3505if (test -z "$have_uintxx_t" && \ 3506 test "x$ac_cv_header_stdint_h" = "xyes") 3507then 3508 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3509 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3510 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3511 [ 3512 AC_DEFINE([HAVE_UINTXX_T]) 3513 AC_MSG_RESULT([yes]) 3514 ], [ AC_MSG_RESULT([no]) 3515 ]) 3516fi 3517 3518if (test -z "$have_uintxx_t" && \ 3519 test "x$ac_cv_header_inttypes_h" = "xyes") 3520then 3521 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3522 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3523 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3524 [ 3525 AC_DEFINE([HAVE_UINTXX_T]) 3526 AC_MSG_RESULT([yes]) 3527 ], [ AC_MSG_RESULT([no]) 3528 ]) 3529fi 3530 3531if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3532 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3533then 3534 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3535 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3536#include <sys/bitypes.h> 3537 ]], [[ 3538 int8_t a; int16_t b; int32_t c; 3539 u_int8_t e; u_int16_t f; u_int32_t g; 3540 a = b = c = e = f = g = 1; 3541 ]])], 3542 [ 3543 AC_DEFINE([HAVE_U_INTXX_T]) 3544 AC_DEFINE([HAVE_INTXX_T]) 3545 AC_MSG_RESULT([yes]) 3546 ], [AC_MSG_RESULT([no]) 3547 ]) 3548fi 3549 3550 3551AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3552 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3553 [[ u_char foo; foo = 125; ]])], 3554 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3555 ]) 3556]) 3557if test "x$ac_cv_have_u_char" = "xyes" ; then 3558 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3559fi 3560 3561AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3562#include <sys/types.h> 3563#include <stdint.h> 3564]) 3565 3566TYPE_SOCKLEN_T 3567 3568AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3569AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3570#include <sys/types.h> 3571#ifdef HAVE_SYS_BITYPES_H 3572#include <sys/bitypes.h> 3573#endif 3574#ifdef HAVE_SYS_STATFS_H 3575#include <sys/statfs.h> 3576#endif 3577#ifdef HAVE_SYS_STATVFS_H 3578#include <sys/statvfs.h> 3579#endif 3580]) 3581 3582AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3583[#include <sys/types.h> 3584#include <netinet/in.h>]) 3585 3586AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3587 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3588 [[ size_t foo; foo = 1235; ]])], 3589 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3590 ]) 3591]) 3592if test "x$ac_cv_have_size_t" = "xyes" ; then 3593 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3594fi 3595 3596AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3597 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3598 [[ ssize_t foo; foo = 1235; ]])], 3599 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3600 ]) 3601]) 3602if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3603 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3604fi 3605 3606AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3607 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3608 [[ clock_t foo; foo = 1235; ]])], 3609 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3610 ]) 3611]) 3612if test "x$ac_cv_have_clock_t" = "xyes" ; then 3613 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3614fi 3615 3616AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3617 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3618#include <sys/types.h> 3619#include <sys/socket.h> 3620 ]], [[ sa_family_t foo; foo = 1235; ]])], 3621 [ ac_cv_have_sa_family_t="yes" ], 3622 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3623#include <sys/types.h> 3624#include <sys/socket.h> 3625#include <netinet/in.h> 3626 ]], [[ sa_family_t foo; foo = 1235; ]])], 3627 [ ac_cv_have_sa_family_t="yes" ], 3628 [ ac_cv_have_sa_family_t="no" ] 3629 ) 3630 ]) 3631]) 3632if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3633 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3634 [define if you have sa_family_t data type]) 3635fi 3636 3637AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3638 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3639 [[ pid_t foo; foo = 1235; ]])], 3640 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3641 ]) 3642]) 3643if test "x$ac_cv_have_pid_t" = "xyes" ; then 3644 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3645fi 3646 3647AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3649 [[ mode_t foo; foo = 1235; ]])], 3650 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3651 ]) 3652]) 3653if test "x$ac_cv_have_mode_t" = "xyes" ; then 3654 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3655fi 3656 3657 3658AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3659 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3660#include <sys/types.h> 3661#include <sys/socket.h> 3662 ]], [[ struct sockaddr_storage s; ]])], 3663 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3664 [ ac_cv_have_struct_sockaddr_storage="no" 3665 ]) 3666]) 3667if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3668 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3669 [define if you have struct sockaddr_storage data type]) 3670fi 3671 3672AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3673 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3674#include <sys/types.h> 3675#include <netinet/in.h> 3676 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3677 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3678 [ ac_cv_have_struct_sockaddr_in6="no" 3679 ]) 3680]) 3681if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3682 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3683 [define if you have struct sockaddr_in6 data type]) 3684fi 3685 3686AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3687 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3688#include <sys/types.h> 3689#include <netinet/in.h> 3690 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3691 [ ac_cv_have_struct_in6_addr="yes" ], 3692 [ ac_cv_have_struct_in6_addr="no" 3693 ]) 3694]) 3695if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3696 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3697 [define if you have struct in6_addr data type]) 3698 3699dnl Now check for sin6_scope_id 3700 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3701 [ 3702#ifdef HAVE_SYS_TYPES_H 3703#include <sys/types.h> 3704#endif 3705#include <netinet/in.h> 3706 ]) 3707fi 3708 3709AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3710 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3711#include <sys/types.h> 3712#include <sys/socket.h> 3713#include <netdb.h> 3714 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3715 [ ac_cv_have_struct_addrinfo="yes" ], 3716 [ ac_cv_have_struct_addrinfo="no" 3717 ]) 3718]) 3719if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3720 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3721 [define if you have struct addrinfo data type]) 3722fi 3723 3724AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3725 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3726 [[ struct timeval tv; tv.tv_sec = 1;]])], 3727 [ ac_cv_have_struct_timeval="yes" ], 3728 [ ac_cv_have_struct_timeval="no" 3729 ]) 3730]) 3731if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3732 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3733 have_struct_timeval=1 3734fi 3735 3736AC_CHECK_TYPES([struct timespec]) 3737 3738# We need int64_t or else certian parts of the compile will fail. 3739if test "x$ac_cv_have_int64_t" = "xno" && \ 3740 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3741 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3742 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3743 echo "an alternative compiler (I.E., GCC) before continuing." 3744 echo "" 3745 exit 1; 3746else 3747dnl test snprintf (broken on SCO w/gcc) 3748 AC_RUN_IFELSE( 3749 [AC_LANG_SOURCE([[ 3750#include <stdio.h> 3751#include <string.h> 3752#ifdef HAVE_SNPRINTF 3753main() 3754{ 3755 char buf[50]; 3756 char expected_out[50]; 3757 int mazsize = 50 ; 3758#if (SIZEOF_LONG_INT == 8) 3759 long int num = 0x7fffffffffffffff; 3760#else 3761 long long num = 0x7fffffffffffffffll; 3762#endif 3763 strcpy(expected_out, "9223372036854775807"); 3764 snprintf(buf, mazsize, "%lld", num); 3765 if(strcmp(buf, expected_out) != 0) 3766 exit(1); 3767 exit(0); 3768} 3769#else 3770main() { exit(0); } 3771#endif 3772 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3773 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3774 ) 3775fi 3776 3777dnl Checks for structure members 3778OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3779OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3780OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3781OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3782OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3783OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3784OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3785OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3786OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3787OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3788OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3789OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3790OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3791OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3792OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3793OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3794OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3795 3796AC_CHECK_MEMBERS([struct stat.st_blksize]) 3797AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3798struct passwd.pw_change, struct passwd.pw_expire], 3799[], [], [[ 3800#include <sys/types.h> 3801#include <pwd.h> 3802]]) 3803 3804AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3805 [Define if we don't have struct __res_state in resolv.h])], 3806[[ 3807#include <stdio.h> 3808#if HAVE_SYS_TYPES_H 3809# include <sys/types.h> 3810#endif 3811#include <netinet/in.h> 3812#include <arpa/nameser.h> 3813#include <resolv.h> 3814]]) 3815 3816AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3817 ac_cv_have_ss_family_in_struct_ss, [ 3818 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3819#include <sys/types.h> 3820#include <sys/socket.h> 3821 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3822 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3823 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3824]) 3825if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3826 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3827fi 3828 3829AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3830 ac_cv_have___ss_family_in_struct_ss, [ 3831 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3832#include <sys/types.h> 3833#include <sys/socket.h> 3834 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3835 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3836 [ ac_cv_have___ss_family_in_struct_ss="no" 3837 ]) 3838]) 3839if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3840 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3841 [Fields in struct sockaddr_storage]) 3842fi 3843 3844dnl make sure we're using the real structure members and not defines 3845AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3846 ac_cv_have_accrights_in_msghdr, [ 3847 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3848#include <sys/types.h> 3849#include <sys/socket.h> 3850#include <sys/uio.h> 3851 ]], [[ 3852#ifdef msg_accrights 3853#error "msg_accrights is a macro" 3854exit(1); 3855#endif 3856struct msghdr m; 3857m.msg_accrights = 0; 3858exit(0); 3859 ]])], 3860 [ ac_cv_have_accrights_in_msghdr="yes" ], 3861 [ ac_cv_have_accrights_in_msghdr="no" ] 3862 ) 3863]) 3864if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3865 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3866 [Define if your system uses access rights style 3867 file descriptor passing]) 3868fi 3869 3870AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3871AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3872#include <sys/param.h> 3873#include <sys/stat.h> 3874#ifdef HAVE_SYS_TIME_H 3875# include <sys/time.h> 3876#endif 3877#ifdef HAVE_SYS_MOUNT_H 3878#include <sys/mount.h> 3879#endif 3880#ifdef HAVE_SYS_STATVFS_H 3881#include <sys/statvfs.h> 3882#endif 3883 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3884 [ AC_MSG_RESULT([yes]) ], 3885 [ AC_MSG_RESULT([no]) 3886 3887 AC_MSG_CHECKING([if fsid_t has member val]) 3888 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3889#include <sys/types.h> 3890#include <sys/statvfs.h> 3891 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3892 [ AC_MSG_RESULT([yes]) 3893 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3894 [ AC_MSG_RESULT([no]) ]) 3895 3896 AC_MSG_CHECKING([if f_fsid has member __val]) 3897 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3898#include <sys/types.h> 3899#include <sys/statvfs.h> 3900 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3901 [ AC_MSG_RESULT([yes]) 3902 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3903 [ AC_MSG_RESULT([no]) ]) 3904]) 3905 3906AC_CACHE_CHECK([for msg_control field in struct msghdr], 3907 ac_cv_have_control_in_msghdr, [ 3908 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3909#include <sys/types.h> 3910#include <sys/socket.h> 3911#include <sys/uio.h> 3912 ]], [[ 3913#ifdef msg_control 3914#error "msg_control is a macro" 3915exit(1); 3916#endif 3917struct msghdr m; 3918m.msg_control = 0; 3919exit(0); 3920 ]])], 3921 [ ac_cv_have_control_in_msghdr="yes" ], 3922 [ ac_cv_have_control_in_msghdr="no" ] 3923 ) 3924]) 3925if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3926 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3927 [Define if your system uses ancillary data style 3928 file descriptor passing]) 3929fi 3930 3931AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3932 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3933 [[ extern char *__progname; printf("%s", __progname); ]])], 3934 [ ac_cv_libc_defines___progname="yes" ], 3935 [ ac_cv_libc_defines___progname="no" 3936 ]) 3937]) 3938if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3939 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3940fi 3941 3942AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3943 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3944 [[ printf("%s", __FUNCTION__); ]])], 3945 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3946 [ ac_cv_cc_implements___FUNCTION__="no" 3947 ]) 3948]) 3949if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 3950 AC_DEFINE([HAVE___FUNCTION__], [1], 3951 [Define if compiler implements __FUNCTION__]) 3952fi 3953 3954AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 3955 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3956 [[ printf("%s", __func__); ]])], 3957 [ ac_cv_cc_implements___func__="yes" ], 3958 [ ac_cv_cc_implements___func__="no" 3959 ]) 3960]) 3961if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 3962 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 3963fi 3964 3965AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 3966 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3967#include <stdarg.h> 3968va_list x,y; 3969 ]], [[ va_copy(x,y); ]])], 3970 [ ac_cv_have_va_copy="yes" ], 3971 [ ac_cv_have_va_copy="no" 3972 ]) 3973]) 3974if test "x$ac_cv_have_va_copy" = "xyes" ; then 3975 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 3976fi 3977 3978AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 3979 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3980#include <stdarg.h> 3981va_list x,y; 3982 ]], [[ __va_copy(x,y); ]])], 3983 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 3984 ]) 3985]) 3986if test "x$ac_cv_have___va_copy" = "xyes" ; then 3987 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 3988fi 3989 3990AC_CACHE_CHECK([whether getopt has optreset support], 3991 ac_cv_have_getopt_optreset, [ 3992 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 3993 [[ extern int optreset; optreset = 0; ]])], 3994 [ ac_cv_have_getopt_optreset="yes" ], 3995 [ ac_cv_have_getopt_optreset="no" 3996 ]) 3997]) 3998if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 3999 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4000 [Define if your getopt(3) defines and uses optreset]) 4001fi 4002 4003AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4004 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4005[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4006 [ ac_cv_libc_defines_sys_errlist="yes" ], 4007 [ ac_cv_libc_defines_sys_errlist="no" 4008 ]) 4009]) 4010if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4011 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4012 [Define if your system defines sys_errlist[]]) 4013fi 4014 4015 4016AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4017 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4018[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4019 [ ac_cv_libc_defines_sys_nerr="yes" ], 4020 [ ac_cv_libc_defines_sys_nerr="no" 4021 ]) 4022]) 4023if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4024 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4025fi 4026 4027# Check libraries needed by DNS fingerprint support 4028AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4029 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4030 [Define if getrrsetbyname() exists])], 4031 [ 4032 # Needed by our getrrsetbyname() 4033 AC_SEARCH_LIBS([res_query], [resolv]) 4034 AC_SEARCH_LIBS([dn_expand], [resolv]) 4035 AC_MSG_CHECKING([if res_query will link]) 4036 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4037#include <sys/types.h> 4038#include <netinet/in.h> 4039#include <arpa/nameser.h> 4040#include <netdb.h> 4041#include <resolv.h> 4042 ]], [[ 4043 res_query (0, 0, 0, 0, 0); 4044 ]])], 4045 AC_MSG_RESULT([yes]), 4046 [AC_MSG_RESULT([no]) 4047 saved_LIBS="$LIBS" 4048 LIBS="$LIBS -lresolv" 4049 AC_MSG_CHECKING([for res_query in -lresolv]) 4050 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4051#include <sys/types.h> 4052#include <netinet/in.h> 4053#include <arpa/nameser.h> 4054#include <netdb.h> 4055#include <resolv.h> 4056 ]], [[ 4057 res_query (0, 0, 0, 0, 0); 4058 ]])], 4059 [AC_MSG_RESULT([yes])], 4060 [LIBS="$saved_LIBS" 4061 AC_MSG_RESULT([no])]) 4062 ]) 4063 AC_CHECK_FUNCS([_getshort _getlong]) 4064 AC_CHECK_DECLS([_getshort, _getlong], , , 4065 [#include <sys/types.h> 4066 #include <arpa/nameser.h>]) 4067 AC_CHECK_MEMBER([HEADER.ad], 4068 [AC_DEFINE([HAVE_HEADER_AD], [1], 4069 [Define if HEADER.ad exists in arpa/nameser.h])], , 4070 [#include <arpa/nameser.h>]) 4071 ]) 4072 4073AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4074AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4075#include <stdio.h> 4076#if HAVE_SYS_TYPES_H 4077# include <sys/types.h> 4078#endif 4079#include <netinet/in.h> 4080#include <arpa/nameser.h> 4081#include <resolv.h> 4082extern struct __res_state _res; 4083 ]], [[ 4084struct __res_state *volatile p = &_res; /* force resolution of _res */ 4085return 0; 4086 ]],)], 4087 [AC_MSG_RESULT([yes]) 4088 AC_DEFINE([HAVE__RES_EXTERN], [1], 4089 [Define if you have struct __res_state _res as an extern]) 4090 ], 4091 [ AC_MSG_RESULT([no]) ] 4092) 4093 4094# Check whether user wants SELinux support 4095SELINUX_MSG="no" 4096LIBSELINUX="" 4097AC_ARG_WITH([selinux], 4098 [ --with-selinux Enable SELinux support], 4099 [ if test "x$withval" != "xno" ; then 4100 save_LIBS="$LIBS" 4101 AC_DEFINE([WITH_SELINUX], [1], 4102 [Define if you want SELinux support.]) 4103 SELINUX_MSG="yes" 4104 AC_CHECK_HEADER([selinux/selinux.h], , 4105 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4106 AC_CHECK_LIB([selinux], [setexeccon], 4107 [ LIBSELINUX="-lselinux" 4108 LIBS="$LIBS -lselinux" 4109 ], 4110 AC_MSG_ERROR([SELinux support requires libselinux library])) 4111 SSHLIBS="$SSHLIBS $LIBSELINUX" 4112 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4113 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4114 LIBS="$save_LIBS" 4115 fi ] 4116) 4117AC_SUBST([SSHLIBS]) 4118AC_SUBST([SSHDLIBS]) 4119 4120# Check whether user wants Kerberos 5 support 4121KRB5_MSG="no" 4122AC_ARG_WITH([kerberos5], 4123 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4124 [ if test "x$withval" != "xno" ; then 4125 if test "x$withval" = "xyes" ; then 4126 KRB5ROOT="/usr/local" 4127 else 4128 KRB5ROOT=${withval} 4129 fi 4130 4131 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4132 KRB5_MSG="yes" 4133 4134 AC_PATH_PROG([KRB5CONF], [krb5-config], 4135 [$KRB5ROOT/bin/krb5-config], 4136 [$KRB5ROOT/bin:$PATH]) 4137 if test -x $KRB5CONF ; then 4138 K5CFLAGS="`$KRB5CONF --cflags`" 4139 K5LIBS="`$KRB5CONF --libs`" 4140 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4141 4142 AC_MSG_CHECKING([for gssapi support]) 4143 if $KRB5CONF | grep gssapi >/dev/null ; then 4144 AC_MSG_RESULT([yes]) 4145 AC_DEFINE([GSSAPI], [1], 4146 [Define this if you want GSSAPI 4147 support in the version 2 protocol]) 4148 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4149 GSSLIBS="`$KRB5CONF --libs gssapi`" 4150 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4151 else 4152 AC_MSG_RESULT([no]) 4153 fi 4154 AC_MSG_CHECKING([whether we are using Heimdal]) 4155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4156 ]], [[ char *tmp = heimdal_version; ]])], 4157 [ AC_MSG_RESULT([yes]) 4158 AC_DEFINE([HEIMDAL], [1], 4159 [Define this if you are using the Heimdal 4160 version of Kerberos V5]) ], 4161 [AC_MSG_RESULT([no]) 4162 ]) 4163 else 4164 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4165 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4166 AC_MSG_CHECKING([whether we are using Heimdal]) 4167 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4168 ]], [[ char *tmp = heimdal_version; ]])], 4169 [ AC_MSG_RESULT([yes]) 4170 AC_DEFINE([HEIMDAL]) 4171 K5LIBS="-lkrb5" 4172 K5LIBS="$K5LIBS -lcom_err -lasn1" 4173 AC_CHECK_LIB([roken], [net_write], 4174 [K5LIBS="$K5LIBS -lroken"]) 4175 AC_CHECK_LIB([des], [des_cbc_encrypt], 4176 [K5LIBS="$K5LIBS -ldes"]) 4177 ], [ AC_MSG_RESULT([no]) 4178 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4179 4180 ]) 4181 AC_SEARCH_LIBS([dn_expand], [resolv]) 4182 4183 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4184 [ AC_DEFINE([GSSAPI]) 4185 GSSLIBS="-lgssapi_krb5" ], 4186 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4187 [ AC_DEFINE([GSSAPI]) 4188 GSSLIBS="-lgssapi" ], 4189 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4190 [ AC_DEFINE([GSSAPI]) 4191 GSSLIBS="-lgss" ], 4192 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4193 ]) 4194 ]) 4195 4196 AC_CHECK_HEADER([gssapi.h], , 4197 [ unset ac_cv_header_gssapi_h 4198 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4199 AC_CHECK_HEADERS([gssapi.h], , 4200 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4201 ) 4202 ] 4203 ) 4204 4205 oldCPP="$CPPFLAGS" 4206 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4207 AC_CHECK_HEADER([gssapi_krb5.h], , 4208 [ CPPFLAGS="$oldCPP" ]) 4209 4210 fi 4211 if test ! -z "$need_dash_r" ; then 4212 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4213 fi 4214 if test ! -z "$blibpath" ; then 4215 blibpath="$blibpath:${KRB5ROOT}/lib" 4216 fi 4217 4218 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4219 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4220 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4221 4222 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4223 [Define this if you want to use libkafs' AFS support])]) 4224 4225 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4226#ifdef HAVE_GSSAPI_H 4227# include <gssapi.h> 4228#elif defined(HAVE_GSSAPI_GSSAPI_H) 4229# include <gssapi/gssapi.h> 4230#endif 4231 4232#ifdef HAVE_GSSAPI_GENERIC_H 4233# include <gssapi_generic.h> 4234#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4235# include <gssapi/gssapi_generic.h> 4236#endif 4237 ]]) 4238 saved_LIBS="$LIBS" 4239 LIBS="$LIBS $K5LIBS" 4240 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4241 LIBS="$saved_LIBS" 4242 4243 fi 4244 ] 4245) 4246AC_SUBST([GSSLIBS]) 4247AC_SUBST([K5LIBS]) 4248 4249# Looking for programs, paths and files 4250 4251PRIVSEP_PATH=/var/empty 4252AC_ARG_WITH([privsep-path], 4253 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4254 [ 4255 if test -n "$withval" && test "x$withval" != "xno" && \ 4256 test "x${withval}" != "xyes"; then 4257 PRIVSEP_PATH=$withval 4258 fi 4259 ] 4260) 4261AC_SUBST([PRIVSEP_PATH]) 4262 4263AC_ARG_WITH([xauth], 4264 [ --with-xauth=PATH Specify path to xauth program ], 4265 [ 4266 if test -n "$withval" && test "x$withval" != "xno" && \ 4267 test "x${withval}" != "xyes"; then 4268 xauth_path=$withval 4269 fi 4270 ], 4271 [ 4272 TestPath="$PATH" 4273 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4274 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4275 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4276 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4277 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4278 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4279 xauth_path="/usr/openwin/bin/xauth" 4280 fi 4281 ] 4282) 4283 4284STRIP_OPT=-s 4285AC_ARG_ENABLE([strip], 4286 [ --disable-strip Disable calling strip(1) on install], 4287 [ 4288 if test "x$enableval" = "xno" ; then 4289 STRIP_OPT= 4290 fi 4291 ] 4292) 4293AC_SUBST([STRIP_OPT]) 4294 4295if test -z "$xauth_path" ; then 4296 XAUTH_PATH="undefined" 4297 AC_SUBST([XAUTH_PATH]) 4298else 4299 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4300 [Define if xauth is found in your path]) 4301 XAUTH_PATH=$xauth_path 4302 AC_SUBST([XAUTH_PATH]) 4303fi 4304 4305dnl # --with-maildir=/path/to/mail gets top priority. 4306dnl # if maildir is set in the platform case statement above we use that. 4307dnl # Otherwise we run a program to get the dir from system headers. 4308dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4309dnl # If we find _PATH_MAILDIR we do nothing because that is what 4310dnl # session.c expects anyway. Otherwise we set to the value found 4311dnl # stripping any trailing slash. If for some strage reason our program 4312dnl # does not find what it needs, we default to /var/spool/mail. 4313# Check for mail directory 4314AC_ARG_WITH([maildir], 4315 [ --with-maildir=/path/to/mail Specify your system mail directory], 4316 [ 4317 if test "X$withval" != X && test "x$withval" != xno && \ 4318 test "x${withval}" != xyes; then 4319 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4320 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4321 fi 4322 ],[ 4323 if test "X$maildir" != "X"; then 4324 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4325 else 4326 AC_MSG_CHECKING([Discovering system mail directory]) 4327 AC_RUN_IFELSE( 4328 [AC_LANG_PROGRAM([[ 4329#include <stdio.h> 4330#include <string.h> 4331#ifdef HAVE_PATHS_H 4332#include <paths.h> 4333#endif 4334#ifdef HAVE_MAILLOCK_H 4335#include <maillock.h> 4336#endif 4337#define DATA "conftest.maildir" 4338 ]], [[ 4339 FILE *fd; 4340 int rc; 4341 4342 fd = fopen(DATA,"w"); 4343 if(fd == NULL) 4344 exit(1); 4345 4346#if defined (_PATH_MAILDIR) 4347 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4348 exit(1); 4349#elif defined (MAILDIR) 4350 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4351 exit(1); 4352#elif defined (_PATH_MAIL) 4353 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4354 exit(1); 4355#else 4356 exit (2); 4357#endif 4358 4359 exit(0); 4360 ]])], 4361 [ 4362 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4363 maildir=`awk -F: '{print $2}' conftest.maildir \ 4364 | sed 's|/$||'` 4365 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4366 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4367 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4368 fi 4369 ], 4370 [ 4371 if test "X$ac_status" = "X2";then 4372# our test program didn't find it. Default to /var/spool/mail 4373 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4374 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4375 else 4376 AC_MSG_RESULT([*** not found ***]) 4377 fi 4378 ], 4379 [ 4380 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4381 ] 4382 ) 4383 fi 4384 ] 4385) # maildir 4386 4387if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4388 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4389 disable_ptmx_check=yes 4390fi 4391if test -z "$no_dev_ptmx" ; then 4392 if test "x$disable_ptmx_check" != "xyes" ; then 4393 AC_CHECK_FILE(["/dev/ptmx"], 4394 [ 4395 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4396 [Define if you have /dev/ptmx]) 4397 have_dev_ptmx=1 4398 ] 4399 ) 4400 fi 4401fi 4402 4403if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4404 AC_CHECK_FILE(["/dev/ptc"], 4405 [ 4406 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4407 [Define if you have /dev/ptc]) 4408 have_dev_ptc=1 4409 ] 4410 ) 4411else 4412 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4413fi 4414 4415# Options from here on. Some of these are preset by platform above 4416AC_ARG_WITH([mantype], 4417 [ --with-mantype=man|cat|doc Set man page type], 4418 [ 4419 case "$withval" in 4420 man|cat|doc) 4421 MANTYPE=$withval 4422 ;; 4423 *) 4424 AC_MSG_ERROR([invalid man type: $withval]) 4425 ;; 4426 esac 4427 ] 4428) 4429if test -z "$MANTYPE"; then 4430 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4431 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4432 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4433 MANTYPE=doc 4434 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4435 MANTYPE=man 4436 else 4437 MANTYPE=cat 4438 fi 4439fi 4440AC_SUBST([MANTYPE]) 4441if test "$MANTYPE" = "doc"; then 4442 mansubdir=man; 4443else 4444 mansubdir=$MANTYPE; 4445fi 4446AC_SUBST([mansubdir]) 4447 4448# Check whether to enable MD5 passwords 4449MD5_MSG="no" 4450AC_ARG_WITH([md5-passwords], 4451 [ --with-md5-passwords Enable use of MD5 passwords], 4452 [ 4453 if test "x$withval" != "xno" ; then 4454 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4455 [Define if you want to allow MD5 passwords]) 4456 MD5_MSG="yes" 4457 fi 4458 ] 4459) 4460 4461# Whether to disable shadow password support 4462AC_ARG_WITH([shadow], 4463 [ --without-shadow Disable shadow password support], 4464 [ 4465 if test "x$withval" = "xno" ; then 4466 AC_DEFINE([DISABLE_SHADOW]) 4467 disable_shadow=yes 4468 fi 4469 ] 4470) 4471 4472if test -z "$disable_shadow" ; then 4473 AC_MSG_CHECKING([if the systems has expire shadow information]) 4474 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4475#include <sys/types.h> 4476#include <shadow.h> 4477struct spwd sp; 4478 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4479 [ sp_expire_available=yes ], [ 4480 ]) 4481 4482 if test "x$sp_expire_available" = "xyes" ; then 4483 AC_MSG_RESULT([yes]) 4484 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4485 [Define if you want to use shadow password expire field]) 4486 else 4487 AC_MSG_RESULT([no]) 4488 fi 4489fi 4490 4491# Use ip address instead of hostname in $DISPLAY 4492if test ! -z "$IPADDR_IN_DISPLAY" ; then 4493 DISPLAY_HACK_MSG="yes" 4494 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4495 [Define if you need to use IP address 4496 instead of hostname in $DISPLAY]) 4497else 4498 DISPLAY_HACK_MSG="no" 4499 AC_ARG_WITH([ipaddr-display], 4500 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4501 [ 4502 if test "x$withval" != "xno" ; then 4503 AC_DEFINE([IPADDR_IN_DISPLAY]) 4504 DISPLAY_HACK_MSG="yes" 4505 fi 4506 ] 4507 ) 4508fi 4509 4510# check for /etc/default/login and use it if present. 4511AC_ARG_ENABLE([etc-default-login], 4512 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4513 [ if test "x$enableval" = "xno"; then 4514 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4515 etc_default_login=no 4516 else 4517 etc_default_login=yes 4518 fi ], 4519 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4520 then 4521 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4522 etc_default_login=no 4523 else 4524 etc_default_login=yes 4525 fi ] 4526) 4527 4528if test "x$etc_default_login" != "xno"; then 4529 AC_CHECK_FILE(["/etc/default/login"], 4530 [ external_path_file=/etc/default/login ]) 4531 if test "x$external_path_file" = "x/etc/default/login"; then 4532 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4533 [Define if your system has /etc/default/login]) 4534 fi 4535fi 4536 4537dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4538if test $ac_cv_func_login_getcapbool = "yes" && \ 4539 test $ac_cv_header_login_cap_h = "yes" ; then 4540 external_path_file=/etc/login.conf 4541fi 4542 4543# Whether to mess with the default path 4544SERVER_PATH_MSG="(default)" 4545AC_ARG_WITH([default-path], 4546 [ --with-default-path= Specify default $PATH environment for server], 4547 [ 4548 if test "x$external_path_file" = "x/etc/login.conf" ; then 4549 AC_MSG_WARN([ 4550--with-default-path=PATH has no effect on this system. 4551Edit /etc/login.conf instead.]) 4552 elif test "x$withval" != "xno" ; then 4553 if test ! -z "$external_path_file" ; then 4554 AC_MSG_WARN([ 4555--with-default-path=PATH will only be used if PATH is not defined in 4556$external_path_file .]) 4557 fi 4558 user_path="$withval" 4559 SERVER_PATH_MSG="$withval" 4560 fi 4561 ], 4562 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4563 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4564 else 4565 if test ! -z "$external_path_file" ; then 4566 AC_MSG_WARN([ 4567If PATH is defined in $external_path_file, ensure the path to scp is included, 4568otherwise scp will not work.]) 4569 fi 4570 AC_RUN_IFELSE( 4571 [AC_LANG_PROGRAM([[ 4572/* find out what STDPATH is */ 4573#include <stdio.h> 4574#ifdef HAVE_PATHS_H 4575# include <paths.h> 4576#endif 4577#ifndef _PATH_STDPATH 4578# ifdef _PATH_USERPATH /* Irix */ 4579# define _PATH_STDPATH _PATH_USERPATH 4580# else 4581# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4582# endif 4583#endif 4584#include <sys/types.h> 4585#include <sys/stat.h> 4586#include <fcntl.h> 4587#define DATA "conftest.stdpath" 4588 ]], [[ 4589 FILE *fd; 4590 int rc; 4591 4592 fd = fopen(DATA,"w"); 4593 if(fd == NULL) 4594 exit(1); 4595 4596 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4597 exit(1); 4598 4599 exit(0); 4600 ]])], 4601 [ user_path=`cat conftest.stdpath` ], 4602 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4603 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4604 ) 4605# make sure $bindir is in USER_PATH so scp will work 4606 t_bindir="${bindir}" 4607 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4608 t_bindir=`eval echo ${t_bindir}` 4609 case $t_bindir in 4610 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4611 esac 4612 case $t_bindir in 4613 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4614 esac 4615 done 4616 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4617 if test $? -ne 0 ; then 4618 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4619 if test $? -ne 0 ; then 4620 user_path=$user_path:$t_bindir 4621 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4622 fi 4623 fi 4624 fi ] 4625) 4626if test "x$external_path_file" != "x/etc/login.conf" ; then 4627 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4628 AC_SUBST([user_path]) 4629fi 4630 4631# Set superuser path separately to user path 4632AC_ARG_WITH([superuser-path], 4633 [ --with-superuser-path= Specify different path for super-user], 4634 [ 4635 if test -n "$withval" && test "x$withval" != "xno" && \ 4636 test "x${withval}" != "xyes"; then 4637 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4638 [Define if you want a different $PATH 4639 for the superuser]) 4640 superuser_path=$withval 4641 fi 4642 ] 4643) 4644 4645 4646AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4647IPV4_IN6_HACK_MSG="no" 4648AC_ARG_WITH(4in6, 4649 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4650 [ 4651 if test "x$withval" != "xno" ; then 4652 AC_MSG_RESULT([yes]) 4653 AC_DEFINE([IPV4_IN_IPV6], [1], 4654 [Detect IPv4 in IPv6 mapped addresses 4655 and treat as IPv4]) 4656 IPV4_IN6_HACK_MSG="yes" 4657 else 4658 AC_MSG_RESULT([no]) 4659 fi 4660 ], [ 4661 if test "x$inet6_default_4in6" = "xyes"; then 4662 AC_MSG_RESULT([yes (default)]) 4663 AC_DEFINE([IPV4_IN_IPV6]) 4664 IPV4_IN6_HACK_MSG="yes" 4665 else 4666 AC_MSG_RESULT([no (default)]) 4667 fi 4668 ] 4669) 4670 4671# Whether to enable BSD auth support 4672BSD_AUTH_MSG=no 4673AC_ARG_WITH([bsd-auth], 4674 [ --with-bsd-auth Enable BSD auth support], 4675 [ 4676 if test "x$withval" != "xno" ; then 4677 AC_DEFINE([BSD_AUTH], [1], 4678 [Define if you have BSD auth support]) 4679 BSD_AUTH_MSG=yes 4680 fi 4681 ] 4682) 4683 4684# Where to place sshd.pid 4685piddir=/var/run 4686# make sure the directory exists 4687if test ! -d $piddir ; then 4688 piddir=`eval echo ${sysconfdir}` 4689 case $piddir in 4690 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4691 esac 4692fi 4693 4694AC_ARG_WITH([pid-dir], 4695 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4696 [ 4697 if test -n "$withval" && test "x$withval" != "xno" && \ 4698 test "x${withval}" != "xyes"; then 4699 piddir=$withval 4700 if test ! -d $piddir ; then 4701 AC_MSG_WARN([** no $piddir directory on this system **]) 4702 fi 4703 fi 4704 ] 4705) 4706 4707AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4708 [Specify location of ssh.pid]) 4709AC_SUBST([piddir]) 4710 4711dnl allow user to disable some login recording features 4712AC_ARG_ENABLE([lastlog], 4713 [ --disable-lastlog disable use of lastlog even if detected [no]], 4714 [ 4715 if test "x$enableval" = "xno" ; then 4716 AC_DEFINE([DISABLE_LASTLOG]) 4717 fi 4718 ] 4719) 4720AC_ARG_ENABLE([utmp], 4721 [ --disable-utmp disable use of utmp even if detected [no]], 4722 [ 4723 if test "x$enableval" = "xno" ; then 4724 AC_DEFINE([DISABLE_UTMP]) 4725 fi 4726 ] 4727) 4728AC_ARG_ENABLE([utmpx], 4729 [ --disable-utmpx disable use of utmpx even if detected [no]], 4730 [ 4731 if test "x$enableval" = "xno" ; then 4732 AC_DEFINE([DISABLE_UTMPX], [1], 4733 [Define if you don't want to use utmpx]) 4734 fi 4735 ] 4736) 4737AC_ARG_ENABLE([wtmp], 4738 [ --disable-wtmp disable use of wtmp even if detected [no]], 4739 [ 4740 if test "x$enableval" = "xno" ; then 4741 AC_DEFINE([DISABLE_WTMP]) 4742 fi 4743 ] 4744) 4745AC_ARG_ENABLE([wtmpx], 4746 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4747 [ 4748 if test "x$enableval" = "xno" ; then 4749 AC_DEFINE([DISABLE_WTMPX], [1], 4750 [Define if you don't want to use wtmpx]) 4751 fi 4752 ] 4753) 4754AC_ARG_ENABLE([libutil], 4755 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4756 [ 4757 if test "x$enableval" = "xno" ; then 4758 AC_DEFINE([DISABLE_LOGIN]) 4759 fi 4760 ] 4761) 4762AC_ARG_ENABLE([pututline], 4763 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4764 [ 4765 if test "x$enableval" = "xno" ; then 4766 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4767 [Define if you don't want to use pututline() 4768 etc. to write [uw]tmp]) 4769 fi 4770 ] 4771) 4772AC_ARG_ENABLE([pututxline], 4773 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4774 [ 4775 if test "x$enableval" = "xno" ; then 4776 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4777 [Define if you don't want to use pututxline() 4778 etc. to write [uw]tmpx]) 4779 fi 4780 ] 4781) 4782AC_ARG_WITH([lastlog], 4783 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4784 [ 4785 if test "x$withval" = "xno" ; then 4786 AC_DEFINE([DISABLE_LASTLOG]) 4787 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4788 conf_lastlog_location=$withval 4789 fi 4790 ] 4791) 4792 4793dnl lastlog, [uw]tmpx? detection 4794dnl NOTE: set the paths in the platform section to avoid the 4795dnl need for command-line parameters 4796dnl lastlog and [uw]tmp are subject to a file search if all else fails 4797 4798dnl lastlog detection 4799dnl NOTE: the code itself will detect if lastlog is a directory 4800AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4801AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4802#include <sys/types.h> 4803#include <utmp.h> 4804#ifdef HAVE_LASTLOG_H 4805# include <lastlog.h> 4806#endif 4807#ifdef HAVE_PATHS_H 4808# include <paths.h> 4809#endif 4810#ifdef HAVE_LOGIN_H 4811# include <login.h> 4812#endif 4813 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4814 [ AC_MSG_RESULT([yes]) ], 4815 [ 4816 AC_MSG_RESULT([no]) 4817 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4818 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4819#include <sys/types.h> 4820#include <utmp.h> 4821#ifdef HAVE_LASTLOG_H 4822# include <lastlog.h> 4823#endif 4824#ifdef HAVE_PATHS_H 4825# include <paths.h> 4826#endif 4827 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4828 [ AC_MSG_RESULT([yes]) ], 4829 [ 4830 AC_MSG_RESULT([no]) 4831 system_lastlog_path=no 4832 ]) 4833]) 4834 4835if test -z "$conf_lastlog_location"; then 4836 if test x"$system_lastlog_path" = x"no" ; then 4837 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4838 if (test -d "$f" || test -f "$f") ; then 4839 conf_lastlog_location=$f 4840 fi 4841 done 4842 if test -z "$conf_lastlog_location"; then 4843 AC_MSG_WARN([** Cannot find lastlog **]) 4844 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4845 fi 4846 fi 4847fi 4848 4849if test -n "$conf_lastlog_location"; then 4850 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4851 [Define if you want to specify the path to your lastlog file]) 4852fi 4853 4854dnl utmp detection 4855AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4856AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4857#include <sys/types.h> 4858#include <utmp.h> 4859#ifdef HAVE_PATHS_H 4860# include <paths.h> 4861#endif 4862 ]], [[ char *utmp = UTMP_FILE; ]])], 4863 [ AC_MSG_RESULT([yes]) ], 4864 [ AC_MSG_RESULT([no]) 4865 system_utmp_path=no 4866]) 4867if test -z "$conf_utmp_location"; then 4868 if test x"$system_utmp_path" = x"no" ; then 4869 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4870 if test -f $f ; then 4871 conf_utmp_location=$f 4872 fi 4873 done 4874 if test -z "$conf_utmp_location"; then 4875 AC_DEFINE([DISABLE_UTMP]) 4876 fi 4877 fi 4878fi 4879if test -n "$conf_utmp_location"; then 4880 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4881 [Define if you want to specify the path to your utmp file]) 4882fi 4883 4884dnl wtmp detection 4885AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4886AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4887#include <sys/types.h> 4888#include <utmp.h> 4889#ifdef HAVE_PATHS_H 4890# include <paths.h> 4891#endif 4892 ]], [[ char *wtmp = WTMP_FILE; ]])], 4893 [ AC_MSG_RESULT([yes]) ], 4894 [ AC_MSG_RESULT([no]) 4895 system_wtmp_path=no 4896]) 4897if test -z "$conf_wtmp_location"; then 4898 if test x"$system_wtmp_path" = x"no" ; then 4899 for f in /usr/adm/wtmp /var/log/wtmp; do 4900 if test -f $f ; then 4901 conf_wtmp_location=$f 4902 fi 4903 done 4904 if test -z "$conf_wtmp_location"; then 4905 AC_DEFINE([DISABLE_WTMP]) 4906 fi 4907 fi 4908fi 4909if test -n "$conf_wtmp_location"; then 4910 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4911 [Define if you want to specify the path to your wtmp file]) 4912fi 4913 4914dnl wtmpx detection 4915AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4916AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4917#include <sys/types.h> 4918#include <utmp.h> 4919#ifdef HAVE_UTMPX_H 4920#include <utmpx.h> 4921#endif 4922#ifdef HAVE_PATHS_H 4923# include <paths.h> 4924#endif 4925 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4926 [ AC_MSG_RESULT([yes]) ], 4927 [ AC_MSG_RESULT([no]) 4928 system_wtmpx_path=no 4929]) 4930if test -z "$conf_wtmpx_location"; then 4931 if test x"$system_wtmpx_path" = x"no" ; then 4932 AC_DEFINE([DISABLE_WTMPX]) 4933 fi 4934else 4935 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4936 [Define if you want to specify the path to your wtmpx file]) 4937fi 4938 4939 4940if test ! -z "$blibpath" ; then 4941 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4942 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4943fi 4944 4945AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4946 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4947 AC_DEFINE([DISABLE_LASTLOG]) 4948 fi 4949 ], [ 4950#ifdef HAVE_SYS_TYPES_H 4951#include <sys/types.h> 4952#endif 4953#ifdef HAVE_UTMP_H 4954#include <utmp.h> 4955#endif 4956#ifdef HAVE_UTMPX_H 4957#include <utmpx.h> 4958#endif 4959#ifdef HAVE_LASTLOG_H 4960#include <lastlog.h> 4961#endif 4962 ]) 4963 4964AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 4965 AC_DEFINE([DISABLE_UTMP]) 4966 AC_DEFINE([DISABLE_WTMP]) 4967 ], [ 4968#ifdef HAVE_SYS_TYPES_H 4969#include <sys/types.h> 4970#endif 4971#ifdef HAVE_UTMP_H 4972#include <utmp.h> 4973#endif 4974#ifdef HAVE_UTMPX_H 4975#include <utmpx.h> 4976#endif 4977#ifdef HAVE_LASTLOG_H 4978#include <lastlog.h> 4979#endif 4980 ]) 4981 4982dnl Adding -Werror to CFLAGS early prevents configure tests from running. 4983dnl Add now. 4984CFLAGS="$CFLAGS $werror_flags" 4985 4986if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 4987 TEST_SSH_IPV6=no 4988else 4989 TEST_SSH_IPV6=yes 4990fi 4991AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 4992AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 4993AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 4994AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 4995 4996AC_EXEEXT 4997AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 4998 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 4999 survey.sh]) 5000AC_OUTPUT 5001 5002# Print summary of options 5003 5004# Someone please show me a better way :) 5005A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5006B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5007C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5008D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5009E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5010F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5011G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5012H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5013I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5014J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5015 5016echo "" 5017echo "OpenSSH has been configured with the following options:" 5018echo " User binaries: $B" 5019echo " System binaries: $C" 5020echo " Configuration files: $D" 5021echo " Askpass program: $E" 5022echo " Manual pages: $F" 5023echo " PID file: $G" 5024echo " Privilege separation chroot path: $H" 5025if test "x$external_path_file" = "x/etc/login.conf" ; then 5026echo " At runtime, sshd will use the path defined in $external_path_file" 5027echo " Make sure the path to scp is present, otherwise scp will not work" 5028else 5029echo " sshd default user PATH: $I" 5030 if test ! -z "$external_path_file"; then 5031echo " (If PATH is set in $external_path_file it will be used instead. If" 5032echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5033 fi 5034fi 5035if test ! -z "$superuser_path" ; then 5036echo " sshd superuser user PATH: $J" 5037fi 5038echo " Manpage format: $MANTYPE" 5039echo " PAM support: $PAM_MSG" 5040echo " OSF SIA support: $SIA_MSG" 5041echo " KerberosV support: $KRB5_MSG" 5042echo " SELinux support: $SELINUX_MSG" 5043echo " Smartcard support: $SCARD_MSG" 5044echo " S/KEY support: $SKEY_MSG" 5045echo " TCP Wrappers support: $TCPW_MSG" 5046echo " MD5 password support: $MD5_MSG" 5047echo " libedit support: $LIBEDIT_MSG" 5048echo " Solaris process contract support: $SPC_MSG" 5049echo " Solaris project support: $SP_MSG" 5050echo " Solaris privilege support: $SPP_MSG" 5051echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5052echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5053echo " BSD Auth support: $BSD_AUTH_MSG" 5054echo " Random number source: $RAND_MSG" 5055echo " Privsep sandbox style: $SANDBOX_STYLE" 5056 5057echo "" 5058 5059echo " Host: ${host}" 5060echo " Compiler: ${CC}" 5061echo " Compiler flags: ${CFLAGS}" 5062echo "Preprocessor flags: ${CPPFLAGS}" 5063echo " Linker flags: ${LDFLAGS}" 5064echo " Libraries: ${LIBS}" 5065if test ! -z "${SSHDLIBS}"; then 5066echo " +for sshd: ${SSHDLIBS}" 5067fi 5068if test ! -z "${SSHLIBS}"; then 5069echo " +for ssh: ${SSHLIBS}" 5070fi 5071 5072echo "" 5073 5074if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5075 echo "SVR4 style packages are supported with \"make package\"" 5076 echo "" 5077fi 5078 5079if test "x$PAM_MSG" = "xyes" ; then 5080 echo "PAM is enabled. You may need to install a PAM control file " 5081 echo "for sshd, otherwise password authentication may fail. " 5082 echo "Example PAM control files can be found in the contrib/ " 5083 echo "subdirectory" 5084 echo "" 5085fi 5086 5087if test ! -z "$NO_PEERCHECK" ; then 5088 echo "WARNING: the operating system that you are using does not" 5089 echo "appear to support getpeereid(), getpeerucred() or the" 5090 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5091 echo "enforce security checks to prevent unauthorised connections to" 5092 echo "ssh-agent. Their absence increases the risk that a malicious" 5093 echo "user can connect to your agent." 5094 echo "" 5095fi 5096 5097if test "$AUDIT_MODULE" = "bsm" ; then 5098 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5099 echo "See the Solaris section in README.platform for details." 5100fi 5101